diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml index 815e7d5556..3059e209c1 100644 --- a/.azure-pipelines/azure-pipelines.yml +++ b/.azure-pipelines/azure-pipelines.yml @@ -29,14 +29,14 @@ schedules: always: true branches: include: - - stable-8 - - stable-7 + - stable-10 + - stable-9 - cron: 0 11 * * 0 displayName: Weekly (old stable branches) always: true branches: include: - - stable-6 + - stable-8 variables: - name: checkoutPath @@ -53,7 +53,7 @@ variables: resources: containers: - container: default - image: quay.io/ansible/azure-pipelines-test-container:4.0.1 + image: quay.io/ansible/azure-pipelines-test-container:6.0.0 pool: Standard @@ -73,6 +73,32 @@ stages: - test: 3 - test: 4 - test: extra + - stage: Sanity_2_18 + displayName: Sanity 2.18 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + nameFormat: Test {0} + testFormat: 2.18/sanity/{0} + targets: + - test: 1 + - test: 2 + - test: 3 + - test: 4 + - stage: Sanity_2_17 + displayName: Sanity 2.17 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + nameFormat: Test {0} + testFormat: 2.17/sanity/{0} + targets: + - test: 1 + - test: 2 + - test: 3 + - test: 4 - stage: Sanity_2_16 displayName: Sanity 2.16 dependsOn: [] @@ -86,32 +112,6 @@ stages: - test: 2 - test: 3 - test: 4 - - stage: Sanity_2_15 - displayName: Sanity 2.15 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Test {0} - testFormat: 2.15/sanity/{0} - targets: - - test: 1 - - test: 2 - - test: 3 - - test: 4 - - stage: Sanity_2_14 - displayName: Sanity 2.14 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Test {0} - testFormat: 2.14/sanity/{0} - targets: - - test: 1 - - test: 2 - - test: 3 - - test: 4 ### Units - stage: Units_devel displayName: Units devel @@ -122,12 +122,34 @@ stages: nameFormat: Python {0} testFormat: devel/units/{0}/1 targets: - - test: 3.7 - test: 3.8 - test: 3.9 - test: '3.10' - test: '3.11' - test: '3.12' + - test: '3.13' + - stage: Units_2_18 + displayName: Units 2.18 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + nameFormat: Python {0} + testFormat: 2.18/units/{0}/1 + targets: + - test: 3.8 + - test: "3.13" + - stage: Units_2_17 + displayName: Units 2.17 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + nameFormat: Python {0} + testFormat: 2.17/units/{0}/1 + targets: + - test: 3.7 + - test: "3.12" - stage: Units_2_16 displayName: Units 2.16 dependsOn: [] @@ -140,27 +162,6 @@ stages: - test: 2.7 - test: 3.6 - test: "3.11" - - stage: Units_2_15 - displayName: Units 2.15 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Python {0} - testFormat: 2.15/units/{0}/1 - targets: - - test: 3.5 - - test: "3.10" - - stage: Units_2_14 - displayName: Units 2.14 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Python {0} - testFormat: 2.14/units/{0}/1 - targets: - - test: 3.9 ## Remote - stage: Remote_devel_extra_vms @@ -171,12 +172,14 @@ stages: parameters: testFormat: devel/{0} targets: - - name: Alpine 3.18 - test: alpine/3.18 - # - name: Fedora 39 - # test: fedora/39 + - name: Alpine 3.21 + test: alpine/3.21 + # - name: Fedora 41 + # test: fedora/41 - name: Ubuntu 22.04 test: ubuntu/22.04 + - name: Ubuntu 24.04 + test: ubuntu/24.04 groups: - vm - stage: Remote_devel @@ -189,10 +192,46 @@ stages: targets: - name: macOS 14.3 test: macos/14.3 + - name: RHEL 9.5 + test: rhel/9.5 + - name: FreeBSD 14.2 + test: freebsd/14.2 + - name: FreeBSD 13.4 + test: freebsd/13.4 + groups: + - 1 + - 2 + - 3 + - stage: Remote_2_18 + displayName: Remote 2.18 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + testFormat: 2.18/{0} + targets: + - name: RHEL 9.4 + test: rhel/9.4 + - name: FreeBSD 14.1 + test: freebsd/14.1 + groups: + - 1 + - 2 + - 3 + - stage: Remote_2_17 + displayName: Remote 2.17 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + testFormat: 2.17/{0} + targets: + - name: FreeBSD 13.3 + test: freebsd/13.3 - name: RHEL 9.3 test: rhel/9.3 - - name: FreeBSD 13.2 - test: freebsd/13.2 + - name: FreeBSD 14.0 + test: freebsd/14.0 groups: - 1 - 2 @@ -211,48 +250,10 @@ stages: test: rhel/9.2 - name: RHEL 8.8 test: rhel/8.8 - #- name: FreeBSD 13.2 - # test: freebsd/13.2 - groups: - - 1 - - 2 - - 3 - - stage: Remote_2_15 - displayName: Remote 2.15 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - testFormat: 2.15/{0} - targets: - - name: RHEL 9.1 - test: rhel/9.1 - - name: RHEL 8.7 - test: rhel/8.7 - name: RHEL 7.9 test: rhel/7.9 - # - name: FreeBSD 13.1 - # test: freebsd/13.1 - # - name: FreeBSD 12.4 - # test: freebsd/12.4 - groups: - - 1 - - 2 - - 3 - - stage: Remote_2_14 - displayName: Remote 2.14 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - testFormat: 2.14/{0} - targets: - #- name: macOS 12.0 - # test: macos/12.0 - - name: RHEL 9.0 - test: rhel/9.0 - #- name: FreeBSD 12.4 - # test: freebsd/12.4 + # - name: FreeBSD 13.2 + # test: freebsd/13.2 groups: - 1 - 2 @@ -267,14 +268,50 @@ stages: parameters: testFormat: devel/linux/{0} targets: - - name: Fedora 39 - test: fedora39 - - name: Ubuntu 20.04 - test: ubuntu2004 + - name: Fedora 41 + test: fedora41 + - name: Alpine 3.21 + test: alpine321 - name: Ubuntu 22.04 test: ubuntu2204 - - name: Alpine 3 - test: alpine3 + - name: Ubuntu 24.04 + test: ubuntu2404 + groups: + - 1 + - 2 + - 3 + - stage: Docker_2_18 + displayName: Docker 2.18 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + testFormat: 2.18/linux/{0} + targets: + - name: Fedora 40 + test: fedora40 + - name: Alpine 3.20 + test: alpine320 + - name: Ubuntu 24.04 + test: ubuntu2404 + groups: + - 1 + - 2 + - 3 + - stage: Docker_2_17 + displayName: Docker 2.17 + dependsOn: [] + jobs: + - template: templates/matrix.yml + parameters: + testFormat: 2.17/linux/{0} + targets: + - name: Fedora 39 + test: fedora39 + - name: Alpine 3.19 + test: alpine319 + - name: Ubuntu 20.04 + test: ubuntu2004 groups: - 1 - 2 @@ -291,36 +328,10 @@ stages: test: fedora38 - name: openSUSE 15 test: opensuse15 - groups: - - 1 - - 2 - - 3 - - stage: Docker_2_15 - displayName: Docker 2.15 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - testFormat: 2.15/linux/{0} - targets: - - name: Fedora 37 - test: fedora37 - - name: CentOS 7 - test: centos7 - groups: - - 1 - - 2 - - 3 - - stage: Docker_2_14 - displayName: Docker 2.14 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - testFormat: 2.14/linux/{0} - targets: - name: Alpine 3 test: alpine3 + - name: CentOS 7 + test: centos7 groups: - 1 - 2 @@ -340,82 +351,86 @@ stages: - name: Debian Bookworm test: debian-bookworm/3.11 - name: ArchLinux - test: archlinux/3.11 + test: archlinux/3.13 groups: - 1 - 2 - 3 ### Generic - - stage: Generic_devel - displayName: Generic devel - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Python {0} - testFormat: devel/generic/{0}/1 - targets: - - test: '3.7' - - test: '3.12' - - stage: Generic_2_16 - displayName: Generic 2.16 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Python {0} - testFormat: 2.16/generic/{0}/1 - targets: - - test: '2.7' - - test: '3.6' - - test: '3.11' - - stage: Generic_2_15 - displayName: Generic 2.15 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Python {0} - testFormat: 2.15/generic/{0}/1 - targets: - - test: '3.9' - - stage: Generic_2_14 - displayName: Generic 2.14 - dependsOn: [] - jobs: - - template: templates/matrix.yml - parameters: - nameFormat: Python {0} - testFormat: 2.14/generic/{0}/1 - targets: - - test: '3.10' +# Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled. +# - stage: Generic_devel +# displayName: Generic devel +# dependsOn: [] +# jobs: +# - template: templates/matrix.yml +# parameters: +# nameFormat: Python {0} +# testFormat: devel/generic/{0}/1 +# targets: +# - test: '3.8' +# - test: '3.11' +# - test: '3.13' +# - stage: Generic_2_18 +# displayName: Generic 2.18 +# dependsOn: [] +# jobs: +# - template: templates/matrix.yml +# parameters: +# nameFormat: Python {0} +# testFormat: 2.18/generic/{0}/1 +# targets: +# - test: '3.8' +# - test: '3.13' +# - stage: Generic_2_17 +# displayName: Generic 2.17 +# dependsOn: [] +# jobs: +# - template: templates/matrix.yml +# parameters: +# nameFormat: Python {0} +# testFormat: 2.17/generic/{0}/1 +# targets: +# - test: '3.7' +# - test: '3.12' +# - stage: Generic_2_16 +# displayName: Generic 2.16 +# dependsOn: [] +# jobs: +# - template: templates/matrix.yml +# parameters: +# nameFormat: Python {0} +# testFormat: 2.16/generic/{0}/1 +# targets: +# - test: '2.7' +# - test: '3.6' +# - test: '3.11' - stage: Summary condition: succeededOrFailed() dependsOn: - Sanity_devel + - Sanity_2_18 + - Sanity_2_17 - Sanity_2_16 - - Sanity_2_15 - - Sanity_2_14 - Units_devel + - Units_2_18 + - Units_2_17 - Units_2_16 - - Units_2_15 - - Units_2_14 - Remote_devel_extra_vms - Remote_devel + - Remote_2_18 + - Remote_2_17 - Remote_2_16 - - Remote_2_15 - - Remote_2_14 - Docker_devel + - Docker_2_18 + - Docker_2_17 - Docker_2_16 - - Docker_2_15 - - Docker_2_14 - Docker_community_devel # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled. # - Generic_devel +# - Generic_2_18 +# - Generic_2_17 # - Generic_2_16 -# - Generic_2_15 -# - Generic_2_14 jobs: - template: templates/coverage.yml diff --git a/.github/BOTMETA.yml b/.github/BOTMETA.yml index 7e95f323b2..bfc1ca4da9 100644 --- a/.github/BOTMETA.yml +++ b/.github/BOTMETA.yml @@ -33,6 +33,8 @@ files: maintainers: $team_ansible_core $becomes/pmrun.py: maintainers: $team_ansible_core + $becomes/run0.py: + maintainers: konstruktoid $becomes/sesu.py: maintainers: nekonyuu $becomes/sudosu.py: @@ -59,7 +61,6 @@ files: $callbacks/elastic.py: keywords: apm observability maintainers: v1v - $callbacks/hipchat.py: {} $callbacks/jabber.py: {} $callbacks/log_plays.py: {} $callbacks/loganalytics.py: @@ -89,6 +90,8 @@ files: maintainers: ryancurrah $callbacks/syslog_json.py: maintainers: imjoseangel + $callbacks/timestamp.py: + maintainers: kurokobo $callbacks/unixy.py: labels: unixy maintainers: akatch @@ -117,6 +120,10 @@ files: maintainers: $team_ansible_core $doc_fragments/: labels: docs_fragments + $doc_fragments/clc.py: + maintainers: clc-runner russoz + $doc_fragments/django.py: + maintainers: russoz $doc_fragments/hpe3par.py: labels: hpe3par maintainers: farhan7500 gautamphegde @@ -125,9 +132,13 @@ files: maintainers: $team_huawei $doc_fragments/nomad.py: maintainers: chris93111 apecnascimento + $doc_fragments/pipx.py: + maintainers: russoz $doc_fragments/xenserver.py: labels: xenserver maintainers: bvitnik + $filters/accumulate.py: + maintainers: VannTen $filters/counter.py: maintainers: keilr $filters/crc32.py: @@ -151,6 +162,8 @@ files: $filters/jc.py: maintainers: kellyjonbrazil $filters/json_query.py: {} + $filters/keep_keys.py: + maintainers: vbotka $filters/lists.py: maintainers: cfiehe $filters/lists_difference.yml: @@ -164,6 +177,12 @@ files: $filters/lists_union.yml: maintainers: cfiehe $filters/random_mac.py: {} + $filters/remove_keys.py: + maintainers: vbotka + $filters/replace_keys.py: + maintainers: vbotka + $filters/reveal_ansible_type.py: + maintainers: vbotka $filters/time.py: maintainers: resmo $filters/to_days.yml: @@ -196,6 +215,8 @@ files: maintainers: opoplawski $inventories/gitlab_runners.py: maintainers: morph027 + $inventories/iocage.py: + maintainers: vbotka $inventories/icinga2.py: maintainers: BongoEADGC6 $inventories/linode.py: @@ -292,10 +313,18 @@ files: maintainers: delineaKrehl tylerezimmerman $module_utils/: labels: module_utils + $module_utils/android_sdkmanager.py: + maintainers: shamilovstas $module_utils/btrfs.py: maintainers: gnfzdz + $module_utils/cmd_runner_fmt.py: + maintainers: russoz + $module_utils/cmd_runner.py: + maintainers: russoz $module_utils/deps.py: maintainers: russoz + $module_utils/django.py: + maintainers: russoz $module_utils/gconftool2.py: labels: gconftool2 maintainers: russoz @@ -339,6 +368,8 @@ files: $module_utils/pipx.py: labels: pipx maintainers: russoz + $module_utils/python_runner.py: + maintainers: russoz $module_utils/puppet.py: labels: puppet maintainers: russoz @@ -395,6 +426,8 @@ files: ignore: DavidWittman jiuka labels: alternatives maintainers: mulby + $modules/android_sdk.py: + maintainers: shamilovstas $modules/ansible_galaxy_install.py: maintainers: russoz $modules/apache2_mod_proxy.py: @@ -425,9 +458,11 @@ files: $modules/bearychat.py: maintainers: tonyseek $modules/bigpanda.py: - maintainers: hkariti + ignore: hkariti $modules/bitbucket_: maintainers: catcombo + $modules/bootc_manage.py: + maintainers: cooktheryan $modules/bower.py: maintainers: mwarkentin $modules/btrfs_: @@ -481,6 +516,8 @@ files: ignore: skornehl $modules/dconf.py: maintainers: azaghal + $modules/decompress.py: + maintainers: shamilovstas $modules/deploy_helper.py: maintainers: ramondelafuente $modules/dimensiondata_network.py: @@ -490,6 +527,12 @@ files: maintainers: tintoy $modules/discord.py: maintainers: cwollinger + $modules/django_check.py: + maintainers: russoz + $modules/django_command.py: + maintainers: russoz + $modules/django_createcachetable.py: + maintainers: russoz $modules/django_manage.py: ignore: scottanderson42 tastychutney labels: django_manage @@ -532,8 +575,6 @@ files: maintainers: $team_flatpak $modules/flatpak_remote.py: maintainers: $team_flatpak - $modules/flowdock.py: - ignore: mcodd $modules/gandi_livedns.py: maintainers: gthiemonge $modules/gconftool2.py: @@ -622,6 +663,11 @@ files: labels: homebrew_ macos maintainers: $team_macos notify: chris-short + $modules/homebrew_services.py: + ignore: ryansb + keywords: brew cask services darwin homebrew macosx macports osx + labels: homebrew_ macos + maintainers: $team_macos kitizz $modules/homectl.py: maintainers: jameslivulpi $modules/honeybadger_deployment.py: @@ -681,6 +727,8 @@ files: $modules/ipa_: maintainers: $team_ipa ignore: fxfitz + $modules/ipa_getkeytab.py: + maintainers: abakanovskii $modules/ipa_dnsrecord.py: maintainers: $team_ipa jwbernin $modules/ipbase_info.py: @@ -726,6 +774,8 @@ files: maintainers: sermilrod $modules/jenkins_job_info.py: maintainers: stpierre + $modules/jenkins_node.py: + maintainers: phyrwork $modules/jenkins_plugin.py: maintainers: jtyr $modules/jenkins_script.py: @@ -764,6 +814,8 @@ files: maintainers: fynncfchen johncant $modules/keycloak_clientsecret_regenerate.py: maintainers: fynncfchen johncant + $modules/keycloak_component.py: + maintainers: fivetide $modules/keycloak_group.py: maintainers: adamgoossens $modules/keycloak_identity_provider.py: @@ -780,8 +832,12 @@ files: maintainers: elfelip $modules/keycloak_user_federation.py: maintainers: laurpaum + $modules/keycloak_userprofile.py: + maintainers: yeoldegrove $modules/keycloak_component_info.py: maintainers: desand01 + $modules/keycloak_client_rolescope.py: + maintainers: desand01 $modules/keycloak_user_rolemapping.py: maintainers: bratwurzt $modules/keycloak_realm_rolemapping.py: @@ -792,6 +848,8 @@ files: maintainers: ahussey-redhat $modules/kibana_plugin.py: maintainers: barryib + $modules/krb_ticket.py: + maintainers: abakanovskii $modules/launchd.py: maintainers: martinm82 $modules/layman.py: @@ -802,6 +860,8 @@ files: maintainers: drybjed jtyr noles $modules/ldap_entry.py: maintainers: jtyr + $modules/ldap_inc.py: + maintainers: pduveau $modules/ldap_passwd.py: maintainers: KellerFuchs jtyr $modules/ldap_search.py: @@ -943,6 +1003,8 @@ files: maintainers: $team_opennebula $modules/one_host.py: maintainers: rvalle + $modules/one_vnet.py: + maintainers: abakanovskii $modules/oneandone_: maintainers: aajdinov edevenport $modules/onepassword_info.py: @@ -1071,6 +1133,8 @@ files: $modules/proxmox_kvm.py: ignore: skvidal maintainers: helldorado krauthosting + $modules/proxmox_backup.py: + maintainers: IamLunchbox $modules/proxmox_nic.py: maintainers: Kogelvis krauthosting $modules/proxmox_node_info.py: @@ -1096,46 +1160,6 @@ files: $modules/python_requirements_info.py: ignore: ryansb maintainers: willthames - $modules/rax: - ignore: ryansb sivel - $modules/rax.py: - maintainers: omgjlk sivel - $modules/rax_cbs.py: - maintainers: claco - $modules/rax_cbs_attachments.py: - maintainers: claco - $modules/rax_cdb.py: - maintainers: jails - $modules/rax_cdb_database.py: - maintainers: jails - $modules/rax_cdb_user.py: - maintainers: jails - $modules/rax_clb.py: - maintainers: claco - $modules/rax_clb_nodes.py: - maintainers: neuroid - $modules/rax_clb_ssl.py: - maintainers: smashwilson - $modules/rax_files.py: - maintainers: angstwad - $modules/rax_files_objects.py: - maintainers: angstwad - $modules/rax_identity.py: - maintainers: claco - $modules/rax_mon_alarm.py: - maintainers: smashwilson - $modules/rax_mon_check.py: - maintainers: smashwilson - $modules/rax_mon_entity.py: - maintainers: smashwilson - $modules/rax_mon_notification.py: - maintainers: smashwilson - $modules/rax_mon_notification_plan.py: - maintainers: smashwilson - $modules/rax_network.py: - maintainers: claco omgjlk - $modules/rax_queue.py: - maintainers: claco $modules/read_csv.py: maintainers: dagwieers $modules/redfish_: @@ -1160,12 +1184,6 @@ files: keywords: kvm libvirt proxmox qemu labels: rhevm virt maintainers: $team_virt TimothyVandenbrande - $modules/rhn_channel.py: - labels: rhn_channel - maintainers: vincentvdk alikins $team_rhn - $modules/rhn_register.py: - labels: rhn_register - maintainers: jlaska $team_rhn $modules/rhsm_release.py: maintainers: seandst $team_rhsm $modules/rhsm_repository.py: @@ -1300,8 +1318,6 @@ files: maintainers: farhan7500 gautamphegde $modules/ssh_config.py: maintainers: gaqzi Akasurde - $modules/stackdriver.py: - maintainers: bwhaley $modules/stacki_host.py: labels: stacki_host maintainers: bsanders bbyhuy @@ -1331,6 +1347,10 @@ files: maintainers: precurse $modules/sysrc.py: maintainers: dlundgren + $modules/systemd_creds_decrypt.py: + maintainers: konstruktoid + $modules/systemd_creds_encrypt.py: + maintainers: konstruktoid $modules/sysupgrade.py: maintainers: precurse $modules/taiga_issue.py: @@ -1362,16 +1382,19 @@ files: keywords: sophos utm maintainers: $team_e_spirit $modules/utm_ca_host_key_cert.py: - maintainers: stearz + ignore: stearz + maintainers: $team_e_spirit $modules/utm_ca_host_key_cert_info.py: - maintainers: stearz + ignore: stearz + maintainers: $team_e_spirit $modules/utm_network_interface_address.py: maintainers: steamx $modules/utm_network_interface_address_info.py: maintainers: steamx $modules/utm_proxy_auth_profile.py: keywords: sophos utm - maintainers: $team_e_spirit stearz + ignore: stearz + maintainers: $team_e_spirit $modules/utm_proxy_exception.py: keywords: sophos utm maintainers: $team_e_spirit RickS-C137 @@ -1394,8 +1417,6 @@ files: maintainers: $team_wdc $modules/wdc_redfish_info.py: maintainers: $team_wdc - $modules/webfaction_: - maintainers: quentinsf $modules/xattr.py: labels: xattr maintainers: bcoca @@ -1447,8 +1468,19 @@ files: ignore: matze labels: zypper maintainers: $team_suse + $plugin_utils/ansible_type.py: + maintainers: vbotka + $modules/zypper_repository_info.py: + labels: zypper + maintainers: $team_suse TobiasZeuch181 + $plugin_utils/keys_filter.py: + maintainers: vbotka + $plugin_utils/unsafe.py: + maintainers: felixfontein $tests/a_module.py: maintainers: felixfontein + $tests/ansible_type.py: + maintainers: vbotka $tests/fqdn_valid.py: maintainers: vbotka ######################### @@ -1462,6 +1494,14 @@ files: maintainers: felixfontein docs/docsite/rst/filter_guide_abstract_informations_lists_helper.rst: maintainers: cfiehe + docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst: + maintainers: vbotka + docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst: + maintainers: vbotka + docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst: + maintainers: vbotka + docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries.rst: + maintainers: vbotka docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst: maintainers: vbotka docs/docsite/rst/filter_guide_conversions.rst: @@ -1478,12 +1518,20 @@ files: maintainers: ericzolf docs/docsite/rst/guide_alicloud.rst: maintainers: xiaozhu36 + docs/docsite/rst/guide_cmdrunner.rst: + maintainers: russoz + docs/docsite/rst/guide_deps.rst: + maintainers: russoz + docs/docsite/rst/guide_modulehelper.rst: + maintainers: russoz docs/docsite/rst/guide_online.rst: maintainers: remyleone docs/docsite/rst/guide_packet.rst: maintainers: baldwinSPC nurfet-becirevic t0mk teebes docs/docsite/rst/guide_scaleway.rst: maintainers: $team_scaleway + docs/docsite/rst/guide_vardict.rst: + maintainers: russoz docs/docsite/rst/test_guide.rst: maintainers: felixfontein ######################### @@ -1503,7 +1551,6 @@ macros: becomes: plugins/become caches: plugins/cache callbacks: plugins/callback - cliconfs: plugins/cliconf connections: plugins/connection doc_fragments: plugins/doc_fragments filters: plugins/filter @@ -1511,12 +1558,12 @@ macros: lookups: plugins/lookup module_utils: plugins/module_utils modules: plugins/modules - terminals: plugins/terminal + plugin_utils: plugins/plugin_utils tests: plugins/test team_ansible_core: team_aix: MorrisA bcoca d-little flynn1973 gforster kairoaraujo marvin-sinister mator molekuul ramooncamacho wtcross team_bsd: JoergFiedler MacLemon bcoca dch jasperla mekanix opoplawski overhacked tuxillo - team_consul: sgargan apollo13 + team_consul: sgargan apollo13 Ilgmi team_cyberark_conjur: jvanderhoof ryanprior team_e_spirit: MatrixCrawler getjack team_flatpak: JayKayy oolongbrothers @@ -1525,7 +1572,7 @@ macros: team_huawei: QijunPan TommyLike edisonxiang freesky-edward hwDCN niuzhenguo xuxiaowei0512 yanzhangi zengchen1024 zhongjun2 team_ipa: Akasurde Nosmoht justchris1 team_jboss: Wolfant jairojunior wbrefvem - team_keycloak: eikef ndclt mattock + team_keycloak: eikef ndclt mattock thomasbach-dev team_linode: InTheCloudDan decentral1se displague rmcintosh Charliekenney23 LBGarber team_macos: Akasurde kyleabenson martinm82 danieljaouen indrajitr team_manageiq: abellotti cben gtanzillo yaacov zgalor dkorn evertmulder @@ -1534,10 +1581,9 @@ macros: team_oracle: manojmeda mross22 nalsaber team_purestorage: bannaych dnix101 genegr lionmax opslounge raekins sdodsley sile16 team_redfish: mraineri tomasg2012 xmadsen renxulei rajeevkallur bhavya06 jyundt - team_rhn: FlossWare alikins barnabycourt vritant team_rhsm: cnsnyder ptoscano team_scaleway: remyleone abarbare team_solaris: bcoca fishman jasperla jpdasma mator scathatheworm troy2914 xen0l - team_suse: commel evrardjp lrupp toabctl AnderEnder alxgu andytom sealor + team_suse: commel evrardjp lrupp AnderEnder alxgu andytom sealor team_virt: joshainglis karmab Thulium-Drake Ajpantuso team_wdc: mikemoerk diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml index bc9daaa43e..ca06791a38 100644 --- a/.github/workflows/ansible-test.yml +++ b/.github/workflows/ansible-test.yml @@ -29,7 +29,7 @@ jobs: strategy: matrix: ansible: - - '2.13' + - '2.15' # Ansible-test on various stable branches does not yet work well with cgroups v2. # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04 # image for these stable branches. The list of branches where this is necessary will @@ -41,6 +41,7 @@ jobs: uses: felixfontein/ansible-test-gh-action@main with: ansible-core-version: stable-${{ matrix.ansible }} + codecov-token: ${{ secrets.CODECOV_TOKEN }} coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} pull-request-change-detection: 'true' testing-type: sanity @@ -64,14 +65,12 @@ jobs: exclude: - ansible: '' include: - - ansible: '2.13' + - ansible: '2.15' python: '2.7' - - ansible: '2.13' - python: '3.8' - - ansible: '2.13' - python: '2.7' - - ansible: '2.13' - python: '3.8' + - ansible: '2.15' + python: '3.5' + - ansible: '2.15' + python: '3.10' steps: - name: >- @@ -80,6 +79,7 @@ jobs: uses: felixfontein/ansible-test-gh-action@main with: ansible-core-version: stable-${{ matrix.ansible }} + codecov-token: ${{ secrets.CODECOV_TOKEN }} coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} pre-test-cmd: >- mkdir -p ../../ansible @@ -111,41 +111,29 @@ jobs: exclude: - ansible: '' include: - # 2.13 - - ansible: '2.13' - docker: fedora35 + # 2.15 + - ansible: '2.15' + docker: alpine3 python: '' target: azp/posix/1/ - - ansible: '2.13' - docker: fedora35 + - ansible: '2.15' + docker: alpine3 python: '' target: azp/posix/2/ - - ansible: '2.13' - docker: fedora35 + - ansible: '2.15' + docker: alpine3 python: '' target: azp/posix/3/ - - ansible: '2.13' - docker: opensuse15py2 + - ansible: '2.15' + docker: fedora37 python: '' target: azp/posix/1/ - - ansible: '2.13' - docker: opensuse15py2 + - ansible: '2.15' + docker: fedora37 python: '' target: azp/posix/2/ - - ansible: '2.13' - docker: opensuse15py2 - python: '' - target: azp/posix/3/ - - ansible: '2.13' - docker: alpine3 - python: '' - target: azp/posix/1/ - - ansible: '2.13' - docker: alpine3 - python: '' - target: azp/posix/2/ - - ansible: '2.13' - docker: alpine3 + - ansible: '2.15' + docker: fedora37 python: '' target: azp/posix/3/ # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled. @@ -153,6 +141,14 @@ jobs: # docker: default # python: '3.9' # target: azp/generic/1/ + # - ansible: '2.14' + # docker: default + # python: '3.10' + # target: azp/generic/1/ + # - ansible: '2.15' + # docker: default + # python: '3.9' + # target: azp/generic/1/ steps: - name: >- @@ -162,6 +158,7 @@ jobs: uses: felixfontein/ansible-test-gh-action@main with: ansible-core-version: stable-${{ matrix.ansible }} + codecov-token: ${{ secrets.CODECOV_TOKEN }} coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }} docker-image: ${{ matrix.docker }} integration-continue-on-error: 'false' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c93162a72a..e8572fafb6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,6 +25,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 031e94cb7a..3c5e986e57 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -7,10 +7,14 @@ name: Verify REUSE on: push: - branches: [main] - pull_request_target: + branches: + - main + - stable-* + pull_request: types: [opened, synchronize, reopened] - branches: [main] + branches: + - main + - stable-* # Run CI once per day (at 07:30 UTC) schedule: - cron: '30 7 * * *' @@ -24,7 +28,8 @@ jobs: steps: - uses: actions/checkout@v4 with: + persist-credentials: false ref: ${{ github.event.pull_request.head.sha || '' }} - name: REUSE Compliance Check - uses: fsfe/reuse-action@v3 + uses: fsfe/reuse-action@v5 diff --git a/.gitignore b/.gitignore index b7868a9e41..cf1f74e41c 100644 --- a/.gitignore +++ b/.gitignore @@ -512,3 +512,7 @@ $RECYCLE.BIN/ # Integration tests cloud configs tests/integration/cloud-config-*.ini + + +# VSCode specific extensions +.vscode/settings.json diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 199e90c5b1..55a7098cc2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -31,7 +31,9 @@ Also, consider taking up a valuable, reviewed, but abandoned pull request which * Try committing your changes with an informative but short commit message. * Do not squash your commits and force-push to your branch if not needed. Reviews of your pull request are much easier with individual commits to comprehend the pull request history. All commits of your pull request branch will be squashed into one commit by GitHub upon merge. * Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the repository checkout. -* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/development_process.html#creating-changelog-fragments). (You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) ) +* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/collection_development_process.html#creating-a-changelog-fragment). + * You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. (If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) ) + * Please always include a link to the pull request itself, and if the PR is about an issue, also a link to the issue. Also make sure the fragment ends with a period, and begins with a lower-case letter after `-`. (Again, if you don't do this, we'll add suggestions to fix it, so don't worry too much :) ) * Avoid reformatting unrelated parts of the codebase in your PR. These types of changes will likely be requested for reversion, create additional work for reviewers, and may cause approval to be delayed. You can also read [our Quick-start development guide](https://github.com/ansible/community-docs/blob/main/create_pr_quick_start_guide.rst). @@ -54,6 +56,8 @@ cd ~/dev/ansible_collections/community/general Then you can run `ansible-test` (which is a part of [ansible-core](https://pypi.org/project/ansible-core/)) inside the checkout. The following example commands expect that you have installed Docker or Podman. Note that Podman has only been supported by more recent ansible-core releases. If you are using Docker, the following will work with Ansible 2.9+. +### Sanity tests + The following commands show how to run sanity tests: ```.bash @@ -64,6 +68,8 @@ ansible-test sanity --docker -v ansible-test sanity --docker -v plugins/modules/system/pids.py tests/integration/targets/pids/ ``` +### Unit tests + The following commands show how to run unit tests: ```.bash @@ -77,13 +83,32 @@ ansible-test units --docker -v --python 3.8 ansible-test units --docker -v --python 3.8 tests/unit/plugins/modules/net_tools/test_nmcli.py ``` +### Integration tests + The following commands show how to run integration tests: -```.bash -# Run integration tests for the interfaces_files module in a Docker container using the -# fedora35 operating system image (the supported images depend on your ansible-core version): -ansible-test integration --docker fedora35 -v interfaces_file +#### In Docker +Integration tests on Docker have the following parameters: +- `image_name` (required): The name of the Docker image. To get the list of supported Docker images, run + `ansible-test integration --help` and look for _target docker images_. +- `test_name` (optional): The name of the integration test. + For modules, this equals the short name of the module; for example, `pacman` in case of `community.general.pacman`. + For plugins, the plugin type is added before the plugin's short name, for example `callback_yaml` for the `community.general.yaml` callback. +```.bash +# Test all plugins/modules on fedora40 +ansible-test integration -v --docker fedora40 + +# Template +ansible-test integration -v --docker image_name test_name + +# Example community.general.ini_file module on fedora40 Docker image: +ansible-test integration -v --docker fedora40 ini_file +``` + +#### Without isolation + +```.bash # Run integration tests for the flattened lookup **without any isolation**: ansible-test integration -v lookup_flattened ``` diff --git a/README.md b/README.md index 96b3c952db..a0dc2db38b 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,11 @@ SPDX-License-Identifier: GPL-3.0-or-later # Community General Collection +[![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/ansible/devel/collections/community/general/) [![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/community.general/_build?definitionId=31) -[![EOL CI](https://github.com/ansible-collections/community.general/workflows/EOL%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.general/actions) +[![EOL CI](https://github.com/ansible-collections/community.general/actions/workflows/ansible-test.yml/badge.svg?branch=main)](https://github.com/ansible-collections/community.general/actions) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general) +[![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.general)](https://api.reuse.software/info/github.com/ansible-collections/community.general) This repository contains the `community.general` Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections. @@ -22,9 +24,21 @@ We follow [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/comm If you encounter abusive behavior violating the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html), please refer to the [policy violations](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#policy-violations) section of the Code of Conduct for information on how to raise a complaint. +## Communication + +* Join the Ansible forum: + * [Get Help](https://forum.ansible.com/c/help/6): get help or help others. This is for questions about modules or plugins in the collection. Please add appropriate tags if you start new discussions. + * [Tag `community-general`](https://forum.ansible.com/tag/community-general): discuss the *collection itself*, instead of specific modules or plugins. + * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts. + * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events. + +* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes. + +For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html). + ## Tested with Ansible -Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16 releases and the current development version of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases. +Tested with the current ansible-core 2.15, ansible-core 2.16, ansible-core 2.17, ansible-core 2.18 releases and the current development version of ansible-core. Ansible-core versions before 2.15.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases. ## External requirements @@ -97,18 +111,6 @@ It is necessary for maintainers of this collection to be subscribed to: They also should be subscribed to Ansible's [The Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn). -## Communication - -We announce important development changes and releases through Ansible's [The Bullhorn newsletter](https://eepurl.com/gZmiEP). If you are a collection developer, be sure you are subscribed. - -Join us in the `#ansible` (general use questions and support), `#ansible-community` (community and collection development questions), and other [IRC channels](https://docs.ansible.com/ansible/devel/community/communication.html#irc-channels) on [Libera.chat](https://libera.chat). - -We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us. - -For more information about communities, meetings and agendas see [Community Wiki](https://github.com/ansible/community/wiki/Community). - -For more information about communication, refer to Ansible's the [Communication guide](https://docs.ansible.com/ansible/devel/community/communication.html). - ## Publishing New Version See the [Releasing guidelines](https://github.com/ansible/community-docs/blob/main/releasing_collections.rst) to learn how to release this collection. diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 02bd8e7803..ab0a7be6fd 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -1,2 +1,3 @@ -ancestor: 8.0.0 +--- +ancestor: 10.0.0 releases: {} diff --git a/changelogs/config.yaml b/changelogs/config.yaml index 23afe36d29..32ffe27f2b 100644 --- a/changelogs/config.yaml +++ b/changelogs/config.yaml @@ -18,20 +18,25 @@ output_formats: prelude_section_name: release_summary prelude_section_title: Release Summary sections: -- - major_changes - - Major Changes -- - minor_changes - - Minor Changes -- - breaking_changes - - Breaking Changes / Porting Guide -- - deprecated_features - - Deprecated Features -- - removed_features - - Removed Features (previously deprecated) -- - security_fixes - - Security Fixes -- - bugfixes - - Bugfixes -- - known_issues - - Known Issues + - - major_changes + - Major Changes + - - minor_changes + - Minor Changes + - - breaking_changes + - Breaking Changes / Porting Guide + - - deprecated_features + - Deprecated Features + - - removed_features + - Removed Features (previously deprecated) + - - security_fixes + - Security Fixes + - - bugfixes + - Bugfixes + - - known_issues + - Known Issues title: Community General +trivial_section_name: trivial +use_fqcn: true +add_plugin_period: true +changelog_nice_yaml: true +changelog_sort: version diff --git a/changelogs/fragments/000-redhat_subscription-dbus-on-7.4-plus.yaml b/changelogs/fragments/000-redhat_subscription-dbus-on-7.4-plus.yaml deleted file mode 100644 index 64390308d7..0000000000 --- a/changelogs/fragments/000-redhat_subscription-dbus-on-7.4-plus.yaml +++ /dev/null @@ -1,6 +0,0 @@ -bugfixes: - - | - redhat_subscription - use the D-Bus registration on RHEL 7 only on 7.4 and - greater; older versions of RHEL 7 do not have it - (https://github.com/ansible-collections/community.general/issues/7622, - https://github.com/ansible-collections/community.general/pull/7624). diff --git a/changelogs/fragments/5588-support-1password-connect.yml b/changelogs/fragments/5588-support-1password-connect.yml deleted file mode 100644 index bec2300d3f..0000000000 --- a/changelogs/fragments/5588-support-1password-connect.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: - - onepassword lookup plugin - support 1Password Connect with the opv2 client by setting the connect_host and connect_token parameters (https://github.com/ansible-collections/community.general/pull/7116). - - onepassword_raw lookup plugin - support 1Password Connect with the opv2 client by setting the connect_host and connect_token parameters (https://github.com/ansible-collections/community.general/pull/7116) diff --git a/changelogs/fragments/5932-launchd-plist.yml b/changelogs/fragments/5932-launchd-plist.yml new file mode 100644 index 0000000000..bf2530841a --- /dev/null +++ b/changelogs/fragments/5932-launchd-plist.yml @@ -0,0 +1,2 @@ +minor_changes: + - launchd - add ``plist`` option for services such as sshd, where the plist filename doesn't match the service name (https://github.com/ansible-collections/community.general/pull/9102). diff --git a/changelogs/fragments/6572-nmcli-add-support-loopback-type.yml b/changelogs/fragments/6572-nmcli-add-support-loopback-type.yml deleted file mode 100644 index 4382851d68..0000000000 --- a/changelogs/fragments/6572-nmcli-add-support-loopback-type.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - nmcli - add support for new connection type ``loopback`` (https://github.com/ansible-collections/community.general/issues/6572). diff --git a/changelogs/fragments/7143-proxmox-template.yml b/changelogs/fragments/7143-proxmox-template.yml deleted file mode 100644 index 89d44594d3..0000000000 --- a/changelogs/fragments/7143-proxmox-template.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: - - proxmox - adds ``template`` value to the ``state`` parameter, allowing conversion of container to a template (https://github.com/ansible-collections/community.general/pull/7143). - - proxmox_kvm - adds ``template`` value to the ``state`` parameter, allowing conversion of a VM to a template (https://github.com/ansible-collections/community.general/pull/7143). diff --git a/changelogs/fragments/7151-fix-keycloak_authz_permission-incorrect-resource-payload.yml b/changelogs/fragments/7151-fix-keycloak_authz_permission-incorrect-resource-payload.yml deleted file mode 100644 index 2fa50a47ee..0000000000 --- a/changelogs/fragments/7151-fix-keycloak_authz_permission-incorrect-resource-payload.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - keycloak_authz_permission - resource payload variable for scope-based permission was constructed as a string, when it needs to be a list, even for a single item (https://github.com/ansible-collections/community.general/issues/7151). diff --git a/changelogs/fragments/7242-multi-values-for-same-name-in-git-config.yml b/changelogs/fragments/7242-multi-values-for-same-name-in-git-config.yml deleted file mode 100644 index be3dfdcac9..0000000000 --- a/changelogs/fragments/7242-multi-values-for-same-name-in-git-config.yml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: - - "git_config - allow multiple git configs for the same name with the new ``add_mode`` option (https://github.com/ansible-collections/community.general/pull/7260)." - - "git_config - the ``after`` and ``before`` fields in the ``diff`` of the return value can be a list instead of a string in case more configs with the same key are affected (https://github.com/ansible-collections/community.general/pull/7260)." - - "git_config - when a value is unset, all configs with the same key are unset (https://github.com/ansible-collections/community.general/pull/7260)." diff --git a/changelogs/fragments/7389-nmcli-issue-with-creating-a-wifi-bridge-slave.yml b/changelogs/fragments/7389-nmcli-issue-with-creating-a-wifi-bridge-slave.yml deleted file mode 100644 index f5f07dc230..0000000000 --- a/changelogs/fragments/7389-nmcli-issue-with-creating-a-wifi-bridge-slave.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - nmcli - fix ``connection.slave-type`` wired to ``bond`` and not with parameter ``slave_type`` in case of connection type ``wifi`` (https://github.com/ansible-collections/community.general/issues/7389). \ No newline at end of file diff --git a/changelogs/fragments/7199-gitlab-runner-new-creation-workflow.yml b/changelogs/fragments/7402-proxmox-template-support-server-side-artifact-fetching.yaml similarity index 52% rename from changelogs/fragments/7199-gitlab-runner-new-creation-workflow.yml rename to changelogs/fragments/7402-proxmox-template-support-server-side-artifact-fetching.yaml index d4c5f96f9d..4a5fefdc96 100644 --- a/changelogs/fragments/7199-gitlab-runner-new-creation-workflow.yml +++ b/changelogs/fragments/7402-proxmox-template-support-server-side-artifact-fetching.yaml @@ -1,2 +1,2 @@ minor_changes: - - gitlab_runner - add support for new runner creation workflow (https://github.com/ansible-collections/community.general/pull/7199). + - proxmox_template - add server side artifact fetching support (https://github.com/ansible-collections/community.general/pull/9113). \ No newline at end of file diff --git a/changelogs/fragments/7418-kc_identity_provider-mapper-reconfiguration-fixes.yml b/changelogs/fragments/7418-kc_identity_provider-mapper-reconfiguration-fixes.yml deleted file mode 100644 index 30f3673499..0000000000 --- a/changelogs/fragments/7418-kc_identity_provider-mapper-reconfiguration-fixes.yml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: - - keycloak_identity_provider - it was not possible to reconfigure (add, remove) ``mappers`` once they were created initially. Removal was ignored, adding new ones resulted in dropping the pre-existing unmodified mappers. Fix resolves the issue by supplying correct input to the internal update call (https://github.com/ansible-collections/community.general/pull/7418). - - keycloak_identity_provider - ``mappers`` processing was not idempotent if the mappers configuration list had not been sorted by name (in ascending order). Fix resolves the issue by sorting mappers in the desired state using the same key which is used for obtaining existing state (https://github.com/ansible-collections/community.general/pull/7418). \ No newline at end of file diff --git a/changelogs/fragments/7426-add-timestamp-and-preserve-options-for-passwordstore.yaml b/changelogs/fragments/7426-add-timestamp-and-preserve-options-for-passwordstore.yaml deleted file mode 100644 index 59e22b450f..0000000000 --- a/changelogs/fragments/7426-add-timestamp-and-preserve-options-for-passwordstore.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - passwordstore - adds ``timestamp`` and ``preserve`` parameters to modify the stored password format (https://github.com/ansible-collections/community.general/pull/7426). \ No newline at end of file diff --git a/changelogs/fragments/7456-add-ssh-control-master.yml b/changelogs/fragments/7456-add-ssh-control-master.yml deleted file mode 100644 index de6399e2bd..0000000000 --- a/changelogs/fragments/7456-add-ssh-control-master.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ssh_config - adds ``controlmaster``, ``controlpath`` and ``controlpersist`` parameters (https://github.com/ansible-collections/community.general/pull/7456). diff --git a/changelogs/fragments/7461-proxmox-inventory-add-exclude-nodes.yaml b/changelogs/fragments/7461-proxmox-inventory-add-exclude-nodes.yaml deleted file mode 100644 index 40391342f7..0000000000 --- a/changelogs/fragments/7461-proxmox-inventory-add-exclude-nodes.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - proxmox inventory plugin - adds an option to exclude nodes from the dynamic inventory generation. The new setting is optional, not using this option will behave as usual (https://github.com/ansible-collections/community.general/issues/6714, https://github.com/ansible-collections/community.general/pull/7461). diff --git a/changelogs/fragments/7462-Add-ostype-parameter-in-LXC-container-clone-of-ProxmoxVE.yaml b/changelogs/fragments/7462-Add-ostype-parameter-in-LXC-container-clone-of-ProxmoxVE.yaml deleted file mode 100644 index 20a9b1d144..0000000000 --- a/changelogs/fragments/7462-Add-ostype-parameter-in-LXC-container-clone-of-ProxmoxVE.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - proxmox_ostype - it is now possible to specify the ``ostype`` when creating an LXC container (https://github.com/ansible-collections/community.general/pull/7462). diff --git a/changelogs/fragments/7464-fix-vm-removal-in-proxmox_pool_member.yml b/changelogs/fragments/7464-fix-vm-removal-in-proxmox_pool_member.yml deleted file mode 100644 index b42abc88c0..0000000000 --- a/changelogs/fragments/7464-fix-vm-removal-in-proxmox_pool_member.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - proxmox_pool_member - absent state for type VM did not delete VMs from the pools (https://github.com/ansible-collections/community.general/pull/7464). diff --git a/changelogs/fragments/7465-redfish-firmware-update-message-id-hardening.yml b/changelogs/fragments/7465-redfish-firmware-update-message-id-hardening.yml deleted file mode 100644 index 01a98c2225..0000000000 --- a/changelogs/fragments/7465-redfish-firmware-update-message-id-hardening.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - redfish_command - fix usage of message parsing in ``SimpleUpdate`` and ``MultipartHTTPPushUpdate`` commands to treat the lack of a ``MessageId`` as no message (https://github.com/ansible-collections/community.general/issues/7465, https://github.com/ansible-collections/community.general/pull/7471). diff --git a/changelogs/fragments/7467-fix-gitlab-constants-calls.yml b/changelogs/fragments/7467-fix-gitlab-constants-calls.yml deleted file mode 100644 index 77466f75e6..0000000000 --- a/changelogs/fragments/7467-fix-gitlab-constants-calls.yml +++ /dev/null @@ -1,5 +0,0 @@ -bugfixes: - - gitlab_group_members - fix gitlab constants call in ``gitlab_group_members`` module (https://github.com/ansible-collections/community.general/issues/7467). - - gitlab_project_members - fix gitlab constants call in ``gitlab_project_members`` module (https://github.com/ansible-collections/community.general/issues/7467). - - gitlab_protected_branches - fix gitlab constants call in ``gitlab_protected_branches`` module (https://github.com/ansible-collections/community.general/issues/7467). - - gitlab_user - fix gitlab constants call in ``gitlab_user`` module (https://github.com/ansible-collections/community.general/issues/7467). diff --git a/changelogs/fragments/7472-gitlab-add-ca-path-option.yml b/changelogs/fragments/7472-gitlab-add-ca-path-option.yml deleted file mode 100644 index 48c041ea31..0000000000 --- a/changelogs/fragments/7472-gitlab-add-ca-path-option.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - gitlab modules - add ``ca_path`` option (https://github.com/ansible-collections/community.general/pull/7472). diff --git a/changelogs/fragments/7485-proxmox_vm_info-config.yml b/changelogs/fragments/7485-proxmox_vm_info-config.yml deleted file mode 100644 index ca2fd3dc57..0000000000 --- a/changelogs/fragments/7485-proxmox_vm_info-config.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - proxmox_vm_info - add ability to retrieve configuration info (https://github.com/ansible-collections/community.general/pull/7485). diff --git a/changelogs/fragments/7486-gitlab-refactor-package-check.yml b/changelogs/fragments/7486-gitlab-refactor-package-check.yml deleted file mode 100644 index 25b52ac45c..0000000000 --- a/changelogs/fragments/7486-gitlab-refactor-package-check.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - gitlab modules - remove duplicate ``gitlab`` package check (https://github.com/ansible-collections/community.general/pull/7486). diff --git a/changelogs/fragments/7489-netcup-dns-record-types.yml b/changelogs/fragments/7489-netcup-dns-record-types.yml deleted file mode 100644 index b065a4d239..0000000000 --- a/changelogs/fragments/7489-netcup-dns-record-types.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - netcup_dns - adds support for record types ``OPENPGPKEY``, ``SMIMEA``, and ``SSHFP`` (https://github.com/ansible-collections/community.general/pull/7489). \ No newline at end of file diff --git a/changelogs/fragments/7495-proxmox_disk-manipulate-cdrom.yml b/changelogs/fragments/7495-proxmox_disk-manipulate-cdrom.yml deleted file mode 100644 index f3a5b27609..0000000000 --- a/changelogs/fragments/7495-proxmox_disk-manipulate-cdrom.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - proxmox_disk - add ability to manipulate CD-ROM drive (https://github.com/ansible-collections/community.general/pull/7495). diff --git a/changelogs/fragments/7499-allow-mtu-setting-on-bond-and-infiniband-interfaces.yml b/changelogs/fragments/7499-allow-mtu-setting-on-bond-and-infiniband-interfaces.yml deleted file mode 100644 index f12aa55760..0000000000 --- a/changelogs/fragments/7499-allow-mtu-setting-on-bond-and-infiniband-interfaces.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - nmcli - allow for the setting of ``MTU`` for ``infiniband`` and ``bond`` interface types (https://github.com/ansible-collections/community.general/pull/7499). diff --git a/changelogs/fragments/7501-type.yml b/changelogs/fragments/7501-type.yml deleted file mode 100644 index 994c31ce5a..0000000000 --- a/changelogs/fragments/7501-type.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "ocapi_utils, oci_utils, redfish_utils module utils - replace ``type()`` calls with ``isinstance()`` calls (https://github.com/ansible-collections/community.general/pull/7501)." diff --git a/changelogs/fragments/7506-pipx-pipargs.yml b/changelogs/fragments/7506-pipx-pipargs.yml deleted file mode 100644 index fb5cb52e6f..0000000000 --- a/changelogs/fragments/7506-pipx-pipargs.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - pipx module utils - change the CLI argument formatter for the ``pip_args`` parameter (https://github.com/ansible-collections/community.general/issues/7497, https://github.com/ansible-collections/community.general/pull/7506). diff --git a/changelogs/fragments/7517-elastic-close-client.yaml b/changelogs/fragments/7517-elastic-close-client.yaml deleted file mode 100644 index ee383d26a6..0000000000 --- a/changelogs/fragments/7517-elastic-close-client.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - elastic callback plugin - close elastic client to not leak resources (https://github.com/ansible-collections/community.general/pull/7517). diff --git a/changelogs/fragments/7535-terraform-fix-multiline-string-handling-in-complex-variables.yml b/changelogs/fragments/7535-terraform-fix-multiline-string-handling-in-complex-variables.yml deleted file mode 100644 index b991522dd6..0000000000 --- a/changelogs/fragments/7535-terraform-fix-multiline-string-handling-in-complex-variables.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "terraform - fix multiline string handling in complex variables (https://github.com/ansible-collections/community.general/pull/7535)." diff --git a/changelogs/fragments/7538-add-krbprincipalattribute-option.yml b/changelogs/fragments/7538-add-krbprincipalattribute-option.yml deleted file mode 100644 index e2e2ce61c2..0000000000 --- a/changelogs/fragments/7538-add-krbprincipalattribute-option.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - keycloak_user_federation - add option for ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/7538). diff --git a/changelogs/fragments/7540-proxmox-update-config.yml b/changelogs/fragments/7540-proxmox-update-config.yml deleted file mode 100644 index d89c26115f..0000000000 --- a/changelogs/fragments/7540-proxmox-update-config.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - proxmox - adds ``update`` parameter, allowing update of an already existing containers configuration (https://github.com/ansible-collections/community.general/pull/7540). diff --git a/changelogs/fragments/7542-irc-logentries-ssl.yml b/changelogs/fragments/7542-irc-logentries-ssl.yml deleted file mode 100644 index 6897087dfb..0000000000 --- a/changelogs/fragments/7542-irc-logentries-ssl.yml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: - - "log_entries callback plugin - replace ``ssl.wrap_socket`` that was removed from Python 3.12 with code for creating a proper SSL context (https://github.com/ansible-collections/community.general/pull/7542)." - - "irc - replace ``ssl.wrap_socket`` that was removed from Python 3.12 with code for creating a proper SSL context (https://github.com/ansible-collections/community.general/pull/7542)." diff --git a/changelogs/fragments/7550-irc-use_tls-validate_certs.yml b/changelogs/fragments/7550-irc-use_tls-validate_certs.yml deleted file mode 100644 index 0c99d8fd6f..0000000000 --- a/changelogs/fragments/7550-irc-use_tls-validate_certs.yml +++ /dev/null @@ -1,5 +0,0 @@ -minor_changes: - - "irc - add ``validate_certs`` option, and rename ``use_ssl`` to ``use_tls``, while keeping ``use_ssl`` as an alias. - The default value for ``validate_certs`` is ``false`` for backwards compatibility. We recommend to every user of - this module to explicitly set ``use_tls=true`` and `validate_certs=true`` whenever possible, especially when - communicating to IRC servers over the internet (https://github.com/ansible-collections/community.general/pull/7550)." diff --git a/changelogs/fragments/7564-onepassword-lookup-case-insensitive.yaml b/changelogs/fragments/7564-onepassword-lookup-case-insensitive.yaml deleted file mode 100644 index d2eaf2ff11..0000000000 --- a/changelogs/fragments/7564-onepassword-lookup-case-insensitive.yaml +++ /dev/null @@ -1,4 +0,0 @@ -bugfixes: - - >- - onepassword lookup plugin - field and section titles are now case insensitive when using - op CLI version two or later. This matches the behavior of version one (https://github.com/ansible-collections/community.general/pull/7564). diff --git a/changelogs/fragments/7569-infiniband-slave-support.yml b/changelogs/fragments/7569-infiniband-slave-support.yml deleted file mode 100644 index f54460842d..0000000000 --- a/changelogs/fragments/7569-infiniband-slave-support.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - nmcli - allow for ``infiniband`` slaves of ``bond`` interface types (https://github.com/ansible-collections/community.general/pull/7569). diff --git a/changelogs/fragments/7577-fix-apt_rpm-module.yml b/changelogs/fragments/7577-fix-apt_rpm-module.yml deleted file mode 100644 index ef55eb5bd2..0000000000 --- a/changelogs/fragments/7577-fix-apt_rpm-module.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - apt-rpm - the module did not upgrade packages if a newer version exists. Now the package will be reinstalled if the candidate is newer than the installed version (https://github.com/ansible-collections/community.general/issues/7414). diff --git a/changelogs/fragments/7578-irc-tls.yml b/changelogs/fragments/7578-irc-tls.yml deleted file mode 100644 index a7fcbbca29..0000000000 --- a/changelogs/fragments/7578-irc-tls.yml +++ /dev/null @@ -1,4 +0,0 @@ -deprecated_features: - - "irc - the defaults ``false`` for ``use_tls`` and ``validate_certs`` have been deprecated and will change to ``true`` in community.general 10.0.0 - to improve security. You can already improve security now by explicitly setting them to ``true``. Specifying values now disables the deprecation - warning (https://github.com/ansible-collections/community.general/pull/7578)." diff --git a/changelogs/fragments/7588-ipa-config-new-choice-passkey-to-ipauserauthtype.yml b/changelogs/fragments/7588-ipa-config-new-choice-passkey-to-ipauserauthtype.yml deleted file mode 100644 index c9d83c761a..0000000000 --- a/changelogs/fragments/7588-ipa-config-new-choice-passkey-to-ipauserauthtype.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ipa_config - adds ``passkey`` choice to ``ipauserauthtype`` parameter's choices (https://github.com/ansible-collections/community.general/pull/7588). diff --git a/changelogs/fragments/7589-ipa-config-new-choices-idp-and-passkey-to-ipauserauthtype.yml b/changelogs/fragments/7589-ipa-config-new-choices-idp-and-passkey-to-ipauserauthtype.yml deleted file mode 100644 index bf584514ae..0000000000 --- a/changelogs/fragments/7589-ipa-config-new-choices-idp-and-passkey-to-ipauserauthtype.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ipa_user - adds ``idp`` and ``passkey`` choice to ``ipauserauthtype`` parameter's choices (https://github.com/ansible-collections/community.general/pull/7589). diff --git a/changelogs/fragments/7600-proxmox_kvm-hookscript.yml b/changelogs/fragments/7600-proxmox_kvm-hookscript.yml deleted file mode 100644 index 5d79e71657..0000000000 --- a/changelogs/fragments/7600-proxmox_kvm-hookscript.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "proxmox_kvm - support the ``hookscript`` parameter (https://github.com/ansible-collections/community.general/issues/7600)." diff --git a/changelogs/fragments/7601-lvol-fix.yml b/changelogs/fragments/7601-lvol-fix.yml deleted file mode 100644 index b83fe15683..0000000000 --- a/changelogs/fragments/7601-lvol-fix.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - lvol - test for output messages in both ``stdout`` and ``stderr`` (https://github.com/ansible-collections/community.general/pull/7601, https://github.com/ansible-collections/community.general/issues/7182). diff --git a/changelogs/fragments/7612-interface_file-method.yml b/changelogs/fragments/7612-interface_file-method.yml deleted file mode 100644 index 38fcb71503..0000000000 --- a/changelogs/fragments/7612-interface_file-method.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "interface_files - also consider ``address_family`` when changing ``option=method`` (https://github.com/ansible-collections/community.general/issues/7610, https://github.com/ansible-collections/community.general/pull/7612)." diff --git a/changelogs/fragments/7626-redfish-info-add-boot-progress-property.yml b/changelogs/fragments/7626-redfish-info-add-boot-progress-property.yml deleted file mode 100644 index 919383686b..0000000000 --- a/changelogs/fragments/7626-redfish-info-add-boot-progress-property.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - redfish_info - adding the ``BootProgress`` property when getting ``Systems`` info (https://github.com/ansible-collections/community.general/pull/7626). diff --git a/changelogs/fragments/7641-fix-keycloak-api-client-to-quote-properly.yml b/changelogs/fragments/7641-fix-keycloak-api-client-to-quote-properly.yml deleted file mode 100644 index c11cbf3b06..0000000000 --- a/changelogs/fragments/7641-fix-keycloak-api-client-to-quote-properly.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - keycloak_* - fix Keycloak API client to quote ``/`` properly (https://github.com/ansible-collections/community.general/pull/7641). diff --git a/changelogs/fragments/7645-Keycloak-print-error-msg-from-server.yml b/changelogs/fragments/7645-Keycloak-print-error-msg-from-server.yml deleted file mode 100644 index 509ab0fd81..0000000000 --- a/changelogs/fragments/7645-Keycloak-print-error-msg-from-server.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - keycloak module utils - expose error message from Keycloak server for HTTP errors in some specific situations (https://github.com/ansible-collections/community.general/pull/7645). \ No newline at end of file diff --git a/changelogs/fragments/7646-fix-order-number-detection-in-dn.yml b/changelogs/fragments/7646-fix-order-number-detection-in-dn.yml deleted file mode 100644 index f2d2379872..0000000000 --- a/changelogs/fragments/7646-fix-order-number-detection-in-dn.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - ldap - previously the order number (if present) was expected to follow an equals sign in the DN. This makes it so the order number string is identified correctly anywhere within the DN (https://github.com/ansible-collections/community.general/issues/7646). diff --git a/changelogs/fragments/7653-fix-cloudflare-lookup.yml b/changelogs/fragments/7653-fix-cloudflare-lookup.yml deleted file mode 100644 index f370a1c1d1..0000000000 --- a/changelogs/fragments/7653-fix-cloudflare-lookup.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - cloudflare_dns - fix Cloudflare lookup of SHFP records (https://github.com/ansible-collections/community.general/issues/7652). diff --git a/changelogs/fragments/7676-lvol-pvs-as-list.yml b/changelogs/fragments/7676-lvol-pvs-as-list.yml deleted file mode 100644 index aa28fff59d..0000000000 --- a/changelogs/fragments/7676-lvol-pvs-as-list.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - lvol - change ``pvs`` argument type to list of strings (https://github.com/ansible-collections/community.general/pull/7676, https://github.com/ansible-collections/community.general/issues/7504). diff --git a/changelogs/fragments/7696-avoid-attempt-to-delete-non-existing-user.yml b/changelogs/fragments/7696-avoid-attempt-to-delete-non-existing-user.yml deleted file mode 100644 index db57d68233..0000000000 --- a/changelogs/fragments/7696-avoid-attempt-to-delete-non-existing-user.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - keycloak_user - when ``force`` is set, but user does not exist, do not try to delete it (https://github.com/ansible-collections/community.general/pull/7696). diff --git a/changelogs/fragments/7698-improvements-to-keycloak_realm_key.yml b/changelogs/fragments/7698-improvements-to-keycloak_realm_key.yml deleted file mode 100644 index 0cd996c510..0000000000 --- a/changelogs/fragments/7698-improvements-to-keycloak_realm_key.yml +++ /dev/null @@ -1,4 +0,0 @@ -minor_changes: - - keycloak_realm_key - the ``provider_id`` option now supports RSA encryption key usage (value ``rsa-enc``) (https://github.com/ansible-collections/community.general/pull/7698). - - keycloak_realm_key - the ``config.algorithm`` option now supports 8 additional key algorithms (https://github.com/ansible-collections/community.general/pull/7698). - - keycloak_realm_key - the ``config.certificate`` option value is no longer defined with ``no_log=True`` (https://github.com/ansible-collections/community.general/pull/7698). \ No newline at end of file diff --git a/changelogs/fragments/7703-ssh_config_add_keys_to_agent_option.yml b/changelogs/fragments/7703-ssh_config_add_keys_to_agent_option.yml deleted file mode 100644 index 99893a0ff3..0000000000 --- a/changelogs/fragments/7703-ssh_config_add_keys_to_agent_option.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ssh_config - new feature to set ``AddKeysToAgent`` option to ``yes`` or ``no`` (https://github.com/ansible-collections/community.general/pull/7703). diff --git a/changelogs/fragments/7704-ssh_config_identities_only_option.yml b/changelogs/fragments/7704-ssh_config_identities_only_option.yml deleted file mode 100644 index 9efa10b70f..0000000000 --- a/changelogs/fragments/7704-ssh_config_identities_only_option.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ssh_config - new feature to set ``IdentitiesOnly`` option to ``yes`` or ``no`` (https://github.com/ansible-collections/community.general/pull/7704). diff --git a/changelogs/fragments/7717-prevent-modprobe-error.yml b/changelogs/fragments/7717-prevent-modprobe-error.yml deleted file mode 100644 index bfef30e67b..0000000000 --- a/changelogs/fragments/7717-prevent-modprobe-error.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - modprobe - listing modules files or modprobe files could trigger a FileNotFoundError if ``/etc/modprobe.d`` or ``/etc/modules-load.d`` did not exist. Relevant functions now return empty lists if the directories do not exist to avoid crashing the module (https://github.com/ansible-collections/community.general/issues/7717). diff --git a/changelogs/fragments/7723-ipa-pwpolicy-update-pwpolicy-module.yml b/changelogs/fragments/7723-ipa-pwpolicy-update-pwpolicy-module.yml deleted file mode 100644 index bffd40efcd..0000000000 --- a/changelogs/fragments/7723-ipa-pwpolicy-update-pwpolicy-module.yml +++ /dev/null @@ -1,3 +0,0 @@ -minor_changes: - - ipa_pwpolicy - update module to support ``maxrepeat``, ``maxsequence``, ``dictcheck``, ``usercheck``, ``gracelimit`` parameters in FreeIPA password policies (https://github.com/ansible-collections/community.general/pull/7723). - - ipa_pwpolicy - refactor module and exchange a sequence ``if`` statements with a ``for`` loop (https://github.com/ansible-collections/community.general/pull/7723). diff --git a/changelogs/fragments/7737-add-ipa-dnsrecord-ns-type.yml b/changelogs/fragments/7737-add-ipa-dnsrecord-ns-type.yml deleted file mode 100644 index 534d96e123..0000000000 --- a/changelogs/fragments/7737-add-ipa-dnsrecord-ns-type.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ipa_dnsrecord - adds ability to manage NS record types (https://github.com/ansible-collections/community.general/pull/7737). diff --git a/changelogs/fragments/7740-add-message-id-header-to-mail-module.yml b/changelogs/fragments/7740-add-message-id-header-to-mail-module.yml deleted file mode 100644 index 1c142b62ef..0000000000 --- a/changelogs/fragments/7740-add-message-id-header-to-mail-module.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - mail - add ``Message-ID`` header; which is required by some mail servers (https://github.com/ansible-collections/community.general/pull/7740). diff --git a/changelogs/fragments/7746-raw_post-without-actions.yml b/changelogs/fragments/7746-raw_post-without-actions.yml deleted file mode 100644 index 10dc110c5e..0000000000 --- a/changelogs/fragments/7746-raw_post-without-actions.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - xcc_redfish_command - added support for raw POSTs (``command=PostResource`` in ``category=Raw``) without a specific action info (https://github.com/ansible-collections/community.general/pull/7746). diff --git a/changelogs/fragments/7754-fixed-payload-format.yml b/changelogs/fragments/7754-fixed-payload-format.yml deleted file mode 100644 index 01458053e5..0000000000 --- a/changelogs/fragments/7754-fixed-payload-format.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - statusio_maintenance - fix error caused by incorrectly formed API data payload. Was raising "Failed to create maintenance HTTP Error 400 Bad Request" caused by bad data type for date/time and deprecated dict keys (https://github.com/ansible-collections/community.general/pull/7754). \ No newline at end of file diff --git a/changelogs/fragments/7765-mail-message-id.yml b/changelogs/fragments/7765-mail-message-id.yml deleted file mode 100644 index 54af767ecf..0000000000 --- a/changelogs/fragments/7765-mail-message-id.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "mail module, mail callback plugin - allow to configure the domain name of the Message-ID header with a new ``message_id_domain`` option (https://github.com/ansible-collections/community.general/pull/7765)." diff --git a/changelogs/fragments/7782-cloudflare_dns-spf.yml b/changelogs/fragments/7782-cloudflare_dns-spf.yml deleted file mode 100644 index 83e7fe79bb..0000000000 --- a/changelogs/fragments/7782-cloudflare_dns-spf.yml +++ /dev/null @@ -1,2 +0,0 @@ -removed_features: - - "cloudflare_dns - remove support for SPF records. These are no longer supported by CloudFlare (https://github.com/ansible-collections/community.general/pull/7782)." diff --git a/changelogs/fragments/7789-keycloak-user-federation-custom-provider-type.yml b/changelogs/fragments/7789-keycloak-user-federation-custom-provider-type.yml deleted file mode 100644 index dd20a4ea18..0000000000 --- a/changelogs/fragments/7789-keycloak-user-federation-custom-provider-type.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - keycloak_user_federation - allow custom user storage providers to be set through ``provider_id`` (https://github.com/ansible-collections/community.general/pull/7789). diff --git a/changelogs/fragments/7790-gitlab-runner-api-pagination.yml b/changelogs/fragments/7790-gitlab-runner-api-pagination.yml deleted file mode 100644 index 59a65ea8ef..0000000000 --- a/changelogs/fragments/7790-gitlab-runner-api-pagination.yml +++ /dev/null @@ -1,8 +0,0 @@ -bugfixes: - - gitlab_runner - fix pagination when checking for existing runners (https://github.com/ansible-collections/community.general/pull/7790). - -minor_changes: - - gitlab_deploy_key, gitlab_group_members, gitlab_group_variable, gitlab_hook, - gitlab_instance_variable, gitlab_project_badge, gitlab_project_variable, - gitlab_user - improve API pagination and compatibility with different versions - of ``python-gitlab`` (https://github.com/ansible-collections/community.general/pull/7790). diff --git a/changelogs/fragments/7791-proxmox_kvm-state-template-will-check-status-first.yaml b/changelogs/fragments/7791-proxmox_kvm-state-template-will-check-status-first.yaml deleted file mode 100644 index 1e061ce6af..0000000000 --- a/changelogs/fragments/7791-proxmox_kvm-state-template-will-check-status-first.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - proxmox_kvm - running ``state=template`` will first check whether VM is already a template (https://github.com/ansible-collections/community.general/pull/7792). diff --git a/changelogs/fragments/7797-ipa-fix-otp-idempotency.yml b/changelogs/fragments/7797-ipa-fix-otp-idempotency.yml deleted file mode 100644 index 43fd4f5251..0000000000 --- a/changelogs/fragments/7797-ipa-fix-otp-idempotency.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - ipa_otptoken - the module expect ``ipatokendisabled`` as string but the ``ipatokendisabled`` value is returned as a boolean (https://github.com/ansible-collections/community.general/pull/7795). diff --git a/changelogs/fragments/7821-mssql_script-py2.yml b/changelogs/fragments/7821-mssql_script-py2.yml deleted file mode 100644 index 79de688628..0000000000 --- a/changelogs/fragments/7821-mssql_script-py2.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "mssql_script - make the module work with Python 2 (https://github.com/ansible-collections/community.general/issues/7818, https://github.com/ansible-collections/community.general/pull/7821)." diff --git a/changelogs/fragments/7826-consul-modules-refactoring.yaml b/changelogs/fragments/7826-consul-modules-refactoring.yaml deleted file mode 100644 index a51352d88e..0000000000 --- a/changelogs/fragments/7826-consul-modules-refactoring.yaml +++ /dev/null @@ -1,7 +0,0 @@ -minor_changes: - - 'consul_policy, consul_role, consul_session - removed dependency on ``requests`` and factored out common parts (https://github.com/ansible-collections/community.general/pull/7826, https://github.com/ansible-collections/community.general/pull/7878).' - - consul_policy - added support for diff and check mode (https://github.com/ansible-collections/community.general/pull/7878). - - consul_role - added support for diff mode (https://github.com/ansible-collections/community.general/pull/7878). - - consul_role - added support for templated policies (https://github.com/ansible-collections/community.general/pull/7878). - - consul_role - ``service_identities`` now expects a ``service_name`` option to match the Consul API, the old ``name`` is still supported as alias (https://github.com/ansible-collections/community.general/pull/7878). - - consul_role - ``node_identities`` now expects a ``node_name`` option to match the Consul API, the old ``name`` is still supported as alias (https://github.com/ansible-collections/community.general/pull/7878). \ No newline at end of file diff --git a/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml b/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml deleted file mode 100644 index dcb1ebb218..0000000000 --- a/changelogs/fragments/7843-proxmox_kvm-update_unsafe.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - proxmox_kvm - add parameter ``update_unsafe`` to avoid limitations when updating dangerous values (https://github.com/ansible-collections/community.general/pull/7843). diff --git a/changelogs/fragments/7847-gitlab-issue-title.yml b/changelogs/fragments/7847-gitlab-issue-title.yml deleted file mode 100644 index c8b8e49905..0000000000 --- a/changelogs/fragments/7847-gitlab-issue-title.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - gitlab_issue - fix behavior to search GitLab issue, using ``search`` keyword instead of ``title`` (https://github.com/ansible-collections/community.general/issues/7846). diff --git a/changelogs/fragments/7870-homebrew-cask-installed-detection.yml b/changelogs/fragments/7870-homebrew-cask-installed-detection.yml deleted file mode 100644 index 1c70c9a2d4..0000000000 --- a/changelogs/fragments/7870-homebrew-cask-installed-detection.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - homebrew - detect already installed formulae and casks using JSON output from ``brew info`` (https://github.com/ansible-collections/community.general/issues/864). diff --git a/changelogs/fragments/7872-proxmox_fix-update-if-setting-doesnt-exist.yaml b/changelogs/fragments/7872-proxmox_fix-update-if-setting-doesnt-exist.yaml deleted file mode 100644 index 82b4fe31d9..0000000000 --- a/changelogs/fragments/7872-proxmox_fix-update-if-setting-doesnt-exist.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - proxmox - fix updating a container config if the setting does not already exist (https://github.com/ansible-collections/community.general/pull/7872). diff --git a/changelogs/fragments/7874-incus_connection_treats_inventory_hostname_as_literal_in_remotes.yml b/changelogs/fragments/7874-incus_connection_treats_inventory_hostname_as_literal_in_remotes.yml deleted file mode 100644 index 83d302e9b9..0000000000 --- a/changelogs/fragments/7874-incus_connection_treats_inventory_hostname_as_literal_in_remotes.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "incus connection plugin - treats ``inventory_hostname`` as a variable instead of a literal in remote connections (https://github.com/ansible-collections/community.general/issues/7874)." diff --git a/changelogs/fragments/7881-fix-keycloak-client-ckeckmode.yml b/changelogs/fragments/7881-fix-keycloak-client-ckeckmode.yml deleted file mode 100644 index 485950c11c..0000000000 --- a/changelogs/fragments/7881-fix-keycloak-client-ckeckmode.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - keycloak_client - fixes issue when metadata is provided in desired state when task is in check mode (https://github.com/ansible-collections/community.general/issues/1226, https://github.com/ansible-collections/community.general/pull/7881). \ No newline at end of file diff --git a/changelogs/fragments/7882-add-redfish-get-service-identification.yml b/changelogs/fragments/7882-add-redfish-get-service-identification.yml deleted file mode 100644 index 463c9a2bc5..0000000000 --- a/changelogs/fragments/7882-add-redfish-get-service-identification.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - redfish_info - add command ``GetServiceIdentification`` to get service identification (https://github.com/ansible-collections/community.general/issues/7882). diff --git a/changelogs/fragments/7896-add-terraform-diff-mode.yml b/changelogs/fragments/7896-add-terraform-diff-mode.yml deleted file mode 100644 index 7c0834efa5..0000000000 --- a/changelogs/fragments/7896-add-terraform-diff-mode.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - terraform - add support for ``diff_mode`` for terraform resource_changes (https://github.com/ansible-collections/community.general/pull/7896). diff --git a/changelogs/fragments/7897-consul-action-group.yaml b/changelogs/fragments/7897-consul-action-group.yaml deleted file mode 100644 index 1764e1970d..0000000000 --- a/changelogs/fragments/7897-consul-action-group.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - consul_auth_method, consul_binding_rule, consul_policy, consul_role, consul_session, consul_token - added action group ``community.general.consul`` (https://github.com/ansible-collections/community.general/pull/7897). diff --git a/changelogs/fragments/7901-consul-acl-deprecation.yaml b/changelogs/fragments/7901-consul-acl-deprecation.yaml deleted file mode 100644 index 9480b04ce9..0000000000 --- a/changelogs/fragments/7901-consul-acl-deprecation.yaml +++ /dev/null @@ -1,3 +0,0 @@ -deprecated_features: - - "consul_acl - the module has been deprecated and will be removed in community.general 10.0.0. ``consul_token`` and ``consul_policy`` - can be used instead (https://github.com/ansible-collections/community.general/pull/7901)." \ No newline at end of file diff --git a/changelogs/fragments/7916-add-redfish-set-service-identification.yml b/changelogs/fragments/7916-add-redfish-set-service-identification.yml deleted file mode 100644 index 2b1f2ca7b3..0000000000 --- a/changelogs/fragments/7916-add-redfish-set-service-identification.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - redfish_config - add command ``SetServiceIdentification`` to set service identification (https://github.com/ansible-collections/community.general/issues/7916). diff --git a/changelogs/fragments/7919-onepassword-fieldname-casing.yaml b/changelogs/fragments/7919-onepassword-fieldname-casing.yaml deleted file mode 100644 index 9119f896f0..0000000000 --- a/changelogs/fragments/7919-onepassword-fieldname-casing.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - onepassword lookup plugin - failed for fields that were in sections and had uppercase letters in the label/ID. Field lookups are now case insensitive in all cases (https://github.com/ansible-collections/community.general/pull/7919). diff --git a/changelogs/fragments/7951-fix-redfish_info-exception.yml b/changelogs/fragments/7951-fix-redfish_info-exception.yml deleted file mode 100644 index cd5707da4b..0000000000 --- a/changelogs/fragments/7951-fix-redfish_info-exception.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "redfish_info - correct uncaught exception when attempting to retrieve ``Chassis`` information (https://github.com/ansible-collections/community.general/pull/7952)." diff --git a/changelogs/fragments/7953-proxmox_kvm-fix_status_check.yml b/changelogs/fragments/7953-proxmox_kvm-fix_status_check.yml deleted file mode 100644 index 10f8e6d26a..0000000000 --- a/changelogs/fragments/7953-proxmox_kvm-fix_status_check.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - proxmox_kvm - fixed status check getting from node-specific API endpoint (https://github.com/ansible-collections/community.general/issues/7817). diff --git a/changelogs/fragments/7956-adding-releases_events-option-to-gitlab_hook-module.yaml b/changelogs/fragments/7956-adding-releases_events-option-to-gitlab_hook-module.yaml deleted file mode 100644 index 30186804d4..0000000000 --- a/changelogs/fragments/7956-adding-releases_events-option-to-gitlab_hook-module.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - gitlab_hook - adds ``releases_events`` parameter for supporting Releases events triggers on GitLab hooks (https://github.com/ansible-collections/community.general/pull/7956). \ No newline at end of file diff --git a/changelogs/fragments/7963-fix-terraform-diff-absent.yml b/changelogs/fragments/7963-fix-terraform-diff-absent.yml deleted file mode 100644 index 4e2cf53c9b..0000000000 --- a/changelogs/fragments/7963-fix-terraform-diff-absent.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - terraform - fix ``diff_mode`` in state ``absent`` and when terraform ``resource_changes`` does not exist (https://github.com/ansible-collections/community.general/pull/7963). diff --git a/changelogs/fragments/7970-fix-cargo-path-idempotency.yaml b/changelogs/fragments/7970-fix-cargo-path-idempotency.yaml deleted file mode 100644 index 143247bc91..0000000000 --- a/changelogs/fragments/7970-fix-cargo-path-idempotency.yaml +++ /dev/null @@ -1,10 +0,0 @@ -bugfixes: - - "cargo - fix idempotency issues when using a custom installation path - for packages (using the ``--path`` parameter). - The initial installation runs fine, but subsequent runs use the - ``get_installed()`` function which did not check the given installation - location, before running ``cargo install``. This resulted in a false - ``changed`` state. - Also the removal of packeges using ``state: absent`` failed, as the - installation check did not use the given parameter - (https://github.com/ansible-collections/community.general/pull/7970)." diff --git a/changelogs/fragments/7976-add-mssql_script-transactional-support.yml b/changelogs/fragments/7976-add-mssql_script-transactional-support.yml deleted file mode 100644 index dc6f335247..0000000000 --- a/changelogs/fragments/7976-add-mssql_script-transactional-support.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - mssql_script - adds transactional (rollback/commit) support via optional boolean param ``transaction`` (https://github.com/ansible-collections/community.general/pull/7976). diff --git a/changelogs/fragments/7983-sudoers-add-support-noexec.yml b/changelogs/fragments/7983-sudoers-add-support-noexec.yml deleted file mode 100644 index f58e6f7ec8..0000000000 --- a/changelogs/fragments/7983-sudoers-add-support-noexec.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - sudoers - add support for the ``NOEXEC`` tag in sudoers rules (https://github.com/ansible-collections/community.general/pull/7983). diff --git a/changelogs/fragments/7994-bitwarden-session-arg.yaml b/changelogs/fragments/7994-bitwarden-session-arg.yaml deleted file mode 100644 index 36f9622ac0..0000000000 --- a/changelogs/fragments/7994-bitwarden-session-arg.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "bitwarden lookup plugin - add ``bw_session`` option, to pass session key instead of reading from env (https://github.com/ansible-collections/community.general/pull/7994)." diff --git a/changelogs/fragments/7996-add-templating-support-to-icinga2-inventory.yml b/changelogs/fragments/7996-add-templating-support-to-icinga2-inventory.yml deleted file mode 100644 index 9998583b83..0000000000 --- a/changelogs/fragments/7996-add-templating-support-to-icinga2-inventory.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - icinga2 inventory plugin - add Jinja2 templating support to ``url``, ``user``, and ``password`` paramenters (https://github.com/ansible-collections/community.general/issues/7074, https://github.com/ansible-collections/community.general/pull/7996). \ No newline at end of file diff --git a/changelogs/fragments/8003-redfish-get-update-status-empty-response.yml b/changelogs/fragments/8003-redfish-get-update-status-empty-response.yml deleted file mode 100644 index 21796e7a0e..0000000000 --- a/changelogs/fragments/8003-redfish-get-update-status-empty-response.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - redfish_info - allow for a GET operation invoked by ``GetUpdateStatus`` to allow for an empty response body for cases where a service returns 204 No Content (https://github.com/ansible-collections/community.general/issues/8003). diff --git a/changelogs/fragments/8048-fix-homebrew-module-error-reporting-on-become-true.yaml b/changelogs/fragments/8048-fix-homebrew-module-error-reporting-on-become-true.yaml deleted file mode 100644 index 9954be302a..0000000000 --- a/changelogs/fragments/8048-fix-homebrew-module-error-reporting-on-become-true.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - homebrew - error returned from brew command was ignored and tried to parse empty JSON. Fix now checks for an error and raises it to give accurate error message to users (https://github.com/ansible-collections/community.general/issues/8047). diff --git a/changelogs/fragments/8057-pam_limits-check-mode.yml b/changelogs/fragments/8057-pam_limits-check-mode.yml deleted file mode 100644 index f6f034e9b8..0000000000 --- a/changelogs/fragments/8057-pam_limits-check-mode.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "pam_limits - when the file does not exist, do not create it in check mode (https://github.com/ansible-collections/community.general/issues/8050, https://github.com/ansible-collections/community.general/pull/8057)." diff --git a/changelogs/fragments/8073-ldap-attrs-diff.yml b/changelogs/fragments/8073-ldap-attrs-diff.yml deleted file mode 100644 index 071fc2919e..0000000000 --- a/changelogs/fragments/8073-ldap-attrs-diff.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ldap_attrs - module now supports diff mode, showing which attributes are changed within an operation (https://github.com/ansible-collections/community.general/pull/8073). \ No newline at end of file diff --git a/changelogs/fragments/8087-removed-redundant-unicode-prefixes.yml b/changelogs/fragments/8087-removed-redundant-unicode-prefixes.yml deleted file mode 100644 index 1224ebdfa2..0000000000 --- a/changelogs/fragments/8087-removed-redundant-unicode-prefixes.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "revbitspss lookup plugin - removed a redundant unicode prefix. The prefix was not necessary for Python 3 and has been cleaned up to streamline the code (https://github.com/ansible-collections/community.general/pull/8087)." diff --git a/changelogs/fragments/8091-consul-token-fixes.yaml b/changelogs/fragments/8091-consul-token-fixes.yaml deleted file mode 100644 index c734623588..0000000000 --- a/changelogs/fragments/8091-consul-token-fixes.yaml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - "consul_token - fix token creation without ``accessor_id`` (https://github.com/ansible-collections/community.general/pull/8091)." \ No newline at end of file diff --git a/changelogs/fragments/9076-remove-duplicated-homebrew-package-name-validation.yml b/changelogs/fragments/9076-remove-duplicated-homebrew-package-name-validation.yml new file mode 100644 index 0000000000..b067625c0c --- /dev/null +++ b/changelogs/fragments/9076-remove-duplicated-homebrew-package-name-validation.yml @@ -0,0 +1,2 @@ +minor_changes: + - homebrew - remove duplicated package name validation (https://github.com/ansible-collections/community.general/pull/9076). diff --git a/changelogs/fragments/9077-keycloak_client-fix-attributes-dict-turned-into-list.yml b/changelogs/fragments/9077-keycloak_client-fix-attributes-dict-turned-into-list.yml new file mode 100644 index 0000000000..d693c2e139 --- /dev/null +++ b/changelogs/fragments/9077-keycloak_client-fix-attributes-dict-turned-into-list.yml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak_client - fix diff by removing code that turns the attributes dict which contains additional settings into a list (https://github.com/ansible-collections/community.general/pull/9077). \ No newline at end of file diff --git a/changelogs/fragments/9082-keycloak_clientscope-fix-attributes-dict-turned-into-list.yml b/changelogs/fragments/9082-keycloak_clientscope-fix-attributes-dict-turned-into-list.yml new file mode 100644 index 0000000000..c9d61780b2 --- /dev/null +++ b/changelogs/fragments/9082-keycloak_clientscope-fix-attributes-dict-turned-into-list.yml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak_clientscope - fix diff and ``end_state`` by removing the code that turns the attributes dict, which contains additional config items, into a list (https://github.com/ansible-collections/community.general/pull/9082). \ No newline at end of file diff --git a/changelogs/fragments/9096-alternatives-add-family-parameter.yml b/changelogs/fragments/9096-alternatives-add-family-parameter.yml new file mode 100644 index 0000000000..a0b021f892 --- /dev/null +++ b/changelogs/fragments/9096-alternatives-add-family-parameter.yml @@ -0,0 +1,2 @@ +minor_changes: + - alternatives - add ``family`` parameter that allows to utilize the ``--family`` option available in RedHat version of update-alternatives (https://github.com/ansible-collections/community.general/issues/5060, https://github.com/ansible-collections/community.general/pull/9096). diff --git a/changelogs/fragments/9114-redfish-utils-update-remove-default-applytime.yml b/changelogs/fragments/9114-redfish-utils-update-remove-default-applytime.yml new file mode 100644 index 0000000000..672545a0a8 --- /dev/null +++ b/changelogs/fragments/9114-redfish-utils-update-remove-default-applytime.yml @@ -0,0 +1,2 @@ +bugfixes: + - redfish_utils module utils - remove undocumented default applytime (https://github.com/ansible-collections/community.general/pull/9114). diff --git a/changelogs/fragments/9123-redfish-command-custom-oem-params.yml b/changelogs/fragments/9123-redfish-command-custom-oem-params.yml new file mode 100644 index 0000000000..a09219515a --- /dev/null +++ b/changelogs/fragments/9123-redfish-command-custom-oem-params.yml @@ -0,0 +1,2 @@ +minor_changes: + - redfish_command - add ``update_custom_oem_header``, ``update_custom_oem_params``, and ``update_custom_oem_mime_type`` options (https://github.com/ansible-collections/community.general/pull/9123). diff --git a/changelogs/fragments/9124-dnf_config_manager.yml b/changelogs/fragments/9124-dnf_config_manager.yml new file mode 100644 index 0000000000..9c87f02d64 --- /dev/null +++ b/changelogs/fragments/9124-dnf_config_manager.yml @@ -0,0 +1,2 @@ +bugfixes: + - dnf_config_manager - fix hanging when prompting to import GPG keys (https://github.com/ansible-collections/community.general/pull/9124, https://github.com/ansible-collections/community.general/issues/8830). diff --git a/changelogs/fragments/9128-homebrew_cask-name-regex-fix.yml b/changelogs/fragments/9128-homebrew_cask-name-regex-fix.yml new file mode 100644 index 0000000000..69765958fb --- /dev/null +++ b/changelogs/fragments/9128-homebrew_cask-name-regex-fix.yml @@ -0,0 +1,2 @@ +bugfixes: + - homebrew_cask - allow ``+`` symbol in Homebrew cask name validation regex (https://github.com/ansible-collections/community.general/pull/9128). diff --git a/changelogs/fragments/9132-cloudflare_dns-comment-and-tags.yml b/changelogs/fragments/9132-cloudflare_dns-comment-and-tags.yml new file mode 100644 index 0000000000..b601e39f55 --- /dev/null +++ b/changelogs/fragments/9132-cloudflare_dns-comment-and-tags.yml @@ -0,0 +1,2 @@ +minor_changes: + - cloudflare_dns - add support for ``comment`` and ``tags`` (https://github.com/ansible-collections/community.general/pull/9132). diff --git a/changelogs/fragments/9157-fix-dnf_config_manager-locale.yml b/changelogs/fragments/9157-fix-dnf_config_manager-locale.yml new file mode 100644 index 0000000000..f2084dfa5f --- /dev/null +++ b/changelogs/fragments/9157-fix-dnf_config_manager-locale.yml @@ -0,0 +1,2 @@ +bugfixes: + - dnf_config_manager - forces locale to ``C`` before module starts. If the locale was set to non-English, the output of the ``dnf config-manager`` could not be parsed (https://github.com/ansible-collections/community.general/pull/9157, https://github.com/ansible-collections/community.general/issues/9046). \ No newline at end of file diff --git a/changelogs/fragments/9159-iso-extract_add_password.yml b/changelogs/fragments/9159-iso-extract_add_password.yml new file mode 100644 index 0000000000..f1b2650d4f --- /dev/null +++ b/changelogs/fragments/9159-iso-extract_add_password.yml @@ -0,0 +1,2 @@ +minor_changes: + - iso_extract - adds ``password`` parameter that is passed to 7z (https://github.com/ansible-collections/community.general/pull/9159). diff --git a/changelogs/fragments/9167-rpm_ostree_pkg-apply_live.yml b/changelogs/fragments/9167-rpm_ostree_pkg-apply_live.yml new file mode 100644 index 0000000000..e473dedd0b --- /dev/null +++ b/changelogs/fragments/9167-rpm_ostree_pkg-apply_live.yml @@ -0,0 +1,3 @@ +minor_changes: +- rpm_ostree_pkg - added the options ``apply_live`` (https://github.com/ansible-collections/community.general/pull/9167). +- rpm_ostree_pkg - added the return value ``needs_reboot`` (https://github.com/ansible-collections/community.general/pull/9167). diff --git a/changelogs/fragments/9168-nmcli-add-sriov-parameter.yml b/changelogs/fragments/9168-nmcli-add-sriov-parameter.yml new file mode 100644 index 0000000000..77f28e73bf --- /dev/null +++ b/changelogs/fragments/9168-nmcli-add-sriov-parameter.yml @@ -0,0 +1,2 @@ +minor_changes: + - nmcli - add ``sriov`` parameter that enables support for SR-IOV settings (https://github.com/ansible-collections/community.general/pull/9168). diff --git a/changelogs/fragments/9171-gio-mime-fix-version.yml b/changelogs/fragments/9171-gio-mime-fix-version.yml new file mode 100644 index 0000000000..ca9dbddd7f --- /dev/null +++ b/changelogs/fragments/9171-gio-mime-fix-version.yml @@ -0,0 +1,2 @@ +bugfixes: + - gio_mime - fix command line when determining version of ``gio`` (https://github.com/ansible-collections/community.general/pull/9171, https://github.com/ansible-collections/community.general/issues/9158). diff --git a/changelogs/fragments/9172-opkg-deprecate-force-none.yml b/changelogs/fragments/9172-opkg-deprecate-force-none.yml new file mode 100644 index 0000000000..1b11419c5a --- /dev/null +++ b/changelogs/fragments/9172-opkg-deprecate-force-none.yml @@ -0,0 +1,2 @@ +deprecated_features: + - opkg - deprecate value ``""`` for parameter ``force`` (https://github.com/ansible-collections/community.general/pull/9172). diff --git a/changelogs/fragments/9174-xbps-support-rootdir-and-repository.yml b/changelogs/fragments/9174-xbps-support-rootdir-and-repository.yml new file mode 100644 index 0000000000..9197607684 --- /dev/null +++ b/changelogs/fragments/9174-xbps-support-rootdir-and-repository.yml @@ -0,0 +1,2 @@ +minor_changes: + - xbps - add ``root`` and ``repository`` options to enable bootstrapping new void installations (https://github.com/ansible-collections/community.general/pull/9174). diff --git a/changelogs/fragments/9179-deps-tests.yml b/changelogs/fragments/9179-deps-tests.yml new file mode 100644 index 0000000000..1ddf109033 --- /dev/null +++ b/changelogs/fragments/9179-deps-tests.yml @@ -0,0 +1,2 @@ +minor_changes: + - deps module utils - add ``deps.clear()`` to clear out previously declared dependencies (https://github.com/ansible-collections/community.general/pull/9179). diff --git a/changelogs/fragments/9180-pipx-version.yml b/changelogs/fragments/9180-pipx-version.yml new file mode 100644 index 0000000000..f07d66c83c --- /dev/null +++ b/changelogs/fragments/9180-pipx-version.yml @@ -0,0 +1,3 @@ +minor_changes: + - pipx - add return value ``version`` (https://github.com/ansible-collections/community.general/pull/9180). + - pipx_info - add return value ``version`` (https://github.com/ansible-collections/community.general/pull/9180). diff --git a/changelogs/fragments/9181-improve-homebrew-module-performance.yml b/changelogs/fragments/9181-improve-homebrew-module-performance.yml new file mode 100644 index 0000000000..b3b6ba2ca4 --- /dev/null +++ b/changelogs/fragments/9181-improve-homebrew-module-performance.yml @@ -0,0 +1,2 @@ +minor_changes: + - homebrew - greatly speed up module when multiple packages are passed in the ``name`` option (https://github.com/ansible-collections/community.general/pull/9181). \ No newline at end of file diff --git a/changelogs/fragments/9186-fix-broken-check-mode-in-github-key.yml b/changelogs/fragments/9186-fix-broken-check-mode-in-github-key.yml new file mode 100644 index 0000000000..dbf1f145d5 --- /dev/null +++ b/changelogs/fragments/9186-fix-broken-check-mode-in-github-key.yml @@ -0,0 +1,2 @@ +bugfixes: + - github_key - in check mode, a faulty call to ```datetime.strftime(...)``` was being made which generated an exception (https://github.com/ansible-collections/community.general/issues/9185). \ No newline at end of file diff --git a/changelogs/fragments/9187-flatpak-lang.yml b/changelogs/fragments/9187-flatpak-lang.yml new file mode 100644 index 0000000000..159923cbdc --- /dev/null +++ b/changelogs/fragments/9187-flatpak-lang.yml @@ -0,0 +1,2 @@ +bugfixes: + - flatpak - force the locale language to ``C`` when running the flatpak command (https://github.com/ansible-collections/community.general/pull/9187, https://github.com/ansible-collections/community.general/issues/8883). diff --git a/changelogs/fragments/9189-scalway-lb-simplify-return.yml b/changelogs/fragments/9189-scalway-lb-simplify-return.yml new file mode 100644 index 0000000000..39d161f06b --- /dev/null +++ b/changelogs/fragments/9189-scalway-lb-simplify-return.yml @@ -0,0 +1,2 @@ +minor_changes: + - scaleway_lb - minor simplification in the code (https://github.com/ansible-collections/community.general/pull/9189). diff --git a/changelogs/fragments/9190-redfish-utils-unused-code.yml b/changelogs/fragments/9190-redfish-utils-unused-code.yml new file mode 100644 index 0000000000..47f7588b96 --- /dev/null +++ b/changelogs/fragments/9190-redfish-utils-unused-code.yml @@ -0,0 +1,4 @@ +minor_changes: + - redfish_utils module utils - remove redundant code (https://github.com/ansible-collections/community.general/pull/9190). +deprecated_features: + - redfish_utils module utils - deprecate method ``RedfishUtils._init_session()`` (https://github.com/ansible-collections/community.general/pull/9190). diff --git a/changelogs/fragments/9198-fail-if-slack-api-response-is-not-ok-with-error-message.yml b/changelogs/fragments/9198-fail-if-slack-api-response-is-not-ok-with-error-message.yml new file mode 100644 index 0000000000..56ab25f578 --- /dev/null +++ b/changelogs/fragments/9198-fail-if-slack-api-response-is-not-ok-with-error-message.yml @@ -0,0 +1,2 @@ +bugfixes: + - slack - fail if Slack API response is not OK with error message (https://github.com/ansible-collections/community.general/pull/9198). diff --git a/changelogs/fragments/9202-keycloak_clientscope_type-sort-lists.yml b/changelogs/fragments/9202-keycloak_clientscope_type-sort-lists.yml new file mode 100644 index 0000000000..ef9fc7a6f7 --- /dev/null +++ b/changelogs/fragments/9202-keycloak_clientscope_type-sort-lists.yml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak_clientscope_type - sort the default and optional clientscope lists to improve the diff (https://github.com/ansible-collections/community.general/pull/9202). \ No newline at end of file diff --git a/changelogs/fragments/9223-proxmox-backup-bugfixes.yml b/changelogs/fragments/9223-proxmox-backup-bugfixes.yml new file mode 100644 index 0000000000..559e1f45bc --- /dev/null +++ b/changelogs/fragments/9223-proxmox-backup-bugfixes.yml @@ -0,0 +1,2 @@ +bugfixes: + - proxmox_backup - fix incorrect key lookup in vmid permission check (https://github.com/ansible-collections/community.general/pull/9223). diff --git a/changelogs/fragments/9226-xfconf-version.yml b/changelogs/fragments/9226-xfconf-version.yml new file mode 100644 index 0000000000..517beb9b96 --- /dev/null +++ b/changelogs/fragments/9226-xfconf-version.yml @@ -0,0 +1,3 @@ +minor_changes: + - xfconf - add return value ``version`` (https://github.com/ansible-collections/community.general/pull/9226). + - xfconf_info - add return value ``version`` (https://github.com/ansible-collections/community.general/pull/9226). diff --git a/changelogs/fragments/9228-fix-issue-header.yml b/changelogs/fragments/9228-fix-issue-header.yml new file mode 100644 index 0000000000..450a23f8e5 --- /dev/null +++ b/changelogs/fragments/9228-fix-issue-header.yml @@ -0,0 +1,2 @@ +minor_changes: + - proxmox inventory plugin - strip whitespace from ``user``, ``token_id``, and ``token_secret`` (https://github.com/ansible-collections/community.general/issues/9227, https://github.com/ansible-collections/community.general/pull/9228/). diff --git a/changelogs/fragments/9234-fix-verify-bios-attributes-multi-system.yml b/changelogs/fragments/9234-fix-verify-bios-attributes-multi-system.yml new file mode 100644 index 0000000000..95bafed8d8 --- /dev/null +++ b/changelogs/fragments/9234-fix-verify-bios-attributes-multi-system.yml @@ -0,0 +1,2 @@ +bugfixes: + - redfish_utils module utils - Fix ``VerifyBiosAttributes`` command on multi system resource nodes (https://github.com/ansible-collections/community.general/pull/9234). diff --git a/changelogs/fragments/9238-locale-gen-rewrite.yml b/changelogs/fragments/9238-locale-gen-rewrite.yml new file mode 100644 index 0000000000..c2c9160bfb --- /dev/null +++ b/changelogs/fragments/9238-locale-gen-rewrite.yml @@ -0,0 +1,13 @@ +minor_changes: + - "locale_gen - invert the logic to determine ``ubuntu_mode``, making it look first for ``/etc/locale.gen`` (set ``ubuntu_mode`` to ``False``) + and only then looking for ``/var/lib/locales/supported.d/`` (set ``ubuntu_mode`` to ``True``) + (https://github.com/ansible-collections/community.general/pull/9238, + https://github.com/ansible-collections/community.general/issues/9131, + https://github.com/ansible-collections/community.general/issues/8487)." + - > + locale_gen - new return value ``mechanism`` to better express the semantics of the ``ubuntu_mode``, with the possible values being either + ``glibc`` (``ubuntu_mode=False``) or ``ubuntu_legacy`` (``ubuntu_mode=True``) (https://github.com/ansible-collections/community.general/pull/9238). +deprecated_features: + - > + locale_gen - ``ubuntu_mode=True``, or ``mechanism=ubuntu_legacy`` is deprecated and will be removed in community.general 13.0.0 + (https://github.com/ansible-collections/community.general/pull/9238). diff --git a/changelogs/fragments/9239-proxmox-backup-refactor.yml b/changelogs/fragments/9239-proxmox-backup-refactor.yml new file mode 100644 index 0000000000..4f73fe6dde --- /dev/null +++ b/changelogs/fragments/9239-proxmox-backup-refactor.yml @@ -0,0 +1,2 @@ +minor_changes: + - proxmox_backup - refactor permission checking to improve code readability and maintainability (https://github.com/ansible-collections/community.general/pull/9239). diff --git a/changelogs/fragments/9255-fix-handling-of-aliased-homebrew-packages.yml b/changelogs/fragments/9255-fix-handling-of-aliased-homebrew-packages.yml new file mode 100644 index 0000000000..350e81af8e --- /dev/null +++ b/changelogs/fragments/9255-fix-handling-of-aliased-homebrew-packages.yml @@ -0,0 +1,2 @@ +bugfixes: + - homebrew - fix incorrect handling of aliased homebrew modules when the alias is requested (https://github.com/ansible-collections/community.general/pull/9255, https://github.com/ansible-collections/community.general/issues/9240). \ No newline at end of file diff --git a/changelogs/fragments/9256-proxmox_disk-fix-async-method-of-resize_disk.yml b/changelogs/fragments/9256-proxmox_disk-fix-async-method-of-resize_disk.yml new file mode 100644 index 0000000000..0b0a826a0d --- /dev/null +++ b/changelogs/fragments/9256-proxmox_disk-fix-async-method-of-resize_disk.yml @@ -0,0 +1,4 @@ +bugfixes: + - proxmox_disk - fix async method and make ``resize_disk`` method handle errors correctly (https://github.com/ansible-collections/community.general/pull/9256). +minor_changes: + - proxmox module utils - add method ``api_task_complete`` that can wait for task completion and return error message (https://github.com/ansible-collections/community.general/pull/9256). diff --git a/changelogs/fragments/9263-kc_authentication-api-priority.yaml b/changelogs/fragments/9263-kc_authentication-api-priority.yaml new file mode 100644 index 0000000000..a943e659ad --- /dev/null +++ b/changelogs/fragments/9263-kc_authentication-api-priority.yaml @@ -0,0 +1,2 @@ +security_fixes: + - keycloak_authentication - API calls did not properly set the ``priority`` during update resulting in incorrectly sorted authentication flows. This apparently only affects Keycloak 25 or newer (https://github.com/ansible-collections/community.general/pull/9263). \ No newline at end of file diff --git a/changelogs/fragments/9270-zypper-add-simple_errors.yaml b/changelogs/fragments/9270-zypper-add-simple_errors.yaml new file mode 100644 index 0000000000..9fcdf3403c --- /dev/null +++ b/changelogs/fragments/9270-zypper-add-simple_errors.yaml @@ -0,0 +1,3 @@ +minor_changes: + - zypper - add ``simple_errors`` option (https://github.com/ansible-collections/community.general/pull/9270). + - zypper - add ``quiet`` option (https://github.com/ansible-collections/community.general/pull/9270). \ No newline at end of file diff --git a/changelogs/fragments/9277-proxmox_template-fix-the-wrong-path-called-on-proxmox_template.task_status.yaml b/changelogs/fragments/9277-proxmox_template-fix-the-wrong-path-called-on-proxmox_template.task_status.yaml new file mode 100644 index 0000000000..166c040e3b --- /dev/null +++ b/changelogs/fragments/9277-proxmox_template-fix-the-wrong-path-called-on-proxmox_template.task_status.yaml @@ -0,0 +1,2 @@ +bugfixes: + - proxmox_template - fix the wrong path called on ``proxmox_template.task_status`` (https://github.com/ansible-collections/community.general/issues/9276, https://github.com/ansible-collections/community.general/pull/9277). diff --git a/changelogs/fragments/9284-add-keycloak-action-group.yml b/changelogs/fragments/9284-add-keycloak-action-group.yml new file mode 100644 index 0000000000..b25c370346 --- /dev/null +++ b/changelogs/fragments/9284-add-keycloak-action-group.yml @@ -0,0 +1,2 @@ +minor_changes: + - keycloak - add an action group for Keycloak modules to allow ``module_defaults`` to be set for Keycloak tasks (https://github.com/ansible-collections/community.general/pull/9284). diff --git a/changelogs/fragments/9318-fstr-actionplugins.yml b/changelogs/fragments/9318-fstr-actionplugins.yml new file mode 100644 index 0000000000..7df54f3c19 --- /dev/null +++ b/changelogs/fragments/9318-fstr-actionplugins.yml @@ -0,0 +1,3 @@ +minor_changes: + - iptables_state action plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9318). + - shutdown action plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9318). diff --git a/changelogs/fragments/9319-fstr-become-plugins.yml b/changelogs/fragments/9319-fstr-become-plugins.yml new file mode 100644 index 0000000000..dcdc4b3f52 --- /dev/null +++ b/changelogs/fragments/9319-fstr-become-plugins.yml @@ -0,0 +1,10 @@ +minor_changes: + - doas become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - dzdo become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - ksu become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - machinectl become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - pbrun become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - pfexec become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - pmrun become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - sesu become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). + - sudosu become plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9319). diff --git a/changelogs/fragments/9320-fstr-cache-plugins.yml b/changelogs/fragments/9320-fstr-cache-plugins.yml new file mode 100644 index 0000000000..cc1aa6ea2e --- /dev/null +++ b/changelogs/fragments/9320-fstr-cache-plugins.yml @@ -0,0 +1,3 @@ +minor_changes: + - memcached cache plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9320). + - redis cache plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9320). diff --git a/changelogs/fragments/9321-fstr-callback-plugins.yml b/changelogs/fragments/9321-fstr-callback-plugins.yml new file mode 100644 index 0000000000..d79d3cbfa0 --- /dev/null +++ b/changelogs/fragments/9321-fstr-callback-plugins.yml @@ -0,0 +1,22 @@ +minor_changes: + - cgroup_memory_recap callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - context_demo callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - counter_enabled callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - dense callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - diy callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - elastic callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - jabber callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - log_plays callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - loganalytics callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - logdna callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - logentries callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - mail callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - nrdp callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - opentelemetry callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - say callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - selective callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - slack callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - splunk callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - timestamp callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - unixy callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). + - yaml callback plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9321). diff --git a/changelogs/fragments/9322-fstr-connection-plugins.yml b/changelogs/fragments/9322-fstr-connection-plugins.yml new file mode 100644 index 0000000000..4b3e264cfb --- /dev/null +++ b/changelogs/fragments/9322-fstr-connection-plugins.yml @@ -0,0 +1,11 @@ +minor_changes: + - chroot connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - funcd connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - incus connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - iocage connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - jail connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - lxc connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - lxd connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - qubes connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - saltstack connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). + - zone connection plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9322). diff --git a/changelogs/fragments/9323-fstr-inventory-plugins.yml b/changelogs/fragments/9323-fstr-inventory-plugins.yml new file mode 100644 index 0000000000..03ded1f0ec --- /dev/null +++ b/changelogs/fragments/9323-fstr-inventory-plugins.yml @@ -0,0 +1,14 @@ +minor_changes: + - cobbler inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - gitlab_runners inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - icinga2 inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - linode inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - lxd inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - nmap inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - online inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - opennebula inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - proxmox inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - scaleway inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - stackpath_compute inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - virtualbox inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). + - xen_orchestra inventory plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9323). diff --git a/changelogs/fragments/9324-fstr-lookup-plugins.yml b/changelogs/fragments/9324-fstr-lookup-plugins.yml new file mode 100644 index 0000000000..a448ae0d48 --- /dev/null +++ b/changelogs/fragments/9324-fstr-lookup-plugins.yml @@ -0,0 +1,29 @@ +minor_changes: + - bitwarden lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - chef_databag lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - collection_version lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - consul_kv lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - credstash lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - cyberarkpassword lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - dependent lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - dig lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - dnstxt lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - dsv lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - etcd lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - etcd3 lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - filetree lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - github_app_access_token lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - hiera lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - keyring lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - lastpass lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - lmdb_kv lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - manifold lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - merge_variables lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - onepassword lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - onepassword_doc lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - passwordstore lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - random_pet lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - redis lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - revbitspss lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - shelvefile lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). + - tss lookup plugin - use f-strings instead of interpolations or ``format`` (https://github.com/ansible-collections/community.general/pull/9324). diff --git a/changelogs/fragments/9334-qubes-conn.yml b/changelogs/fragments/9334-qubes-conn.yml new file mode 100644 index 0000000000..3faa8d7981 --- /dev/null +++ b/changelogs/fragments/9334-qubes-conn.yml @@ -0,0 +1,2 @@ +bugfixes: + - qubes connection plugin - fix the printing of debug information (https://github.com/ansible-collections/community.general/pull/9334). diff --git a/changelogs/fragments/9363-dig-nonameservers.yml b/changelogs/fragments/9363-dig-nonameservers.yml new file mode 100644 index 0000000000..daa48febec --- /dev/null +++ b/changelogs/fragments/9363-dig-nonameservers.yml @@ -0,0 +1,2 @@ +bugfixes: + - "dig lookup plugin - correctly handle ``NoNameserver`` exception (https://github.com/ansible-collections/community.general/pull/9363, https://github.com/ansible-collections/community.general/issues/9362)." diff --git a/changelogs/fragments/9379-refactor.yml b/changelogs/fragments/9379-refactor.yml new file mode 100644 index 0000000000..0a87b2d0c1 --- /dev/null +++ b/changelogs/fragments/9379-refactor.yml @@ -0,0 +1,26 @@ +minor_changes: + - "shutdown action plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "redis cache plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "logentries callback plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "slack callback plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "chroot connection plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "from_csv filter plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "from_ini filter plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "to_ini filter plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "cobbler inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "gitlab_runners inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "iocage inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "lxd inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "nmap inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "opennebula inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "proxmox inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "scaleway inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "virtualbox inventory plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "cyberarkpassword lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "dig lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "dnstxt lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "etcd3 lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "lmdb_kv lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "manifold lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "onepassword lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." + - "tss lookup plugin - clean up string conversions (https://github.com/ansible-collections/community.general/pull/9379)." diff --git a/changelogs/fragments/9387-pacemaker-cluster-cmd.yml b/changelogs/fragments/9387-pacemaker-cluster-cmd.yml new file mode 100644 index 0000000000..d9cc4c35a4 --- /dev/null +++ b/changelogs/fragments/9387-pacemaker-cluster-cmd.yml @@ -0,0 +1,3 @@ +minor_changes: + - pacemaker_cluster - using safer mechanism to run external command (https://github.com/ansible-collections/community.general/pull/9471). + - pacemaker_cluster - remove unused code (https://github.com/ansible-collections/community.general/pull/9471). diff --git a/changelogs/fragments/9403-redfish-add-get-accountservice.yml b/changelogs/fragments/9403-redfish-add-get-accountservice.yml new file mode 100644 index 0000000000..a57ecfec61 --- /dev/null +++ b/changelogs/fragments/9403-redfish-add-get-accountservice.yml @@ -0,0 +1,2 @@ +minor_changes: + - redfish_info - add command ``GetAccountServiceConfig`` to get full information about AccountService configuration (https://github.com/ansible-collections/community.general/pull/9403). diff --git a/changelogs/fragments/9425-gitlab-instance-raw-variable.yml b/changelogs/fragments/9425-gitlab-instance-raw-variable.yml new file mode 100644 index 0000000000..c9d6ec7d4b --- /dev/null +++ b/changelogs/fragments/9425-gitlab-instance-raw-variable.yml @@ -0,0 +1,2 @@ +minor_changes: + - gitlab_instance_variable - add support for ``raw`` variables suboption (https://github.com/ansible-collections/community.general/pull/9425). diff --git a/changelogs/fragments/9432-deprecate-pure.yml b/changelogs/fragments/9432-deprecate-pure.yml new file mode 100644 index 0000000000..21cc8f8633 --- /dev/null +++ b/changelogs/fragments/9432-deprecate-pure.yml @@ -0,0 +1,3 @@ +deprecated_features: + - purestorage doc fragments - the doc fragment is deprecated and will be removed from community.general 12.0.0. The modules using this were removed in community.general 3.0.0 (https://github.com/ansible-collections/community.general/pull/9432). + - pure module utils - the module utils is deprecated and will be removed from community.general 12.0.0. The modules using this were removed in community.general 3.0.0 (https://github.com/ansible-collections/community.general/pull/9432). diff --git a/changelogs/fragments/9443-slack-prepend_hash.yml b/changelogs/fragments/9443-slack-prepend_hash.yml new file mode 100644 index 0000000000..98151ba51e --- /dev/null +++ b/changelogs/fragments/9443-slack-prepend_hash.yml @@ -0,0 +1,3 @@ +deprecated_features: + - "slack - the default value ``auto`` of the ``prepend_hash`` option is deprecated and will change to ``never`` in community.general 12.0.0 + (https://github.com/ansible-collections/community.general/pull/9443)." diff --git a/changelogs/fragments/9449-manageiq-alert-profiles-reqs.yml b/changelogs/fragments/9449-manageiq-alert-profiles-reqs.yml new file mode 100644 index 0000000000..710cf672cc --- /dev/null +++ b/changelogs/fragments/9449-manageiq-alert-profiles-reqs.yml @@ -0,0 +1,2 @@ +minor_changes: + - manageiq_alert_profiles - improve handling of parameter requirements (https://github.com/ansible-collections/community.general/pull/9449). diff --git a/changelogs/fragments/9451-facter-deprecation.yml b/changelogs/fragments/9451-facter-deprecation.yml new file mode 100644 index 0000000000..63924e9358 --- /dev/null +++ b/changelogs/fragments/9451-facter-deprecation.yml @@ -0,0 +1,2 @@ +deprecated_features: + - facter - module is deprecated and will be removed in community.general 12.0.0, use ``community.general.facter_facts`` instead (https://github.com/ansible-collections/community.general/pull/9451). diff --git a/changelogs/fragments/9456-yaml-callback-deprecation.yml b/changelogs/fragments/9456-yaml-callback-deprecation.yml new file mode 100644 index 0000000000..47c0708c20 --- /dev/null +++ b/changelogs/fragments/9456-yaml-callback-deprecation.yml @@ -0,0 +1,2 @@ +deprecated_features: + - yaml callback plugin - deprecate plugin in favor of ``result_format=yaml`` in plugin ``ansible.bulitin.default`` (https://github.com/ansible-collections/community.general/pull/9456). diff --git a/changelogs/fragments/9482-opentelemetry-python-37.yml b/changelogs/fragments/9482-opentelemetry-python-37.yml new file mode 100644 index 0000000000..3cc291265f --- /dev/null +++ b/changelogs/fragments/9482-opentelemetry-python-37.yml @@ -0,0 +1,2 @@ +minor_changes: + - opentelemetry callback plugin - remove code handling Python versions prior to 3.7 (https://github.com/ansible-collections/community.general/pull/9482). diff --git a/changelogs/fragments/9483-sensu-deprecation.yml b/changelogs/fragments/9483-sensu-deprecation.yml new file mode 100644 index 0000000000..daa219202d --- /dev/null +++ b/changelogs/fragments/9483-sensu-deprecation.yml @@ -0,0 +1,6 @@ +deprecated_features: + - sensu_check - module is deprecated and will be removed in community.general 13.0.0, use collection ``sensu.sensu_go`` instead (https://github.com/ansible-collections/community.general/pull/9483). + - sensu_client - module is deprecated and will be removed in community.general 13.0.0, use collection ``sensu.sensu_go`` instead (https://github.com/ansible-collections/community.general/pull/9483). + - sensu_handler - module is deprecated and will be removed in community.general 13.0.0, use collection ``sensu.sensu_go`` instead (https://github.com/ansible-collections/community.general/pull/9483). + - sensu_silence - module is deprecated and will be removed in community.general 13.0.0, use collection ``sensu.sensu_go`` instead (https://github.com/ansible-collections/community.general/pull/9483). + - sensu_subscription - module is deprecated and will be removed in community.general 13.0.0, use collection ``sensu.sensu_go`` instead (https://github.com/ansible-collections/community.general/pull/9483). diff --git a/changelogs/fragments/9487-atomic-deprecation.yml b/changelogs/fragments/9487-atomic-deprecation.yml new file mode 100644 index 0000000000..80897cdccc --- /dev/null +++ b/changelogs/fragments/9487-atomic-deprecation.yml @@ -0,0 +1,4 @@ +deprecated_features: + - atomic_container - module is deprecated and will be removed in community.general 13.0.0 (https://github.com/ansible-collections/community.general/pull/9487). + - atomic_host - module is deprecated and will be removed in community.general 13.0.0 (https://github.com/ansible-collections/community.general/pull/9487). + - atomic_image - module is deprecated and will be removed in community.general 13.0.0 (https://github.com/ansible-collections/community.general/pull/9487). diff --git a/changelogs/fragments/9490-htpasswd-permissions.yml b/changelogs/fragments/9490-htpasswd-permissions.yml new file mode 100644 index 0000000000..71d174814e --- /dev/null +++ b/changelogs/fragments/9490-htpasswd-permissions.yml @@ -0,0 +1,3 @@ +bugfixes: + - "htpasswd - report changes when file permissions are adjusted + (https://github.com/ansible-collections/community.general/issues/9485, https://github.com/ansible-collections/community.general/pull/9490)." diff --git a/changelogs/fragments/9503-opentelemetry-remove-unused-code.yml b/changelogs/fragments/9503-opentelemetry-remove-unused-code.yml new file mode 100644 index 0000000000..1381f02554 --- /dev/null +++ b/changelogs/fragments/9503-opentelemetry-remove-unused-code.yml @@ -0,0 +1,2 @@ +minor_changes: + - opentelemetry callback plugin - remove code handling Python versions prior to 3.7 (https://github.com/ansible-collections/community.general/pull/9503). diff --git a/changelogs/fragments/9539-iocage-inventory-dhcp.yml b/changelogs/fragments/9539-iocage-inventory-dhcp.yml new file mode 100644 index 0000000000..2432669d25 --- /dev/null +++ b/changelogs/fragments/9539-iocage-inventory-dhcp.yml @@ -0,0 +1,2 @@ +bugfixes: + - iocage inventory plugin - the plugin parses the IP4 tab of the jails list and put the elements into the new variable ``iocage_ip4_dict``. In multiple interface format the variable ``iocage_ip4`` keeps the comma-separated list of IP4 (https://github.com/ansible-collections/community.general/issues/9538). diff --git a/changelogs/fragments/9546-fix-handling-of-tap-homebrew-packages.yml b/changelogs/fragments/9546-fix-handling-of-tap-homebrew-packages.yml new file mode 100644 index 0000000000..a8e3f33393 --- /dev/null +++ b/changelogs/fragments/9546-fix-handling-of-tap-homebrew-packages.yml @@ -0,0 +1,2 @@ +bugfixes: + - homebrew - fix incorrect handling of homebrew modules when a tap is requested (https://github.com/ansible-collections/community.general/pull/9546, https://github.com/ansible-collections/community.general/issues/9533). \ No newline at end of file diff --git a/changelogs/fragments/add-ipa-sudorule-deny-cmd.yml b/changelogs/fragments/add-ipa-sudorule-deny-cmd.yml deleted file mode 100644 index 2d5dc6205c..0000000000 --- a/changelogs/fragments/add-ipa-sudorule-deny-cmd.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - ipa_sudorule - adds options to include denied commands or command groups (https://github.com/ansible-collections/community.general/pull/7415). diff --git a/changelogs/fragments/aix_filesystem-crfs-issue.yml b/changelogs/fragments/aix_filesystem-crfs-issue.yml deleted file mode 100644 index 6b3ddfb0d6..0000000000 --- a/changelogs/fragments/aix_filesystem-crfs-issue.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - aix_filesystem - fix issue with empty list items in crfs logic and option order (https://github.com/ansible-collections/community.general/pull/8052). diff --git a/changelogs/fragments/bitwarden-lookup-performance.yaml b/changelogs/fragments/bitwarden-lookup-performance.yaml deleted file mode 100644 index cb0405b1cb..0000000000 --- a/changelogs/fragments/bitwarden-lookup-performance.yaml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "bitwarden lookup plugin - when looking for items using an item ID, the item is now accessed directly with ``bw get item`` instead of searching through all items. This doubles the lookup speed (https://github.com/ansible-collections/community.general/pull/7468)." diff --git a/changelogs/fragments/internal-redirects.yml b/changelogs/fragments/internal-redirects.yml deleted file mode 100644 index 23ce456d4e..0000000000 --- a/changelogs/fragments/internal-redirects.yml +++ /dev/null @@ -1,5 +0,0 @@ -removed_features: - - "The deprecated redirects for internal module names have been removed. - These internal redirects were extra-long FQCNs like ``community.general.packaging.os.apt_rpm`` that redirect to the short FQCN ``community.general.apt_rpm``. - They were originally needed to implement flatmapping; as various tooling started to recommend users to use the long names flatmapping was removed from the collection - and redirects were added for users who already followed these incorrect recommendations (https://github.com/ansible-collections/community.general/pull/7835)." diff --git a/changelogs/fragments/lxd-instance-not-found-avoid-false-positives.yml b/changelogs/fragments/lxd-instance-not-found-avoid-false-positives.yml deleted file mode 100644 index 03ac8ee01b..0000000000 --- a/changelogs/fragments/lxd-instance-not-found-avoid-false-positives.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "lxd connection plugin - tighten the detection logic for lxd ``Instance not found`` errors, to avoid false detection on unrelated errors such as ``/usr/bin/python3: not found`` (https://github.com/ansible-collections/community.general/pull/7521)." diff --git a/changelogs/fragments/lxd-instances-api-endpoint-added.yml b/changelogs/fragments/lxd-instances-api-endpoint-added.yml deleted file mode 100644 index 3e7aa3b50e..0000000000 --- a/changelogs/fragments/lxd-instances-api-endpoint-added.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: - - "lxd_container - uses ``/1.0/instances`` API endpoint, if available. Falls back to ``/1.0/containers`` or ``/1.0/virtual-machines``. Fixes issue when using Incus or LXD 5.19 due to migrating to ``/1.0/instances`` endpoint (https://github.com/ansible-collections/community.general/pull/7980)." diff --git a/changelogs/fragments/pacemaker-cluster.yml b/changelogs/fragments/pacemaker-cluster.yml deleted file mode 100644 index 07e1ff3e04..0000000000 --- a/changelogs/fragments/pacemaker-cluster.yml +++ /dev/null @@ -1,3 +0,0 @@ -bugfixes: - - "pacemaker_cluster - actually implement check mode, which the module claims to support. This means that until now the module - also did changes in check mode (https://github.com/ansible-collections/community.general/pull/8081)." diff --git a/changelogs/fragments/pkgin.yml b/changelogs/fragments/pkgin.yml deleted file mode 100644 index 60eff0bfe5..0000000000 --- a/changelogs/fragments/pkgin.yml +++ /dev/null @@ -1,2 +0,0 @@ -bugfixes: - - pkgin - pkgin (pkgsrc package manager used by SmartOS) raises erratic exceptions and spurious ``changed=true`` (https://github.com/ansible-collections/community.general/pull/7971). diff --git a/changelogs/fragments/ssh_config_add_dynamicforward_option.yml b/changelogs/fragments/ssh_config_add_dynamicforward_option.yml new file mode 100644 index 0000000000..0252c94c46 --- /dev/null +++ b/changelogs/fragments/ssh_config_add_dynamicforward_option.yml @@ -0,0 +1,2 @@ +minor_changes: + - ssh_config - add ``dynamicforward`` option (https://github.com/ansible-collections/community.general/pull/9192). \ No newline at end of file diff --git a/docs/docsite/config.yml b/docs/docsite/config.yml new file mode 100644 index 0000000000..1d6cf8554a --- /dev/null +++ b/docs/docsite/config.yml @@ -0,0 +1,7 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +changelog: + write_changelog: true diff --git a/docs/docsite/extra-docs.yml b/docs/docsite/extra-docs.yml index 529573606c..f73d0fe012 100644 --- a/docs/docsite/extra-docs.yml +++ b/docs/docsite/extra-docs.yml @@ -14,3 +14,9 @@ sections: - guide_online - guide_packet - guide_scaleway + - title: Developer Guides + toctree: + - guide_deps + - guide_vardict + - guide_cmdrunner + - guide_modulehelper diff --git a/docs/docsite/helper/keep_keys/README.md b/docs/docsite/helper/keep_keys/README.md new file mode 100644 index 0000000000..69a4076ef9 --- /dev/null +++ b/docs/docsite/helper/keep_keys/README.md @@ -0,0 +1,61 @@ + + +# Docs helper. Create RST file. + +The playbook `playbook.yml` writes a RST file that can be used in +docs/docsite/rst. The usage of this helper is recommended but not +mandatory. You can stop reading here and update the RST file manually +if you don't want to use this helper. + +## Run the playbook + +If you want to generate the RST file by this helper fit the variables +in the playbook and the template to your needs. Then, run the play + +```sh +shell> ansible-playbook playbook.yml +``` + +## Copy RST to docs/docsite/rst + +Copy the RST file to `docs/docsite/rst` and remove it from this +directory. + +## Update the checksums + +Substitute the variables and run the below commands + +```sh +shell> sha1sum {{ target_vars }} > {{ target_sha1 }} +shell> sha1sum {{ file_rst }} > {{ file_sha1 }} +``` + +## Playbook explained + +The playbook includes the variable *tests* from the integration tests +and creates the RST file from the template. The playbook will +terminate if: + +* The file with the variable *tests* was changed +* The RST file was changed + +This means that this helper is probably not up to date. + +### The file with the variable *tests* was changed + +This means that somebody updated the integration tests. Review the +changes and update the template if needed. Update the checksum to pass +the integrity test. The playbook message provides you with the +command. + +### The RST file was changed + +This means that somebody updated the RST file manually. Review the +changes and update the template. Update the checksum to pass the +integrity test. The playbook message provides you with the +command. Make sure that the updated template will create identical RST +file. Only then apply your changes. diff --git a/docs/docsite/helper/keep_keys/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst.j2 b/docs/docsite/helper/keep_keys/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst.j2 new file mode 100644 index 0000000000..77281549ba --- /dev/null +++ b/docs/docsite/helper/keep_keys/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst.j2 @@ -0,0 +1,80 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +keep_keys +""""""""" + +Use the filter :ansplugin:`community.general.keep_keys#filter` if you have a list of dictionaries and want to keep certain keys only. + +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ansplugin:`the documentation for the community.general.yaml callback plugin `. + + +Let us use the below list in the following examples: + +.. code-block:: yaml + + input: + {{ tests.0.input | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[0:1]|subelements('group') %} +* {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1 + + target: {{ i.1.tt }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.0.result | to_yaml(indent=2) | indent(5) }} + +.. versionadded:: 9.1.0 + +* The results of the below examples 1-5 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.1.result | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[1:2]|subelements('group') %} +{{ loop.index }}. {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: {{ i.1.mp }} + target: {{ i.1.tt }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} + +* The results of the below examples 6-9 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.2.result | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[2:3]|subelements('group') %} +{{ loop.index + 5 }}. {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: {{ i.1.mp }} + target: {{ i.1.tt }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} diff --git a/docs/docsite/helper/keep_keys/keep_keys.rst.sha1 b/docs/docsite/helper/keep_keys/keep_keys.rst.sha1 new file mode 100644 index 0000000000..532c6a192c --- /dev/null +++ b/docs/docsite/helper/keep_keys/keep_keys.rst.sha1 @@ -0,0 +1 @@ +8690afce792abc95693c2f61f743ee27388b1592 ../../rst/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst diff --git a/docs/docsite/helper/keep_keys/keep_keys.rst.sha1.license b/docs/docsite/helper/keep_keys/keep_keys.rst.sha1.license new file mode 100644 index 0000000000..a1390a69ed --- /dev/null +++ b/docs/docsite/helper/keep_keys/keep_keys.rst.sha1.license @@ -0,0 +1,3 @@ +Copyright (c) Ansible Project +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later diff --git a/docs/docsite/helper/keep_keys/playbook.yml b/docs/docsite/helper/keep_keys/playbook.yml new file mode 100644 index 0000000000..75ef90385b --- /dev/null +++ b/docs/docsite/helper/keep_keys/playbook.yml @@ -0,0 +1,79 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Create docs REST files +# shell> ansible-playbook playbook.yml +# +# Proofread and copy created *.rst file into the directory +# docs/docsite/rst. Do not add *.rst in this directory to the version +# control. +# +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# community.general/docs/docsite/helper/keep_keys/playbook.yml + +- name: Create RST file for docs/docsite/rst + hosts: localhost + gather_facts: false + + vars: + + plugin: keep_keys + plugin_type: filter + docs_path: + - filter_guide + - abstract_informations + - lists_of_dictionaries + + file_base: "{{ (docs_path + [plugin]) | join('-') }}" + file_rst: ../../rst/{{ file_base }}.rst + file_sha1: "{{ plugin }}.rst.sha1" + + target: "../../../../tests/integration/targets/{{ plugin_type }}_{{ plugin }}" + target_vars: "{{ target }}/vars/main/tests.yml" + target_sha1: tests.yml.sha1 + + tasks: + + - name: Test integrity tests.yml + when: + - integrity | d(true) | bool + - lookup('file', target_sha1) != lookup('pipe', 'sha1sum ' ~ target_vars) + block: + + - name: Changed tests.yml + ansible.builtin.debug: + msg: | + Changed {{ target_vars }} + Review the changes and update {{ target_sha1 }} + shell> sha1sum {{ target_vars }} > {{ target_sha1 }} + + - name: Changed tests.yml end host + ansible.builtin.meta: end_play + + - name: Test integrity RST file + when: + - integrity | d(true) | bool + - lookup('file', file_sha1) != lookup('pipe', 'sha1sum ' ~ file_rst) + block: + + - name: Changed RST file + ansible.builtin.debug: + msg: | + Changed {{ file_rst }} + Review the changes and update {{ file_sha1 }} + shell> sha1sum {{ file_rst }} > {{ file_sha1 }} + + - name: Changed RST file end host + ansible.builtin.meta: end_play + + - name: Include target vars + include_vars: + file: "{{ target_vars }}" + + - name: Create RST file + ansible.builtin.template: + src: "{{ file_base }}.rst.j2" + dest: "{{ file_base }}.rst" diff --git a/docs/docsite/helper/keep_keys/tests.yml.sha1 b/docs/docsite/helper/keep_keys/tests.yml.sha1 new file mode 100644 index 0000000000..fcf41a4347 --- /dev/null +++ b/docs/docsite/helper/keep_keys/tests.yml.sha1 @@ -0,0 +1 @@ +c6fc4ee2017d9222675bcd13cc4f88ba8d14f38d ../../../../tests/integration/targets/filter_keep_keys/vars/main/tests.yml diff --git a/docs/docsite/helper/keep_keys/tests.yml.sha1.license b/docs/docsite/helper/keep_keys/tests.yml.sha1.license new file mode 100644 index 0000000000..a1390a69ed --- /dev/null +++ b/docs/docsite/helper/keep_keys/tests.yml.sha1.license @@ -0,0 +1,3 @@ +Copyright (c) Ansible Project +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later diff --git a/docs/docsite/helper/lists_mergeby/default-common.yml b/docs/docsite/helper/lists_mergeby/default-common.yml index fd874e5c91..4431fe27dc 100644 --- a/docs/docsite/helper/lists_mergeby/default-common.yml +++ b/docs/docsite/helper/lists_mergeby/default-common.yml @@ -2,17 +2,11 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - list1: - - name: foo - extra: true - - name: bar - extra: false - - name: meh - extra: true + - {name: foo, extra: true} + - {name: bar, extra: false} + - {name: meh, extra: true} list2: - - name: foo - path: /foo - - name: baz - path: /baz + - {name: foo, path: /foo} + - {name: baz, path: /baz} diff --git a/docs/docsite/helper/lists_mergeby/default-recursive-true.yml b/docs/docsite/helper/lists_mergeby/default-recursive-true.yml index 133c8f2aec..eb83ea82e1 100644 --- a/docs/docsite/helper/lists_mergeby/default-recursive-true.yml +++ b/docs/docsite/helper/lists_mergeby/default-recursive-true.yml @@ -2,14 +2,12 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - list1: - name: myname01 param01: x: default_value y: default_value - list: - - default_value + list: [default_value] - name: myname02 param01: [1, 1, 2, 3] @@ -18,7 +16,6 @@ list2: param01: y: patch_value z: patch_value - list: - - patch_value + list: [patch_value] - name: myname02 - param01: [3, 4, 4, {key: value}] + param01: [3, 4, 4] diff --git a/docs/docsite/helper/lists_mergeby/example-001.yml b/docs/docsite/helper/lists_mergeby/example-001.yml index 0cf6a9b8a7..c27b019e52 100644 --- a/docs/docsite/helper/lists_mergeby/example-001.yml +++ b/docs/docsite/helper/lists_mergeby/example-001.yml @@ -8,7 +8,7 @@ dir: example-001_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug | d(false) | bool - template: src: list3.out.j2 dest: example-001.out diff --git a/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml index 0604feccbd..8bd8bc8f24 100644 --- a/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml @@ -2,6 +2,5 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ list1| +list3: "{{ list1 | community.general.lists_mergeby(list2, 'name') }}" diff --git a/docs/docsite/helper/lists_mergeby/example-002.yml b/docs/docsite/helper/lists_mergeby/example-002.yml index 5e6e0315df..e164db1251 100644 --- a/docs/docsite/helper/lists_mergeby/example-002.yml +++ b/docs/docsite/helper/lists_mergeby/example-002.yml @@ -8,7 +8,7 @@ dir: example-002_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug | d(false) | bool - template: src: list3.out.j2 dest: example-002.out diff --git a/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml index 8ad7524072..be6cfcbf31 100644 --- a/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml @@ -2,6 +2,5 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ [list1, list2]| +list3: "{{ [list1, list2] | community.general.lists_mergeby('name') }}" diff --git a/docs/docsite/helper/lists_mergeby/example-003.yml b/docs/docsite/helper/lists_mergeby/example-003.yml index 2f93ab8a27..cbc5e43a50 100644 --- a/docs/docsite/helper/lists_mergeby/example-003.yml +++ b/docs/docsite/helper/lists_mergeby/example-003.yml @@ -8,7 +8,7 @@ dir: example-003_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug | d(false) | bool - template: src: list3.out.j2 dest: example-003.out diff --git a/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml index d5374eece5..2eff5df41a 100644 --- a/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml @@ -2,7 +2,6 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ [list1, list2]| +list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true) }}" diff --git a/docs/docsite/helper/lists_mergeby/example-004.yml b/docs/docsite/helper/lists_mergeby/example-004.yml index 3ef067faf3..68e77dea81 100644 --- a/docs/docsite/helper/lists_mergeby/example-004.yml +++ b/docs/docsite/helper/lists_mergeby/example-004.yml @@ -8,7 +8,7 @@ dir: example-004_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug | d(false) | bool - template: src: list3.out.j2 dest: example-004.out diff --git a/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml index a054ea1e73..94c8ceed38 100644 --- a/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml @@ -2,8 +2,7 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ [list1, list2]| +list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='keep') }}" diff --git a/docs/docsite/helper/lists_mergeby/example-005.yml b/docs/docsite/helper/lists_mergeby/example-005.yml index 57e7a779d9..b7b81de294 100644 --- a/docs/docsite/helper/lists_mergeby/example-005.yml +++ b/docs/docsite/helper/lists_mergeby/example-005.yml @@ -8,7 +8,7 @@ dir: example-005_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug | d(false) | bool - template: src: list3.out.j2 dest: example-005.out diff --git a/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml index 3480bf6581..f0d7751f22 100644 --- a/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml @@ -2,8 +2,7 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ [list1, list2]| +list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='append') }}" diff --git a/docs/docsite/helper/lists_mergeby/example-006.yml b/docs/docsite/helper/lists_mergeby/example-006.yml index 41fc88e496..1be3becbc0 100644 --- a/docs/docsite/helper/lists_mergeby/example-006.yml +++ b/docs/docsite/helper/lists_mergeby/example-006.yml @@ -8,7 +8,7 @@ dir: example-006_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug | d(false) | bool - template: src: list3.out.j2 dest: example-006.out diff --git a/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml index 97513b5593..f555c8dcb2 100644 --- a/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml @@ -2,8 +2,7 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ [list1, list2]| +list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='prepend') }}" diff --git a/docs/docsite/helper/lists_mergeby/example-007.yml b/docs/docsite/helper/lists_mergeby/example-007.yml index 3de7158447..8a596ea68e 100644 --- a/docs/docsite/helper/lists_mergeby/example-007.yml +++ b/docs/docsite/helper/lists_mergeby/example-007.yml @@ -8,7 +8,7 @@ dir: example-007_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug|d(false) | bool - template: src: list3.out.j2 dest: example-007.out diff --git a/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml index cb51653b49..d8ad16cf4d 100644 --- a/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml @@ -2,8 +2,7 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ [list1, list2]| +list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='append_rp') }}" diff --git a/docs/docsite/helper/lists_mergeby/example-008.yml b/docs/docsite/helper/lists_mergeby/example-008.yml index e33828bf9a..6d5c03bc6d 100644 --- a/docs/docsite/helper/lists_mergeby/example-008.yml +++ b/docs/docsite/helper/lists_mergeby/example-008.yml @@ -8,7 +8,7 @@ dir: example-008_vars - debug: var: list3 - when: debug|d(false)|bool + when: debug | d(false) | bool - template: src: list3.out.j2 dest: example-008.out diff --git a/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml index af7001fc4a..b2051376ea 100644 --- a/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml +++ b/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml @@ -2,8 +2,7 @@ # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - -list3: "{{ [list1, list2]| +list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='prepend_rp') }}" diff --git a/docs/docsite/helper/lists_mergeby/example-009.yml b/docs/docsite/helper/lists_mergeby/example-009.yml new file mode 100644 index 0000000000..beef5d356c --- /dev/null +++ b/docs/docsite/helper/lists_mergeby/example-009.yml @@ -0,0 +1,14 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: 9. Merge single list by common attribute 'name' + include_vars: + dir: example-009_vars +- debug: + var: list3 + when: debug | d(false) | bool +- template: + src: list3.out.j2 + dest: example-009.out diff --git a/docs/docsite/helper/lists_mergeby/example-009_vars/default-common.yml b/docs/docsite/helper/lists_mergeby/example-009_vars/default-common.yml new file mode 120000 index 0000000000..7ea8984a8d --- /dev/null +++ b/docs/docsite/helper/lists_mergeby/example-009_vars/default-common.yml @@ -0,0 +1 @@ +../default-common.yml \ No newline at end of file diff --git a/docs/docsite/helper/lists_mergeby/example-009_vars/list3.yml b/docs/docsite/helper/lists_mergeby/example-009_vars/list3.yml new file mode 100644 index 0000000000..1708e3bafa --- /dev/null +++ b/docs/docsite/helper/lists_mergeby/example-009_vars/list3.yml @@ -0,0 +1,6 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later +list3: "{{ [list1 + list2, []] | + community.general.lists_mergeby('name') }}" diff --git a/docs/docsite/helper/lists_mergeby/examples.yml b/docs/docsite/helper/lists_mergeby/examples.yml index 83b985084e..34ad2d1558 100644 --- a/docs/docsite/helper/lists_mergeby/examples.yml +++ b/docs/docsite/helper/lists_mergeby/examples.yml @@ -4,51 +4,75 @@ # SPDX-License-Identifier: GPL-3.0-or-later examples: - - label: 'In the example below the lists are merged by the attribute ``name``:' + - title: Two lists + description: 'In the example below the lists are merged by the attribute ``name``:' file: example-001_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces:' + - title: + description: 'This produces:' file: example-001.out lang: 'yaml' - - label: 'It is possible to use a list of lists as an input of the filter:' + - title: List of two lists + description: 'It is possible to use a list of lists as an input of the filter:' file: example-002_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces the same result as in the previous example:' + - title: + description: 'This produces the same result as in the previous example:' file: example-002.out lang: 'yaml' - - label: 'Example ``list_merge=replace`` (default):' + - title: Single list + description: 'It is possible to merge single list:' + file: example-009_vars/list3.yml + lang: 'yaml+jinja' + - title: + description: 'This produces the same result as in the previous example:' + file: example-009.out + lang: 'yaml' + - title: list_merge=replace (default) + description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=replace` (default):' file: example-003_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces:' + - title: + description: 'This produces:' file: example-003.out lang: 'yaml' - - label: 'Example ``list_merge=keep``:' + - title: list_merge=keep + description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=keep`:' file: example-004_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces:' + - title: + description: 'This produces:' file: example-004.out lang: 'yaml' - - label: 'Example ``list_merge=append``:' + - title: list_merge=append + description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append`:' file: example-005_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces:' + - title: + description: 'This produces:' file: example-005.out lang: 'yaml' - - label: 'Example ``list_merge=prepend``:' + - title: list_merge=prepend + description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend`:' file: example-006_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces:' + - title: + description: 'This produces:' file: example-006.out lang: 'yaml' - - label: 'Example ``list_merge=append_rp``:' + - title: list_merge=append_rp + description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append_rp`:' file: example-007_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces:' + - title: + description: 'This produces:' file: example-007.out lang: 'yaml' - - label: 'Example ``list_merge=prepend_rp``:' + - title: list_merge=prepend_rp + description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend_rp`:' file: example-008_vars/list3.yml lang: 'yaml+jinja' - - label: 'This produces:' + - title: + description: 'This produces:' file: example-008.out lang: 'yaml' diff --git a/docs/docsite/helper/lists_mergeby/examples_all.rst.j2 b/docs/docsite/helper/lists_mergeby/examples_all.rst.j2 index 95a0fafddc..88098683b9 100644 --- a/docs/docsite/helper/lists_mergeby/examples_all.rst.j2 +++ b/docs/docsite/helper/lists_mergeby/examples_all.rst.j2 @@ -4,10 +4,10 @@ SPDX-License-Identifier: GPL-3.0-or-later {% for i in examples %} -{{ i.label }} +{{ i.description }} .. code-block:: {{ i.lang }} - {{ lookup('file', i.file)|indent(2) }} + {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }} {% endfor %} diff --git a/docs/docsite/helper/lists_mergeby/extra-vars.yml b/docs/docsite/helper/lists_mergeby/extra-vars.yml new file mode 100644 index 0000000000..0482c7ff29 --- /dev/null +++ b/docs/docsite/helper/lists_mergeby/extra-vars.yml @@ -0,0 +1,7 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later +examples_one: true +examples_all: true +merging_lists_of_dictionaries: true diff --git a/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2 b/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2 index 71d0d5da6c..ad74161dcd 100644 --- a/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2 +++ b/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2 @@ -6,57 +6,69 @@ Merging lists of dictionaries ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the ``lists_mergeby`` filter. +If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby ` filter. -.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin `. +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See the documentation for the :ansplugin:`community.general.yaml callback plugin `. Let us use the lists below in the following examples: .. code-block:: yaml - {{ lookup('file', 'default-common.yml')|indent(2) }} + {{ lookup('file', 'default-common.yml') | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }} {% for i in examples[0:2] %} -{{ i.label }} +{% if i.title | d('', true) | length > 0 %} +{{ i.title }} +{{ "%s" % ('"' * i.title|length) }} +{% endif %} +{{ i.description }} .. code-block:: {{ i.lang }} - {{ lookup('file', i.file)|indent(2) }} + {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }} {% endfor %} .. versionadded:: 2.0.0 -{% for i in examples[2:4] %} -{{ i.label }} +{% for i in examples[2:6] %} +{% if i.title | d('', true) | length > 0 %} +{{ i.title }} +{{ "%s" % ('"' * i.title|length) }} +{% endif %} +{{ i.description }} .. code-block:: {{ i.lang }} - {{ lookup('file', i.file)|indent(2) }} + {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }} {% endfor %} -The filter also accepts two optional parameters: ``recursive`` and ``list_merge``. These parameters are only supported when used with ansible-base 2.10 or ansible-core, but not with Ansible 2.9. This is available since community.general 4.4.0. +The filter also accepts two optional parameters: :ansopt:`community.general.lists_mergeby#filter:recursive` and :ansopt:`community.general.lists_mergeby#filter:list_merge`. This is available since community.general 4.4.0. **recursive** - Is a boolean, default to ``False``. Should the ``community.general.lists_mergeby`` recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``. + Is a boolean, default to ``false``. Should the :ansplugin:`community.general.lists_mergeby#filter` filter recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``. **list_merge** - Is a string, its possible values are ``replace`` (default), ``keep``, ``append``, ``prepend``, ``append_rp`` or ``prepend_rp``. It modifies the behaviour of ``community.general.lists_mergeby`` when the hashes to merge contain arrays/lists. + Is a string, its possible values are :ansval:`replace` (default), :ansval:`keep`, :ansval:`append`, :ansval:`prepend`, :ansval:`append_rp` or :ansval:`prepend_rp`. It modifies the behaviour of :ansplugin:`community.general.lists_mergeby#filter` when the hashes to merge contain arrays/lists. -The examples below set ``recursive=true`` and display the differences among all six options of ``list_merge``. Functionality of the parameters is exactly the same as in the filter ``combine``. See :ref:`Combining hashes/dictionaries ` to learn details about these options. +The examples below set :ansopt:`community.general.lists_mergeby#filter:recursive=true` and display the differences among all six options of :ansopt:`community.general.lists_mergeby#filter:list_merge`. Functionality of the parameters is exactly the same as in the filter :ansplugin:`ansible.builtin.combine#filter`. See :ref:`Combining hashes/dictionaries ` to learn details about these options. Let us use the lists below in the following examples .. code-block:: yaml - {{ lookup('file', 'default-recursive-true.yml')|indent(2) }} + {{ lookup('file', 'default-recursive-true.yml') | split('\n') | reject('match', '^(#|---)') | join ('\n') |indent(2) }} -{% for i in examples[4:16] %} -{{ i.label }} +{% for i in examples[6:] %} +{% if i.title | d('', true) | length > 0 %} +{{ i.title }} +{{ "%s" % ('"' * i.title|length) }} +{% endif %} +{{ i.description }} .. code-block:: {{ i.lang }} - {{ lookup('file', i.file)|indent(2) }} + {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') |indent(2) }} {% endfor %} diff --git a/docs/docsite/helper/lists_mergeby/list3.out.j2 b/docs/docsite/helper/lists_mergeby/list3.out.j2 index b51f6b8681..a30a5c4ab0 100644 --- a/docs/docsite/helper/lists_mergeby/list3.out.j2 +++ b/docs/docsite/helper/lists_mergeby/list3.out.j2 @@ -4,4 +4,4 @@ GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://w SPDX-License-Identifier: GPL-3.0-or-later #} list3: -{{ list3|to_nice_yaml(indent=0) }} + {{ list3 | to_yaml(indent=2, sort_keys=false) | indent(2) }} diff --git a/docs/docsite/helper/lists_mergeby/playbook.yml b/docs/docsite/helper/lists_mergeby/playbook.yml index 793d233485..ab389fa129 100644 --- a/docs/docsite/helper/lists_mergeby/playbook.yml +++ b/docs/docsite/helper/lists_mergeby/playbook.yml @@ -5,7 +5,7 @@ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # 1) Run all examples and create example-XXX.out -# shell> ansible-playbook playbook.yml -e examples=true +# shell> ansible-playbook playbook.yml -e examples_one=true # # 2) Optionally, for testing, create examples_all.rst # shell> ansible-playbook playbook.yml -e examples_all=true @@ -45,18 +45,20 @@ tags: t007 - import_tasks: example-008.yml tags: t008 - when: examples|d(false)|bool + - import_tasks: example-009.yml + tags: t009 + when: examples_one | d(false) | bool - block: - include_vars: examples.yml - template: src: examples_all.rst.j2 dest: examples_all.rst - when: examples_all|d(false)|bool + when: examples_all | d(false) | bool - block: - include_vars: examples.yml - template: src: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2 dest: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst - when: merging_lists_of_dictionaries|d(false)|bool + when: merging_lists_of_dictionaries | d(false) | bool diff --git a/docs/docsite/helper/remove_keys/README.md b/docs/docsite/helper/remove_keys/README.md new file mode 100644 index 0000000000..69a4076ef9 --- /dev/null +++ b/docs/docsite/helper/remove_keys/README.md @@ -0,0 +1,61 @@ + + +# Docs helper. Create RST file. + +The playbook `playbook.yml` writes a RST file that can be used in +docs/docsite/rst. The usage of this helper is recommended but not +mandatory. You can stop reading here and update the RST file manually +if you don't want to use this helper. + +## Run the playbook + +If you want to generate the RST file by this helper fit the variables +in the playbook and the template to your needs. Then, run the play + +```sh +shell> ansible-playbook playbook.yml +``` + +## Copy RST to docs/docsite/rst + +Copy the RST file to `docs/docsite/rst` and remove it from this +directory. + +## Update the checksums + +Substitute the variables and run the below commands + +```sh +shell> sha1sum {{ target_vars }} > {{ target_sha1 }} +shell> sha1sum {{ file_rst }} > {{ file_sha1 }} +``` + +## Playbook explained + +The playbook includes the variable *tests* from the integration tests +and creates the RST file from the template. The playbook will +terminate if: + +* The file with the variable *tests* was changed +* The RST file was changed + +This means that this helper is probably not up to date. + +### The file with the variable *tests* was changed + +This means that somebody updated the integration tests. Review the +changes and update the template if needed. Update the checksum to pass +the integrity test. The playbook message provides you with the +command. + +### The RST file was changed + +This means that somebody updated the RST file manually. Review the +changes and update the template. Update the checksum to pass the +integrity test. The playbook message provides you with the +command. Make sure that the updated template will create identical RST +file. Only then apply your changes. diff --git a/docs/docsite/helper/remove_keys/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst.j2 b/docs/docsite/helper/remove_keys/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst.j2 new file mode 100644 index 0000000000..62b25c344c --- /dev/null +++ b/docs/docsite/helper/remove_keys/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst.j2 @@ -0,0 +1,80 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +remove_keys +""""""""""" + +Use the filter :ansplugin:`community.general.remove_keys#filter` if you have a list of dictionaries and want to remove certain keys. + +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See See :ansplugin:`the documentation for the community.general.yaml callback plugin `. + + +Let us use the below list in the following examples: + +.. code-block:: yaml + + input: + {{ tests.0.input | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[0:1]|subelements('group') %} +* {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1 + + target: {{ i.1.tt }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.0.result | to_yaml(indent=2) | indent(5) }} + +.. versionadded:: 9.1.0 + +* The results of the below examples 1-5 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.1.result | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[1:2]|subelements('group') %} +{{ loop.index }}. {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: {{ i.1.mp }} + target: {{ i.1.tt }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} + +* The results of the below examples 6-9 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.2.result | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[2:3]|subelements('group') %} +{{ loop.index + 5 }}. {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: {{ i.1.mp }} + target: {{ i.1.tt }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} diff --git a/docs/docsite/helper/remove_keys/playbook.yml b/docs/docsite/helper/remove_keys/playbook.yml new file mode 100644 index 0000000000..a2243d992e --- /dev/null +++ b/docs/docsite/helper/remove_keys/playbook.yml @@ -0,0 +1,79 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Create docs REST files +# shell> ansible-playbook playbook.yml +# +# Proofread and copy created *.rst file into the directory +# docs/docsite/rst. Do not add *.rst in this directory to the version +# control. +# +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# community.general/docs/docsite/helper/remove_keys/playbook.yml + +- name: Create RST file for docs/docsite/rst + hosts: localhost + gather_facts: false + + vars: + + plugin: remove_keys + plugin_type: filter + docs_path: + - filter_guide + - abstract_informations + - lists_of_dictionaries + + file_base: "{{ (docs_path + [plugin]) | join('-') }}" + file_rst: ../../rst/{{ file_base }}.rst + file_sha1: "{{ plugin }}.rst.sha1" + + target: "../../../../tests/integration/targets/{{ plugin_type }}_{{ plugin }}" + target_vars: "{{ target }}/vars/main/tests.yml" + target_sha1: tests.yml.sha1 + + tasks: + + - name: Test integrity tests.yml + when: + - integrity | d(true) | bool + - lookup('file', target_sha1) != lookup('pipe', 'sha1sum ' ~ target_vars) + block: + + - name: Changed tests.yml + ansible.builtin.debug: + msg: | + Changed {{ target_vars }} + Review the changes and update {{ target_sha1 }} + shell> sha1sum {{ target_vars }} > {{ target_sha1 }} + + - name: Changed tests.yml end host + ansible.builtin.meta: end_play + + - name: Test integrity RST file + when: + - integrity | d(true) | bool + - lookup('file', file_sha1) != lookup('pipe', 'sha1sum ' ~ file_rst) + block: + + - name: Changed RST file + ansible.builtin.debug: + msg: | + Changed {{ file_rst }} + Review the changes and update {{ file_sha1 }} + shell> sha1sum {{ file_rst }} > {{ file_sha1 }} + + - name: Changed RST file end host + ansible.builtin.meta: end_play + + - name: Include target vars + include_vars: + file: "{{ target_vars }}" + + - name: Create RST file + ansible.builtin.template: + src: "{{ file_base }}.rst.j2" + dest: "{{ file_base }}.rst" diff --git a/docs/docsite/helper/remove_keys/remove_keys.rst.sha1 b/docs/docsite/helper/remove_keys/remove_keys.rst.sha1 new file mode 100644 index 0000000000..a1c9e18210 --- /dev/null +++ b/docs/docsite/helper/remove_keys/remove_keys.rst.sha1 @@ -0,0 +1 @@ +3cc606b42e3d450cf6323f25930f7c5a591fa086 ../../rst/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst diff --git a/docs/docsite/helper/remove_keys/remove_keys.rst.sha1.license b/docs/docsite/helper/remove_keys/remove_keys.rst.sha1.license new file mode 100644 index 0000000000..a1390a69ed --- /dev/null +++ b/docs/docsite/helper/remove_keys/remove_keys.rst.sha1.license @@ -0,0 +1,3 @@ +Copyright (c) Ansible Project +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later diff --git a/docs/docsite/helper/remove_keys/tests.yml.sha1 b/docs/docsite/helper/remove_keys/tests.yml.sha1 new file mode 100644 index 0000000000..107a64d73c --- /dev/null +++ b/docs/docsite/helper/remove_keys/tests.yml.sha1 @@ -0,0 +1 @@ +0554335045f02d8c37b824355b0cf86864cee9a5 ../../../../tests/integration/targets/filter_remove_keys/vars/main/tests.yml diff --git a/docs/docsite/helper/remove_keys/tests.yml.sha1.license b/docs/docsite/helper/remove_keys/tests.yml.sha1.license new file mode 100644 index 0000000000..a1390a69ed --- /dev/null +++ b/docs/docsite/helper/remove_keys/tests.yml.sha1.license @@ -0,0 +1,3 @@ +Copyright (c) Ansible Project +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later diff --git a/docs/docsite/helper/replace_keys/README.md b/docs/docsite/helper/replace_keys/README.md new file mode 100644 index 0000000000..69a4076ef9 --- /dev/null +++ b/docs/docsite/helper/replace_keys/README.md @@ -0,0 +1,61 @@ + + +# Docs helper. Create RST file. + +The playbook `playbook.yml` writes a RST file that can be used in +docs/docsite/rst. The usage of this helper is recommended but not +mandatory. You can stop reading here and update the RST file manually +if you don't want to use this helper. + +## Run the playbook + +If you want to generate the RST file by this helper fit the variables +in the playbook and the template to your needs. Then, run the play + +```sh +shell> ansible-playbook playbook.yml +``` + +## Copy RST to docs/docsite/rst + +Copy the RST file to `docs/docsite/rst` and remove it from this +directory. + +## Update the checksums + +Substitute the variables and run the below commands + +```sh +shell> sha1sum {{ target_vars }} > {{ target_sha1 }} +shell> sha1sum {{ file_rst }} > {{ file_sha1 }} +``` + +## Playbook explained + +The playbook includes the variable *tests* from the integration tests +and creates the RST file from the template. The playbook will +terminate if: + +* The file with the variable *tests* was changed +* The RST file was changed + +This means that this helper is probably not up to date. + +### The file with the variable *tests* was changed + +This means that somebody updated the integration tests. Review the +changes and update the template if needed. Update the checksum to pass +the integrity test. The playbook message provides you with the +command. + +### The RST file was changed + +This means that somebody updated the RST file manually. Review the +changes and update the template. Update the checksum to pass the +integrity test. The playbook message provides you with the +command. Make sure that the updated template will create identical RST +file. Only then apply your changes. diff --git a/docs/docsite/helper/replace_keys/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst.j2 b/docs/docsite/helper/replace_keys/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst.j2 new file mode 100644 index 0000000000..fb0af32f2f --- /dev/null +++ b/docs/docsite/helper/replace_keys/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst.j2 @@ -0,0 +1,110 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +replace_keys +"""""""""""" + +Use the filter :ansplugin:`community.general.replace_keys#filter` if you have a list of dictionaries and want to replace certain keys. + +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ansplugin:`the documentation for the community.general.yaml callback plugin `. + + +Let us use the below list in the following examples: + +.. code-block:: yaml + + input: + {{ tests.0.input | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[0:1]|subelements('group') %} +* {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1-3 + + target: + {{ i.1.tt | to_yaml(indent=2) | indent(5) }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.0.result | to_yaml(indent=2) | indent(5) }} + +.. versionadded:: 9.1.0 + +* The results of the below examples 1-3 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.1.result | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[1:2]|subelements('group') %} +{{ loop.index }}. {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1-4 + + mp: {{ i.1.mp }} + target: + {{ i.1.tt | to_yaml(indent=2) | indent(5) }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} + +* The results of the below examples 4-5 are the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ tests.2.result | to_yaml(indent=2) | indent(5) }} + +{% for i in tests[2:3]|subelements('group') %} +{{ loop.index + 3 }}. {{ i.1.d }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1-3 + + mp: {{ i.1.mp }} + target: + {{ i.1.tt | to_yaml(indent=2) | indent(5) }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +{% endfor %} + +{% for i in tests[3:4]|subelements('group') %} +{{ loop.index + 5 }}. {{ i.1.d }} + +.. code-block:: yaml + :emphasize-lines: 1- + + input: + {{ i.0.input | to_yaml(indent=2) | indent(5) }} + +.. code-block:: yaml+jinja + :emphasize-lines: 1-4 + + mp: {{ i.1.mp }} + target: + {{ i.1.tt | to_yaml(indent=2) | indent(5) }} + result: "{{ lookup('file', target ~ '/templates/' ~ i.0.template) }}" + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + {{ i.0.result | to_yaml(indent=2) | indent(5) }} + +{% endfor %} diff --git a/docs/docsite/helper/replace_keys/playbook.yml b/docs/docsite/helper/replace_keys/playbook.yml new file mode 100644 index 0000000000..3619000144 --- /dev/null +++ b/docs/docsite/helper/replace_keys/playbook.yml @@ -0,0 +1,79 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Create docs REST files +# shell> ansible-playbook playbook.yml +# +# Proofread and copy created *.rst file into the directory +# docs/docsite/rst. Do not add *.rst in this directory to the version +# control. +# +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# community.general/docs/docsite/helper/replace_keys/playbook.yml + +- name: Create RST file for docs/docsite/rst + hosts: localhost + gather_facts: false + + vars: + + plugin: replace_keys + plugin_type: filter + docs_path: + - filter_guide + - abstract_informations + - lists_of_dictionaries + + file_base: "{{ (docs_path + [plugin]) | join('-') }}" + file_rst: ../../rst/{{ file_base }}.rst + file_sha1: "{{ plugin }}.rst.sha1" + + target: "../../../../tests/integration/targets/{{ plugin_type }}_{{ plugin }}" + target_vars: "{{ target }}/vars/main/tests.yml" + target_sha1: tests.yml.sha1 + + tasks: + + - name: Test integrity tests.yml + when: + - integrity | d(true) | bool + - lookup('file', target_sha1) != lookup('pipe', 'sha1sum ' ~ target_vars) + block: + + - name: Changed tests.yml + ansible.builtin.debug: + msg: | + Changed {{ target_vars }} + Review the changes and update {{ target_sha1 }} + shell> sha1sum {{ target_vars }} > {{ target_sha1 }} + + - name: Changed tests.yml end host + ansible.builtin.meta: end_play + + - name: Test integrity RST file + when: + - integrity | d(true) | bool + - lookup('file', file_sha1) != lookup('pipe', 'sha1sum ' ~ file_rst) + block: + + - name: Changed RST file + ansible.builtin.debug: + msg: | + Changed {{ file_rst }} + Review the changes and update {{ file_sha1 }} + shell> sha1sum {{ file_rst }} > {{ file_sha1 }} + + - name: Changed RST file end host + ansible.builtin.meta: end_play + + - name: Include target vars + include_vars: + file: "{{ target_vars }}" + + - name: Create RST file + ansible.builtin.template: + src: "{{ file_base }}.rst.j2" + dest: "{{ file_base }}.rst" diff --git a/docs/docsite/helper/replace_keys/replace_keys.rst.sha1 b/docs/docsite/helper/replace_keys/replace_keys.rst.sha1 new file mode 100644 index 0000000000..2ae692f3cc --- /dev/null +++ b/docs/docsite/helper/replace_keys/replace_keys.rst.sha1 @@ -0,0 +1 @@ +403f23c02ac02b1c3b611cb14f9b3ba59dc3f587 ../../rst/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst diff --git a/docs/docsite/helper/replace_keys/replace_keys.rst.sha1.license b/docs/docsite/helper/replace_keys/replace_keys.rst.sha1.license new file mode 100644 index 0000000000..a1390a69ed --- /dev/null +++ b/docs/docsite/helper/replace_keys/replace_keys.rst.sha1.license @@ -0,0 +1,3 @@ +Copyright (c) Ansible Project +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later diff --git a/docs/docsite/helper/replace_keys/tests.yml.sha1 b/docs/docsite/helper/replace_keys/tests.yml.sha1 new file mode 100644 index 0000000000..53944ddf74 --- /dev/null +++ b/docs/docsite/helper/replace_keys/tests.yml.sha1 @@ -0,0 +1 @@ +2e54f3528c95cca746d5748f1ed7ada56ad0890e ../../../../tests/integration/targets/filter_replace_keys/vars/main/tests.yml diff --git a/docs/docsite/helper/replace_keys/tests.yml.sha1.license b/docs/docsite/helper/replace_keys/tests.yml.sha1.license new file mode 100644 index 0000000000..a1390a69ed --- /dev/null +++ b/docs/docsite/helper/replace_keys/tests.yml.sha1.license @@ -0,0 +1,3 @@ +Copyright (c) Ansible Project +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later diff --git a/docs/docsite/links.yml b/docs/docsite/links.yml index bd954c4096..fe41d1d2fd 100644 --- a/docs/docsite/links.yml +++ b/docs/docsite/links.yml @@ -9,6 +9,8 @@ edit_on_github: path_prefix: '' extra_links: + - description: Ask for help + url: https://forum.ansible.com/c/help/6/none - description: Submit a bug report url: https://github.com/ansible-collections/community.general/issues/new?assignees=&labels=&template=bug_report.yml - description: Request a feature @@ -22,6 +24,10 @@ communication: - topic: General usage and support questions network: Libera channel: '#ansible' - mailing_lists: - - topic: Ansible Project List - url: https://groups.google.com/g/ansible-project + forums: + - topic: "Ansible Forum: General usage and support questions" + # The following URL directly points to the "Get Help" section + url: https://forum.ansible.com/c/help/6/none + - topic: "Ansible Forum: Discussions about the collection itself, not for specific modules or plugins" + # The following URL directly points to the "community-general" tag + url: https://forum.ansible.com/tag/community-general diff --git a/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst new file mode 100644 index 0000000000..488cb2ce7d --- /dev/null +++ b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-keep_keys.rst @@ -0,0 +1,151 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +keep_keys +""""""""" + +Use the filter :ansplugin:`community.general.keep_keys#filter` if you have a list of dictionaries and want to keep certain keys only. + +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ansplugin:`the documentation for the community.general.yaml callback plugin `. + + +Let us use the below list in the following examples: + +.. code-block:: yaml + + input: + - k0_x0: A0 + k1_x1: B0 + k2_x2: [C0] + k3_x3: foo + - k0_x0: A1 + k1_x1: B1 + k2_x2: [C1] + k3_x3: bar + + +* By default, match keys that equal any of the items in the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1 + + target: ['k0_x0', 'k1_x1'] + result: "{{ input | community.general.keep_keys(target=target) }}" + + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - {k0_x0: A0, k1_x1: B0} + - {k0_x0: A1, k1_x1: B1} + + +.. versionadded:: 9.1.0 + +* The results of the below examples 1-5 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - {k0_x0: A0, k1_x1: B0} + - {k0_x0: A1, k1_x1: B1} + + +1. Match keys that equal any of the items in the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: equal + target: ['k0_x0', 'k1_x1'] + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + +2. Match keys that start with any of the items in the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: starts_with + target: ['k0', 'k1'] + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + +3. Match keys that end with any of the items in target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: ends_with + target: ['x0', 'x1'] + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + +4. Match keys by the regex. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: regex + target: ['^.*[01]_x.*$'] + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + +5. Match keys by the regex. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: regex + target: ^.*[01]_x.*$ + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + + +* The results of the below examples 6-9 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - {k0_x0: A0} + - {k0_x0: A1} + + +6. Match keys that equal the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: equal + target: k0_x0 + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + +7. Match keys that start with the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: starts_with + target: k0 + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + +8. Match keys that end with the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: ends_with + target: x0 + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + +9. Match keys by the regex. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: regex + target: ^.*0_x.*$ + result: "{{ input | community.general.keep_keys(target=target, matching_parameter=mp) }}" + diff --git a/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst new file mode 100644 index 0000000000..03d4710f3a --- /dev/null +++ b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-remove_keys.rst @@ -0,0 +1,159 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +remove_keys +""""""""""" + +Use the filter :ansplugin:`community.general.remove_keys#filter` if you have a list of dictionaries and want to remove certain keys. + +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See See :ansplugin:`the documentation for the community.general.yaml callback plugin `. + + +Let us use the below list in the following examples: + +.. code-block:: yaml + + input: + - k0_x0: A0 + k1_x1: B0 + k2_x2: [C0] + k3_x3: foo + - k0_x0: A1 + k1_x1: B1 + k2_x2: [C1] + k3_x3: bar + + +* By default, match keys that equal any of the items in the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1 + + target: ['k0_x0', 'k1_x1'] + result: "{{ input | community.general.remove_keys(target=target) }}" + + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - k2_x2: [C0] + k3_x3: foo + - k2_x2: [C1] + k3_x3: bar + + +.. versionadded:: 9.1.0 + +* The results of the below examples 1-5 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - k2_x2: [C0] + k3_x3: foo + - k2_x2: [C1] + k3_x3: bar + + +1. Match keys that equal any of the items in the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: equal + target: ['k0_x0', 'k1_x1'] + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + +2. Match keys that start with any of the items in the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: starts_with + target: ['k0', 'k1'] + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + +3. Match keys that end with any of the items in target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: ends_with + target: ['x0', 'x1'] + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + +4. Match keys by the regex. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: regex + target: ['^.*[01]_x.*$'] + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + +5. Match keys by the regex. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: regex + target: ^.*[01]_x.*$ + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + + +* The results of the below examples 6-9 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - k1_x1: B0 + k2_x2: [C0] + k3_x3: foo + - k1_x1: B1 + k2_x2: [C1] + k3_x3: bar + + +6. Match keys that equal the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: equal + target: k0_x0 + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + +7. Match keys that start with the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: starts_with + target: k0 + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + +8. Match keys that end with the target. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: ends_with + target: x0 + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + +9. Match keys by the regex. + +.. code-block:: yaml+jinja + :emphasize-lines: 1,2 + + mp: regex + target: ^.*0_x.*$ + result: "{{ input | community.general.remove_keys(target=target, matching_parameter=mp) }}" + diff --git a/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst new file mode 100644 index 0000000000..ba1bcad502 --- /dev/null +++ b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries-replace_keys.rst @@ -0,0 +1,175 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +replace_keys +"""""""""""" + +Use the filter :ansplugin:`community.general.replace_keys#filter` if you have a list of dictionaries and want to replace certain keys. + +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ansplugin:`the documentation for the community.general.yaml callback plugin `. + + +Let us use the below list in the following examples: + +.. code-block:: yaml + + input: + - k0_x0: A0 + k1_x1: B0 + k2_x2: [C0] + k3_x3: foo + - k0_x0: A1 + k1_x1: B1 + k2_x2: [C1] + k3_x3: bar + + +* By default, match keys that equal any of the attributes before. + +.. code-block:: yaml+jinja + :emphasize-lines: 1-3 + + target: + - {after: a0, before: k0_x0} + - {after: a1, before: k1_x1} + + result: "{{ input | community.general.replace_keys(target=target) }}" + + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - a0: A0 + a1: B0 + k2_x2: [C0] + k3_x3: foo + - a0: A1 + a1: B1 + k2_x2: [C1] + k3_x3: bar + + +.. versionadded:: 9.1.0 + +* The results of the below examples 1-3 are all the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - a0: A0 + a1: B0 + k2_x2: [C0] + k3_x3: foo + - a0: A1 + a1: B1 + k2_x2: [C1] + k3_x3: bar + + +1. Replace keys that starts with any of the attributes before. + +.. code-block:: yaml+jinja + :emphasize-lines: 1-4 + + mp: starts_with + target: + - {after: a0, before: k0} + - {after: a1, before: k1} + + result: "{{ input | community.general.replace_keys(target=target, matching_parameter=mp) }}" + +2. Replace keys that ends with any of the attributes before. + +.. code-block:: yaml+jinja + :emphasize-lines: 1-4 + + mp: ends_with + target: + - {after: a0, before: x0} + - {after: a1, before: x1} + + result: "{{ input | community.general.replace_keys(target=target, matching_parameter=mp) }}" + +3. Replace keys that match any regex of the attributes before. + +.. code-block:: yaml+jinja + :emphasize-lines: 1-4 + + mp: regex + target: + - {after: a0, before: ^.*0_x.*$} + - {after: a1, before: ^.*1_x.*$} + + result: "{{ input | community.general.replace_keys(target=target, matching_parameter=mp) }}" + + +* The results of the below examples 4-5 are the same: + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - {X: foo} + - {X: bar} + + +4. If more keys match the same attribute before the last one will be used. + +.. code-block:: yaml+jinja + :emphasize-lines: 1-3 + + mp: regex + target: + - {after: X, before: ^.*_x.*$} + + result: "{{ input | community.general.replace_keys(target=target, matching_parameter=mp) }}" + +5. If there are items with equal attribute before the first one will be used. + +.. code-block:: yaml+jinja + :emphasize-lines: 1-3 + + mp: regex + target: + - {after: X, before: ^.*_x.*$} + - {after: Y, before: ^.*_x.*$} + + result: "{{ input | community.general.replace_keys(target=target, matching_parameter=mp) }}" + + +6. If there are more matches for a key the first one will be used. + +.. code-block:: yaml + :emphasize-lines: 1- + + input: + - {aaa1: A, bbb1: B, ccc1: C} + - {aaa2: D, bbb2: E, ccc2: F} + + +.. code-block:: yaml+jinja + :emphasize-lines: 1-4 + + mp: starts_with + target: + - {after: X, before: a} + - {after: Y, before: aa} + + result: "{{ input | community.general.replace_keys(target=target, matching_parameter=mp) }}" + +gives + +.. code-block:: yaml + :emphasize-lines: 1- + + result: + - {X: A, bbb1: B, ccc1: C} + - {X: D, bbb2: E, ccc2: F} + + diff --git a/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries.rst b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries.rst new file mode 100644 index 0000000000..42737c44b7 --- /dev/null +++ b/docs/docsite/rst/filter_guide-abstract_informations-lists_of_dictionaries.rst @@ -0,0 +1,18 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +.. _ansible_collections.community.general.docsite.filter_guide.filter_guide_abstract_informations.lists_of_dicts: + +Lists of dictionaries +^^^^^^^^^^^^^^^^^^^^^ + +Filters to manage keys in a list of dictionaries: + +.. toctree:: + :maxdepth: 1 + + filter_guide-abstract_informations-lists_of_dictionaries-keep_keys + filter_guide-abstract_informations-lists_of_dictionaries-remove_keys + filter_guide-abstract_informations-lists_of_dictionaries-replace_keys diff --git a/docs/docsite/rst/filter_guide_abstract_informations.rst b/docs/docsite/rst/filter_guide_abstract_informations.rst index cac85089a0..818c09f02c 100644 --- a/docs/docsite/rst/filter_guide_abstract_informations.rst +++ b/docs/docsite/rst/filter_guide_abstract_informations.rst @@ -11,6 +11,7 @@ Abstract transformations filter_guide_abstract_informations_dictionaries filter_guide_abstract_informations_grouping + filter_guide-abstract_informations-lists_of_dictionaries filter_guide_abstract_informations_merging_lists_of_dictionaries filter_guide_abstract_informations_lists_helper filter_guide_abstract_informations_counting_elements_in_sequence diff --git a/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst b/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst index 06fa79d16a..cafe04e5c4 100644 --- a/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst +++ b/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst @@ -6,33 +6,30 @@ Merging lists of dictionaries ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby filter `. +If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby ` filter. -.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin `. +.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See the documentation for the :ansplugin:`community.general.yaml callback plugin `. Let us use the lists below in the following examples: .. code-block:: yaml list1: - - name: foo - extra: true - - name: bar - extra: false - - name: meh - extra: true + - {name: foo, extra: true} + - {name: bar, extra: false} + - {name: meh, extra: true} list2: - - name: foo - path: /foo - - name: baz - path: /baz + - {name: foo, path: /foo} + - {name: baz, path: /baz} +Two lists +""""""""" In the example below the lists are merged by the attribute ``name``: .. code-block:: yaml+jinja - list3: "{{ list1| + list3: "{{ list1 | community.general.lists_mergeby(list2, 'name') }}" This produces: @@ -40,24 +37,21 @@ This produces: .. code-block:: yaml list3: - - extra: false - name: bar - - name: baz - path: /baz - - extra: true - name: foo - path: /foo - - extra: true - name: meh + - {name: bar, extra: false} + - {name: baz, path: /baz} + - {name: foo, extra: true, path: /foo} + - {name: meh, extra: true} .. versionadded:: 2.0.0 +List of two lists +""""""""""""""""" It is possible to use a list of lists as an input of the filter: .. code-block:: yaml+jinja - list3: "{{ [list1, list2]| + list3: "{{ [list1, list2] | community.general.lists_mergeby('name') }}" This produces the same result as in the previous example: @@ -65,15 +59,29 @@ This produces the same result as in the previous example: .. code-block:: yaml list3: - - extra: false - name: bar - - name: baz - path: /baz - - extra: true - name: foo - path: /foo - - extra: true - name: meh + - {name: bar, extra: false} + - {name: baz, path: /baz} + - {name: foo, extra: true, path: /foo} + - {name: meh, extra: true} + +Single list +""""""""""" +It is possible to merge single list: + +.. code-block:: yaml+jinja + + list3: "{{ [list1 + list2, []] | + community.general.lists_mergeby('name') }}" + +This produces the same result as in the previous example: + +.. code-block:: yaml + + list3: + - {name: bar, extra: false} + - {name: baz, path: /baz} + - {name: foo, extra: true, path: /foo} + - {name: meh, extra: true} The filter also accepts two optional parameters: :ansopt:`community.general.lists_mergeby#filter:recursive` and :ansopt:`community.general.lists_mergeby#filter:list_merge`. This is available since community.general 4.4.0. @@ -95,8 +103,7 @@ Let us use the lists below in the following examples param01: x: default_value y: default_value - list: - - default_value + list: [default_value] - name: myname02 param01: [1, 1, 2, 3] @@ -105,16 +112,17 @@ Let us use the lists below in the following examples param01: y: patch_value z: patch_value - list: - - patch_value + list: [patch_value] - name: myname02 - param01: [3, 4, 4, {key: value}] + param01: [3, 4, 4] +list_merge=replace (default) +"""""""""""""""""""""""""""" Example :ansopt:`community.general.lists_mergeby#filter:list_merge=replace` (default): .. code-block:: yaml+jinja - list3: "{{ [list1, list2]| + list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true) }}" @@ -123,25 +131,22 @@ This produces: .. code-block:: yaml list3: - - name: myname01 - param01: - list: - - patch_value - x: default_value - y: patch_value - z: patch_value - - name: myname02 - param01: - - 3 - - 4 - - 4 - - key: value + - name: myname01 + param01: + x: default_value + y: patch_value + list: [patch_value] + z: patch_value + - name: myname02 + param01: [3, 4, 4] +list_merge=keep +""""""""""""""" Example :ansopt:`community.general.lists_mergeby#filter:list_merge=keep`: .. code-block:: yaml+jinja - list3: "{{ [list1, list2]| + list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='keep') }}" @@ -151,25 +156,22 @@ This produces: .. code-block:: yaml list3: - - name: myname01 - param01: - list: - - default_value - x: default_value - y: patch_value - z: patch_value - - name: myname02 - param01: - - 1 - - 1 - - 2 - - 3 + - name: myname01 + param01: + x: default_value + y: patch_value + list: [default_value] + z: patch_value + - name: myname02 + param01: [1, 1, 2, 3] +list_merge=append +""""""""""""""""" Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append`: .. code-block:: yaml+jinja - list3: "{{ [list1, list2]| + list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='append') }}" @@ -179,30 +181,22 @@ This produces: .. code-block:: yaml list3: - - name: myname01 - param01: - list: - - default_value - - patch_value - x: default_value - y: patch_value - z: patch_value - - name: myname02 - param01: - - 1 - - 1 - - 2 - - 3 - - 3 - - 4 - - 4 - - key: value + - name: myname01 + param01: + x: default_value + y: patch_value + list: [default_value, patch_value] + z: patch_value + - name: myname02 + param01: [1, 1, 2, 3, 3, 4, 4] +list_merge=prepend +"""""""""""""""""" Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend`: .. code-block:: yaml+jinja - list3: "{{ [list1, list2]| + list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='prepend') }}" @@ -212,30 +206,22 @@ This produces: .. code-block:: yaml list3: - - name: myname01 - param01: - list: - - patch_value - - default_value - x: default_value - y: patch_value - z: patch_value - - name: myname02 - param01: - - 3 - - 4 - - 4 - - key: value - - 1 - - 1 - - 2 - - 3 + - name: myname01 + param01: + x: default_value + y: patch_value + list: [patch_value, default_value] + z: patch_value + - name: myname02 + param01: [3, 4, 4, 1, 1, 2, 3] +list_merge=append_rp +"""""""""""""""""""" Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append_rp`: .. code-block:: yaml+jinja - list3: "{{ [list1, list2]| + list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='append_rp') }}" @@ -245,29 +231,22 @@ This produces: .. code-block:: yaml list3: - - name: myname01 - param01: - list: - - default_value - - patch_value - x: default_value - y: patch_value - z: patch_value - - name: myname02 - param01: - - 1 - - 1 - - 2 - - 3 - - 4 - - 4 - - key: value + - name: myname01 + param01: + x: default_value + y: patch_value + list: [default_value, patch_value] + z: patch_value + - name: myname02 + param01: [1, 1, 2, 3, 4, 4] +list_merge=prepend_rp +""""""""""""""""""""" Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend_rp`: .. code-block:: yaml+jinja - list3: "{{ [list1, list2]| + list3: "{{ [list1, list2] | community.general.lists_mergeby('name', recursive=true, list_merge='prepend_rp') }}" @@ -277,21 +256,12 @@ This produces: .. code-block:: yaml list3: - - name: myname01 - param01: - list: - - patch_value - - default_value - x: default_value - y: patch_value - z: patch_value - - name: myname02 - param01: - - 3 - - 4 - - 4 - - key: value - - 1 - - 1 - - 2 + - name: myname01 + param01: + x: default_value + y: patch_value + list: [patch_value, default_value] + z: patch_value + - name: myname02 + param01: [3, 4, 4, 1, 1, 2] diff --git a/docs/docsite/rst/guide_cmdrunner.rst b/docs/docsite/rst/guide_cmdrunner.rst new file mode 100644 index 0000000000..f7b70a86e1 --- /dev/null +++ b/docs/docsite/rst/guide_cmdrunner.rst @@ -0,0 +1,499 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +.. _ansible_collections.community.general.docsite.guide_cmdrunner: + + +Command Runner guide +==================== + + +Introduction +^^^^^^^^^^^^ + +The ``ansible_collections.community.general.plugins.module_utils.cmd_runner`` module util provides the +``CmdRunner`` class to help execute external commands. The class is a wrapper around +the standard ``AnsibleModule.run_command()`` method, handling command arguments, localization setting, +output processing output, check mode, and other features. + +It is even more useful when one command is used in multiple modules, so that you can define all options +in a module util file, and each module uses the same runner with different arguments. + +For the sake of clarity, throughout this guide, unless otherwise specified, we use the term *option* when referring to +Ansible module options, and the term *argument* when referring to the command line arguments for the external command. + + +Quickstart +"""""""""" + +``CmdRunner`` defines a command and a set of coded instructions on how to format +the command-line arguments, in which specific order, for a particular execution. +It relies on ``ansible.module_utils.basic.AnsibleModule.run_command()`` to actually execute the command. +There are other features, see more details throughout this document. + +To use ``CmdRunner`` you must start by creating an object. The example below is a simplified +version of the actual code in :ansplugin:`community.general.ansible_galaxy_install#module`: + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt + + runner = CmdRunner( + module, + command="ansible-galaxy", + arg_formats=dict( + type=cmd_runner_fmt.as_func(lambda v: [] if v == 'both' else [v]), + galaxy_cmd=cmd_runner_fmt.as_list(), + upgrade=cmd_runner_fmt.as_bool("--upgrade"), + requirements_file=cmd_runner_fmt.as_opt_val('-r'), + dest=cmd_runner_fmt.as_opt_val('-p'), + force=cmd_runner_fmt.as_bool("--force"), + no_deps=cmd_runner_fmt.as_bool("--no-deps"), + version=cmd_runner_fmt.as_fixed("--version"), + name=cmd_runner_fmt.as_list(), + ) + ) + +This is meant to be done once, then every time you need to execute the command you create a context and pass values as needed: + +.. code-block:: python + + # Run the command with these arguments, when values exist for them + with runner("type galaxy_cmd upgrade force no_deps dest requirements_file name", output_process=process) as ctx: + ctx.run(galaxy_cmd="install", upgrade=upgrade) + + # version is fixed, requires no value + with runner("version") as ctx: + dummy, stdout, dummy = ctx.run() + + # passes arg 'data' to AnsibleModule.run_command() + with runner("type name", data=stdin_data) as ctx: + dummy, stdout, dummy = ctx.run() + + # Another way of expressing it + dummy, stdout, dummy = runner("version").run() + +Note that you can pass values for the arguments when calling ``run()``, otherwise ``CmdRunner`` +uses the module options with the exact same names to provide values for the runner arguments. +If no value is passed and no module option is found for the name specified, then an exception is raised, unless +the argument is using ``cmd_runner_fmt.as_fixed`` as format function like the ``version`` in the example above. +See more about it below. + +In the first example, values of ``type``, ``force``, ``no_deps`` and others +are taken straight from the module, whilst ``galaxy_cmd`` and ``upgrade`` are +passed explicitly. + +.. note:: + + It is not possible to automatically retrieve values of suboptions. + +That generates a resulting command line similar to (example taken from the +output of an integration test): + +.. code-block:: python + + [ + "/bin/ansible-galaxy", + "collection", + "install", + "--upgrade", + "-p", + "", + "netbox.netbox", + ] + + +Argument formats +^^^^^^^^^^^^^^^^ + +As seen in the example, ``CmdRunner`` expects a parameter named ``arg_formats`` +defining how to format each CLI named argument. +An "argument format" is nothing but a function to transform the value of a variable +into something formatted for the command line. + + +Argument format function +"""""""""""""""""""""""" + +An ``arg_format`` function is defined in the form similar to: + +.. code-block:: python + + def func(value): + return ["--some-param-name", value] + +The parameter ``value`` can be of any type - although there are convenience +mechanisms to help handling sequence and mapping objects. + +The result is expected to be of the type ``Sequence[str]`` type (most commonly +``list[str]`` or ``tuple[str]``), otherwise it is considered to be a ``str``, +and it is coerced into ``list[str]``. +This resulting sequence of strings is added to the command line when that +argument is actually used. + +For example, if ``func`` returns: + +- ``["nee", 2, "shruberries"]``, the command line adds arguments ``"nee" "2" "shruberries"``. +- ``2 == 2``, the command line adds argument ``True``. +- ``None``, the command line adds argument ``None``. +- ``[]``, the command line adds no command line argument for that particular argument. + + +Convenience format methods +"""""""""""""""""""""""""" + +In the same module as ``CmdRunner`` there is a class ``cmd_runner_fmt`` which +provides a set of convenience methods that return format functions for common cases. +In the first block of code in the `Quickstart`_ section you can see the importing of +that class: + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt + +The same example shows how to make use of some of them in the instantiation of the ``CmdRunner`` object. +A description of each one of the convenience methods available and examples of how to use them is found below. +In these descriptions ``value`` refers to the single parameter passed to the formatting function. + +- ``cmd_runner_fmt.as_list()`` + This method does not receive any parameter, function returns ``value`` as-is. + + - Creation: + ``cmd_runner_fmt.as_list()`` + - Examples: + +----------------------+---------------------+ + | Value | Outcome | + +======================+=====================+ + | ``["foo", "bar"]`` | ``["foo", "bar"]`` | + +----------------------+---------------------+ + | ``"foobar"`` | ``["foobar"]`` | + +----------------------+---------------------+ + +- ``cmd_runner_fmt.as_bool()`` + This method receives two different parameters: ``args_true`` and ``args_false``, latter being optional. + If the boolean evaluation of ``value`` is ``True``, the format function returns ``args_true``. + If the boolean evaluation is ``False``, then the function returns ``args_false`` if it was provided, or ``[]`` otherwise. + + - Creation (one arg): + ``cmd_runner_fmt.as_bool("--force")`` + - Examples: + +------------+--------------------+ + | Value | Outcome | + +============+====================+ + | ``True`` | ``["--force"]`` | + +------------+--------------------+ + | ``False`` | ``[]`` | + +------------+--------------------+ + - Creation (two args, ``None`` treated as ``False``): + ``cmd_runner_fmt.as_bool("--relax", "--dont-do-it")`` + - Examples: + +------------+----------------------+ + | Value | Outcome | + +============+======================+ + | ``True`` | ``["--relax"]`` | + +------------+----------------------+ + | ``False`` | ``["--dont-do-it"]`` | + +------------+----------------------+ + | | ``["--dont-do-it"]`` | + +------------+----------------------+ + - Creation (two args, ``None`` is ignored): + ``cmd_runner_fmt.as_bool("--relax", "--dont-do-it", ignore_none=True)`` + - Examples: + +------------+----------------------+ + | Value | Outcome | + +============+======================+ + | ``True`` | ``["--relax"]`` | + +------------+----------------------+ + | ``False`` | ``["--dont-do-it"]`` | + +------------+----------------------+ + | | ``[]`` | + +------------+----------------------+ + +- ``cmd_runner_fmt.as_bool_not()`` + This method receives one parameter, which is returned by the function when the boolean evaluation + of ``value`` is ``False``. + + - Creation: + ``cmd_runner_fmt.as_bool_not("--no-deps")`` + - Examples: + +-------------+---------------------+ + | Value | Outcome | + +=============+=====================+ + | ``True`` | ``[]`` | + +-------------+---------------------+ + | ``False`` | ``["--no-deps"]`` | + +-------------+---------------------+ + +- ``cmd_runner_fmt.as_optval()`` + This method receives one parameter ``arg``, the function returns the string concatenation + of ``arg`` and ``value``. + + - Creation: + ``cmd_runner_fmt.as_optval("-i")`` + - Examples: + +---------------+---------------------+ + | Value | Outcome | + +===============+=====================+ + | ``3`` | ``["-i3"]`` | + +---------------+---------------------+ + | ``foobar`` | ``["-ifoobar"]`` | + +---------------+---------------------+ + +- ``cmd_runner_fmt.as_opt_val()`` + This method receives one parameter ``arg``, the function returns ``[arg, value]``. + + - Creation: + ``cmd_runner_fmt.as_opt_val("--name")`` + - Examples: + +--------------+--------------------------+ + | Value | Outcome | + +==============+==========================+ + | ``abc`` | ``["--name", "abc"]`` | + +--------------+--------------------------+ + +- ``cmd_runner_fmt.as_opt_eq_val()`` + This method receives one parameter ``arg``, the function returns the string of the form + ``{arg}={value}``. + + - Creation: + ``cmd_runner_fmt.as_opt_eq_val("--num-cpus")`` + - Examples: + +------------+-------------------------+ + | Value | Outcome | + +============+=========================+ + | ``10`` | ``["--num-cpus=10"]`` | + +------------+-------------------------+ + +- ``cmd_runner_fmt.as_fixed()`` + This method receives one parameter ``arg``, the function expects no ``value`` - if one + is provided then it is ignored. + The function returns ``arg`` as-is. + + - Creation: + ``cmd_runner_fmt.as_fixed("--version")`` + - Examples: + +---------+-----------------------+ + | Value | Outcome | + +=========+=======================+ + | | ``["--version"]`` | + +---------+-----------------------+ + | 57 | ``["--version"]`` | + +---------+-----------------------+ + + - Note: + This is the only special case in which a value can be missing for the formatting function. + The example also comes from the code in `Quickstart`_. + In that case, the module has code to determine the command's version so that it can assert compatibility. + There is no *value* to be passed for that CLI argument. + +- ``cmd_runner_fmt.as_map()`` + This method receives one parameter ``arg`` which must be a dictionary, and an optional parameter ``default``. + The function returns the evaluation of ``arg[value]``. + If ``value not in arg``, then it returns ``default`` if defined, otherwise ``[]``. + + - Creation: + ``cmd_runner_fmt.as_map(dict(a=1, b=2, c=3), default=42)`` + - Examples: + +---------------------+---------------+ + | Value | Outcome | + +=====================+===============+ + | ``"b"`` | ``["2"]`` | + +---------------------+---------------+ + | ``"yabadabadoo"`` | ``["42"]`` | + +---------------------+---------------+ + + - Note: + If ``default`` is not specified, invalid values return an empty list, meaning they are silently ignored. + +- ``cmd_runner_fmt.as_func()`` + This method receives one parameter ``arg`` which is itself is a format function and it must abide by the rules described above. + + - Creation: + ``cmd_runner_fmt.as_func(lambda v: [] if v == 'stable' else ['--channel', '{0}'.format(v)])`` + - Note: + The outcome for that depends entirely on the function provided by the developer. + + +Other features for argument formatting +"""""""""""""""""""""""""""""""""""""" + +Some additional features are available as decorators: + +- ``cmd_runner_fmt.unpack args()`` + This decorator unpacks the incoming ``value`` as a list of elements. + + For example, in ``ansible_collections.community.general.plugins.module_utils.puppet``, it is used as: + + .. code-block:: python + + @cmd_runner_fmt.unpack_args + def execute_func(execute, manifest): + if execute: + return ["--execute", execute] + else: + return [manifest] + + runner = CmdRunner( + module, + command=_prepare_base_cmd(), + path_prefix=_PUPPET_PATH_PREFIX, + arg_formats=dict( + # ... + _execute=cmd_runner_fmt.as_func(execute_func), + # ... + ), + ) + + Then, in :ansplugin:`community.general.puppet#module` it is put to use with: + + .. code-block:: python + + with runner(args_order) as ctx: + rc, stdout, stderr = ctx.run(_execute=[p['execute'], p['manifest']]) + +- ``cmd_runner_fmt.unpack_kwargs()`` + Conversely, this decorator unpacks the incoming ``value`` as a ``dict``-like object. + +- ``cmd_runner_fmt.stack()`` + This decorator assumes ``value`` is a sequence and concatenates the output + of the wrapped function applied to each element of the sequence. + + For example, in :ansplugin:`community.general.django_check#module`, the argument format for ``database`` + is defined as: + + .. code-block:: python + + arg_formats = dict( + # ... + database=cmd_runner_fmt.stack(cmd_runner_fmt.as_opt_val)("--database"), + # ... + ) + + When receiving a list ``["abc", "def"]``, the output is: + + .. code-block:: python + + ["--database", "abc", "--database", "def"] + + +Command Runner +^^^^^^^^^^^^^^ + +Settings that can be passed to the ``CmdRunner`` constructor are: + +- ``module: AnsibleModule`` + Module instance. Mandatory parameter. +- ``command: str | list[str]`` + Command to be executed. It can be a single string, the executable name, or a list + of strings containing the executable name as the first element and, optionally, fixed parameters. + Those parameters are used in all executions of the runner. + The *executable* pointed by this parameter (whether itself when ``str`` or its first element when ``list``) is + processed using ``AnsibleModule.get_bin_path()`` *unless* it is an absolute path or contains the character ``/``. +- ``arg_formats: dict`` + Mapping of argument names to formatting functions. +- ``default_args_order: str`` + As the name suggests, a default ordering for the arguments. When + this is passed, the context can be created without specifying ``args_order``. Defaults to ``()``. +- ``check_rc: bool`` + When ``True``, if the return code from the command is not zero, the module exits + with an error. Defaults to ``False``. +- ``path_prefix: list[str]`` + If the command being executed is installed in a non-standard directory path, + additional paths might be provided to search for the executable. Defaults to ``None``. +- ``environ_update: dict`` + Pass additional environment variables to be set during the command execution. + Defaults to ``None``. +- ``force_lang: str`` + It is usually important to force the locale to one specific value, so that responses are consistent and, therefore, parseable. + Please note that using this option (which is enabled by default) overwrites the environment variables ``LANGUAGE`` and ``LC_ALL``. + To disable this mechanism, set this parameter to ``None``. + In community.general 9.1.0 a special value ``auto`` was introduced for this parameter, with the effect + that ``CmdRunner`` then tries to determine the best parseable locale for the runtime. + It should become the default value in the future, but for the time being the default value is ``C``. + +When creating a context, the additional settings that can be passed to the call are: + +- ``args_order: str`` + Establishes the order in which the arguments are rendered in the command line. + This parameter is mandatory unless ``default_args_order`` was provided to the runner instance. +- ``output_process: func`` + Function to transform the output of the executable into different values or formats. + See examples in section below. +- ``check_mode_skip: bool`` + Whether to skip the actual execution of the command when the module is in check mode. + Defaults to ``False``. +- ``check_mode_return: any`` + If ``check_mode_skip=True``, then return this value instead. +- valid named arguments to ``AnsibleModule.run_command()`` + Other than ``args``, any valid argument to ``run_command()`` can be passed when setting up the run context. + For example, ``data`` can be used to send information to the command's standard input. + Or ``cwd`` can be used to run the command inside a specific working directory. + +Additionally, any other valid parameters for ``AnsibleModule.run_command()`` may be passed, but unexpected behavior +might occur if redefining options already present in the runner or its context creation. Use with caution. + + +Processing results +^^^^^^^^^^^^^^^^^^ + +As mentioned, ``CmdRunner`` uses ``AnsibleModule.run_command()`` to execute the external command, +and it passes the return value from that method back to caller. That means that, +by default, the result is going to be a tuple ``(rc, stdout, stderr)``. + +If you need to transform or process that output, you can pass a function to the context, +as the ``output_process`` parameter. It must be a function like: + +.. code-block:: python + + def process(rc, stdout, stderr): + # do some magic + return processed_value # whatever that is + +In that case, the return of ``run()`` is the ``processed_value`` returned by the function. + + +PythonRunner +^^^^^^^^^^^^ + +The ``PythonRunner`` class is a specialized version of ``CmdRunner``, geared towards the execution of +Python scripts. It features two extra and mutually exclusive parameters ``python`` and ``venv`` in its constructor: + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.python_runner import PythonRunner + from ansible_collections.community.general.plugins.module_utils.cmd_runner import cmd_runner_fmt + + runner = PythonRunner( + module, + command=["-m", "django"], + arg_formats=dict(...), + python="python", + venv="/path/to/some/venv", + ) + +The default value for ``python`` is the string ``python``, and the for ``venv`` it is ``None``. + +The command line produced by such a command with ``python="python3.12"`` is something like: + +.. code-block:: shell + + /usr/bin/python3.12 -m django ... + +And the command line for ``venv="/work/venv"`` is like: + +.. code-block:: shell + + /work/venv/bin/python -m django ... + +You may provide the value of the ``command`` argument as a string (in that case the string is used as a script name) +or as a list, in which case the elements of the list must be valid arguments for the Python interpreter, as in the example above. +See `Command line and environment `_ for more details. + +If the parameter ``python`` is an absolute path, or contains directory separators, such as ``/``, then it is used +as-is, otherwise the runtime ``PATH`` is searched for that command name. + +Other than that, everything else works as in ``CmdRunner``. + +.. versionadded:: 4.8.0 diff --git a/docs/docsite/rst/guide_deps.rst b/docs/docsite/rst/guide_deps.rst new file mode 100644 index 0000000000..4c0c4687a4 --- /dev/null +++ b/docs/docsite/rst/guide_deps.rst @@ -0,0 +1,74 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +.. _ansible_collections.community.general.docsite.guide_deps: + +``deps`` Guide +============== + + +Using ``deps`` +^^^^^^^^^^^^^^ + +The ``ansible_collections.community.general.plugins.module_utils.deps`` module util simplifies +the importing of code as described in :ref:`Importing and using shared code `. +Please notice that ``deps`` is meant to be used specifically with Ansible modules, and not other types of plugins. + +The same example from the Developer Guide would become: + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils import deps + + with deps.declare("foo"): + import foo + +Then in ``main()``, just after the argspec (or anywhere in the code, for that matter), do + +.. code-block:: python + + deps.validate(module) # assuming module is a valid AnsibleModule instance + +By default, ``deps`` will rely on ``ansible.module_utils.basic.missing_required_lib`` to generate +a message about a failing import. That function accepts parameters ``reason`` and ``url``, and +and so does ``deps```: + +.. code-block:: python + + with deps.declare("foo", reason="foo is needed to properly bar", url="https://foo.bar.io"): + import foo + +If you would rather write a custom message instead of using ``missing_required_lib`` then do: + +.. code-block:: python + + with deps.declare("foo", msg="Custom msg explaining why foo is needed"): + import foo + +``deps`` allows for multiple dependencies to be declared: + +.. code-block:: python + + with deps.declare("foo"): + import foo + + with deps.declare("bar"): + import bar + + with deps.declare("doe"): + import doe + +By default, ``deps.validate()`` will check on all the declared dependencies, but if so desired, +they can be validated selectively by doing: + +.. code-block:: python + + deps.validate(module, "foo") # only validates the "foo" dependency + + deps.validate(module, "doe:bar") # only validates the "doe" and "bar" dependencies + + deps.validate(module, "-doe:bar") # validates all dependencies except "doe" and "bar" + +.. versionadded:: 6.1.0 diff --git a/docs/docsite/rst/guide_modulehelper.rst b/docs/docsite/rst/guide_modulehelper.rst new file mode 100644 index 0000000000..e3c7a124cf --- /dev/null +++ b/docs/docsite/rst/guide_modulehelper.rst @@ -0,0 +1,547 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +.. _ansible_collections.community.general.docsite.guide_modulehelper: + +Module Helper guide +=================== + + +Introduction +^^^^^^^^^^^^ + +Writing a module for Ansible is largely described in existing documentation. +However, a good part of that is boilerplate code that needs to be repeated every single time. +That is where ``ModuleHelper`` comes to assistance: a lot of that boilerplate code is done. + +.. _ansible_collections.community.general.docsite.guide_modulehelper.quickstart: + +Quickstart +"""""""""" + +See the `example from Ansible documentation `_ +written with ``ModuleHelper``. +But bear in mind that it does not showcase all of MH's features: + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper + + + class MyTest(ModuleHelper): + module = dict( + argument_spec=dict( + name=dict(type='str', required=True), + new=dict(type='bool', required=False, default=False), + ), + supports_check_mode=True, + ) + use_old_vardict = False + + def __run__(self): + self.vars.original_message = '' + self.vars.message = '' + if self.check_mode: + return + self.vars.original_message = self.vars.name + self.vars.message = 'goodbye' + self.changed = self.vars['new'] + if self.vars.name == "fail me": + self.do_raise("You requested this to fail") + + + def main(): + MyTest.execute() + + + if __name__ == '__main__': + main() + + +Module Helper +^^^^^^^^^^^^^ + +Introduction +"""""""""""" + +``ModuleHelper`` is a wrapper around the standard ``AnsibleModule``, providing extra features and conveniences. +The basic structure of a module using ``ModuleHelper`` is as shown in the +:ref:`ansible_collections.community.general.docsite.guide_modulehelper.quickstart` +section above, but there are more elements that will take part in it. + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper + + class MyTest(ModuleHelper): + output_params = () + change_params = () + diff_params = () + facts_name = None + facts_params = () + use_old_vardict = True + mute_vardict_deprecation = False + module = dict( + argument_spec=dict(...), + # ... + ) + +After importing the ``ModuleHelper`` class, you need to declare your own class extending it. + +.. seealso:: + + There is a variation called ``StateModuleHelper``, which builds on top of the features provided by MH. + See :ref:`ansible_collections.community.general.docsite.guide_modulehelper.statemh` below for more details. + +The easiest way of specifying the module is to create the class variable ``module`` with a dictionary +containing the exact arguments that would be passed as parameters to ``AnsibleModule``. +If you prefer to create the ``AnsibleModule`` object yourself, just assign it to the ``module`` class variable. +MH also accepts a parameter ``module`` in its constructor, if that parameter is used used, +then it will override the class variable. The parameter can either be ``dict`` or ``AnsibleModule`` as well. + +Beyond the definition of the module, there are other variables that can be used to control aspects +of MH's behavior. These variables should be set at the very beginning of the class, and their semantics are +explained through this document. + +The main logic of MH happens in the ``ModuleHelper.run()`` method, which looks like: + +.. code-block:: python + + @module_fails_on_exception + def run(self): + self.__init_module__() + self.__run__() + self.__quit_module__() + output = self.output + if 'failed' not in output: + output['failed'] = False + self.module.exit_json(changed=self.has_changed(), **output) + +The method ``ModuleHelper.__run__()`` must be implemented by the module and most +modules will be able to perform their actions implementing only that MH method. +However, in some cases, you might want to execute actions before or after the main tasks, in which cases +you should implement ``ModuleHelper.__init_module__()`` and ``ModuleHelper.__quit_module__()`` respectively. + +Note that the output comes from ``self.output``, which is a ``@property`` method. +By default, that property will collect all the variables that are marked for output and return them in a dictionary with their values. +Moreover, the default ``self.output`` will also handle Ansible ``facts`` and *diff mode*. +Also note the changed status comes from ``self.has_changed()``, which is usually calculated from variables that are marked +to track changes in their content. + +.. seealso:: + + More details in sections + :ref:`ansible_collections.community.general.docsite.guide_modulehelper.paramvaroutput` and + :ref:`ansible_collections.community.general.docsite.guide_modulehelper.changes` below. + +.. seealso:: + + See more about the decorator + :ref:`ansible_collections.community.general.docsite.guide_modulehelper.modulefailsdeco` below. + + +Another way to write the example from the +:ref:`ansible_collections.community.general.docsite.guide_modulehelper.quickstart` +would be: + +.. code-block:: python + + def __init_module__(self): + self.vars.original_message = '' + self.vars.message = '' + + def __run__(self): + if self.check_mode: + return + self.vars.original_message = self.vars.name + self.vars.message = 'goodbye' + self.changed = self.vars['new'] + + def __quit_module__(self): + if self.vars.name == "fail me": + self.do_raise("You requested this to fail") + +Notice that there are no calls to ``module.exit_json()`` nor ``module.fail_json()``: if the module fails, raise an exception. +You can use the convenience method ``self.do_raise()`` or raise the exception as usual in Python to do that. +If no exception is raised, then the module succeeds. + +.. seealso:: + + See more about exceptions in section + :ref:`ansible_collections.community.general.docsite.guide_modulehelper.exceptions` below. + +Ansible modules must have a ``main()`` function and the usual test for ``'__main__'``. When using MH that should look like: + +.. code-block:: python + + def main(): + MyTest.execute() + + + if __name__ == '__main__': + main() + +The class method ``execute()`` is nothing more than a convenience shorcut for: + +.. code-block:: python + + m = MyTest() + m.run() + +Optionally, an ``AnsibleModule`` may be passed as parameter to ``execute()``. + +.. _ansible_collections.community.general.docsite.guide_modulehelper.paramvaroutput: + +Parameters, variables, and output +""""""""""""""""""""""""""""""""" + +All the parameters automatically become variables in the ``self.vars`` attribute, which is of the ``VarDict`` type. +By using ``self.vars``, you get a central mechanism to access the parameters but also to expose variables as return values of the module. +As described in :ref:`ansible_collections.community.general.docsite.guide_vardict`, variables in ``VarDict`` have metadata associated to them. +One of the attributes in that metadata marks the variable for output, and MH makes use of that to generate the module's return values. + +.. important:: + + The ``VarDict`` feature described was introduced in community.general 7.1.0, but there was a first + implementation of it embedded within ``ModuleHelper``. + That older implementation is now deprecated and will be removed in community.general 11.0.0. + After community.general 7.1.0, MH modules generate a deprecation message about *using the old VarDict*. + There are two ways to prevent that from happening: + + #. Set ``mute_vardict_deprecation = True`` and the deprecation will be silenced. If the module still uses the old ``VarDict``, + it will not be able to update to community.general 11.0.0 (Spring 2026) upon its release. + #. Set ``use_old_vardict = False`` to make the MH module use the new ``VarDict`` immediatelly. + The new ``VarDict`` and its use is documented and this is the recommended way to handle this. + + .. code-block:: python + + class MyTest(ModuleHelper): + use_old_vardict = False + mute_vardict_deprecation = True + ... + + These two settings are mutually exclusive, but that is not enforced and the behavior when setting both is not specified. + +Contrary to new variables created in ``VarDict``, module parameters are not set for output by default. +If you want to include some module parameters in the output, list them in the ``output_params`` class variable. + +.. code-block:: python + + class MyTest(ModuleHelper): + output_params = ('state', 'name') + ... + +Another neat feature provided by MH by using ``VarDict`` is the automatic tracking of changes when setting the metadata ``change=True``. +Again, to enable this feature for module parameters, you must list them in the ``change_params`` class variable. + +.. code-block:: python + + class MyTest(ModuleHelper): + # example from community.general.xfconf + change_params = ('value', ) + ... + +.. seealso:: + + See more about this in + :ref:`ansible_collections.community.general.docsite.guide_modulehelper.changes` below. + +Similarly, if you want to use Ansible's diff mode, you can set the metadata ``diff=True`` and ``diff_params`` for module parameters. +With that, MH will automatically generate the diff output for variables that have changed. + +.. code-block:: python + + class MyTest(ModuleHelper): + diff_params = ('value', ) + + def __run__(self): + # example from community.general.gio_mime + self.vars.set_meta("handler", initial_value=gio_mime_get(self.runner, self.vars.mime_type), diff=True, change=True) + +Moreover, if a module is set to return *facts* instead of return values, then again use the metadata ``fact=True`` and ``fact_params`` for module parameters. +Additionally, you must specify ``facts_name``, as in: + +.. code-block:: python + + class VolumeFacts(ModuleHelper): + facts_name = 'volume_facts' + + def __init_module__(self): + self.vars.set("volume", 123, fact=True) + +That generates an Ansible fact like: + +.. code-block:: yaml+jinja + + - name: Obtain volume facts + some.collection.volume_facts: + # parameters + + - name: Print volume facts + debug: + msg: Volume fact is {{ ansible_facts.volume_facts.volume }} + +.. important:: + + If ``facts_name`` is not set, the module does not generate any facts. + + +.. _ansible_collections.community.general.docsite.guide_modulehelper.changes: + +Handling changes +"""""""""""""""" + +In MH there are many ways to indicate change in the module execution. Here they are: + +Tracking changes in variables +----------------------------- + +As explained above, you can enable change tracking in any number of variables in ``self.vars``. +By the end of the module execution, if any of those variables has a value different then the first value assigned to them, +then that will be picked up by MH and signalled as changed at the module output. +See the example below to learn how you can enabled change tracking in variables: + +.. code-block:: python + + # using __init_module__() as example, it works the same in __run__() and __quit_module__() + def __init_module__(self): + # example from community.general.ansible_galaxy_install + self.vars.set("new_roles", {}, change=True) + + # example of "hidden" variable used only to track change in a value from community.general.gconftool2 + self.vars.set('_value', self.vars.previous_value, output=False, change=True) + + # enable change-tracking without assigning value + self.vars.set_meta("new_roles", change=True) + + # if you must forcibly set an initial value to the variable + self.vars.set_meta("new_roles", initial_value=[]) + ... + +If the end value of any variable marked ``change`` is different from its initial value, then MH will return ``changed=True``. + +Indicating changes with ``changed`` +----------------------------------- + +If you want to indicate change directly in the code, then use the ``self.changed`` property in MH. +Beware that this is a ``@property`` method in MH, with both a *getter* and a *setter*. +By default, that hidden field is set to ``False``. + +Effective change +---------------- + +The effective outcome for the module is determined in the ``self.has_changed()`` method, and it consists of the logical *OR* operation +between ``self.changed`` and the change calculated from ``self.vars``. + +.. _ansible_collections.community.general.docsite.guide_modulehelper.exceptions: + +Exceptions +"""""""""" + +In MH, instead of calling ``module.fail_json()`` you can just raise an exception. +The output variables are collected the same way they would be for a successful execution. +However, you can set output variables specifically for that exception, if you so choose. + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelperException + + def __init_module__(self): + if not complex_validation(): + self.do_raise("Validation failed!") + + # Or passing output variables + awesomeness = calculate_awesomeness() + if awesomeness > 1000: + self.do_raise("Over awesome, I cannot handle it!", update_output={"awesomeness": awesomeness}) + # which is just a convenience shortcut for + raise ModuleHelperException("...", update_output={...}) + +All exceptions derived from ``Exception`` are captured and translated into a ``fail_json()`` call. +However, if you do want to call ``self.module.fail_json()`` yourself it will work, +just keep in mind that there will be no automatic handling of output variables in that case. + +Behind the curtains, all ``do_raise()`` does is to raise a ``ModuleHelperException``. +If you want to create specialized error handling for your code, the best way is to extend that clas and raise it when needed. + +.. _ansible_collections.community.general.docsite.guide_modulehelper.statemh: + +StateModuleHelper +^^^^^^^^^^^^^^^^^ + +Many modules use a parameter ``state`` that effectively controls the exact action performed by the module, such as +``state=present`` or ``state=absent`` for installing or removing packages. +By using ``StateModuleHelper`` you can make your code like the excerpt from the ``gconftool2`` below: + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.module_helper import StateModuleHelper + + class GConftool(StateModuleHelper): + ... + module = dict( + ... + ) + use_old_vardict = False + + def __init_module__(self): + self.runner = gconftool2_runner(self.module, check_rc=True) + ... + + self.vars.set('previous_value', self._get(), fact=True) + self.vars.set('value_type', self.vars.value_type) + self.vars.set('_value', self.vars.previous_value, output=False, change=True) + self.vars.set_meta('value', initial_value=self.vars.previous_value) + self.vars.set('playbook_value', self.vars.value, fact=True) + + ... + + def state_absent(self): + with self.runner("state key", output_process=self._make_process(False)) as ctx: + ctx.run() + self.vars.set('run_info', ctx.run_info, verbosity=4) + self.vars.set('new_value', None, fact=True) + self.vars._value = None + + def state_present(self): + with self.runner("direct config_source value_type state key value", output_process=self._make_process(True)) as ctx: + ctx.run() + self.vars.set('run_info', ctx.run_info, verbosity=4) + self.vars.set('new_value', self._get(), fact=True) + self.vars._value = self.vars.new_value + +Note that the method ``__run__()`` is implemented in ``StateModuleHelper``, all you need to implement are the methods ``state_``. +In the example above, :ansplugin:`community.general.gconftool2#module` only has two states, ``present`` and ``absent``, thus, ``state_present()`` and ``state_absent()``. + +If the controlling parameter is not called ``state``, like in :ansplugin:`community.general.jira#module` module, just let SMH know about it: + +.. code-block:: python + + class JIRA(StateModuleHelper): + state_param = 'operation' + + def operation_create(self): + ... + + def operation_search(self): + ... + +Lastly, if the module is called with ``state=somevalue`` and the method ``state_somevalue`` +is not implemented, SMH will resort to call a method called ``__state_fallback__()``. +By default, this method will raise a ``ValueError`` indicating the method was not found. +Naturally, you can override that method to write a default implementation, as in :ansplugin:`community.general.locale_gen#module`: + +.. code-block:: python + + def __state_fallback__(self): + if self.vars.state_tracking == self.vars.state: + return + if self.vars.ubuntu_mode: + self.apply_change_ubuntu(self.vars.state, self.vars.name) + else: + self.apply_change(self.vars.state, self.vars.name) + +That module has only the states ``present`` and ``absent`` and the code for both is the one in the fallback method. + +.. note:: + + The name of the fallback method **does not change** if you set a different value of ``state_param``. + + +Other Conveniences +^^^^^^^^^^^^^^^^^^ + +Delegations to AnsibleModule +"""""""""""""""""""""""""""" + +The MH properties and methods below are delegated as-is to the underlying ``AnsibleModule`` instance in ``self.module``: + +- ``check_mode`` +- ``get_bin_path()`` +- ``warn()`` +- ``deprecate()`` + +Additionally, MH will also delegate: + +- ``diff_mode`` to ``self.module._diff`` +- ``verbosity`` to ``self.module._verbosity`` + +Decorators +"""""""""" + +The following decorators should only be used within ``ModuleHelper`` class. + +@cause_changes +-------------- + +This decorator will control whether the outcome of the method will cause the module to signal change in its output. +If the method completes without raising an exception it is considered to have succeeded, otherwise, it will have failed. + +The decorator has a parameter ``when`` that accepts three different values: ``success``, ``failure``, and ``always``. +There are also two legacy parameters, ``on_success`` and ``on_failure``, that will be deprecated, so do not use them. +The value of ``changed`` in the module output will be set to ``True``: + +- ``when="success"`` and the method completes without raising an exception. +- ``when="failure"`` and the method raises an exception. +- ``when="always"``, regardless of the method raising an exception or not. + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.module_helper import cause_changes + + # adapted excerpt from the community.general.jira module + class JIRA(StateModuleHelper): + @cause_changes(when="success") + def operation_create(self): + ... + +If ``when`` has a different value or no parameters are specificied, the decorator will have no effect whatsoever. + +.. _ansible_collections.community.general.docsite.guide_modulehelper.modulefailsdeco: + +@module_fails_on_exception +-------------------------- + +In a method using this decorator, if an exception is raised, the text message of that exception will be captured +by the decorator and used to call ``self.module.fail_json()``. +In most of the cases there will be no need to use this decorator, because ``ModuleHelper.run()`` already uses it. + +@check_mode_skip +---------------- + +If the module is running in check mode, this decorator will prevent the method from executing. +The return value in that case is ``None``. + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.module_helper import check_mode_skip + + # adapted excerpt from the community.general.locale_gen module + class LocaleGen(StateModuleHelper): + @check_mode_skip + def __state_fallback__(self): + ... + + +@check_mode_skip_returns +------------------------ + +This decorator is similar to the previous one, but the developer can control the return value for the method when running in check mode. +It is used with one of two parameters. One is ``callable`` and the return value in check mode will be ``callable(self, *args, **kwargs)``, +where ``self`` is the ``ModuleHelper`` instance and the union of ``args`` and ``kwargs`` will contain all the parameters passed to the method. + +The other option is to use the parameter ``value``, in which case the method will return ``value`` when in check mode. + + +References +^^^^^^^^^^ + +- `Ansible Developer Guide `_ +- `Creating a module `_ +- `Returning ansible facts `_ +- :ref:`ansible_collections.community.general.docsite.guide_vardict` + + +.. versionadded:: 3.1.0 diff --git a/docs/docsite/rst/guide_vardict.rst b/docs/docsite/rst/guide_vardict.rst new file mode 100644 index 0000000000..f65b09055b --- /dev/null +++ b/docs/docsite/rst/guide_vardict.rst @@ -0,0 +1,176 @@ +.. + Copyright (c) Ansible Project + GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) + SPDX-License-Identifier: GPL-3.0-or-later + +.. _ansible_collections.community.general.docsite.guide_vardict: + +VarDict Guide +============= + +Introduction +^^^^^^^^^^^^ + +The ``ansible_collections.community.general.plugins.module_utils.vardict`` module util provides the +``VarDict`` class to help manage the module variables. That class is a container for module variables, +especially the ones for which the module must keep track of state changes, and the ones that should +be published as return values. + +Each variable has extra behaviors controlled by associated metadata, simplifying the generation of +output values from the module. + +Quickstart +"""""""""" + +The simplest way of using ``VarDict`` is: + +.. code-block:: python + + from ansible_collections.community.general.plugins.module_utils.vardict import VarDict + +Then in ``main()``, or any other function called from there: + +.. code-block:: python + + vars = VarDict() + + # Next 3 statements are equivalent + vars.abc = 123 + vars["abc"] = 123 + vars.set("abc", 123) + + vars.xyz = "bananas" + vars.ghi = False + +And by the time the module is about to exit: + +.. code-block:: python + + results = vars.output() + module.exit_json(**results) + +That makes the return value of the module: + +.. code-block:: javascript + + { + "abc": 123, + "xyz": "bananas", + "ghi": false + } + +Metadata +"""""""" + +The metadata values associated with each variable are: + +- ``output: bool`` - marks the variable for module output as a module return value. +- ``fact: bool`` - marks the variable for module output as an Ansible fact. +- ``verbosity: int`` - sets the minimum level of verbosity for which the variable will be included in the output. +- ``change: bool`` - controls the detection of changes in the variable value. +- ``initial_value: any`` - when using ``change`` and need to forcefully set an intial value to the variable. +- ``diff: bool`` - used along with ``change``, this generates an Ansible-style diff ``dict``. + +See the sections below for more details on how to use the metadata. + + +Using VarDict +^^^^^^^^^^^^^ + +Basic Usage +""""""""""" + +As shown above, variables can be accessed using the ``[]`` operator, as in a ``dict`` object, +and also as an object attribute, such as ``vars.abc``. The form using the ``set()`` +method is special in the sense that you can use it to set metadata values: + +.. code-block:: python + + vars.set("abc", 123, output=False) + vars.set("abc", 123, output=True, change=True) + +Another way to set metadata after the variables have been created is: + +.. code-block:: python + + vars.set_meta("abc", output=False) + vars.set_meta("abc", output=True, change=True, diff=True) + +You can use either operator and attribute forms to access the value of the variable. Other ways to +access its value and its metadata are: + +.. code-block:: python + + print("abc value = {0}".format(vars.var("abc")["value"])) # get the value + print("abc output? {0}".format(vars.get_meta("abc")["output"])) # get the metadata like this + +The names of methods, such as ``set``, ``get_meta``, ``output`` amongst others, are reserved and +cannot be used as variable names. If you try to use a reserved name a ``ValueError`` exception +is raised with the message "Name is reserved". + +Generating output +""""""""""""""""" + +By default, every variable create will be enable for output with minimum verbosity set to zero, in +other words, they will always be in the output by default. + +You can control that when creating the variable for the first time or later in the code: + +.. code-block:: python + + vars.set("internal", x + 4, output=False) + vars.set_meta("internal", output=False) + +You can also set the verbosity of some variable, like: + +.. code-block:: python + + vars.set("abc", x + 4) + vars.set("debug_x", x, verbosity=3) + + results = vars.output(module._verbosity) + module.exit_json(**results) + +If the module was invoked with verbosity lower than 3, then the output will only contain +the variable ``abc``. If running at higher verbosity, as in ``ansible-playbook -vvv``, +then the output will also contain ``debug_x``. + +Generating facts is very similar to regular output, but variables are not marked as facts by default. + +.. code-block:: python + + vars.set("modulefact", x + 4, fact=True) + vars.set("debugfact", x, fact=True, verbosity=3) + + results = vars.output(module._verbosity) + results["ansible_facts"] = {"module_name": vars.facts(module._verbosity)} + module.exit_json(**results) + +Handling change +""""""""""""""" + +You can use ``VarDict`` to determine whether variables have had their values changed. + +.. code-block:: python + + vars.set("abc", 42, change=True) + vars.abc = 90 + + results = vars.output() + results["changed"] = vars.has_changed + module.exit_json(**results) + +If tracking changes in variables, you may want to present the difference between the initial and the final +values of it. For that, you want to use: + +.. code-block:: python + + vars.set("abc", 42, change=True, diff=True) + vars.abc = 90 + + results = vars.output() + results["changed"] = vars.has_changed + results["diff"] = vars.diff() + module.exit_json(**results) + +.. versionadded:: 7.1.0 diff --git a/galaxy.yml b/galaxy.yml index 4dbadd2f62..2373f46167 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -5,7 +5,7 @@ namespace: community name: general -version: 8.5.0 +version: 10.3.0 readme: README.md authors: - Ansible (https://github.com/ansible) diff --git a/meta/runtime.yml b/meta/runtime.yml index 1dcd0878a5..1106260176 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -3,16 +3,90 @@ # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later -requires_ansible: '>=2.13.0' +requires_ansible: '>=2.15.0' action_groups: consul: + - consul_agent_check + - consul_agent_service - consul_auth_method - consul_binding_rule - consul_policy - consul_role - consul_session - consul_token + proxmox: + - proxmox + - proxmox_backup + - proxmox_disk + - proxmox_domain_info + - proxmox_group_info + - proxmox_kvm + - proxmox_nic + - proxmox_node_info + - proxmox_pool + - proxmox_pool_member + - proxmox_snap + - proxmox_storage_contents_info + - proxmox_storage_info + - proxmox_tasks_info + - proxmox_template + - proxmox_user_info + - proxmox_vm_info + keycloak: + - keycloak_authentication + - keycloak_authentication_required_actions + - keycloak_authz_authorization_scope + - keycloak_authz_custom_policy + - keycloak_authz_permission + - keycloak_authz_permission_info + - keycloak_client + - keycloak_client_rolemapping + - keycloak_client_rolescope + - keycloak_clientscope + - keycloak_clientscope_type + - keycloak_clientsecret_info + - keycloak_clientsecret_regenerate + - keycloak_clienttemplate + - keycloak_component + - keycloak_component_info + - keycloak_group + - keycloak_identity_provider + - keycloak_realm + - keycloak_realm_key + - keycloak_realm_keys_metadata_info + - keycloak_realm_rolemapping + - keycloak_role + - keycloak_user + - keycloak_user_federation + - keycloak_user_rolemapping + - keycloak_userprofile plugin_routing: + callback: + actionable: + tombstone: + removal_version: 2.0.0 + warning_text: Use the 'default' callback plugin with 'display_skipped_hosts + = no' and 'display_ok_hosts = no' options. + full_skip: + tombstone: + removal_version: 2.0.0 + warning_text: Use the 'default' callback plugin with 'display_skipped_hosts + = no' option. + hipchat: + tombstone: + removal_version: 10.0.0 + warning_text: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020. + osx_say: + redirect: community.general.say + stderr: + tombstone: + removal_version: 2.0.0 + warning_text: Use the 'default' callback plugin with 'display_failed_stderr + = yes' option. + yaml: + deprecation: + removal_version: 13.0.0 + warning_text: The plugin has been superseded by the the option `result_format=yaml` in callback plugin ansible.builtin.default from ansible-core 2.13 onwards. connection: docker: redirect: community.docker.docker @@ -30,136 +104,28 @@ plugin_routing: nios_next_network: redirect: infoblox.nios_modules.nios_next_network modules: - consul_acl: - deprecation: - removal_version: 10.0.0 - warning_text: Use community.general.consul_token and/or community.general.consul_policy instead. - rax_cbs_attachments: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_cbs: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_cdb_database: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_cdb_user: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_cdb: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_clb_nodes: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_clb_ssl: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_clb: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_dns_record: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_dns: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_facts: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_files_objects: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_files: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_identity: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_keypair: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_meta: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_mon_alarm: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_mon_check: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_mon_entity: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_mon_notification_plan: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_mon_notification: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_network: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_queue: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_scaling_group: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rax_scaling_policy: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on the deprecated package pyrax. - rhn_channel: - deprecation: - removal_version: 10.0.0 - warning_text: RHN is EOL, please contact the community.general maintainers - if still using this; see the module documentation for more details. - rhn_register: - deprecation: - removal_version: 10.0.0 - warning_text: RHN is EOL, please contact the community.general maintainers - if still using this; see the module documentation for more details. - stackdriver: - deprecation: - removal_version: 9.0.0 - warning_text: This module relies on HTTPS APIs that do not exist anymore, - and any new development in the direction of providing an alternative should - happen in the context of the google.cloud collection. ali_instance_facts: tombstone: removal_version: 3.0.0 warning_text: Use community.general.ali_instance_info instead. + atomic_container: + deprecation: + removal_version: 13.0.0 + warning_text: Poject Atomic was sunset by the end of 2019. + atomic_host: + deprecation: + removal_version: 13.0.0 + warning_text: Poject Atomic was sunset by the end of 2019. + atomic_image: + deprecation: + removal_version: 13.0.0 + warning_text: Poject Atomic was sunset by the end of 2019. cisco_spark: redirect: community.general.cisco_webex + consul_acl: + tombstone: + removal_version: 10.0.0 + warning_text: Use community.general.consul_token and/or community.general.consul_policy instead. docker_compose: redirect: community.docker.docker_compose docker_config: @@ -214,10 +180,14 @@ plugin_routing: redirect: community.docker.docker_volume docker_volume_info: redirect: community.docker.docker_volume_info - flowdock: + facter: deprecation: + removal_version: 12.0.0 + warning_text: Use community.general.facter_facts instead. + flowdock: + tombstone: removal_version: 9.0.0 - warning_text: This module relies on HTTPS APIs that do not exist anymore and + warning_text: This module relied on HTTPS APIs that do not exist anymore and there is no clear path to update. foreman: tombstone: @@ -307,6 +277,10 @@ plugin_routing: redirect: community.hrobot.firewall hetzner_firewall_info: redirect: community.hrobot.firewall_info + hipchat: + deprecation: + removal_version: 11.0.0 + warning_text: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020. hpilo_facts: tombstone: removal_version: 3.0.0 @@ -640,10 +614,122 @@ plugin_routing: tombstone: removal_version: 3.0.0 warning_text: Use community.general.python_requirements_info instead. + rax_cbs_attachments: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_cbs: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_cdb_database: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_cdb_user: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_cdb: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_clb_nodes: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_clb_ssl: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_clb: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_dns_record: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_dns: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_facts: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_files_objects: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_files: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_identity: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_keypair: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_meta: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_mon_alarm: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_mon_check: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_mon_entity: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_mon_notification_plan: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_mon_notification: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_network: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_queue: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_scaling_group: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. + rax_scaling_policy: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on the deprecated package pyrax. redfish_facts: tombstone: removal_version: 3.0.0 warning_text: Use community.general.redfish_info instead. + rhn_channel: + tombstone: + removal_version: 10.0.0 + warning_text: RHN is EOL. + rhn_register: + tombstone: + removal_version: 10.0.0 + warning_text: RHN is EOL. sapcar_extract: redirect: community.sap_libs.sapcar_extract sap_task_list_execute: @@ -676,6 +762,26 @@ plugin_routing: tombstone: removal_version: 3.0.0 warning_text: Use community.general.scaleway_volume_info instead. + sensu_check: + deprecation: + removal_version: 13.0.0 + warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20. + sensu_client: + deprecation: + removal_version: 13.0.0 + warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20. + sensu_handler: + deprecation: + removal_version: 13.0.0 + warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20. + sensu_silence: + deprecation: + removal_version: 13.0.0 + warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20. + sensu_subscription: + deprecation: + removal_version: 13.0.0 + warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20. sf_account_manager: tombstone: removal_version: 2.0.0 @@ -700,45 +806,46 @@ plugin_routing: tombstone: removal_version: 3.0.0 warning_text: Use community.general.smartos_image_info instead. + stackdriver: + tombstone: + removal_version: 9.0.0 + warning_text: This module relied on HTTPS APIs that do not exist anymore, + and any new development in the direction of providing an alternative should + happen in the context of the google.cloud collection. vertica_facts: tombstone: removal_version: 3.0.0 warning_text: Use community.general.vertica_info instead. webfaction_app: - deprecation: + tombstone: removal_version: 9.0.0 - warning_text: This module relies on HTTPS APIs that do not exist anymore and + warning_text: This module relied on HTTPS APIs that do not exist anymore and there is no clear path to update. webfaction_db: - deprecation: + tombstone: removal_version: 9.0.0 - warning_text: This module relies on HTTPS APIs that do not exist anymore and + warning_text: This module relied on HTTPS APIs that do not exist anymore and there is no clear path to update. webfaction_domain: - deprecation: + tombstone: removal_version: 9.0.0 - warning_text: This module relies on HTTPS APIs that do not exist anymore and + warning_text: This module relied on HTTPS APIs that do not exist anymore and there is no clear path to update. webfaction_mailbox: - deprecation: + tombstone: removal_version: 9.0.0 - warning_text: This module relies on HTTPS APIs that do not exist anymore and + warning_text: This module relied on HTTPS APIs that do not exist anymore and there is no clear path to update. webfaction_site: - deprecation: + tombstone: removal_version: 9.0.0 - warning_text: This module relies on HTTPS APIs that do not exist anymore and + warning_text: This module relied on HTTPS APIs that do not exist anymore and there is no clear path to update. xenserver_guest_facts: tombstone: removal_version: 3.0.0 warning_text: Use community.general.xenserver_guest_info instead. doc_fragments: - rackspace: - deprecation: - removal_version: 9.0.0 - warning_text: This doc fragment is used by rax modules, that rely on the deprecated - package pyrax. _gcp: redirect: community.google._gcp docker: @@ -753,11 +860,16 @@ plugin_routing: redirect: infoblox.nios_modules.nios postgresql: redirect: community.postgresql.postgresql - module_utils: - rax: + purestorage: deprecation: + removal_version: 12.0.0 + warning_text: The modules for purestorage were removed in community.general 3.0.0, this document fragment was left behind. + rackspace: + tombstone: removal_version: 9.0.0 - warning_text: This module util relies on the deprecated package pyrax. + warning_text: This doc fragment was used by rax modules, that relied on the deprecated + package pyrax. + module_utils: docker.common: redirect: community.docker.common docker.swarm: @@ -776,28 +888,18 @@ plugin_routing: redirect: infoblox.nios_modules.api postgresql: redirect: community.postgresql.postgresql + pure: + deprecation: + removal_version: 12.0.0 + warning_text: The modules for purestorage were removed in community.general 3.0.0, this module util was left behind. + rax: + tombstone: + removal_version: 9.0.0 + warning_text: This module util relied on the deprecated package pyrax. remote_management.dellemc.dellemc_idrac: redirect: dellemc.openmanage.dellemc_idrac remote_management.dellemc.ome: redirect: dellemc.openmanage.ome - callback: - actionable: - tombstone: - removal_version: 2.0.0 - warning_text: Use the 'default' callback plugin with 'display_skipped_hosts - = no' and 'display_ok_hosts = no' options. - full_skip: - tombstone: - removal_version: 2.0.0 - warning_text: Use the 'default' callback plugin with 'display_skipped_hosts - = no' option. - osx_say: - redirect: community.general.say - stderr: - tombstone: - removal_version: 2.0.0 - warning_text: Use the 'default' callback plugin with 'display_failed_stderr - = yes' option. inventory: docker_machine: redirect: community.docker.docker_machine diff --git a/plugins/action/iptables_state.py b/plugins/action/iptables_state.py index 4a27ef8a01..39ee85d778 100644 --- a/plugins/action/iptables_state.py +++ b/plugins/action/iptables_state.py @@ -22,25 +22,33 @@ class ActionModule(ActionBase): _VALID_ARGS = frozenset(('path', 'state', 'table', 'noflush', 'counters', 'modprobe', 'ip_version', 'wait')) DEFAULT_SUDOABLE = True - MSG_ERROR__ASYNC_AND_POLL_NOT_ZERO = ( - "This module doesn't support async>0 and poll>0 when its 'state' param " - "is set to 'restored'. To enable its rollback feature (that needs the " - "module to run asynchronously on the remote), please set task attribute " - "'poll' (=%s) to 0, and 'async' (=%s) to a value >2 and not greater than " - "'ansible_timeout' (=%s) (recommended).") - MSG_WARNING__NO_ASYNC_IS_NO_ROLLBACK = ( - "Attempts to restore iptables state without rollback in case of mistake " - "may lead the ansible controller to loose access to the hosts and never " - "regain it before fixing firewall rules through a serial console, or any " - "other way except SSH. Please set task attribute 'poll' (=%s) to 0, and " - "'async' (=%s) to a value >2 and not greater than 'ansible_timeout' (=%s) " - "(recommended).") - MSG_WARNING__ASYNC_GREATER_THAN_TIMEOUT = ( - "You attempt to restore iptables state with rollback in case of mistake, " - "but with settings that will lead this rollback to happen AFTER that the " - "controller will reach its own timeout. Please set task attribute 'poll' " - "(=%s) to 0, and 'async' (=%s) to a value >2 and not greater than " - "'ansible_timeout' (=%s) (recommended).") + @staticmethod + def msg_error__async_and_poll_not_zero(task_poll, task_async, max_timeout): + return ( + "This module doesn't support async>0 and poll>0 when its 'state' param " + "is set to 'restored'. To enable its rollback feature (that needs the " + "module to run asynchronously on the remote), please set task attribute " + f"'poll' (={task_poll}) to 0, and 'async' (={task_async}) to a value >2 and not greater than " + f"'ansible_timeout' (={max_timeout}) (recommended).") + + @staticmethod + def msg_warning__no_async_is_no_rollback(task_poll, task_async, max_timeout): + return ( + "Attempts to restore iptables state without rollback in case of mistake " + "may lead the ansible controller to loose access to the hosts and never " + "regain it before fixing firewall rules through a serial console, or any " + f"other way except SSH. Please set task attribute 'poll' (={task_poll}) to 0, and " + f"'async' (={task_async}) to a value >2 and not greater than 'ansible_timeout' (={max_timeout}) " + "(recommended).") + + @staticmethod + def msg_warning__async_greater_than_timeout(task_poll, task_async, max_timeout): + return ( + "You attempt to restore iptables state with rollback in case of mistake, " + "but with settings that will lead this rollback to happen AFTER that the " + "controller will reach its own timeout. Please set task attribute 'poll' " + f"(={task_poll}) to 0, and 'async' (={task_async}) to a value >2 and not greater than " + f"'ansible_timeout' (={max_timeout}) (recommended).") def _async_result(self, async_status_args, task_vars, timeout): ''' @@ -88,21 +96,25 @@ class ActionModule(ActionBase): max_timeout = self._connection._play_context.timeout module_args = self._task.args + async_status_args = {} + starter_cmd = None + confirm_cmd = None + if module_args.get('state', None) == 'restored': if not wrap_async: if not check_mode: - display.warning(self.MSG_WARNING__NO_ASYNC_IS_NO_ROLLBACK % ( + display.warning(self.msg_error__async_and_poll_not_zero( task_poll, task_async, max_timeout)) elif task_poll: - raise AnsibleActionFail(self.MSG_ERROR__ASYNC_AND_POLL_NOT_ZERO % ( + raise AnsibleActionFail(self.msg_warning__no_async_is_no_rollback( task_poll, task_async, max_timeout)) else: if task_async > max_timeout and not check_mode: - display.warning(self.MSG_WARNING__ASYNC_GREATER_THAN_TIMEOUT % ( + display.warning(self.msg_warning__async_greater_than_timeout( task_poll, task_async, max_timeout)) @@ -115,10 +127,10 @@ class ActionModule(ActionBase): # remote and local sides (if not the same, make the loop # longer on the controller); and set a backup file path. module_args['_timeout'] = task_async - module_args['_back'] = '%s/iptables.state' % async_dir + module_args['_back'] = f'{async_dir}/iptables.state' async_status_args = dict(mode='status') - confirm_cmd = 'rm -f %s' % module_args['_back'] - starter_cmd = 'touch %s.starter' % module_args['_back'] + confirm_cmd = f"rm -f {module_args['_back']}" + starter_cmd = f"touch {module_args['_back']}.starter" remaining_time = max(task_async, max_timeout) # do work! diff --git a/plugins/action/shutdown.py b/plugins/action/shutdown.py index 01201a6405..e5c2d15a5c 100644 --- a/plugins/action/shutdown.py +++ b/plugins/action/shutdown.py @@ -18,6 +18,10 @@ from ansible.utils.display import Display display = Display() +def fmt(mapping, key): + return to_native(mapping[key]).strip() + + class TimedOutException(Exception): pass @@ -84,31 +88,26 @@ class ActionModule(ActionBase): def get_distribution(self, task_vars): # FIXME: only execute the module if we don't already have the facts we need distribution = {} - display.debug('{action}: running setup module to get distribution'.format(action=self._task.action)) + display.debug(f'{self._task.action}: running setup module to get distribution') module_output = self._execute_module( task_vars=task_vars, module_name='ansible.legacy.setup', module_args={'gather_subset': 'min'}) try: if module_output.get('failed', False): - raise AnsibleError('Failed to determine system distribution. {0}, {1}'.format( - to_native(module_output['module_stdout']).strip(), - to_native(module_output['module_stderr']).strip())) + raise AnsibleError(f"Failed to determine system distribution. {fmt(module_output, 'module_stdout')}, {fmt(module_output, 'module_stderr')}") distribution['name'] = module_output['ansible_facts']['ansible_distribution'].lower() distribution['version'] = to_text( module_output['ansible_facts']['ansible_distribution_version'].split('.')[0]) distribution['family'] = to_text(module_output['ansible_facts']['ansible_os_family'].lower()) - display.debug("{action}: distribution: {dist}".format(action=self._task.action, dist=distribution)) + display.debug(f"{self._task.action}: distribution: {distribution}") return distribution except KeyError as ke: - raise AnsibleError('Failed to get distribution information. Missing "{0}" in output.'.format(ke.args[0])) + raise AnsibleError(f'Failed to get distribution information. Missing "{ke.args[0]}" in output.') def get_shutdown_command(self, task_vars, distribution): def find_command(command, find_search_paths): - display.debug('{action}: running find module looking in {paths} to get path for "{command}"'.format( - action=self._task.action, - command=command, - paths=find_search_paths)) + display.debug(f'{self._task.action}: running find module looking in {find_search_paths} to get path for "{command}"') find_result = self._execute_module( task_vars=task_vars, # prevent collection search by calling with ansible.legacy (still allows library/ override of find) @@ -130,42 +129,37 @@ class ActionModule(ActionBase): if is_string(search_paths): search_paths = [search_paths] - # Error if we didn't get a list - err_msg = "'search_paths' must be a string or flat list of strings, got {0}" try: incorrect_type = any(not is_string(x) for x in search_paths) if not isinstance(search_paths, list) or incorrect_type: raise TypeError except TypeError: - raise AnsibleError(err_msg.format(search_paths)) + # Error if we didn't get a list + err_msg = f"'search_paths' must be a string or flat list of strings, got {search_paths}" + raise AnsibleError(err_msg) full_path = find_command(shutdown_bin, search_paths) # find the path to the shutdown command if not full_path: # if we could not find the shutdown command - display.vvv('Unable to find command "{0}" in search paths: {1}, will attempt a shutdown using systemd ' - 'directly.'.format(shutdown_bin, search_paths)) # tell the user we will try with systemd + + # tell the user we will try with systemd + display.vvv(f'Unable to find command "{shutdown_bin}" in search paths: {search_paths}, will attempt a shutdown using systemd directly.') systemctl_search_paths = ['/bin', '/usr/bin'] full_path = find_command('systemctl', systemctl_search_paths) # find the path to the systemctl command if not full_path: # if we couldn't find systemctl raise AnsibleError( - 'Could not find command "{0}" in search paths: {1} or systemctl command in search paths: {2}, unable to shutdown.'. - format(shutdown_bin, search_paths, systemctl_search_paths)) # we give up here + f'Could not find command "{shutdown_bin}" in search paths: {search_paths} or systemctl' + f' command in search paths: {systemctl_search_paths}, unable to shutdown.') # we give up here else: - return "{0} poweroff".format(full_path[0]) # done, since we cannot use args with systemd shutdown + return f"{full_path[0]} poweroff" # done, since we cannot use args with systemd shutdown # systemd case taken care of, here we add args to the command args = self._get_value_from_facts('SHUTDOWN_COMMAND_ARGS', distribution, 'DEFAULT_SHUTDOWN_COMMAND_ARGS') # Convert seconds to minutes. If less that 60, set it to 0. delay_sec = self.delay shutdown_message = self._task.args.get('msg', self.DEFAULT_SHUTDOWN_MESSAGE) - return '{0} {1}'. \ - format( - full_path[0], - args.format( - delay_sec=delay_sec, - delay_min=delay_sec // 60, - message=shutdown_message - ) - ) + + af = args.format(delay_sec=delay_sec, delay_min=delay_sec // 60, message=shutdown_message) + return f'{full_path[0]} {af}' def perform_shutdown(self, task_vars, distribution): result = {} @@ -174,9 +168,8 @@ class ActionModule(ActionBase): self.cleanup(force=True) try: - display.vvv("{action}: shutting down server...".format(action=self._task.action)) - display.debug("{action}: shutting down server with command '{command}'". - format(action=self._task.action, command=shutdown_command_exec)) + display.vvv(f"{self._task.action}: shutting down server...") + display.debug(f"{self._task.action}: shutting down server with command '{shutdown_command_exec}'") if self._play_context.check_mode: shutdown_result['rc'] = 0 else: @@ -184,16 +177,13 @@ class ActionModule(ActionBase): except AnsibleConnectionFailure as e: # If the connection is closed too quickly due to the system being shutdown, carry on display.debug( - '{action}: AnsibleConnectionFailure caught and handled: {error}'.format(action=self._task.action, - error=to_text(e))) + f'{self._task.action}: AnsibleConnectionFailure caught and handled: {e}') shutdown_result['rc'] = 0 if shutdown_result['rc'] != 0: result['failed'] = True result['shutdown'] = False - result['msg'] = "Shutdown command failed. Error was {stdout}, {stderr}".format( - stdout=to_native(shutdown_result['stdout'].strip()), - stderr=to_native(shutdown_result['stderr'].strip())) + result['msg'] = f"Shutdown command failed. Error was {fmt(shutdown_result, 'stdout')}, {fmt(shutdown_result, 'stderr')}" return result result['failed'] = False @@ -206,7 +196,7 @@ class ActionModule(ActionBase): # If running with local connection, fail so we don't shutdown ourself if self._connection.transport == 'local' and (not self._play_context.check_mode): - msg = 'Running {0} with local connection would shutdown the control node.'.format(self._task.action) + msg = f'Running {self._task.action} with local connection would shutdown the control node.' return {'changed': False, 'elapsed': 0, 'shutdown': False, 'failed': True, 'msg': msg} if task_vars is None: diff --git a/plugins/become/doas.py b/plugins/become/doas.py index 69e730aad4..9011fa69e9 100644 --- a/plugins/become/doas.py +++ b/plugins/become/doas.py @@ -5,80 +5,86 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: doas - short_description: Do As user +DOCUMENTATION = r""" +name: doas +short_description: Do As user +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(doas) utility. +author: Ansible Core Team +options: + become_user: + description: User you 'become' to execute the task. + type: string + ini: + - section: privilege_escalation + key: become_user + - section: doas_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_doas_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_DOAS_USER + become_exe: + description: C(doas) executable. + type: string + default: doas + ini: + - section: privilege_escalation + key: become_exe + - section: doas_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_doas_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_DOAS_EXE + become_flags: + description: Options to pass to C(doas). + type: string + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: doas_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_doas_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_DOAS_FLAGS + become_pass: + description: Password for C(doas) prompt. + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_doas_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_DOAS_PASS + ini: + - section: doas_become_plugin + key: password + prompt_l10n: description: - - This become plugins allows your remote/login user to execute commands as another user via the doas utility. - author: Ansible Core Team - options: - become_user: - description: User you 'become' to execute the task - ini: - - section: privilege_escalation - key: become_user - - section: doas_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_doas_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_DOAS_USER - become_exe: - description: Doas executable - default: doas - ini: - - section: privilege_escalation - key: become_exe - - section: doas_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_doas_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_DOAS_EXE - become_flags: - description: Options to pass to doas - default: '' - ini: - - section: privilege_escalation - key: become_flags - - section: doas_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_doas_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_DOAS_FLAGS - become_pass: - description: password for doas prompt - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_doas_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_DOAS_PASS - ini: - - section: doas_become_plugin - key: password - prompt_l10n: - description: - - List of localized strings to match for prompt detection - - If empty we'll use the built in one - default: [] - ini: - - section: doas_become_plugin - key: localized_prompts - vars: - - name: ansible_doas_prompt_l10n - env: - - name: ANSIBLE_DOAS_PROMPT_L10N -''' + - List of localized strings to match for prompt detection. + - If empty we will use the built in one. + type: list + elements: string + default: [] + ini: + - section: doas_become_plugin + key: localized_prompts + vars: + - name: ansible_doas_prompt_l10n + env: + - name: ANSIBLE_DOAS_PROMPT_L10N +""" import re @@ -119,9 +125,9 @@ class BecomeModule(BecomeBase): flags += ' -n' become_user = self.get_option('become_user') - user = '-u %s' % (become_user) if become_user else '' + user = f'-u {become_user}' if become_user else '' success_cmd = self._build_success_command(cmd, shell, noexe=True) executable = getattr(shell, 'executable', shell.SHELL_FAMILY) - return '%s %s %s %s -c %s' % (become_exe, flags, user, executable, success_cmd) + return f'{become_exe} {flags} {user} {executable} -c {success_cmd}' diff --git a/plugins/become/dzdo.py b/plugins/become/dzdo.py index a358e84e39..70e2e0d777 100644 --- a/plugins/become/dzdo.py +++ b/plugins/become/dzdo.py @@ -5,68 +5,72 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: dzdo - short_description: Centrify's Direct Authorize - description: - - This become plugins allows your remote/login user to execute commands as another user via the dzdo utility. - author: Ansible Core Team - options: - become_user: - description: User you 'become' to execute the task - ini: - - section: privilege_escalation - key: become_user - - section: dzdo_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_dzdo_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_DZDO_USER - become_exe: - description: Dzdo executable - default: dzdo - ini: - - section: privilege_escalation - key: become_exe - - section: dzdo_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_dzdo_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_DZDO_EXE - become_flags: - description: Options to pass to dzdo - default: -H -S -n - ini: - - section: privilege_escalation - key: become_flags - - section: dzdo_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_dzdo_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_DZDO_FLAGS - become_pass: - description: Options to pass to dzdo - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_dzdo_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_DZDO_PASS - ini: - - section: dzdo_become_plugin - key: password -''' +DOCUMENTATION = r""" +name: dzdo +short_description: Centrify's Direct Authorize +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(dzdo) utility. +author: Ansible Core Team +options: + become_user: + description: User you 'become' to execute the task. + type: string + ini: + - section: privilege_escalation + key: become_user + - section: dzdo_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_dzdo_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_DZDO_USER + become_exe: + description: C(dzdo) executable. + type: string + default: dzdo + ini: + - section: privilege_escalation + key: become_exe + - section: dzdo_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_dzdo_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_DZDO_EXE + become_flags: + description: Options to pass to C(dzdo). + type: string + default: -H -S -n + ini: + - section: privilege_escalation + key: become_flags + - section: dzdo_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_dzdo_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_DZDO_FLAGS + become_pass: + description: Options to pass to C(dzdo). + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_dzdo_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_DZDO_PASS + ini: + - section: dzdo_become_plugin + key: password +""" from ansible.plugins.become import BecomeBase @@ -88,10 +92,10 @@ class BecomeModule(BecomeBase): flags = self.get_option('become_flags') if self.get_option('become_pass'): - self.prompt = '[dzdo via ansible, key=%s] password:' % self._id - flags = '%s -p "%s"' % (flags.replace('-n', ''), self.prompt) + self.prompt = f'[dzdo via ansible, key={self._id}] password:' + flags = f"{flags.replace('-n', '')} -p \"{self.prompt}\"" become_user = self.get_option('become_user') - user = '-u %s' % (become_user) if become_user else '' + user = f'-u {become_user}' if become_user else '' - return ' '.join([becomecmd, flags, user, self._build_success_command(cmd, shell)]) + return f"{becomecmd} {flags} {user} {self._build_success_command(cmd, shell)}" diff --git a/plugins/become/ksu.py b/plugins/become/ksu.py index fa2f66864a..88a29e7362 100644 --- a/plugins/become/ksu.py +++ b/plugins/become/ksu.py @@ -5,81 +5,87 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: ksu - short_description: Kerberos substitute user +DOCUMENTATION = r""" +name: ksu +short_description: Kerberos substitute user +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(ksu) utility. +author: Ansible Core Team +options: + become_user: + description: User you 'become' to execute the task. + type: string + ini: + - section: privilege_escalation + key: become_user + - section: ksu_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_ksu_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_KSU_USER + required: true + become_exe: + description: C(ksu) executable. + type: string + default: ksu + ini: + - section: privilege_escalation + key: become_exe + - section: ksu_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_ksu_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_KSU_EXE + become_flags: + description: Options to pass to C(ksu). + type: string + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: ksu_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_ksu_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_KSU_FLAGS + become_pass: + description: C(ksu) password. + type: string + required: false + vars: + - name: ansible_ksu_pass + - name: ansible_become_pass + - name: ansible_become_password + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_KSU_PASS + ini: + - section: ksu_become_plugin + key: password + prompt_l10n: description: - - This become plugins allows your remote/login user to execute commands as another user via the ksu utility. - author: Ansible Core Team - options: - become_user: - description: User you 'become' to execute the task - ini: - - section: privilege_escalation - key: become_user - - section: ksu_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_ksu_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_KSU_USER - required: true - become_exe: - description: Su executable - default: ksu - ini: - - section: privilege_escalation - key: become_exe - - section: ksu_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_ksu_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_KSU_EXE - become_flags: - description: Options to pass to ksu - default: '' - ini: - - section: privilege_escalation - key: become_flags - - section: ksu_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_ksu_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_KSU_FLAGS - become_pass: - description: ksu password - required: false - vars: - - name: ansible_ksu_pass - - name: ansible_become_pass - - name: ansible_become_password - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_KSU_PASS - ini: - - section: ksu_become_plugin - key: password - prompt_l10n: - description: - - List of localized strings to match for prompt detection - - If empty we'll use the built in one - default: [] - ini: - - section: ksu_become_plugin - key: localized_prompts - vars: - - name: ansible_ksu_prompt_l10n - env: - - name: ANSIBLE_KSU_PROMPT_L10N -''' + - List of localized strings to match for prompt detection. + - If empty we will use the built in one. + type: list + elements: string + default: [] + ini: + - section: ksu_become_plugin + key: localized_prompts + vars: + - name: ansible_ksu_prompt_l10n + env: + - name: ANSIBLE_KSU_PROMPT_L10N +""" import re @@ -118,4 +124,4 @@ class BecomeModule(BecomeBase): flags = self.get_option('become_flags') user = self.get_option('become_user') - return '%s %s %s -e %s ' % (exe, user, flags, self._build_success_command(cmd, shell)) + return f'{exe} {user} {flags} -e {self._build_success_command(cmd, shell)} ' diff --git a/plugins/become/machinectl.py b/plugins/become/machinectl.py index 9b9ac7ec51..1dd80bc80f 100644 --- a/plugins/become/machinectl.py +++ b/plugins/become/machinectl.py @@ -5,86 +5,90 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: machinectl - short_description: Systemd's machinectl privilege escalation - description: - - This become plugins allows your remote/login user to execute commands as another user via the machinectl utility. - author: Ansible Core Team - options: - become_user: - description: User you 'become' to execute the task - default: '' - ini: - - section: privilege_escalation - key: become_user - - section: machinectl_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_machinectl_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_MACHINECTL_USER - become_exe: - description: Machinectl executable - default: machinectl - ini: - - section: privilege_escalation - key: become_exe - - section: machinectl_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_machinectl_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_MACHINECTL_EXE - become_flags: - description: Options to pass to machinectl - default: '' - ini: - - section: privilege_escalation - key: become_flags - - section: machinectl_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_machinectl_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_MACHINECTL_FLAGS - become_pass: - description: Password for machinectl - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_machinectl_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_MACHINECTL_PASS - ini: - - section: machinectl_become_plugin - key: password - notes: - - When not using this plugin with user V(root), it only works correctly with a polkit rule which will alter - the behaviour of machinectl. This rule must alter the prompt behaviour to ask directly for the user credentials, - if the user is allowed to perform the action (take a look at the examples section). - If such a rule is not present the plugin only work if it is used in context with the root user, - because then no further prompt will be shown by machinectl. -''' +DOCUMENTATION = r""" +name: machinectl +short_description: Systemd's machinectl privilege escalation +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(machinectl) utility. +author: Ansible Core Team +options: + become_user: + description: User you 'become' to execute the task. + type: string + default: '' + ini: + - section: privilege_escalation + key: become_user + - section: machinectl_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_machinectl_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_MACHINECTL_USER + become_exe: + description: C(machinectl) executable. + type: string + default: machinectl + ini: + - section: privilege_escalation + key: become_exe + - section: machinectl_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_machinectl_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_MACHINECTL_EXE + become_flags: + description: Options to pass to C(machinectl). + type: string + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: machinectl_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_machinectl_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_MACHINECTL_FLAGS + become_pass: + description: Password for C(machinectl). + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_machinectl_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_MACHINECTL_PASS + ini: + - section: machinectl_become_plugin + key: password +notes: + - When not using this plugin with user V(root), it only works correctly with a polkit rule which will alter the behaviour + of machinectl. This rule must alter the prompt behaviour to ask directly for the user credentials, if the user is allowed + to perform the action (take a look at the examples section). If such a rule is not present the plugin only work if it + is used in context with the root user, because then no further prompt will be shown by machinectl. +""" -EXAMPLES = r''' +EXAMPLES = r""" # A polkit rule needed to use the module with a non-root user. # See the Notes section for details. -60-machinectl-fast-user-auth.rules: | - polkit.addRule(function(action, subject) { - if(action.id == "org.freedesktop.machine1.host-shell" && subject.isInGroup("wheel")) { - return polkit.Result.AUTH_SELF_KEEP; - } - }); -''' +/etc/polkit-1/rules.d/60-machinectl-fast-user-auth.rules: |- + polkit.addRule(function(action, subject) { + if(action.id == "org.freedesktop.machine1.host-shell" && + subject.isInGroup("wheel")) { + return polkit.Result.AUTH_SELF_KEEP; + } + }); +""" from re import compile as re_compile @@ -118,7 +122,7 @@ class BecomeModule(BecomeBase): flags = self.get_option('become_flags') user = self.get_option('become_user') - return '%s -q shell %s %s@ %s' % (become, flags, user, self._build_success_command(cmd, shell)) + return f'{become} -q shell {flags} {user}@ {self._build_success_command(cmd, shell)}' def check_success(self, b_output): b_output = self.remove_ansi_codes(b_output) diff --git a/plugins/become/pbrun.py b/plugins/become/pbrun.py index 7d1437191e..56f3b2c315 100644 --- a/plugins/become/pbrun.py +++ b/plugins/become/pbrun.py @@ -5,80 +5,84 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: pbrun - short_description: PowerBroker run - description: - - This become plugins allows your remote/login user to execute commands as another user via the pbrun utility. - author: Ansible Core Team - options: - become_user: - description: User you 'become' to execute the task - default: '' - ini: - - section: privilege_escalation - key: become_user - - section: pbrun_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_pbrun_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_PBRUN_USER - become_exe: - description: Sudo executable - default: pbrun - ini: - - section: privilege_escalation - key: become_exe - - section: pbrun_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_pbrun_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_PBRUN_EXE - become_flags: - description: Options to pass to pbrun - default: '' - ini: - - section: privilege_escalation - key: become_flags - - section: pbrun_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_pbrun_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_PBRUN_FLAGS - become_pass: - description: Password for pbrun - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_pbrun_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_PBRUN_PASS - ini: - - section: pbrun_become_plugin - key: password - wrap_exe: - description: Toggle to wrap the command pbrun calls in 'shell -c' or not - default: false - type: bool - ini: - - section: pbrun_become_plugin - key: wrap_execution - vars: - - name: ansible_pbrun_wrap_execution - env: - - name: ANSIBLE_PBRUN_WRAP_EXECUTION -''' +DOCUMENTATION = r""" +name: pbrun +short_description: PowerBroker run +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(pbrun) utility. +author: Ansible Core Team +options: + become_user: + description: User you 'become' to execute the task. + type: string + default: '' + ini: + - section: privilege_escalation + key: become_user + - section: pbrun_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_pbrun_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_PBRUN_USER + become_exe: + description: C(pbrun) executable. + type: string + default: pbrun + ini: + - section: privilege_escalation + key: become_exe + - section: pbrun_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_pbrun_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_PBRUN_EXE + become_flags: + description: Options to pass to C(pbrun). + type: string + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: pbrun_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_pbrun_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_PBRUN_FLAGS + become_pass: + description: Password for C(pbrun). + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_pbrun_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_PBRUN_PASS + ini: + - section: pbrun_become_plugin + key: password + wrap_exe: + description: Toggle to wrap the command C(pbrun) calls in C(shell -c) or not. + default: false + type: bool + ini: + - section: pbrun_become_plugin + key: wrap_execution + vars: + - name: ansible_pbrun_wrap_execution + env: + - name: ANSIBLE_PBRUN_WRAP_EXECUTION +""" from ansible.plugins.become import BecomeBase @@ -99,7 +103,7 @@ class BecomeModule(BecomeBase): flags = self.get_option('become_flags') become_user = self.get_option('become_user') - user = '-u %s' % (become_user) if become_user else '' + user = f'-u {become_user}' if become_user else '' noexe = not self.get_option('wrap_exe') - return ' '.join([become_exe, flags, user, self._build_success_command(cmd, shell, noexe=noexe)]) + return f"{become_exe} {flags} {user} {self._build_success_command(cmd, shell, noexe=noexe)}" diff --git a/plugins/become/pfexec.py b/plugins/become/pfexec.py index 2468a28a94..b23509281c 100644 --- a/plugins/become/pfexec.py +++ b/plugins/become/pfexec.py @@ -5,85 +5,89 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: pfexec - short_description: profile based execution +DOCUMENTATION = r""" +name: pfexec +short_description: profile based execution +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(pfexec) utility. +author: Ansible Core Team +options: + become_user: description: - - This become plugins allows your remote/login user to execute commands as another user via the pfexec utility. - author: Ansible Core Team - options: - become_user: - description: - - User you 'become' to execute the task - - This plugin ignores this setting as pfexec uses it's own C(exec_attr) to figure this out, - but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions. - default: root - ini: - - section: privilege_escalation - key: become_user - - section: pfexec_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_pfexec_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_PFEXEC_USER - become_exe: - description: Sudo executable - default: pfexec - ini: - - section: privilege_escalation - key: become_exe - - section: pfexec_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_pfexec_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_PFEXEC_EXE - become_flags: - description: Options to pass to pfexec - default: -H -S -n - ini: - - section: privilege_escalation - key: become_flags - - section: pfexec_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_pfexec_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_PFEXEC_FLAGS - become_pass: - description: pfexec password - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_pfexec_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_PFEXEC_PASS - ini: - - section: pfexec_become_plugin - key: password - wrap_exe: - description: Toggle to wrap the command pfexec calls in 'shell -c' or not - default: false - type: bool - ini: - - section: pfexec_become_plugin - key: wrap_execution - vars: - - name: ansible_pfexec_wrap_execution - env: - - name: ANSIBLE_PFEXEC_WRAP_EXECUTION - notes: - - This plugin ignores O(become_user) as pfexec uses it's own C(exec_attr) to figure this out. -''' + - User you 'become' to execute the task. + - This plugin ignores this setting as pfexec uses its own C(exec_attr) to figure this out, but it is supplied here for + Ansible to make decisions needed for the task execution, like file permissions. + type: string + default: root + ini: + - section: privilege_escalation + key: become_user + - section: pfexec_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_pfexec_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_PFEXEC_USER + become_exe: + description: C(pfexec) executable. + type: string + default: pfexec + ini: + - section: privilege_escalation + key: become_exe + - section: pfexec_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_pfexec_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_PFEXEC_EXE + become_flags: + description: Options to pass to C(pfexec). + type: string + default: -H -S -n + ini: + - section: privilege_escalation + key: become_flags + - section: pfexec_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_pfexec_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_PFEXEC_FLAGS + become_pass: + description: C(pfexec) password. + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_pfexec_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_PFEXEC_PASS + ini: + - section: pfexec_become_plugin + key: password + wrap_exe: + description: Toggle to wrap the command C(pfexec) calls in C(shell -c) or not. + default: false + type: bool + ini: + - section: pfexec_become_plugin + key: wrap_execution + vars: + - name: ansible_pfexec_wrap_execution + env: + - name: ANSIBLE_PFEXEC_WRAP_EXECUTION +notes: + - This plugin ignores O(become_user) as pfexec uses its own C(exec_attr) to figure this out. +""" from ansible.plugins.become import BecomeBase @@ -102,4 +106,4 @@ class BecomeModule(BecomeBase): flags = self.get_option('become_flags') noexe = not self.get_option('wrap_exe') - return '%s %s %s' % (exe, flags, self._build_success_command(cmd, shell, noexe=noexe)) + return f'{exe} {flags} {self._build_success_command(cmd, shell, noexe=noexe)}' diff --git a/plugins/become/pmrun.py b/plugins/become/pmrun.py index 74b633f09a..64820ecde5 100644 --- a/plugins/become/pmrun.py +++ b/plugins/become/pmrun.py @@ -5,57 +5,60 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: pmrun - short_description: Privilege Manager run - description: - - This become plugins allows your remote/login user to execute commands as another user via the pmrun utility. - author: Ansible Core Team - options: - become_exe: - description: Sudo executable - default: pmrun - ini: - - section: privilege_escalation - key: become_exe - - section: pmrun_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_pmrun_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_PMRUN_EXE - become_flags: - description: Options to pass to pmrun - default: '' - ini: - - section: privilege_escalation - key: become_flags - - section: pmrun_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_pmrun_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_PMRUN_FLAGS - become_pass: - description: pmrun password - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_pmrun_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_PMRUN_PASS - ini: - - section: pmrun_become_plugin - key: password - notes: - - This plugin ignores the become_user supplied and uses pmrun's own configuration to select the user. -''' +DOCUMENTATION = r""" +name: pmrun +short_description: Privilege Manager run +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(pmrun) utility. +author: Ansible Core Team +options: + become_exe: + description: C(pmrun) executable. + type: string + default: pmrun + ini: + - section: privilege_escalation + key: become_exe + - section: pmrun_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_pmrun_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_PMRUN_EXE + become_flags: + description: Options to pass to C(pmrun). + type: string + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: pmrun_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_pmrun_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_PMRUN_FLAGS + become_pass: + description: C(pmrun) password. + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_pmrun_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_PMRUN_PASS + ini: + - section: pmrun_become_plugin + key: password +notes: + - This plugin ignores the C(become_user) supplied and uses C(pmrun)'s own configuration to select the user. +""" from ansible.plugins.become import BecomeBase from ansible.module_utils.six.moves import shlex_quote @@ -75,4 +78,4 @@ class BecomeModule(BecomeBase): become = self.get_option('become_exe') flags = self.get_option('become_flags') - return '%s %s %s' % (become, flags, shlex_quote(self._build_success_command(cmd, shell))) + return f'{become} {flags} {shlex_quote(self._build_success_command(cmd, shell))}' diff --git a/plugins/become/run0.py b/plugins/become/run0.py new file mode 100644 index 0000000000..0c0d6bfffb --- /dev/null +++ b/plugins/become/run0.py @@ -0,0 +1,128 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +name: run0 +short_description: Systemd's run0 +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(run0) utility. +author: + - Thomas Sjögren (@konstruktoid) +version_added: '9.0.0' +options: + become_user: + description: User you 'become' to execute the task. + default: root + ini: + - section: privilege_escalation + key: become_user + - section: run0_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_run0_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_RUN0_USER + type: string + become_exe: + description: C(run0) executable. + default: run0 + ini: + - section: privilege_escalation + key: become_exe + - section: run0_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_run0_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_RUN0_EXE + type: string + become_flags: + description: Options to pass to C(run0). + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: run0_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_run0_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_RUN0_FLAGS + type: string +notes: + - This plugin will only work when a C(polkit) rule is in place. +""" + +EXAMPLES = r""" +# An example polkit rule that allows the user 'ansible' in the 'wheel' group +# to execute commands using run0 without authentication. +/etc/polkit-1/rules.d/60-run0-fast-user-auth.rules: |- + polkit.addRule(function(action, subject) { + if(action.id == "org.freedesktop.systemd1.manage-units" && + subject.isInGroup("wheel") && + subject.user == "ansible") { + return polkit.Result.YES; + } + }); +""" + +from re import compile as re_compile + +from ansible.plugins.become import BecomeBase +from ansible.module_utils._text import to_bytes + +ansi_color_codes = re_compile(to_bytes(r"\x1B\[[0-9;]+m")) + + +class BecomeModule(BecomeBase): + + name = "community.general.run0" + + prompt = "Password: " + fail = ("==== AUTHENTICATION FAILED ====",) + success = ("==== AUTHENTICATION COMPLETE ====",) + require_tty = ( + True # see https://github.com/ansible-collections/community.general/issues/6932 + ) + + @staticmethod + def remove_ansi_codes(line): + return ansi_color_codes.sub(b"", line) + + def build_become_command(self, cmd, shell): + super().build_become_command(cmd, shell) + + if not cmd: + return cmd + + become = self.get_option("become_exe") + flags = self.get_option("become_flags") + user = self.get_option("become_user") + + return ( + f"{become} --user={user} {flags} {self._build_success_command(cmd, shell)}" + ) + + def check_success(self, b_output): + b_output = self.remove_ansi_codes(b_output) + return super().check_success(b_output) + + def check_incorrect_password(self, b_output): + b_output = self.remove_ansi_codes(b_output) + return super().check_incorrect_password(b_output) + + def check_missing_password(self, b_output): + b_output = self.remove_ansi_codes(b_output) + return super().check_missing_password(b_output) diff --git a/plugins/become/sesu.py b/plugins/become/sesu.py index 5958c1bfca..6fe64e41f8 100644 --- a/plugins/become/sesu.py +++ b/plugins/become/sesu.py @@ -5,69 +5,73 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: sesu - short_description: CA Privileged Access Manager - description: - - This become plugins allows your remote/login user to execute commands as another user via the sesu utility. - author: ansible (@nekonyuu) - options: - become_user: - description: User you 'become' to execute the task - default: '' - ini: - - section: privilege_escalation - key: become_user - - section: sesu_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_sesu_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_SESU_USER - become_exe: - description: sesu executable - default: sesu - ini: - - section: privilege_escalation - key: become_exe - - section: sesu_become_plugin - key: executable - vars: - - name: ansible_become_exe - - name: ansible_sesu_exe - env: - - name: ANSIBLE_BECOME_EXE - - name: ANSIBLE_SESU_EXE - become_flags: - description: Options to pass to sesu - default: -H -S -n - ini: - - section: privilege_escalation - key: become_flags - - section: sesu_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_sesu_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_SESU_FLAGS - become_pass: - description: Password to pass to sesu - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_sesu_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_SESU_PASS - ini: - - section: sesu_become_plugin - key: password -''' +DOCUMENTATION = r""" +name: sesu +short_description: CA Privileged Access Manager +description: + - This become plugins allows your remote/login user to execute commands as another user using the C(sesu) utility. +author: ansible (@nekonyuu) +options: + become_user: + description: User you 'become' to execute the task. + type: string + default: '' + ini: + - section: privilege_escalation + key: become_user + - section: sesu_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_sesu_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_SESU_USER + become_exe: + description: C(sesu) executable. + type: string + default: sesu + ini: + - section: privilege_escalation + key: become_exe + - section: sesu_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_sesu_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_SESU_EXE + become_flags: + description: Options to pass to C(sesu). + type: string + default: -H -S -n + ini: + - section: privilege_escalation + key: become_flags + - section: sesu_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_sesu_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_SESU_FLAGS + become_pass: + description: Password to pass to C(sesu). + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_sesu_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_SESU_PASS + ini: + - section: sesu_become_plugin + key: password +""" from ansible.plugins.become import BecomeBase @@ -89,4 +93,4 @@ class BecomeModule(BecomeBase): flags = self.get_option('become_flags') user = self.get_option('become_user') - return '%s %s %s -c %s' % (become, flags, user, self._build_success_command(cmd, shell)) + return f'{become} {flags} {user} -c {self._build_success_command(cmd, shell)}' diff --git a/plugins/become/sudosu.py b/plugins/become/sudosu.py index 60bb2aa517..fe85c9ee91 100644 --- a/plugins/become/sudosu.py +++ b/plugins/become/sudosu.py @@ -5,56 +5,75 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = """ - name: sudosu - short_description: Run tasks using sudo su - +DOCUMENTATION = r""" +name: sudosu +short_description: Run tasks using sudo su - +description: + - This become plugin allows your remote/login user to execute commands as another user using the C(sudo) and C(su) utilities + combined. +author: + - Dag Wieers (@dagwieers) +version_added: 2.4.0 +options: + become_user: + description: User you 'become' to execute the task. + type: string + default: root + ini: + - section: privilege_escalation + key: become_user + - section: sudo_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_sudo_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_SUDO_USER + become_flags: + description: Options to pass to C(sudo). + type: string + default: -H -S -n + ini: + - section: privilege_escalation + key: become_flags + - section: sudo_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_sudo_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_SUDO_FLAGS + become_pass: + description: Password to pass to C(sudo). + type: string + required: false + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_sudo_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_SUDO_PASS + ini: + - section: sudo_become_plugin + key: password + alt_method: description: - - This become plugin allows your remote/login user to execute commands as another user via the C(sudo) and C(su) utilities combined. - author: - - Dag Wieers (@dagwieers) - version_added: 2.4.0 - options: - become_user: - description: User you 'become' to execute the task. - default: root - ini: - - section: privilege_escalation - key: become_user - - section: sudo_become_plugin - key: user - vars: - - name: ansible_become_user - - name: ansible_sudo_user - env: - - name: ANSIBLE_BECOME_USER - - name: ANSIBLE_SUDO_USER - become_flags: - description: Options to pass to C(sudo). - default: -H -S -n - ini: - - section: privilege_escalation - key: become_flags - - section: sudo_become_plugin - key: flags - vars: - - name: ansible_become_flags - - name: ansible_sudo_flags - env: - - name: ANSIBLE_BECOME_FLAGS - - name: ANSIBLE_SUDO_FLAGS - become_pass: - description: Password to pass to C(sudo). - required: false - vars: - - name: ansible_become_password - - name: ansible_become_pass - - name: ansible_sudo_pass - env: - - name: ANSIBLE_BECOME_PASS - - name: ANSIBLE_SUDO_PASS - ini: - - section: sudo_become_plugin - key: password + - Whether to use an alternative method to call C(su). Instead of running C(su -l user /path/to/shell -c command), it + runs C(su -l user -c command). + - Use this when the default one is not working on your system. + required: false + type: boolean + ini: + - section: community.general.sudosu + key: alternative_method + vars: + - name: ansible_sudosu_alt_method + env: + - name: ANSIBLE_SUDOSU_ALT_METHOD + version_added: 9.2.0 """ @@ -80,13 +99,16 @@ class BecomeModule(BecomeBase): flags = self.get_option('become_flags') or '' prompt = '' if self.get_option('become_pass'): - self.prompt = '[sudo via ansible, key=%s] password:' % self._id + self.prompt = f'[sudo via ansible, key={self._id}] password:' if flags: # this could be simplified, but kept as is for now for backwards string matching flags = flags.replace('-n', '') - prompt = '-p "%s"' % (self.prompt) + prompt = f'-p "{self.prompt}"' user = self.get_option('become_user') or '' if user: - user = '%s' % (user) + user = f'{user}' - return ' '.join([becomecmd, flags, prompt, 'su -l', user, self._build_success_command(cmd, shell)]) + if self.get_option('alt_method'): + return f"{becomecmd} {flags} {prompt} su -l {user} -c {self._build_success_command(cmd, shell, True)}" + else: + return f"{becomecmd} {flags} {prompt} su -l {user} {self._build_success_command(cmd, shell)}" diff --git a/plugins/cache/memcached.py b/plugins/cache/memcached.py index 0bc5256b3f..94cc7058d8 100644 --- a/plugins/cache/memcached.py +++ b/plugins/cache/memcached.py @@ -7,44 +7,46 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: memcached - short_description: Use memcached DB for cache +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: memcached +short_description: Use memcached DB for cache +description: + - This cache uses JSON formatted, per host records saved in memcached. +requirements: + - memcache (python lib) +options: + _uri: description: - - This cache uses JSON formatted, per host records saved in memcached. - requirements: - - memcache (python lib) - options: - _uri: - description: - - List of connection information for the memcached DBs - default: ['127.0.0.1:11211'] - type: list - elements: string - env: - - name: ANSIBLE_CACHE_PLUGIN_CONNECTION - ini: - - key: fact_caching_connection - section: defaults - _prefix: - description: User defined prefix to use when creating the DB entries - default: ansible_facts - env: - - name: ANSIBLE_CACHE_PLUGIN_PREFIX - ini: - - key: fact_caching_prefix - section: defaults - _timeout: - default: 86400 - description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire - env: - - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT - ini: - - key: fact_caching_timeout - section: defaults - type: integer -''' + - List of connection information for the memcached DBs. + default: ['127.0.0.1:11211'] + type: list + elements: string + env: + - name: ANSIBLE_CACHE_PLUGIN_CONNECTION + ini: + - key: fact_caching_connection + section: defaults + _prefix: + description: User defined prefix to use when creating the DB entries. + type: string + default: ansible_facts + env: + - name: ANSIBLE_CACHE_PLUGIN_PREFIX + ini: + - key: fact_caching_prefix + section: defaults + _timeout: + default: 86400 + type: integer + # TODO: determine whether it is OK to change to: type: float + description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire. + env: + - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT + ini: + - key: fact_caching_timeout + section: defaults +""" import collections import os @@ -189,7 +191,7 @@ class CacheModule(BaseCacheModule): self._keys = CacheModuleKeys(self._db, self._db.get(CacheModuleKeys.PREFIX) or []) def _make_key(self, key): - return "{0}{1}".format(self._prefix, key) + return f"{self._prefix}{key}" def _expire_keys(self): if self._timeout > 0: diff --git a/plugins/cache/pickle.py b/plugins/cache/pickle.py index 06b673921e..60b1ea74e0 100644 --- a/plugins/cache/pickle.py +++ b/plugins/cache/pickle.py @@ -8,38 +8,41 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: pickle - short_description: Pickle formatted files. +DOCUMENTATION = r""" +name: pickle +short_description: Pickle formatted files +description: + - This cache uses Python's pickle serialization format, in per host files, saved to the filesystem. +author: Brian Coca (@bcoca) +options: + _uri: + required: true description: - - This cache uses Python's pickle serialization format, in per host files, saved to the filesystem. - author: Brian Coca (@bcoca) - options: - _uri: - required: true - description: - - Path in which the cache plugin will save the files - env: - - name: ANSIBLE_CACHE_PLUGIN_CONNECTION - ini: - - key: fact_caching_connection - section: defaults - _prefix: - description: User defined prefix to use when creating the files - env: - - name: ANSIBLE_CACHE_PLUGIN_PREFIX - ini: - - key: fact_caching_prefix - section: defaults - _timeout: - default: 86400 - description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire - env: - - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT - ini: - - key: fact_caching_timeout - section: defaults -''' + - Path in which the cache plugin will save the files. + env: + - name: ANSIBLE_CACHE_PLUGIN_CONNECTION + ini: + - key: fact_caching_connection + section: defaults + type: path + _prefix: + description: User defined prefix to use when creating the files. + env: + - name: ANSIBLE_CACHE_PLUGIN_PREFIX + ini: + - key: fact_caching_prefix + section: defaults + type: string + _timeout: + default: 86400 + description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire. + env: + - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT + ini: + - key: fact_caching_timeout + section: defaults + type: float +""" try: import cPickle as pickle diff --git a/plugins/cache/redis.py b/plugins/cache/redis.py index c43b1dbb5e..30d5364032 100644 --- a/plugins/cache/redis.py +++ b/plugins/cache/redis.py @@ -6,69 +6,73 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: redis - short_description: Use Redis DB for cache +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: redis +short_description: Use Redis DB for cache +description: + - This cache uses JSON formatted, per host records saved in Redis. +requirements: + - redis>=2.4.5 (python lib) +options: + _uri: description: - - This cache uses JSON formatted, per host records saved in Redis. - requirements: - - redis>=2.4.5 (python lib) - options: - _uri: - description: - - A colon separated string of connection information for Redis. - - The format is V(host:port:db:password), for example V(localhost:6379:0:changeme). - - To use encryption in transit, prefix the connection with V(tls://), as in V(tls://localhost:6379:0:changeme). - - To use redis sentinel, use separator V(;), for example V(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0. - required: true - env: - - name: ANSIBLE_CACHE_PLUGIN_CONNECTION - ini: - - key: fact_caching_connection - section: defaults - _prefix: - description: User defined prefix to use when creating the DB entries - default: ansible_facts - env: - - name: ANSIBLE_CACHE_PLUGIN_PREFIX - ini: - - key: fact_caching_prefix - section: defaults - _keyset_name: - description: User defined name for cache keyset name. - default: ansible_cache_keys - env: - - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME - ini: - - key: fact_caching_redis_keyset_name - section: defaults - version_added: 1.3.0 - _sentinel_service_name: - description: The redis sentinel service name (or referenced as cluster name). - env: - - name: ANSIBLE_CACHE_REDIS_SENTINEL - ini: - - key: fact_caching_redis_sentinel - section: defaults - version_added: 1.3.0 - _timeout: - default: 86400 - description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire - env: - - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT - ini: - - key: fact_caching_timeout - section: defaults - type: integer -''' + - A colon separated string of connection information for Redis. + - The format is V(host:port:db:password), for example V(localhost:6379:0:changeme). + - To use encryption in transit, prefix the connection with V(tls://), as in V(tls://localhost:6379:0:changeme). + - To use redis sentinel, use separator V(;), for example V(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0. + type: string + required: true + env: + - name: ANSIBLE_CACHE_PLUGIN_CONNECTION + ini: + - key: fact_caching_connection + section: defaults + _prefix: + description: User defined prefix to use when creating the DB entries. + type: string + default: ansible_facts + env: + - name: ANSIBLE_CACHE_PLUGIN_PREFIX + ini: + - key: fact_caching_prefix + section: defaults + _keyset_name: + description: User defined name for cache keyset name. + type: string + default: ansible_cache_keys + env: + - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME + ini: + - key: fact_caching_redis_keyset_name + section: defaults + version_added: 1.3.0 + _sentinel_service_name: + description: The redis sentinel service name (or referenced as cluster name). + type: string + env: + - name: ANSIBLE_CACHE_REDIS_SENTINEL + ini: + - key: fact_caching_redis_sentinel + section: defaults + version_added: 1.3.0 + _timeout: + default: 86400 + type: integer + # TODO: determine whether it is OK to change to: type: float + description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire. + env: + - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT + ini: + - key: fact_caching_timeout + section: defaults +""" import re import time import json from ansible.errors import AnsibleError -from ansible.module_utils.common.text.converters import to_native from ansible.parsing.ajson import AnsibleJSONEncoder, AnsibleJSONDecoder from ansible.plugins.cache import BaseCacheModule from ansible.utils.display import Display @@ -126,7 +130,7 @@ class CacheModule(BaseCacheModule): connection = self._parse_connection(self.re_url_conn, uri) self._db = StrictRedis(*connection, **kw) - display.vv('Redis connection: %s' % self._db) + display.vv(f'Redis connection: {self._db}') @staticmethod def _parse_connection(re_patt, uri): @@ -159,12 +163,12 @@ class CacheModule(BaseCacheModule): pass # password is optional sentinels = [self._parse_connection(self.re_sent_conn, shost) for shost in connections] - display.vv('\nUsing redis sentinels: %s' % sentinels) + display.vv(f'\nUsing redis sentinels: {sentinels}') scon = Sentinel(sentinels, **kw) try: return scon.master_for(self._sentinel_service_name, socket_timeout=0.2) except Exception as exc: - raise AnsibleError('Could not connect to redis sentinel: %s' % to_native(exc)) + raise AnsibleError(f'Could not connect to redis sentinel: {exc}') def _make_key(self, key): return self._prefix + key @@ -222,7 +226,7 @@ class CacheModule(BaseCacheModule): def copy(self): # TODO: there is probably a better way to do this in redis - ret = dict([(k, self.get(k)) for k in self.keys()]) + ret = {k: self.get(k) for k in self.keys()} return ret def __getstate__(self): diff --git a/plugins/cache/yaml.py b/plugins/cache/yaml.py index 3a5ddf3e6f..88cdad2acb 100644 --- a/plugins/cache/yaml.py +++ b/plugins/cache/yaml.py @@ -8,39 +8,42 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: yaml - short_description: YAML formatted files. +DOCUMENTATION = r""" +name: yaml +short_description: YAML formatted files +description: + - This cache uses YAML formatted, per host, files saved to the filesystem. +author: Brian Coca (@bcoca) +options: + _uri: + required: true description: - - This cache uses YAML formatted, per host, files saved to the filesystem. - author: Brian Coca (@bcoca) - options: - _uri: - required: true - description: - - Path in which the cache plugin will save the files - env: - - name: ANSIBLE_CACHE_PLUGIN_CONNECTION - ini: - - key: fact_caching_connection - section: defaults - _prefix: - description: User defined prefix to use when creating the files - env: - - name: ANSIBLE_CACHE_PLUGIN_PREFIX - ini: - - key: fact_caching_prefix - section: defaults - _timeout: - default: 86400 - description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire - env: - - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT - ini: - - key: fact_caching_timeout - section: defaults - type: integer -''' + - Path in which the cache plugin will save the files. + env: + - name: ANSIBLE_CACHE_PLUGIN_CONNECTION + ini: + - key: fact_caching_connection + section: defaults + type: string + _prefix: + description: User defined prefix to use when creating the files. + env: + - name: ANSIBLE_CACHE_PLUGIN_PREFIX + ini: + - key: fact_caching_prefix + section: defaults + type: string + _timeout: + default: 86400 + description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire. + env: + - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT + ini: + - key: fact_caching_timeout + section: defaults + type: integer + # TODO: determine whether it is OK to change to: type: float +""" import codecs diff --git a/plugins/callback/cgroup_memory_recap.py b/plugins/callback/cgroup_memory_recap.py index d3961bf0c8..079d1ccd08 100644 --- a/plugins/callback/cgroup_memory_recap.py +++ b/plugins/callback/cgroup_memory_recap.py @@ -7,38 +7,41 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: cgroup_memory_recap - type: aggregate - requirements: - - whitelist in configuration - - cgroups - short_description: Profiles maximum memory usage of tasks and full execution using cgroups - description: - - This is an ansible callback plugin that profiles maximum memory usage of ansible and individual tasks, and displays a recap at the end using cgroups. - notes: - - Requires ansible to be run from within a cgroup, such as with C(cgexec -g memory:ansible_profile ansible-playbook ...). - - This cgroup should only be used by ansible to get accurate results. - - To create the cgroup, first use a command such as C(sudo cgcreate -a ec2-user:ec2-user -t ec2-user:ec2-user -g memory:ansible_profile). - options: - max_mem_file: - required: true - description: Path to cgroups C(memory.max_usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.max_usage_in_bytes). - env: - - name: CGROUP_MAX_MEM_FILE - ini: - - section: callback_cgroupmemrecap - key: max_mem_file - cur_mem_file: - required: true - description: Path to C(memory.usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.usage_in_bytes). - env: - - name: CGROUP_CUR_MEM_FILE - ini: - - section: callback_cgroupmemrecap - key: cur_mem_file -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: cgroup_memory_recap +type: aggregate +requirements: + - whitelist in configuration + - cgroups +short_description: Profiles maximum memory usage of tasks and full execution using cgroups +description: + - This is an Ansible callback plugin that profiles maximum memory usage of Ansible and individual tasks, and displays a + recap at the end using cgroups. +notes: + - Requires ansible to be run from within a C(cgroup), such as with C(cgexec -g memory:ansible_profile ansible-playbook ...). + - This C(cgroup) should only be used by Ansible to get accurate results. + - To create the C(cgroup), first use a command such as C(sudo cgcreate -a ec2-user:ec2-user -t ec2-user:ec2-user -g memory:ansible_profile). +options: + max_mem_file: + required: true + description: Path to cgroups C(memory.max_usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.max_usage_in_bytes). + type: str + env: + - name: CGROUP_MAX_MEM_FILE + ini: + - section: callback_cgroupmemrecap + key: max_mem_file + cur_mem_file: + required: true + description: Path to C(memory.usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.usage_in_bytes). + type: str + env: + - name: CGROUP_CUR_MEM_FILE + ini: + - section: callback_cgroupmemrecap + key: cur_mem_file +""" import time import threading @@ -112,7 +115,7 @@ class CallbackModule(CallbackBase): max_results = int(f.read().strip()) / 1024 / 1024 self._display.banner('CGROUP MEMORY RECAP') - self._display.display('Execution Maximum: %0.2fMB\n\n' % max_results) + self._display.display(f'Execution Maximum: {max_results:0.2f}MB\n\n') for task, memory in self.task_results: - self._display.display('%s (%s): %0.2fMB' % (task.get_name(), task._uuid, memory)) + self._display.display(f'{task.get_name()} ({task._uuid}): {memory:0.2f}MB') diff --git a/plugins/callback/context_demo.py b/plugins/callback/context_demo.py index b9558fc064..96acd2f947 100644 --- a/plugins/callback/context_demo.py +++ b/plugins/callback/context_demo.py @@ -7,17 +7,17 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: context_demo - type: aggregate - short_description: demo callback that adds play/task context - description: - - Displays some play and task context along with normal output. - - This is mostly for demo purposes. - requirements: - - whitelist in configuration -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: context_demo +type: aggregate +short_description: demo callback that adds play/task context +description: + - Displays some play and task context along with normal output. + - This is mostly for demo purposes. +requirements: + - whitelist in configuration +""" from ansible.plugins.callback import CallbackBase @@ -38,15 +38,15 @@ class CallbackModule(CallbackBase): self.play = None def v2_on_any(self, *args, **kwargs): - self._display.display("--- play: {0} task: {1} ---".format(getattr(self.play, 'name', None), self.task)) + self._display.display(f"--- play: {getattr(self.play, 'name', None)} task: {self.task} ---") self._display.display(" --- ARGS ") for i, a in enumerate(args): - self._display.display(' %s: %s' % (i, a)) + self._display.display(f' {i}: {a}') self._display.display(" --- KWARGS ") for k in kwargs: - self._display.display(' %s: %s' % (k, kwargs[k])) + self._display.display(f' {k}: {kwargs[k]}') def v2_playbook_on_play_start(self, play): self.play = play diff --git a/plugins/callback/counter_enabled.py b/plugins/callback/counter_enabled.py index 27adc97a6c..845a7823e0 100644 --- a/plugins/callback/counter_enabled.py +++ b/plugins/callback/counter_enabled.py @@ -9,20 +9,20 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: counter_enabled - type: stdout - short_description: adds counters to the output items (tasks and hosts/task) - description: - - Use this callback when you need a kind of progress bar on a large environments. - - You will know how many tasks has the playbook to run, and which one is actually running. - - You will know how many hosts may run a task, and which of them is actually running. - extends_documentation_fragment: - - default_callback - requirements: - - set as stdout callback in C(ansible.cfg) (C(stdout_callback = counter_enabled)) -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: counter_enabled +type: stdout +short_description: adds counters to the output items (tasks and hosts/task) +description: + - Use this callback when you need a kind of progress bar on a large environments. + - You will know how many tasks has the playbook to run, and which one is actually running. + - You will know how many hosts may run a task, and which of them is actually running. +extends_documentation_fragment: + - default_callback +requirements: + - set as stdout callback in C(ansible.cfg) (C(stdout_callback = counter_enabled)) +""" from ansible import constants as C from ansible.plugins.callback import CallbackBase @@ -71,7 +71,7 @@ class CallbackModule(CallbackBase): if not name: msg = u"play" else: - msg = u"PLAY [%s]" % name + msg = f"PLAY [{name}]" self._play = play @@ -91,25 +91,17 @@ class CallbackModule(CallbackBase): for host in hosts: stat = stats.summarize(host) - self._display.display(u"%s : %s %s %s %s %s %s" % ( - hostcolor(host, stat), - colorize(u'ok', stat['ok'], C.COLOR_OK), - colorize(u'changed', stat['changed'], C.COLOR_CHANGED), - colorize(u'unreachable', stat['unreachable'], C.COLOR_UNREACHABLE), - colorize(u'failed', stat['failures'], C.COLOR_ERROR), - colorize(u'rescued', stat['rescued'], C.COLOR_OK), - colorize(u'ignored', stat['ignored'], C.COLOR_WARN)), + self._display.display( + f"{hostcolor(host, stat)} : {colorize('ok', stat['ok'], C.COLOR_OK)} {colorize('changed', stat['changed'], C.COLOR_CHANGED)} " + f"{colorize('unreachable', stat['unreachable'], C.COLOR_UNREACHABLE)} {colorize('failed', stat['failures'], C.COLOR_ERROR)} " + f"{colorize('rescued', stat['rescued'], C.COLOR_OK)} {colorize('ignored', stat['ignored'], C.COLOR_WARN)}", screen_only=True ) - self._display.display(u"%s : %s %s %s %s %s %s" % ( - hostcolor(host, stat, False), - colorize(u'ok', stat['ok'], None), - colorize(u'changed', stat['changed'], None), - colorize(u'unreachable', stat['unreachable'], None), - colorize(u'failed', stat['failures'], None), - colorize(u'rescued', stat['rescued'], None), - colorize(u'ignored', stat['ignored'], None)), + self._display.display( + f"{hostcolor(host, stat, False)} : {colorize('ok', stat['ok'], None)} {colorize('changed', stat['changed'], None)} " + f"{colorize('unreachable', stat['unreachable'], None)} {colorize('failed', stat['failures'], None)} " + f"{colorize('rescued', stat['rescued'], None)} {colorize('ignored', stat['ignored'], None)}", log_only=True ) @@ -124,12 +116,14 @@ class CallbackModule(CallbackBase): for k in sorted(stats.custom.keys()): if k == '_run': continue - self._display.display('\t%s: %s' % (k, self._dump_results(stats.custom[k], indent=1).replace('\n', ''))) + _custom_stats = self._dump_results(stats.custom[k], indent=1).replace('\n', '') + self._display.display(f'\t{k}: {_custom_stats}') # print per run custom stats if '_run' in stats.custom: self._display.display("", screen_only=True) - self._display.display('\tRUN: %s' % self._dump_results(stats.custom['_run'], indent=1).replace('\n', '')) + _custom_stats_run = self._dump_results(stats.custom['_run'], indent=1).replace('\n', '') + self._display.display(f'\tRUN: {_custom_stats_run}') self._display.display("", screen_only=True) def v2_playbook_on_task_start(self, task, is_conditional): @@ -143,13 +137,13 @@ class CallbackModule(CallbackBase): # that they can secure this if they feel that their stdout is insecure # (shoulder surfing, logging stdout straight to a file, etc). if not task.no_log and C.DISPLAY_ARGS_TO_STDOUT: - args = ', '.join(('%s=%s' % a for a in task.args.items())) - args = ' %s' % args - self._display.banner("TASK %d/%d [%s%s]" % (self._task_counter, self._task_total, task.get_name().strip(), args)) + args = ', '.join(('{k}={v}' for k, v in task.args.items())) + args = f' {args}' + self._display.banner(f"TASK {self._task_counter}/{self._task_total} [{task.get_name().strip()}{args}]") if self._display.verbosity >= 2: path = task.get_path() if path: - self._display.display("task path: %s" % path, color=C.COLOR_DEBUG) + self._display.display(f"task path: {path}", color=C.COLOR_DEBUG) self._host_counter = self._previous_batch_total self._task_counter += 1 @@ -166,15 +160,15 @@ class CallbackModule(CallbackBase): return elif result._result.get('changed', False): if delegated_vars: - msg = "changed: %d/%d [%s -> %s]" % (self._host_counter, self._host_total, result._host.get_name(), delegated_vars['ansible_host']) + msg = f"changed: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> {delegated_vars['ansible_host']}]" else: - msg = "changed: %d/%d [%s]" % (self._host_counter, self._host_total, result._host.get_name()) + msg = f"changed: {self._host_counter}/{self._host_total} [{result._host.get_name()}]" color = C.COLOR_CHANGED else: if delegated_vars: - msg = "ok: %d/%d [%s -> %s]" % (self._host_counter, self._host_total, result._host.get_name(), delegated_vars['ansible_host']) + msg = f"ok: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> {delegated_vars['ansible_host']}]" else: - msg = "ok: %d/%d [%s]" % (self._host_counter, self._host_total, result._host.get_name()) + msg = f"ok: {self._host_counter}/{self._host_total} [{result._host.get_name()}]" color = C.COLOR_OK self._handle_warnings(result._result) @@ -185,7 +179,7 @@ class CallbackModule(CallbackBase): self._clean_results(result._result, result._task.action) if self._run_is_verbose(result): - msg += " => %s" % (self._dump_results(result._result),) + msg += f" => {self._dump_results(result._result)}" self._display.display(msg, color=color) def v2_runner_on_failed(self, result, ignore_errors=False): @@ -206,14 +200,16 @@ class CallbackModule(CallbackBase): else: if delegated_vars: - self._display.display("fatal: %d/%d [%s -> %s]: FAILED! => %s" % (self._host_counter, self._host_total, - result._host.get_name(), delegated_vars['ansible_host'], - self._dump_results(result._result)), - color=C.COLOR_ERROR) + self._display.display( + f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> " + f"{delegated_vars['ansible_host']}]: FAILED! => {self._dump_results(result._result)}", + color=C.COLOR_ERROR + ) else: - self._display.display("fatal: %d/%d [%s]: FAILED! => %s" % (self._host_counter, self._host_total, - result._host.get_name(), self._dump_results(result._result)), - color=C.COLOR_ERROR) + self._display.display( + f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()}]: FAILED! => {self._dump_results(result._result)}", + color=C.COLOR_ERROR + ) if ignore_errors: self._display.display("...ignoring", color=C.COLOR_SKIP) @@ -231,9 +227,9 @@ class CallbackModule(CallbackBase): if result._task.loop and 'results' in result._result: self._process_items(result) else: - msg = "skipping: %d/%d [%s]" % (self._host_counter, self._host_total, result._host.get_name()) + msg = f"skipping: {self._host_counter}/{self._host_total} [{result._host.get_name()}]" if self._run_is_verbose(result): - msg += " => %s" % self._dump_results(result._result) + msg += f" => {self._dump_results(result._result)}" self._display.display(msg, color=C.COLOR_SKIP) def v2_runner_on_unreachable(self, result): @@ -244,11 +240,13 @@ class CallbackModule(CallbackBase): delegated_vars = result._result.get('_ansible_delegated_vars', None) if delegated_vars: - self._display.display("fatal: %d/%d [%s -> %s]: UNREACHABLE! => %s" % (self._host_counter, self._host_total, - result._host.get_name(), delegated_vars['ansible_host'], - self._dump_results(result._result)), - color=C.COLOR_UNREACHABLE) + self._display.display( + f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> " + f"{delegated_vars['ansible_host']}]: UNREACHABLE! => {self._dump_results(result._result)}", + color=C.COLOR_UNREACHABLE + ) else: - self._display.display("fatal: %d/%d [%s]: UNREACHABLE! => %s" % (self._host_counter, self._host_total, - result._host.get_name(), self._dump_results(result._result)), - color=C.COLOR_UNREACHABLE) + self._display.display( + f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()}]: UNREACHABLE! => {self._dump_results(result._result)}", + color=C.COLOR_UNREACHABLE + ) diff --git a/plugins/callback/default_without_diff.py b/plugins/callback/default_without_diff.py index c138cd4455..b6ef75ce91 100644 --- a/plugins/callback/default_without_diff.py +++ b/plugins/callback/default_without_diff.py @@ -7,32 +7,31 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' - name: default_without_diff - type: stdout - short_description: The default ansible callback without diff output - version_added: 8.4.0 - description: - - This is basically the default ansible callback plugin (P(ansible.builtin.default#callback)) without - showing diff output. This can be useful when using another callback which sends more detailed information - to another service, like the L(ARA, https://ara.recordsansible.org/) callback, and you want diff output - sent to that plugin but not shown on the console output. - author: Felix Fontein (@felixfontein) - extends_documentation_fragment: - - ansible.builtin.default_callback - - ansible.builtin.result_format_callback -''' +DOCUMENTATION = r""" +name: default_without_diff +type: stdout +short_description: The default ansible callback without diff output +version_added: 8.4.0 +description: + - This is basically the default ansible callback plugin (P(ansible.builtin.default#callback)) without showing diff output. + This can be useful when using another callback which sends more detailed information to another service, like the L(ARA, + https://ara.recordsansible.org/) callback, and you want diff output sent to that plugin but not shown on the console output. +author: Felix Fontein (@felixfontein) +extends_documentation_fragment: + - ansible.builtin.default_callback + - ansible.builtin.result_format_callback +""" -EXAMPLES = r''' +EXAMPLES = r""" # Enable callback in ansible.cfg: ansible_config: | [defaults] stdout_callback = community.general.default_without_diff # Enable callback with environment variables: -environment_variable: | +environment_variable: |- ANSIBLE_STDOUT_CALLBACK=community.general.default_without_diff -''' +""" from ansible.plugins.callback.default import CallbackModule as Default diff --git a/plugins/callback/dense.py b/plugins/callback/dense.py index 490705fd27..cf1130e3d1 100644 --- a/plugins/callback/dense.py +++ b/plugins/callback/dense.py @@ -7,19 +7,19 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" name: dense type: stdout short_description: minimal stdout output extends_documentation_fragment: -- default_callback + - default_callback description: -- When in verbose mode it will act the same as the default callback. + - When in verbose mode it will act the same as the default callback. author: -- Dag Wieers (@dagwieers) + - Dag Wieers (@dagwieers) requirements: -- set as stdout in configuration -''' + - set as stdout in configuration +""" HAS_OD = False try: @@ -195,7 +195,7 @@ class CallbackModule(CallbackModule_default): self.disabled = True def __del__(self): - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") def _add_host(self, result, status): name = result._host.get_name() @@ -243,7 +243,7 @@ class CallbackModule(CallbackModule_default): def _handle_exceptions(self, result): if 'exception' in result: - # Remove the exception from the result so it's not shown every time + # Remove the exception from the result so it is not shown every time del result['exception'] if self._display.verbosity == 1: @@ -252,7 +252,7 @@ class CallbackModule(CallbackModule_default): def _display_progress(self, result=None): # Always rewrite the complete line sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.nolinewrap + vt100.underline) - sys.stdout.write('%s %d:' % (self.type, self.count[self.type])) + sys.stdout.write(f'{self.type} {self.count[self.type]}:') sys.stdout.write(vt100.reset) sys.stdout.flush() @@ -260,7 +260,7 @@ class CallbackModule(CallbackModule_default): for name in self.hosts: sys.stdout.write(' ') if self.hosts[name].get('delegate', None): - sys.stdout.write(self.hosts[name]['delegate'] + '>') + sys.stdout.write(f"{self.hosts[name]['delegate']}>") sys.stdout.write(colors[self.hosts[name]['state']] + name + vt100.reset) sys.stdout.flush() @@ -274,8 +274,8 @@ class CallbackModule(CallbackModule_default): if not self.shown_title: self.shown_title = True sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.underline) - sys.stdout.write('%s %d: %s' % (self.type, self.count[self.type], self.task.get_name().strip())) - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f'{self.type} {self.count[self.type]}: {self.task.get_name().strip()}') + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") sys.stdout.flush() else: sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline) @@ -284,7 +284,7 @@ class CallbackModule(CallbackModule_default): def _display_results(self, result, status): # Leave the previous task on screen (as it has changes/errors) if self._display.verbosity == 0 and self.keep: - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") else: sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline) self.keep = False @@ -309,15 +309,15 @@ class CallbackModule(CallbackModule_default): if result._task.loop and 'results' in result._result: self._process_items(result) else: - sys.stdout.write(colors[status] + status + ': ') + sys.stdout.write(f"{colors[status] + status}: ") delegated_vars = result._result.get('_ansible_delegated_vars', None) if delegated_vars: - sys.stdout.write(vt100.reset + result._host.get_name() + '>' + colors[status] + delegated_vars['ansible_host']) + sys.stdout.write(f"{vt100.reset + result._host.get_name()}>{colors[status]}{delegated_vars['ansible_host']}") else: sys.stdout.write(result._host.get_name()) - sys.stdout.write(': ' + dump + '\n') + sys.stdout.write(f": {dump}\n") sys.stdout.write(vt100.reset + vt100.save + vt100.clearline) sys.stdout.flush() @@ -327,7 +327,7 @@ class CallbackModule(CallbackModule_default): def v2_playbook_on_play_start(self, play): # Leave the previous task on screen (as it has changes/errors) if self._display.verbosity == 0 and self.keep: - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline + vt100.bold) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}{vt100.bold}") else: sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.bold) @@ -341,14 +341,14 @@ class CallbackModule(CallbackModule_default): name = play.get_name().strip() if not name: name = 'unnamed' - sys.stdout.write('PLAY %d: %s' % (self.count['play'], name.upper())) - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f"PLAY {self.count['play']}: {name.upper()}") + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") sys.stdout.flush() def v2_playbook_on_task_start(self, task, is_conditional): # Leave the previous task on screen (as it has changes/errors) if self._display.verbosity == 0 and self.keep: - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline + vt100.underline) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}{vt100.underline}") else: # Do not clear line, since we want to retain the previous output sys.stdout.write(vt100.restore + vt100.reset + vt100.underline) @@ -365,14 +365,14 @@ class CallbackModule(CallbackModule_default): self.count['task'] += 1 # Write the next task on screen (behind the prompt is the previous output) - sys.stdout.write('%s %d.' % (self.type, self.count[self.type])) + sys.stdout.write(f'{self.type} {self.count[self.type]}.') sys.stdout.write(vt100.reset) sys.stdout.flush() def v2_playbook_on_handler_task_start(self, task): # Leave the previous task on screen (as it has changes/errors) if self._display.verbosity == 0 and self.keep: - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline + vt100.underline) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}{vt100.underline}") else: sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.underline) @@ -388,7 +388,7 @@ class CallbackModule(CallbackModule_default): self.count[self.type] += 1 # Write the next task on screen (behind the prompt is the previous output) - sys.stdout.write('%s %d.' % (self.type, self.count[self.type])) + sys.stdout.write(f'{self.type} {self.count[self.type]}.') sys.stdout.write(vt100.reset) sys.stdout.flush() @@ -451,13 +451,13 @@ class CallbackModule(CallbackModule_default): def v2_playbook_on_no_hosts_remaining(self): if self._display.verbosity == 0 and self.keep: - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") else: sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline) self.keep = False - sys.stdout.write(vt100.white + vt100.redbg + 'NO MORE HOSTS LEFT') - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f"{vt100.white + vt100.redbg}NO MORE HOSTS LEFT") + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") sys.stdout.flush() def v2_playbook_on_include(self, included_file): @@ -465,7 +465,7 @@ class CallbackModule(CallbackModule_default): def v2_playbook_on_stats(self, stats): if self._display.verbosity == 0 and self.keep: - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") else: sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline) @@ -476,22 +476,16 @@ class CallbackModule(CallbackModule_default): sys.stdout.write(vt100.bold + vt100.underline) sys.stdout.write('SUMMARY') - sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline) + sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}") sys.stdout.flush() hosts = sorted(stats.processed.keys()) for h in hosts: t = stats.summarize(h) self._display.display( - u"%s : %s %s %s %s %s %s" % ( - hostcolor(h, t), - colorize(u'ok', t['ok'], C.COLOR_OK), - colorize(u'changed', t['changed'], C.COLOR_CHANGED), - colorize(u'unreachable', t['unreachable'], C.COLOR_UNREACHABLE), - colorize(u'failed', t['failures'], C.COLOR_ERROR), - colorize(u'rescued', t['rescued'], C.COLOR_OK), - colorize(u'ignored', t['ignored'], C.COLOR_WARN), - ), + f"{hostcolor(h, t)} : {colorize('ok', t['ok'], C.COLOR_OK)} {colorize('changed', t['changed'], C.COLOR_CHANGED)} " + f"{colorize('unreachable', t['unreachable'], C.COLOR_UNREACHABLE)} {colorize('failed', t['failures'], C.COLOR_ERROR)} " + f"{colorize('rescued', t['rescued'], C.COLOR_OK)} {colorize('ignored', t['ignored'], C.COLOR_WARN)}", screen_only=True ) diff --git a/plugins/callback/diy.py b/plugins/callback/diy.py index cf9369e4b4..5e46563aa4 100644 --- a/plugins/callback/diy.py +++ b/plugins/callback/diy.py @@ -7,602 +7,597 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' - name: diy - type: stdout - short_description: Customize the output - version_added: 0.2.0 - description: - - Callback plugin that allows you to supply your own custom callback templates to be output. - author: Trevor Highfill (@theque5t) - extends_documentation_fragment: - - default_callback - notes: - - Uses the P(ansible.builtin.default#callback) callback plugin output when a custom callback V(message(msg\)) is not provided. - - Makes the callback event data available via the C(ansible_callback_diy) dictionary, which can be used in the templating context for the options. - The dictionary is only available in the templating context for the options. It is not a variable that is available via the other - various execution contexts, such as playbook, play, task etc. - - Options being set by their respective variable input can only be set using the variable if the variable was set in a context that is available to the - respective callback. - Use the C(ansible_callback_diy) dictionary to see what is available to a callback. Additionally, C(ansible_callback_diy.top_level_var_names) will output - the top level variable names available to the callback. - - Each option value is rendered as a template before being evaluated. This allows for the dynamic usage of an option. For example, - C("{{ 'yellow' if ansible_callback_diy.result.is_changed else 'bright green' }}") - - "**Condition** for all C(msg) options: - if value C(is None or omit), - then the option is not being used. - **Effect**: use of the C(default) callback plugin for output" - - "**Condition** for all C(msg) options: - if value C(is not None and not omit and length is not greater than 0), - then the option is being used without output. - **Effect**: suppress output" - - "**Condition** for all C(msg) options: - if value C(is not None and not omit and length is greater than 0), - then the option is being used with output. - **Effect**: render value as template and output" - - "Valid color values: V(black), V(bright gray), V(blue), V(white), V(green), V(bright blue), V(cyan), V(bright green), V(red), V(bright cyan), - V(purple), V(bright red), V(yellow), V(bright purple), V(dark gray), V(bright yellow), V(magenta), V(bright magenta), V(normal)" - seealso: - - name: default – default Ansible screen output - description: The official documentation on the B(default) callback plugin. - link: https://docs.ansible.com/ansible/latest/plugins/callback/default.html - requirements: - - set as stdout_callback in configuration - options: - on_any_msg: - description: Output to be used for callback on_any. - ini: - - section: callback_diy - key: on_any_msg - env: - - name: ANSIBLE_CALLBACK_DIY_ON_ANY_MSG - vars: - - name: ansible_callback_diy_on_any_msg - type: str +DOCUMENTATION = r""" +name: diy +type: stdout +short_description: Customize the output +version_added: 0.2.0 +description: + - Callback plugin that allows you to supply your own custom callback templates to be output. +author: Trevor Highfill (@theque5t) +extends_documentation_fragment: + - default_callback +notes: + - Uses the P(ansible.builtin.default#callback) callback plugin output when a custom callback V(message(msg\)) is not provided. + - Makes the callback event data available using the C(ansible_callback_diy) dictionary, which can be used in the templating + context for the options. The dictionary is only available in the templating context for the options. It is not a variable + that is available using the other various execution contexts, such as playbook, play, task, and so on so forth. + - Options being set by their respective variable input can only be set using the variable if the variable was set in a context + that is available to the respective callback. Use the C(ansible_callback_diy) dictionary to see what is available to a + callback. Additionally, C(ansible_callback_diy.top_level_var_names) will output the top level variable names available + to the callback. + - Each option value is rendered as a template before being evaluated. This allows for the dynamic usage of an option. For + example, C("{{ 'yellow' if ansible_callback_diy.result.is_changed else 'bright green' }}"). + - 'B(Condition) for all C(msg) options: if value C(is None or omit), then the option is not being used. B(Effect): use + of the C(default) callback plugin for output.' + - 'B(Condition) for all C(msg) options: if value C(is not None and not omit and length is not greater than 0), then the + option is being used without output. B(Effect): suppress output.' + - 'B(Condition) for all C(msg) options: if value C(is not None and not omit and length is greater than 0), then the option + is being used with output. B(Effect): render value as template and output.' + - 'Valid color values: V(black), V(bright gray), V(blue), V(white), V(green), V(bright blue), V(cyan), V(bright green), + V(red), V(bright cyan), V(purple), V(bright red), V(yellow), V(bright purple), V(dark gray), V(bright yellow), V(magenta), + V(bright magenta), V(normal).' +seealso: + - name: default – default Ansible screen output + description: The official documentation on the B(default) callback plugin. + link: https://docs.ansible.com/ansible/latest/plugins/callback/default.html +requirements: + - set as stdout_callback in configuration +options: + on_any_msg: + description: Output to be used for callback on_any. + ini: + - section: callback_diy + key: on_any_msg + env: + - name: ANSIBLE_CALLBACK_DIY_ON_ANY_MSG + vars: + - name: ansible_callback_diy_on_any_msg + type: str - on_any_msg_color: - description: - - Output color to be used for O(on_any_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: on_any_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_ON_ANY_MSG_COLOR - vars: - - name: ansible_callback_diy_on_any_msg_color - type: str + on_any_msg_color: + description: + - Output color to be used for O(on_any_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: on_any_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_ON_ANY_MSG_COLOR + vars: + - name: ansible_callback_diy_on_any_msg_color + type: str - runner_on_failed_msg: - description: Output to be used for callback runner_on_failed. - ini: - - section: callback_diy - key: runner_on_failed_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG - vars: - - name: ansible_callback_diy_runner_on_failed_msg - type: str + runner_on_failed_msg: + description: Output to be used for callback runner_on_failed. + ini: + - section: callback_diy + key: runner_on_failed_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG + vars: + - name: ansible_callback_diy_runner_on_failed_msg + type: str - runner_on_failed_msg_color: - description: - - Output color to be used for O(runner_on_failed_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_on_failed_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_on_failed_msg_color - type: str + runner_on_failed_msg_color: + description: + - Output color to be used for O(runner_on_failed_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_on_failed_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_FAILED_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_on_failed_msg_color + type: str - runner_on_ok_msg: - description: Output to be used for callback runner_on_ok. - ini: - - section: callback_diy - key: runner_on_ok_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG - vars: - - name: ansible_callback_diy_runner_on_ok_msg - type: str + runner_on_ok_msg: + description: Output to be used for callback runner_on_ok. + ini: + - section: callback_diy + key: runner_on_ok_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG + vars: + - name: ansible_callback_diy_runner_on_ok_msg + type: str - runner_on_ok_msg_color: - description: - - Output color to be used for O(runner_on_ok_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_on_ok_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_on_ok_msg_color - type: str + runner_on_ok_msg_color: + description: + - Output color to be used for O(runner_on_ok_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_on_ok_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_OK_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_on_ok_msg_color + type: str - runner_on_skipped_msg: - description: Output to be used for callback runner_on_skipped. - ini: - - section: callback_diy - key: runner_on_skipped_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG - vars: - - name: ansible_callback_diy_runner_on_skipped_msg - type: str + runner_on_skipped_msg: + description: Output to be used for callback runner_on_skipped. + ini: + - section: callback_diy + key: runner_on_skipped_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG + vars: + - name: ansible_callback_diy_runner_on_skipped_msg + type: str - runner_on_skipped_msg_color: - description: - - Output color to be used for O(runner_on_skipped_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_on_skipped_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_on_skipped_msg_color - type: str + runner_on_skipped_msg_color: + description: + - Output color to be used for O(runner_on_skipped_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_on_skipped_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_SKIPPED_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_on_skipped_msg_color + type: str - runner_on_unreachable_msg: - description: Output to be used for callback runner_on_unreachable. - ini: - - section: callback_diy - key: runner_on_unreachable_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG - vars: - - name: ansible_callback_diy_runner_on_unreachable_msg - type: str + runner_on_unreachable_msg: + description: Output to be used for callback runner_on_unreachable. + ini: + - section: callback_diy + key: runner_on_unreachable_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG + vars: + - name: ansible_callback_diy_runner_on_unreachable_msg + type: str - runner_on_unreachable_msg_color: - description: - - Output color to be used for O(runner_on_unreachable_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_on_unreachable_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_on_unreachable_msg_color - type: str + runner_on_unreachable_msg_color: + description: + - Output color to be used for O(runner_on_unreachable_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_on_unreachable_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_UNREACHABLE_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_on_unreachable_msg_color + type: str - playbook_on_start_msg: - description: Output to be used for callback playbook_on_start. - ini: - - section: callback_diy - key: playbook_on_start_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG - vars: - - name: ansible_callback_diy_playbook_on_start_msg - type: str + playbook_on_start_msg: + description: Output to be used for callback playbook_on_start. + ini: + - section: callback_diy + key: playbook_on_start_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG + vars: + - name: ansible_callback_diy_playbook_on_start_msg + type: str - playbook_on_start_msg_color: - description: - - Output color to be used for O(playbook_on_start_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_start_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_start_msg_color - type: str + playbook_on_start_msg_color: + description: + - Output color to be used for O(playbook_on_start_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_start_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_START_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_start_msg_color + type: str - playbook_on_notify_msg: - description: Output to be used for callback playbook_on_notify. - ini: - - section: callback_diy - key: playbook_on_notify_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG - vars: - - name: ansible_callback_diy_playbook_on_notify_msg - type: str + playbook_on_notify_msg: + description: Output to be used for callback playbook_on_notify. + ini: + - section: callback_diy + key: playbook_on_notify_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG + vars: + - name: ansible_callback_diy_playbook_on_notify_msg + type: str - playbook_on_notify_msg_color: - description: - - Output color to be used for O(playbook_on_notify_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_notify_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_notify_msg_color - type: str + playbook_on_notify_msg_color: + description: + - Output color to be used for O(playbook_on_notify_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_notify_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NOTIFY_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_notify_msg_color + type: str - playbook_on_no_hosts_matched_msg: - description: Output to be used for callback playbook_on_no_hosts_matched. - ini: - - section: callback_diy - key: playbook_on_no_hosts_matched_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG - vars: - - name: ansible_callback_diy_playbook_on_no_hosts_matched_msg - type: str + playbook_on_no_hosts_matched_msg: + description: Output to be used for callback playbook_on_no_hosts_matched. + ini: + - section: callback_diy + key: playbook_on_no_hosts_matched_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG + vars: + - name: ansible_callback_diy_playbook_on_no_hosts_matched_msg + type: str - playbook_on_no_hosts_matched_msg_color: - description: - - Output color to be used for O(playbook_on_no_hosts_matched_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_no_hosts_matched_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_no_hosts_matched_msg_color - type: str + playbook_on_no_hosts_matched_msg_color: + description: + - Output color to be used for O(playbook_on_no_hosts_matched_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_no_hosts_matched_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_MATCHED_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_no_hosts_matched_msg_color + type: str - playbook_on_no_hosts_remaining_msg: - description: Output to be used for callback playbook_on_no_hosts_remaining. - ini: - - section: callback_diy - key: playbook_on_no_hosts_remaining_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG - vars: - - name: ansible_callback_diy_playbook_on_no_hosts_remaining_msg - type: str + playbook_on_no_hosts_remaining_msg: + description: Output to be used for callback playbook_on_no_hosts_remaining. + ini: + - section: callback_diy + key: playbook_on_no_hosts_remaining_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG + vars: + - name: ansible_callback_diy_playbook_on_no_hosts_remaining_msg + type: str - playbook_on_no_hosts_remaining_msg_color: - description: - - Output color to be used for O(playbook_on_no_hosts_remaining_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_no_hosts_remaining_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_no_hosts_remaining_msg_color - type: str + playbook_on_no_hosts_remaining_msg_color: + description: + - Output color to be used for O(playbook_on_no_hosts_remaining_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_no_hosts_remaining_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_NO_HOSTS_REMAINING_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_no_hosts_remaining_msg_color + type: str - playbook_on_task_start_msg: - description: Output to be used for callback playbook_on_task_start. - ini: - - section: callback_diy - key: playbook_on_task_start_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG - vars: - - name: ansible_callback_diy_playbook_on_task_start_msg - type: str + playbook_on_task_start_msg: + description: Output to be used for callback playbook_on_task_start. + ini: + - section: callback_diy + key: playbook_on_task_start_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG + vars: + - name: ansible_callback_diy_playbook_on_task_start_msg + type: str - playbook_on_task_start_msg_color: - description: - - Output color to be used for O(playbook_on_task_start_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_task_start_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_task_start_msg_color - type: str + playbook_on_task_start_msg_color: + description: + - Output color to be used for O(playbook_on_task_start_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_task_start_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_TASK_START_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_task_start_msg_color + type: str - playbook_on_handler_task_start_msg: - description: Output to be used for callback playbook_on_handler_task_start. - ini: - - section: callback_diy - key: playbook_on_handler_task_start_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG - vars: - - name: ansible_callback_diy_playbook_on_handler_task_start_msg - type: str + playbook_on_handler_task_start_msg: + description: Output to be used for callback playbook_on_handler_task_start. + ini: + - section: callback_diy + key: playbook_on_handler_task_start_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG + vars: + - name: ansible_callback_diy_playbook_on_handler_task_start_msg + type: str - playbook_on_handler_task_start_msg_color: - description: - - Output color to be used for O(playbook_on_handler_task_start_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_handler_task_start_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_handler_task_start_msg_color - type: str + playbook_on_handler_task_start_msg_color: + description: + - Output color to be used for O(playbook_on_handler_task_start_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_handler_task_start_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_HANDLER_TASK_START_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_handler_task_start_msg_color + type: str - playbook_on_vars_prompt_msg: - description: Output to be used for callback playbook_on_vars_prompt. - ini: - - section: callback_diy - key: playbook_on_vars_prompt_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG - vars: - - name: ansible_callback_diy_playbook_on_vars_prompt_msg - type: str + playbook_on_vars_prompt_msg: + description: Output to be used for callback playbook_on_vars_prompt. + ini: + - section: callback_diy + key: playbook_on_vars_prompt_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG + vars: + - name: ansible_callback_diy_playbook_on_vars_prompt_msg + type: str - playbook_on_vars_prompt_msg_color: - description: - - Output color to be used for O(playbook_on_vars_prompt_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_vars_prompt_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_vars_prompt_msg_color - type: str + playbook_on_vars_prompt_msg_color: + description: + - Output color to be used for O(playbook_on_vars_prompt_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_vars_prompt_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_VARS_PROMPT_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_vars_prompt_msg_color + type: str - playbook_on_play_start_msg: - description: Output to be used for callback playbook_on_play_start. - ini: - - section: callback_diy - key: playbook_on_play_start_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG - vars: - - name: ansible_callback_diy_playbook_on_play_start_msg - type: str + playbook_on_play_start_msg: + description: Output to be used for callback playbook_on_play_start. + ini: + - section: callback_diy + key: playbook_on_play_start_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG + vars: + - name: ansible_callback_diy_playbook_on_play_start_msg + type: str - playbook_on_play_start_msg_color: - description: - - Output color to be used for O(playbook_on_play_start_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_play_start_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_play_start_msg_color - type: str + playbook_on_play_start_msg_color: + description: + - Output color to be used for O(playbook_on_play_start_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_play_start_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_PLAY_START_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_play_start_msg_color + type: str - playbook_on_stats_msg: - description: Output to be used for callback playbook_on_stats. - ini: - - section: callback_diy - key: playbook_on_stats_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG - vars: - - name: ansible_callback_diy_playbook_on_stats_msg - type: str + playbook_on_stats_msg: + description: Output to be used for callback playbook_on_stats. + ini: + - section: callback_diy + key: playbook_on_stats_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG + vars: + - name: ansible_callback_diy_playbook_on_stats_msg + type: str - playbook_on_stats_msg_color: - description: - - Output color to be used for O(playbook_on_stats_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_stats_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_stats_msg_color - type: str + playbook_on_stats_msg_color: + description: + - Output color to be used for O(playbook_on_stats_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_stats_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_STATS_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_stats_msg_color + type: str - on_file_diff_msg: - description: Output to be used for callback on_file_diff. - ini: - - section: callback_diy - key: on_file_diff_msg - env: - - name: ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG - vars: - - name: ansible_callback_diy_on_file_diff_msg - type: str + on_file_diff_msg: + description: Output to be used for callback on_file_diff. + ini: + - section: callback_diy + key: on_file_diff_msg + env: + - name: ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG + vars: + - name: ansible_callback_diy_on_file_diff_msg + type: str - on_file_diff_msg_color: - description: - - Output color to be used for O(on_file_diff_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: on_file_diff_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG_COLOR - vars: - - name: ansible_callback_diy_on_file_diff_msg_color - type: str + on_file_diff_msg_color: + description: + - Output color to be used for O(on_file_diff_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: on_file_diff_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_ON_FILE_DIFF_MSG_COLOR + vars: + - name: ansible_callback_diy_on_file_diff_msg_color + type: str - playbook_on_include_msg: - description: Output to be used for callback playbook_on_include. - ini: - - section: callback_diy - key: playbook_on_include_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG - vars: - - name: ansible_callback_diy_playbook_on_include_msg - type: str + playbook_on_include_msg: + description: Output to be used for callback playbook_on_include. + ini: + - section: callback_diy + key: playbook_on_include_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG + vars: + - name: ansible_callback_diy_playbook_on_include_msg + type: str - playbook_on_include_msg_color: - description: - - Output color to be used for O(playbook_on_include_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_include_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_include_msg_color - type: str + playbook_on_include_msg_color: + description: + - Output color to be used for O(playbook_on_include_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_include_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_INCLUDE_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_include_msg_color + type: str - runner_item_on_ok_msg: - description: Output to be used for callback runner_item_on_ok. - ini: - - section: callback_diy - key: runner_item_on_ok_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG - vars: - - name: ansible_callback_diy_runner_item_on_ok_msg - type: str + runner_item_on_ok_msg: + description: Output to be used for callback runner_item_on_ok. + ini: + - section: callback_diy + key: runner_item_on_ok_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG + vars: + - name: ansible_callback_diy_runner_item_on_ok_msg + type: str - runner_item_on_ok_msg_color: - description: - - Output color to be used for O(runner_item_on_ok_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_item_on_ok_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_item_on_ok_msg_color - type: str + runner_item_on_ok_msg_color: + description: + - Output color to be used for O(runner_item_on_ok_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_item_on_ok_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_OK_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_item_on_ok_msg_color + type: str - runner_item_on_failed_msg: - description: Output to be used for callback runner_item_on_failed. - ini: - - section: callback_diy - key: runner_item_on_failed_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG - vars: - - name: ansible_callback_diy_runner_item_on_failed_msg - type: str + runner_item_on_failed_msg: + description: Output to be used for callback runner_item_on_failed. + ini: + - section: callback_diy + key: runner_item_on_failed_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG + vars: + - name: ansible_callback_diy_runner_item_on_failed_msg + type: str - runner_item_on_failed_msg_color: - description: - - Output color to be used for O(runner_item_on_failed_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_item_on_failed_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_item_on_failed_msg_color - type: str + runner_item_on_failed_msg_color: + description: + - Output color to be used for O(runner_item_on_failed_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_item_on_failed_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_FAILED_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_item_on_failed_msg_color + type: str - runner_item_on_skipped_msg: - description: Output to be used for callback runner_item_on_skipped. - ini: - - section: callback_diy - key: runner_item_on_skipped_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG - vars: - - name: ansible_callback_diy_runner_item_on_skipped_msg - type: str + runner_item_on_skipped_msg: + description: Output to be used for callback runner_item_on_skipped. + ini: + - section: callback_diy + key: runner_item_on_skipped_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG + vars: + - name: ansible_callback_diy_runner_item_on_skipped_msg + type: str - runner_item_on_skipped_msg_color: - description: - - Output color to be used for O(runner_item_on_skipped_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_item_on_skipped_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_item_on_skipped_msg_color - type: str + runner_item_on_skipped_msg_color: + description: + - Output color to be used for O(runner_item_on_skipped_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_item_on_skipped_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ITEM_ON_SKIPPED_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_item_on_skipped_msg_color + type: str - runner_retry_msg: - description: Output to be used for callback runner_retry. - ini: - - section: callback_diy - key: runner_retry_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG - vars: - - name: ansible_callback_diy_runner_retry_msg - type: str + runner_retry_msg: + description: Output to be used for callback runner_retry. + ini: + - section: callback_diy + key: runner_retry_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG + vars: + - name: ansible_callback_diy_runner_retry_msg + type: str - runner_retry_msg_color: - description: - - Output color to be used for O(runner_retry_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_retry_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_retry_msg_color - type: str + runner_retry_msg_color: + description: + - Output color to be used for O(runner_retry_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_retry_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_RETRY_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_retry_msg_color + type: str - runner_on_start_msg: - description: Output to be used for callback runner_on_start. - ini: - - section: callback_diy - key: runner_on_start_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG - vars: - - name: ansible_callback_diy_runner_on_start_msg - type: str + runner_on_start_msg: + description: Output to be used for callback runner_on_start. + ini: + - section: callback_diy + key: runner_on_start_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG + vars: + - name: ansible_callback_diy_runner_on_start_msg + type: str - runner_on_start_msg_color: - description: - - Output color to be used for O(runner_on_start_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_on_start_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_on_start_msg_color - type: str + runner_on_start_msg_color: + description: + - Output color to be used for O(runner_on_start_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_on_start_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_START_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_on_start_msg_color + type: str - runner_on_no_hosts_msg: - description: Output to be used for callback runner_on_no_hosts. - ini: - - section: callback_diy - key: runner_on_no_hosts_msg - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG - vars: - - name: ansible_callback_diy_runner_on_no_hosts_msg - type: str + runner_on_no_hosts_msg: + description: Output to be used for callback runner_on_no_hosts. + ini: + - section: callback_diy + key: runner_on_no_hosts_msg + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG + vars: + - name: ansible_callback_diy_runner_on_no_hosts_msg + type: str - runner_on_no_hosts_msg_color: - description: - - Output color to be used for O(runner_on_no_hosts_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: runner_on_no_hosts_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG_COLOR - vars: - - name: ansible_callback_diy_runner_on_no_hosts_msg_color - type: str + runner_on_no_hosts_msg_color: + description: + - Output color to be used for O(runner_on_no_hosts_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: runner_on_no_hosts_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_RUNNER_ON_NO_HOSTS_MSG_COLOR + vars: + - name: ansible_callback_diy_runner_on_no_hosts_msg_color + type: str - playbook_on_setup_msg: - description: Output to be used for callback playbook_on_setup. - ini: - - section: callback_diy - key: playbook_on_setup_msg - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG - vars: - - name: ansible_callback_diy_playbook_on_setup_msg - type: str + playbook_on_setup_msg: + description: Output to be used for callback playbook_on_setup. + ini: + - section: callback_diy + key: playbook_on_setup_msg + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG + vars: + - name: ansible_callback_diy_playbook_on_setup_msg + type: str - playbook_on_setup_msg_color: - description: - - Output color to be used for O(playbook_on_setup_msg). - - Template should render a L(valid color value,#notes). - ini: - - section: callback_diy - key: playbook_on_setup_msg_color - env: - - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG_COLOR - vars: - - name: ansible_callback_diy_playbook_on_setup_msg_color - type: str -''' + playbook_on_setup_msg_color: + description: + - Output color to be used for O(playbook_on_setup_msg). + - Template should render a L(valid color value,#notes). + ini: + - section: callback_diy + key: playbook_on_setup_msg_color + env: + - name: ANSIBLE_CALLBACK_DIY_PLAYBOOK_ON_SETUP_MSG_COLOR + vars: + - name: ansible_callback_diy_playbook_on_setup_msg_color + type: str +""" -EXAMPLES = r''' +EXAMPLES = r""" ansible.cfg: > # Enable plugin [defaults] @@ -623,7 +618,7 @@ ansible.cfg: > # Newline after every callback # on_any_msg='{{ " " | join("\n") }}' -playbook.yml: > +playbook.yml: >- --- - name: "Default plugin output: play example" hosts: localhost @@ -782,7 +777,7 @@ playbook.yml: > {{ white }}{{ ansible_callback_diy[key] }} {% endfor %} -''' +""" import sys from contextlib import contextmanager @@ -828,9 +823,9 @@ class CallbackModule(Default): _callback_options = ['msg', 'msg_color'] for option in _callback_options: - _option_name = '%s_%s' % (_callback_type, option) + _option_name = f'{_callback_type}_{option}' _option_template = variables.get( - self.DIY_NS + "_" + _option_name, + f"{self.DIY_NS}_{_option_name}", self.get_option(_option_name) ) _ret.update({option: self._template( @@ -867,7 +862,7 @@ class CallbackModule(Default): handler=None, result=None, stats=None, remove_attr_ref_loop=True): def _get_value(obj, attr=None, method=None): if attr: - return getattr(obj, attr, getattr(obj, "_" + attr, None)) + return getattr(obj, attr, getattr(obj, f"_{attr}", None)) if method: _method = getattr(obj, method) diff --git a/plugins/callback/elastic.py b/plugins/callback/elastic.py index 0c94d1ba33..6866e52712 100644 --- a/plugins/callback/elastic.py +++ b/plugins/callback/elastic.py @@ -5,69 +5,69 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Victor Martinez (@v1v) - name: elastic - type: notification - short_description: Create distributed traces for each Ansible task in Elastic APM - version_added: 3.8.0 +DOCUMENTATION = r""" +author: Victor Martinez (@v1v) +name: elastic +type: notification +short_description: Create distributed traces for each Ansible task in Elastic APM +version_added: 3.8.0 +description: + - This callback creates distributed traces for each Ansible task in Elastic APM. + - You can configure the plugin with environment variables. + - See U(https://www.elastic.co/guide/en/apm/agent/python/current/configuration.html). +options: + hide_task_arguments: + default: false + type: bool description: - - This callback creates distributed traces for each Ansible task in Elastic APM. - - You can configure the plugin with environment variables. - - See U(https://www.elastic.co/guide/en/apm/agent/python/current/configuration.html). - options: - hide_task_arguments: - default: false - type: bool - description: - - Hide the arguments for a task. - env: - - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS - apm_service_name: - default: ansible - type: str - description: - - The service name resource attribute. - env: - - name: ELASTIC_APM_SERVICE_NAME - apm_server_url: - type: str - description: - - Use the APM server and its environment variables. - env: - - name: ELASTIC_APM_SERVER_URL - apm_secret_token: - type: str - description: - - Use the APM server token - env: - - name: ELASTIC_APM_SECRET_TOKEN - apm_api_key: - type: str - description: - - Use the APM API key - env: - - name: ELASTIC_APM_API_KEY - apm_verify_server_cert: - default: true - type: bool - description: - - Verifies the SSL certificate if an HTTPS connection. - env: - - name: ELASTIC_APM_VERIFY_SERVER_CERT - traceparent: - type: str - description: - - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header). - env: - - name: TRACEPARENT - requirements: - - elastic-apm (Python library) -''' + - Hide the arguments for a task. + env: + - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS + apm_service_name: + default: ansible + type: str + description: + - The service name resource attribute. + env: + - name: ELASTIC_APM_SERVICE_NAME + apm_server_url: + type: str + description: + - Use the APM server and its environment variables. + env: + - name: ELASTIC_APM_SERVER_URL + apm_secret_token: + type: str + description: + - Use the APM server token. + env: + - name: ELASTIC_APM_SECRET_TOKEN + apm_api_key: + type: str + description: + - Use the APM API key. + env: + - name: ELASTIC_APM_API_KEY + apm_verify_server_cert: + default: true + type: bool + description: + - Verifies the SSL certificate if an HTTPS connection. + env: + - name: ELASTIC_APM_VERIFY_SERVER_CERT + traceparent: + type: str + description: + - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header). + env: + - name: TRACEPARENT +requirements: + - elastic-apm (Python library) +""" -EXAMPLES = ''' -examples: | +EXAMPLES = r""" +examples: |- Enable the plugin in ansible.cfg: [defaults] callbacks_enabled = community.general.elastic @@ -76,7 +76,7 @@ examples: | export ELASTIC_APM_SERVER_URL= export ELASTIC_APM_SERVICE_NAME=your_service_name export ELASTIC_APM_API_KEY=your_APM_API_KEY -''' +""" import getpass import socket @@ -118,7 +118,7 @@ class TaskData: if host.uuid in self.host_data: if host.status == 'included': # concatenate task include output from multiple items - host.result = '%s\n%s' % (self.host_data[host.uuid].result, host.result) + host.result = f'{self.host_data[host.uuid].result}\n{host.result}' else: return @@ -166,7 +166,7 @@ class ElasticSource(object): args = None if not task.no_log and not hide_task_arguments: - args = ', '.join(('%s=%s' % a for a in task.args.items())) + args = ', '.join((f'{k}={v}' for k, v in task.args.items())) tasks_data[uuid] = TaskData(uuid, name, path, play_name, action, args) @@ -225,7 +225,7 @@ class ElasticSource(object): def create_span_data(self, apm_cli, task_data, host_data): """ create the span with the given TaskData and HostData """ - name = '[%s] %s: %s' % (host_data.name, task_data.play, task_data.name) + name = f'[{host_data.name}] {task_data.play}: {task_data.name}' message = "success" status = "success" @@ -259,7 +259,7 @@ class ElasticSource(object): "ansible.task.host.status": host_data.status}) as span: span.outcome = status if 'failure' in status: - exception = AnsibleRuntimeError(message="{0}: {1} failed with error message {2}".format(task_data.action, name, enriched_error_message)) + exception = AnsibleRuntimeError(message=f"{task_data.action}: {name} failed with error message {enriched_error_message}") apm_cli.capture_exception(exc_info=(type(exception), exception, exception.__traceback__), handled=True) def init_apm_client(self, apm_server_url, apm_service_name, apm_verify_server_cert, apm_secret_token, apm_api_key): @@ -288,7 +288,7 @@ class ElasticSource(object): message = result.get('msg', 'failed') exception = result.get('exception') stderr = result.get('stderr') - return ('message: "{0}"\nexception: "{1}"\nstderr: "{2}"').format(message, exception, stderr) + return f"message: \"{message}\"\nexception: \"{exception}\"\nstderr: \"{stderr}\"" class CallbackModule(CallbackBase): diff --git a/plugins/callback/hipchat.py b/plugins/callback/hipchat.py deleted file mode 100644 index 3e10b69e7f..0000000000 --- a/plugins/callback/hipchat.py +++ /dev/null @@ -1,229 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (c) 2014, Matt Martz -# Copyright (c) 2017 Ansible Project -# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) -# SPDX-License-Identifier: GPL-3.0-or-later - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: hipchat - type: notification - requirements: - - whitelist in configuration. - - prettytable (python lib) - short_description: post task events to hipchat - description: - - This callback plugin sends status updates to a HipChat channel during playbook execution. - - Before 2.4 only environment variables were available for configuring this plugin. - options: - token: - description: HipChat API token for v1 or v2 API. - required: true - env: - - name: HIPCHAT_TOKEN - ini: - - section: callback_hipchat - key: token - api_version: - description: HipChat API version, v1 or v2. - required: false - default: v1 - env: - - name: HIPCHAT_API_VERSION - ini: - - section: callback_hipchat - key: api_version - room: - description: HipChat room to post in. - default: ansible - env: - - name: HIPCHAT_ROOM - ini: - - section: callback_hipchat - key: room - from: - description: Name to post as - default: ansible - env: - - name: HIPCHAT_FROM - ini: - - section: callback_hipchat - key: from - notify: - description: Add notify flag to important messages - type: bool - default: true - env: - - name: HIPCHAT_NOTIFY - ini: - - section: callback_hipchat - key: notify - -''' - -import os -import json - -try: - import prettytable - HAS_PRETTYTABLE = True -except ImportError: - HAS_PRETTYTABLE = False - -from ansible.plugins.callback import CallbackBase -from ansible.module_utils.six.moves.urllib.parse import urlencode -from ansible.module_utils.urls import open_url - - -class CallbackModule(CallbackBase): - """This is an example ansible callback plugin that sends status - updates to a HipChat channel during playbook execution. - """ - - CALLBACK_VERSION = 2.0 - CALLBACK_TYPE = 'notification' - CALLBACK_NAME = 'community.general.hipchat' - CALLBACK_NEEDS_WHITELIST = True - - API_V1_URL = 'https://api.hipchat.com/v1/rooms/message' - API_V2_URL = 'https://api.hipchat.com/v2/' - - def __init__(self): - - super(CallbackModule, self).__init__() - - if not HAS_PRETTYTABLE: - self.disabled = True - self._display.warning('The `prettytable` python module is not installed. ' - 'Disabling the HipChat callback plugin.') - self.printed_playbook = False - self.playbook_name = None - self.play = None - - def set_options(self, task_keys=None, var_options=None, direct=None): - super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct) - - self.token = self.get_option('token') - self.api_version = self.get_option('api_version') - self.from_name = self.get_option('from') - self.allow_notify = self.get_option('notify') - self.room = self.get_option('room') - - if self.token is None: - self.disabled = True - self._display.warning('HipChat token could not be loaded. The HipChat ' - 'token can be provided using the `HIPCHAT_TOKEN` ' - 'environment variable.') - - # Pick the request handler. - if self.api_version == 'v2': - self.send_msg = self.send_msg_v2 - else: - self.send_msg = self.send_msg_v1 - - def send_msg_v2(self, msg, msg_format='text', color='yellow', notify=False): - """Method for sending a message to HipChat""" - - headers = {'Authorization': 'Bearer %s' % self.token, 'Content-Type': 'application/json'} - - body = {} - body['room_id'] = self.room - body['from'] = self.from_name[:15] # max length is 15 - body['message'] = msg - body['message_format'] = msg_format - body['color'] = color - body['notify'] = self.allow_notify and notify - - data = json.dumps(body) - url = self.API_V2_URL + "room/{room_id}/notification".format(room_id=self.room) - try: - response = open_url(url, data=data, headers=headers, method='POST') - return response.read() - except Exception as ex: - self._display.warning('Could not submit message to hipchat: {0}'.format(ex)) - - def send_msg_v1(self, msg, msg_format='text', color='yellow', notify=False): - """Method for sending a message to HipChat""" - - params = {} - params['room_id'] = self.room - params['from'] = self.from_name[:15] # max length is 15 - params['message'] = msg - params['message_format'] = msg_format - params['color'] = color - params['notify'] = int(self.allow_notify and notify) - - url = ('%s?auth_token=%s' % (self.API_V1_URL, self.token)) - try: - response = open_url(url, data=urlencode(params)) - return response.read() - except Exception as ex: - self._display.warning('Could not submit message to hipchat: {0}'.format(ex)) - - def v2_playbook_on_play_start(self, play): - """Display Playbook and play start messages""" - - self.play = play - name = play.name - # This block sends information about a playbook when it starts - # The playbook object is not immediately available at - # playbook_on_start so we grab it via the play - # - # Displays info about playbook being started by a person on an - # inventory, as well as Tags, Skip Tags and Limits - if not self.printed_playbook: - self.playbook_name, dummy = os.path.splitext(os.path.basename(self.play.playbook.filename)) - host_list = self.play.playbook.inventory.host_list - inventory = os.path.basename(os.path.realpath(host_list)) - self.send_msg("%s: Playbook initiated by %s against %s" % - (self.playbook_name, - self.play.playbook.remote_user, - inventory), notify=True) - self.printed_playbook = True - subset = self.play.playbook.inventory._subset - skip_tags = self.play.playbook.skip_tags - self.send_msg("%s:\nTags: %s\nSkip Tags: %s\nLimit: %s" % - (self.playbook_name, - ', '.join(self.play.playbook.only_tags), - ', '.join(skip_tags) if skip_tags else None, - ', '.join(subset) if subset else subset)) - - # This is where we actually say we are starting a play - self.send_msg("%s: Starting play: %s" % - (self.playbook_name, name)) - - def playbook_on_stats(self, stats): - """Display info about playbook statistics""" - hosts = sorted(stats.processed.keys()) - - t = prettytable.PrettyTable(['Host', 'Ok', 'Changed', 'Unreachable', - 'Failures']) - - failures = False - unreachable = False - - for h in hosts: - s = stats.summarize(h) - - if s['failures'] > 0: - failures = True - if s['unreachable'] > 0: - unreachable = True - - t.add_row([h] + [s[k] for k in ['ok', 'changed', 'unreachable', - 'failures']]) - - self.send_msg("%s: Playbook complete" % self.playbook_name, - notify=True) - - if failures or unreachable: - color = 'red' - self.send_msg("%s: Failures detected" % self.playbook_name, - color=color, notify=True) - else: - color = 'green' - - self.send_msg("/code %s:\n%s" % (self.playbook_name, t), color=color) diff --git a/plugins/callback/jabber.py b/plugins/callback/jabber.py index d2d00496d8..8f9d7cd833 100644 --- a/plugins/callback/jabber.py +++ b/plugins/callback/jabber.py @@ -7,38 +7,42 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: jabber - type: notification - short_description: post task events to a jabber server - description: - - The chatty part of ChatOps with a Hipchat server as a target. - - This callback plugin sends status updates to a HipChat channel during playbook execution. - requirements: - - xmpp (Python library U(https://github.com/ArchipelProject/xmpppy)) - options: - server: - description: connection info to jabber server - required: true - env: - - name: JABBER_SERV - user: - description: Jabber user to authenticate as - required: true - env: - - name: JABBER_USER - password: - description: Password for the user to the jabber server - required: true - env: - - name: JABBER_PASS - to: - description: chat identifier that will receive the message - required: true - env: - - name: JABBER_TO -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: jabber +type: notification +short_description: post task events to a Jabber server +description: + - The chatty part of ChatOps with a Hipchat server as a target. + - This callback plugin sends status updates to a HipChat channel during playbook execution. +requirements: + - xmpp (Python library U(https://github.com/ArchipelProject/xmpppy)) +options: + server: + description: Connection info to Jabber server. + type: str + required: true + env: + - name: JABBER_SERV + user: + description: Jabber user to authenticate as. + type: str + required: true + env: + - name: JABBER_USER + password: + description: Password for the user to the Jabber server. + type: str + required: true + env: + - name: JABBER_PASS + to: + description: Chat identifier that will receive the message. + type: str + required: true + env: + - name: JABBER_TO +""" import os @@ -98,7 +102,7 @@ class CallbackModule(CallbackBase): """Display Playbook and play start messages""" self.play = play name = play.name - self.send_msg("Ansible starting play: %s" % (name)) + self.send_msg(f"Ansible starting play: {name}") def playbook_on_stats(self, stats): name = self.play @@ -114,7 +118,7 @@ class CallbackModule(CallbackBase): if failures or unreachable: out = self.debug - self.send_msg("%s: Failures detected \n%s \nHost: %s\n Failed at:\n%s" % (name, self.task, h, out)) + self.send_msg(f"{name}: Failures detected \n{self.task} \nHost: {h}\n Failed at:\n{out}") else: out = self.debug - self.send_msg("Great! \n Playbook %s completed:\n%s \n Last task debug:\n %s" % (name, s, out)) + self.send_msg(f"Great! \n Playbook {name} completed:\n{s} \n Last task debug:\n {out}") diff --git a/plugins/callback/log_plays.py b/plugins/callback/log_plays.py index e99054e176..ed1ed39a72 100644 --- a/plugins/callback/log_plays.py +++ b/plugins/callback/log_plays.py @@ -7,26 +7,27 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: log_plays - type: notification - short_description: write playbook output to log file - description: - - This callback writes playbook output to a file per host in the C(/var/log/ansible/hosts) directory. - requirements: - - Whitelist in configuration - - A writeable C(/var/log/ansible/hosts) directory by the user executing Ansible on the controller - options: - log_folder: - default: /var/log/ansible/hosts - description: The folder where log files will be created. - env: - - name: ANSIBLE_LOG_FOLDER - ini: - - section: callback_log_plays - key: log_folder -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: log_plays +type: notification +short_description: write playbook output to log file +description: + - This callback writes playbook output to a file per host in the C(/var/log/ansible/hosts) directory. +requirements: + - Whitelist in configuration + - A writeable C(/var/log/ansible/hosts) directory by the user executing Ansible on the controller +options: + log_folder: + default: /var/log/ansible/hosts + description: The folder where log files will be created. + type: str + env: + - name: ANSIBLE_LOG_FOLDER + ini: + - section: callback_log_plays + key: log_folder +""" import os import time @@ -56,7 +57,10 @@ class CallbackModule(CallbackBase): CALLBACK_NEEDS_WHITELIST = True TIME_FORMAT = "%b %d %Y %H:%M:%S" - MSG_FORMAT = "%(now)s - %(playbook)s - %(task_name)s - %(task_action)s - %(category)s - %(data)s\n\n" + + @staticmethod + def _make_msg(now, playbook, task_name, task_action, category, data): + return f"{now} - {playbook} - {task_name} - {task_action} - {category} - {data}\n\n" def __init__(self): @@ -81,22 +85,12 @@ class CallbackModule(CallbackBase): invocation = data.pop('invocation', None) data = json.dumps(data, cls=AnsibleJSONEncoder) if invocation is not None: - data = json.dumps(invocation) + " => %s " % data + data = f"{json.dumps(invocation)} => {data} " path = os.path.join(self.log_folder, result._host.get_name()) now = time.strftime(self.TIME_FORMAT, time.localtime()) - msg = to_bytes( - self.MSG_FORMAT - % dict( - now=now, - playbook=self.playbook, - task_name=result._task.name, - task_action=result._task.action, - category=category, - data=data, - ) - ) + msg = to_bytes(self._make_msg(now, self.playbook, result._task.name, result._task.action, category, data)) with open(path, "ab") as fd: fd.write(msg) diff --git a/plugins/callback/loganalytics.py b/plugins/callback/loganalytics.py index fbcdc6f89f..fa891bd10c 100644 --- a/plugins/callback/loganalytics.py +++ b/plugins/callback/loganalytics.py @@ -6,39 +6,41 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: loganalytics - type: notification - short_description: Posts task results to Azure Log Analytics - author: "Cyrus Li (@zhcli) " - description: - - This callback plugin will post task results in JSON formatted to an Azure Log Analytics workspace. - - Credits to authors of splunk callback plugin. - version_added: "2.4.0" - requirements: - - Whitelisting this callback plugin. - - An Azure log analytics work space has been established. - options: - workspace_id: - description: Workspace ID of the Azure log analytics workspace. - required: true - env: - - name: WORKSPACE_ID - ini: - - section: callback_loganalytics - key: workspace_id - shared_key: - description: Shared key to connect to Azure log analytics workspace. - required: true - env: - - name: WORKSPACE_SHARED_KEY - ini: - - section: callback_loganalytics - key: shared_key -''' +DOCUMENTATION = r""" +name: loganalytics +type: notification +short_description: Posts task results to Azure Log Analytics +author: "Cyrus Li (@zhcli) " +description: + - This callback plugin will post task results in JSON formatted to an Azure Log Analytics workspace. + - Credits to authors of splunk callback plugin. +version_added: "2.4.0" +requirements: + - Whitelisting this callback plugin. + - An Azure log analytics work space has been established. +options: + workspace_id: + description: Workspace ID of the Azure log analytics workspace. + type: str + required: true + env: + - name: WORKSPACE_ID + ini: + - section: callback_loganalytics + key: workspace_id + shared_key: + description: Shared key to connect to Azure log analytics workspace. + type: str + required: true + env: + - name: WORKSPACE_SHARED_KEY + ini: + - section: callback_loganalytics + key: shared_key +""" -EXAMPLES = ''' -examples: | +EXAMPLES = r""" +examples: |- Whitelist the plugin in ansible.cfg: [defaults] callback_whitelist = community.general.loganalytics @@ -49,7 +51,7 @@ examples: | [callback_loganalytics] workspace_id = 01234567-0123-0123-0123-01234567890a shared_key = dZD0kCbKl3ehZG6LHFMuhtE0yHiFCmetzFMc2u+roXIUQuatqU924SsAAAAPemhjbGlAemhjbGktTUJQAQIDBA== -''' +""" import hashlib import hmac @@ -59,13 +61,16 @@ import uuid import socket import getpass -from datetime import datetime from os.path import basename from ansible.module_utils.urls import open_url from ansible.parsing.ajson import AnsibleJSONEncoder from ansible.plugins.callback import CallbackBase +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + class AzureLogAnalyticsSource(object): def __init__(self): @@ -79,21 +84,20 @@ class AzureLogAnalyticsSource(object): def __build_signature(self, date, workspace_id, shared_key, content_length): # Build authorisation signature for Azure log analytics API call - sigs = "POST\n{0}\napplication/json\nx-ms-date:{1}\n/api/logs".format( - str(content_length), date) + sigs = f"POST\n{content_length}\napplication/json\nx-ms-date:{date}\n/api/logs" utf8_sigs = sigs.encode('utf-8') decoded_shared_key = base64.b64decode(shared_key) hmac_sha256_sigs = hmac.new( decoded_shared_key, utf8_sigs, digestmod=hashlib.sha256).digest() encoded_hash = base64.b64encode(hmac_sha256_sigs).decode('utf-8') - signature = "SharedKey {0}:{1}".format(workspace_id, encoded_hash) + signature = f"SharedKey {workspace_id}:{encoded_hash}" return signature def __build_workspace_url(self, workspace_id): - return "https://{0}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01".format(workspace_id) + return f"https://{workspace_id}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01" def __rfc1123date(self): - return datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT') + return now().strftime('%a, %d %b %Y %H:%M:%S GMT') def send_event(self, workspace_id, shared_key, state, result, runtime): if result._task_fields['args'].get('_ansible_check_mode') is True: @@ -167,7 +171,7 @@ class CallbackModule(CallbackBase): def _seconds_since_start(self, result): return ( - datetime.utcnow() - + now() - self.start_datetimes[result._task._uuid] ).total_seconds() @@ -185,10 +189,10 @@ class CallbackModule(CallbackBase): self.loganalytics.ansible_playbook = basename(playbook._file_name) def v2_playbook_on_task_start(self, task, is_conditional): - self.start_datetimes[task._uuid] = datetime.utcnow() + self.start_datetimes[task._uuid] = now() def v2_playbook_on_handler_task_start(self, task): - self.start_datetimes[task._uuid] = datetime.utcnow() + self.start_datetimes[task._uuid] = now() def v2_runner_on_ok(self, result, **kwargs): self.loganalytics.send_event( diff --git a/plugins/callback/logdna.py b/plugins/callback/logdna.py index fc9a81ac8a..35c5b86c1e 100644 --- a/plugins/callback/logdna.py +++ b/plugins/callback/logdna.py @@ -6,56 +6,56 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: logdna - type: notification - short_description: Sends playbook logs to LogDNA - description: - - This callback will report logs from playbook actions, tasks, and events to LogDNA (U(https://app.logdna.com)). - requirements: - - LogDNA Python Library (U(https://github.com/logdna/python)) - - whitelisting in configuration - options: - conf_key: - required: true - description: LogDNA Ingestion Key. - type: string - env: - - name: LOGDNA_INGESTION_KEY - ini: - - section: callback_logdna - key: conf_key - plugin_ignore_errors: - required: false - description: Whether to ignore errors on failing or not. - type: boolean - env: - - name: ANSIBLE_IGNORE_ERRORS - ini: - - section: callback_logdna - key: plugin_ignore_errors - default: false - conf_hostname: - required: false - description: Alternative Host Name; the current host name by default. - type: string - env: - - name: LOGDNA_HOSTNAME - ini: - - section: callback_logdna - key: conf_hostname - conf_tags: - required: false - description: Tags. - type: string - env: - - name: LOGDNA_TAGS - ini: - - section: callback_logdna - key: conf_tags - default: ansible -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: logdna +type: notification +short_description: Sends playbook logs to LogDNA +description: + - This callback will report logs from playbook actions, tasks, and events to LogDNA (U(https://app.logdna.com)). +requirements: + - LogDNA Python Library (U(https://github.com/logdna/python)) + - whitelisting in configuration +options: + conf_key: + required: true + description: LogDNA Ingestion Key. + type: string + env: + - name: LOGDNA_INGESTION_KEY + ini: + - section: callback_logdna + key: conf_key + plugin_ignore_errors: + required: false + description: Whether to ignore errors on failing or not. + type: boolean + env: + - name: ANSIBLE_IGNORE_ERRORS + ini: + - section: callback_logdna + key: plugin_ignore_errors + default: false + conf_hostname: + required: false + description: Alternative Host Name; the current host name by default. + type: string + env: + - name: LOGDNA_HOSTNAME + ini: + - section: callback_logdna + key: conf_hostname + conf_tags: + required: false + description: Tags. + type: string + env: + - name: LOGDNA_TAGS + ini: + - section: callback_logdna + key: conf_tags + default: ansible +""" import logging import json @@ -73,7 +73,7 @@ except ImportError: # Getting MAC Address of system: def get_mac(): - mac = "%012x" % getnode() + mac = f"{getnode():012x}" return ":".join(map(lambda index: mac[index:index + 2], range(int(len(mac) / 2)))) @@ -161,7 +161,7 @@ class CallbackModule(CallbackBase): if ninvalidKeys > 0: for key in invalidKeys: del meta[key] - meta['__errors'] = 'These keys have been sanitized: ' + ', '.join(invalidKeys) + meta['__errors'] = f"These keys have been sanitized: {', '.join(invalidKeys)}" return meta def sanitizeJSON(self, data): diff --git a/plugins/callback/logentries.py b/plugins/callback/logentries.py index d3feceb72e..0b3e2baaf0 100644 --- a/plugins/callback/logentries.py +++ b/plugins/callback/logentries.py @@ -6,75 +6,77 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: logentries - type: notification - short_description: Sends events to Logentries +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: logentries +type: notification +short_description: Sends events to Logentries +description: + - This callback plugin will generate JSON objects and send them to Logentries using TCP for auditing/debugging purposes. +requirements: + - whitelisting in configuration + - certifi (Python library) + - flatdict (Python library), if you want to use the O(flatten) option +options: + api: + description: URI to the Logentries API. + type: str + env: + - name: LOGENTRIES_API + default: data.logentries.com + ini: + - section: callback_logentries + key: api + port: + description: HTTP port to use when connecting to the API. + type: int + env: + - name: LOGENTRIES_PORT + default: 80 + ini: + - section: callback_logentries + key: port + tls_port: + description: Port to use when connecting to the API when TLS is enabled. + type: int + env: + - name: LOGENTRIES_TLS_PORT + default: 443 + ini: + - section: callback_logentries + key: tls_port + token: + description: The logentries C(TCP token). + type: str + env: + - name: LOGENTRIES_ANSIBLE_TOKEN + required: true + ini: + - section: callback_logentries + key: token + use_tls: description: - - This callback plugin will generate JSON objects and send them to Logentries via TCP for auditing/debugging purposes. - - Before 2.4, if you wanted to use an ini configuration, the file must be placed in the same directory as this plugin and named C(logentries.ini). - - In 2.4 and above you can just put it in the main Ansible configuration file. - requirements: - - whitelisting in configuration - - certifi (Python library) - - flatdict (Python library), if you want to use the O(flatten) option - options: - api: - description: URI to the Logentries API. - env: - - name: LOGENTRIES_API - default: data.logentries.com - ini: - - section: callback_logentries - key: api - port: - description: HTTP port to use when connecting to the API. - env: - - name: LOGENTRIES_PORT - default: 80 - ini: - - section: callback_logentries - key: port - tls_port: - description: Port to use when connecting to the API when TLS is enabled. - env: - - name: LOGENTRIES_TLS_PORT - default: 443 - ini: - - section: callback_logentries - key: tls_port - token: - description: The logentries C(TCP token). - env: - - name: LOGENTRIES_ANSIBLE_TOKEN - required: true - ini: - - section: callback_logentries - key: token - use_tls: - description: - - Toggle to decide whether to use TLS to encrypt the communications with the API server. - env: - - name: LOGENTRIES_USE_TLS - default: false - type: boolean - ini: - - section: callback_logentries - key: use_tls - flatten: - description: Flatten complex data structures into a single dictionary with complex keys. - type: boolean - default: false - env: - - name: LOGENTRIES_FLATTEN - ini: - - section: callback_logentries - key: flatten -''' + - Toggle to decide whether to use TLS to encrypt the communications with the API server. + env: + - name: LOGENTRIES_USE_TLS + default: false + type: boolean + ini: + - section: callback_logentries + key: use_tls + flatten: + description: Flatten complex data structures into a single dictionary with complex keys. + type: boolean + default: false + env: + - name: LOGENTRIES_FLATTEN + ini: + - section: callback_logentries + key: flatten +""" -EXAMPLES = ''' -examples: > +EXAMPLES = r""" +examples: >- To enable, add this to your ansible.cfg file in the defaults block [defaults] @@ -93,7 +95,7 @@ examples: > use_tls = true token = dd21fc88-f00a-43ff-b977-e3a4233c53af flatten = false -''' +""" import os import socket @@ -131,7 +133,7 @@ class PlainTextSocketAppender(object): # Error message displayed when an incorrect Token has been detected self.INVALID_TOKEN = "\n\nIt appears the LOGENTRIES_TOKEN parameter you entered is incorrect!\n\n" # Unicode Line separator character \u2028 - self.LINE_SEP = u'\u2028' + self.LINE_SEP = '\u2028' self._display = display self._conn = None @@ -149,7 +151,7 @@ class PlainTextSocketAppender(object): self.open_connection() return except Exception as e: - self._display.vvvv(u"Unable to connect to Logentries: %s" % to_text(e)) + self._display.vvvv(f"Unable to connect to Logentries: {e}") root_delay *= 2 if root_delay > self.MAX_DELAY: @@ -158,7 +160,7 @@ class PlainTextSocketAppender(object): wait_for = root_delay + random.uniform(0, root_delay) try: - self._display.vvvv("sleeping %s before retry" % wait_for) + self._display.vvvv(f"sleeping {wait_for} before retry") time.sleep(wait_for) except KeyboardInterrupt: raise @@ -171,8 +173,8 @@ class PlainTextSocketAppender(object): # Replace newlines with Unicode line separator # for multi-line events data = to_text(data, errors='surrogate_or_strict') - multiline = data.replace(u'\n', self.LINE_SEP) - multiline += u"\n" + multiline = data.replace('\n', self.LINE_SEP) + multiline += "\n" # Send data, reconnect if needed while True: try: @@ -245,7 +247,7 @@ class CallbackModule(CallbackBase): self.use_tls = self.get_option('use_tls') self.flatten = self.get_option('flatten') except KeyError as e: - self._display.warning(u"Missing option for Logentries callback plugin: %s" % to_text(e)) + self._display.warning(f"Missing option for Logentries callback plugin: {e}") self.disabled = True try: @@ -264,10 +266,10 @@ class CallbackModule(CallbackBase): if not self.disabled: if self.use_tls: - self._display.vvvv("Connecting to %s:%s with TLS" % (self.api_url, self.api_tls_port)) + self._display.vvvv(f"Connecting to {self.api_url}:{self.api_tls_port} with TLS") self._appender = TLSSocketAppender(display=self._display, LE_API=self.api_url, LE_TLS_PORT=self.api_tls_port) else: - self._display.vvvv("Connecting to %s:%s" % (self.api_url, self.api_port)) + self._display.vvvv(f"Connecting to {self.api_url}:{self.api_port}") self._appender = PlainTextSocketAppender(display=self._display, LE_API=self.api_url, LE_PORT=self.api_port) self._appender.reopen_connection() @@ -280,7 +282,7 @@ class CallbackModule(CallbackBase): def emit(self, record): msg = record.rstrip('\n') - msg = "{0} {1}".format(self.token, msg) + msg = f"{self.token} {msg}" self._appender.put(msg) self._display.vvvv("Sent event to logentries") diff --git a/plugins/callback/logstash.py b/plugins/callback/logstash.py index 144e1f9915..088a84bf78 100644 --- a/plugins/callback/logstash.py +++ b/plugins/callback/logstash.py @@ -7,91 +7,94 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' - author: Yevhen Khmelenko (@ujenmr) - name: logstash - type: notification - short_description: Sends events to Logstash - description: - - This callback will report facts and task events to Logstash U(https://www.elastic.co/products/logstash). - requirements: - - whitelisting in configuration - - logstash (Python library) - options: - server: - description: Address of the Logstash server. - env: - - name: LOGSTASH_SERVER - ini: - - section: callback_logstash - key: server - version_added: 1.0.0 - default: localhost - port: - description: Port on which logstash is listening. - env: - - name: LOGSTASH_PORT - ini: - - section: callback_logstash - key: port - version_added: 1.0.0 - default: 5000 - type: - description: Message type. - env: - - name: LOGSTASH_TYPE - ini: - - section: callback_logstash - key: type - version_added: 1.0.0 - default: ansible - pre_command: - description: Executes command before run and its result is added to the C(ansible_pre_command_output) logstash field. - version_added: 2.0.0 - ini: - - section: callback_logstash - key: pre_command - env: - - name: LOGSTASH_PRE_COMMAND - format_version: - description: Logging format. - type: str - version_added: 2.0.0 - ini: - - section: callback_logstash - key: format_version - env: - - name: LOGSTASH_FORMAT_VERSION - default: v1 - choices: - - v1 - - v2 +DOCUMENTATION = r""" +author: Yevhen Khmelenko (@ujenmr) +name: logstash +type: notification +short_description: Sends events to Logstash +description: + - This callback will report facts and task events to Logstash U(https://www.elastic.co/products/logstash). +requirements: + - whitelisting in configuration + - logstash (Python library) +options: + server: + description: Address of the Logstash server. + type: str + env: + - name: LOGSTASH_SERVER + ini: + - section: callback_logstash + key: server + version_added: 1.0.0 + default: localhost + port: + description: Port on which logstash is listening. + type: int + env: + - name: LOGSTASH_PORT + ini: + - section: callback_logstash + key: port + version_added: 1.0.0 + default: 5000 + type: + description: Message type. + type: str + env: + - name: LOGSTASH_TYPE + ini: + - section: callback_logstash + key: type + version_added: 1.0.0 + default: ansible + pre_command: + description: Executes command before run and its result is added to the C(ansible_pre_command_output) logstash field. + type: str + version_added: 2.0.0 + ini: + - section: callback_logstash + key: pre_command + env: + - name: LOGSTASH_PRE_COMMAND + format_version: + description: Logging format. + type: str + version_added: 2.0.0 + ini: + - section: callback_logstash + key: format_version + env: + - name: LOGSTASH_FORMAT_VERSION + default: v1 + choices: + - v1 + - v2 +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" ansible.cfg: | - # Enable Callback plugin - [defaults] - callback_whitelist = community.general.logstash + # Enable Callback plugin + [defaults] + callback_whitelist = community.general.logstash - [callback_logstash] - server = logstash.example.com - port = 5000 - pre_command = git rev-parse HEAD - type = ansible + [callback_logstash] + server = logstash.example.com + port = 5000 + pre_command = git rev-parse HEAD + type = ansible -11-input-tcp.conf: | - # Enable Logstash TCP Input - input { - tcp { - port => 5000 - codec => json - add_field => { "[@metadata][beat]" => "notify" } - add_field => { "[@metadata][type]" => "ansible" } - } - } -''' +11-input-tcp.conf: |- + # Enable Logstash TCP Input + input { + tcp { + port => 5000 + codec => json + add_field => { "[@metadata][beat]" => "notify" } + add_field => { "[@metadata][type]" => "ansible" } + } + } +""" import os import json @@ -99,7 +102,6 @@ from ansible import context import socket import uuid import logging -from datetime import datetime try: import logstash @@ -109,6 +111,10 @@ except ImportError: from ansible.plugins.callback import CallbackBase +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + class CallbackModule(CallbackBase): @@ -126,7 +132,7 @@ class CallbackModule(CallbackBase): "pip install python-logstash for Python 2" "pip install python3-logstash for Python 3") - self.start_time = datetime.utcnow() + self.start_time = now() def _init_plugin(self): if not self.disabled: @@ -185,7 +191,7 @@ class CallbackModule(CallbackBase): self.logger.info("ansible start", extra=data) def v2_playbook_on_stats(self, stats): - end_time = datetime.utcnow() + end_time = now() runtime = end_time - self.start_time summarize_stat = {} for host in stats.processed.keys(): diff --git a/plugins/callback/mail.py b/plugins/callback/mail.py index 1b847ea34c..7571993ea4 100644 --- a/plugins/callback/mail.py +++ b/plugins/callback/mail.py @@ -7,81 +7,80 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" name: mail type: notification -short_description: Sends failure events via email +short_description: Sends failure events through email description: -- This callback will report failures via email. + - This callback will report failures through email. author: -- Dag Wieers (@dagwieers) + - Dag Wieers (@dagwieers) requirements: -- whitelisting in configuration + - whitelisting in configuration options: mta: description: - - Mail Transfer Agent, server that accepts SMTP. + - Mail Transfer Agent, server that accepts SMTP. type: str env: - - name: SMTPHOST + - name: SMTPHOST ini: - - section: callback_mail - key: smtphost + - section: callback_mail + key: smtphost default: localhost mtaport: description: - - Mail Transfer Agent Port. - - Port at which server SMTP. + - Mail Transfer Agent Port. + - Port at which server SMTP. type: int ini: - - section: callback_mail - key: smtpport + - section: callback_mail + key: smtpport default: 25 to: description: - - Mail recipient. + - Mail recipient. type: list elements: str ini: - - section: callback_mail - key: to + - section: callback_mail + key: to default: [root] sender: description: - - Mail sender. - - This is required since community.general 6.0.0. + - Mail sender. + - This is required since community.general 6.0.0. type: str required: true ini: - - section: callback_mail - key: sender + - section: callback_mail + key: sender cc: description: - - CC'd recipients. + - CC'd recipients. type: list elements: str ini: - - section: callback_mail - key: cc + - section: callback_mail + key: cc bcc: description: - - BCC'd recipients. + - BCC'd recipients. type: list elements: str ini: - - section: callback_mail - key: bcc + - section: callback_mail + key: bcc message_id_domain: description: - - The domain name to use for the L(Message-ID header, https://en.wikipedia.org/wiki/Message-ID). - - The default is the hostname of the control node. + - The domain name to use for the L(Message-ID header, https://en.wikipedia.org/wiki/Message-ID). + - The default is the hostname of the control node. type: str ini: - - section: callback_mail - key: message_id_domain + - section: callback_mail + key: message_id_domain version_added: 8.2.0 - -''' +""" import json import os @@ -135,14 +134,14 @@ class CallbackModule(CallbackBase): if self.bcc: bcc_addresses = email.utils.getaddresses(self.bcc) - content = 'Date: %s\n' % email.utils.formatdate() - content += 'From: %s\n' % email.utils.formataddr(sender_address) + content = f'Date: {email.utils.formatdate()}\n' + content += f'From: {email.utils.formataddr(sender_address)}\n' if self.to: - content += 'To: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in to_addresses]) + content += f"To: {', '.join([email.utils.formataddr(pair) for pair in to_addresses])}\n" if self.cc: - content += 'Cc: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in cc_addresses]) - content += 'Message-ID: %s\n' % email.utils.make_msgid(domain=self.get_option('message_id_domain')) - content += 'Subject: %s\n\n' % subject.strip() + content += f"Cc: {', '.join([email.utils.formataddr(pair) for pair in cc_addresses])}\n" + content += f"Message-ID: {email.utils.make_msgid(domain=self.get_option('message_id_domain'))}\n" + content += f'Subject: {subject.strip()}\n\n' content += body addresses = to_addresses @@ -159,23 +158,22 @@ class CallbackModule(CallbackBase): smtp.quit() def subject_msg(self, multiline, failtype, linenr): - return '%s: %s' % (failtype, multiline.strip('\r\n').splitlines()[linenr]) + msg = multiline.strip('\r\n').splitlines()[linenr] + return f'{failtype}: {msg}' def indent(self, multiline, indent=8): return re.sub('^', ' ' * indent, multiline, flags=re.MULTILINE) def body_blob(self, multiline, texttype): ''' Turn some text output in a well-indented block for sending in a mail body ''' - intro = 'with the following %s:\n\n' % texttype - blob = '' - for line in multiline.strip('\r\n').splitlines(): - blob += '%s\n' % line - return intro + self.indent(blob) + '\n' + intro = f'with the following {texttype}:\n\n' + blob = "\n".join(multiline.strip('\r\n').splitlines()) + return f"{intro}{self.indent(blob)}\n" def mail_result(self, result, failtype): host = result._host.get_name() if not self.sender: - self.sender = '"Ansible: %s" ' % host + self.sender = f'"Ansible: {host}" ' # Add subject if self.itembody: @@ -191,31 +189,32 @@ class CallbackModule(CallbackBase): elif result._result.get('exception'): # Unrelated exceptions are added to output :-/ subject = self.subject_msg(result._result['exception'], failtype, -1) else: - subject = '%s: %s' % (failtype, result._task.name or result._task.action) + subject = f'{failtype}: {result._task.name or result._task.action}' # Make playbook name visible (e.g. in Outlook/Gmail condensed view) - body = 'Playbook: %s\n' % os.path.basename(self.playbook._file_name) + body = f'Playbook: {os.path.basename(self.playbook._file_name)}\n' if result._task.name: - body += 'Task: %s\n' % result._task.name - body += 'Module: %s\n' % result._task.action - body += 'Host: %s\n' % host + body += f'Task: {result._task.name}\n' + body += f'Module: {result._task.action}\n' + body += f'Host: {host}\n' body += '\n' # Add task information (as much as possible) body += 'The following task failed:\n\n' if 'invocation' in result._result: - body += self.indent('%s: %s\n' % (result._task.action, json.dumps(result._result['invocation']['module_args'], indent=4))) + body += self.indent(f"{result._task.action}: {json.dumps(result._result['invocation']['module_args'], indent=4)}\n") elif result._task.name: - body += self.indent('%s (%s)\n' % (result._task.name, result._task.action)) + body += self.indent(f'{result._task.name} ({result._task.action})\n') else: - body += self.indent('%s\n' % result._task.action) + body += self.indent(f'{result._task.action}\n') body += '\n' # Add item / message if self.itembody: body += self.itembody elif result._result.get('failed_when_result') is True: - body += "due to the following condition:\n\n" + self.indent('failed_when:\n- ' + '\n- '.join(result._task.failed_when)) + '\n\n' + fail_cond = self.indent('failed_when:\n- ' + '\n- '.join(result._task.failed_when)) + body += f"due to the following condition:\n\n{fail_cond}\n\n" elif result._result.get('msg'): body += self.body_blob(result._result['msg'], 'message') @@ -228,13 +227,13 @@ class CallbackModule(CallbackBase): body += self.body_blob(result._result['exception'], 'exception') if result._result.get('warnings'): for i in range(len(result._result.get('warnings'))): - body += self.body_blob(result._result['warnings'][i], 'exception %d' % (i + 1)) + body += self.body_blob(result._result['warnings'][i], f'exception {i + 1}') if result._result.get('deprecations'): for i in range(len(result._result.get('deprecations'))): - body += self.body_blob(result._result['deprecations'][i], 'exception %d' % (i + 1)) + body += self.body_blob(result._result['deprecations'][i], f'exception {i + 1}') body += 'and a complete dump of the error:\n\n' - body += self.indent('%s: %s' % (failtype, json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4))) + body += self.indent(f'{failtype}: {json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4)}') self.mail(subject=subject, body=body) @@ -257,4 +256,4 @@ class CallbackModule(CallbackBase): def v2_runner_item_on_failed(self, result): # Pass item information to task failure self.itemsubject = result._result['msg'] - self.itembody += self.body_blob(json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4), "failed item dump '%(item)s'" % result._result) + self.itembody += self.body_blob(json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4), f"failed item dump '{result._result['item']}'") diff --git a/plugins/callback/nrdp.py b/plugins/callback/nrdp.py index 62f4a89ec8..fa5d7cfd05 100644 --- a/plugins/callback/nrdp.py +++ b/plugins/callback/nrdp.py @@ -7,65 +7,65 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: nrdp - type: notification - author: "Remi VERCHERE (@rverchere)" - short_description: Post task results to a Nagios server through nrdp - description: - - This callback send playbook result to Nagios. - - Nagios shall use NRDP to receive passive events. - - The passive check is sent to a dedicated host/service for Ansible. - options: - url: - description: URL of the nrdp server. - required: true - env: - - name : NRDP_URL - ini: - - section: callback_nrdp - key: url - type: string - validate_certs: - description: Validate the SSL certificate of the nrdp server. (Used for HTTPS URLs.) - env: - - name: NRDP_VALIDATE_CERTS - ini: - - section: callback_nrdp - key: validate_nrdp_certs - - section: callback_nrdp - key: validate_certs - type: boolean - default: false - aliases: [ validate_nrdp_certs ] - token: - description: Token to be allowed to push nrdp events. - required: true - env: - - name: NRDP_TOKEN - ini: - - section: callback_nrdp - key: token - type: string - hostname: - description: Hostname where the passive check is linked to. - required: true - env: - - name : NRDP_HOSTNAME - ini: - - section: callback_nrdp - key: hostname - type: string - servicename: - description: Service where the passive check is linked to. - required: true - env: - - name : NRDP_SERVICENAME - ini: - - section: callback_nrdp - key: servicename - type: string -''' +DOCUMENTATION = r""" +name: nrdp +type: notification +author: "Remi VERCHERE (@rverchere)" +short_description: Post task results to a Nagios server through nrdp +description: + - This callback send playbook result to Nagios. + - Nagios shall use NRDP to receive passive events. + - The passive check is sent to a dedicated host/service for Ansible. +options: + url: + description: URL of the nrdp server. + required: true + env: + - name: NRDP_URL + ini: + - section: callback_nrdp + key: url + type: string + validate_certs: + description: Validate the SSL certificate of the nrdp server. (Used for HTTPS URLs). + env: + - name: NRDP_VALIDATE_CERTS + ini: + - section: callback_nrdp + key: validate_nrdp_certs + - section: callback_nrdp + key: validate_certs + type: boolean + default: false + aliases: [validate_nrdp_certs] + token: + description: Token to be allowed to push nrdp events. + required: true + env: + - name: NRDP_TOKEN + ini: + - section: callback_nrdp + key: token + type: string + hostname: + description: Hostname where the passive check is linked to. + required: true + env: + - name: NRDP_HOSTNAME + ini: + - section: callback_nrdp + key: hostname + type: string + servicename: + description: Service where the passive check is linked to. + required: true + env: + - name: NRDP_SERVICENAME + ini: + - section: callback_nrdp + key: servicename + type: string +""" from ansible.module_utils.six.moves.urllib.parse import urlencode from ansible.module_utils.common.text.converters import to_bytes @@ -132,10 +132,10 @@ class CallbackModule(CallbackBase): xmldata = "\n" xmldata += "\n" xmldata += "\n" - xmldata += "%s\n" % self.hostname - xmldata += "%s\n" % self.servicename - xmldata += "%d\n" % state - xmldata += "%s\n" % msg + xmldata += f"{self.hostname}\n" + xmldata += f"{self.servicename}\n" + xmldata += f"{state}\n" + xmldata += f"{msg}\n" xmldata += "\n" xmldata += "\n" @@ -152,7 +152,7 @@ class CallbackModule(CallbackBase): validate_certs=self.validate_nrdp_certs) return response.read() except Exception as ex: - self._display.warning("NRDP callback cannot send result {0}".format(ex)) + self._display.warning(f"NRDP callback cannot send result {ex}") def v2_playbook_on_play_start(self, play): ''' @@ -170,17 +170,16 @@ class CallbackModule(CallbackBase): critical = warning = 0 for host in hosts: stat = stats.summarize(host) - gstats += "'%s_ok'=%d '%s_changed'=%d \ - '%s_unreachable'=%d '%s_failed'=%d " % \ - (host, stat['ok'], host, stat['changed'], - host, stat['unreachable'], host, stat['failures']) + gstats += ( + f"'{host}_ok'={stat['ok']} '{host}_changed'={stat['changed']} '{host}_unreachable'={stat['unreachable']} '{host}_failed'={stat['failures']} " + ) # Critical when failed tasks or unreachable host critical += stat['failures'] critical += stat['unreachable'] # Warning when changed tasks warning += stat['changed'] - msg = "%s | %s" % (name, gstats) + msg = f"{name} | {gstats}" if critical: # Send Critical self._send_nrdp(self.CRITICAL, msg) diff --git a/plugins/callback/null.py b/plugins/callback/null.py index 6aeeba313a..0cc722f63b 100644 --- a/plugins/callback/null.py +++ b/plugins/callback/null.py @@ -7,16 +7,16 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: 'null' - type: stdout - requirements: - - set as main display callback - short_description: Don't display stuff to screen - description: - - This callback prevents outputting events to screen. -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: 'null' +type: stdout +requirements: + - set as main display callback +short_description: do not display stuff to screen +description: + - This callback prevents outputting events to screen. +""" from ansible.plugins.callback import CallbackBase diff --git a/plugins/callback/opentelemetry.py b/plugins/callback/opentelemetry.py index 492e420716..38388e8270 100644 --- a/plugins/callback/opentelemetry.py +++ b/plugins/callback/opentelemetry.py @@ -6,93 +6,120 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Victor Martinez (@v1v) - name: opentelemetry - type: notification - short_description: Create distributed traces with OpenTelemetry - version_added: 3.7.0 +DOCUMENTATION = r""" +author: Victor Martinez (@v1v) +name: opentelemetry +type: notification +short_description: Create distributed traces with OpenTelemetry +version_added: 3.7.0 +description: + - This callback creates distributed traces for each Ansible task with OpenTelemetry. + - You can configure the OpenTelemetry exporter and SDK with environment variables. + - See U(https://opentelemetry-python.readthedocs.io/en/latest/exporter/otlp/otlp.html). + - See + U(https://opentelemetry-python.readthedocs.io/en/latest/sdk/environment_variables.html#opentelemetry-sdk-environment-variables). +options: + hide_task_arguments: + default: false + type: bool description: - - This callback creates distributed traces for each Ansible task with OpenTelemetry. - - You can configure the OpenTelemetry exporter and SDK with environment variables. - - See U(https://opentelemetry-python.readthedocs.io/en/latest/exporter/otlp/otlp.html). - - See U(https://opentelemetry-python.readthedocs.io/en/latest/sdk/environment_variables.html#opentelemetry-sdk-environment-variables). - options: - hide_task_arguments: - default: false - type: bool - description: - - Hide the arguments for a task. - env: - - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS - ini: - - section: callback_opentelemetry - key: hide_task_arguments - version_added: 5.3.0 - enable_from_environment: - type: str - description: - - Whether to enable this callback only if the given environment variable exists and it is set to V(true). - - This is handy when you use Configuration as Code and want to send distributed traces - if running in the CI rather when running Ansible locally. - - For such, it evaluates the given O(enable_from_environment) value as environment variable - and if set to true this plugin will be enabled. - env: - - name: ANSIBLE_OPENTELEMETRY_ENABLE_FROM_ENVIRONMENT - ini: - - section: callback_opentelemetry - key: enable_from_environment - version_added: 5.3.0 - version_added: 3.8.0 - otel_service_name: - default: ansible - type: str - description: - - The service name resource attribute. - env: - - name: OTEL_SERVICE_NAME - ini: - - section: callback_opentelemetry - key: otel_service_name - version_added: 5.3.0 - traceparent: - default: None - type: str - description: - - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header). - env: - - name: TRACEPARENT - disable_logs: - default: false - type: bool - description: - - Disable sending logs. - env: - - name: ANSIBLE_OPENTELEMETRY_DISABLE_LOGS - ini: - - section: callback_opentelemetry - key: disable_logs - version_added: 5.8.0 - disable_attributes_in_logs: - default: false - type: bool - description: - - Disable populating span attributes to the logs. - env: - - name: ANSIBLE_OPENTELEMETRY_DISABLE_ATTRIBUTES_IN_LOGS - ini: - - section: callback_opentelemetry - key: disable_attributes_in_logs - version_added: 7.1.0 - requirements: - - opentelemetry-api (Python library) - - opentelemetry-exporter-otlp (Python library) - - opentelemetry-sdk (Python library) -''' + - Hide the arguments for a task. + env: + - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS + ini: + - section: callback_opentelemetry + key: hide_task_arguments + version_added: 5.3.0 + enable_from_environment: + type: str + description: + - Whether to enable this callback only if the given environment variable exists and it is set to V(true). + - This is handy when you use Configuration as Code and want to send distributed traces if running in the CI rather when + running Ansible locally. + - For such, it evaluates the given O(enable_from_environment) value as environment variable and if set to true this + plugin will be enabled. + env: + - name: ANSIBLE_OPENTELEMETRY_ENABLE_FROM_ENVIRONMENT + ini: + - section: callback_opentelemetry + key: enable_from_environment + version_added: 5.3.0 + version_added: 3.8.0 + otel_service_name: + default: ansible + type: str + description: + - The service name resource attribute. + env: + - name: OTEL_SERVICE_NAME + ini: + - section: callback_opentelemetry + key: otel_service_name + version_added: 5.3.0 + traceparent: + default: None + type: str + description: + - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header). + env: + - name: TRACEPARENT + disable_logs: + default: false + type: bool + description: + - Disable sending logs. + env: + - name: ANSIBLE_OPENTELEMETRY_DISABLE_LOGS + ini: + - section: callback_opentelemetry + key: disable_logs + version_added: 5.8.0 + disable_attributes_in_logs: + default: false + type: bool + description: + - Disable populating span attributes to the logs. + env: + - name: ANSIBLE_OPENTELEMETRY_DISABLE_ATTRIBUTES_IN_LOGS + ini: + - section: callback_opentelemetry + key: disable_attributes_in_logs + version_added: 7.1.0 + store_spans_in_file: + type: str + description: + - It stores the exported spans in the given file. + env: + - name: ANSIBLE_OPENTELEMETRY_STORE_SPANS_IN_FILE + ini: + - section: callback_opentelemetry + key: store_spans_in_file + version_added: 9.0.0 + otel_exporter_otlp_traces_protocol: + type: str + description: + - E(OTEL_EXPORTER_OTLP_TRACES_PROTOCOL) represents the the transport protocol for spans. + - See + U(https://opentelemetry-python.readthedocs.io/en/latest/sdk/environment_variables.html#envvar-OTEL_EXPORTER_OTLP_TRACES_PROTOCOL). + default: grpc + choices: + - grpc + - http/protobuf + env: + - name: OTEL_EXPORTER_OTLP_TRACES_PROTOCOL + ini: + - section: callback_opentelemetry + key: otel_exporter_otlp_traces_protocol + version_added: 9.0.0 +requirements: + - opentelemetry-api (Python library) + - opentelemetry-exporter-otlp (Python library) + - opentelemetry-sdk (Python library) +""" -EXAMPLES = ''' -examples: | +EXAMPLES = r""" +examples: |- Enable the plugin in ansible.cfg: [defaults] callbacks_enabled = community.general.opentelemetry @@ -104,14 +131,14 @@ examples: | export OTEL_EXPORTER_OTLP_HEADERS="authorization=Bearer your_otel_token" export OTEL_SERVICE_NAME=your_service_name export ANSIBLE_OPENTELEMETRY_ENABLED=true -''' +""" import getpass +import json import os import socket -import sys -import time import uuid +from time import time_ns from collections import OrderedDict from os.path import basename @@ -124,40 +151,25 @@ from ansible.plugins.callback import CallbackBase try: from opentelemetry import trace from opentelemetry.trace import SpanKind - from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter + from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter as GRPCOTLPSpanExporter + from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter as HTTPOTLPSpanExporter from opentelemetry.sdk.resources import SERVICE_NAME, Resource from opentelemetry.trace.status import Status, StatusCode from opentelemetry.trace.propagation.tracecontext import TraceContextTextMapPropagator from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import ( - BatchSpanProcessor + BatchSpanProcessor, + SimpleSpanProcessor + ) + from opentelemetry.sdk.trace.export.in_memory_span_exporter import ( + InMemorySpanExporter ) - - # Support for opentelemetry-api <= 1.12 - try: - from opentelemetry.util._time import _time_ns - except ImportError as imp_exc: - OTEL_LIBRARY_TIME_NS_ERROR = imp_exc - else: - OTEL_LIBRARY_TIME_NS_ERROR = None - except ImportError as imp_exc: OTEL_LIBRARY_IMPORT_ERROR = imp_exc - OTEL_LIBRARY_TIME_NS_ERROR = imp_exc else: OTEL_LIBRARY_IMPORT_ERROR = None -if sys.version_info >= (3, 7): - time_ns = time.time_ns -elif not OTEL_LIBRARY_TIME_NS_ERROR: - time_ns = _time_ns -else: - def time_ns(): - # Support versions older than 3.7 with opentelemetry-api > 1.12 - return int(time.time() * 1e9) - - class TaskData: """ Data about an individual task. @@ -178,7 +190,7 @@ class TaskData: if host.uuid in self.host_data: if host.status == 'included': # concatenate task include output from multiple items - host.result = '%s\n%s' % (self.host_data[host.uuid].result, host.result) + host.result = f'{self.host_data[host.uuid].result}\n{host.result}' else: return @@ -255,7 +267,16 @@ class OpenTelemetrySource(object): task.dump = dump task.add_host(HostData(host_uuid, host_name, status, result)) - def generate_distributed_traces(self, otel_service_name, ansible_playbook, tasks_data, status, traceparent, disable_logs, disable_attributes_in_logs): + def generate_distributed_traces(self, + otel_service_name, + ansible_playbook, + tasks_data, + status, + traceparent, + disable_logs, + disable_attributes_in_logs, + otel_exporter_otlp_traces_protocol, + store_spans_in_file): """ generate distributed traces from the collected TaskData and HostData """ tasks = [] @@ -271,7 +292,16 @@ class OpenTelemetrySource(object): ) ) - processor = BatchSpanProcessor(OTLPSpanExporter()) + otel_exporter = None + if store_spans_in_file: + otel_exporter = InMemorySpanExporter() + processor = SimpleSpanProcessor(otel_exporter) + else: + if otel_exporter_otlp_traces_protocol == 'grpc': + otel_exporter = GRPCOTLPSpanExporter() + else: + otel_exporter = HTTPOTLPSpanExporter() + processor = BatchSpanProcessor(otel_exporter) trace.get_tracer_provider().add_span_processor(processor) @@ -293,10 +323,12 @@ class OpenTelemetrySource(object): with tracer.start_as_current_span(task.name, start_time=task.start, end_on_exit=False) as span: self.update_span_data(task, host_data, span, disable_logs, disable_attributes_in_logs) + return otel_exporter + def update_span_data(self, task_data, host_data, span, disable_logs, disable_attributes_in_logs): """ update the span with the given TaskData and HostData """ - name = '[%s] %s: %s' % (host_data.name, task_data.play, task_data.name) + name = f'[{host_data.name}] {task_data.play}: {task_data.name}' message = 'success' res = {} @@ -304,6 +336,7 @@ class OpenTelemetrySource(object): status = Status(status_code=StatusCode.OK) if host_data.status != 'included': # Support loops + enriched_error_message = None if 'results' in host_data.result._result: if host_data.status == 'failed': message = self.get_error_message_from_results(host_data.result._result['results'], task_data.action) @@ -350,7 +383,8 @@ class OpenTelemetrySource(object): if not disable_logs: # This will avoid populating span attributes to the logs span.add_event(task_data.dump, attributes={} if disable_attributes_in_logs else attributes) - span.end(end_time=host_data.finish) + # Close span always + span.end(end_time=host_data.finish) def set_span_attributes(self, span, attributes): """ update the span attributes with the given attributes if not None """ @@ -417,7 +451,7 @@ class OpenTelemetrySource(object): def get_error_message_from_results(results, action): for result in results: if result.get('failed', False): - return ('{0}({1}) - {2}').format(action, result.get('item', 'none'), OpenTelemetrySource.get_error_message(result)) + return f"{action}({result.get('item', 'none')}) - {OpenTelemetrySource.get_error_message(result)}" @staticmethod def _last_line(text): @@ -429,14 +463,14 @@ class OpenTelemetrySource(object): message = result.get('msg', 'failed') exception = result.get('exception') stderr = result.get('stderr') - return ('message: "{0}"\nexception: "{1}"\nstderr: "{2}"').format(message, exception, stderr) + return f"message: \"{message}\"\nexception: \"{exception}\"\nstderr: \"{stderr}\"" @staticmethod def enrich_error_message_from_results(results, action): message = "" for result in results: if result.get('failed', False): - message = ('{0}({1}) - {2}\n{3}').format(action, result.get('item', 'none'), OpenTelemetrySource.enrich_error_message(result), message) + message = f"{action}({result.get('item', 'none')}) - {OpenTelemetrySource.enrich_error_message(result)}\n{message}" return message @@ -462,6 +496,8 @@ class CallbackModule(CallbackBase): self.errors = 0 self.disabled = False self.traceparent = False + self.store_spans_in_file = False + self.otel_exporter_otlp_traces_protocol = None if OTEL_LIBRARY_IMPORT_ERROR: raise_from( @@ -480,8 +516,9 @@ class CallbackModule(CallbackBase): environment_variable = self.get_option('enable_from_environment') if environment_variable is not None and os.environ.get(environment_variable, 'false').lower() != 'true': self.disabled = True - self._display.warning("The `enable_from_environment` option has been set and {0} is not enabled. " - "Disabling the `opentelemetry` callback plugin.".format(environment_variable)) + self._display.warning( + f"The `enable_from_environment` option has been set and {environment_variable} is not enabled. Disabling the `opentelemetry` callback plugin." + ) self.hide_task_arguments = self.get_option('hide_task_arguments') @@ -489,6 +526,8 @@ class CallbackModule(CallbackBase): self.disable_logs = self.get_option('disable_logs') + self.store_spans_in_file = self.get_option('store_spans_in_file') + self.otel_service_name = self.get_option('otel_service_name') if not self.otel_service_name: @@ -497,6 +536,22 @@ class CallbackModule(CallbackBase): # See https://github.com/open-telemetry/opentelemetry-specification/issues/740 self.traceparent = self.get_option('traceparent') + self.otel_exporter_otlp_traces_protocol = self.get_option('otel_exporter_otlp_traces_protocol') + + def dump_results(self, task, result): + """ dump the results if disable_logs is not enabled """ + if self.disable_logs: + return "" + # ansible.builtin.uri contains the response in the json field + save = dict(result._result) + + if "json" in save and task.action in ("ansible.builtin.uri", "ansible.legacy.uri", "uri"): + save.pop("json") + # ansible.builtin.slurp contains the response in the content field + if "content" in save and task.action in ("ansible.builtin.slurp", "ansible.legacy.slurp", "slurp"): + save.pop("content") + return self._dump_results(save) + def v2_playbook_on_start(self, playbook): self.ansible_playbook = basename(playbook._file_name) @@ -546,7 +601,7 @@ class CallbackModule(CallbackBase): self.tasks_data, status, result, - self._dump_results(result._result) + self.dump_results(self.tasks_data[result._task._uuid], result) ) def v2_runner_on_ok(self, result): @@ -554,7 +609,7 @@ class CallbackModule(CallbackBase): self.tasks_data, 'ok', result, - self._dump_results(result._result) + self.dump_results(self.tasks_data[result._task._uuid], result) ) def v2_runner_on_skipped(self, result): @@ -562,7 +617,7 @@ class CallbackModule(CallbackBase): self.tasks_data, 'skipped', result, - self._dump_results(result._result) + self.dump_results(self.tasks_data[result._task._uuid], result) ) def v2_playbook_on_include(self, included_file): @@ -578,15 +633,22 @@ class CallbackModule(CallbackBase): status = Status(status_code=StatusCode.OK) else: status = Status(status_code=StatusCode.ERROR) - self.opentelemetry.generate_distributed_traces( + otel_exporter = self.opentelemetry.generate_distributed_traces( self.otel_service_name, self.ansible_playbook, self.tasks_data, status, self.traceparent, self.disable_logs, - self.disable_attributes_in_logs + self.disable_attributes_in_logs, + self.otel_exporter_otlp_traces_protocol, + self.store_spans_in_file ) + if self.store_spans_in_file: + spans = [json.loads(span.to_json()) for span in otel_exporter.get_finished_spans()] + with open(self.store_spans_in_file, "w", encoding="utf-8") as output: + json.dump({"spans": spans}, output, indent=4) + def v2_runner_on_async_failed(self, result, **kwargs): self.errors += 1 diff --git a/plugins/callback/say.py b/plugins/callback/say.py index 9d96ad74d9..94f49cc822 100644 --- a/plugins/callback/say.py +++ b/plugins/callback/say.py @@ -8,17 +8,17 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: say - type: notification - requirements: - - whitelisting in configuration - - the C(/usr/bin/say) command line program (standard on macOS) or C(espeak) command line program - short_description: notify using software speech synthesizer - description: - - This plugin will use the C(say) or C(espeak) program to "speak" about play events. -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: say +type: notification +requirements: + - whitelisting in configuration + - the C(/usr/bin/say) command line program (standard on macOS) or C(espeak) command line program +short_description: notify using software speech synthesizer +description: + - This plugin will use the C(say) or C(espeak) program to "speak" about play events. +""" import platform import subprocess @@ -50,7 +50,7 @@ class CallbackModule(CallbackBase): self.synthesizer = get_bin_path('say') if platform.system() != 'Darwin': # 'say' binary available, it might be GNUstep tool which doesn't support 'voice' parameter - self._display.warning("'say' executable found but system is '%s': ignoring voice parameter" % platform.system()) + self._display.warning(f"'say' executable found but system is '{platform.system()}': ignoring voice parameter") else: self.FAILED_VOICE = 'Zarvox' self.REGULAR_VOICE = 'Trinoids' @@ -69,7 +69,7 @@ class CallbackModule(CallbackBase): # ansible will not call any callback if disabled is set to True if not self.synthesizer: self.disabled = True - self._display.warning("Unable to find either 'say' or 'espeak' executable, plugin %s disabled" % os.path.basename(__file__)) + self._display.warning(f"Unable to find either 'say' or 'espeak' executable, plugin {os.path.basename(__file__)} disabled") def say(self, msg, voice): cmd = [self.synthesizer, msg] @@ -78,7 +78,7 @@ class CallbackModule(CallbackBase): subprocess.call(cmd) def runner_on_failed(self, host, res, ignore_errors=False): - self.say("Failure on host %s" % host, self.FAILED_VOICE) + self.say(f"Failure on host {host}", self.FAILED_VOICE) def runner_on_ok(self, host, res): self.say("pew", self.LASER_VOICE) @@ -87,13 +87,13 @@ class CallbackModule(CallbackBase): self.say("pew", self.LASER_VOICE) def runner_on_unreachable(self, host, res): - self.say("Failure on host %s" % host, self.FAILED_VOICE) + self.say(f"Failure on host {host}", self.FAILED_VOICE) def runner_on_async_ok(self, host, res, jid): self.say("pew", self.LASER_VOICE) def runner_on_async_failed(self, host, res, jid): - self.say("Failure on host %s" % host, self.FAILED_VOICE) + self.say(f"Failure on host {host}", self.FAILED_VOICE) def playbook_on_start(self): self.say("Running Playbook", self.REGULAR_VOICE) @@ -103,15 +103,15 @@ class CallbackModule(CallbackBase): def playbook_on_task_start(self, name, is_conditional): if not is_conditional: - self.say("Starting task: %s" % name, self.REGULAR_VOICE) + self.say(f"Starting task: {name}", self.REGULAR_VOICE) else: - self.say("Notifying task: %s" % name, self.REGULAR_VOICE) + self.say(f"Notifying task: {name}", self.REGULAR_VOICE) def playbook_on_setup(self): self.say("Gathering facts", self.REGULAR_VOICE) def playbook_on_play_start(self, name): - self.say("Starting play: %s" % name, self.HAPPY_VOICE) + self.say(f"Starting play: {name}", self.HAPPY_VOICE) def playbook_on_stats(self, stats): self.say("Play complete", self.HAPPY_VOICE) diff --git a/plugins/callback/selective.py b/plugins/callback/selective.py index 0696757837..27ac63658c 100644 --- a/plugins/callback/selective.py +++ b/plugins/callback/selective.py @@ -7,35 +7,35 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: selective - type: stdout - requirements: - - set as main display callback - short_description: only print certain tasks - description: - - This callback only prints tasks that have been tagged with C(print_action) or that have failed. - This allows operators to focus on the tasks that provide value only. - - Tasks that are not printed are placed with a C(.). - - If you increase verbosity all tasks are printed. - options: - nocolor: - default: false - description: This setting allows suppressing colorizing output. - env: - - name: ANSIBLE_NOCOLOR - - name: ANSIBLE_SELECTIVE_DONT_COLORIZE - ini: - - section: defaults - key: nocolor - type: boolean -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: selective +type: stdout +requirements: + - set as main display callback +short_description: only print certain tasks +description: + - This callback only prints tasks that have been tagged with C(print_action) or that have failed. This allows operators + to focus on the tasks that provide value only. + - Tasks that are not printed are placed with a C(.). + - If you increase verbosity all tasks are printed. +options: + nocolor: + default: false + description: This setting allows suppressing colorizing output. + env: + - name: ANSIBLE_NOCOLOR + - name: ANSIBLE_SELECTIVE_DONT_COLORIZE + ini: + - section: defaults + key: nocolor + type: boolean +""" -EXAMPLES = """ - - ansible.builtin.debug: msg="This will not be printed" - - ansible.builtin.debug: msg="But this will" - tags: [print_action] +EXAMPLES = r""" +- ansible.builtin.debug: msg="This will not be printed" +- ansible.builtin.debug: msg="But this will" + tags: [print_action] """ import difflib @@ -48,13 +48,13 @@ from ansible.module_utils.common.text.converters import to_text DONT_COLORIZE = False COLORS = { 'normal': '\033[0m', - 'ok': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_OK]), + 'ok': f'\x1b[{C.COLOR_CODES[C.COLOR_OK]}m', 'bold': '\033[1m', 'not_so_bold': '\033[1m\033[34m', - 'changed': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_CHANGED]), - 'failed': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_ERROR]), + 'changed': f'\x1b[{C.COLOR_CODES[C.COLOR_CHANGED]}m', + 'failed': f'\x1b[{C.COLOR_CODES[C.COLOR_ERROR]}m', 'endc': '\033[0m', - 'skipped': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_SKIP]), + 'skipped': f'\x1b[{C.COLOR_CODES[C.COLOR_SKIP]}m', } @@ -73,7 +73,7 @@ def colorize(msg, color): if DONT_COLORIZE: return msg else: - return '{0}{1}{2}'.format(COLORS[color], msg, COLORS['endc']) + return f"{COLORS[color]}{msg}{COLORS['endc']}" class CallbackModule(CallbackBase): @@ -106,15 +106,15 @@ class CallbackModule(CallbackBase): line_length = 120 if self.last_skipped: print() - line = "# {0} ".format(task_name) - msg = colorize("{0}{1}".format(line, '*' * (line_length - len(line))), 'bold') + line = f"# {task_name} " + msg = colorize(f"{line}{'*' * (line_length - len(line))}", 'bold') print(msg) def _indent_text(self, text, indent_level): lines = text.splitlines() result_lines = [] for l in lines: - result_lines.append("{0}{1}".format(' ' * indent_level, l)) + result_lines.append(f"{' ' * indent_level}{l}") return '\n'.join(result_lines) def _print_diff(self, diff, indent_level): @@ -147,19 +147,19 @@ class CallbackModule(CallbackBase): change_string = colorize('FAILED!!!', color) else: color = 'changed' if changed else 'ok' - change_string = colorize("changed={0}".format(changed), color) + change_string = colorize(f"changed={changed}", color) msg = colorize(msg, color) line_length = 120 spaces = ' ' * (40 - len(name) - indent_level) - line = "{0} * {1}{2}- {3}".format(' ' * indent_level, name, spaces, change_string) + line = f"{' ' * indent_level} * {name}{spaces}- {change_string}" if len(msg) < 50: - line += ' -- {0}'.format(msg) - print("{0} {1}---------".format(line, '-' * (line_length - len(line)))) + line += f' -- {msg}' + print(f"{line} {'-' * (line_length - len(line))}---------") else: - print("{0} {1}".format(line, '-' * (line_length - len(line)))) + print(f"{line} {'-' * (line_length - len(line))}") print(self._indent_text(msg, indent_level + 4)) if diff: @@ -239,8 +239,10 @@ class CallbackModule(CallbackBase): else: color = 'ok' - msg = '{0} : ok={1}\tchanged={2}\tfailed={3}\tunreachable={4}\trescued={5}\tignored={6}'.format( - host, s['ok'], s['changed'], s['failures'], s['unreachable'], s['rescued'], s['ignored']) + msg = ( + f"{host} : ok={s['ok']}\tchanged={s['changed']}\tfailed={s['failures']}\tunreachable=" + f"{s['unreachable']}\trescued={s['rescued']}\tignored={s['ignored']}" + ) print(colorize(msg, color)) def v2_runner_on_skipped(self, result, **kwargs): @@ -252,17 +254,15 @@ class CallbackModule(CallbackBase): line_length = 120 spaces = ' ' * (31 - len(result._host.name) - 4) - line = " * {0}{1}- {2}".format(colorize(result._host.name, 'not_so_bold'), - spaces, - colorize("skipped", 'skipped'),) + line = f" * {colorize(result._host.name, 'not_so_bold')}{spaces}- {colorize('skipped', 'skipped')}" reason = result._result.get('skipped_reason', '') or \ result._result.get('skip_reason', '') if len(reason) < 50: - line += ' -- {0}'.format(reason) - print("{0} {1}---------".format(line, '-' * (line_length - len(line)))) + line += f' -- {reason}' + print(f"{line} {'-' * (line_length - len(line))}---------") else: - print("{0} {1}".format(line, '-' * (line_length - len(line)))) + print(f"{line} {'-' * (line_length - len(line))}") print(self._indent_text(reason, 8)) print(reason) diff --git a/plugins/callback/slack.py b/plugins/callback/slack.py index e7a2743ec5..fda430b778 100644 --- a/plugins/callback/slack.py +++ b/plugins/callback/slack.py @@ -8,58 +8,60 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: slack - type: notification - requirements: - - whitelist in configuration - - prettytable (python library) - short_description: Sends play events to a Slack channel - description: - - This is an ansible callback plugin that sends status updates to a Slack channel during playbook execution. - options: - webhook_url: - required: true - description: Slack Webhook URL. - env: - - name: SLACK_WEBHOOK_URL - ini: - - section: callback_slack - key: webhook_url - channel: - default: "#ansible" - description: Slack room to post in. - env: - - name: SLACK_CHANNEL - ini: - - section: callback_slack - key: channel - username: - description: Username to post as. - env: - - name: SLACK_USERNAME - default: ansible - ini: - - section: callback_slack - key: username - validate_certs: - description: Validate the SSL certificate of the Slack server for HTTPS URLs. - env: - - name: SLACK_VALIDATE_CERTS - ini: - - section: callback_slack - key: validate_certs - default: true - type: bool -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: slack +type: notification +requirements: + - whitelist in configuration + - prettytable (python library) +short_description: Sends play events to a Slack channel +description: + - This is an ansible callback plugin that sends status updates to a Slack channel during playbook execution. +options: + webhook_url: + required: true + description: Slack Webhook URL. + type: str + env: + - name: SLACK_WEBHOOK_URL + ini: + - section: callback_slack + key: webhook_url + channel: + default: "#ansible" + description: Slack room to post in. + type: str + env: + - name: SLACK_CHANNEL + ini: + - section: callback_slack + key: channel + username: + description: Username to post as. + type: str + env: + - name: SLACK_USERNAME + default: ansible + ini: + - section: callback_slack + key: username + validate_certs: + description: Validate the SSL certificate of the Slack server for HTTPS URLs. + env: + - name: SLACK_VALIDATE_CERTS + ini: + - section: callback_slack + key: validate_certs + default: true + type: bool +""" import json import os import uuid from ansible import context -from ansible.module_utils.common.text.converters import to_text from ansible.module_utils.urls import open_url from ansible.plugins.callback import CallbackBase @@ -135,14 +137,13 @@ class CallbackModule(CallbackBase): headers=headers) return response.read() except Exception as e: - self._display.warning(u'Could not submit message to Slack: %s' % - to_text(e)) + self._display.warning(f'Could not submit message to Slack: {e}') def v2_playbook_on_start(self, playbook): self.playbook_name = os.path.basename(playbook._file_name) title = [ - '*Playbook initiated* (_%s_)' % self.guid + f'*Playbook initiated* (_{self.guid}_)' ] invocation_items = [] @@ -153,23 +154,23 @@ class CallbackModule(CallbackBase): subset = context.CLIARGS['subset'] inventory = [os.path.abspath(i) for i in context.CLIARGS['inventory']] - invocation_items.append('Inventory: %s' % ', '.join(inventory)) + invocation_items.append(f"Inventory: {', '.join(inventory)}") if tags and tags != ['all']: - invocation_items.append('Tags: %s' % ', '.join(tags)) + invocation_items.append(f"Tags: {', '.join(tags)}") if skip_tags: - invocation_items.append('Skip Tags: %s' % ', '.join(skip_tags)) + invocation_items.append(f"Skip Tags: {', '.join(skip_tags)}") if subset: - invocation_items.append('Limit: %s' % subset) + invocation_items.append(f'Limit: {subset}') if extra_vars: - invocation_items.append('Extra Vars: %s' % - ' '.join(extra_vars)) + invocation_items.append(f"Extra Vars: {' '.join(extra_vars)}") - title.append('by *%s*' % context.CLIARGS['remote_user']) + title.append(f"by *{context.CLIARGS['remote_user']}*") - title.append('\n\n*%s*' % self.playbook_name) + title.append(f'\n\n*{self.playbook_name}*') msg_items = [' '.join(title)] if invocation_items: - msg_items.append('```\n%s\n```' % '\n'.join(invocation_items)) + _inv_item = '\n'.join(invocation_items) + msg_items.append(f'```\n{_inv_item}\n```') msg = '\n'.join(msg_items) @@ -189,8 +190,8 @@ class CallbackModule(CallbackBase): def v2_playbook_on_play_start(self, play): """Display Play start messages""" - name = play.name or 'Play name not specified (%s)' % play._uuid - msg = '*Starting play* (_%s_)\n\n*%s*' % (self.guid, name) + name = play.name or f'Play name not specified ({play._uuid})' + msg = f'*Starting play* (_{self.guid}_)\n\n*{name}*' attachments = [ { 'fallback': msg, @@ -225,7 +226,7 @@ class CallbackModule(CallbackBase): attachments = [] msg_items = [ - '*Playbook Complete* (_%s_)' % self.guid + f'*Playbook Complete* (_{self.guid}_)' ] if failures or unreachable: color = 'danger' @@ -234,7 +235,7 @@ class CallbackModule(CallbackBase): color = 'good' msg_items.append('\n*Success!*') - msg_items.append('```\n%s\n```' % t) + msg_items.append(f'```\n{t}\n```') msg = '\n'.join(msg_items) diff --git a/plugins/callback/splunk.py b/plugins/callback/splunk.py index d15547f44b..05cca87a69 100644 --- a/plugins/callback/splunk.py +++ b/plugins/callback/splunk.py @@ -6,71 +6,73 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: splunk - type: notification - short_description: Sends task result events to Splunk HTTP Event Collector - author: "Stuart Hirst (!UNKNOWN) " +DOCUMENTATION = r""" +name: splunk +type: notification +short_description: Sends task result events to Splunk HTTP Event Collector +author: "Stuart Hirst (!UNKNOWN) " +description: + - This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector. + - The companion Splunk Monitoring & Diagnostics App is available here U(https://splunkbase.splunk.com/app/4023/). + - Credit to "Ryan Currah (@ryancurrah)" for original source upon which this is based. +requirements: + - Whitelisting this callback plugin + - 'Create a HTTP Event Collector in Splunk' + - 'Define the URL and token in C(ansible.cfg)' +options: + url: + description: URL to the Splunk HTTP collector source. + type: str + env: + - name: SPLUNK_URL + ini: + - section: callback_splunk + key: url + authtoken: + description: Token to authenticate the connection to the Splunk HTTP collector. + type: str + env: + - name: SPLUNK_AUTHTOKEN + ini: + - section: callback_splunk + key: authtoken + validate_certs: + description: Whether to validate certificates for connections to HEC. It is not recommended to set to V(false) except + when you are sure that nobody can intercept the connection between this plugin and HEC, as setting it to V(false) allows + man-in-the-middle attacks! + env: + - name: SPLUNK_VALIDATE_CERTS + ini: + - section: callback_splunk + key: validate_certs + type: bool + default: true + version_added: '1.0.0' + include_milliseconds: + description: Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk + HTTP collector. + env: + - name: SPLUNK_INCLUDE_MILLISECONDS + ini: + - section: callback_splunk + key: include_milliseconds + type: bool + default: false + version_added: 2.0.0 + batch: description: - - This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector. - - The companion Splunk Monitoring & Diagnostics App is available here U(https://splunkbase.splunk.com/app/4023/). - - Credit to "Ryan Currah (@ryancurrah)" for original source upon which this is based. - requirements: - - Whitelisting this callback plugin - - 'Create a HTTP Event Collector in Splunk' - - 'Define the URL and token in C(ansible.cfg)' - options: - url: - description: URL to the Splunk HTTP collector source. - env: - - name: SPLUNK_URL - ini: - - section: callback_splunk - key: url - authtoken: - description: Token to authenticate the connection to the Splunk HTTP collector. - env: - - name: SPLUNK_AUTHTOKEN - ini: - - section: callback_splunk - key: authtoken - validate_certs: - description: Whether to validate certificates for connections to HEC. It is not recommended to set to - V(false) except when you are sure that nobody can intercept the connection - between this plugin and HEC, as setting it to V(false) allows man-in-the-middle attacks! - env: - - name: SPLUNK_VALIDATE_CERTS - ini: - - section: callback_splunk - key: validate_certs - type: bool - default: true - version_added: '1.0.0' - include_milliseconds: - description: Whether to include milliseconds as part of the generated timestamp field in the event - sent to the Splunk HTTP collector. - env: - - name: SPLUNK_INCLUDE_MILLISECONDS - ini: - - section: callback_splunk - key: include_milliseconds - type: bool - default: false - version_added: 2.0.0 - batch: - description: - - Correlation ID which can be set across multiple playbook executions. - env: - - name: SPLUNK_BATCH - ini: - - section: callback_splunk - key: batch - type: str - version_added: 3.3.0 -''' + - Correlation ID which can be set across multiple playbook executions. + env: + - name: SPLUNK_BATCH + ini: + - section: callback_splunk + key: batch + type: str + version_added: 3.3.0 +""" -EXAMPLES = ''' -examples: > +EXAMPLES = r""" +examples: >- To enable, add this to your ansible.cfg file in the defaults block [defaults] callback_whitelist = community.general.splunk @@ -81,20 +83,23 @@ examples: > [callback_splunk] url = http://mysplunkinstance.datapaas.io:8088/services/collector/event authtoken = f23blad6-5965-4537-bf69-5b5a545blabla88 -''' +""" import json import uuid import socket import getpass -from datetime import datetime from os.path import basename from ansible.module_utils.urls import open_url from ansible.parsing.ajson import AnsibleJSONEncoder from ansible.plugins.callback import CallbackBase +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + class SplunkHTTPCollectorSource(object): def __init__(self): @@ -134,7 +139,7 @@ class SplunkHTTPCollectorSource(object): else: time_format = '%Y-%m-%d %H:%M:%S +0000' - data['timestamp'] = datetime.utcnow().strftime(time_format) + data['timestamp'] = now().strftime(time_format) data['host'] = self.host data['ip_address'] = self.ip_address data['user'] = self.user @@ -148,15 +153,14 @@ class SplunkHTTPCollectorSource(object): data['ansible_result'] = result._result # This wraps the json payload in and outer json event needed by Splunk - jsondata = json.dumps(data, cls=AnsibleJSONEncoder, sort_keys=True) - jsondata = '{"event":' + jsondata + "}" + jsondata = json.dumps({"event": data}, cls=AnsibleJSONEncoder, sort_keys=True) open_url( url, jsondata, headers={ 'Content-type': 'application/json', - 'Authorization': 'Splunk ' + authtoken + 'Authorization': f"Splunk {authtoken}" }, method='POST', validate_certs=validate_certs @@ -181,7 +185,7 @@ class CallbackModule(CallbackBase): def _runtime(self, result): return ( - datetime.utcnow() - + now() - self.start_datetimes[result._task._uuid] ).total_seconds() @@ -220,10 +224,10 @@ class CallbackModule(CallbackBase): self.splunk.ansible_playbook = basename(playbook._file_name) def v2_playbook_on_task_start(self, task, is_conditional): - self.start_datetimes[task._uuid] = datetime.utcnow() + self.start_datetimes[task._uuid] = now() def v2_playbook_on_handler_task_start(self, task): - self.start_datetimes[task._uuid] = datetime.utcnow() + self.start_datetimes[task._uuid] = now() def v2_runner_on_ok(self, result, **kwargs): self.splunk.send_event( diff --git a/plugins/callback/sumologic.py b/plugins/callback/sumologic.py index 46ab3f0f7c..108f324b29 100644 --- a/plugins/callback/sumologic.py +++ b/plugins/callback/sumologic.py @@ -6,7 +6,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" name: sumologic type: notification short_description: Sends task result events to Sumologic @@ -15,20 +15,21 @@ description: - This callback plugin will send task results as JSON formatted events to a Sumologic HTTP collector source. requirements: - Whitelisting this callback plugin - - 'Create a HTTP collector source in Sumologic and specify a custom timestamp format of V(yyyy-MM-dd HH:mm:ss ZZZZ) and a custom timestamp locator - of V("timestamp": "(.*\)")' + - 'Create a HTTP collector source in Sumologic and specify a custom timestamp format of V(yyyy-MM-dd HH:mm:ss ZZZZ) and + a custom timestamp locator of V("timestamp": "(.*\)")' options: url: description: URL to the Sumologic HTTP collector source. + type: str env: - name: SUMOLOGIC_URL ini: - section: callback_sumologic key: url -''' +""" -EXAMPLES = ''' -examples: | +EXAMPLES = r""" +examples: |- To enable, add this to your ansible.cfg file in the defaults block [defaults] callback_whitelist = community.general.sumologic @@ -39,20 +40,23 @@ examples: | Set the ansible.cfg variable in the callback_sumologic block [callback_sumologic] url = https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/R8moSv1d8EW9LAUFZJ6dbxCFxwLH6kfCdcBfddlfxCbLuL-BN5twcTpMk__pYy_cDmp== -''' +""" import json import uuid import socket import getpass -from datetime import datetime from os.path import basename from ansible.module_utils.urls import open_url from ansible.parsing.ajson import AnsibleJSONEncoder from ansible.plugins.callback import CallbackBase +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + class SumologicHTTPCollectorSource(object): def __init__(self): @@ -84,8 +88,7 @@ class SumologicHTTPCollectorSource(object): data['uuid'] = result._task._uuid data['session'] = self.session data['status'] = state - data['timestamp'] = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S ' - '+0000') + data['timestamp'] = now().strftime('%Y-%m-%d %H:%M:%S +0000') data['host'] = self.host data['ip_address'] = self.ip_address data['user'] = self.user @@ -123,7 +126,7 @@ class CallbackModule(CallbackBase): def _runtime(self, result): return ( - datetime.utcnow() - + now() - self.start_datetimes[result._task._uuid] ).total_seconds() @@ -144,10 +147,10 @@ class CallbackModule(CallbackBase): self.sumologic.ansible_playbook = basename(playbook._file_name) def v2_playbook_on_task_start(self, task, is_conditional): - self.start_datetimes[task._uuid] = datetime.utcnow() + self.start_datetimes[task._uuid] = now() def v2_playbook_on_handler_task_start(self, task): - self.start_datetimes[task._uuid] = datetime.utcnow() + self.start_datetimes[task._uuid] = now() def v2_runner_on_ok(self, result, **kwargs): self.sumologic.send_event( diff --git a/plugins/callback/syslog_json.py b/plugins/callback/syslog_json.py index 43d6ff2f9f..d1797455ac 100644 --- a/plugins/callback/syslog_json.py +++ b/plugins/callback/syslog_json.py @@ -7,51 +7,54 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: syslog_json - type: notification - requirements: - - whitelist in configuration - short_description: sends JSON events to syslog - description: - - This plugin logs ansible-playbook and ansible runs to a syslog server in JSON format. - options: - server: - description: Syslog server that will receive the event. - env: - - name: SYSLOG_SERVER - default: localhost - ini: - - section: callback_syslog_json - key: syslog_server - port: - description: Port on which the syslog server is listening. - env: - - name: SYSLOG_PORT - default: 514 - ini: - - section: callback_syslog_json - key: syslog_port - facility: - description: Syslog facility to log as. - env: - - name: SYSLOG_FACILITY - default: user - ini: - - section: callback_syslog_json - key: syslog_facility - setup: - description: Log setup tasks. - env: - - name: ANSIBLE_SYSLOG_SETUP - type: bool - default: true - ini: - - section: callback_syslog_json - key: syslog_setup - version_added: 4.5.0 -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: syslog_json +type: notification +requirements: + - whitelist in configuration +short_description: sends JSON events to syslog +description: + - This plugin logs ansible-playbook and ansible runs to a syslog server in JSON format. +options: + server: + description: Syslog server that will receive the event. + type: str + env: + - name: SYSLOG_SERVER + default: localhost + ini: + - section: callback_syslog_json + key: syslog_server + port: + description: Port on which the syslog server is listening. + type: int + env: + - name: SYSLOG_PORT + default: 514 + ini: + - section: callback_syslog_json + key: syslog_port + facility: + description: Syslog facility to log as. + type: str + env: + - name: SYSLOG_FACILITY + default: user + ini: + - section: callback_syslog_json + key: syslog_facility + setup: + description: Log setup tasks. + env: + - name: ANSIBLE_SYSLOG_SETUP + type: bool + default: true + ini: + - section: callback_syslog_json + key: syslog_setup + version_added: 4.5.0 +""" import logging import logging.handlers diff --git a/plugins/callback/timestamp.py b/plugins/callback/timestamp.py new file mode 100644 index 0000000000..89249c6562 --- /dev/null +++ b/plugins/callback/timestamp.py @@ -0,0 +1,126 @@ +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, kurokobo +# Copyright (c) 2014, Michael DeHaan +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +name: timestamp +type: stdout +short_description: Adds simple timestamp for each header +version_added: 9.0.0 +description: + - This callback adds simple timestamp for each header. +author: kurokobo (@kurokobo) +options: + timezone: + description: + - Timezone to use for the timestamp in IANA time zone format. + - For example V(America/New_York), V(Asia/Tokyo)). Ignored on Python < 3.9. + ini: + - section: callback_timestamp + key: timezone + env: + - name: ANSIBLE_CALLBACK_TIMESTAMP_TIMEZONE + type: string + format_string: + description: + - Format of the timestamp shown to user in 1989 C standard format. + - Refer to L(the Python documentation,https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes) + for the available format codes. + ini: + - section: callback_timestamp + key: format_string + env: + - name: ANSIBLE_CALLBACK_TIMESTAMP_FORMAT_STRING + default: "%H:%M:%S" + type: string +seealso: + - plugin: ansible.posix.profile_tasks + plugin_type: callback + description: >- + You can use P(ansible.posix.profile_tasks#callback) callback plugin to time individual tasks and overall execution time + with detailed timestamps. +extends_documentation_fragment: + - ansible.builtin.default_callback + - ansible.builtin.result_format_callback +""" + + +from ansible.plugins.callback.default import CallbackModule as Default +from ansible.utils.display import get_text_width +from ansible.module_utils.common.text.converters import to_text +from datetime import datetime +import types +import sys + +# Store whether the zoneinfo module is available +_ZONEINFO_AVAILABLE = sys.version_info >= (3, 9) + + +def get_datetime_now(tz): + """ + Returns the current timestamp with the specified timezone + """ + return datetime.now(tz=tz) + + +def banner(self, msg, color=None, cows=True): + """ + Prints a header-looking line with cowsay or stars with length depending on terminal width (3 minimum) with trailing timestamp + + Based on the banner method of Display class from ansible.utils.display + + https://github.com/ansible/ansible/blob/4403519afe89138042108e237aef317fd5f09c33/lib/ansible/utils/display.py#L511 + """ + timestamp = get_datetime_now(self.timestamp_tzinfo).strftime(self.timestamp_format_string) + timestamp_len = get_text_width(timestamp) + 1 # +1 for leading space + + msg = to_text(msg) + if self.b_cowsay and cows: + try: + self.banner_cowsay(f"{msg} @ {timestamp}") + return + except OSError: + self.warning("somebody cleverly deleted cowsay or something during the PB run. heh.") + + msg = msg.strip() + try: + star_len = self.columns - get_text_width(msg) - timestamp_len + except EnvironmentError: + star_len = self.columns - len(msg) - timestamp_len + if star_len <= 3: + star_len = 3 + stars = "*" * star_len + self.display(f"\n{msg} {stars} {timestamp}", color=color) + + +class CallbackModule(Default): + CALLBACK_VERSION = 2.0 + CALLBACK_TYPE = "stdout" + CALLBACK_NAME = "community.general.timestamp" + + def __init__(self): + super(CallbackModule, self).__init__() + + # Replace the banner method of the display object with the custom one + self._display.banner = types.MethodType(banner, self._display) + + def set_options(self, task_keys=None, var_options=None, direct=None): + super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct) + + # Store zoneinfo for specified timezone if available + tzinfo = None + if _ZONEINFO_AVAILABLE and self.get_option("timezone"): + from zoneinfo import ZoneInfo + + tzinfo = ZoneInfo(self.get_option("timezone")) + + # Inject options into the display object + setattr(self._display, "timestamp_tzinfo", tzinfo) + setattr(self._display, "timestamp_format_string", self.get_option("format_string")) diff --git a/plugins/callback/unixy.py b/plugins/callback/unixy.py index 4908202c23..8f80bf8f12 100644 --- a/plugins/callback/unixy.py +++ b/plugins/callback/unixy.py @@ -8,18 +8,18 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: unixy - type: stdout - author: Al Bowles (@akatch) - short_description: condensed Ansible output - description: - - Consolidated Ansible output in the style of LINUX/UNIX startup logs. - extends_documentation_fragment: - - default_callback - requirements: - - set as stdout in configuration -''' +DOCUMENTATION = r""" +name: unixy +type: stdout +author: Al Bowles (@akatch) +short_description: condensed Ansible output +description: + - Consolidated Ansible output in the style of LINUX/UNIX startup logs. +extends_documentation_fragment: + - default_callback +requirements: + - set as stdout in configuration +""" from os.path import basename from ansible import constants as C @@ -67,24 +67,24 @@ class CallbackModule(CallbackModule_default): def _process_result_output(self, result, msg): task_host = result._host.get_name() - task_result = "%s %s" % (task_host, msg) + task_result = f"{task_host} {msg}" if self._run_is_verbose(result): - task_result = "%s %s: %s" % (task_host, msg, self._dump_results(result._result, indent=4)) + task_result = f"{task_host} {msg}: {self._dump_results(result._result, indent=4)}" return task_result if self.delegated_vars: task_delegate_host = self.delegated_vars['ansible_host'] - task_result = "%s -> %s %s" % (task_host, task_delegate_host, msg) + task_result = f"{task_host} -> {task_delegate_host} {msg}" if result._result.get('msg') and result._result.get('msg') != "All items completed": - task_result += " | msg: " + to_text(result._result.get('msg')) + task_result += f" | msg: {to_text(result._result.get('msg'))}" if result._result.get('stdout'): - task_result += " | stdout: " + result._result.get('stdout') + task_result += f" | stdout: {result._result.get('stdout')}" if result._result.get('stderr'): - task_result += " | stderr: " + result._result.get('stderr') + task_result += f" | stderr: {result._result.get('stderr')}" return task_result @@ -92,30 +92,30 @@ class CallbackModule(CallbackModule_default): self._get_task_display_name(task) if self.task_display_name is not None: if task.check_mode and self.get_option('check_mode_markers'): - self._display.display("%s (check mode)..." % self.task_display_name) + self._display.display(f"{self.task_display_name} (check mode)...") else: - self._display.display("%s..." % self.task_display_name) + self._display.display(f"{self.task_display_name}...") def v2_playbook_on_handler_task_start(self, task): self._get_task_display_name(task) if self.task_display_name is not None: if task.check_mode and self.get_option('check_mode_markers'): - self._display.display("%s (via handler in check mode)... " % self.task_display_name) + self._display.display(f"{self.task_display_name} (via handler in check mode)... ") else: - self._display.display("%s (via handler)... " % self.task_display_name) + self._display.display(f"{self.task_display_name} (via handler)... ") def v2_playbook_on_play_start(self, play): name = play.get_name().strip() if play.check_mode and self.get_option('check_mode_markers'): if name and play.hosts: - msg = u"\n- %s (in check mode) on hosts: %s -" % (name, ",".join(play.hosts)) + msg = f"\n- {name} (in check mode) on hosts: {','.join(play.hosts)} -" else: - msg = u"- check mode -" + msg = "- check mode -" else: if name and play.hosts: - msg = u"\n- %s on hosts: %s -" % (name, ",".join(play.hosts)) + msg = f"\n- {name} on hosts: {','.join(play.hosts)} -" else: - msg = u"---" + msg = "---" self._display.display(msg) @@ -126,7 +126,7 @@ class CallbackModule(CallbackModule_default): msg = "skipped" task_result = self._process_result_output(result, msg) - self._display.display(" " + task_result, display_color) + self._display.display(f" {task_result}", display_color) else: return @@ -136,10 +136,10 @@ class CallbackModule(CallbackModule_default): msg = "failed" item_value = self._get_item_label(result._result) if item_value: - msg += " | item: %s" % (item_value,) + msg += f" | item: {item_value}" task_result = self._process_result_output(result, msg) - self._display.display(" " + task_result, display_color, stderr=self.get_option('display_failed_stderr')) + self._display.display(f" {task_result}", display_color, stderr=self.get_option('display_failed_stderr')) def v2_runner_on_ok(self, result, msg="ok", display_color=C.COLOR_OK): self._preprocess_result(result) @@ -149,13 +149,13 @@ class CallbackModule(CallbackModule_default): msg = "done" item_value = self._get_item_label(result._result) if item_value: - msg += " | item: %s" % (item_value,) + msg += f" | item: {item_value}" display_color = C.COLOR_CHANGED task_result = self._process_result_output(result, msg) - self._display.display(" " + task_result, display_color) + self._display.display(f" {task_result}", display_color) elif self.get_option('display_ok_hosts'): task_result = self._process_result_output(result, msg) - self._display.display(" " + task_result, display_color) + self._display.display(f" {task_result}", display_color) def v2_runner_item_on_skipped(self, result): self.v2_runner_on_skipped(result) @@ -173,7 +173,7 @@ class CallbackModule(CallbackModule_default): display_color = C.COLOR_UNREACHABLE task_result = self._process_result_output(result, msg) - self._display.display(" " + task_result, display_color, stderr=self.get_option('display_failed_stderr')) + self._display.display(f" {task_result}", display_color, stderr=self.get_option('display_failed_stderr')) def v2_on_file_diff(self, result): if result._task.loop and 'results' in result._result: @@ -195,25 +195,17 @@ class CallbackModule(CallbackModule_default): # TODO how else can we display these? t = stats.summarize(h) - self._display.display(u" %s : %s %s %s %s %s %s" % ( - hostcolor(h, t), - colorize(u'ok', t['ok'], C.COLOR_OK), - colorize(u'changed', t['changed'], C.COLOR_CHANGED), - colorize(u'unreachable', t['unreachable'], C.COLOR_UNREACHABLE), - colorize(u'failed', t['failures'], C.COLOR_ERROR), - colorize(u'rescued', t['rescued'], C.COLOR_OK), - colorize(u'ignored', t['ignored'], C.COLOR_WARN)), + self._display.display( + f" {hostcolor(h, t)} : {colorize('ok', t['ok'], C.COLOR_OK)} {colorize('changed', t['changed'], C.COLOR_CHANGED)} " + f"{colorize('unreachable', t['unreachable'], C.COLOR_UNREACHABLE)} {colorize('failed', t['failures'], C.COLOR_ERROR)} " + f"{colorize('rescued', t['rescued'], C.COLOR_OK)} {colorize('ignored', t['ignored'], C.COLOR_WARN)}", screen_only=True ) - self._display.display(u" %s : %s %s %s %s %s %s" % ( - hostcolor(h, t, False), - colorize(u'ok', t['ok'], None), - colorize(u'changed', t['changed'], None), - colorize(u'unreachable', t['unreachable'], None), - colorize(u'failed', t['failures'], None), - colorize(u'rescued', t['rescued'], None), - colorize(u'ignored', t['ignored'], None)), + self._display.display( + f" {hostcolor(h, t, False)} : {colorize('ok', t['ok'], None)} {colorize('changed', t['changed'], None)} " + f"{colorize('unreachable', t['unreachable'], None)} {colorize('failed', t['failures'], None)} {colorize('rescued', t['rescued'], None)} " + f"{colorize('ignored', t['ignored'], None)}", log_only=True ) if stats.custom and self.get_option('show_custom_stats'): @@ -223,12 +215,14 @@ class CallbackModule(CallbackModule_default): for k in sorted(stats.custom.keys()): if k == '_run': continue - self._display.display('\t%s: %s' % (k, self._dump_results(stats.custom[k], indent=1).replace('\n', ''))) + stat_val = self._dump_results(stats.custom[k], indent=1).replace('\n', '') + self._display.display(f'\t{k}: {stat_val}') # print per run custom stats if '_run' in stats.custom: self._display.display("", screen_only=True) - self._display.display('\tRUN: %s' % self._dump_results(stats.custom['_run'], indent=1).replace('\n', '')) + stat_val_run = self._dump_results(stats.custom['_run'], indent=1).replace('\n', '') + self._display.display(f'\tRUN: {stat_val_run}') self._display.display("", screen_only=True) def v2_playbook_on_no_hosts_matched(self): @@ -239,23 +233,23 @@ class CallbackModule(CallbackModule_default): def v2_playbook_on_start(self, playbook): if context.CLIARGS['check'] and self.get_option('check_mode_markers'): - self._display.display("Executing playbook %s in check mode" % basename(playbook._file_name)) + self._display.display(f"Executing playbook {basename(playbook._file_name)} in check mode") else: - self._display.display("Executing playbook %s" % basename(playbook._file_name)) + self._display.display(f"Executing playbook {basename(playbook._file_name)}") # show CLI arguments if self._display.verbosity > 3: if context.CLIARGS.get('args'): - self._display.display('Positional arguments: %s' % ' '.join(context.CLIARGS['args']), + self._display.display(f"Positional arguments: {' '.join(context.CLIARGS['args'])}", color=C.COLOR_VERBOSE, screen_only=True) for argument in (a for a in context.CLIARGS if a != 'args'): val = context.CLIARGS[argument] if val: - self._display.vvvv('%s: %s' % (argument, val)) + self._display.vvvv(f'{argument}: {val}') def v2_runner_retry(self, result): - msg = " Retrying... (%d of %d)" % (result._result['attempts'], result._result['retries']) + msg = f" Retrying... ({result._result['attempts']} of {result._result['retries']})" if self._run_is_verbose(result): - msg += "Result was: %s" % self._dump_results(result._result) + msg += f"Result was: {self._dump_results(result._result)}" self._display.display(msg, color=C.COLOR_DEBUG) diff --git a/plugins/callback/yaml.py b/plugins/callback/yaml.py index ae2c8f8810..a68c590cf7 100644 --- a/plugins/callback/yaml.py +++ b/plugins/callback/yaml.py @@ -7,19 +7,32 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Unknown (!UNKNOWN) - name: yaml - type: stdout - short_description: YAML-ized Ansible screen output - description: - - Ansible output that can be quite a bit easier to read than the - default JSON formatting. - extends_documentation_fragment: - - default_callback - requirements: - - set as stdout in configuration -''' +DOCUMENTATION = r""" +author: Unknown (!UNKNOWN) +name: yaml +type: stdout +short_description: YAML-ized Ansible screen output +deprecated: + removed_in: 13.0.0 + why: Starting in ansible-core 2.13, the P(ansible.builtin.default#callback) callback has support for printing output in + YAML format. + alternative: Use O(ansible.builtin.default#callback:result_format=yaml). +description: + - Ansible output that can be quite a bit easier to read than the default JSON formatting. +extends_documentation_fragment: + - default_callback +requirements: + - set as stdout in configuration +seealso: + - plugin: ansible.builtin.default + plugin_type: callback + description: >- + There is a parameter O(ansible.builtin.default#callback:result_format) in P(ansible.builtin.default#callback) that allows + you to change the output format to YAML. +notes: + - With ansible-core 2.13 or newer, you can instead specify V(yaml) for the parameter O(ansible.builtin.default#callback:result_format) + in P(ansible.builtin.default#callback). +""" import yaml import json @@ -35,7 +48,7 @@ from ansible.plugins.callback.default import CallbackModule as Default # from http://stackoverflow.com/a/15423007/115478 def should_use_block(value): """Returns true if string should be in block format""" - for c in u"\u000a\u000d\u001c\u001d\u001e\u0085\u2028\u2029": + for c in "\u000a\u000d\u001c\u001d\u001e\u0085\u2028\u2029": if c in value: return True return False @@ -103,11 +116,11 @@ class CallbackModule(Default): # put changed and skipped into a header line if 'changed' in abridged_result: - dumped += 'changed=' + str(abridged_result['changed']).lower() + ' ' + dumped += f"changed={str(abridged_result['changed']).lower()} " del abridged_result['changed'] if 'skipped' in abridged_result: - dumped += 'skipped=' + str(abridged_result['skipped']).lower() + ' ' + dumped += f"skipped={str(abridged_result['skipped']).lower()} " del abridged_result['skipped'] # if we already have stdout, we don't need stdout_lines diff --git a/plugins/connection/chroot.py b/plugins/connection/chroot.py index 810316aaa5..7c4000ec5c 100644 --- a/plugins/connection/chroot.py +++ b/plugins/connection/chroot.py @@ -10,76 +10,66 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Maykel Moya (!UNKNOWN) - name: chroot - short_description: Interact with local chroot +DOCUMENTATION = r""" +author: Maykel Moya (!UNKNOWN) +name: chroot +short_description: Interact with local chroot +description: + - Run commands or put/fetch files to an existing chroot on the Ansible controller. +options: + remote_addr: description: - - Run commands or put/fetch files to an existing chroot on the Ansible controller. - options: - remote_addr: - description: - - The path of the chroot you want to access. - default: inventory_hostname - vars: - - name: inventory_hostname - - name: ansible_host - executable: - description: - - User specified executable shell - ini: - - section: defaults - key: executable - env: - - name: ANSIBLE_EXECUTABLE - vars: - - name: ansible_executable - default: /bin/sh - chroot_exe: - description: - - User specified chroot binary - ini: - - section: chroot_connection - key: exe - env: - - name: ANSIBLE_CHROOT_EXE - vars: - - name: ansible_chroot_exe - default: chroot - disable_root_check: - description: - - Do not check that the user is not root. - ini: - - section: chroot_connection - key: disable_root_check - env: - - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK - vars: - - name: ansible_chroot_disable_root_check - default: false - type: bool - version_added: 7.3.0 -''' + - The path of the chroot you want to access. + type: string + default: inventory_hostname + vars: + - name: inventory_hostname + - name: ansible_host + executable: + description: + - User specified executable shell. + type: string + ini: + - section: defaults + key: executable + env: + - name: ANSIBLE_EXECUTABLE + vars: + - name: ansible_executable + default: /bin/sh + chroot_exe: + description: + - User specified chroot binary. + type: string + ini: + - section: chroot_connection + key: exe + env: + - name: ANSIBLE_CHROOT_EXE + vars: + - name: ansible_chroot_exe + default: chroot + disable_root_check: + description: + - Do not check that the user is not root. + ini: + - section: chroot_connection + key: disable_root_check + env: + - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK + vars: + - name: ansible_chroot_disable_root_check + default: false + type: bool + version_added: 7.3.0 +""" EXAMPLES = r""" -# Plugin requires root privileges for chroot, -E preserves your env (and location of ~/.ansible): -# sudo -E ansible-playbook ... -# -# Static inventory file -# [chroots] -# /path/to/debootstrap -# /path/to/feboostrap -# /path/to/lxc-image -# /path/to/chroot - -# playbook ---- - hosts: chroots connection: community.general.chroot tasks: - debug: msg: "This is coming from chroot environment" - """ import os @@ -91,7 +81,7 @@ from ansible.errors import AnsibleError from ansible.module_utils.basic import is_executable from ansible.module_utils.common.process import get_bin_path from ansible.module_utils.six.moves import shlex_quote -from ansible.module_utils.common.text.converters import to_bytes, to_native +from ansible.module_utils.common.text.converters import to_bytes from ansible.plugins.connection import ConnectionBase, BUFSIZE from ansible.utils.display import Display @@ -117,15 +107,15 @@ class Connection(ConnectionBase): # do some trivial checks for ensuring 'host' is actually a chroot'able dir if not os.path.isdir(self.chroot): - raise AnsibleError("%s is not a directory" % self.chroot) + raise AnsibleError(f"{self.chroot} is not a directory") chrootsh = os.path.join(self.chroot, 'bin/sh') # Want to check for a usable bourne shell inside the chroot. # is_executable() == True is sufficient. For symlinks it # gets really complicated really fast. So we punt on finding that - # out. As long as it's a symlink we assume that it will work + # out. As long as it is a symlink we assume that it will work if not (is_executable(chrootsh) or (os.path.lexists(chrootsh) and os.path.islink(chrootsh))): - raise AnsibleError("%s does not look like a chrootable dir (/bin/sh missing)" % self.chroot) + raise AnsibleError(f"{self.chroot} does not look like a chrootable dir (/bin/sh missing)") def _connect(self): """ connect to the chroot """ @@ -140,7 +130,7 @@ class Connection(ConnectionBase): try: self.chroot_cmd = get_bin_path(self.get_option('chroot_exe')) except ValueError as e: - raise AnsibleError(to_native(e)) + raise AnsibleError(str(e)) super(Connection, self)._connect() if not self._connected: @@ -158,7 +148,7 @@ class Connection(ConnectionBase): executable = self.get_option('executable') local_cmd = [self.chroot_cmd, self.chroot, executable, '-c', cmd] - display.vvv("EXEC %s" % local_cmd, host=self.chroot) + display.vvv(f"EXEC {local_cmd}", host=self.chroot) local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd] p = subprocess.Popen(local_cmd, shell=False, stdin=stdin, stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -183,7 +173,7 @@ class Connection(ConnectionBase): exist in any given chroot. So for now we're choosing "/" instead. This also happens to be the former default. - Can revisit using $HOME instead if it's a problem + Can revisit using $HOME instead if it is a problem """ if not remote_path.startswith(os.path.sep): remote_path = os.path.join(os.path.sep, remote_path) @@ -192,7 +182,7 @@ class Connection(ConnectionBase): def put_file(self, in_path, out_path): """ transfer a file from local to chroot """ super(Connection, self).put_file(in_path, out_path) - display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.chroot) + display.vvv(f"PUT {in_path} TO {out_path}", host=self.chroot) out_path = shlex_quote(self._prefix_login_path(out_path)) try: @@ -202,27 +192,27 @@ class Connection(ConnectionBase): else: count = '' try: - p = self._buffered_exec_command('dd of=%s bs=%s%s' % (out_path, BUFSIZE, count), stdin=in_file) + p = self._buffered_exec_command(f'dd of={out_path} bs={BUFSIZE}{count}', stdin=in_file) except OSError: raise AnsibleError("chroot connection requires dd command in the chroot") try: stdout, stderr = p.communicate() except Exception: traceback.print_exc() - raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}") if p.returncode != 0: - raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}") except IOError: - raise AnsibleError("file or module does not exist at: %s" % in_path) + raise AnsibleError(f"file or module does not exist at: {in_path}") def fetch_file(self, in_path, out_path): """ fetch a file from chroot to local """ super(Connection, self).fetch_file(in_path, out_path) - display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.chroot) + display.vvv(f"FETCH {in_path} TO {out_path}", host=self.chroot) in_path = shlex_quote(self._prefix_login_path(in_path)) try: - p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) + p = self._buffered_exec_command(f'dd if={in_path} bs={BUFSIZE}') except OSError: raise AnsibleError("chroot connection requires dd command in the chroot") @@ -234,10 +224,10 @@ class Connection(ConnectionBase): chunk = p.stdout.read(BUFSIZE) except Exception: traceback.print_exc() - raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}") stdout, stderr = p.communicate() if p.returncode != 0: - raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}") def close(self): """ terminate the connection; nothing to do here """ diff --git a/plugins/connection/funcd.py b/plugins/connection/funcd.py index 219a8cccd3..31a9431ce1 100644 --- a/plugins/connection/funcd.py +++ b/plugins/connection/funcd.py @@ -9,23 +9,24 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Michael Scherer (@mscherer) - name: funcd - short_description: Use funcd to connect to target +DOCUMENTATION = r""" +author: Michael Scherer (@mscherer) +name: funcd +short_description: Use funcd to connect to target +description: + - This transport permits you to use Ansible over Func. + - For people who have already setup func and that wish to play with ansible, this permit to move gradually to ansible without + having to redo completely the setup of the network. +options: + remote_addr: description: - - This transport permits you to use Ansible over Func. - - For people who have already setup func and that wish to play with ansible, - this permit to move gradually to ansible without having to redo completely the setup of the network. - options: - remote_addr: - description: - - The path of the chroot you want to access. - default: inventory_hostname - vars: - - name: ansible_host - - name: ansible_func_host -''' + - The path of the chroot you want to access. + type: string + default: inventory_hostname + vars: + - name: ansible_host + - name: ansible_func_host +""" HAVE_FUNC = False try: @@ -71,7 +72,7 @@ class Connection(ConnectionBase): raise AnsibleError("Internal Error: this module does not support optimized module pipelining") # totally ignores privilege escalation - display.vvv("EXEC %s" % cmd, host=self.host) + display.vvv(f"EXEC {cmd}", host=self.host) p = self.client.command.run(cmd)[self.host] return p[0], p[1], p[2] @@ -86,14 +87,14 @@ class Connection(ConnectionBase): """ transfer a file from local to remote """ out_path = self._normalize_path(out_path, '/') - display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.host) + display.vvv(f"PUT {in_path} TO {out_path}", host=self.host) self.client.local.copyfile.send(in_path, out_path) def fetch_file(self, in_path, out_path): """ fetch a file from remote to local """ in_path = self._normalize_path(in_path, '/') - display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host) + display.vvv(f"FETCH {in_path} TO {out_path}", host=self.host) # need to use a tmp dir due to difference of semantic for getfile # ( who take a # directory as destination) and fetch_file, who # take a file directly diff --git a/plugins/connection/incus.py b/plugins/connection/incus.py index 81d6f971c7..9d5a3e7a57 100644 --- a/plugins/connection/incus.py +++ b/plugins/connection/incus.py @@ -8,43 +8,47 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = """ - author: Stéphane Graber (@stgraber) - name: incus - short_description: Run tasks in Incus instances via the Incus CLI. +DOCUMENTATION = r""" +author: Stéphane Graber (@stgraber) +name: incus +short_description: Run tasks in Incus instances using the Incus CLI +description: + - Run commands or put/fetch files to an existing Incus instance using Incus CLI. +version_added: "8.2.0" +options: + remote_addr: description: - - Run commands or put/fetch files to an existing Incus instance using Incus CLI. - version_added: "8.2.0" - options: - remote_addr: - description: - - The instance identifier. - default: inventory_hostname - vars: - - name: inventory_hostname - - name: ansible_host - - name: ansible_incus_host - executable: - description: - - The shell to use for execution inside the instance. - default: /bin/sh - vars: - - name: ansible_executable - - name: ansible_incus_executable - remote: - description: - - The name of the Incus remote to use (per C(incus remote list)). - - Remotes are used to access multiple servers from a single client. - default: local - vars: - - name: ansible_incus_remote - project: - description: - - The name of the Incus project to use (per C(incus project list)). - - Projects are used to divide the instances running on a server. - default: default - vars: - - name: ansible_incus_project + - The instance identifier. + type: string + default: inventory_hostname + vars: + - name: inventory_hostname + - name: ansible_host + - name: ansible_incus_host + executable: + description: + - The shell to use for execution inside the instance. + type: string + default: /bin/sh + vars: + - name: ansible_executable + - name: ansible_incus_executable + remote: + description: + - The name of the Incus remote to use (per C(incus remote list)). + - Remotes are used to access multiple servers from a single client. + type: string + default: local + vars: + - name: ansible_incus_remote + project: + description: + - The name of the Incus project to use (per C(incus project list)). + - Projects are used to divide the instances running on a server. + type: string + default: default + vars: + - name: ansible_incus_project """ import os @@ -76,7 +80,7 @@ class Connection(ConnectionBase): super(Connection, self)._connect() if not self._connected: - self._display.vvv(u"ESTABLISH Incus CONNECTION FOR USER: root", + self._display.vvv("ESTABLISH Incus CONNECTION FOR USER: root", host=self._instance()) self._connected = True @@ -89,14 +93,14 @@ class Connection(ConnectionBase): """ execute a command on the Incus host """ super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) - self._display.vvv(u"EXEC {0}".format(cmd), + self._display.vvv(f"EXEC {cmd}", host=self._instance()) local_cmd = [ self._incus_cmd, "--project", self.get_option("project"), "exec", - "%s:%s" % (self.get_option("remote"), self._instance()), + f"{self.get_option('remote')}:{self._instance()}", "--", self._play_context.executable, "-c", cmd] @@ -110,12 +114,10 @@ class Connection(ConnectionBase): stderr = to_text(stderr) if stderr == "Error: Instance is not running.\n": - raise AnsibleConnectionFailure("instance not running: %s" % - self._instance()) + raise AnsibleConnectionFailure(f"instance not running: {self._instance()}") if stderr == "Error: Instance not found\n": - raise AnsibleConnectionFailure("instance not found: %s" % - self._instance()) + raise AnsibleConnectionFailure(f"instance not found: {self._instance()}") return process.returncode, stdout, stderr @@ -123,20 +125,18 @@ class Connection(ConnectionBase): """ put a file from local to Incus """ super(Connection, self).put_file(in_path, out_path) - self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), + self._display.vvv(f"PUT {in_path} TO {out_path}", host=self._instance()) if not os.path.isfile(to_bytes(in_path, errors='surrogate_or_strict')): - raise AnsibleFileNotFound("input path is not a file: %s" % in_path) + raise AnsibleFileNotFound(f"input path is not a file: {in_path}") local_cmd = [ self._incus_cmd, "--project", self.get_option("project"), "file", "push", "--quiet", in_path, - "%s:%s/%s" % (self.get_option("remote"), - self._instance(), - out_path)] + f"{self.get_option('remote')}:{self._instance()}/{out_path}"] local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd] @@ -146,16 +146,14 @@ class Connection(ConnectionBase): """ fetch a file from Incus to local """ super(Connection, self).fetch_file(in_path, out_path) - self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), + self._display.vvv(f"FETCH {in_path} TO {out_path}", host=self._instance()) local_cmd = [ self._incus_cmd, "--project", self.get_option("project"), "file", "pull", "--quiet", - "%s:%s/%s" % (self.get_option("remote"), - self._instance(), - in_path), + f"{self.get_option('remote')}:{self._instance()}/{in_path}", out_path] local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd] diff --git a/plugins/connection/iocage.py b/plugins/connection/iocage.py index 2e2a6f0937..4d3f415194 100644 --- a/plugins/connection/iocage.py +++ b/plugins/connection/iocage.py @@ -10,26 +10,28 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Stephan Lohse (!UNKNOWN) - name: iocage - short_description: Run tasks in iocage jails +DOCUMENTATION = r""" +author: Stephan Lohse (!UNKNOWN) +name: iocage +short_description: Run tasks in iocage jails +description: + - Run commands or put/fetch files to an existing iocage jail. +options: + remote_addr: description: - - Run commands or put/fetch files to an existing iocage jail - options: - remote_addr: - description: - - Path to the jail - vars: - - name: ansible_host - - name: ansible_iocage_host - remote_user: - description: - - User to execute as inside the jail - vars: - - name: ansible_user - - name: ansible_iocage_user -''' + - Path to the jail. + type: string + vars: + - name: ansible_host + - name: ansible_iocage_host + remote_user: + description: + - User to execute as inside the jail. + type: string + vars: + - name: ansible_user + - name: ansible_iocage_user +""" import subprocess @@ -53,11 +55,12 @@ class Connection(Jail): jail_uuid = self.get_jail_uuid() - kwargs[Jail.modified_jailname_key] = 'ioc-{0}'.format(jail_uuid) + kwargs[Jail.modified_jailname_key] = f'ioc-{jail_uuid}' - display.vvv(u"Jail {iocjail} has been translated to {rawjail}".format( - iocjail=self.ioc_jail, rawjail=kwargs[Jail.modified_jailname_key]), - host=kwargs[Jail.modified_jailname_key]) + display.vvv( + f"Jail {self.ioc_jail} has been translated to {kwargs[Jail.modified_jailname_key]}", + host=kwargs[Jail.modified_jailname_key] + ) super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs) @@ -79,6 +82,6 @@ class Connection(Jail): p.wait() if p.returncode != 0: - raise AnsibleError(u"iocage returned an error: {0}".format(stdout)) + raise AnsibleError(f"iocage returned an error: {stdout}") return stdout.strip('\n') diff --git a/plugins/connection/jail.py b/plugins/connection/jail.py index 3a3edd4b18..6e6c156330 100644 --- a/plugins/connection/jail.py +++ b/plugins/connection/jail.py @@ -10,28 +10,30 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Ansible Core Team - name: jail - short_description: Run tasks in jails +DOCUMENTATION = r""" +author: Ansible Core Team +name: jail +short_description: Run tasks in jails +description: + - Run commands or put/fetch files to an existing jail. +options: + remote_addr: description: - - Run commands or put/fetch files to an existing jail - options: - remote_addr: - description: - - Path to the jail - default: inventory_hostname - vars: - - name: inventory_hostname - - name: ansible_host - - name: ansible_jail_host - remote_user: - description: - - User to execute as inside the jail - vars: - - name: ansible_user - - name: ansible_jail_user -''' + - Path to the jail. + type: string + default: inventory_hostname + vars: + - name: inventory_hostname + - name: ansible_host + - name: ansible_jail_host + remote_user: + description: + - User to execute as inside the jail. + type: string + vars: + - name: ansible_user + - name: ansible_jail_user +""" import os import os.path @@ -73,14 +75,14 @@ class Connection(ConnectionBase): self.jexec_cmd = self._search_executable('jexec') if self.jail not in self.list_jails(): - raise AnsibleError("incorrect jail name %s" % self.jail) + raise AnsibleError(f"incorrect jail name {self.jail}") @staticmethod def _search_executable(executable): try: return get_bin_path(executable) except ValueError: - raise AnsibleError("%s command not found in PATH" % executable) + raise AnsibleError(f"{executable} command not found in PATH") def list_jails(self): p = subprocess.Popen([self.jls_cmd, '-q', 'name'], @@ -95,7 +97,7 @@ class Connection(ConnectionBase): """ connect to the jail; nothing to do here """ super(Connection, self)._connect() if not self._connected: - display.vvv(u"ESTABLISH JAIL CONNECTION FOR USER: {0}".format(self._play_context.remote_user), host=self.jail) + display.vvv(f"ESTABLISH JAIL CONNECTION FOR USER: {self._play_context.remote_user}", host=self.jail) self._connected = True def _buffered_exec_command(self, cmd, stdin=subprocess.PIPE): @@ -113,11 +115,11 @@ class Connection(ConnectionBase): if self._play_context.remote_user is not None: local_cmd += ['-U', self._play_context.remote_user] # update HOME since -U does not update the jail environment - set_env = 'HOME=~' + self._play_context.remote_user + ' ' + set_env = f"HOME=~{self._play_context.remote_user} " local_cmd += [self.jail, self._play_context.executable, '-c', set_env + cmd] - display.vvv("EXEC %s" % (local_cmd,), host=self.jail) + display.vvv(f"EXEC {local_cmd}", host=self.jail) local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd] p = subprocess.Popen(local_cmd, shell=False, stdin=stdin, stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -142,7 +144,7 @@ class Connection(ConnectionBase): exist in any given chroot. So for now we're choosing "/" instead. This also happens to be the former default. - Can revisit using $HOME instead if it's a problem + Can revisit using $HOME instead if it is a problem """ if not remote_path.startswith(os.path.sep): remote_path = os.path.join(os.path.sep, remote_path) @@ -151,7 +153,7 @@ class Connection(ConnectionBase): def put_file(self, in_path, out_path): """ transfer a file from local to jail """ super(Connection, self).put_file(in_path, out_path) - display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.jail) + display.vvv(f"PUT {in_path} TO {out_path}", host=self.jail) out_path = shlex_quote(self._prefix_login_path(out_path)) try: @@ -161,27 +163,27 @@ class Connection(ConnectionBase): else: count = '' try: - p = self._buffered_exec_command('dd of=%s bs=%s%s' % (out_path, BUFSIZE, count), stdin=in_file) + p = self._buffered_exec_command(f'dd of={out_path} bs={BUFSIZE}{count}', stdin=in_file) except OSError: raise AnsibleError("jail connection requires dd command in the jail") try: stdout, stderr = p.communicate() except Exception: traceback.print_exc() - raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}") if p.returncode != 0: - raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, to_native(stdout), to_native(stderr))) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{to_native(stdout)}\n{to_native(stderr)}") except IOError: - raise AnsibleError("file or module does not exist at: %s" % in_path) + raise AnsibleError(f"file or module does not exist at: {in_path}") def fetch_file(self, in_path, out_path): """ fetch a file from jail to local """ super(Connection, self).fetch_file(in_path, out_path) - display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.jail) + display.vvv(f"FETCH {in_path} TO {out_path}", host=self.jail) in_path = shlex_quote(self._prefix_login_path(in_path)) try: - p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) + p = self._buffered_exec_command(f'dd if={in_path} bs={BUFSIZE}') except OSError: raise AnsibleError("jail connection requires dd command in the jail") @@ -193,10 +195,10 @@ class Connection(ConnectionBase): chunk = p.stdout.read(BUFSIZE) except Exception: traceback.print_exc() - raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}") stdout, stderr = p.communicate() if p.returncode != 0: - raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, to_native(stdout), to_native(stderr))) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{to_native(stdout)}\n{to_native(stderr)}") def close(self): """ terminate the connection; nothing to do here """ diff --git a/plugins/connection/lxc.py b/plugins/connection/lxc.py index 7bb5824fac..0744136192 100644 --- a/plugins/connection/lxc.py +++ b/plugins/connection/lxc.py @@ -7,29 +7,31 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Joerg Thalheim (!UNKNOWN) - name: lxc - short_description: Run tasks in lxc containers via lxc python library +DOCUMENTATION = r""" +author: Joerg Thalheim (!UNKNOWN) +name: lxc +short_description: Run tasks in LXC containers using lxc python library +description: + - Run commands or put/fetch files to an existing LXC container using lxc python library. +options: + remote_addr: description: - - Run commands or put/fetch files to an existing lxc container using lxc python library - options: - remote_addr: - description: - - Container identifier - default: inventory_hostname - vars: - - name: inventory_hostname - - name: ansible_host - - name: ansible_lxc_host - executable: - default: /bin/sh - description: - - Shell executable - vars: - - name: ansible_executable - - name: ansible_lxc_executable -''' + - Container identifier. + type: string + default: inventory_hostname + vars: + - name: inventory_hostname + - name: ansible_host + - name: ansible_lxc_host + executable: + default: /bin/sh + description: + - Shell executable. + type: string + vars: + - name: ansible_executable + - name: ansible_lxc_executable +""" import os import shutil @@ -80,7 +82,7 @@ class Connection(ConnectionBase): self._display.vvv("THIS IS A LOCAL LXC DIR", host=self.container_name) self.container = _lxc.Container(self.container_name) if self.container.state == "STOPPED": - raise errors.AnsibleError("%s is not running" % self.container_name) + raise errors.AnsibleError(f"{self.container_name} is not running") @staticmethod def _communicate(pid, in_data, stdin, stdout, stderr): @@ -142,10 +144,10 @@ class Connection(ConnectionBase): read_stdin, write_stdin = os.pipe() kwargs['stdin'] = self._set_nonblocking(read_stdin) - self._display.vvv("EXEC %s" % (local_cmd), host=self.container_name) + self._display.vvv(f"EXEC {local_cmd}", host=self.container_name) pid = self.container.attach(_lxc.attach_run_command, local_cmd, **kwargs) if pid == -1: - msg = "failed to attach to container %s" % self.container_name + msg = f"failed to attach to container {self.container_name}" raise errors.AnsibleError(msg) write_stdout = os.close(write_stdout) @@ -172,18 +174,18 @@ class Connection(ConnectionBase): def put_file(self, in_path, out_path): ''' transfer a file from local to lxc ''' super(Connection, self).put_file(in_path, out_path) - self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.container_name) + self._display.vvv(f"PUT {in_path} TO {out_path}", host=self.container_name) in_path = to_bytes(in_path, errors='surrogate_or_strict') out_path = to_bytes(out_path, errors='surrogate_or_strict') if not os.path.exists(in_path): - msg = "file or module does not exist: %s" % in_path + msg = f"file or module does not exist: {in_path}" raise errors.AnsibleFileNotFound(msg) try: src_file = open(in_path, "rb") except IOError: traceback.print_exc() - raise errors.AnsibleError("failed to open input file to %s" % in_path) + raise errors.AnsibleError(f"failed to open input file to {in_path}") try: def write_file(args): with open(out_path, 'wb+') as dst_file: @@ -192,7 +194,7 @@ class Connection(ConnectionBase): self.container.attach_wait(write_file, None) except IOError: traceback.print_exc() - msg = "failed to transfer file to %s" % out_path + msg = f"failed to transfer file to {out_path}" raise errors.AnsibleError(msg) finally: src_file.close() @@ -200,7 +202,7 @@ class Connection(ConnectionBase): def fetch_file(self, in_path, out_path): ''' fetch a file from lxc to local ''' super(Connection, self).fetch_file(in_path, out_path) - self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.container_name) + self._display.vvv(f"FETCH {in_path} TO {out_path}", host=self.container_name) in_path = to_bytes(in_path, errors='surrogate_or_strict') out_path = to_bytes(out_path, errors='surrogate_or_strict') @@ -208,7 +210,7 @@ class Connection(ConnectionBase): dst_file = open(out_path, "wb") except IOError: traceback.print_exc() - msg = "failed to open output file %s" % out_path + msg = f"failed to open output file {out_path}" raise errors.AnsibleError(msg) try: def write_file(args): @@ -223,7 +225,7 @@ class Connection(ConnectionBase): self.container.attach_wait(write_file, None) except IOError: traceback.print_exc() - msg = "failed to transfer file from %s to %s" % (in_path, out_path) + msg = f"failed to transfer file from {in_path} to {out_path}" raise errors.AnsibleError(msg) finally: dst_file.close() diff --git a/plugins/connection/lxd.py b/plugins/connection/lxd.py index 0e784b85fd..1a071e1d8d 100644 --- a/plugins/connection/lxd.py +++ b/plugins/connection/lxd.py @@ -7,44 +7,48 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Matt Clay (@mattclay) - name: lxd - short_description: Run tasks in LXD instances via C(lxc) CLI +DOCUMENTATION = r""" +author: Matt Clay (@mattclay) +name: lxd +short_description: Run tasks in LXD instances using C(lxc) CLI +description: + - Run commands or put/fetch files to an existing instance using C(lxc) CLI. +options: + remote_addr: description: - - Run commands or put/fetch files to an existing instance using C(lxc) CLI. - options: - remote_addr: - description: - - Instance (container/VM) identifier. - - Since community.general 8.0.0, a FQDN can be provided; in that case, the first component (the part before C(.)) - is used as the instance identifier. - default: inventory_hostname - vars: - - name: inventory_hostname - - name: ansible_host - - name: ansible_lxd_host - executable: - description: - - Shell to use for execution inside instance. - default: /bin/sh - vars: - - name: ansible_executable - - name: ansible_lxd_executable - remote: - description: - - Name of the LXD remote to use. - default: local - vars: - - name: ansible_lxd_remote - version_added: 2.0.0 - project: - description: - - Name of the LXD project to use. - vars: - - name: ansible_lxd_project - version_added: 2.0.0 -''' + - Instance (container/VM) identifier. + - Since community.general 8.0.0, a FQDN can be provided; in that case, the first component (the part before C(.)) is + used as the instance identifier. + type: string + default: inventory_hostname + vars: + - name: inventory_hostname + - name: ansible_host + - name: ansible_lxd_host + executable: + description: + - Shell to use for execution inside instance. + type: string + default: /bin/sh + vars: + - name: ansible_executable + - name: ansible_lxd_executable + remote: + description: + - Name of the LXD remote to use. + type: string + default: local + vars: + - name: ansible_lxd_remote + version_added: 2.0.0 + project: + description: + - Name of the LXD project to use. + type: string + vars: + - name: ansible_lxd_project + version_added: 2.0.0 +""" import os from subprocess import Popen, PIPE @@ -82,26 +86,26 @@ class Connection(ConnectionBase): super(Connection, self)._connect() if not self._connected: - self._display.vvv(u"ESTABLISH LXD CONNECTION FOR USER: root", host=self._host()) + self._display.vvv("ESTABLISH LXD CONNECTION FOR USER: root", host=self._host()) self._connected = True def exec_command(self, cmd, in_data=None, sudoable=True): """ execute a command on the lxd host """ super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) - self._display.vvv(u"EXEC {0}".format(cmd), host=self._host()) + self._display.vvv(f"EXEC {cmd}", host=self._host()) local_cmd = [self._lxc_cmd] if self.get_option("project"): local_cmd.extend(["--project", self.get_option("project")]) local_cmd.extend([ "exec", - "%s:%s" % (self.get_option("remote"), self._host()), + f"{self.get_option('remote')}:{self._host()}", "--", self.get_option("executable"), "-c", cmd ]) - self._display.vvvvv(u"EXEC {0}".format(local_cmd), host=self._host()) + self._display.vvvvv(f"EXEC {local_cmd}", host=self._host()) local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd] in_data = to_bytes(in_data, errors='surrogate_or_strict', nonstring='passthru') @@ -112,13 +116,13 @@ class Connection(ConnectionBase): stdout = to_text(stdout) stderr = to_text(stderr) - self._display.vvvvv(u"EXEC lxc output: {0} {1}".format(stdout, stderr), host=self._host()) + self._display.vvvvv(f"EXEC lxc output: {stdout} {stderr}", host=self._host()) if "is not running" in stderr: - raise AnsibleConnectionFailure("instance not running: %s" % self._host()) + raise AnsibleConnectionFailure(f"instance not running: {self._host()}") if stderr.strip() == "Error: Instance not found" or stderr.strip() == "error: not found": - raise AnsibleConnectionFailure("instance not found: %s" % self._host()) + raise AnsibleConnectionFailure(f"instance not found: {self._host()}") return process.returncode, stdout, stderr @@ -126,10 +130,10 @@ class Connection(ConnectionBase): """ put a file from local to lxd """ super(Connection, self).put_file(in_path, out_path) - self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), host=self._host()) + self._display.vvv(f"PUT {in_path} TO {out_path}", host=self._host()) if not os.path.isfile(to_bytes(in_path, errors='surrogate_or_strict')): - raise AnsibleFileNotFound("input path is not a file: %s" % in_path) + raise AnsibleFileNotFound(f"input path is not a file: {in_path}") local_cmd = [self._lxc_cmd] if self.get_option("project"): @@ -137,7 +141,7 @@ class Connection(ConnectionBase): local_cmd.extend([ "file", "push", in_path, - "%s:%s/%s" % (self.get_option("remote"), self._host(), out_path) + f"{self.get_option('remote')}:{self._host()}/{out_path}" ]) local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd] @@ -149,14 +153,14 @@ class Connection(ConnectionBase): """ fetch a file from lxd to local """ super(Connection, self).fetch_file(in_path, out_path) - self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), host=self._host()) + self._display.vvv(f"FETCH {in_path} TO {out_path}", host=self._host()) local_cmd = [self._lxc_cmd] if self.get_option("project"): local_cmd.extend(["--project", self.get_option("project")]) local_cmd.extend([ "file", "pull", - "%s:%s/%s" % (self.get_option("remote"), self._host(), in_path), + f"{self.get_option('remote')}:{self._host()}/{in_path}", out_path ]) diff --git a/plugins/connection/qubes.py b/plugins/connection/qubes.py index 25594e952b..dee476308c 100644 --- a/plugins/connection/qubes.py +++ b/plugins/connection/qubes.py @@ -12,32 +12,33 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: qubes - short_description: Interact with an existing QubesOS AppVM +DOCUMENTATION = r""" +name: qubes +short_description: Interact with an existing QubesOS AppVM +description: + - Run commands or put/fetch files to an existing Qubes AppVM using qubes tools. +author: Kushal Das (@kushaldas) + + +options: + remote_addr: description: - - Run commands or put/fetch files to an existing Qubes AppVM using qubes tools. - - author: Kushal Das (@kushaldas) - - - options: - remote_addr: - description: - - vm name - default: inventory_hostname - vars: - - name: ansible_host - remote_user: - description: - - The user to execute as inside the vm. - default: The *user* account as default in Qubes OS. - vars: - - name: ansible_user + - VM name. + type: string + default: inventory_hostname + vars: + - name: ansible_host + remote_user: + description: + - The user to execute as inside the VM. + type: string + default: The I(user) account as default in Qubes OS. + vars: + - name: ansible_user # keyword: # - name: hosts -''' +""" import subprocess @@ -76,7 +77,7 @@ class Connection(ConnectionBase): """ display.vvvv("CMD: ", cmd) if not cmd.endswith("\n"): - cmd = cmd + "\n" + cmd = f"{cmd}\n" local_cmd = [] # For dom0 @@ -93,7 +94,7 @@ class Connection(ConnectionBase): display.vvvv("Local cmd: ", local_cmd) - display.vvv("RUN %s" % (local_cmd,), host=self._remote_vmname) + display.vvv(f"RUN {local_cmd}", host=self._remote_vmname) p = subprocess.Popen(local_cmd, shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -112,42 +113,42 @@ class Connection(ConnectionBase): """Run specified command in a running QubesVM """ super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) - display.vvvv("CMD IS: %s" % cmd) + display.vvvv(f"CMD IS: {cmd}") rc, stdout, stderr = self._qubes(cmd) - display.vvvvv("STDOUT %r STDERR %r" % (stderr, stderr)) + display.vvvvv(f"STDOUT {stdout!r} STDERR {stderr!r}") return rc, stdout, stderr def put_file(self, in_path, out_path): """ Place a local file located in 'in_path' inside VM at 'out_path' """ super(Connection, self).put_file(in_path, out_path) - display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._remote_vmname) + display.vvv(f"PUT {in_path} TO {out_path}", host=self._remote_vmname) with open(in_path, "rb") as fobj: source_data = fobj.read() - retcode, dummy, dummy = self._qubes('cat > "{0}"\n'.format(out_path), source_data, "qubes.VMRootShell") + retcode, dummy, dummy = self._qubes(f'cat > "{out_path}\"\n', source_data, "qubes.VMRootShell") # if qubes.VMRootShell service not supported, fallback to qubes.VMShell and # hope it will have appropriate permissions if retcode == 127: - retcode, dummy, dummy = self._qubes('cat > "{0}"\n'.format(out_path), source_data) + retcode, dummy, dummy = self._qubes(f'cat > "{out_path}\"\n', source_data) if retcode != 0: - raise AnsibleConnectionFailure('Failed to put_file to {0}'.format(out_path)) + raise AnsibleConnectionFailure(f'Failed to put_file to {out_path}') def fetch_file(self, in_path, out_path): """Obtain file specified via 'in_path' from the container and place it at 'out_path' """ super(Connection, self).fetch_file(in_path, out_path) - display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self._remote_vmname) + display.vvv(f"FETCH {in_path} TO {out_path}", host=self._remote_vmname) # We are running in dom0 - cmd_args_list = ["qvm-run", "--pass-io", self._remote_vmname, "cat {0}".format(in_path)] + cmd_args_list = ["qvm-run", "--pass-io", self._remote_vmname, f"cat {in_path}"] with open(out_path, "wb") as fobj: p = subprocess.Popen(cmd_args_list, shell=False, stdout=fobj) p.communicate() if p.returncode != 0: - raise AnsibleConnectionFailure('Failed to fetch file to {0}'.format(out_path)) + raise AnsibleConnectionFailure(f'Failed to fetch file to {out_path}') def close(self): """ Closing the connection """ diff --git a/plugins/connection/saltstack.py b/plugins/connection/saltstack.py index 1dbc7296c7..d9e5d3b1d9 100644 --- a/plugins/connection/saltstack.py +++ b/plugins/connection/saltstack.py @@ -10,13 +10,13 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Michael Scherer (@mscherer) - name: saltstack - short_description: Allow ansible to piggyback on salt minions - description: - - This allows you to use existing Saltstack infrastructure to connect to targets. -''' +DOCUMENTATION = r""" +author: Michael Scherer (@mscherer) +name: saltstack +short_description: Allow ansible to piggyback on salt minions +description: + - This allows you to use existing Saltstack infrastructure to connect to targets. +""" import os import base64 @@ -59,11 +59,11 @@ class Connection(ConnectionBase): if in_data: raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining") - self._display.vvv("EXEC %s" % cmd, host=self.host) + self._display.vvv(f"EXEC {cmd}", host=self.host) # need to add 'true;' to work around https://github.com/saltstack/salt/issues/28077 - res = self.client.cmd(self.host, 'cmd.exec_code_all', ['bash', 'true;' + cmd]) + res = self.client.cmd(self.host, 'cmd.exec_code_all', ['bash', f"true;{cmd}"]) if self.host not in res: - raise errors.AnsibleError("Minion %s didn't answer, check if salt-minion is running and the name is correct" % self.host) + raise errors.AnsibleError(f"Minion {self.host} didn't answer, check if salt-minion is running and the name is correct") p = res[self.host] return p['retcode'], p['stdout'], p['stderr'] @@ -81,7 +81,7 @@ class Connection(ConnectionBase): super(Connection, self).put_file(in_path, out_path) out_path = self._normalize_path(out_path, '/') - self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.host) + self._display.vvv(f"PUT {in_path} TO {out_path}", host=self.host) with open(in_path, 'rb') as in_fh: content = in_fh.read() self.client.cmd(self.host, 'hashutil.base64_decodefile', [base64.b64encode(content), out_path]) @@ -93,7 +93,7 @@ class Connection(ConnectionBase): super(Connection, self).fetch_file(in_path, out_path) in_path = self._normalize_path(in_path, '/') - self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host) + self._display.vvv(f"FETCH {in_path} TO {out_path}", host=self.host) content = self.client.cmd(self.host, 'cp.get_file_str', [in_path])[self.host] open(out_path, 'wb').write(content) diff --git a/plugins/connection/zone.py b/plugins/connection/zone.py index 34827c7e37..aa5442f28e 100644 --- a/plugins/connection/zone.py +++ b/plugins/connection/zone.py @@ -11,21 +11,22 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - author: Ansible Core Team - name: zone - short_description: Run tasks in a zone instance +DOCUMENTATION = r""" +author: Ansible Core Team +name: zone +short_description: Run tasks in a zone instance +description: + - Run commands or put/fetch files to an existing zone. +options: + remote_addr: description: - - Run commands or put/fetch files to an existing zone - options: - remote_addr: - description: - - Zone identifier - default: inventory_hostname - vars: - - name: ansible_host - - name: ansible_zone_host -''' + - Zone identifier. + type: string + default: inventory_hostname + vars: + - name: ansible_host + - name: ansible_zone_host +""" import os import os.path @@ -61,14 +62,14 @@ class Connection(ConnectionBase): self.zlogin_cmd = to_bytes(self._search_executable('zlogin')) if self.zone not in self.list_zones(): - raise AnsibleError("incorrect zone name %s" % self.zone) + raise AnsibleError(f"incorrect zone name {self.zone}") @staticmethod def _search_executable(executable): try: return get_bin_path(executable) except ValueError: - raise AnsibleError("%s command not found in PATH" % executable) + raise AnsibleError(f"{executable} command not found in PATH") def list_zones(self): process = subprocess.Popen([self.zoneadm_cmd, 'list', '-ip'], @@ -93,7 +94,7 @@ class Connection(ConnectionBase): # stdout, stderr = p.communicate() path = process.stdout.readlines()[0].split(':')[3] - return path + '/root' + return f"{path}/root" def _connect(self): """ connect to the zone; nothing to do here """ @@ -116,7 +117,7 @@ class Connection(ConnectionBase): local_cmd = [self.zlogin_cmd, self.zone, cmd] local_cmd = map(to_bytes, local_cmd) - display.vvv("EXEC %s" % (local_cmd), host=self.zone) + display.vvv(f"EXEC {local_cmd}", host=self.zone) p = subprocess.Popen(local_cmd, shell=False, stdin=stdin, stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -139,7 +140,7 @@ class Connection(ConnectionBase): exist in any given chroot. So for now we're choosing "/" instead. This also happens to be the former default. - Can revisit using $HOME instead if it's a problem + Can revisit using $HOME instead if it is a problem """ if not remote_path.startswith(os.path.sep): remote_path = os.path.join(os.path.sep, remote_path) @@ -148,7 +149,7 @@ class Connection(ConnectionBase): def put_file(self, in_path, out_path): """ transfer a file from local to zone """ super(Connection, self).put_file(in_path, out_path) - display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.zone) + display.vvv(f"PUT {in_path} TO {out_path}", host=self.zone) out_path = shlex_quote(self._prefix_login_path(out_path)) try: @@ -158,27 +159,27 @@ class Connection(ConnectionBase): else: count = '' try: - p = self._buffered_exec_command('dd of=%s bs=%s%s' % (out_path, BUFSIZE, count), stdin=in_file) + p = self._buffered_exec_command(f'dd of={out_path} bs={BUFSIZE}{count}', stdin=in_file) except OSError: raise AnsibleError("jail connection requires dd command in the jail") try: stdout, stderr = p.communicate() except Exception: traceback.print_exc() - raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}") if p.returncode != 0: - raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}") except IOError: - raise AnsibleError("file or module does not exist at: %s" % in_path) + raise AnsibleError(f"file or module does not exist at: {in_path}") def fetch_file(self, in_path, out_path): """ fetch a file from zone to local """ super(Connection, self).fetch_file(in_path, out_path) - display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.zone) + display.vvv(f"FETCH {in_path} TO {out_path}", host=self.zone) in_path = shlex_quote(self._prefix_login_path(in_path)) try: - p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE)) + p = self._buffered_exec_command(f'dd if={in_path} bs={BUFSIZE}') except OSError: raise AnsibleError("zone connection requires dd command in the zone") @@ -190,10 +191,10 @@ class Connection(ConnectionBase): chunk = p.stdout.read(BUFSIZE) except Exception: traceback.print_exc() - raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}") stdout, stderr = p.communicate() if p.returncode != 0: - raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr)) + raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}") def close(self): """ terminate the connection; nothing to do here """ diff --git a/plugins/doc_fragments/alicloud.py b/plugins/doc_fragments/alicloud.py index b462fcacb4..3b810852b7 100644 --- a/plugins/doc_fragments/alicloud.py +++ b/plugins/doc_fragments/alicloud.py @@ -11,75 +11,73 @@ __metaclass__ = type class ModuleDocFragment(object): # Alicloud only documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: alicloud_access_key: description: - - Alibaba Cloud access key. If not set then the value of environment variable E(ALICLOUD_ACCESS_KEY), - E(ALICLOUD_ACCESS_KEY_ID) will be used instead. + - Alibaba Cloud access key. If not set then the value of environment variable E(ALICLOUD_ACCESS_KEY), E(ALICLOUD_ACCESS_KEY_ID) + will be used instead. aliases: ['access_key_id', 'access_key'] type: str alicloud_secret_key: description: - - Alibaba Cloud secret key. If not set then the value of environment variable E(ALICLOUD_SECRET_KEY), - E(ALICLOUD_SECRET_ACCESS_KEY) will be used instead. + - Alibaba Cloud secret key. If not set then the value of environment variable E(ALICLOUD_SECRET_KEY), E(ALICLOUD_SECRET_ACCESS_KEY) + will be used instead. aliases: ['secret_access_key', 'secret_key'] type: str alicloud_region: description: - - The Alibaba Cloud region to use. If not specified then the value of environment variable - E(ALICLOUD_REGION), E(ALICLOUD_REGION_ID) will be used instead. + - The Alibaba Cloud region to use. If not specified then the value of environment variable E(ALICLOUD_REGION), E(ALICLOUD_REGION_ID) + will be used instead. aliases: ['region', 'region_id'] required: true type: str alicloud_security_token: description: - - The Alibaba Cloud security token. If not specified then the value of environment variable - E(ALICLOUD_SECURITY_TOKEN) will be used instead. + - The Alibaba Cloud security token. If not specified then the value of environment variable E(ALICLOUD_SECURITY_TOKEN) + will be used instead. aliases: ['security_token'] type: str alicloud_assume_role: description: - If provided with a role ARN, Ansible will attempt to assume this role using the supplied credentials. - - The nested assume_role block supports C(alicloud_assume_role_arn), C(alicloud_assume_role_session_name), - C(alicloud_assume_role_session_expiration) and C(alicloud_assume_role_policy). + - The nested assume_role block supports C(alicloud_assume_role_arn), C(alicloud_assume_role_session_name), C(alicloud_assume_role_session_expiration) + and C(alicloud_assume_role_policy). type: dict aliases: ['assume_role'] alicloud_assume_role_arn: description: - - The Alibaba Cloud C(role_arn). The ARN of the role to assume. If ARN is set to an empty string, - it does not perform role switching. It supports environment variable E(ALICLOUD_ASSUME_ROLE_ARN). - ansible will execute with provided credentials. + - The Alibaba Cloud C(role_arn). The ARN of the role to assume. If ARN is set to an empty string, it does not perform + role switching. It supports environment variable E(ALICLOUD_ASSUME_ROLE_ARN). ansible will execute with provided credentials. aliases: ['assume_role_arn'] type: str alicloud_assume_role_session_name: description: - - The Alibaba Cloud session_name. The session name to use when assuming the role. If omitted, - 'ansible' is passed to the AssumeRole call as session name. It supports environment variable - E(ALICLOUD_ASSUME_ROLE_SESSION_NAME). + - The Alibaba Cloud session_name. The session name to use when assuming the role. If omitted, 'ansible' is passed to + the AssumeRole call as session name. It supports environment variable E(ALICLOUD_ASSUME_ROLE_SESSION_NAME). aliases: ['assume_role_session_name'] type: str alicloud_assume_role_session_expiration: description: - - The Alibaba Cloud C(session_expiration). The time after which the established session for assuming - role expires. Valid value range 900-3600 seconds. Default to 3600 (in this case Alicloud use own default - value). It supports environment variable E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION). + - The Alibaba Cloud C(session_expiration). The time after which the established session for assuming role expires. Valid + value range 900-3600 seconds. Default to 3600 (in this case Alicloud use own default value). It supports environment + variable E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION). aliases: ['assume_role_session_expiration'] type: int ecs_role_name: description: - - The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' - section of the Alibaba Cloud console. - - If you're running Ansible from an ECS instance with RAM Instance using RAM Role, Ansible will just access the - metadata U(http://100.100.100.200/latest/meta-data/ram/security-credentials/) to obtain the STS - credential. This is a preferred approach over any other when running in ECS as you can avoid hard coding - credentials. Instead these are leased on-the-fly by Ansible which reduces the chance of leakage. + - The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section + of the Alibaba Cloud console. + - If you are running Ansible from an ECS instance with RAM Instance using RAM Role, Ansible will just access the metadata + U(http://100.100.100.200/latest/meta-data/ram/security-credentials/) to obtain the STS credential. + This is a preferred approach over any other when running in ECS as you can avoid hard coding credentials. Instead + these are leased on-the-fly by Ansible which reduces the chance of leakage. aliases: ['role_name'] type: str profile: description: - - This is the Alicloud profile name as set in the shared credentials file. It can also be sourced from the - E(ALICLOUD_PROFILE) environment variable. + - This is the Alicloud profile name as set in the shared credentials file. It can also be sourced from the E(ALICLOUD_PROFILE) + environment variable. type: str shared_credentials_file: description: @@ -88,22 +86,14 @@ options: - If this is not set and a profile is specified, C(~/.aliyun/config.json) will be used. type: str author: - - "He Guimin (@xiaozhu36)" + - "He Guimin (@xiaozhu36)" requirements: - - "Python >= 3.6" + - "Python >= 3.6" notes: - - If parameters are not set within the module, the following - environment variables can be used in decreasing order of precedence - E(ALICLOUD_ACCESS_KEY) or E(ALICLOUD_ACCESS_KEY_ID), - E(ALICLOUD_SECRET_KEY) or E(ALICLOUD_SECRET_ACCESS_KEY), - E(ALICLOUD_REGION) or E(ALICLOUD_REGION_ID), - E(ALICLOUD_SECURITY_TOKEN), - E(ALICLOUD_ECS_ROLE_NAME), - E(ALICLOUD_SHARED_CREDENTIALS_FILE), - E(ALICLOUD_PROFILE), - E(ALICLOUD_ASSUME_ROLE_ARN), - E(ALICLOUD_ASSUME_ROLE_SESSION_NAME), - E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION). - - E(ALICLOUD_REGION) or E(ALICLOUD_REGION_ID) can be typically be used to specify the - Alicloud region, when required, but this can also be configured in the footmark config file -''' + - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence + E(ALICLOUD_ACCESS_KEY) or E(ALICLOUD_ACCESS_KEY_ID), E(ALICLOUD_SECRET_KEY) or E(ALICLOUD_SECRET_ACCESS_KEY), E(ALICLOUD_REGION) + or E(ALICLOUD_REGION_ID), E(ALICLOUD_SECURITY_TOKEN), E(ALICLOUD_ECS_ROLE_NAME), E(ALICLOUD_SHARED_CREDENTIALS_FILE), + E(ALICLOUD_PROFILE), E(ALICLOUD_ASSUME_ROLE_ARN), E(ALICLOUD_ASSUME_ROLE_SESSION_NAME), E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION). + - E(ALICLOUD_REGION) or E(ALICLOUD_REGION_ID) can be typically be used to specify the Alicloud region, when required, but + this can also be configured in the footmark config file. +""" diff --git a/plugins/doc_fragments/attributes.py b/plugins/doc_fragments/attributes.py index 9b8488e0a5..2ab083eab2 100644 --- a/plugins/doc_fragments/attributes.py +++ b/plugins/doc_fragments/attributes.py @@ -11,22 +11,22 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: {} attributes: - check_mode: - description: Can run in C(check_mode) and return changed status prediction without modifying target. - diff_mode: - description: Will return details on what has changed (or possibly needs changing in C(check_mode)), when in diff mode. -''' + check_mode: + description: Can run in C(check_mode) and return changed status prediction without modifying target. + diff_mode: + description: Will return details on what has changed (or possibly needs changing in C(check_mode)), when in diff mode. +""" - PLATFORM = r''' + PLATFORM = r""" options: {} attributes: - platform: - description: Target OS/families that can be operated against. - support: N/A -''' + platform: + description: Target OS/families that can be operated against. + support: N/A +""" # Should be used together with the standard fragment INFO_MODULE = r''' @@ -42,23 +42,23 @@ attributes: - This action does not modify state. ''' - CONN = r''' + CONN = r""" options: {} attributes: - become: - description: Is usable alongside C(become) keywords. - connection: - description: Uses the target's configured connection information to execute code on it. - delegation: - description: Can be used in conjunction with C(delegate_to) and related keywords. -''' + become: + description: Is usable alongside C(become) keywords. + connection: + description: Uses the target's configured connection information to execute code on it. + delegation: + description: Can be used in conjunction with C(delegate_to) and related keywords. +""" - FACTS = r''' + FACTS = r""" options: {} attributes: - facts: - description: Action returns an C(ansible_facts) dictionary that will update existing host facts. -''' + facts: + description: Action returns an C(ansible_facts) dictionary that will update existing host facts. +""" # Should be used together with the standard fragment and the FACTS fragment FACTS_MODULE = r''' @@ -76,18 +76,18 @@ attributes: support: full ''' - FILES = r''' + FILES = r""" options: {} attributes: - safe_file_operations: - description: Uses Ansible's strict file operation functions to ensure proper permissions and avoid data corruption. -''' + safe_file_operations: + description: Uses Ansible's strict file operation functions to ensure proper permissions and avoid data corruption. +""" - FLOW = r''' + FLOW = r""" options: {} attributes: - action: - description: Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller. - async: - description: Supports being used with the C(async) keyword. -''' + action: + description: Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller. + async: + description: Supports being used with the C(async) keyword. +""" diff --git a/plugins/doc_fragments/auth_basic.py b/plugins/doc_fragments/auth_basic.py index 77d127c629..438435a6a3 100644 --- a/plugins/doc_fragments/auth_basic.py +++ b/plugins/doc_fragments/auth_basic.py @@ -10,7 +10,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: api_url: description: @@ -29,4 +29,4 @@ options: - Whether or not to validate SSL certs when supplying a HTTPS endpoint. type: bool default: true -''' +""" diff --git a/plugins/doc_fragments/bitbucket.py b/plugins/doc_fragments/bitbucket.py index 0a66ea0a68..e8b9ea4df8 100644 --- a/plugins/doc_fragments/bitbucket.py +++ b/plugins/doc_fragments/bitbucket.py @@ -11,7 +11,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: client_id: description: @@ -30,7 +30,7 @@ options: - O(ignore:username) is an alias of O(user) since community.general 6.0.0. It was an alias of O(workspace) before. type: str version_added: 4.0.0 - aliases: [ username ] + aliases: [username] password: description: - The App password. @@ -41,4 +41,4 @@ notes: - Bitbucket OAuth consumer key and secret can be obtained from Bitbucket profile -> Settings -> Access Management -> OAuth. - Bitbucket App password can be created from Bitbucket profile -> Personal Settings -> App passwords. - If both OAuth and Basic Auth credentials are passed, OAuth credentials take precedence. -''' +""" diff --git a/plugins/doc_fragments/clc.py b/plugins/doc_fragments/clc.py new file mode 100644 index 0000000000..e193033af9 --- /dev/null +++ b/plugins/doc_fragments/clc.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard documentation fragment + DOCUMENTATION = r""" +options: {} +requirements: + - requests >= 2.5.0 + - clc-sdk +notes: + - To use this module, it is required to set the below environment variables which enables access to the Centurylink Cloud. + - E(CLC_V2_API_USERNAME), the account login ID for the Centurylink Cloud. + - E(CLC_V2_API_PASSWORD), the account password for the Centurylink Cloud. + - Alternatively, the module accepts the API token and account alias. The API token can be generated using the CLC account + login and password using the HTTP API call @ U(https://api.ctl.io/v2/authentication/login). + - E(CLC_V2_API_TOKEN), the API token generated from U(https://api.ctl.io/v2/authentication/login). + - E(CLC_ACCT_ALIAS), the account alias associated with the Centurylink Cloud. + - Users can set E(CLC_V2_API_URL) to specify an endpoint for pointing to a different CLC environment. +""" diff --git a/plugins/doc_fragments/consul.py b/plugins/doc_fragments/consul.py index fbe3f33d4d..0703971a2e 100644 --- a/plugins/doc_fragments/consul.py +++ b/plugins/doc_fragments/consul.py @@ -15,7 +15,7 @@ class ModuleDocFragment: options: host: description: - - Host of the consul agent, defaults to V(localhost). + - Host of the Consul agent. default: localhost type: str port: @@ -25,18 +25,18 @@ options: default: 8500 scheme: description: - - The protocol scheme on which the consul agent is running. - Defaults to V(http) and can be set to V(https) for secure connections. + - The protocol scheme on which the Consul agent is running. Defaults to V(http) and can be set to V(https) for secure + connections. default: http type: str validate_certs: type: bool description: - - Whether to verify the TLS certificate of the consul agent. + - Whether to verify the TLS certificate of the Consul agent. default: true ca_path: description: - - The CA bundle to use for https connections + - The CA bundle to use for https connections. type: str """ @@ -56,5 +56,4 @@ attributes: support: full membership: - community.general.consul - version_added: 8.3.0 """ diff --git a/plugins/doc_fragments/dimensiondata.py b/plugins/doc_fragments/dimensiondata.py index f4d6244540..ece97addf0 100644 --- a/plugins/doc_fragments/dimensiondata.py +++ b/plugins/doc_fragments/dimensiondata.py @@ -14,8 +14,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Dimension Data doc fragment - DOCUMENTATION = r''' - + DOCUMENTATION = r""" options: region: description: @@ -48,4 +47,4 @@ options: - This should only be used on private instances of the CloudControl API that use self-signed certificates. type: bool default: true -''' +""" diff --git a/plugins/doc_fragments/dimensiondata_wait.py b/plugins/doc_fragments/dimensiondata_wait.py index 051d8ca1d3..d3ab3b9783 100644 --- a/plugins/doc_fragments/dimensiondata_wait.py +++ b/plugins/doc_fragments/dimensiondata_wait.py @@ -14,8 +14,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Dimension Data ("wait-for-completion" parameters) doc fragment - DOCUMENTATION = r''' - + DOCUMENTATION = r""" options: wait: description: @@ -34,4 +33,4 @@ options: - Only applicable if O(wait=true). type: int default: 2 -''' +""" diff --git a/plugins/doc_fragments/django.py b/plugins/doc_fragments/django.py new file mode 100644 index 0000000000..3dcdb40171 --- /dev/null +++ b/plugins/doc_fragments/django.py @@ -0,0 +1,61 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + DOCUMENTATION = r""" +options: + venv: + description: + - Use the the Python interpreter from this virtual environment. + - Pass the path to the root of the virtualenv, not the C(bin/) directory nor the C(python) executable. + type: path + settings: + description: + - Specifies the settings module to use. + - The value will be passed as is to the C(--settings) argument in C(django-admin). + type: str + required: true + pythonpath: + description: + - Adds the given filesystem path to the Python import search path. + - The value will be passed as is to the C(--pythonpath) argument in C(django-admin). + type: path + traceback: + description: + - Provides a full stack trace in the output when a C(CommandError) is raised. + type: bool + verbosity: + description: + - Specifies the amount of notification and debug information in the output of C(django-admin). + type: int + choices: [0, 1, 2, 3] + skip_checks: + description: + - Skips running system checks prior to running the command. + type: bool + + +notes: + - The C(django-admin) command is always executed using the C(C) locale, and the option C(--no-color) is always passed. +seealso: + - name: django-admin and manage.py in official Django documentation + description: >- + Refer to this documentation for the builtin commands and options of C(django-admin). Please make sure that you select + the right version of Django in the version selector on that page. + link: https://docs.djangoproject.com/en/5.0/ref/django-admin/ +""" + + DATABASE = r""" +options: + database: + description: + - Specify the database to be used. + type: str + default: default +""" diff --git a/plugins/doc_fragments/emc.py b/plugins/doc_fragments/emc.py index d685c510d2..7c62285a72 100644 --- a/plugins/doc_fragments/emc.py +++ b/plugins/doc_fragments/emc.py @@ -10,15 +10,6 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = r''' -options: - - See respective platform section for more details -requirements: - - See respective platform section for more details -notes: - - Ansible modules are available for EMC VNX. -''' - # Documentation fragment for VNX (emc_vnx) EMC_VNX = r''' options: diff --git a/plugins/doc_fragments/gitlab.py b/plugins/doc_fragments/gitlab.py index c6434c0ced..48182ed35c 100644 --- a/plugins/doc_fragments/gitlab.py +++ b/plugins/doc_fragments/gitlab.py @@ -10,7 +10,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" requirements: - requests (Python library U(https://pypi.org/project/requests/)) @@ -34,4 +34,4 @@ options: - The CA certificates bundle to use to verify GitLab server certificate. type: str version_added: 8.1.0 -''' +""" diff --git a/plugins/doc_fragments/hpe3par.py b/plugins/doc_fragments/hpe3par.py index 606a2502a6..dadd6e78b3 100644 --- a/plugins/doc_fragments/hpe3par.py +++ b/plugins/doc_fragments/hpe3par.py @@ -10,26 +10,26 @@ __metaclass__ = type class ModuleDocFragment(object): # HPE 3PAR doc fragment - DOCUMENTATION = ''' + DOCUMENTATION = r""" options: - storage_system_ip: - description: - - The storage system IP address. - type: str - required: true - storage_system_password: - description: - - The storage system password. - type: str - required: true - storage_system_username: - description: - - The storage system user name. - type: str - required: true + storage_system_ip: + description: + - The storage system IP address. + type: str + required: true + storage_system_password: + description: + - The storage system password. + type: str + required: true + storage_system_username: + description: + - The storage system user name. + type: str + required: true requirements: - hpe3par_sdk >= 1.0.2. Install using C(pip install hpe3par_sdk). - WSAPI service should be enabled on the 3PAR storage array. notes: - ''' +""" diff --git a/plugins/doc_fragments/hwc.py b/plugins/doc_fragments/hwc.py index 8b9ae92b8f..3d478beb59 100644 --- a/plugins/doc_fragments/hwc.py +++ b/plugins/doc_fragments/hwc.py @@ -10,56 +10,50 @@ __metaclass__ = type class ModuleDocFragment(object): # HWC doc fragment. - DOCUMENTATION = ''' + DOCUMENTATION = r""" options: - identity_endpoint: - description: - - The Identity authentication URL. - type: str - required: true - user: - description: - - The user name to login with. - - Currently only user names are supported, and not user IDs. - type: str - required: true - password: - description: - - The password to login with. - type: str - required: true - domain: - description: - - The name of the Domain to scope to (Identity v3). - - Currently only domain names are supported, and not domain IDs. - type: str - required: true - project: - description: - - The name of the Tenant (Identity v2) or Project (Identity v3). - - Currently only project names are supported, and not project IDs. - type: str - required: true - region: - description: - - The region to which the project belongs. - type: str - id: - description: - - The ID of resource to be managed. - type: str + identity_endpoint: + description: + - The Identity authentication URL. + type: str + required: true + user: + description: + - The user name to login with. + - Currently only user names are supported, and not user IDs. + type: str + required: true + password: + description: + - The password to login with. + type: str + required: true + domain: + description: + - The name of the Domain to scope to (Identity v3). + - Currently only domain names are supported, and not domain IDs. + type: str + required: true + project: + description: + - The name of the Tenant (Identity v2) or Project (Identity v3). + - Currently only project names are supported, and not project IDs. + type: str + required: true + region: + description: + - The region to which the project belongs. + type: str + id: + description: + - The ID of resource to be managed. + type: str notes: - - For authentication, you can set identity_endpoint using the - E(ANSIBLE_HWC_IDENTITY_ENDPOINT) environment variable. - - For authentication, you can set user using the - E(ANSIBLE_HWC_USER) environment variable. - - For authentication, you can set password using the E(ANSIBLE_HWC_PASSWORD) environment - variable. - - For authentication, you can set domain using the E(ANSIBLE_HWC_DOMAIN) environment - variable. - - For authentication, you can set project using the E(ANSIBLE_HWC_PROJECT) environment - variable. + - For authentication, you can set identity_endpoint using the E(ANSIBLE_HWC_IDENTITY_ENDPOINT) environment variable. + - For authentication, you can set user using the E(ANSIBLE_HWC_USER) environment variable. + - For authentication, you can set password using the E(ANSIBLE_HWC_PASSWORD) environment variable. + - For authentication, you can set domain using the E(ANSIBLE_HWC_DOMAIN) environment variable. + - For authentication, you can set project using the E(ANSIBLE_HWC_PROJECT) environment variable. - For authentication, you can set region using the E(ANSIBLE_HWC_REGION) environment variable. - - Environment variables values will only be used if the playbook values are - not set. -''' + - Environment variables values will only be used if the playbook values are not set. +""" diff --git a/plugins/doc_fragments/ibm_storage.py b/plugins/doc_fragments/ibm_storage.py index 7783d9ca56..ca48ef2c4d 100644 --- a/plugins/doc_fragments/ibm_storage.py +++ b/plugins/doc_fragments/ibm_storage.py @@ -12,26 +12,25 @@ __metaclass__ = type class ModuleDocFragment(object): # ibm_storage documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: - username: - description: - - Management user on the spectrum accelerate storage system. - type: str - required: true - password: - description: - - Password for username on the spectrum accelerate storage system. - type: str - required: true - endpoints: - description: - - The hostname or management IP of Spectrum Accelerate storage system. - type: str - required: true + username: + description: + - Management user on the Spectrum Accelerate storage system. + type: str + required: true + password: + description: + - Password for username on the Spectrum Accelerate storage system. + type: str + required: true + endpoints: + description: + - The hostname or management IP of Spectrum Accelerate storage system. + type: str + required: true notes: - - This module requires pyxcli python library. - Use C(pip install pyxcli) in order to get pyxcli. + - This module requires pyxcli python library. Use C(pip install pyxcli) in order to get pyxcli. requirements: - pyxcli -''' +""" diff --git a/plugins/doc_fragments/influxdb.py b/plugins/doc_fragments/influxdb.py index fc0ca02ac7..9cf47d340a 100644 --- a/plugins/doc_fragments/influxdb.py +++ b/plugins/doc_fragments/influxdb.py @@ -11,72 +11,72 @@ __metaclass__ = type class ModuleDocFragment(object): # Parameters for influxdb modules - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: hostname: description: - - The hostname or IP address on which InfluxDB server is listening. + - The hostname or IP address on which InfluxDB server is listening. type: str default: localhost username: description: - - Username that will be used to authenticate against InfluxDB server. + - Username that will be used to authenticate against InfluxDB server. type: str default: root - aliases: [ login_username ] + aliases: [login_username] password: description: - - Password that will be used to authenticate against InfluxDB server. + - Password that will be used to authenticate against InfluxDB server. type: str default: root - aliases: [ login_password ] + aliases: [login_password] port: description: - - The port on which InfluxDB server is listening. + - The port on which InfluxDB server is listening. type: int default: 8086 path: description: - - The path on which InfluxDB server is accessible. - - Only available when using python-influxdb >= 5.1.0. + - The path on which InfluxDB server is accessible. + - Only available when using python-influxdb >= 5.1.0. type: str default: '' version_added: '0.2.0' validate_certs: description: - - If set to V(false), the SSL certificates will not be validated. - - This should only set to V(false) used on personally controlled sites using self-signed certificates. + - If set to V(false), the SSL certificates will not be validated. + - This should only set to V(false) used on personally controlled sites using self-signed certificates. type: bool default: true ssl: description: - - Use https instead of http to connect to InfluxDB server. + - Use https instead of http to connect to InfluxDB server. type: bool default: false timeout: description: - - Number of seconds Requests will wait for client to establish a connection. + - Number of seconds Requests will wait for client to establish a connection. type: int retries: description: - - Number of retries client will try before aborting. - - V(0) indicates try until success. - - Only available when using python-influxdb >= 4.1.0. + - Number of retries client will try before aborting. + - V(0) indicates try until success. + - Only available when using C(python-influxdb) >= 4.1.0. type: int default: 3 use_udp: description: - - Use UDP to connect to InfluxDB server. + - Use UDP to connect to InfluxDB server. type: bool default: false udp_port: description: - - UDP port to connect to InfluxDB server. + - UDP port to connect to InfluxDB server. type: int default: 4444 proxies: description: - - HTTP(S) proxy to use for Requests to connect to InfluxDB server. + - HTTP(S) proxy to use for Requests to connect to InfluxDB server. type: dict default: {} -''' +""" diff --git a/plugins/doc_fragments/ipa.py b/plugins/doc_fragments/ipa.py index 7e091a94aa..0edb947aa5 100644 --- a/plugins/doc_fragments/ipa.py +++ b/plugins/doc_fragments/ipa.py @@ -11,61 +11,66 @@ __metaclass__ = type class ModuleDocFragment(object): # Parameters for FreeIPA/IPA modules - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: ipa_port: description: - - Port of FreeIPA / IPA server. - - If the value is not specified in the task, the value of environment variable E(IPA_PORT) will be used instead. - - If both the environment variable E(IPA_PORT) and the value are not specified in the task, then default value is set. + - Port of FreeIPA / IPA server. + - If the value is not specified in the task, the value of environment variable E(IPA_PORT) will be used instead. + - If both the environment variable E(IPA_PORT) and the value are not specified in the task, then default value is set. type: int default: 443 ipa_host: description: - - IP or hostname of IPA server. - - If the value is not specified in the task, the value of environment variable E(IPA_HOST) will be used instead. - - If both the environment variable E(IPA_HOST) and the value are not specified in the task, then DNS will be used to try to discover the FreeIPA server. - - The relevant entry needed in FreeIPA is the C(ipa-ca) entry. - - If neither the DNS entry, nor the environment E(IPA_HOST), nor the value are available in the task, then the default value will be used. + - IP or hostname of IPA server. + - If the value is not specified in the task, the value of environment variable E(IPA_HOST) will be used instead. + - If both the environment variable E(IPA_HOST) and the value are not specified in the task, then DNS will be used to + try to discover the FreeIPA server. + - The relevant entry needed in FreeIPA is the C(ipa-ca) entry. + - If neither the DNS entry, nor the environment E(IPA_HOST), nor the value are available in the task, then the default + value will be used. type: str default: ipa.example.com ipa_user: description: - - Administrative account used on IPA server. - - If the value is not specified in the task, the value of environment variable E(IPA_USER) will be used instead. - - If both the environment variable E(IPA_USER) and the value are not specified in the task, then default value is set. + - Administrative account used on IPA server. + - If the value is not specified in the task, the value of environment variable E(IPA_USER) will be used instead. + - If both the environment variable E(IPA_USER) and the value are not specified in the task, then default value is set. type: str default: admin ipa_pass: description: - - Password of administrative user. - - If the value is not specified in the task, the value of environment variable E(IPA_PASS) will be used instead. - - Note that if the C(urllib_gssapi) library is available, it is possible to use GSSAPI to authenticate to FreeIPA. - - If the environment variable E(KRB5CCNAME) is available, the module will use this kerberos credentials cache to authenticate to the FreeIPA server. - - If the environment variable E(KRB5_CLIENT_KTNAME) is available, and E(KRB5CCNAME) is not; the module will use this kerberos keytab to authenticate. - - If GSSAPI is not available, the usage of O(ipa_pass) is required. + - Password of administrative user. + - If the value is not specified in the task, the value of environment variable E(IPA_PASS) will be used instead. + - Note that if the C(urllib_gssapi) library is available, it is possible to use GSSAPI to authenticate to FreeIPA. + - If the environment variable E(KRB5CCNAME) is available, the module will use this kerberos credentials cache to authenticate + to the FreeIPA server. + - If the environment variable E(KRB5_CLIENT_KTNAME) is available, and E(KRB5CCNAME) is not; the module will use this + kerberos keytab to authenticate. + - If GSSAPI is not available, the usage of O(ipa_pass) is required. type: str ipa_prot: description: - - Protocol used by IPA server. - - If the value is not specified in the task, the value of environment variable E(IPA_PROT) will be used instead. - - If both the environment variable E(IPA_PROT) and the value are not specified in the task, then default value is set. + - Protocol used by IPA server. + - If the value is not specified in the task, the value of environment variable E(IPA_PROT) will be used instead. + - If both the environment variable E(IPA_PROT) and the value are not specified in the task, then default value is set. type: str - choices: [ http, https ] + choices: [http, https] default: https validate_certs: description: - - This only applies if O(ipa_prot) is V(https). - - If set to V(false), the SSL certificates will not be validated. - - This should only set to V(false) used on personally controlled sites using self-signed certificates. + - This only applies if O(ipa_prot) is V(https). + - If set to V(false), the SSL certificates will not be validated. + - This should only set to V(false) used on personally controlled sites using self-signed certificates. type: bool default: true ipa_timeout: description: - - Specifies idle timeout (in seconds) for the connection. - - For bulk operations, you may want to increase this in order to avoid timeout from IPA server. - - If the value is not specified in the task, the value of environment variable E(IPA_TIMEOUT) will be used instead. - - If both the environment variable E(IPA_TIMEOUT) and the value are not specified in the task, then default value is set. + - Specifies idle timeout (in seconds) for the connection. + - For bulk operations, you may want to increase this in order to avoid timeout from IPA server. + - If the value is not specified in the task, the value of environment variable E(IPA_TIMEOUT) will be used instead. + - If both the environment variable E(IPA_TIMEOUT) and the value are not specified in the task, then default value is + set. type: int default: 10 -''' +""" diff --git a/plugins/doc_fragments/keycloak.py b/plugins/doc_fragments/keycloak.py index 9b21ce52c9..102a60ab33 100644 --- a/plugins/doc_fragments/keycloak.py +++ b/plugins/doc_fragments/keycloak.py @@ -11,69 +11,79 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: - auth_keycloak_url: - description: - - URL to the Keycloak instance. - type: str - required: true - aliases: - - url + auth_keycloak_url: + description: + - URL to the Keycloak instance. + type: str + required: true + aliases: + - url - auth_client_id: - description: - - OpenID Connect C(client_id) to authenticate to the API with. - type: str - default: admin-cli + auth_client_id: + description: + - OpenID Connect C(client_id) to authenticate to the API with. + type: str + default: admin-cli - auth_realm: - description: - - Keycloak realm name to authenticate to for API access. - type: str + auth_realm: + description: + - Keycloak realm name to authenticate to for API access. + type: str - auth_client_secret: - description: - - Client Secret to use in conjunction with O(auth_client_id) (if required). - type: str + auth_client_secret: + description: + - Client Secret to use in conjunction with O(auth_client_id) (if required). + type: str - auth_username: - description: - - Username to authenticate for API access with. - type: str - aliases: - - username + auth_username: + description: + - Username to authenticate for API access with. + type: str + aliases: + - username - auth_password: - description: - - Password to authenticate for API access with. - type: str - aliases: - - password + auth_password: + description: + - Password to authenticate for API access with. + type: str + aliases: + - password - token: - description: - - Authentication token for Keycloak API. - type: str - version_added: 3.0.0 + token: + description: + - Authentication token for Keycloak API. + type: str + version_added: 3.0.0 - validate_certs: - description: - - Verify TLS certificates (do not disable this in production). - type: bool - default: true + validate_certs: + description: + - Verify TLS certificates (do not disable this in production). + type: bool + default: true - connection_timeout: - description: - - Controls the HTTP connections timeout period (in seconds) to Keycloak API. - type: int - default: 10 - version_added: 4.5.0 + connection_timeout: + description: + - Controls the HTTP connections timeout period (in seconds) to Keycloak API. + type: int + default: 10 + version_added: 4.5.0 - http_agent: - description: - - Configures the HTTP User-Agent header. - type: str - default: Ansible - version_added: 5.4.0 -''' + http_agent: + description: + - Configures the HTTP User-Agent header. + type: str + default: Ansible + version_added: 5.4.0 +""" + + ACTIONGROUP_KEYCLOAK = r""" +options: {} +attributes: + action_group: + description: Use C(group/community.general.keycloak) in C(module_defaults) to set defaults for this module. + support: full + membership: + - community.general.keycloak +""" diff --git a/plugins/doc_fragments/ldap.py b/plugins/doc_fragments/ldap.py index e11ab065d8..4dd5fd097f 100644 --- a/plugins/doc_fragments/ldap.py +++ b/plugins/doc_fragments/ldap.py @@ -12,12 +12,17 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard LDAP documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" +notes: + - The default authentication settings will attempt to use a SASL EXTERNAL bind over a UNIX domain socket. This works well + with the default Ubuntu install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL rule allowing root + to modify the server configuration. If you need to use a simple bind to access your server, pass the credentials in O(bind_dn) + and O(bind_pw). options: bind_dn: description: - - A DN to bind with. If this is omitted, we'll try a SASL bind with the EXTERNAL mechanism as default. - - If this is blank, we'll use an anonymous bind. + - A DN to bind with. Try to use a SASL bind with the EXTERNAL mechanism as default when this parameter is omitted. + - Use an anonymous bind if the parameter is blank. type: str bind_pw: description: @@ -57,7 +62,8 @@ options: version_added: 2.0.0 server_uri: description: - - The O(server_uri) parameter may be a comma- or whitespace-separated list of URIs containing only the schema, the host, and the port fields. + - The O(server_uri) parameter may be a comma- or whitespace-separated list of URIs containing only the schema, the host, + and the port fields. - The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location. - Note that when using multiple URIs you cannot determine to which URI your client gets connected. - For URIs containing additional fields, particularly when using commas, behavior is undefined. @@ -65,7 +71,7 @@ options: default: ldapi:/// start_tls: description: - - If true, we'll use the START_TLS LDAP extension. + - Use the START_TLS LDAP extension if set to V(true). type: bool default: false validate_certs: @@ -91,4 +97,4 @@ options: choices: ['enable', 'auto', 'disable'] default: auto version_added: "6.4.0" -''' +""" diff --git a/plugins/doc_fragments/lxca_common.py b/plugins/doc_fragments/lxca_common.py index eed6727c2a..85cdeb0f22 100644 --- a/plugins/doc_fragments/lxca_common.py +++ b/plugins/doc_fragments/lxca_common.py @@ -10,7 +10,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard Pylxca documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" author: - Naval Patel (@navalkp) - Prashant Bhosale (@prabhosa) @@ -18,19 +18,19 @@ author: options: login_user: description: - - The username for use in HTTP basic authentication. + - The username for use in HTTP basic authentication. type: str required: true login_password: description: - - The password for use in HTTP basic authentication. + - The password for use in HTTP basic authentication. type: str required: true auth_url: description: - - lxca HTTPS full web address. + - Lxca HTTPS full web address. type: str required: true @@ -40,4 +40,4 @@ requirements: notes: - Additional detail about pylxca can be found at U(https://github.com/lenovo/pylxca). - Playbooks using these modules can be found at U(https://github.com/lenovo/ansible.lenovo-lxca). -''' +""" diff --git a/plugins/doc_fragments/manageiq.py b/plugins/doc_fragments/manageiq.py index 8afc183a5c..4b9ea1ff52 100644 --- a/plugins/doc_fragments/manageiq.py +++ b/plugins/doc_fragments/manageiq.py @@ -11,7 +11,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard ManageIQ documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: manageiq_connection: description: @@ -34,20 +34,21 @@ options: type: str token: description: - - ManageIQ token. E(MIQ_TOKEN) environment variable if set. Otherwise, required if no username or password is passed in. + - ManageIQ token. E(MIQ_TOKEN) environment variable if set. Otherwise, required if no username or password is passed + in. type: str validate_certs: description: - Whether SSL certificates should be verified for HTTPS requests. type: bool default: true - aliases: [ verify_ssl ] + aliases: [verify_ssl] ca_cert: description: - The path to a CA bundle file or directory with certificates. type: str - aliases: [ ca_bundle_path ] + aliases: [ca_bundle_path] requirements: - 'manageiq-client U(https://github.com/ManageIQ/manageiq-api-client-python/)' -''' +""" diff --git a/plugins/doc_fragments/nomad.py b/plugins/doc_fragments/nomad.py index 1571c211c9..68787e835c 100644 --- a/plugins/doc_fragments/nomad.py +++ b/plugins/doc_fragments/nomad.py @@ -11,48 +11,48 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: - host: - description: - - FQDN of Nomad server. - required: true - type: str - port: - description: - - Port of Nomad server. - type: int - default: 4646 - version_added: 8.0.0 - use_ssl: - description: - - Use TLS/SSL connection. - type: bool - default: true - timeout: - description: - - Timeout (in seconds) for the request to Nomad. - type: int - default: 5 - validate_certs: - description: - - Enable TLS/SSL certificate validation. - type: bool - default: true - client_cert: - description: - - Path of certificate for TLS/SSL. - type: path - client_key: - description: - - Path of certificate's private key for TLS/SSL. - type: path - namespace: - description: - - Namespace for Nomad. - type: str - token: - description: - - ACL token for authentication. - type: str -''' + host: + description: + - FQDN of Nomad server. + required: true + type: str + port: + description: + - Port of Nomad server. + type: int + default: 4646 + version_added: 8.0.0 + use_ssl: + description: + - Use TLS/SSL connection. + type: bool + default: true + timeout: + description: + - Timeout (in seconds) for the request to Nomad. + type: int + default: 5 + validate_certs: + description: + - Enable TLS/SSL certificate validation. + type: bool + default: true + client_cert: + description: + - Path of certificate for TLS/SSL. + type: path + client_key: + description: + - Path of certificate's private key for TLS/SSL. + type: path + namespace: + description: + - Namespace for Nomad. + type: str + token: + description: + - ACL token for authentication. + type: str +""" diff --git a/plugins/doc_fragments/onepassword.py b/plugins/doc_fragments/onepassword.py index 4035f81796..a67c9e4dc1 100644 --- a/plugins/doc_fragments/onepassword.py +++ b/plugins/doc_fragments/onepassword.py @@ -9,7 +9,7 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = r''' + DOCUMENTATION = r""" requirements: - See U(https://support.1password.com/command-line/) options: @@ -18,7 +18,8 @@ options: aliases: ['vault_password'] type: str section: - description: Item section containing the field to retrieve (case-insensitive). If absent will return first match from any section. + description: Item section containing the field to retrieve (case-insensitive). If absent will return first match from + any section. domain: description: Domain of 1Password. default: '1password.com' @@ -55,25 +56,25 @@ options: env: - name: OP_CONNECT_TOKEN version_added: 8.1.0 -''' +""" - LOOKUP = r''' + LOOKUP = r""" options: service_account_token: env: - name: OP_SERVICE_ACCOUNT_TOKEN version_added: 8.2.0 notes: - - This lookup will use an existing 1Password session if one exists. If not, and you have already - performed an initial sign in (meaning C(~/.op/config), C(~/.config/op/config) or C(~/.config/.op/config) exists), then only the - O(master_password) is required. You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op). + - This lookup will use an existing 1Password session if one exists. If not, and you have already performed an initial sign + in (meaning C(~/.op/config), C(~/.config/op/config) or C(~/.config/.op/config) exists), then only the O(master_password) + is required. You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used + by C(op). - This lookup can perform an initial login by providing O(subdomain), O(username), O(secret_key), and O(master_password). - Can target a specific account by providing the O(account_id). - - Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials - needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength - to the 1Password master password. - - This lookup stores potentially sensitive data from 1Password as Ansible facts. - Facts are subject to caching if enabled, which means this data could be stored in clear text - on disk or in a database. + - Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal + credentials needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or + greater in strength to the 1Password master password. + - This lookup stores potentially sensitive data from 1Password as Ansible facts. Facts are subject to caching if enabled, + which means this data could be stored in clear text on disk or in a database. - Tested with C(op) version 2.7.2. -''' +""" diff --git a/plugins/doc_fragments/oneview.py b/plugins/doc_fragments/oneview.py index a88226d7d7..3caabe4512 100644 --- a/plugins/doc_fragments/oneview.py +++ b/plugins/doc_fragments/oneview.py @@ -11,70 +11,67 @@ __metaclass__ = type class ModuleDocFragment(object): # OneView doc fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: - config: - description: - - Path to a JSON configuration file containing the OneView client configuration. - The configuration file is optional and when used should be present in the host running the ansible commands. - If the file path is not provided, the configuration will be loaded from environment variables. - For links to example configuration files or how to use the environment variables verify the notes section. - type: path - api_version: - description: - - OneView API Version. - type: int - image_streamer_hostname: - description: - - IP address or hostname for the HPE Image Streamer REST API. - type: str - hostname: - description: - - IP address or hostname for the appliance. - type: str - username: - description: - - Username for API authentication. - type: str - password: - description: - - Password for API authentication. - type: str + config: + description: + - Path to a JSON configuration file containing the OneView client configuration. The configuration file is optional + and when used should be present in the host running the ansible commands. If the file path is not provided, the configuration + will be loaded from environment variables. For links to example configuration files or how to use the environment + variables verify the notes section. + type: path + api_version: + description: + - OneView API Version. + type: int + image_streamer_hostname: + description: + - IP address or hostname for the HPE Image Streamer REST API. + type: str + hostname: + description: + - IP address or hostname for the appliance. + type: str + username: + description: + - Username for API authentication. + type: str + password: + description: + - Password for API authentication. + type: str requirements: - Python >= 2.7.9 notes: - - "A sample configuration file for the config parameter can be found at: - U(https://github.com/HewlettPackard/oneview-ansible/blob/master/examples/oneview_config-rename.json)" - - "Check how to use environment variables for configuration at: - U(https://github.com/HewlettPackard/oneview-ansible#environment-variables)" - - "Additional Playbooks for the HPE OneView Ansible modules can be found at: - U(https://github.com/HewlettPackard/oneview-ansible/tree/master/examples)" - - "The OneView API version used will directly affect returned and expected fields in resources. - Information on setting the desired API version and can be found at: - U(https://github.com/HewlettPackard/oneview-ansible#setting-your-oneview-version)" - ''' + - 'A sample configuration file for the config parameter can be found at: + U(https://github.com/HewlettPackard/oneview-ansible/blob/master/examples/oneview_config-rename.json).' + - 'Check how to use environment variables for configuration at: U(https://github.com/HewlettPackard/oneview-ansible#environment-variables).' + - 'Additional Playbooks for the HPE OneView Ansible modules can be found at: U(https://github.com/HewlettPackard/oneview-ansible/tree/master/examples).' + - 'The OneView API version used will directly affect returned and expected fields in resources. Information on setting the + desired API version and can be found at: U(https://github.com/HewlettPackard/oneview-ansible#setting-your-oneview-version).' +""" - VALIDATEETAG = r''' + VALIDATEETAG = r""" options: - validate_etag: - description: - - When the ETag Validation is enabled, the request will be conditionally processed only if the current ETag - for the resource matches the ETag provided in the data. - type: bool - default: true -''' + validate_etag: + description: + - When the ETag Validation is enabled, the request will be conditionally processed only if the current ETag for the + resource matches the ETag provided in the data. + type: bool + default: true +""" - FACTSPARAMS = r''' + FACTSPARAMS = r""" options: - params: - description: - - List of parameters to delimit, filter and sort the list of resources. - - "Parameter keys allowed are:" - - "C(start): The first item to return, using 0-based indexing." - - "C(count): The number of resources to return." - - "C(filter): A general filter/query string to narrow the list of items returned." - - "C(sort): The sort order of the returned data set." - type: dict -''' + params: + description: + - List of parameters to delimit, filter and sort the list of resources. + - 'Parameter keys allowed are:' + - 'V(start): The first item to return, using 0-based indexing.' + - 'V(count): The number of resources to return.' + - 'V(filter): A general filter/query string to narrow the list of items returned.' + - 'V(sort): The sort order of the returned data set.' + type: dict +""" diff --git a/plugins/doc_fragments/online.py b/plugins/doc_fragments/online.py index 37e39cfa26..0149872b0a 100644 --- a/plugins/doc_fragments/online.py +++ b/plugins/doc_fragments/online.py @@ -10,26 +10,26 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: api_token: description: - Online OAuth token. type: str required: true - aliases: [ oauth_token ] + aliases: [oauth_token] api_url: description: - Online API URL. type: str default: 'https://api.online.net' - aliases: [ base_url ] + aliases: [base_url] api_timeout: description: - HTTP timeout to Online API in seconds. type: int default: 30 - aliases: [ timeout ] + aliases: [timeout] validate_certs: description: - Validate SSL certs of the Online API. @@ -37,9 +37,7 @@ options: default: true notes: - Also see the API documentation on U(https://console.online.net/en/api/). - - If O(api_token) is not set within the module, the following - environment variables can be used in decreasing order of precedence + - If O(api_token) is not set within the module, the following environment variables can be used in decreasing order of precedence E(ONLINE_TOKEN), E(ONLINE_API_KEY), E(ONLINE_OAUTH_TOKEN), E(ONLINE_API_TOKEN). - - If one wants to use a different O(api_url) one can also set the E(ONLINE_API_URL) - environment variable. -''' + - If one wants to use a different O(api_url) one can also set the E(ONLINE_API_URL) environment variable. +""" diff --git a/plugins/doc_fragments/opennebula.py b/plugins/doc_fragments/opennebula.py index 567faf1a77..381f52c272 100644 --- a/plugins/doc_fragments/opennebula.py +++ b/plugins/doc_fragments/opennebula.py @@ -10,36 +10,36 @@ __metaclass__ = type class ModuleDocFragment(object): # OpenNebula common documentation - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: - api_url: - description: - - The ENDPOINT URL of the XMLRPC server. - - If not specified then the value of the E(ONE_URL) environment variable, if any, is used. - type: str - aliases: - - api_endpoint - api_username: - description: - - The name of the user for XMLRPC authentication. - - If not specified then the value of the E(ONE_USERNAME) environment variable, if any, is used. - type: str - api_password: - description: - - The password or token for XMLRPC authentication. - - If not specified then the value of the E(ONE_PASSWORD) environment variable, if any, is used. - type: str - aliases: - - api_token - validate_certs: - description: - - Whether to validate the TLS/SSL certificates or not. - - This parameter is ignored if E(PYTHONHTTPSVERIFY) environment variable is used. - type: bool - default: true - wait_timeout: - description: - - Time to wait for the desired state to be reached before timeout, in seconds. - type: int - default: 300 -''' + api_url: + description: + - The ENDPOINT URL of the XMLRPC server. + - If not specified then the value of the E(ONE_URL) environment variable, if any, is used. + type: str + aliases: + - api_endpoint + api_username: + description: + - The name of the user for XMLRPC authentication. + - If not specified then the value of the E(ONE_USERNAME) environment variable, if any, is used. + type: str + api_password: + description: + - The password or token for XMLRPC authentication. + - If not specified then the value of the E(ONE_PASSWORD) environment variable, if any, is used. + type: str + aliases: + - api_token + validate_certs: + description: + - Whether to validate the TLS/SSL certificates or not. + - This parameter is ignored if E(PYTHONHTTPSVERIFY) environment variable is used. + type: bool + default: true + wait_timeout: + description: + - Time to wait for the desired state to be reached before timeout, in seconds. + type: int + default: 300 +""" diff --git a/plugins/doc_fragments/openswitch.py b/plugins/doc_fragments/openswitch.py index a203a3b409..f0e9e87c3d 100644 --- a/plugins/doc_fragments/openswitch.py +++ b/plugins/doc_fragments/openswitch.py @@ -11,75 +11,62 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: host: description: - - Specifies the DNS host name or address for connecting to the remote - device over the specified transport. The value of host is used as - the destination address for the transport. Note this argument - does not affect the SSH argument. + - Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value + of host is used as the destination address for the transport. Note this argument does not affect the SSH argument. type: str port: description: - - Specifies the port to use when building the connection to the remote - device. This value applies to either O(transport=cli) or O(transport=rest). The port - value will default to the appropriate transport common port if - none is provided in the task. (cli=22, http=80, https=443). Note - this argument does not affect the SSH transport. + - Specifies the port to use when building the connection to the remote device. This value applies to either O(transport=cli) + or O(transport=rest). The port value will default to the appropriate transport common port if none is provided in + the task. (cli=22, http=80, https=443). Note this argument does not affect the SSH transport. type: int default: 0 (use common port) username: description: - - Configures the username to use to authenticate the connection to - the remote device. This value is used to authenticate - either the CLI login or the eAPI authentication depending on which - transport is used. Note this argument does not affect the SSH - transport. If the value is not specified in the task, the value of - environment variable E(ANSIBLE_NET_USERNAME) will be used instead. + - Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate + either the CLI login or the eAPI authentication depending on which transport is used. Note this argument does not + affect the SSH transport. If the value is not specified in the task, the value of environment variable E(ANSIBLE_NET_USERNAME) + will be used instead. type: str password: description: - - Specifies the password to use to authenticate the connection to - the remote device. This is a common argument used for either O(transport=cli) - or O(transport=rest). Note this argument does not affect the SSH - transport. If the value is not specified in the task, the value of - environment variable E(ANSIBLE_NET_PASSWORD) will be used instead. + - Specifies the password to use to authenticate the connection to the remote device. This is a common argument used + for either O(transport=cli) or O(transport=rest). Note this argument does not affect the SSH transport. If the value + is not specified in the task, the value of environment variable E(ANSIBLE_NET_PASSWORD) will be used instead. type: str timeout: description: - - Specifies the timeout in seconds for communicating with the network device - for either connecting or sending commands. If the timeout is - exceeded before the operation is completed, the module will error. + - Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. + If the timeout is exceeded before the operation is completed, the module will error. type: int default: 10 ssh_keyfile: description: - - Specifies the SSH key to use to authenticate the connection to - the remote device. This argument is only used for O(transport=cli). - If the value is not specified in the task, the value of - environment variable E(ANSIBLE_NET_SSH_KEYFILE) will be used instead. + - Specifies the SSH key to use to authenticate the connection to the remote device. This argument is only used for O(transport=cli). + If the value is not specified in the task, the value of environment variable E(ANSIBLE_NET_SSH_KEYFILE) will be used + instead. type: path transport: description: - - Configures the transport connection to use when connecting to the - remote device. The transport argument supports connectivity to the - device over SSH (V(ssh)), CLI (V(cli)), or REST (V(rest)). + - Configures the transport connection to use when connecting to the remote device. The transport argument supports connectivity + to the device over SSH (V(ssh)), CLI (V(cli)), or REST (V(rest)). required: true type: str - choices: [ cli, rest, ssh ] + choices: [cli, rest, ssh] default: ssh use_ssl: description: - - Configures the O(transport) to use SSL if set to V(true) only when the - O(transport) argument is configured as rest. If the transport - argument is not V(rest), this value is ignored. + - Configures the O(transport) to use SSL if set to V(true) only when the O(transport) argument is configured as rest. + If the transport argument is not V(rest), this value is ignored. type: bool default: true provider: description: - - Convenience method that allows all C(openswitch) arguments to be passed as - a dict object. All constraints (required, choices, etc) must be - met either by individual arguments or values in this dict. + - Convenience method that allows all C(openswitch) arguments to be passed as a dict object. All constraints (required, + choices, and so on) must be met either by individual arguments or values in this dict. type: dict -''' +""" diff --git a/plugins/doc_fragments/oracle.py b/plugins/doc_fragments/oracle.py index ff0ed2fd5b..702b77f02f 100644 --- a/plugins/doc_fragments/oracle.py +++ b/plugins/doc_fragments/oracle.py @@ -8,76 +8,69 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = """ - requirements: - - Python SDK for Oracle Cloud Infrastructure U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io) - notes: - - For OCI Python SDK configuration, please refer to - U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html). - options: - config_file_location: - description: - - Path to configuration file. If not set then the value of the E(OCI_CONFIG_FILE) environment variable, - if any, is used. Otherwise, defaults to C(~/.oci/config). - type: str - config_profile_name: - description: - - The profile to load from the config file referenced by O(config_file_location). If not set, then the - value of the E(OCI_CONFIG_PROFILE) environment variable, if any, is used. Otherwise, defaults to the - C(DEFAULT) profile in O(config_file_location). - default: "DEFAULT" - type: str - api_user: - description: - - The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the - value of the E(OCI_USER_OCID) environment variable, if any, is used. This option is required if the user - is not specified through a configuration file (See O(config_file_location)). To get the user's OCID, - please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). - type: str - api_user_fingerprint: - description: - - Fingerprint for the key pair being used. If not set, then the value of the E(OCI_USER_FINGERPRINT) - environment variable, if any, is used. This option is required if the key fingerprint is not - specified through a configuration file (See O(config_file_location)). To get the key pair's - fingerprint value please refer - U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). - type: str - api_user_key_file: - description: - - Full path and filename of the private key (in PEM format). If not set, then the value of the - OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is - not specified through a configuration file (See O(config_file_location)). If the key is encrypted - with a pass-phrase, the O(api_user_key_pass_phrase) option must also be provided. - type: path - api_user_key_pass_phrase: - description: - - Passphrase used by the key referenced in O(api_user_key_file), if it is encrypted. If not set, then - the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the - key passphrase is not specified through a configuration file (See O(config_file_location)). - type: str - auth_type: - description: - - The type of authentication to use for making API requests. By default O(auth_type=api_key) based - authentication is performed and the API key (see O(api_user_key_file)) in your config file will be - used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, - if any, is used. Use O(auth_type=instance_principal) to use instance principal based authentication - when running ansible playbooks within an OCI compute instance. - choices: ['api_key', 'instance_principal'] - default: 'api_key' - type: str - tenancy: - description: - - OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is - used. This option is required if the tenancy OCID is not specified through a configuration file - (See O(config_file_location)). To get the tenancy OCID, please refer to - U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). - type: str - region: - description: - - The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the - value of the OCI_REGION variable, if any, is used. This option is required if the region is - not specified through a configuration file (See O(config_file_location)). Please refer to - U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm) for more information - on OCI regions. - type: str - """ + DOCUMENTATION = r""" +requirements: + - Python SDK for Oracle Cloud Infrastructure U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io) +notes: + - For OCI Python SDK configuration, please refer to U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html). +options: + config_file_location: + description: + - Path to configuration file. If not set then the value of the E(OCI_CONFIG_FILE) environment variable, if any, is used. + Otherwise, defaults to C(~/.oci/config). + type: str + config_profile_name: + description: + - The profile to load from the config file referenced by O(config_file_location). If not set, then the value of the + E(OCI_CONFIG_PROFILE) environment variable, if any, is used. Otherwise, defaults to the C(DEFAULT) profile in O(config_file_location). + default: "DEFAULT" + type: str + api_user: + description: + - The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the E(OCI_USER_OCID) environment + variable, if any, is used. This option is required if the user is not specified through a configuration file (See + O(config_file_location)). To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). + type: str + api_user_fingerprint: + description: + - Fingerprint for the key pair being used. If not set, then the value of the E(OCI_USER_FINGERPRINT) environment variable, + if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See + O(config_file_location)). To get the key pair's fingerprint value please refer to + U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). + type: str + api_user_key_file: + description: + - Full path and filename of the private key (in PEM format). If not set, then the value of the E(OCI_USER_KEY_FILE) + variable, if any, is used. This option is required if the private key is not specified through a configuration file + (See O(config_file_location)). If the key is encrypted with a pass-phrase, the O(api_user_key_pass_phrase) option + must also be provided. + type: path + api_user_key_pass_phrase: + description: + - Passphrase used by the key referenced in O(api_user_key_file), if it is encrypted. If not set, then the value of the + E(OCI_USER_KEY_PASS_PHRASE) variable, if any, is used. This option is required if the key passphrase is not specified + through a configuration file (See O(config_file_location)). + type: str + auth_type: + description: + - The type of authentication to use for making API requests. By default O(auth_type=api_key) based authentication is + performed and the API key (see O(api_user_key_file)) in your config file will be used. If this 'auth_type' module + option is not specified, the value of the E(OCI_ANSIBLE_AUTH_TYPE), if any, is used. Use O(auth_type=instance_principal) + to use instance principal based authentication when running ansible playbooks within an OCI compute instance. + choices: ['api_key', 'instance_principal'] + default: 'api_key' + type: str + tenancy: + description: + - OCID of your tenancy. If not set, then the value of the E(OCI_TENANCY) variable, if any, is used. This option is required + if the tenancy OCID is not specified through a configuration file (See O(config_file_location)). To get the tenancy + OCID, please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm). + type: str + region: + description: + - The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the E(OCI_REGION) + variable, if any, is used. This option is required if the region is not specified through a configuration file (See + O(config_file_location)). Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm) + for more information on OCI regions. + type: str +""" diff --git a/plugins/doc_fragments/oracle_creatable_resource.py b/plugins/doc_fragments/oracle_creatable_resource.py index 9d2cc07c9f..5ccd6525c0 100644 --- a/plugins/doc_fragments/oracle_creatable_resource.py +++ b/plugins/doc_fragments/oracle_creatable_resource.py @@ -8,19 +8,18 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = """ - options: - force_create: - description: Whether to attempt non-idempotent creation of a resource. By default, create resource is an - idempotent operation, and doesn't create the resource if it already exists. Setting this option - to true, forcefully creates a copy of the resource, even if it already exists.This option is - mutually exclusive with O(key_by). - default: false - type: bool - key_by: - description: The list of comma-separated attributes of this resource which should be used to uniquely - identify an instance of the resource. By default, all the attributes of a resource except - O(freeform_tags) are used to uniquely identify a resource. - type: list - elements: str - """ + DOCUMENTATION = r""" +options: + force_create: + description: Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, + and does not create the resource if it already exists. Setting this option to V(true), forcefully creates a copy of + the resource, even if it already exists. This option is mutually exclusive with O(key_by). + default: false + type: bool + key_by: + description: The list of comma-separated attributes of this resource which should be used to uniquely identify an instance + of the resource. By default, all the attributes of a resource except O(freeform_tags) are used to uniquely identify + a resource. + type: list + elements: str +""" diff --git a/plugins/doc_fragments/oracle_display_name_option.py b/plugins/doc_fragments/oracle_display_name_option.py index b6bc0f2297..ab219352e9 100644 --- a/plugins/doc_fragments/oracle_display_name_option.py +++ b/plugins/doc_fragments/oracle_display_name_option.py @@ -8,10 +8,10 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = """ - options: - display_name: - description: Use O(display_name) along with the other options to return only resources that match the given - display name exactly. - type: str - """ + DOCUMENTATION = r""" +options: + display_name: + description: Use O(display_name) along with the other options to return only resources that match the given display name + exactly. + type: str +""" diff --git a/plugins/doc_fragments/oracle_name_option.py b/plugins/doc_fragments/oracle_name_option.py index 523eed702f..5d5c97ef65 100644 --- a/plugins/doc_fragments/oracle_name_option.py +++ b/plugins/doc_fragments/oracle_name_option.py @@ -8,10 +8,9 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = """ - options: - name: - description: Use O(name) along with the other options to return only resources that match the given name - exactly. - type: str - """ + DOCUMENTATION = r""" +options: + name: + description: Use O(name) along with the other options to return only resources that match the given name exactly. + type: str +""" diff --git a/plugins/doc_fragments/oracle_tags.py b/plugins/doc_fragments/oracle_tags.py index 3789dbe912..9cd35f9c7e 100644 --- a/plugins/doc_fragments/oracle_tags.py +++ b/plugins/doc_fragments/oracle_tags.py @@ -8,16 +8,14 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = """ - options: - defined_tags: - description: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more - information, see - U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/resourcetags.htm). - type: dict - freeform_tags: - description: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, - type, or namespace. For more information, see - U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/resourcetags.htm). - type: dict - """ + DOCUMENTATION = r""" +options: + defined_tags: + description: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see + U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/resourcetags.htm). + type: dict + freeform_tags: + description: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. + For more information, see U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/resourcetags.htm). + type: dict +""" diff --git a/plugins/doc_fragments/oracle_wait_options.py b/plugins/doc_fragments/oracle_wait_options.py index 0ba2532324..90334711ee 100644 --- a/plugins/doc_fragments/oracle_wait_options.py +++ b/plugins/doc_fragments/oracle_wait_options.py @@ -8,20 +8,19 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = """ - options: - wait: - description: Whether to wait for create or delete operation to complete. - default: true - type: bool - wait_timeout: - description: Time, in seconds, to wait when O(wait=true). - default: 1200 - type: int - wait_until: - description: The lifecycle state to wait for the resource to transition into when O(wait=true). By default, - when O(wait=true), we wait for the resource to get into ACTIVE/ATTACHED/AVAILABLE/PROVISIONED/ - RUNNING applicable lifecycle state during create operation and to get into DELETED/DETACHED/ - TERMINATED lifecycle state during delete operation. - type: str - """ + DOCUMENTATION = r""" +options: + wait: + description: Whether to wait for create or delete operation to complete. + default: true + type: bool + wait_timeout: + description: Time, in seconds, to wait when O(wait=true). + default: 1200 + type: int + wait_until: + description: The lifecycle state to wait for the resource to transition into when O(wait=true). By default, when O(wait=true), + we wait for the resource to get into ACTIVE/ATTACHED/AVAILABLE/PROVISIONED/ RUNNING applicable lifecycle state during + create operation and to get into DELETED/DETACHED/ TERMINATED lifecycle state during delete operation. + type: str +""" diff --git a/plugins/doc_fragments/pipx.py b/plugins/doc_fragments/pipx.py new file mode 100644 index 0000000000..b94495d4a1 --- /dev/null +++ b/plugins/doc_fragments/pipx.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class ModuleDocFragment(object): + DOCUMENTATION = r""" +options: + global: + description: + - The module will pass the C(--global) argument to C(pipx), to execute actions in global scope. + - The C(--global) is only available in C(pipx>=1.6.0), so make sure to have a compatible version when using this option. + Moreover, a nasty bug with C(--global) was fixed in C(pipx==1.7.0), so it is strongly recommended you used that version + or newer. + type: bool + default: false + executable: + description: + - Path to the C(pipx) installed in the system. + - If not specified, the module will use C(python -m pipx) to run the tool, using the same Python interpreter as ansible + itself. + type: path +notes: + - This module requires C(pipx) version 0.16.2.1 or above. From community.general 11.0.0 onwards, the module will require + C(pipx>=1.7.0). + - Please note that C(pipx) requires Python 3.6 or above. + - This module does not install the C(pipx) python package, however that can be easily done with the module M(ansible.builtin.pip). + - This module does not require C(pipx) to be in the shell C(PATH), but it must be loadable by Python as a module. + - This module will honor C(pipx) environment variables such as but not limited to E(PIPX_HOME) and E(PIPX_BIN_DIR) passed + using the R(environment Ansible keyword, playbooks_environment). +seealso: + - name: C(pipx) command manual page + description: Manual page for the command. + link: https://pipx.pypa.io/latest/docs/ +""" diff --git a/plugins/doc_fragments/pritunl.py b/plugins/doc_fragments/pritunl.py index 396ee0866a..287204c16c 100644 --- a/plugins/doc_fragments/pritunl.py +++ b/plugins/doc_fragments/pritunl.py @@ -13,32 +13,28 @@ class ModuleDocFragment(object): DOCUMENTATION = r""" options: - pritunl_url: - type: str - required: true - description: - - URL and port of the Pritunl server on which the API is enabled. - - pritunl_api_token: - type: str - required: true - description: - - API Token of a Pritunl admin user. - - It needs to be enabled in Administrators > USERNAME > Enable Token Authentication. - - pritunl_api_secret: - type: str - required: true - description: - - API Secret found in Administrators > USERNAME > API Secret. - - validate_certs: - type: bool - required: false - default: true - description: - - If certificates should be validated or not. - - This should never be set to V(false), except if you are very sure that - your connection to the server can not be subject to a Man In The Middle - attack. + pritunl_url: + type: str + required: true + description: + - URL and port of the Pritunl server on which the API is enabled. + pritunl_api_token: + type: str + required: true + description: + - API Token of a Pritunl admin user. + - It needs to be enabled in Administrators > USERNAME > Enable Token Authentication. + pritunl_api_secret: + type: str + required: true + description: + - API Secret found in Administrators > USERNAME > API Secret. + validate_certs: + type: bool + required: false + default: true + description: + - If certificates should be validated or not. + - This should never be set to V(false), except if you are very sure that your connection to the server can not be subject + to a Man In The Middle attack. """ diff --git a/plugins/doc_fragments/proxmox.py b/plugins/doc_fragments/proxmox.py index 4972da4985..4641c36d3e 100644 --- a/plugins/doc_fragments/proxmox.py +++ b/plugins/doc_fragments/proxmox.py @@ -9,13 +9,20 @@ __metaclass__ = type class ModuleDocFragment(object): # Common parameters for Proxmox VE modules - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: api_host: description: - Specify the target host of the Proxmox VE cluster. type: str required: true + api_port: + description: + - Specify the target port of the Proxmox VE cluster. + - Uses the E(PROXMOX_PORT) environment variable if not specified. + type: int + required: false + version_added: 9.1.0 api_user: description: - Specify the user to authenticate with. @@ -44,10 +51,10 @@ options: - This should only be used on personally controlled sites using self-signed certificates. type: bool default: false -requirements: [ "proxmoxer", "requests" ] -''' +requirements: ["proxmoxer", "requests"] +""" - SELECTION = r''' + SELECTION = r""" options: vmid: description: @@ -64,4 +71,14 @@ options: description: - Add the new VM to the specified pool. type: str -''' +""" + + ACTIONGROUP_PROXMOX = r""" +options: {} +attributes: + action_group: + description: Use C(group/community.general.proxmox) in C(module_defaults) to set defaults for this module. + support: full + membership: + - community.general.proxmox +""" diff --git a/plugins/doc_fragments/purestorage.py b/plugins/doc_fragments/purestorage.py index 823397763f..c2c6c9a262 100644 --- a/plugins/doc_fragments/purestorage.py +++ b/plugins/doc_fragments/purestorage.py @@ -10,18 +10,8 @@ __metaclass__ = type class ModuleDocFragment(object): - # Standard Pure Storage documentation fragment - DOCUMENTATION = r''' -options: - - See separate platform section for more details -requirements: - - See separate platform section for more details -notes: - - Ansible modules are available for the following Pure Storage products: FlashArray, FlashBlade -''' - # Documentation fragment for FlashBlade - FB = r''' + FB = r""" options: fb_url: description: @@ -33,14 +23,14 @@ options: type: str notes: - This module requires the C(purity_fb) Python library. - - You must set E(PUREFB_URL) and E(PUREFB_API) environment variables - if O(fb_url) and O(api_token) arguments are not passed to the module directly. + - You must set E(PUREFB_URL) and E(PUREFB_API) environment variables if O(fb_url) and O(api_token) arguments are not passed + to the module directly. requirements: - purity_fb >= 1.1 -''' +""" # Documentation fragment for FlashArray - FA = r''' + FA = r""" options: fa_url: description: @@ -54,8 +44,8 @@ options: required: true notes: - This module requires the C(purestorage) Python library. - - You must set E(PUREFA_URL) and E(PUREFA_API) environment variables - if O(fa_url) and O(api_token) arguments are not passed to the module directly. + - You must set E(PUREFA_URL) and E(PUREFA_API) environment variables if O(fa_url) and O(api_token) arguments are not passed + to the module directly. requirements: - purestorage -''' +""" diff --git a/plugins/doc_fragments/rackspace.py b/plugins/doc_fragments/rackspace.py deleted file mode 100644 index f28be777ca..0000000000 --- a/plugins/doc_fragments/rackspace.py +++ /dev/null @@ -1,120 +0,0 @@ -# -*- coding: utf-8 -*- - -# Copyright (c) 2014, Matt Martz -# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) -# SPDX-License-Identifier: GPL-3.0-or-later - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - - -class ModuleDocFragment(object): - - # Standard Rackspace only documentation fragment - DOCUMENTATION = r''' -options: - api_key: - description: - - Rackspace API key, overrides O(credentials). - type: str - aliases: [ password ] - credentials: - description: - - File to find the Rackspace credentials in. Ignored if O(api_key) and - O(username) are provided. - type: path - aliases: [ creds_file ] - env: - description: - - Environment as configured in C(~/.pyrax.cfg), - see U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration). - type: str - region: - description: - - Region to create an instance in. - type: str - username: - description: - - Rackspace username, overrides O(credentials). - type: str - validate_certs: - description: - - Whether or not to require SSL validation of API endpoints. - type: bool - aliases: [ verify_ssl ] -requirements: - - pyrax -notes: - - The following environment variables can be used, E(RAX_USERNAME), - E(RAX_API_KEY), E(RAX_CREDS_FILE), E(RAX_CREDENTIALS), E(RAX_REGION). - - E(RAX_CREDENTIALS) and E(RAX_CREDS_FILE) point to a credentials file - appropriate for pyrax. See U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating). - - E(RAX_USERNAME) and E(RAX_API_KEY) obviate the use of a credentials file. - - E(RAX_REGION) defines a Rackspace Public Cloud region (DFW, ORD, LON, ...). -''' - - # Documentation fragment including attributes to enable communication - # of other OpenStack clouds. Not all rax modules support this. - OPENSTACK = r''' -options: - api_key: - type: str - description: - - Rackspace API key, overrides O(credentials). - aliases: [ password ] - auth_endpoint: - type: str - description: - - The URI of the authentication service. - - If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/). - credentials: - type: path - description: - - File to find the Rackspace credentials in. Ignored if O(api_key) and - O(username) are provided. - aliases: [ creds_file ] - env: - type: str - description: - - Environment as configured in C(~/.pyrax.cfg), - see U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration). - identity_type: - type: str - description: - - Authentication mechanism to use, such as rackspace or keystone. - default: rackspace - region: - type: str - description: - - Region to create an instance in. - tenant_id: - type: str - description: - - The tenant ID used for authentication. - tenant_name: - type: str - description: - - The tenant name used for authentication. - username: - type: str - description: - - Rackspace username, overrides O(credentials). - validate_certs: - description: - - Whether or not to require SSL validation of API endpoints. - type: bool - aliases: [ verify_ssl ] -deprecated: - removed_in: 9.0.0 - why: This module relies on the deprecated package pyrax. - alternative: Use the Openstack modules instead. -requirements: - - pyrax -notes: - - The following environment variables can be used, E(RAX_USERNAME), - E(RAX_API_KEY), E(RAX_CREDS_FILE), E(RAX_CREDENTIALS), E(RAX_REGION). - - E(RAX_CREDENTIALS) and E(RAX_CREDS_FILE) points to a credentials file - appropriate for pyrax. See U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating). - - E(RAX_USERNAME) and E(RAX_API_KEY) obviate the use of a credentials file. - - E(RAX_REGION) defines a Rackspace Public Cloud region (DFW, ORD, LON, ...). -''' diff --git a/plugins/doc_fragments/redis.py b/plugins/doc_fragments/redis.py index fafb52c86c..149c018d79 100644 --- a/plugins/doc_fragments/redis.py +++ b/plugins/doc_fragments/redis.py @@ -10,7 +10,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Common parameters for Redis modules - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: login_host: description: @@ -40,19 +40,26 @@ options: validate_certs: description: - Specify whether or not to validate TLS certificates. - - This should only be turned off for personally controlled sites or with - C(localhost) as target. + - This should only be turned off for personally controlled sites or with C(localhost) as target. type: bool default: true ca_certs: description: - - Path to root certificates file. If not set and O(tls) is - set to V(true), certifi ca-certificates will be used. + - Path to root certificates file. If not set and O(tls) is set to V(true), certifi ca-certificates will be used. type: str -requirements: [ "redis", "certifi" ] + client_cert_file: + description: + - Path to the client certificate file. + type: str + version_added: 9.3.0 + client_key_file: + description: + - Path to the client private key file. + type: str + version_added: 9.3.0 +requirements: ["redis", "certifi"] notes: - - Requires the C(redis) Python package on the remote host. You can - install it with pip (C(pip install redis)) or with a package manager. - Information on the library can be found at U(https://github.com/andymccurdy/redis-py). -''' + - Requires the C(redis) Python package on the remote host. You can install it with pip (C(pip install redis)) or with a + package manager. Information on the library can be found at U(https://github.com/andymccurdy/redis-py). +""" diff --git a/plugins/doc_fragments/rundeck.py b/plugins/doc_fragments/rundeck.py index 62c8648e96..b3a8e86753 100644 --- a/plugins/doc_fragments/rundeck.py +++ b/plugins/doc_fragments/rundeck.py @@ -11,7 +11,7 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard files documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: url: type: str @@ -29,4 +29,4 @@ options: description: - Rundeck User API Token. required: true -''' +""" diff --git a/plugins/doc_fragments/scaleway.py b/plugins/doc_fragments/scaleway.py index bdb0dd0561..2988865eea 100644 --- a/plugins/doc_fragments/scaleway.py +++ b/plugins/doc_fragments/scaleway.py @@ -11,29 +11,29 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: api_token: description: - Scaleway OAuth token. type: str required: true - aliases: [ oauth_token ] + aliases: [oauth_token] api_url: description: - Scaleway API URL. type: str default: https://api.scaleway.com - aliases: [ base_url ] + aliases: [base_url] api_timeout: description: - HTTP timeout to Scaleway API in seconds. type: int default: 30 - aliases: [ timeout ] + aliases: [timeout] query_parameters: description: - - List of parameters passed to the query string. + - List of parameters passed to the query string. type: dict default: {} validate_certs: @@ -43,9 +43,7 @@ options: default: true notes: - Also see the API documentation on U(https://developer.scaleway.com/). - - If O(api_token) is not set within the module, the following - environment variables can be used in decreasing order of precedence + - If O(api_token) is not set within the module, the following environment variables can be used in decreasing order of precedence E(SCW_TOKEN), E(SCW_API_KEY), E(SCW_OAUTH_TOKEN) or E(SCW_API_TOKEN). - - If one wants to use a different O(api_url) one can also set the E(SCW_API_URL) - environment variable. -''' + - If one wants to use a different O(api_url) one can also set the E(SCW_API_URL) environment variable. +""" diff --git a/plugins/doc_fragments/scaleway_waitable_resource.py b/plugins/doc_fragments/scaleway_waitable_resource.py index 3ab5c7d6f4..f529d8f5c2 100644 --- a/plugins/doc_fragments/scaleway_waitable_resource.py +++ b/plugins/doc_fragments/scaleway_waitable_resource.py @@ -11,23 +11,23 @@ __metaclass__ = type class ModuleDocFragment(object): # Standard documentation fragment - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: wait: description: - - Wait for the resource to reach its desired state before returning. + - Wait for the resource to reach its desired state before returning. type: bool default: true wait_timeout: type: int description: - - Time to wait for the resource to reach the expected state. + - Time to wait for the resource to reach the expected state. required: false default: 300 wait_sleep_time: type: int description: - - Time to wait before every attempt to check the state of the resource. + - Time to wait before every attempt to check the state of the resource. required: false default: 3 -''' +""" diff --git a/plugins/doc_fragments/utm.py b/plugins/doc_fragments/utm.py index 3e0bc6e10c..3b2118485e 100644 --- a/plugins/doc_fragments/utm.py +++ b/plugins/doc_fragments/utm.py @@ -9,49 +9,49 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: - headers: - description: - - A dictionary of additional headers to be sent to POST and PUT requests. - - Is needed for some modules. - type: dict - required: false - default: {} - utm_host: - description: - - The REST Endpoint of the Sophos UTM. - type: str - required: true - utm_port: - description: - - The port of the REST interface. - type: int - default: 4444 - utm_token: - description: - - "The token used to identify at the REST-API. See - U(https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en), - Chapter 2.4.2." - type: str - required: true - utm_protocol: - description: - - The protocol of the REST Endpoint. - choices: [ http, https ] - type: str - default: https - validate_certs: - description: - - Whether the REST interface's ssl certificate should be verified or not. - type: bool - default: true - state: - description: - - The desired state of the object. - - V(present) will create or update an object. - - V(absent) will delete an object if it was present. - type: str - choices: [ absent, present ] - default: present -''' + headers: + description: + - A dictionary of additional headers to be sent to POST and PUT requests. + - Is needed for some modules. + type: dict + required: false + default: {} + utm_host: + description: + - The REST Endpoint of the Sophos UTM. + type: str + required: true + utm_port: + description: + - The port of the REST interface. + type: int + default: 4444 + utm_token: + description: + - The token used to identify at the REST-API. + - See U(https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en), Chapter + 2.4.2. + type: str + required: true + utm_protocol: + description: + - The protocol of the REST Endpoint. + choices: [http, https] + type: str + default: https + validate_certs: + description: + - Whether the REST interface's SSL certificate should be verified or not. + type: bool + default: true + state: + description: + - The desired state of the object. + - V(present) will create or update an object. + - V(absent) will delete an object if it was present. + type: str + choices: [absent, present] + default: present +""" diff --git a/plugins/doc_fragments/vexata.py b/plugins/doc_fragments/vexata.py index 041f404d28..48ff30a276 100644 --- a/plugins/doc_fragments/vexata.py +++ b/plugins/doc_fragments/vexata.py @@ -10,15 +10,6 @@ __metaclass__ = type class ModuleDocFragment(object): - DOCUMENTATION = r''' -options: - - See respective platform section for more details -requirements: - - See respective platform section for more details -notes: - - Ansible modules are available for Vexata VX100 arrays. -''' - # Documentation fragment for Vexata VX100 series VX100 = r''' options: diff --git a/plugins/doc_fragments/xenserver.py b/plugins/doc_fragments/xenserver.py index 681d959faa..d1377e8964 100644 --- a/plugins/doc_fragments/xenserver.py +++ b/plugins/doc_fragments/xenserver.py @@ -10,32 +10,33 @@ __metaclass__ = type class ModuleDocFragment(object): # Common parameters for XenServer modules - DOCUMENTATION = r''' + DOCUMENTATION = r""" options: hostname: description: - - The hostname or IP address of the XenServer host or XenServer pool master. - - If the value is not specified in the task, the value of environment variable E(XENSERVER_HOST) will be used instead. + - The hostname or IP address of the XenServer host or XenServer pool master. + - If the value is not specified in the task, the value of environment variable E(XENSERVER_HOST) will be used instead. type: str default: localhost - aliases: [ host, pool ] + aliases: [host, pool] username: description: - - The username to use for connecting to XenServer. - - If the value is not specified in the task, the value of environment variable E(XENSERVER_USER) will be used instead. + - The username to use for connecting to XenServer. + - If the value is not specified in the task, the value of environment variable E(XENSERVER_USER) will be used instead. type: str default: root - aliases: [ admin, user ] + aliases: [admin, user] password: description: - - The password to use for connecting to XenServer. - - If the value is not specified in the task, the value of environment variable E(XENSERVER_PASSWORD) will be used instead. + - The password to use for connecting to XenServer. + - If the value is not specified in the task, the value of environment variable E(XENSERVER_PASSWORD) will be used instead. type: str - aliases: [ pass, pwd ] + aliases: [pass, pwd] validate_certs: description: - - Allows connection when SSL certificates are not valid. Set to V(false) when certificates are not trusted. - - If the value is not specified in the task, the value of environment variable E(XENSERVER_VALIDATE_CERTS) will be used instead. + - Allows connection when SSL certificates are not valid. Set to V(false) when certificates are not trusted. + - If the value is not specified in the task, the value of environment variable E(XENSERVER_VALIDATE_CERTS) will be used + instead. type: bool default: true -''' +""" diff --git a/plugins/filter/accumulate.py b/plugins/filter/accumulate.py new file mode 100644 index 0000000000..c48afa0467 --- /dev/null +++ b/plugins/filter/accumulate.py @@ -0,0 +1,63 @@ +# Copyright (c) Max Gautier +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +DOCUMENTATION = r""" +name: accumulate +short_description: Produce a list of accumulated sums of the input list contents +version_added: 10.1.0 +author: Max Gautier (@VannTen) +description: + - Passthrough to the L(Python itertools.accumulate function,https://docs.python.org/3/library/itertools.html#itertools.accumulate). + - Transforms an input list into the cumulative list of results from applying addition to the elements of the input list. + - Addition means the default Python implementation of C(+) for input list elements type. +options: + _input: + description: A list. + type: list + elements: any + required: true +""" + +RETURN = r""" +_value: + description: A list of cumulated sums of the elements of the input list. + type: list + elements: any +""" + +EXAMPLES = r""" +- name: Enumerate parent directories of some path + ansible.builtin.debug: + var: > + "/some/path/to/my/file" + | split('/') | map('split', '/') + | community.general.accumulate | map('join', '/') + # Produces: ['', '/some', '/some/path', '/some/path/to', '/some/path/to/my', '/some/path/to/my/file'] + +- name: Growing string + ansible.builtin.debug: + var: "'abc' | community.general.accumulate" + # Produces ['a', 'ab', 'abc'] +""" + +from itertools import accumulate +from collections.abc import Sequence + +from ansible.errors import AnsibleFilterError + + +def list_accumulate(sequence): + if not isinstance(sequence, Sequence): + raise AnsibleFilterError('Invalid value type (%s) for accumulate (%r)' % + (type(sequence), sequence)) + + return accumulate(sequence) + + +class FilterModule(object): + + def filters(self): + return { + 'accumulate': list_accumulate, + } diff --git a/plugins/filter/counter.py b/plugins/filter/counter.py index 1b79294b59..93ffa64d01 100644 --- a/plugins/filter/counter.py +++ b/plugins/filter/counter.py @@ -6,34 +6,35 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: counter - short_description: Counts hashable elements in a sequence - version_added: 4.3.0 - author: Rémy Keil (@keilr) - description: - - Counts hashable elements in a sequence. - options: - _input: - description: A sequence. - type: list - elements: any - required: true -''' +DOCUMENTATION = r""" +name: counter +short_description: Counts hashable elements in a sequence +version_added: 4.3.0 +author: Rémy Keil (@keilr) +description: + - Counts hashable elements in a sequence. +options: + _input: + description: A sequence. + type: list + elements: any + required: true +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Count occurrences ansible.builtin.debug: msg: >- {{ [1, 'a', 2, 2, 'a', 'b', 'a'] | community.general.counter }} # Produces: {1: 1, 'a': 3, 2: 2, 'b': 1} -''' +""" -RETURN = ''' - _value: - description: A dictionary with the elements of the sequence as keys, and their number of occurrences in the sequence as values. - type: dictionary -''' +RETURN = r""" +_value: + description: A dictionary with the elements of the sequence as keys, and their number of occurrences in the sequence as + values. + type: dictionary +""" from ansible.errors import AnsibleFilterError from ansible.module_utils.common._collections_compat import Sequence diff --git a/plugins/filter/crc32.py b/plugins/filter/crc32.py index 1f0aa2e9b0..bdf6d51614 100644 --- a/plugins/filter/crc32.py +++ b/plugins/filter/crc32.py @@ -16,33 +16,33 @@ except ImportError: HAS_ZLIB = False -DOCUMENTATION = ''' - name: crc32 - short_description: Generate a CRC32 checksum - version_added: 5.4.0 - description: - - Checksum a string using CRC32 algorithm and return its hexadecimal representation. - options: - _input: - description: - - The string to checksum. - type: string - required: true - author: - - Julien Riou -''' - -EXAMPLES = ''' - - name: Checksum a test string - ansible.builtin.debug: - msg: "{{ 'test' | community.general.crc32 }}" -''' - -RETURN = ''' - _value: - description: CRC32 checksum. +DOCUMENTATION = r""" +name: crc32 +short_description: Generate a CRC32 checksum +version_added: 5.4.0 +description: + - Checksum a string using CRC32 algorithm and return its hexadecimal representation. +options: + _input: + description: + - The string to checksum. type: string -''' + required: true +author: + - Julien Riou +""" + +EXAMPLES = r""" +- name: Checksum a test string + ansible.builtin.debug: + msg: "{{ 'test' | community.general.crc32 }}" +""" + +RETURN = r""" +_value: + description: CRC32 checksum. + type: string +""" def crc32s(value): diff --git a/plugins/filter/dict.py b/plugins/filter/dict.py index 720c9def96..b3e81bd4ab 100644 --- a/plugins/filter/dict.py +++ b/plugins/filter/dict.py @@ -7,22 +7,22 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' - name: dict - short_description: Convert a list of tuples into a dictionary - version_added: 3.0.0 - author: Felix Fontein (@felixfontein) - description: - - Convert a list of tuples into a dictionary. This is a filter version of the C(dict) function. - options: - _input: - description: A list of tuples (with exactly two elements). - type: list - elements: tuple - required: true -''' +DOCUMENTATION = r""" +name: dict +short_description: Convert a list of tuples into a dictionary +version_added: 3.0.0 +author: Felix Fontein (@felixfontein) +description: + - Convert a list of tuples into a dictionary. This is a filter version of the C(dict) function. +options: + _input: + description: A list of tuples (with exactly two elements). + type: list + elements: tuple + required: true +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Convert list of tuples into dictionary ansible.builtin.set_fact: dictionary: "{{ [[1, 2], ['a', 'b']] | community.general.dict }}" @@ -53,13 +53,13 @@ EXAMPLES = ''' # "k2": 42, # "k3": "b" # } -''' +""" -RETURN = ''' - _value: - description: The dictionary having the provided key-value pairs. - type: boolean -''' +RETURN = r""" +_value: + description: A dictionary with the provided key-value pairs. + type: dictionary +""" def dict_filter(sequence): diff --git a/plugins/filter/dict_kv.py b/plugins/filter/dict_kv.py index 59595f9573..8c4fb01752 100644 --- a/plugins/filter/dict_kv.py +++ b/plugins/filter/dict_kv.py @@ -6,37 +6,37 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: dict_kv - short_description: Convert a value to a dictionary with a single key-value pair - version_added: 1.3.0 - author: Stanislav German-Evtushenko (@giner) - description: - - Convert a value to a dictionary with a single key-value pair. - positional: key - options: - _input: - description: The value for the single key-value pair. - type: any - required: true - key: - description: The key for the single key-value pair. - type: any - required: true -''' +DOCUMENTATION = r""" +name: dict_kv +short_description: Convert a value to a dictionary with a single key-value pair +version_added: 1.3.0 +author: Stanislav German-Evtushenko (@giner) +description: + - Convert a value to a dictionary with a single key-value pair. +positional: key +options: + _input: + description: The value for the single key-value pair. + type: any + required: true + key: + description: The key for the single key-value pair. + type: any + required: true +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a one-element dictionary from a value ansible.builtin.debug: msg: "{{ 'myvalue' | dict_kv('mykey') }}" # Produces the dictionary {'mykey': 'myvalue'} -''' +""" -RETURN = ''' - _value: - description: A dictionary with a single key-value pair. - type: dictionary -''' +RETURN = r""" +_value: + description: A dictionary with a single key-value pair. + type: dictionary +""" def dict_kv(value, key): diff --git a/plugins/filter/from_csv.py b/plugins/filter/from_csv.py index 310138d496..3a05769365 100644 --- a/plugins/filter/from_csv.py +++ b/plugins/filter/from_csv.py @@ -8,51 +8,51 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' - name: from_csv - short_description: Converts CSV text input into list of dicts - version_added: 2.3.0 - author: Andrew Pantuso (@Ajpantuso) - description: - - Converts CSV text input into list of dictionaries. - options: - _input: - description: A string containing a CSV document. - type: string - required: true - dialect: - description: - - The CSV dialect to use when parsing the CSV file. - - Possible values include V(excel), V(excel-tab) or V(unix). - type: str - default: excel - fieldnames: - description: - - A list of field names for every column. - - This is needed if the CSV does not have a header. - type: list - elements: str - delimiter: - description: - - A one-character string used to separate fields. - - When using this parameter, you change the default value used by O(dialect). - - The default value depends on the dialect used. - type: str - skipinitialspace: - description: - - Whether to ignore any whitespaces immediately following the delimiter. - - When using this parameter, you change the default value used by O(dialect). - - The default value depends on the dialect used. - type: bool - strict: - description: - - Whether to raise an exception on bad CSV input. - - When using this parameter, you change the default value used by O(dialect). - - The default value depends on the dialect used. - type: bool -''' +DOCUMENTATION = r""" +name: from_csv +short_description: Converts CSV text input into list of dicts +version_added: 2.3.0 +author: Andrew Pantuso (@Ajpantuso) +description: + - Converts CSV text input into list of dictionaries. +options: + _input: + description: A string containing a CSV document. + type: string + required: true + dialect: + description: + - The CSV dialect to use when parsing the CSV file. + - Possible values include V(excel), V(excel-tab) or V(unix). + type: str + default: excel + fieldnames: + description: + - A list of field names for every column. + - This is needed if the CSV does not have a header. + type: list + elements: str + delimiter: + description: + - A one-character string used to separate fields. + - When using this parameter, you change the default value used by O(dialect). + - The default value depends on the dialect used. + type: str + skipinitialspace: + description: + - Whether to ignore any whitespaces immediately following the delimiter. + - When using this parameter, you change the default value used by O(dialect). + - The default value depends on the dialect used. + type: bool + strict: + description: + - Whether to raise an exception on bad CSV input. + - When using this parameter, you change the default value used by O(dialect). + - The default value depends on the dialect used. + type: bool +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Parse a CSV file's contents ansible.builtin.debug: msg: >- @@ -71,17 +71,16 @@ EXAMPLES = ''' # "Column 1": "bar", # "Value": "42", # } -''' +""" -RETURN = ''' - _value: - description: A list with one dictionary per row. - type: list - elements: dictionary -''' +RETURN = r""" +_value: + description: A list with one dictionary per row. + type: list + elements: dictionary +""" from ansible.errors import AnsibleFilterError -from ansible.module_utils.common.text.converters import to_native from ansible_collections.community.general.plugins.module_utils.csv import (initialize_dialect, read_csv, CSVError, DialectNotAvailableError, @@ -99,7 +98,7 @@ def from_csv(data, dialect='excel', fieldnames=None, delimiter=None, skipinitial try: dialect = initialize_dialect(dialect, **dialect_params) except (CustomDialectFailureError, DialectNotAvailableError) as e: - raise AnsibleFilterError(to_native(e)) + raise AnsibleFilterError(str(e)) reader = read_csv(data, dialect, fieldnames) @@ -109,7 +108,7 @@ def from_csv(data, dialect='excel', fieldnames=None, delimiter=None, skipinitial for row in reader: data_list.append(row) except CSVError as e: - raise AnsibleFilterError("Unable to process file: %s" % to_native(e)) + raise AnsibleFilterError(f"Unable to process file: {e}") return data_list diff --git a/plugins/filter/from_ini.py b/plugins/filter/from_ini.py index d68b51092e..01ae150d08 100644 --- a/plugins/filter/from_ini.py +++ b/plugins/filter/from_ini.py @@ -6,43 +6,43 @@ from __future__ import absolute_import, division, print_function -DOCUMENTATION = r''' - name: from_ini - short_description: Converts INI text input into a dictionary - version_added: 8.2.0 - author: Steffen Scheib (@sscheib) - description: - - Converts INI text input into a dictionary. - options: - _input: - description: A string containing an INI document. - type: string - required: true -''' +DOCUMENTATION = r""" +name: from_ini +short_description: Converts INI text input into a dictionary +version_added: 8.2.0 +author: Steffen Scheib (@sscheib) +description: + - Converts INI text input into a dictionary. +options: + _input: + description: A string containing an INI document. + type: string + required: true +""" -EXAMPLES = r''' - - name: Slurp an INI file - ansible.builtin.slurp: - src: /etc/rhsm/rhsm.conf - register: rhsm_conf +EXAMPLES = r""" +- name: Slurp an INI file + ansible.builtin.slurp: + src: /etc/rhsm/rhsm.conf + register: rhsm_conf - - name: Display the INI file as dictionary - ansible.builtin.debug: - var: rhsm_conf.content | b64decode | community.general.from_ini +- name: Display the INI file as dictionary + ansible.builtin.debug: + var: rhsm_conf.content | b64decode | community.general.from_ini - - name: Set a new dictionary fact with the contents of the INI file - ansible.builtin.set_fact: - rhsm_dict: >- - {{ - rhsm_conf.content | b64decode | community.general.from_ini - }} -''' +- name: Set a new dictionary fact with the contents of the INI file + ansible.builtin.set_fact: + rhsm_dict: >- + {{ + rhsm_conf.content | b64decode | community.general.from_ini + }} +""" -RETURN = ''' - _value: - description: A dictionary representing the INI file. - type: dictionary -''' +RETURN = r""" +_value: + description: A dictionary representing the INI file. + type: dictionary +""" __metaclass__ = type @@ -50,14 +50,13 @@ from ansible.errors import AnsibleFilterError from ansible.module_utils.six import string_types from ansible.module_utils.six.moves import StringIO from ansible.module_utils.six.moves.configparser import ConfigParser -from ansible.module_utils.common.text.converters import to_native class IniParser(ConfigParser): ''' Implements a configparser which is able to return a dict ''' def __init__(self): - super().__init__() + super().__init__(interpolation=None) self.optionxform = str def as_dict(self): @@ -83,8 +82,7 @@ def from_ini(obj): try: parser.read_file(StringIO(obj)) except Exception as ex: - raise AnsibleFilterError(f'from_ini failed to parse given string: ' - f'{to_native(ex)}', orig_exc=ex) + raise AnsibleFilterError(f'from_ini failed to parse given string: {ex}', orig_exc=ex) return parser.as_dict() diff --git a/plugins/filter/groupby_as_dict.py b/plugins/filter/groupby_as_dict.py index 4a8f4c6dc1..80c7ad7885 100644 --- a/plugins/filter/groupby_as_dict.py +++ b/plugins/filter/groupby_as_dict.py @@ -6,27 +6,29 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: groupby_as_dict - short_description: Transform a sequence of dictionaries to a dictionary where the dictionaries are indexed by an attribute - version_added: 3.1.0 - author: Felix Fontein (@felixfontein) - description: - - Transform a sequence of dictionaries to a dictionary where the dictionaries are indexed by an attribute. - positional: attribute - options: - _input: - description: A list of dictionaries - type: list - elements: dictionary - required: true - attribute: - description: The attribute to use as the key. - type: str - required: true -''' +DOCUMENTATION = r""" +name: groupby_as_dict +short_description: Transform a sequence of dictionaries to a dictionary where the dictionaries are indexed by an attribute +version_added: 3.1.0 +author: Felix Fontein (@felixfontein) +description: + - Transform a sequence of dictionaries to a dictionary where the dictionaries are indexed by an attribute. + - This filter is similar to the Jinja2 C(groupby) filter. Use the Jinja2 C(groupby) filter if you have multiple entries + with the same value, or when you need a dictionary with list values, or when you need to use deeply nested attributes. +positional: attribute +options: + _input: + description: A list of dictionaries. + type: list + elements: dictionary + required: true + attribute: + description: The attribute to use as the key. + type: str + required: true +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Arrange a list of dictionaries as a dictionary of dictionaries ansible.builtin.debug: msg: "{{ sequence | community.general.groupby_as_dict('key') }}" @@ -44,13 +46,13 @@ EXAMPLES = ''' # other_value: # key: other_value # baz: bar -''' +""" -RETURN = ''' - _value: - description: A dictionary containing the dictionaries from the list as values. - type: dictionary -''' +RETURN = r""" +_value: + description: A dictionary containing the dictionaries from the list as values. + type: dictionary +""" from ansible.errors import AnsibleFilterError from ansible.module_utils.common._collections_compat import Mapping, Sequence diff --git a/plugins/filter/hashids.py b/plugins/filter/hashids.py index 45fba83c03..ac771e6219 100644 --- a/plugins/filter/hashids.py +++ b/plugins/filter/hashids.py @@ -27,7 +27,7 @@ def initialize_hashids(**kwargs): if not HAS_HASHIDS: raise AnsibleError("The hashids library must be installed in order to use this plugin") - params = dict((k, v) for k, v in kwargs.items() if v) + params = {k: v for k, v in kwargs.items() if v} try: return Hashids(**params) diff --git a/plugins/filter/jc.py b/plugins/filter/jc.py index 2fe3ef9d73..388fcf0d3f 100644 --- a/plugins/filter/jc.py +++ b/plugins/filter/jc.py @@ -8,41 +8,41 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: jc - short_description: Convert output of many shell commands and file-types to JSON - version_added: 1.1.0 - author: Kelly Brazil (@kellyjonbrazil) - description: - - Convert output of many shell commands and file-types to JSON. - - Uses the L(jc library,https://github.com/kellyjonbrazil/jc). - positional: parser - options: - _input: - description: The data to convert. - type: string - required: true - parser: - description: - - The correct parser for the input data. - - For example V(ifconfig). - - "Note: use underscores instead of dashes (if any) in the parser module name." - - See U(https://github.com/kellyjonbrazil/jc#parsers) for the latest list of parsers. - type: string - required: true - quiet: - description: Set to V(false) to not suppress warnings. - type: boolean - default: true - raw: - description: Set to V(true) to return pre-processed JSON. - type: boolean - default: false - requirements: - - jc installed as a Python library (U(https://pypi.org/project/jc/)) -''' +DOCUMENTATION = r""" +name: jc +short_description: Convert output of many shell commands and file-types to JSON +version_added: 1.1.0 +author: Kelly Brazil (@kellyjonbrazil) +description: + - Convert output of many shell commands and file-types to JSON. + - Uses the L(jc library,https://github.com/kellyjonbrazil/jc). +positional: parser +options: + _input: + description: The data to convert. + type: string + required: true + parser: + description: + - The correct parser for the input data. + - For example V(ifconfig). + - 'Note: use underscores instead of dashes (if any) in the parser module name.' + - See U(https://github.com/kellyjonbrazil/jc#parsers) for the latest list of parsers. + type: string + required: true + quiet: + description: Set to V(false) to not suppress warnings. + type: boolean + default: true + raw: + description: Set to V(true) to return pre-processed JSON. + type: boolean + default: false +requirements: + - jc installed as a Python library (U(https://pypi.org/project/jc/)) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install the prereqs of the jc filter (jc Python package) on the Ansible controller delegate_to: localhost ansible.builtin.pip: @@ -68,13 +68,13 @@ EXAMPLES = ''' # "operating_system": "GNU/Linux", # "processor": "x86_64" # } -''' +""" -RETURN = ''' - _value: - description: The processed output. - type: any -''' +RETURN = r""" +_value: + description: The processed output. + type: any +""" from ansible.errors import AnsibleError, AnsibleFilterError import importlib diff --git a/plugins/filter/json_query.py b/plugins/filter/json_query.py index 9e8fa4ef2e..61223b0702 100644 --- a/plugins/filter/json_query.py +++ b/plugins/filter/json_query.py @@ -6,29 +6,29 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: json_query - short_description: Select a single element or a data subset from a complex data structure - description: - - This filter lets you query a complex JSON structure and iterate over it using a loop structure. - positional: expr - options: - _input: - description: - - The JSON data to query. - type: any - required: true - expr: - description: - - The query expression. - - See U(http://jmespath.org/examples.html) for examples. - type: string - required: true - requirements: - - jmespath -''' +DOCUMENTATION = r""" +name: json_query +short_description: Select a single element or a data subset from a complex data structure +description: + - This filter lets you query a complex JSON structure and iterate over it using a loop structure. +positional: expr +options: + _input: + description: + - The JSON data to query. + type: any + required: true + expr: + description: + - The query expression. + - See U(http://jmespath.org/examples.html) for examples. + type: string + required: true +requirements: + - jmespath +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Define data to work on in the examples below ansible.builtin.set_fact: domain_definition: @@ -99,13 +99,13 @@ EXAMPLES = ''' msg: "{{ domain_definition | to_json | from_json | community.general.json_query(server_name_query) }}" vars: server_name_query: "domain.server[?contains(name,'server1')].port" -''' +""" -RETURN = ''' - _value: - description: The result of the query. - type: any -''' +RETURN = r""" +_value: + description: The result of the query. + type: any +""" from ansible.errors import AnsibleError, AnsibleFilterError diff --git a/plugins/filter/keep_keys.py b/plugins/filter/keep_keys.py new file mode 100644 index 0000000000..4cff4405fc --- /dev/null +++ b/plugins/filter/keep_keys.py @@ -0,0 +1,138 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024 Vladimir Botka +# Copyright (c) 2024 Felix Fontein +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = r""" +name: keep_keys +short_description: Keep specific keys from dictionaries in a list +version_added: "9.1.0" +author: + - Vladimir Botka (@vbotka) + - Felix Fontein (@felixfontein) +description: This filter keeps only specified keys from a provided list of dictionaries. +options: + _input: + description: + - A list of dictionaries. + - Top level keys must be strings. + type: list + elements: dictionary + required: true + target: + description: + - A single key or key pattern to keep, or a list of keys or keys patterns to keep. + - If O(matching_parameter=regex) there must be exactly one pattern provided. + type: raw + required: true + matching_parameter: + description: Specify the matching option of target keys. + type: str + default: equal + choices: + equal: Matches keys of exactly one of the O(target) items. + starts_with: Matches keys that start with one of the O(target) items. + ends_with: Matches keys that end with one of the O(target) items. + regex: + - Matches keys that match the regular expresion provided in O(target). + - In this case, O(target) must be a regex string or a list with single regex string. +""" + +EXAMPLES = r""" +- l: + - {k0_x0: A0, k1_x1: B0, k2_x2: [C0], k3_x3: foo} + - {k0_x0: A1, k1_x1: B1, k2_x2: [C1], k3_x3: bar} + + # 1) By default match keys that equal any of the items in the target. +- t: [k0_x0, k1_x1] + r: "{{ l | community.general.keep_keys(target=t) }}" + + # 2) Match keys that start with any of the items in the target. +- t: [k0, k1] + r: "{{ l | community.general.keep_keys(target=t, matching_parameter='starts_with') }}" + + # 3) Match keys that end with any of the items in target. +- t: [x0, x1] + r: "{{ l | community.general.keep_keys(target=t, matching_parameter='ends_with') }}" + + # 4) Match keys by the regex. +- t: ['^.*[01]_x.*$'] + r: "{{ l | community.general.keep_keys(target=t, matching_parameter='regex') }}" + + # 5) Match keys by the regex. +- t: '^.*[01]_x.*$' + r: "{{ l | community.general.keep_keys(target=t, matching_parameter='regex') }}" + + # The results of above examples 1-5 are all the same. +- r: + - {k0_x0: A0, k1_x1: B0} + - {k0_x0: A1, k1_x1: B1} + + # 6) By default match keys that equal the target. +- t: k0_x0 + r: "{{ l | community.general.keep_keys(target=t) }}" + + # 7) Match keys that start with the target. +- t: k0 + r: "{{ l | community.general.keep_keys(target=t, matching_parameter='starts_with') }}" + + # 8) Match keys that end with the target. +- t: x0 + r: "{{ l | community.general.keep_keys(target=t, matching_parameter='ends_with') }}" + + # 9) Match keys by the regex. +- t: '^.*0_x.*$' + r: "{{ l | community.general.keep_keys(target=t, matching_parameter='regex') }}" + + # The results of above examples 6-9 are all the same. +- r: + - {k0_x0: A0} + - {k0_x0: A1} +""" + +RETURN = r""" +_value: + description: The list of dictionaries with selected keys. + type: list + elements: dictionary +""" + +from ansible_collections.community.general.plugins.plugin_utils.keys_filter import ( + _keys_filter_params, + _keys_filter_target_str) + + +def keep_keys(data, target=None, matching_parameter='equal'): + """keep specific keys from dictionaries in a list""" + + # test parameters + _keys_filter_params(data, matching_parameter) + # test and transform target + tt = _keys_filter_target_str(target, matching_parameter) + + if matching_parameter == 'equal': + def keep_key(key): + return key in tt + elif matching_parameter == 'starts_with': + def keep_key(key): + return key.startswith(tt) + elif matching_parameter == 'ends_with': + def keep_key(key): + return key.endswith(tt) + elif matching_parameter == 'regex': + def keep_key(key): + return tt.match(key) is not None + + return [{k: v for k, v in d.items() if keep_key(k)} for d in data] + + +class FilterModule(object): + + def filters(self): + return { + 'keep_keys': keep_keys, + } diff --git a/plugins/filter/lists_mergeby.py b/plugins/filter/lists_mergeby.py index caf183492c..b34246993c 100644 --- a/plugins/filter/lists_mergeby.py +++ b/plugins/filter/lists_mergeby.py @@ -1,102 +1,200 @@ # -*- coding: utf-8 -*- -# Copyright (c) 2020-2022, Vladimir Botka +# Copyright (c) 2020-2024, Vladimir Botka # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: lists_mergeby - short_description: Merge two or more lists of dictionaries by a given attribute - version_added: 2.0.0 - author: Vladimir Botka (@vbotka) - description: - - Merge two or more lists by attribute O(index). Optional parameters O(recursive) and O(list_merge) - control the merging of the lists in values. The function merge_hash from ansible.utils.vars - is used. To learn details on how to use the parameters O(recursive) and O(list_merge) see - Ansible User's Guide chapter "Using filters to manipulate data" section "Combining - hashes/dictionaries". - positional: another_list, index - options: - _input: - description: A list of dictionaries. - type: list - elements: dictionary - required: true - another_list: - description: Another list of dictionaries. This parameter can be specified multiple times. - type: list - elements: dictionary - index: - description: - - The dictionary key that must be present in every dictionary in every list that is used to - merge the lists. - type: string - required: true - recursive: - description: - - Should the combine recursively merge nested dictionaries (hashes). - - "B(Note:) It does not depend on the value of the C(hash_behaviour) setting in C(ansible.cfg)." - type: boolean - default: false - list_merge: - description: - - Modifies the behaviour when the dictionaries (hashes) to merge contain arrays/lists. - type: string - default: replace - choices: - - replace - - keep - - append - - prepend - - append_rp - - prepend_rp -''' +DOCUMENTATION = r""" +name: lists_mergeby +short_description: Merge two or more lists of dictionaries by a given attribute +version_added: 2.0.0 +author: Vladimir Botka (@vbotka) +description: + - Merge two or more lists by attribute O(index). Optional parameters O(recursive) and O(list_merge) control the merging + of the nested dictionaries and lists. + - The function C(merge_hash) from C(ansible.utils.vars) is used. + - To learn details on how to use the parameters O(recursive) and O(list_merge) see Ansible User's Guide chapter "Using filters + to manipulate data" section R(Combining hashes/dictionaries, combine_filter) or the filter P(ansible.builtin.combine#filter). +positional: another_list, index +options: + _input: + description: + - A list of dictionaries, or a list of lists of dictionaries. + - The required type of the C(elements) is set to C(raw) because all elements of O(_input) can be either dictionaries + or lists. + type: list + elements: raw + required: true + another_list: + description: + - Another list of dictionaries, or a list of lists of dictionaries. + - This parameter can be specified multiple times. + type: list + elements: raw + index: + description: + - The dictionary key that must be present in every dictionary in every list that is used to merge the lists. + type: string + required: true + recursive: + description: + - Should the combine recursively merge nested dictionaries (hashes). + - B(Note:) It does not depend on the value of the C(hash_behaviour) setting in C(ansible.cfg). + type: boolean + default: false + list_merge: + description: + - Modifies the behaviour when the dictionaries (hashes) to merge contain arrays/lists. + type: string + default: replace + choices: + - replace + - keep + - append + - prepend + - append_rp + - prepend_rp +""" -EXAMPLES = ''' -- name: Merge two lists +EXAMPLES = r""" +# Some results below are manually formatted for better readability. The +# dictionaries' keys will be sorted alphabetically in real output. + +- name: Example 1. Merge two lists. The results r1 and r2 are the same. ansible.builtin.debug: - msg: >- - {{ list1 | community.general.lists_mergeby( - list2, - 'index', - recursive=True, - list_merge='append' - ) }}" + msg: | + r1: {{ r1 }} + r2: {{ r2 }} vars: list1: - - index: a - value: 123 - - index: b - value: 42 + - {index: a, value: 123} + - {index: b, value: 4} list2: - - index: a - foo: bar - - index: c - foo: baz - # Produces the following list of dictionaries: - # { - # "index": "a", - # "foo": "bar", - # "value": 123 - # }, - # { - # "index": "b", - # "value": 42 - # }, - # { - # "index": "c", - # "foo": "baz" - # } -''' + - {index: a, foo: bar} + - {index: c, foo: baz} + r1: "{{ list1 | community.general.lists_mergeby(list2, 'index') }}" + r2: "{{ [list1, list2] | community.general.lists_mergeby('index') }}" -RETURN = ''' - _value: - description: The merged list. - type: list - elements: dictionary -''' +# r1: +# - {index: a, foo: bar, value: 123} +# - {index: b, value: 4} +# - {index: c, foo: baz} +# r2: +# - {index: a, foo: bar, value: 123} +# - {index: b, value: 4} +# - {index: c, foo: baz} + +- name: Example 2. Merge three lists + ansible.builtin.debug: + var: r + vars: + list1: + - {index: a, value: 123} + - {index: b, value: 4} + list2: + - {index: a, foo: bar} + - {index: c, foo: baz} + list3: + - {index: d, foo: qux} + r: "{{ [list1, list2, list3] | community.general.lists_mergeby('index') }}" + +# r: +# - {index: a, foo: bar, value: 123} +# - {index: b, value: 4} +# - {index: c, foo: baz} +# - {index: d, foo: qux} + +- name: Example 3. Merge single list. The result is the same as 2. + ansible.builtin.debug: + var: r + vars: + list1: + - {index: a, value: 123} + - {index: b, value: 4} + - {index: a, foo: bar} + - {index: c, foo: baz} + - {index: d, foo: qux} + r: "{{ [list1, []] | community.general.lists_mergeby('index') }}" + +# r: +# - {index: a, foo: bar, value: 123} +# - {index: b, value: 4} +# - {index: c, foo: baz} +# - {index: d, foo: qux} + +- name: Example 4. Merge two lists. By default, replace nested lists. + ansible.builtin.debug: + var: r + vars: + list1: + - {index: a, foo: [X1, X2]} + - {index: b, foo: [X1, X2]} + list2: + - {index: a, foo: [Y1, Y2]} + - {index: b, foo: [Y1, Y2]} + r: "{{ [list1, list2] | community.general.lists_mergeby('index') }}" + +# r: +# - {index: a, foo: [Y1, Y2]} +# - {index: b, foo: [Y1, Y2]} + +- name: Example 5. Merge two lists. Append nested lists. + ansible.builtin.debug: + var: r + vars: + list1: + - {index: a, foo: [X1, X2]} + - {index: b, foo: [X1, X2]} + list2: + - {index: a, foo: [Y1, Y2]} + - {index: b, foo: [Y1, Y2]} + r: "{{ [list1, list2] | community.general.lists_mergeby('index', list_merge='append') }}" + +# r: +# - {index: a, foo: [X1, X2, Y1, Y2]} +# - {index: b, foo: [X1, X2, Y1, Y2]} + +- name: Example 6. Merge two lists. By default, do not merge nested dictionaries. + ansible.builtin.debug: + var: r + vars: + list1: + - {index: a, foo: {x: 1, y: 2}} + - {index: b, foo: [X1, X2]} + list2: + - {index: a, foo: {y: 3, z: 4}} + - {index: b, foo: [Y1, Y2]} + r: "{{ [list1, list2] | community.general.lists_mergeby('index') }}" + +# r: +# - {index: a, foo: {y: 3, z: 4}} +# - {index: b, foo: [Y1, Y2]} + +- name: Example 7. Merge two lists. Merge nested dictionaries too. + ansible.builtin.debug: + var: r + vars: + list1: + - {index: a, foo: {x: 1, y: 2}} + - {index: b, foo: [X1, X2]} + list2: + - {index: a, foo: {y: 3, z: 4}} + - {index: b, foo: [Y1, Y2]} + r: "{{ [list1, list2] | community.general.lists_mergeby('index', recursive=true) }}" + +# r: +# - {index: a, foo: {x:1, y: 3, z: 4}} +# - {index: b, foo: [Y1, Y2]} +""" + +RETURN = r""" +_value: + description: The merged list. + type: list + elements: dictionary +""" from ansible.errors import AnsibleFilterError from ansible.module_utils.six import string_types @@ -108,13 +206,14 @@ from operator import itemgetter def list_mergeby(x, y, index, recursive=False, list_merge='replace'): - ''' Merge 2 lists by attribute 'index'. The function merge_hash from ansible.utils.vars is used. - This function is used by the function lists_mergeby. + '''Merge 2 lists by attribute 'index'. The function 'merge_hash' + from ansible.utils.vars is used. This function is used by the + function lists_mergeby. ''' d = defaultdict(dict) - for l in (x, y): - for elem in l: + for lst in (x, y): + for elem in lst: if not isinstance(elem, Mapping): msg = "Elements of list arguments for lists_mergeby must be dictionaries. %s is %s" raise AnsibleFilterError(msg % (elem, type(elem))) @@ -124,20 +223,9 @@ def list_mergeby(x, y, index, recursive=False, list_merge='replace'): def lists_mergeby(*terms, **kwargs): - ''' Merge 2 or more lists by attribute 'index'. Optional parameters 'recursive' and 'list_merge' - control the merging of the lists in values. The function merge_hash from ansible.utils.vars - is used. To learn details on how to use the parameters 'recursive' and 'list_merge' see - Ansible User's Guide chapter "Using filters to manipulate data" section "Combining - hashes/dictionaries". - - Example: - - debug: - msg: "{{ list1| - community.general.lists_mergeby(list2, - 'index', - recursive=True, - list_merge='append')| - list }}" + '''Merge 2 or more lists by attribute 'index'. To learn details + on how to use the parameters 'recursive' and 'list_merge' see + the filter ansible.builtin.combine. ''' recursive = kwargs.pop('recursive', False) @@ -155,7 +243,7 @@ def lists_mergeby(*terms, **kwargs): "must be lists. %s is %s") raise AnsibleFilterError(msg % (sublist, type(sublist))) if len(sublist) > 0: - if all(isinstance(l, Sequence) for l in sublist): + if all(isinstance(lst, Sequence) for lst in sublist): for item in sublist: flat_list.append(item) else: diff --git a/plugins/filter/random_mac.py b/plugins/filter/random_mac.py index 662c62b07c..49910bc6be 100644 --- a/plugins/filter/random_mac.py +++ b/plugins/filter/random_mac.py @@ -7,25 +7,25 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: random_mac - short_description: Generate a random MAC address - description: - - Generates random networking interfaces MAC addresses for a given prefix. - options: - _input: - description: A string prefix to use as a basis for the random MAC generated. - type: string - required: true - seed: - description: - - A randomization seed to initialize the process, used to get repeatable results. - - If no seed is provided, a system random source such as C(/dev/urandom) is used. - required: false - type: string -''' +DOCUMENTATION = r""" +name: random_mac +short_description: Generate a random MAC address +description: + - Generates random networking interfaces MAC addresses for a given prefix. +options: + _input: + description: A string prefix to use as a basis for the random MAC generated. + type: string + required: true + seed: + description: + - A randomization seed to initialize the process, used to get repeatable results. + - If no seed is provided, a system random source such as C(/dev/urandom) is used. + required: false + type: string +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Random MAC given a prefix ansible.builtin.debug: msg: "{{ '52:54:00' | community.general.random_mac }}" @@ -34,13 +34,13 @@ EXAMPLES = ''' - name: With a seed ansible.builtin.debug: msg: "{{ '52:54:00' | community.general.random_mac(seed=inventory_hostname) }}" -''' +""" -RETURN = ''' - _value: - description: The generated MAC. - type: string -''' +RETURN = r""" +_value: + description: The generated MAC. + type: string +""" import re from random import Random, SystemRandom diff --git a/plugins/filter/remove_keys.py b/plugins/filter/remove_keys.py new file mode 100644 index 0000000000..7baee12695 --- /dev/null +++ b/plugins/filter/remove_keys.py @@ -0,0 +1,138 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024 Vladimir Botka +# Copyright (c) 2024 Felix Fontein +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = r""" +name: remove_keys +short_description: Remove specific keys from dictionaries in a list +version_added: "9.1.0" +author: + - Vladimir Botka (@vbotka) + - Felix Fontein (@felixfontein) +description: This filter removes only specified keys from a provided list of dictionaries. +options: + _input: + description: + - A list of dictionaries. + - Top level keys must be strings. + type: list + elements: dictionary + required: true + target: + description: + - A single key or key pattern to remove, or a list of keys or keys patterns to remove. + - If O(matching_parameter=regex) there must be exactly one pattern provided. + type: raw + required: true + matching_parameter: + description: Specify the matching option of target keys. + type: str + default: equal + choices: + equal: Matches keys of exactly one of the O(target) items. + starts_with: Matches keys that start with one of the O(target) items. + ends_with: Matches keys that end with one of the O(target) items. + regex: + - Matches keys that match the regular expresion provided in O(target). + - In this case, O(target) must be a regex string or a list with single regex string. +""" + +EXAMPLES = r""" +- l: + - {k0_x0: A0, k1_x1: B0, k2_x2: [C0], k3_x3: foo} + - {k0_x0: A1, k1_x1: B1, k2_x2: [C1], k3_x3: bar} + + # 1) By default match keys that equal any of the items in the target. +- t: [k0_x0, k1_x1] + r: "{{ l | community.general.remove_keys(target=t) }}" + + # 2) Match keys that start with any of the items in the target. +- t: [k0, k1] + r: "{{ l | community.general.remove_keys(target=t, matching_parameter='starts_with') }}" + + # 3) Match keys that end with any of the items in target. +- t: [x0, x1] + r: "{{ l | community.general.remove_keys(target=t, matching_parameter='ends_with') }}" + + # 4) Match keys by the regex. +- t: ['^.*[01]_x.*$'] + r: "{{ l | community.general.remove_keys(target=t, matching_parameter='regex') }}" + + # 5) Match keys by the regex. +- t: '^.*[01]_x.*$' + r: "{{ l | community.general.remove_keys(target=t, matching_parameter='regex') }}" + + # The results of above examples 1-5 are all the same. +- r: + - {k2_x2: [C0], k3_x3: foo} + - {k2_x2: [C1], k3_x3: bar} + + # 6) By default match keys that equal the target. +- t: k0_x0 + r: "{{ l | community.general.remove_keys(target=t) }}" + + # 7) Match keys that start with the target. +- t: k0 + r: "{{ l | community.general.remove_keys(target=t, matching_parameter='starts_with') }}" + + # 8) Match keys that end with the target. +- t: x0 + r: "{{ l | community.general.remove_keys(target=t, matching_parameter='ends_with') }}" + + # 9) Match keys by the regex. +- t: '^.*0_x.*$' + r: "{{ l | community.general.remove_keys(target=t, matching_parameter='regex') }}" + + # The results of above examples 6-9 are all the same. +- r: + - {k1_x1: B0, k2_x2: [C0], k3_x3: foo} + - {k1_x1: B1, k2_x2: [C1], k3_x3: bar} +""" + +RETURN = r""" +_value: + description: The list of dictionaries with selected keys removed. + type: list + elements: dictionary +""" + +from ansible_collections.community.general.plugins.plugin_utils.keys_filter import ( + _keys_filter_params, + _keys_filter_target_str) + + +def remove_keys(data, target=None, matching_parameter='equal'): + """remove specific keys from dictionaries in a list""" + + # test parameters + _keys_filter_params(data, matching_parameter) + # test and transform target + tt = _keys_filter_target_str(target, matching_parameter) + + if matching_parameter == 'equal': + def keep_key(key): + return key not in tt + elif matching_parameter == 'starts_with': + def keep_key(key): + return not key.startswith(tt) + elif matching_parameter == 'ends_with': + def keep_key(key): + return not key.endswith(tt) + elif matching_parameter == 'regex': + def keep_key(key): + return tt.match(key) is None + + return [{k: v for k, v in d.items() if keep_key(k)} for d in data] + + +class FilterModule(object): + + def filters(self): + return { + 'remove_keys': remove_keys, + } diff --git a/plugins/filter/replace_keys.py b/plugins/filter/replace_keys.py new file mode 100644 index 0000000000..f317144be4 --- /dev/null +++ b/plugins/filter/replace_keys.py @@ -0,0 +1,180 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024 Vladimir Botka +# Copyright (c) 2024 Felix Fontein +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = r""" +name: replace_keys +short_description: Replace specific keys in a list of dictionaries +version_added: "9.1.0" +author: + - Vladimir Botka (@vbotka) + - Felix Fontein (@felixfontein) +description: This filter replaces specified keys in a provided list of dictionaries. +options: + _input: + description: + - A list of dictionaries. + - Top level keys must be strings. + type: list + elements: dictionary + required: true + target: + description: + - A list of dictionaries with attributes C(before) and C(after). + - The value of O(target[].after) replaces key matching O(target[].before). + type: list + elements: dictionary + required: true + suboptions: + before: + description: + - A key or key pattern to change. + - The interpretation of O(target[].before) depends on O(matching_parameter). + - For a key that matches multiple O(target[].before)s, the B(first) matching O(target[].after) will be used. + type: str + after: + description: A matching key change to. + type: str + matching_parameter: + description: Specify the matching option of target keys. + type: str + default: equal + choices: + equal: Matches keys of exactly one of the O(target[].before) items. + starts_with: Matches keys that start with one of the O(target[].before) items. + ends_with: Matches keys that end with one of the O(target[].before) items. + regex: Matches keys that match one of the regular expressions provided in O(target[].before). +""" + +EXAMPLES = r""" +- l: + - {k0_x0: A0, k1_x1: B0, k2_x2: [C0], k3_x3: foo} + - {k0_x0: A1, k1_x1: B1, k2_x2: [C1], k3_x3: bar} + + # 1) By default, replace keys that are equal any of the attributes before. +- t: + - {before: k0_x0, after: a0} + - {before: k1_x1, after: a1} + r: "{{ l | community.general.replace_keys(target=t) }}" + + # 2) Replace keys that starts with any of the attributes before. +- t: + - {before: k0, after: a0} + - {before: k1, after: a1} + r: "{{ l | community.general.replace_keys(target=t, matching_parameter='starts_with') }}" + + # 3) Replace keys that ends with any of the attributes before. +- t: + - {before: x0, after: a0} + - {before: x1, after: a1} + r: "{{ l | community.general.replace_keys(target=t, matching_parameter='ends_with') }}" + + # 4) Replace keys that match any regex of the attributes before. +- t: + - {before: "^.*0_x.*$", after: a0} + - {before: "^.*1_x.*$", after: a1} + r: "{{ l | community.general.replace_keys(target=t, matching_parameter='regex') }}" + + # The results of above examples 1-4 are all the same. +- r: + - {a0: A0, a1: B0, k2_x2: [C0], k3_x3: foo} + - {a0: A1, a1: B1, k2_x2: [C1], k3_x3: bar} + + # 5) If more keys match the same attribute before the last one will be used. +- t: + - {before: "^.*_x.*$", after: X} + r: "{{ l | community.general.replace_keys(target=t, matching_parameter='regex') }}" + + # gives + +- r: + - X: foo + - X: bar + + # 6) If there are items with equal attribute before the first one will be used. +- t: + - {before: "^.*_x.*$", after: X} + - {before: "^.*_x.*$", after: Y} + r: "{{ l | community.general.replace_keys(target=t, matching_parameter='regex') }}" + + # gives + +- r: + - X: foo + - X: bar + + # 7) If there are more matches for a key the first one will be used. +- l: + - {aaa1: A, bbb1: B, ccc1: C} + - {aaa2: D, bbb2: E, ccc2: F} +- t: + - {before: a, after: X} + - {before: aa, after: Y} + r: "{{ l | community.general.replace_keys(target=t, matching_parameter='starts_with') }}" + + # gives + +- r: + - {X: A, bbb1: B, ccc1: C} + - {X: D, bbb2: E, ccc2: F} +""" + +RETURN = r""" +_value: + description: The list of dictionaries with replaced keys. + type: list + elements: dictionary +""" + +from ansible_collections.community.general.plugins.plugin_utils.keys_filter import ( + _keys_filter_params, + _keys_filter_target_dict) + + +def replace_keys(data, target=None, matching_parameter='equal'): + """replace specific keys in a list of dictionaries""" + + # test parameters + _keys_filter_params(data, matching_parameter) + # test and transform target + tz = _keys_filter_target_dict(target, matching_parameter) + + if matching_parameter == 'equal': + def replace_key(key): + for b, a in tz: + if key == b: + return a + return key + elif matching_parameter == 'starts_with': + def replace_key(key): + for b, a in tz: + if key.startswith(b): + return a + return key + elif matching_parameter == 'ends_with': + def replace_key(key): + for b, a in tz: + if key.endswith(b): + return a + return key + elif matching_parameter == 'regex': + def replace_key(key): + for b, a in tz: + if b.match(key): + return a + return key + + return [{replace_key(k): v for k, v in d.items()} for d in data] + + +class FilterModule(object): + + def filters(self): + return { + 'replace_keys': replace_keys, + } diff --git a/plugins/filter/reveal_ansible_type.py b/plugins/filter/reveal_ansible_type.py new file mode 100644 index 0000000000..3d7e40111c --- /dev/null +++ b/plugins/filter/reveal_ansible_type.py @@ -0,0 +1,134 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024 Vladimir Botka +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = r""" +name: reveal_ansible_type +short_description: Return input type +version_added: "9.2.0" +author: Vladimir Botka (@vbotka) +description: This filter returns input type. +options: + _input: + description: Input data. + type: raw + required: true + alias: + description: Data type aliases. + default: {} + type: dictionary +""" + +EXAMPLES = r""" +# Substitution converts str to AnsibleUnicode +# ------------------------------------------- + +# String. AnsibleUnicode. +- data: "abc" + result: '{{ data | community.general.reveal_ansible_type }}' +# result => AnsibleUnicode + +# String. AnsibleUnicode alias str. +- alias: {"AnsibleUnicode": "str"} + data: "abc" + result: '{{ data | community.general.reveal_ansible_type(alias) }}' +# result => str + +# List. All items are AnsibleUnicode. +- data: ["a", "b", "c"] + result: '{{ data | community.general.reveal_ansible_type }}' +# result => list[AnsibleUnicode] + +# Dictionary. All keys are AnsibleUnicode. All values are AnsibleUnicode. +- data: {"a": "foo", "b": "bar", "c": "baz"} + result: '{{ data | community.general.reveal_ansible_type }}' +# result => dict[AnsibleUnicode, AnsibleUnicode] + +# No substitution and no alias. Type of strings is str +# ---------------------------------------------------- + +# String +- result: '{{ "abc" | community.general.reveal_ansible_type }}' +# result => str + +# Integer +- result: '{{ 123 | community.general.reveal_ansible_type }}' +# result => int + +# Float +- result: '{{ 123.45 | community.general.reveal_ansible_type }}' +# result => float + +# Boolean +- result: '{{ true | community.general.reveal_ansible_type }}' +# result => bool + +# List. All items are strings. +- result: '{{ ["a", "b", "c"] | community.general.reveal_ansible_type }}' +# result => list[str] + +# List of dictionaries. +- result: '{{ [{"a": 1}, {"b": 2}] | community.general.reveal_ansible_type }}' +# result => list[dict] + +# Dictionary. All keys are strings. All values are integers. +- result: '{{ {"a": 1} | community.general.reveal_ansible_type }}' +# result => dict[str, int] + +# Dictionary. All keys are strings. All values are integers. +- result: '{{ {"a": 1, "b": 2} | community.general.reveal_ansible_type }}' +# result => dict[str, int] + +# Type of strings is AnsibleUnicode or str +# ---------------------------------------- + +# Dictionary. The keys are integers or strings. All values are strings. +- alias: {"AnsibleUnicode": "str"} + data: {1: 'a', 'b': 'b'} + result: '{{ data | community.general.reveal_ansible_type(alias) }}' +# result => dict[int|str, str] + +# Dictionary. All keys are integers. All values are keys. +- alias: {"AnsibleUnicode": "str"} + data: {1: 'a', 2: 'b'} + result: '{{ data | community.general.reveal_ansible_type(alias) }}' +# result => dict[int, str] + +# Dictionary. All keys are strings. Multiple types values. +- alias: {"AnsibleUnicode": "str"} + data: {'a': 1, 'b': 1.1, 'c': 'abc', 'd': true, 'e': ['x', 'y', 'z'], 'f': {'x': 1, 'y': 2}} + result: '{{ data | community.general.reveal_ansible_type(alias) }}' +# result => dict[str, bool|dict|float|int|list|str] + +# List. Multiple types items. +- alias: {"AnsibleUnicode": "str"} + data: [1, 2, 1.1, 'abc', true, ['x', 'y', 'z'], {'x': 1, 'y': 2}] + result: '{{ data | community.general.reveal_ansible_type(alias) }}' +# result => list[bool|dict|float|int|list|str] +""" + +RETURN = r""" +_value: + description: Type of the data. + type: str +""" + +from ansible_collections.community.general.plugins.plugin_utils.ansible_type import _ansible_type + + +def reveal_ansible_type(data, alias=None): + """Returns data type""" + + return _ansible_type(data, alias) + + +class FilterModule(object): + + def filters(self): + return { + 'reveal_ansible_type': reveal_ansible_type + } diff --git a/plugins/filter/to_ini.py b/plugins/filter/to_ini.py index 22ef16d722..f06763ac66 100644 --- a/plugins/filter/to_ini.py +++ b/plugins/filter/to_ini.py @@ -6,34 +6,34 @@ from __future__ import absolute_import, division, print_function -DOCUMENTATION = r''' - name: to_ini - short_description: Converts a dictionary to the INI file format - version_added: 8.2.0 - author: Steffen Scheib (@sscheib) - description: - - Converts a dictionary to the INI file format. - options: - _input: - description: The dictionary that should be converted to the INI format. - type: dictionary - required: true -''' +DOCUMENTATION = r""" +name: to_ini +short_description: Converts a dictionary to the INI file format +version_added: 8.2.0 +author: Steffen Scheib (@sscheib) +description: + - Converts a dictionary to the INI file format. +options: + _input: + description: The dictionary that should be converted to the INI format. + type: dictionary + required: true +""" -EXAMPLES = r''' - - name: Define a dictionary - ansible.builtin.set_fact: - my_dict: - section_name: - key_name: 'key value' +EXAMPLES = r""" +- name: Define a dictionary + ansible.builtin.set_fact: + my_dict: + section_name: + key_name: 'key value' - another_section: - connection: 'ssh' + another_section: + connection: 'ssh' - - name: Write dictionary to INI file - ansible.builtin.copy: - dest: /tmp/test.ini - content: '{{ my_dict | community.general.to_ini }}' +- name: Write dictionary to INI file + ansible.builtin.copy: + dest: /tmp/test.ini + content: '{{ my_dict | community.general.to_ini }}' # /tmp/test.ini will look like this: # [section_name] @@ -41,13 +41,13 @@ EXAMPLES = r''' # # [another_section] # connection = ssh -''' +""" -RETURN = r''' - _value: - description: A string formatted as INI file. - type: string -''' +RETURN = r""" +_value: + description: A string formatted as INI file. + type: string +""" __metaclass__ = type @@ -56,14 +56,13 @@ from ansible.errors import AnsibleFilterError from ansible.module_utils.common._collections_compat import Mapping from ansible.module_utils.six.moves import StringIO from ansible.module_utils.six.moves.configparser import ConfigParser -from ansible.module_utils.common.text.converters import to_native class IniParser(ConfigParser): ''' Implements a configparser which sets the correct optionxform ''' def __init__(self): - super().__init__() + super().__init__(interpolation=None) self.optionxform = str @@ -79,7 +78,7 @@ def to_ini(obj): ini_parser.read_dict(obj) except Exception as ex: raise AnsibleFilterError('to_ini failed to parse given dict:' - f'{to_native(ex)}', orig_exc=ex) + f'{ex}', orig_exc=ex) # catching empty dicts if obj == dict(): diff --git a/plugins/filter/unicode_normalize.py b/plugins/filter/unicode_normalize.py index dfbf20c573..9401197eba 100644 --- a/plugins/filter/unicode_normalize.py +++ b/plugins/filter/unicode_normalize.py @@ -7,45 +7,45 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' - name: unicode_normalize - short_description: Normalizes unicode strings to facilitate comparison of characters with normalized forms - version_added: 3.7.0 - author: Andrew Pantuso (@Ajpantuso) - description: - - Normalizes unicode strings to facilitate comparison of characters with normalized forms. - positional: form - options: - _input: - description: A unicode string. - type: string - required: true - form: - description: - - The normal form to use. - - See U(https://docs.python.org/3/library/unicodedata.html#unicodedata.normalize) for details. - type: string - default: NFC - choices: - - NFC - - NFD - - NFKC - - NFKD -''' +DOCUMENTATION = r""" +name: unicode_normalize +short_description: Normalizes unicode strings to facilitate comparison of characters with normalized forms +version_added: 3.7.0 +author: Andrew Pantuso (@Ajpantuso) +description: + - Normalizes unicode strings to facilitate comparison of characters with normalized forms. +positional: form +options: + _input: + description: A unicode string. + type: string + required: true + form: + description: + - The normal form to use. + - See U(https://docs.python.org/3/library/unicodedata.html#unicodedata.normalize) for details. + type: string + default: NFC + choices: + - NFC + - NFD + - NFKC + - NFKD +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Normalize unicode string ansible.builtin.set_fact: dictionary: "{{ 'ä' | community.general.unicode_normalize('NFKD') }}" # The resulting string has length 2: one letter is 'a', the other # the diacritic combiner. -''' +""" -RETURN = ''' - _value: - description: The normalized unicode string of the specified normal form. - type: string -''' +RETURN = r""" +_value: + description: The normalized unicode string of the specified normal form. + type: string +""" from unicodedata import normalize diff --git a/plugins/filter/version_sort.py b/plugins/filter/version_sort.py index 09eedbf563..f5a844c542 100644 --- a/plugins/filter/version_sort.py +++ b/plugins/filter/version_sort.py @@ -6,34 +6,34 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - name: version_sort - short_description: Sort a list according to version order instead of pure alphabetical one - version_added: 2.2.0 - author: Eric L. (@ericzolf) - description: - - Sort a list according to version order instead of pure alphabetical one. - options: - _input: - description: A list of strings to sort. - type: list - elements: string - required: true -''' +DOCUMENTATION = r""" +name: version_sort +short_description: Sort a list according to version order instead of pure alphabetical one +version_added: 2.2.0 +author: Eric L. (@ericzolf) +description: + - Sort a list according to version order instead of pure alphabetical one. +options: + _input: + description: A list of strings to sort. + type: list + elements: string + required: true +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Convert list of tuples into dictionary ansible.builtin.set_fact: dictionary: "{{ ['2.1', '2.10', '2.9'] | community.general.version_sort }}" # Result is ['2.1', '2.9', '2.10'] -''' +""" -RETURN = ''' - _value: - description: The list of strings sorted by version. - type: list - elements: string -''' +RETURN = r""" +_value: + description: The list of strings sorted by version. + type: list + elements: string +""" from ansible_collections.community.general.plugins.module_utils.version import LooseVersion diff --git a/plugins/inventory/cobbler.py b/plugins/inventory/cobbler.py index 8decbea309..7d65f583d6 100644 --- a/plugins/inventory/cobbler.py +++ b/plugins/inventory/cobbler.py @@ -20,21 +20,25 @@ DOCUMENTATION = ''' - inventory_cache options: plugin: - description: The name of this plugin, it should always be set to V(community.general.cobbler) for this plugin to recognize it as it's own. + description: The name of this plugin, it should always be set to V(community.general.cobbler) for this plugin to recognize it as its own. + type: string required: true choices: [ 'cobbler', 'community.general.cobbler' ] url: description: URL to cobbler. + type: string default: 'http://cobbler/cobbler_api' env: - name: COBBLER_SERVER user: description: Cobbler authentication user. + type: string required: false env: - name: COBBLER_USER password: description: Cobbler authentication password. + type: string required: false env: - name: COBBLER_PASSWORD @@ -114,10 +118,11 @@ password: secure import socket from ansible.errors import AnsibleError -from ansible.module_utils.common.text.converters import to_text from ansible.plugins.inventory import BaseInventoryPlugin, Cacheable, to_safe_group_name from ansible.module_utils.six import text_type +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + # xmlrpc try: import xmlrpclib as xmlrpc_client @@ -154,7 +159,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): raise AnsibleError('Could not import xmlrpc client library') if self.connection is None: - self.display.vvvv('Connecting to %s\n' % self.cobbler_url) + self.display.vvvv(f'Connecting to {self.cobbler_url}\n') self.connection = xmlrpc_client.Server(self.cobbler_url, allow_none=True) self.token = None if self.get_option('user') is not None: @@ -205,7 +210,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): return self._cache[self.cache_key]['systems'] def _add_safe_group_name(self, group, child=None): - group_name = self.inventory.add_group(to_safe_group_name('%s%s' % (self.get_option('group_prefix'), group.lower().replace(" ", "")))) + group_name = self.inventory.add_group(to_safe_group_name(f"{self.get_option('group_prefix')}{group.lower().replace(' ', '')}")) if child is not None: self.inventory.add_child(group_name, child) return group_name @@ -237,16 +242,16 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): for profile in self._get_profiles(): if profile['parent']: - self.display.vvvv('Processing profile %s with parent %s\n' % (profile['name'], profile['parent'])) + self.display.vvvv(f"Processing profile {profile['name']} with parent {profile['parent']}\n") if not self._exclude_profile(profile['parent']): parent_group_name = self._add_safe_group_name(profile['parent']) - self.display.vvvv('Added profile parent group %s\n' % parent_group_name) + self.display.vvvv(f'Added profile parent group {parent_group_name}\n') if not self._exclude_profile(profile['name']): group_name = self._add_safe_group_name(profile['name']) - self.display.vvvv('Added profile group %s\n' % group_name) + self.display.vvvv(f'Added profile group {group_name}\n') self.inventory.add_child(parent_group_name, group_name) else: - self.display.vvvv('Processing profile %s without parent\n' % profile['name']) + self.display.vvvv(f"Processing profile {profile['name']} without parent\n") # Create a hierarchy of profile names profile_elements = profile['name'].split('-') i = 0 @@ -254,12 +259,12 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): profile_group = '-'.join(profile_elements[0:i + 1]) profile_group_child = '-'.join(profile_elements[0:i + 2]) if self._exclude_profile(profile_group): - self.display.vvvv('Excluding profile %s\n' % profile_group) + self.display.vvvv(f'Excluding profile {profile_group}\n') break group_name = self._add_safe_group_name(profile_group) - self.display.vvvv('Added profile group %s\n' % group_name) + self.display.vvvv(f'Added profile group {group_name}\n') child_group_name = self._add_safe_group_name(profile_group_child) - self.display.vvvv('Added profile child group %s to %s\n' % (child_group_name, group_name)) + self.display.vvvv(f'Added profile child group {child_group_name} to {group_name}\n') self.inventory.add_child(group_name, child_group_name) i = i + 1 @@ -267,27 +272,27 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): self.group = to_safe_group_name(self.get_option('group')) if self.group is not None and self.group != '': self.inventory.add_group(self.group) - self.display.vvvv('Added site group %s\n' % self.group) + self.display.vvvv(f'Added site group {self.group}\n') ip_addresses = {} ipv6_addresses = {} for host in self._get_systems(): # Get the FQDN for the host and add it to the right groups if self.inventory_hostname == 'system': - hostname = host['name'] # None + hostname = make_unsafe(host['name']) # None else: - hostname = host['hostname'] # None + hostname = make_unsafe(host['hostname']) # None interfaces = host['interfaces'] if set(host['mgmt_classes']) & set(self.include_mgmt_classes): - self.display.vvvv('Including host %s in mgmt_classes %s\n' % (host['name'], host['mgmt_classes'])) + self.display.vvvv(f"Including host {host['name']} in mgmt_classes {host['mgmt_classes']}\n") else: if self._exclude_profile(host['profile']): - self.display.vvvv('Excluding host %s in profile %s\n' % (host['name'], host['profile'])) + self.display.vvvv(f"Excluding host {host['name']} in profile {host['profile']}\n") continue if set(host['mgmt_classes']) & set(self.exclude_mgmt_classes): - self.display.vvvv('Excluding host %s in mgmt_classes %s\n' % (host['name'], host['mgmt_classes'])) + self.display.vvvv(f"Excluding host {host['name']} in mgmt_classes {host['mgmt_classes']}\n") continue # hostname is often empty for non-static IP hosts @@ -296,22 +301,22 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): if ivalue['management'] or not ivalue['static']: this_dns_name = ivalue.get('dns_name', None) if this_dns_name is not None and this_dns_name != "": - hostname = this_dns_name - self.display.vvvv('Set hostname to %s from %s\n' % (hostname, iname)) + hostname = make_unsafe(this_dns_name) + self.display.vvvv(f'Set hostname to {hostname} from {iname}\n') if hostname == '': - self.display.vvvv('Cannot determine hostname for host %s, skipping\n' % host['name']) + self.display.vvvv(f"Cannot determine hostname for host {host['name']}, skipping\n") continue self.inventory.add_host(hostname) - self.display.vvvv('Added host %s hostname %s\n' % (host['name'], hostname)) + self.display.vvvv(f"Added host {host['name']} hostname {hostname}\n") # Add host to profile group if host['profile'] != '': group_name = self._add_safe_group_name(host['profile'], child=hostname) - self.display.vvvv('Added host %s to profile group %s\n' % (hostname, group_name)) + self.display.vvvv(f'Added host {hostname} to profile group {group_name}\n') else: - self.display.warning('Host %s has an empty profile\n' % (hostname)) + self.display.warning(f'Host {hostname} has an empty profile\n') # Add host to groups specified by group_by fields for group_by in self.group_by: @@ -321,7 +326,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): groups = [host[group_by]] if isinstance(host[group_by], str) else host[group_by] for group in groups: group_name = self._add_safe_group_name(group, child=hostname) - self.display.vvvv('Added host %s to group_by %s group %s\n' % (hostname, group_by, group_name)) + self.display.vvvv(f'Added host {hostname} to group_by {group_by} group {group_name}\n') # Add to group for this inventory if self.group is not None: @@ -361,18 +366,18 @@ class InventoryModule(BaseInventoryPlugin, Cacheable): if ip_address is None and ip_address_first is not None: ip_address = ip_address_first if ip_address is not None: - self.inventory.set_variable(hostname, 'cobbler_ipv4_address', ip_address) + self.inventory.set_variable(hostname, 'cobbler_ipv4_address', make_unsafe(ip_address)) if ipv6_address is None and ipv6_address_first is not None: ipv6_address = ipv6_address_first if ipv6_address is not None: - self.inventory.set_variable(hostname, 'cobbler_ipv6_address', ipv6_address) + self.inventory.set_variable(hostname, 'cobbler_ipv6_address', make_unsafe(ipv6_address)) if self.get_option('want_facts'): try: - self.inventory.set_variable(hostname, 'cobbler', host) + self.inventory.set_variable(hostname, 'cobbler', make_unsafe(host)) except ValueError as e: - self.display.warning("Could not set host info for %s: %s" % (hostname, to_text(e))) + self.display.warning(f"Could not set host info for {hostname}: {e}") if self.get_option('want_ip_addresses'): - self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', ip_addresses) - self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', ipv6_addresses) + self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', make_unsafe(ip_addresses)) + self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', make_unsafe(ipv6_addresses)) diff --git a/plugins/inventory/gitlab_runners.py b/plugins/inventory/gitlab_runners.py index a724a4bc71..cd6f40169a 100644 --- a/plugins/inventory/gitlab_runners.py +++ b/plugins/inventory/gitlab_runners.py @@ -22,7 +22,7 @@ DOCUMENTATION = ''' - Uses a YAML configuration file gitlab_runners.[yml|yaml]. options: plugin: - description: The name of this plugin, it should always be set to 'gitlab_runners' for this plugin to recognize it as it's own. + description: The name of this plugin, it should always be set to 'gitlab_runners' for this plugin to recognize it as its own. type: str required: true choices: @@ -58,10 +58,12 @@ DOCUMENTATION = ''' ''' EXAMPLES = ''' +--- # gitlab_runners.yml plugin: community.general.gitlab_runners host: https://gitlab.com +--- # Example using constructed features to create groups and set ansible_host plugin: community.general.gitlab_runners host: https://gitlab.com @@ -81,9 +83,10 @@ keyed_groups: ''' from ansible.errors import AnsibleError, AnsibleParserError -from ansible.module_utils.common.text.converters import to_native from ansible.plugins.inventory import BaseInventoryPlugin, Constructable +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + try: import gitlab HAS_GITLAB = True @@ -105,11 +108,11 @@ class InventoryModule(BaseInventoryPlugin, Constructable): else: runners = gl.runners.all() for runner in runners: - host = str(runner['id']) + host = make_unsafe(str(runner['id'])) ip_address = runner['ip_address'] - host_attrs = vars(gl.runners.get(runner['id']))['_attrs'] + host_attrs = make_unsafe(vars(gl.runners.get(runner['id']))['_attrs']) self.inventory.add_host(host, group='gitlab_runners') - self.inventory.set_variable(host, 'ansible_host', ip_address) + self.inventory.set_variable(host, 'ansible_host', make_unsafe(ip_address)) if self.get_option('verbose_output', True): self.inventory.set_variable(host, 'gitlab_runner_attributes', host_attrs) @@ -122,7 +125,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): # Create groups based on variable values and add the corresponding hosts to it self._add_host_to_keyed_groups(self.get_option('keyed_groups'), host_attrs, host, strict=strict) except Exception as e: - raise AnsibleParserError('Unable to fetch hosts from GitLab API, this was the original exception: %s' % to_native(e)) + raise AnsibleParserError(f'Unable to fetch hosts from GitLab API, this was the original exception: {e}') def verify_file(self, path): """Return the possibly of a file being consumable by this plugin.""" diff --git a/plugins/inventory/icinga2.py b/plugins/inventory/icinga2.py index a418707332..527a329173 100644 --- a/plugins/inventory/icinga2.py +++ b/plugins/inventory/icinga2.py @@ -63,6 +63,12 @@ DOCUMENTATION = ''' default: address choices: ['name', 'display_name', 'address'] version_added: 4.2.0 + group_by_hostgroups: + description: + - Uses Icinga2 hostgroups as groups. + type: boolean + default: true + version_added: 8.4.0 ''' EXAMPLES = r''' @@ -97,6 +103,8 @@ from ansible.plugins.inventory import BaseInventoryPlugin, Constructable from ansible.module_utils.urls import open_url from ansible.module_utils.six.moves.urllib.error import HTTPError +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + class InventoryModule(BaseInventoryPlugin, Constructable): ''' Host inventory parser for ansible using Icinga2 as source. ''' @@ -114,6 +122,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): self.ssl_verify = None self.host_filter = None self.inventory_attr = None + self.group_by_hostgroups = None self.cache_key = None self.use_cache = None @@ -132,7 +141,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): 'User-Agent': "ansible-icinga2-inv", 'Accept': "application/json", } - api_status_url = self.icinga2_url + "/status" + api_status_url = f"{self.icinga2_url}/status" request_args = { 'headers': self.headers, 'url_username': self.icinga2_user, @@ -142,7 +151,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): open_url(api_status_url, **request_args) def _post_request(self, request_url, data=None): - self.display.vvv("Requested URL: %s" % request_url) + self.display.vvv(f"Requested URL: {request_url}") request_args = { 'headers': self.headers, 'url_username': self.icinga2_user, @@ -151,42 +160,38 @@ class InventoryModule(BaseInventoryPlugin, Constructable): } if data is not None: request_args['data'] = json.dumps(data) - self.display.vvv("Request Args: %s" % request_args) + self.display.vvv(f"Request Args: {request_args}") try: response = open_url(request_url, **request_args) except HTTPError as e: try: error_body = json.loads(e.read().decode()) - self.display.vvv("Error returned: {0}".format(error_body)) + self.display.vvv(f"Error returned: {error_body}") except Exception: error_body = {"status": None} if e.code == 404 and error_body.get('status') == "No objects found.": raise AnsibleParserError("Host filter returned no data. Please confirm your host_filter value is valid") - raise AnsibleParserError("Unexpected data returned: {0} -- {1}".format(e, error_body)) + raise AnsibleParserError(f"Unexpected data returned: {e} -- {error_body}") response_body = response.read() json_data = json.loads(response_body.decode('utf-8')) - self.display.vvv("Returned Data: %s" % json.dumps(json_data, indent=4, sort_keys=True)) + self.display.vvv(f"Returned Data: {json.dumps(json_data, indent=4, sort_keys=True)}") if 200 <= response.status <= 299: return json_data if response.status == 404 and json_data['status'] == "No objects found.": raise AnsibleParserError( - "API returned no data -- Response: %s - %s" - % (response.status, json_data['status'])) + f"API returned no data -- Response: {response.status} - {json_data['status']}") if response.status == 401: raise AnsibleParserError( - "API was unable to complete query -- Response: %s - %s" - % (response.status, json_data['status'])) + f"API was unable to complete query -- Response: {response.status} - {json_data['status']}") if response.status == 500: raise AnsibleParserError( - "API Response - %s - %s" - % (json_data['status'], json_data['errors'])) + f"API Response - {json_data['status']} - {json_data['errors']}") raise AnsibleParserError( - "Unexpected data returned - %s - %s" - % (json_data['status'], json_data['errors'])) + f"Unexpected data returned - {json_data['status']} - {json_data['errors']}") def _query_hosts(self, hosts=None, attrs=None, joins=None, host_filter=None): - query_hosts_url = "{0}/objects/hosts".format(self.icinga2_url) + query_hosts_url = f"{self.icinga2_url}/objects/hosts" self.headers['X-HTTP-Method-Override'] = 'GET' data_dict = dict() if hosts: @@ -233,31 +238,32 @@ class InventoryModule(BaseInventoryPlugin, Constructable): """Convert Icinga2 API data to JSON format for Ansible""" groups_dict = {"_meta": {"hostvars": {}}} for entry in json_data: - host_attrs = entry['attrs'] + host_attrs = make_unsafe(entry['attrs']) if self.inventory_attr == "name": - host_name = entry.get('name') + host_name = make_unsafe(entry.get('name')) if self.inventory_attr == "address": # When looking for address for inventory, if missing fallback to object name if host_attrs.get('address', '') != '': - host_name = host_attrs.get('address') + host_name = make_unsafe(host_attrs.get('address')) else: - host_name = entry.get('name') + host_name = make_unsafe(entry.get('name')) if self.inventory_attr == "display_name": host_name = host_attrs.get('display_name') if host_attrs['state'] == 0: host_attrs['state'] = 'on' else: host_attrs['state'] = 'off' - host_groups = host_attrs.get('groups') self.inventory.add_host(host_name) - for group in host_groups: - if group not in self.inventory.groups.keys(): - self.inventory.add_group(group) - self.inventory.add_child(group, host_name) + if self.group_by_hostgroups: + host_groups = host_attrs.get('groups') + for group in host_groups: + if group not in self.inventory.groups.keys(): + self.inventory.add_group(group) + self.inventory.add_child(group, host_name) # If the address attribute is populated, override ansible_host with the value if host_attrs.get('address') != '': self.inventory.set_variable(host_name, 'ansible_host', host_attrs.get('address')) - self.inventory.set_variable(host_name, 'hostname', entry.get('name')) + self.inventory.set_variable(host_name, 'hostname', make_unsafe(entry.get('name'))) self.inventory.set_variable(host_name, 'display_name', host_attrs.get('display_name')) self.inventory.set_variable(host_name, 'state', host_attrs['state']) @@ -283,6 +289,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): self.ssl_verify = self.get_option('validate_certs') self.host_filter = self.get_option('host_filter') self.inventory_attr = self.get_option('inventory_attr') + self.group_by_hostgroups = self.get_option('group_by_hostgroups') if self.templar.is_template(self.icinga2_url): self.icinga2_url = self.templar.template(variable=self.icinga2_url, disable_lookups=False) @@ -291,7 +298,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): if self.templar.is_template(self.icinga2_password): self.icinga2_password = self.templar.template(variable=self.icinga2_password, disable_lookups=False) - self.icinga2_url = self.icinga2_url.rstrip('/') + '/v1' + self.icinga2_url = f"{self.icinga2_url.rstrip('/')}/v1" # Not currently enabled # self.cache_key = self.get_cache_key(path) diff --git a/plugins/inventory/iocage.py b/plugins/inventory/iocage.py new file mode 100644 index 0000000000..6ca7c2ef0a --- /dev/null +++ b/plugins/inventory/iocage.py @@ -0,0 +1,296 @@ +# -*- coding: utf-8 -*- + +# Copyright (c) 2024 Vladimir Botka +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + name: iocage + short_description: iocage inventory source + version_added: 10.2.0 + author: + - Vladimir Botka (@vbotka) + requirements: + - iocage >= 1.8 + description: + - Get inventory hosts from the iocage jail manager running on O(host). + - By default, O(host) is V(localhost). If O(host) is not V(localhost) it + is expected that the user running Ansible on the controller can + connect to the O(host) account O(user) with SSH non-interactively and + execute the command C(iocage list). + - Uses a configuration file as an inventory source, it must end + in C(.iocage.yml) or C(.iocage.yaml). + extends_documentation_fragment: + - ansible.builtin.constructed + - ansible.builtin.inventory_cache + options: + plugin: + description: + - The name of this plugin, it should always be set to + V(community.general.iocage) for this plugin to recognize + it as its own. + required: true + choices: ['community.general.iocage'] + type: str + host: + description: The IP/hostname of the C(iocage) host. + type: str + default: localhost + user: + description: + - C(iocage) user. + It is expected that the O(user) is able to connect to the + O(host) with SSH and execute the command C(iocage list). + This option is not required if O(host) is V(localhost). + type: str + get_properties: + description: + - Get jails' properties. + Creates dictionary C(iocage_properties) for each added host. + type: boolean + default: false + env: + description: O(user)'s environment on O(host). + type: dict + default: {} + notes: + - You might want to test the command C(ssh user@host iocage list -l) on + the controller before using this inventory plugin with O(user) specified + and with O(host) other than V(localhost). + - If you run this inventory plugin on V(localhost) C(ssh) is not used. + In this case, test the command C(iocage list -l). + - This inventory plugin creates variables C(iocage_*) for each added host. + - The values of these variables are collected from the output of the + command C(iocage list -l). + - The names of these variables correspond to the output columns. + - The column C(NAME) is used to name the added host. +''' + +EXAMPLES = ''' +--- +# file name must end with iocage.yaml or iocage.yml +plugin: community.general.iocage +host: 10.1.0.73 +user: admin + +--- +# user is not required if iocage is running on localhost (default) +plugin: community.general.iocage + +--- +# run cryptography without legacy algorithms +plugin: community.general.iocage +host: 10.1.0.73 +user: admin +env: + CRYPTOGRAPHY_OPENSSL_NO_LEGACY: 1 + +--- +# enable cache +plugin: community.general.iocage +host: 10.1.0.73 +user: admin +env: + CRYPTOGRAPHY_OPENSSL_NO_LEGACY: 1 +cache: true + +--- +# see inventory plugin ansible.builtin.constructed +plugin: community.general.iocage +host: 10.1.0.73 +user: admin +env: + CRYPTOGRAPHY_OPENSSL_NO_LEGACY: 1 +cache: true +strict: false +compose: + ansible_host: iocage_ip4 + release: iocage_release | split('-') | first +groups: + test: inventory_hostname.startswith('test') +keyed_groups: + - prefix: distro + key: iocage_release + - prefix: state + key: iocage_state +''' + +import re +import os +from subprocess import Popen, PIPE + +from ansible.errors import AnsibleError, AnsibleParserError +from ansible.module_utils.common.text.converters import to_native, to_text +from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable +from ansible.utils.display import Display + +display = Display() + + +def _parse_ip4(ip4): + ''' Return dictionary iocage_ip4_dict. default = {ip4: [], msg: ''}. + If item matches ifc|IP or ifc|CIDR parse ifc, ip, and mask. + Otherwise, append item to msg. + ''' + + iocage_ip4_dict = {} + iocage_ip4_dict['ip4'] = [] + iocage_ip4_dict['msg'] = '' + + items = ip4.split(',') + for item in items: + if re.match('^\\w+\\|(?:\\d{1,3}\\.){3}\\d{1,3}.*$', item): + i = re.split('\\||/', item) + if len(i) == 3: + iocage_ip4_dict['ip4'].append({'ifc': i[0], 'ip': i[1], 'mask': i[2]}) + else: + iocage_ip4_dict['ip4'].append({'ifc': i[0], 'ip': i[1], 'mask': '-'}) + else: + iocage_ip4_dict['msg'] += item + + return iocage_ip4_dict + + +class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): + ''' Host inventory parser for ansible using iocage as source. ''' + + NAME = 'community.general.iocage' + IOCAGE = '/usr/local/bin/iocage' + + def __init__(self): + super(InventoryModule, self).__init__() + + def verify_file(self, path): + valid = False + if super(InventoryModule, self).verify_file(path): + if path.endswith(('iocage.yaml', 'iocage.yml')): + valid = True + else: + self.display.vvv('Skipping due to inventory source not ending in "iocage.yaml" nor "iocage.yml"') + return valid + + def parse(self, inventory, loader, path, cache=True): + super(InventoryModule, self).parse(inventory, loader, path) + + self._read_config_data(path) + cache_key = self.get_cache_key(path) + + user_cache_setting = self.get_option('cache') + attempt_to_read_cache = user_cache_setting and cache + cache_needs_update = user_cache_setting and not cache + + if attempt_to_read_cache: + try: + results = self._cache[cache_key] + except KeyError: + cache_needs_update = True + if not attempt_to_read_cache or cache_needs_update: + results = self.get_inventory(path) + if cache_needs_update: + self._cache[cache_key] = results + + self.populate(results) + + def get_inventory(self, path): + host = self.get_option('host') + env = self.get_option('env') + get_properties = self.get_option('get_properties') + + cmd = [] + my_env = os.environ.copy() + if host == 'localhost': + my_env.update({str(k): str(v) for k, v in env.items()}) + else: + user = self.get_option('user') + cmd.append("ssh") + cmd.append(f"{user}@{host}") + cmd.extend([f"{k}={v}" for k, v in env.items()]) + cmd.append(self.IOCAGE) + + cmd_list = cmd.copy() + cmd_list.append('list') + cmd_list.append('--long') + try: + p = Popen(cmd_list, stdout=PIPE, stderr=PIPE, env=my_env) + stdout, stderr = p.communicate() + if p.returncode != 0: + raise AnsibleError(f'Failed to run cmd={cmd_list}, rc={p.returncode}, stderr={to_native(stderr)}') + + try: + t_stdout = to_text(stdout, errors='surrogate_or_strict') + except UnicodeError as e: + raise AnsibleError(f'Invalid (non unicode) input returned: {e}') from e + + except Exception as e: + raise AnsibleParserError(f'Failed to parse {to_native(path)}: {e}') from e + + results = {'_meta': {'hostvars': {}}} + self.get_jails(t_stdout, results) + + if get_properties: + for hostname, host_vars in results['_meta']['hostvars'].items(): + cmd_get_properties = cmd.copy() + cmd_get_properties.append("get") + cmd_get_properties.append("--all") + cmd_get_properties.append(f"{hostname}") + try: + p = Popen(cmd_get_properties, stdout=PIPE, stderr=PIPE, env=my_env) + stdout, stderr = p.communicate() + if p.returncode != 0: + raise AnsibleError( + f'Failed to run cmd={cmd_get_properties}, rc={p.returncode}, stderr={to_native(stderr)}') + + try: + t_stdout = to_text(stdout, errors='surrogate_or_strict') + except UnicodeError as e: + raise AnsibleError(f'Invalid (non unicode) input returned: {e}') from e + + except Exception as e: + raise AnsibleError(f'Failed to get properties: {e}') from e + + self.get_properties(t_stdout, results, hostname) + + return results + + def get_jails(self, t_stdout, results): + lines = t_stdout.splitlines() + if len(lines) < 5: + return + indices = [i for i, val in enumerate(lines[1]) if val == '|'] + for line in lines[3::2]: + jail = [line[i + 1:j].strip() for i, j in zip(indices[:-1], indices[1:])] + iocage_name = jail[1] + iocage_ip4_dict = _parse_ip4(jail[6]) + if iocage_ip4_dict['ip4']: + iocage_ip4 = ','.join([d['ip'] for d in iocage_ip4_dict['ip4']]) + else: + iocage_ip4 = '-' + results['_meta']['hostvars'][iocage_name] = {} + results['_meta']['hostvars'][iocage_name]['iocage_jid'] = jail[0] + results['_meta']['hostvars'][iocage_name]['iocage_boot'] = jail[2] + results['_meta']['hostvars'][iocage_name]['iocage_state'] = jail[3] + results['_meta']['hostvars'][iocage_name]['iocage_type'] = jail[4] + results['_meta']['hostvars'][iocage_name]['iocage_release'] = jail[5] + results['_meta']['hostvars'][iocage_name]['iocage_ip4_dict'] = iocage_ip4_dict + results['_meta']['hostvars'][iocage_name]['iocage_ip4'] = iocage_ip4 + results['_meta']['hostvars'][iocage_name]['iocage_ip6'] = jail[7] + results['_meta']['hostvars'][iocage_name]['iocage_template'] = jail[8] + results['_meta']['hostvars'][iocage_name]['iocage_basejail'] = jail[9] + + def get_properties(self, t_stdout, results, hostname): + properties = dict([x.split(':', 1) for x in t_stdout.splitlines()]) + results['_meta']['hostvars'][hostname]['iocage_properties'] = properties + + def populate(self, results): + strict = self.get_option('strict') + + for hostname, host_vars in results['_meta']['hostvars'].items(): + self.inventory.add_host(hostname, group='all') + for var, value in host_vars.items(): + self.inventory.set_variable(hostname, var, value) + self._set_composite_vars(self.get_option('compose'), host_vars, hostname, strict=True) + self._add_host_to_composed_groups(self.get_option('groups'), host_vars, hostname, strict=strict) + self._add_host_to_keyed_groups(self.get_option('keyed_groups'), host_vars, hostname, strict=strict) diff --git a/plugins/inventory/linode.py b/plugins/inventory/linode.py index 34b1fbaf9d..2419ef3197 100644 --- a/plugins/inventory/linode.py +++ b/plugins/inventory/linode.py @@ -35,6 +35,7 @@ DOCUMENTATION = r''' version_added: 4.5.0 plugin: description: Marks this as an instance of the 'linode' plugin. + type: string required: true choices: ['linode', 'community.general.linode'] ip_style: @@ -47,6 +48,7 @@ DOCUMENTATION = r''' version_added: 3.6.0 access_token: description: The Linode account personal access token. + type: string required: true env: - name: LINODE_ACCESS_TOKEN @@ -77,15 +79,18 @@ DOCUMENTATION = r''' ''' EXAMPLES = r''' +--- # Minimal example. `LINODE_ACCESS_TOKEN` is exposed in environment. plugin: community.general.linode +--- # You can use Jinja to template the access token. plugin: community.general.linode access_token: "{{ lookup('ini', 'token', section='your_username', file='~/.config/linode-cli') }}" # For older Ansible versions, you need to write this as: # access_token: "{{ lookup('ini', 'token section=your_username file=~/.config/linode-cli') }}" +--- # Example with regions, types, groups and access token plugin: community.general.linode access_token: foobar @@ -94,6 +99,7 @@ regions: types: - g5-standard-2 +--- # Example with keyed_groups, groups, and compose plugin: community.general.linode access_token: foobar @@ -112,6 +118,7 @@ compose: ansible_ssh_host: ipv4[0] ansible_port: 2222 +--- # Example where control traffic limited to internal network plugin: community.general.linode access_token: foobar @@ -123,6 +130,8 @@ compose: from ansible.errors import AnsibleError from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + try: from linode_api4 import LinodeClient @@ -157,7 +166,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): try: self.instances = self.client.linode.instances() except LinodeApiError as exception: - raise AnsibleError('Linode client raised: %s' % exception) + raise AnsibleError(f'Linode client raised: {exception}') def _add_groups(self): """Add Linode instance groups to the dynamic inventory.""" @@ -198,20 +207,21 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): def _add_instances_to_groups(self): """Add instance names to their dynamic inventory groups.""" for instance in self.instances: - self.inventory.add_host(instance.label, group=instance.group) + self.inventory.add_host(make_unsafe(instance.label), group=instance.group) def _add_hostvars_for_instances(self): """Add hostvars for instances in the dynamic inventory.""" ip_style = self.get_option('ip_style') for instance in self.instances: hostvars = instance._raw_json + hostname = make_unsafe(instance.label) for hostvar_key in hostvars: if ip_style == 'api' and hostvar_key in ['ipv4', 'ipv6']: continue self.inventory.set_variable( - instance.label, + hostname, hostvar_key, - hostvars[hostvar_key] + make_unsafe(hostvars[hostvar_key]) ) if ip_style == 'api': ips = instance.ips.ipv4.public + instance.ips.ipv4.private @@ -220,9 +230,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): for ip_type in set(ip.type for ip in ips): self.inventory.set_variable( - instance.label, + hostname, ip_type, - self._ip_data([ip for ip in ips if ip.type == ip_type]) + make_unsafe(self._ip_data([ip for ip in ips if ip.type == ip_type])) ) def _ip_data(self, ip_list): @@ -253,30 +263,44 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): self._add_instances_to_groups() self._add_hostvars_for_instances() for instance in self.instances: - variables = self.inventory.get_host(instance.label).get_vars() + hostname = make_unsafe(instance.label) + variables = self.inventory.get_host(hostname).get_vars() self._add_host_to_composed_groups( self.get_option('groups'), variables, - instance.label, + hostname, strict=strict) self._add_host_to_keyed_groups( self.get_option('keyed_groups'), variables, - instance.label, + hostname, strict=strict) self._set_composite_vars( self.get_option('compose'), variables, - instance.label, + hostname, strict=strict) def verify_file(self, path): - """Verify the Linode configuration file.""" + """Verify the Linode configuration file. + + Return true/false if the config-file is valid for this plugin + + Args: + str(path): path to the config + Kwargs: + None + Raises: + None + Returns: + bool(valid): is valid config file""" + valid = False if super(InventoryModule, self).verify_file(path): - endings = ('linode.yaml', 'linode.yml') - if any((path.endswith(ending) for ending in endings)): - return True - return False + if path.endswith(("linode.yaml", "linode.yml")): + valid = True + else: + self.display.vvv('Inventory source not ending in "linode.yaml" or "linode.yml"') + return valid def parse(self, inventory, loader, path, cache=True): """Dynamically parse Linode the cloud inventory.""" diff --git a/plugins/inventory/lxd.py b/plugins/inventory/lxd.py index 5b855fc97e..81229186b8 100644 --- a/plugins/inventory/lxd.py +++ b/plugins/inventory/lxd.py @@ -20,6 +20,7 @@ DOCUMENTATION = r''' options: plugin: description: Token that ensures this is a source file for the 'lxd' plugin. + type: string required: true choices: [ 'community.general.lxd' ] url: @@ -27,8 +28,8 @@ DOCUMENTATION = r''' - The unix domain socket path or the https URL for the lxd server. - Sockets in filesystem have to start with C(unix:). - Mostly C(unix:/var/lib/lxd/unix.socket) or C(unix:/var/snap/lxd/common/lxd/unix.socket). + type: string default: unix:/var/snap/lxd/common/lxd/unix.socket - type: str client_key: description: - The client certificate key file path. @@ -107,15 +108,18 @@ DOCUMENTATION = r''' ''' EXAMPLES = ''' +--- # simple lxd.yml plugin: community.general.lxd url: unix:/var/snap/lxd/common/lxd/unix.socket +--- # simple lxd.yml including filter plugin: community.general.lxd url: unix:/var/snap/lxd/common/lxd/unix.socket state: RUNNING +--- # simple lxd.yml including virtual machines and containers plugin: community.general.lxd url: unix:/var/snap/lxd/common/lxd/unix.socket @@ -175,6 +179,7 @@ from ansible.module_utils.six import raise_from from ansible.errors import AnsibleError, AnsibleParserError from ansible.module_utils.six.moves.urllib.parse import urlencode from ansible_collections.community.general.plugins.module_utils.lxd import LXDClient, LXDClientException +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe try: import ipaddress @@ -209,7 +214,7 @@ class InventoryModule(BaseInventoryPlugin): with open(path, 'r') as json_file: return json.load(json_file) except (IOError, json.decoder.JSONDecodeError) as err: - raise AnsibleParserError('Could not load the test data from {0}: {1}'.format(to_native(path), to_native(err))) + raise AnsibleParserError(f'Could not load the test data from {to_native(path)}: {err}') def save_json_data(self, path, file_name=None): """save data as json @@ -239,7 +244,7 @@ class InventoryModule(BaseInventoryPlugin): with open(os.path.abspath(os.path.join(cwd, *path)), 'w') as json_file: json.dump(self.data, json_file) except IOError as err: - raise AnsibleParserError('Could not save data: {0}'.format(to_native(err))) + raise AnsibleParserError(f'Could not save data: {err}') def verify_file(self, path): """Check the config @@ -279,7 +284,7 @@ class InventoryModule(BaseInventoryPlugin): if not isinstance(url, str): return False if not url.startswith(('unix:', 'https:')): - raise AnsibleError('URL is malformed: {0}'.format(to_native(url))) + raise AnsibleError(f'URL is malformed: {url}') return True def _connect_to_socket(self): @@ -304,7 +309,7 @@ class InventoryModule(BaseInventoryPlugin): return socket_connection except LXDClientException as err: error_storage[url] = err - raise AnsibleError('No connection to the socket: {0}'.format(to_native(error_storage))) + raise AnsibleError(f'No connection to the socket: {error_storage}') def _get_networks(self): """Get Networknames @@ -353,7 +358,7 @@ class InventoryModule(BaseInventoryPlugin): # } url = '/1.0/instances' if self.project: - url = url + '?{0}'.format(urlencode(dict(project=self.project))) + url = f"{url}?{urlencode(dict(project=self.project))}" instances = self.socket.do('GET', url) @@ -381,10 +386,10 @@ class InventoryModule(BaseInventoryPlugin): config = {} if isinstance(branch, (tuple, list)): config[name] = {branch[1]: self.socket.do( - 'GET', '/1.0/{0}/{1}/{2}?{3}'.format(to_native(branch[0]), to_native(name), to_native(branch[1]), urlencode(dict(project=self.project))))} + 'GET', f'/1.0/{to_native(branch[0])}/{to_native(name)}/{to_native(branch[1])}?{urlencode(dict(project=self.project))}')} else: config[name] = {branch: self.socket.do( - 'GET', '/1.0/{0}/{1}?{2}'.format(to_native(branch), to_native(name), urlencode(dict(project=self.project))))} + 'GET', f'/1.0/{to_native(branch)}/{to_native(name)}?{urlencode(dict(project=self.project))}')} return config def get_instance_data(self, names): @@ -447,7 +452,7 @@ class InventoryModule(BaseInventoryPlugin): None Returns: dict(network_configuration): network config""" - instance_network_interfaces = self._get_data_entry('instances/{0}/state/metadata/network'.format(instance_name)) + instance_network_interfaces = self._get_data_entry(f'instances/{instance_name}/state/metadata/network') network_configuration = None if instance_network_interfaces: network_configuration = {} @@ -460,7 +465,7 @@ class InventoryModule(BaseInventoryPlugin): address_set['family'] = address.get('family') address_set['address'] = address.get('address') address_set['netmask'] = address.get('netmask') - address_set['combined'] = address.get('address') + '/' + address.get('netmask') + address_set['combined'] = f"{address.get('address')}/{address.get('netmask')}" network_configuration[interface_name].append(address_set) return network_configuration @@ -477,7 +482,7 @@ class InventoryModule(BaseInventoryPlugin): None Returns: str(prefered_interface): None or interface name""" - instance_network_interfaces = self._get_data_entry('inventory/{0}/network_interfaces'.format(instance_name)) + instance_network_interfaces = self._get_data_entry(f'inventory/{instance_name}/network_interfaces') prefered_interface = None # init if instance_network_interfaces: # instance have network interfaces # generator if interfaces which start with the desired pattern @@ -514,7 +519,7 @@ class InventoryModule(BaseInventoryPlugin): # "network":"lxdbr0", # "type":"nic"}, vlan_ids = {} - devices = self._get_data_entry('instances/{0}/instances/metadata/expanded_devices'.format(to_native(instance_name))) + devices = self._get_data_entry(f'instances/{to_native(instance_name)}/instances/metadata/expanded_devices') for device in devices: if 'network' in devices[device]: if devices[device]['network'] in network_vlans: @@ -577,7 +582,7 @@ class InventoryModule(BaseInventoryPlugin): else: path[instance_name][key] = value except KeyError as err: - raise AnsibleParserError("Unable to store Information: {0}".format(to_native(err))) + raise AnsibleParserError(f"Unable to store Information: {err}") def extract_information_from_instance_configs(self): """Process configuration information @@ -598,24 +603,24 @@ class InventoryModule(BaseInventoryPlugin): for instance_name in self.data['instances']: self._set_data_entry(instance_name, 'os', self._get_data_entry( - 'instances/{0}/instances/metadata/config/image.os'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/config/image.os')) self._set_data_entry(instance_name, 'release', self._get_data_entry( - 'instances/{0}/instances/metadata/config/image.release'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/config/image.release')) self._set_data_entry(instance_name, 'version', self._get_data_entry( - 'instances/{0}/instances/metadata/config/image.version'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/config/image.version')) self._set_data_entry(instance_name, 'profile', self._get_data_entry( - 'instances/{0}/instances/metadata/profiles'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/profiles')) self._set_data_entry(instance_name, 'location', self._get_data_entry( - 'instances/{0}/instances/metadata/location'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/location')) self._set_data_entry(instance_name, 'state', self._get_data_entry( - 'instances/{0}/instances/metadata/config/volatile.last_state.power'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/config/volatile.last_state.power')) self._set_data_entry(instance_name, 'type', self._get_data_entry( - 'instances/{0}/instances/metadata/type'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/type')) self._set_data_entry(instance_name, 'network_interfaces', self.extract_network_information_from_instance_config(instance_name)) self._set_data_entry(instance_name, 'preferred_interface', self.get_prefered_instance_network_interface(instance_name)) self._set_data_entry(instance_name, 'vlan_ids', self.get_instance_vlans(instance_name)) self._set_data_entry(instance_name, 'project', self._get_data_entry( - 'instances/{0}/instances/metadata/project'.format(instance_name))) + f'instances/{instance_name}/instances/metadata/project')) def build_inventory_network(self, instance_name): """Add the network interfaces of the instance to the inventory @@ -649,18 +654,18 @@ class InventoryModule(BaseInventoryPlugin): None Returns: dict(interface_name: ip)""" - prefered_interface = self._get_data_entry('inventory/{0}/preferred_interface'.format(instance_name)) # name or None + prefered_interface = self._get_data_entry(f'inventory/{instance_name}/preferred_interface') # name or None prefered_instance_network_family = self.prefered_instance_network_family ip_address = '' if prefered_interface: - interface = self._get_data_entry('inventory/{0}/network_interfaces/{1}'.format(instance_name, prefered_interface)) + interface = self._get_data_entry(f'inventory/{instance_name}/network_interfaces/{prefered_interface}') for config in interface: if config['family'] == prefered_instance_network_family: ip_address = config['address'] break else: - interfaces = self._get_data_entry('inventory/{0}/network_interfaces'.format(instance_name)) + interfaces = self._get_data_entry(f'inventory/{instance_name}/network_interfaces') for interface in interfaces.values(): for config in interface: if config['family'] == prefered_instance_network_family: @@ -668,9 +673,9 @@ class InventoryModule(BaseInventoryPlugin): break return ip_address - if self._get_data_entry('inventory/{0}/network_interfaces'.format(instance_name)): # instance have network interfaces + if self._get_data_entry(f'inventory/{instance_name}/network_interfaces'): # instance have network interfaces self.inventory.set_variable(instance_name, 'ansible_connection', 'ssh') - self.inventory.set_variable(instance_name, 'ansible_host', interface_selection(instance_name)) + self.inventory.set_variable(instance_name, 'ansible_host', make_unsafe(interface_selection(instance_name))) else: self.inventory.set_variable(instance_name, 'ansible_connection', 'local') @@ -689,38 +694,46 @@ class InventoryModule(BaseInventoryPlugin): Returns: None""" for instance_name in self.data['inventory']: - instance_state = str(self._get_data_entry('inventory/{0}/state'.format(instance_name)) or "STOPPED").lower() + instance_state = str(self._get_data_entry(f'inventory/{instance_name}/state') or "STOPPED").lower() # Only consider instances that match the "state" filter, if self.state is not None if self.filter: if self.filter.lower() != instance_state: continue # add instance + instance_name = make_unsafe(instance_name) self.inventory.add_host(instance_name) # add network information self.build_inventory_network(instance_name) # add os - v = self._get_data_entry('inventory/{0}/os'.format(instance_name)) + v = self._get_data_entry(f'inventory/{instance_name}/os') if v: - self.inventory.set_variable(instance_name, 'ansible_lxd_os', v.lower()) + self.inventory.set_variable(instance_name, 'ansible_lxd_os', make_unsafe(v.lower())) # add release - v = self._get_data_entry('inventory/{0}/release'.format(instance_name)) + v = self._get_data_entry(f'inventory/{instance_name}/release') if v: - self.inventory.set_variable(instance_name, 'ansible_lxd_release', v.lower()) + self.inventory.set_variable( + instance_name, 'ansible_lxd_release', make_unsafe(v.lower())) # add profile - self.inventory.set_variable(instance_name, 'ansible_lxd_profile', self._get_data_entry('inventory/{0}/profile'.format(instance_name))) + self.inventory.set_variable( + instance_name, 'ansible_lxd_profile', make_unsafe(self._get_data_entry(f'inventory/{instance_name}/profile'))) # add state - self.inventory.set_variable(instance_name, 'ansible_lxd_state', instance_state) + self.inventory.set_variable( + instance_name, 'ansible_lxd_state', make_unsafe(instance_state)) # add type - self.inventory.set_variable(instance_name, 'ansible_lxd_type', self._get_data_entry('inventory/{0}/type'.format(instance_name))) + self.inventory.set_variable( + instance_name, 'ansible_lxd_type', make_unsafe(self._get_data_entry(f'inventory/{instance_name}/type'))) # add location information - if self._get_data_entry('inventory/{0}/location'.format(instance_name)) != "none": # wrong type by lxd 'none' != 'None' - self.inventory.set_variable(instance_name, 'ansible_lxd_location', self._get_data_entry('inventory/{0}/location'.format(instance_name))) + if self._get_data_entry(f'inventory/{instance_name}/location') != "none": # wrong type by lxd 'none' != 'None' + self.inventory.set_variable( + instance_name, 'ansible_lxd_location', make_unsafe(self._get_data_entry(f'inventory/{instance_name}/location'))) # add VLAN_ID information - if self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)): - self.inventory.set_variable(instance_name, 'ansible_lxd_vlan_ids', self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name))) + if self._get_data_entry(f'inventory/{instance_name}/vlan_ids'): + self.inventory.set_variable( + instance_name, 'ansible_lxd_vlan_ids', make_unsafe(self._get_data_entry(f'inventory/{instance_name}/vlan_ids'))) # add project - self.inventory.set_variable(instance_name, 'ansible_lxd_project', self._get_data_entry('inventory/{0}/project'.format(instance_name))) + self.inventory.set_variable( + instance_name, 'ansible_lxd_project', make_unsafe(self._get_data_entry(f'inventory/{instance_name}/project'))) def build_inventory_groups_location(self, group_name): """create group by attribute: location @@ -782,7 +795,7 @@ class InventoryModule(BaseInventoryPlugin): network = ipaddress.ip_network(to_text(self.groupby[group_name].get('attribute'))) except ValueError as err: raise AnsibleParserError( - 'Error while parsing network range {0}: {1}'.format(self.groupby[group_name].get('attribute'), to_native(err))) + f"Error while parsing network range {self.groupby[group_name].get('attribute')}: {err}") for instance_name in self.inventory.hosts: if self.data['inventory'][instance_name].get('network_interfaces') is not None: @@ -987,13 +1000,13 @@ class InventoryModule(BaseInventoryPlugin): elif self.groupby[group_name].get('type') == 'project': self.build_inventory_groups_project(group_name) else: - raise AnsibleParserError('Unknown group type: {0}'.format(to_native(group_name))) + raise AnsibleParserError(f'Unknown group type: {to_native(group_name)}') if self.groupby: for group_name in self.groupby: if not group_name.isalnum(): - raise AnsibleParserError('Invalid character(s) in groupname: {0}'.format(to_native(group_name))) - group_type(group_name) + raise AnsibleParserError(f'Invalid character(s) in groupname: {to_native(group_name)}') + group_type(make_unsafe(group_name)) def build_inventory(self): """Build dynamic inventory @@ -1029,7 +1042,7 @@ class InventoryModule(BaseInventoryPlugin): None""" iter_keys = list(self.data['instances'].keys()) for instance_name in iter_keys: - if self._get_data_entry('instances/{0}/instances/metadata/type'.format(instance_name)) != self.type_filter: + if self._get_data_entry(f'instances/{instance_name}/instances/metadata/type') != self.type_filter: del self.data['instances'][instance_name] def _populate(self): @@ -1110,6 +1123,6 @@ class InventoryModule(BaseInventoryPlugin): self.url = self.get_option('url') except Exception as err: raise AnsibleParserError( - 'All correct options required: {0}'.format(to_native(err))) + f'All correct options required: {err}') # Call our internal helper to populate the dynamic inventory self._populate() diff --git a/plugins/inventory/nmap.py b/plugins/inventory/nmap.py index 7fa92ae979..5dacd28e95 100644 --- a/plugins/inventory/nmap.py +++ b/plugins/inventory/nmap.py @@ -20,6 +20,7 @@ DOCUMENTATION = ''' options: plugin: description: token that ensures this is a source file for the 'nmap' plugin. + type: string required: true choices: ['nmap', 'community.general.nmap'] sudo: @@ -29,6 +30,7 @@ DOCUMENTATION = ''' type: boolean address: description: Network IP or range of IPs to scan, you can use a simple range (10.2.2.15-25) or CIDR notation. + type: string required: true env: - name: ANSIBLE_NMAP_ADDRESS @@ -91,22 +93,24 @@ DOCUMENTATION = ''' default: true version_added: 7.4.0 notes: - - At least one of ipv4 or ipv6 is required to be True, both can be True, but they cannot both be False. + - At least one of O(ipv4) or O(ipv6) is required to be V(true); both can be V(true), but they cannot both be V(false). - 'TODO: add OS fingerprinting' ''' EXAMPLES = ''' +--- # inventory.config file in YAML format plugin: community.general.nmap strict: false address: 192.168.0.0/24 - +--- # a sudo nmap scan to fully use nmap scan power. plugin: community.general.nmap sudo: true strict: false address: 192.168.0.0/24 +--- # an nmap scan specifying ports and classifying results to an inventory group plugin: community.general.nmap address: 192.168.0.0/24 @@ -127,6 +131,8 @@ from ansible.module_utils.common.text.converters import to_native, to_text from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable from ansible.module_utils.common.process import get_bin_path +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): @@ -143,6 +149,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): strict = self.get_option('strict') for host in hosts: + host = make_unsafe(host) hostname = host['name'] self.inventory.add_host(hostname) for var, value in host.items(): @@ -173,7 +180,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): try: self._nmap = get_bin_path('nmap') except ValueError as e: - raise AnsibleParserError('nmap inventory plugin requires the nmap cli tool to work: {0}'.format(to_native(e))) + raise AnsibleParserError(f'nmap inventory plugin requires the nmap cli tool to work: {e}') super(InventoryModule, self).parse(inventory, loader, path, cache=cache) @@ -243,7 +250,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): p = Popen(cmd, stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate() if p.returncode != 0: - raise AnsibleParserError('Failed to run nmap, rc=%s: %s' % (p.returncode, to_native(stderr))) + raise AnsibleParserError(f'Failed to run nmap, rc={p.returncode}: {to_native(stderr)}') # parse results host = None @@ -254,7 +261,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): try: t_stdout = to_text(stdout, errors='surrogate_or_strict') except UnicodeError as e: - raise AnsibleParserError('Invalid (non unicode) input returned: %s' % to_native(e)) + raise AnsibleParserError(f'Invalid (non unicode) input returned: {e}') for line in t_stdout.splitlines(): hits = self.find_host.match(line) @@ -295,7 +302,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): results[-1]['ports'] = ports except Exception as e: - raise AnsibleParserError("failed to parse %s: %s " % (to_native(path), to_native(e))) + raise AnsibleParserError(f"failed to parse {to_native(path)}: {e} ") if cache_needs_update: self._cache[cache_key] = results diff --git a/plugins/inventory/online.py b/plugins/inventory/online.py index 3fccd58d2f..9475049c08 100644 --- a/plugins/inventory/online.py +++ b/plugins/inventory/online.py @@ -16,11 +16,13 @@ DOCUMENTATION = r''' options: plugin: description: token that ensures this is a source file for the 'online' plugin. + type: string required: true choices: ['online', 'community.general.online'] oauth_token: required: true description: Online OAuth token. + type: string env: # in order of precedence - name: ONLINE_TOKEN @@ -69,6 +71,8 @@ from ansible.module_utils.common.text.converters import to_text from ansible.module_utils.ansible_release import __version__ as ansible_version from ansible.module_utils.six.moves.urllib.parse import urljoin +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + class InventoryModule(BaseInventoryPlugin): NAME = 'community.general.online' @@ -134,7 +138,7 @@ class InventoryModule(BaseInventoryPlugin): try: response = open_url(url, headers=self.headers) except Exception as e: - self.display.warning("An error happened while fetching: %s" % url) + self.display.warning(f"An error happened while fetching: {url}") return None try: @@ -169,20 +173,20 @@ class InventoryModule(BaseInventoryPlugin): "support" ) for attribute in targeted_attributes: - self.inventory.set_variable(hostname, attribute, host_infos[attribute]) + self.inventory.set_variable(hostname, attribute, make_unsafe(host_infos[attribute])) if self.extract_public_ipv4(host_infos=host_infos): - self.inventory.set_variable(hostname, "public_ipv4", self.extract_public_ipv4(host_infos=host_infos)) - self.inventory.set_variable(hostname, "ansible_host", self.extract_public_ipv4(host_infos=host_infos)) + self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_public_ipv4(host_infos=host_infos))) + self.inventory.set_variable(hostname, "ansible_host", make_unsafe(self.extract_public_ipv4(host_infos=host_infos))) if self.extract_private_ipv4(host_infos=host_infos): - self.inventory.set_variable(hostname, "public_ipv4", self.extract_private_ipv4(host_infos=host_infos)) + self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_private_ipv4(host_infos=host_infos))) if self.extract_os_name(host_infos=host_infos): - self.inventory.set_variable(hostname, "os_name", self.extract_os_name(host_infos=host_infos)) + self.inventory.set_variable(hostname, "os_name", make_unsafe(self.extract_os_name(host_infos=host_infos))) if self.extract_os_version(host_infos=host_infos): - self.inventory.set_variable(hostname, "os_version", self.extract_os_name(host_infos=host_infos)) + self.inventory.set_variable(hostname, "os_version", make_unsafe(self.extract_os_name(host_infos=host_infos))) def _filter_host(self, host_infos, hostname_preferences): @@ -201,6 +205,8 @@ class InventoryModule(BaseInventoryPlugin): if not hostname: return + hostname = make_unsafe(hostname) + self.inventory.add_host(host=hostname) self._fill_host_variables(hostname=hostname, host_infos=host_infos) @@ -210,6 +216,8 @@ class InventoryModule(BaseInventoryPlugin): if not group: return + group = make_unsafe(group) + self.inventory.add_group(group=group) self.inventory.add_host(group=group, host=hostname) @@ -237,8 +245,8 @@ class InventoryModule(BaseInventoryPlugin): } self.headers = { - 'Authorization': "Bearer %s" % token, - 'User-Agent': "ansible %s Python %s" % (ansible_version, python_version.split(' ', 1)[0]), + 'Authorization': f"Bearer {token}", + 'User-Agent': f"ansible {ansible_version} Python {python_version.split(' ', 1)[0]}", 'Content-type': 'application/json' } diff --git a/plugins/inventory/opennebula.py b/plugins/inventory/opennebula.py index 01c0f02485..7fc320f326 100644 --- a/plugins/inventory/opennebula.py +++ b/plugins/inventory/opennebula.py @@ -96,7 +96,8 @@ except ImportError: from ansible.errors import AnsibleError from ansible.plugins.inventory import BaseInventoryPlugin, Constructable -from ansible.module_utils.common.text.converters import to_native + +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe from collections import namedtuple import os @@ -126,9 +127,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable): authstring = fp.read().rstrip() username, password = authstring.split(":") except (OSError, IOError): - raise AnsibleError("Could not find or read ONE_AUTH file at '{e}'".format(e=authfile)) + raise AnsibleError(f"Could not find or read ONE_AUTH file at '{authfile}'") except Exception: - raise AnsibleError("Error occurs when reading ONE_AUTH file at '{e}'".format(e=authfile)) + raise AnsibleError(f"Error occurs when reading ONE_AUTH file at '{authfile}'") auth_params = namedtuple('auth', ('url', 'username', 'password')) @@ -141,7 +142,8 @@ class InventoryModule(BaseInventoryPlugin, Constructable): nic = [nic] for net in nic: - return net['IP'] + if net.get('IP'): + return net['IP'] return False @@ -163,13 +165,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable): if not (auth.username and auth.password): raise AnsibleError('API Credentials missing. Check OpenNebula inventory file.') else: - one_client = pyone.OneServer(auth.url, session=auth.username + ':' + auth.password) + one_client = pyone.OneServer(auth.url, session=f"{auth.username}:{auth.password}") # get hosts (VMs) try: vm_pool = one_client.vmpool.infoextended(-2, -1, -1, 3) except Exception as e: - raise AnsibleError("Something happened during XML-RPC call: {e}".format(e=to_native(e))) + raise AnsibleError(f"Something happened during XML-RPC call: {e}") return vm_pool @@ -196,6 +198,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable): continue server['name'] = vm.NAME + server['id'] = vm.ID + if hasattr(vm.HISTORY_RECORDS, 'HISTORY') and vm.HISTORY_RECORDS.HISTORY: + server['host'] = vm.HISTORY_RECORDS.HISTORY[-1].HOSTNAME server['LABELS'] = labels server['v4_first_ip'] = self._get_vm_ipv4(vm) server['v6_first_ip'] = self._get_vm_ipv6(vm) @@ -215,6 +220,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): filter_by_label = self.get_option('filter_by_label') servers = self._retrieve_servers(filter_by_label) for server in servers: + server = make_unsafe(server) hostname = server['name'] # check for labels if group_by_labels and server['LABELS']: diff --git a/plugins/inventory/proxmox.py b/plugins/inventory/proxmox.py index 0725819c10..2d65657d67 100644 --- a/plugins/inventory/proxmox.py +++ b/plugins/inventory/proxmox.py @@ -25,7 +25,7 @@ DOCUMENTATION = ''' - inventory_cache options: plugin: - description: The name of this plugin, it should always be set to V(community.general.proxmox) for this plugin to recognize it as it's own. + description: The name of this plugin, it should always be set to V(community.general.proxmox) for this plugin to recognize it as its own. required: true choices: ['community.general.proxmox'] type: str @@ -138,6 +138,7 @@ DOCUMENTATION = ''' ''' EXAMPLES = ''' +--- # Minimal example which will not gather additional facts for QEMU/LXC guests # By not specifying a URL the plugin will attempt to connect to the controller host on port 8006 # my.proxmox.yml @@ -148,6 +149,7 @@ password: secure # an example where this is set to `false` and where ansible_host is set with `compose`. want_proxmox_nodes_ansible_host: true +--- # Instead of login with password, proxmox supports api token authentication since release 6.2. plugin: community.general.proxmox user: ci@pve @@ -164,6 +166,7 @@ token_secret: !vault | 32643131386134396336623736393634373936356332623632306561356361323737313663633633 6231313333666361656537343562333337323030623732323833 +--- # More complete example demonstrating the use of 'want_facts' and the constructed options # Note that using facts returned by 'want_facts' in constructed options requires 'want_facts=true' # my.proxmox.yml @@ -186,6 +189,7 @@ compose: # an example where this is set to `false` and where ansible_host is set with `compose`. want_proxmox_nodes_ansible_host: true +--- # Using the inventory to allow ansible to connect via the first IP address of the VM / Container # (Default is connection by name of QEMU/LXC guests) # Note: my_inv_var demonstrates how to add a string variable to every host used by the inventory. @@ -203,6 +207,7 @@ compose: my_inv_var_2: > "my_var_2_value" +--- # Specify the url, user and password using templating # my.proxmox.yml plugin: community.general.proxmox @@ -222,12 +227,12 @@ from ansible.module_utils.common._collections_compat import MutableMapping from ansible.errors import AnsibleError from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable -from ansible.module_utils.common.text.converters import to_native from ansible.module_utils.six import string_types from ansible.module_utils.six.moves.urllib.parse import urlencode from ansible.utils.display import Display from ansible_collections.community.general.plugins.module_utils.version import LooseVersion +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe # 3rd party imports try: @@ -274,31 +279,33 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): return self.session def _get_auth(self): - credentials = urlencode({'username': self.proxmox_user, 'password': self.proxmox_password, }) + validate_certs = self.get_option('validate_certs') + + if validate_certs is False: + from requests.packages.urllib3 import disable_warnings + disable_warnings() if self.proxmox_password: - - credentials = urlencode({'username': self.proxmox_user, 'password': self.proxmox_password, }) - + credentials = urlencode({'username': self.proxmox_user, 'password': self.proxmox_password}) a = self._get_session() - - if a.verify is False: - from requests.packages.urllib3 import disable_warnings - disable_warnings() - - ret = a.post('%s/api2/json/access/ticket' % self.proxmox_url, data=credentials) - + ret = a.post(f'{self.proxmox_url}/api2/json/access/ticket', data=credentials) json = ret.json() - self.headers = { # only required for POST/PUT/DELETE methods, which we are not using currently # 'CSRFPreventionToken': json['data']['CSRFPreventionToken'], - 'Cookie': 'PVEAuthCookie={0}'.format(json['data']['ticket']) + 'Cookie': f"PVEAuthCookie={json['data']['ticket']}" } - else: + # Clean and format token components + user = self.proxmox_user.strip() + token_id = self.proxmox_token_id.strip() + token_secret = self.proxmox_token_secret.strip() - self.headers = {'Authorization': 'PVEAPIToken={0}!{1}={2}'.format(self.proxmox_user, self.proxmox_token_id, self.proxmox_token_secret)} + # Build token string without newlines + token = f'{user}!{token_id}={token_secret}' + + # Set headers with clean token + self.headers = {'Authorization': f'PVEAPIToken={token}'} def _get_json(self, url, ignore_errors=None): @@ -328,32 +335,33 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): data = json['data'] break else: - # /hosts 's 'results' is a list of all hosts, returned is paginated - data = data + json['data'] + if json['data']: + # /hosts 's 'results' is a list of all hosts, returned is paginated + data = data + json['data'] break self._cache[self.cache_key][url] = data - return self._cache[self.cache_key][url] + return make_unsafe(self._cache[self.cache_key][url]) def _get_nodes(self): - return self._get_json("%s/api2/json/nodes" % self.proxmox_url) + return self._get_json(f"{self.proxmox_url}/api2/json/nodes") def _get_pools(self): - return self._get_json("%s/api2/json/pools" % self.proxmox_url) + return self._get_json(f"{self.proxmox_url}/api2/json/pools") def _get_lxc_per_node(self, node): - return self._get_json("%s/api2/json/nodes/%s/lxc" % (self.proxmox_url, node)) + return self._get_json(f"{self.proxmox_url}/api2/json/nodes/{node}/lxc") def _get_qemu_per_node(self, node): - return self._get_json("%s/api2/json/nodes/%s/qemu" % (self.proxmox_url, node)) + return self._get_json(f"{self.proxmox_url}/api2/json/nodes/{node}/qemu") def _get_members_per_pool(self, pool): - ret = self._get_json("%s/api2/json/pools/%s" % (self.proxmox_url, pool)) + ret = self._get_json(f"{self.proxmox_url}/api2/json/pools/{pool}") return ret['members'] def _get_node_ip(self, node): - ret = self._get_json("%s/api2/json/nodes/%s/network" % (self.proxmox_url, node)) + ret = self._get_json(f"{self.proxmox_url}/api2/json/nodes/{node}/network") for iface in ret: try: @@ -361,20 +369,46 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): except Exception: return None + def _get_lxc_interfaces(self, properties, node, vmid): + status_key = self._fact('status') + + if status_key not in properties or not properties[status_key] == 'running': + return + + ret = self._get_json(f"{self.proxmox_url}/api2/json/nodes/{node}/lxc/{vmid}/interfaces", ignore_errors=[501]) + if not ret: + return + + result = [] + + for iface in ret: + result_iface = { + 'name': iface['name'], + 'hwaddr': iface['hwaddr'] + } + + if 'inet' in iface: + result_iface['inet'] = iface['inet'] + + if 'inet6' in iface: + result_iface['inet6'] = iface['inet6'] + + result.append(result_iface) + + properties[self._fact('lxc_interfaces')] = result + def _get_agent_network_interfaces(self, node, vmid, vmtype): result = [] try: ifaces = self._get_json( - "%s/api2/json/nodes/%s/%s/%s/agent/network-get-interfaces" % ( - self.proxmox_url, node, vmtype, vmid - ) + f"{self.proxmox_url}/api2/json/nodes/{node}/{vmtype}/{vmid}/agent/network-get-interfaces" )['result'] if "error" in ifaces: if "class" in ifaces["error"]: # This happens on Windows, even though qemu agent is running, the IP address - # cannot be fetched, as it's unsupported, also a command disabled can happen. + # cannot be fetched, as it is unsupported, also a command disabled can happen. errorClass = ifaces["error"]["class"] if errorClass in ["Unsupported"]: self.display.v("Retrieving network interfaces from guest agents on windows with older qemu-guest-agents is not supported") @@ -386,7 +420,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): result.append({ 'name': iface['name'], 'mac-address': iface['hardware-address'] if 'hardware-address' in iface else '', - 'ip-addresses': ["%s/%s" % (ip['ip-address'], ip['prefix']) for ip in iface['ip-addresses']] if 'ip-addresses' in iface else [] + 'ip-addresses': [f"{ip['ip-address']}/{ip['prefix']}" for ip in iface['ip-addresses']] if 'ip-addresses' in iface else [] }) except requests.HTTPError: pass @@ -394,7 +428,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): return result def _get_vm_config(self, properties, node, vmid, vmtype, name): - ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/config" % (self.proxmox_url, node, vmtype, vmid)) + ret = self._get_json(f"{self.proxmox_url}/api2/json/nodes/{node}/{vmtype}/{vmid}/config") properties[self._fact('node')] = node properties[self._fact('vmid')] = vmid @@ -410,13 +444,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): try: # fixup disk images as they have no key if config == 'rootfs' or config.startswith(('virtio', 'sata', 'ide', 'scsi')): - value = ('disk_image=' + value) + value = f"disk_image={value}" # Additional field containing parsed tags as list if config == 'tags': stripped_value = value.strip() if stripped_value: - parsed_key = key + "_parsed" + parsed_key = f"{key}_parsed" properties[parsed_key] = [tag.strip() for tag in stripped_value.replace(',', ';').split(";")] # The first field in the agent string tells you whether the agent is enabled @@ -432,7 +466,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): if agent_enabled: agent_iface_value = self._get_agent_network_interfaces(node, vmid, vmtype) if agent_iface_value: - agent_iface_key = self.to_safe('%s%s' % (key, "_interfaces")) + agent_iface_key = self.to_safe(f'{key}_interfaces') properties[agent_iface_key] = agent_iface_value if config == 'lxc': @@ -457,13 +491,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): return None def _get_vm_status(self, properties, node, vmid, vmtype, name): - ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/status/current" % (self.proxmox_url, node, vmtype, vmid)) + ret = self._get_json(f"{self.proxmox_url}/api2/json/nodes/{node}/{vmtype}/{vmid}/status/current") properties[self._fact('status')] = ret['status'] if vmtype == 'qemu': properties[self._fact('qmpstatus')] = ret['qmpstatus'] def _get_vm_snapshots(self, properties, node, vmid, vmtype, name): - ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/snapshot" % (self.proxmox_url, node, vmtype, vmid)) + ret = self._get_json(f"{self.proxmox_url}/api2/json/nodes/{node}/{vmtype}/{vmid}/snapshot") snapshots = [snapshot['name'] for snapshot in ret if snapshot['name'] != 'current'] properties[self._fact('snapshots')] = snapshots @@ -477,11 +511,11 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): def _fact(self, name): '''Generate a fact's full name from the common prefix and a name.''' - return self.to_safe('%s%s' % (self.facts_prefix, name.lower())) + return self.to_safe(f'{self.facts_prefix}{name.lower()}') def _group(self, name): '''Generate a group's full name from the common prefix and a name.''' - return self.to_safe('%s%s' % (self.group_prefix, name.lower())) + return self.to_safe(f'{self.group_prefix}{name.lower()}') def _can_add_host(self, name, properties): '''Ensure that a host satisfies all defined hosts filters. If strict mode is @@ -493,7 +527,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): if not self._compose(host_filter, properties): return False except Exception as e: # pylint: disable=broad-except - message = "Could not evaluate host filter %s for host %s - %s" % (host_filter, name, to_native(e)) + message = f"Could not evaluate host filter {host_filter} for host {name} - {e}" if self.strict: raise AnsibleError(message) display.warning(message) @@ -525,14 +559,17 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): self._get_vm_config(properties, node, vmid, ittype, name) self._get_vm_snapshots(properties, node, vmid, ittype, name) + if ittype == 'lxc': + self._get_lxc_interfaces(properties, node, vmid) + # ensure the host satisfies filters if not self._can_add_host(name, properties): return None # add the host to the inventory self._add_host(name, properties) - node_type_group = self._group('%s_%s' % (node, ittype)) - self.inventory.add_child(self._group('all_' + ittype), name) + node_type_group = self._group(f'{node}_{ittype}') + self.inventory.add_child(self._group(f"all_{ittype}"), name) self.inventory.add_child(node_type_group, name) item_status = item['status'] @@ -540,7 +577,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): if want_facts and ittype == 'qemu' and self.get_option('qemu_extended_statuses'): # get more details about the status of the qemu VM item_status = properties.get(self._fact('qmpstatus'), item_status) - self.inventory.add_child(self._group('all_%s' % (item_status, )), name) + self.inventory.add_child(self._group(f'all_{item_status}'), name) return name @@ -551,7 +588,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): poolid = pool.get('poolid') if not poolid: continue - pool_group = self._group('pool_' + poolid) + pool_group = self._group(f"pool_{poolid}") self.inventory.add_group(pool_group) for member in self._get_members_per_pool(poolid): @@ -568,7 +605,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): default_groups.extend(['prelaunch', 'paused']) for group in default_groups: - self.inventory.add_group(self._group('all_%s' % (group))) + self.inventory.add_group(self._group(f'all_{group}')) nodes_group = self._group('nodes') if not self.exclude_nodes: self.inventory.add_group(nodes_group) @@ -601,7 +638,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): # add LXC/Qemu groups for the node for ittype in ('lxc', 'qemu'): - node_type_group = self._group('%s_%s' % (node['node'], ittype)) + node_type_group = self._group(f"{node['node']}_{ittype}") self.inventory.add_group(node_type_group) # get LXC containers and Qemu VMs for this node @@ -630,7 +667,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): v = self.get_option(o) if self.templar.is_template(v): v = self.templar.template(v, disable_lookups=False) - setattr(self, 'proxmox_%s' % o, v) + setattr(self, f'proxmox_{o}', v) # some more cleanup and validation self.proxmox_url = self.proxmox_url.rstrip('/') diff --git a/plugins/inventory/scaleway.py b/plugins/inventory/scaleway.py index 632f08402f..e396740bca 100644 --- a/plugins/inventory/scaleway.py +++ b/plugins/inventory/scaleway.py @@ -20,6 +20,7 @@ DOCUMENTATION = r''' plugin: description: Token that ensures this is a source file for the 'scaleway' plugin. required: true + type: string choices: ['scaleway', 'community.general.scaleway'] regions: description: Filter results on a specific Scaleway region. @@ -46,6 +47,7 @@ DOCUMENTATION = r''' - If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file (C($SCW_CONFIG_PATH), C($XDG_CONFIG_HOME/scw/config.yaml), or C(~/.config/scw/config.yaml)). - More details on L(how to generate token, https://www.scaleway.com/en/docs/generate-api-keys/). + type: string env: # in order of precedence - name: SCW_TOKEN @@ -75,6 +77,7 @@ EXAMPLES = r''' # scaleway_inventory.yml file in YAML format # Example command line: ansible-inventory --list -i scaleway_inventory.yml +--- # use hostname as inventory_hostname # use the private IP address to connect to the host plugin: community.general.scaleway @@ -89,6 +92,7 @@ variables: ansible_host: private_ip state: state +--- # use hostname as inventory_hostname and public IP address to connect to the host plugin: community.general.scaleway hostnames: @@ -98,6 +102,7 @@ regions: variables: ansible_host: public_ip.address +--- # Using static strings as variables plugin: community.general.scaleway hostnames: @@ -121,8 +126,9 @@ else: from ansible.errors import AnsibleError from ansible.plugins.inventory import BaseInventoryPlugin, Constructable from ansible_collections.community.general.plugins.module_utils.scaleway import SCALEWAY_LOCATION, parse_pagination_link +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe from ansible.module_utils.urls import open_url -from ansible.module_utils.common.text.converters import to_native, to_text +from ansible.module_utils.common.text.converters import to_text from ansible.module_utils.six import raise_from import ansible.module_utils.six.moves.urllib.parse as urllib_parse @@ -137,7 +143,7 @@ def _fetch_information(token, url): headers={'X-Auth-Token': token, 'Content-type': 'application/json'}) except Exception as e: - raise AnsibleError("Error while fetching %s: %s" % (url, to_native(e))) + raise AnsibleError(f"Error while fetching {url}: {e}") try: raw_json = json.loads(to_text(response.read())) except ValueError: @@ -158,7 +164,7 @@ def _fetch_information(token, url): def _build_server_url(api_endpoint): - return "/".join([api_endpoint, "servers"]) + return f"{api_endpoint}/servers" def extract_public_ipv4(server_info): @@ -279,7 +285,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable): zone_info = SCALEWAY_LOCATION[zone] url = _build_server_url(zone_info["api_endpoint"]) - raw_zone_hosts_infos = _fetch_information(url=url, token=token) + raw_zone_hosts_infos = make_unsafe(_fetch_information(url=url, token=token)) for host_infos in raw_zone_hosts_infos: @@ -341,4 +347,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable): hostname_preference = self.get_option("hostnames") for zone in self._get_zones(config_zones): - self.do_zone_inventory(zone=zone, token=token, tags=tags, hostname_preferences=hostname_preference) + self.do_zone_inventory(zone=make_unsafe(zone), token=token, tags=tags, hostname_preferences=hostname_preference) diff --git a/plugins/inventory/stackpath_compute.py b/plugins/inventory/stackpath_compute.py index 39f880e820..c87d0e5277 100644 --- a/plugins/inventory/stackpath_compute.py +++ b/plugins/inventory/stackpath_compute.py @@ -24,6 +24,7 @@ DOCUMENTATION = ''' description: - A token that ensures this is a source file for the plugin. required: true + type: string choices: ['community.general.stackpath_compute'] client_id: description: @@ -73,6 +74,8 @@ from ansible.plugins.inventory import ( ) from ansible.utils.display import Display +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + display = Display() @@ -136,7 +139,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): "Content-Type": "application/json", } resp = open_url( - self.api_host + '/identity/v1/oauth2/token', + f"{self.api_host}/identity/v1/oauth2/token", headers=headers, data=payload, method="POST" @@ -152,16 +155,16 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): self._authenticate() for stack_slug in self.stack_slugs: try: - workloads = self._stackpath_query_get_list(self.api_host + '/workload/v1/stacks/' + stack_slug + '/workloads') + workloads = self._stackpath_query_get_list(f"{self.api_host}/workload/v1/stacks/{stack_slug}/workloads") except Exception: - raise AnsibleError("Failed to get workloads from the StackPath API: %s" % traceback.format_exc()) + raise AnsibleError(f"Failed to get workloads from the StackPath API: {traceback.format_exc()}") for workload in workloads: try: workload_instances = self._stackpath_query_get_list( - self.api_host + '/workload/v1/stacks/' + stack_slug + '/workloads/' + workload["id"] + '/instances' + f"{self.api_host}/workload/v1/stacks/{stack_slug}/workloads/{workload['id']}/instances" ) except Exception: - raise AnsibleError("Failed to get workload instances from the StackPath API: %s" % traceback.format_exc()) + raise AnsibleError(f"Failed to get workload instances from the StackPath API: {traceback.format_exc()}") for instance in workload_instances: if instance["phase"] == "RUNNING": instance["stackSlug"] = stack_slug @@ -181,7 +184,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): def _populate(self, instances): for instance in instances: for group_key in self.group_keys: - group = group_key + "_" + instance[group_key] + group = f"{group_key}_{instance[group_key]}" group = group.lower().replace(" ", "_").replace("-", "_") self.inventory.add_group(group) self.inventory.add_host(instance[self.hostname_key], @@ -191,14 +194,14 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): self._authenticate() headers = { "Content-Type": "application/json", - "Authorization": "Bearer " + self.auth_token, + "Authorization": f"Bearer {self.auth_token}", } next_page = True result = [] cursor = '-1' while next_page: resp = open_url( - url + '?page_request.first=10&page_request.after=%s' % cursor, + f"{url}?page_request.first=10&page_request.after={cursor}", headers=headers, method="GET" ) @@ -248,10 +251,10 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): self.stack_slugs = self.get_option('stack_slugs') if not self.stack_slugs: try: - stacks = self._stackpath_query_get_list(self.api_host + '/stack/v1/stacks') + stacks = self._stackpath_query_get_list(f"{self.api_host}/stack/v1/stacks") self._get_stack_slugs(stacks) except Exception: - raise AnsibleError("Failed to get stack IDs from the Stackpath API: %s" % traceback.format_exc()) + raise AnsibleError(f"Failed to get stack IDs from the Stackpath API: {traceback.format_exc()}") cache_key = self.get_cache_key(path) # false when refresh_cache or --flush-cache is used @@ -271,7 +274,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): if not cache or cache_needs_update: results = self._query() - self._populate(results) + self._populate(make_unsafe(results)) # If the cache has expired/doesn't exist or # if refresh_inventory/flush cache is used @@ -280,4 +283,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): if cache_needs_update or (not cache and self.get_option('cache')): self._cache[cache_key] = results except Exception: - raise AnsibleError("Failed to populate data: %s" % traceback.format_exc()) + raise AnsibleError(f"Failed to populate data: {traceback.format_exc()}") diff --git a/plugins/inventory/virtualbox.py b/plugins/inventory/virtualbox.py index c926d8b449..9112518a46 100644 --- a/plugins/inventory/virtualbox.py +++ b/plugins/inventory/virtualbox.py @@ -14,12 +14,15 @@ DOCUMENTATION = ''' - Get inventory hosts from the local virtualbox installation. - Uses a YAML configuration file that ends with virtualbox.(yml|yaml) or vbox.(yml|yaml). - The inventory_hostname is always the 'Name' of the virtualbox instance. + - Groups can be assigned to the VMs using C(VBoxManage). Multiple groups can be assigned by using V(/) as a delimeter. + - A separate parameter, O(enable_advanced_group_parsing) is exposed to change grouping behaviour. See the parameter documentation for details. extends_documentation_fragment: - constructed - inventory_cache options: plugin: description: token that ensures this is a source file for the 'virtualbox' plugin + type: string required: true choices: ['virtualbox', 'community.general.virtualbox'] running_only: @@ -28,25 +31,41 @@ DOCUMENTATION = ''' default: false settings_password_file: description: provide a file containing the settings password (equivalent to --settingspwfile) + type: string network_info_path: description: property path to query for network information (ansible_host) + type: string default: "/VirtualBox/GuestInfo/Net/0/V4/IP" query: description: create vars from virtualbox properties type: dictionary default: {} + enable_advanced_group_parsing: + description: + - The default group parsing rule (when this setting is set to V(false)) is to split the VirtualBox VM's group based on the V(/) character and + assign the resulting list elements as an Ansible Group. + - Setting O(enable_advanced_group_parsing=true) changes this behaviour to match VirtualBox's interpretation of groups according to + U(https://www.virtualbox.org/manual/UserManual.html#gui-vmgroups). + Groups are now split using the V(,) character, and the V(/) character indicates nested groups. + - When enabled, a VM that's been configured using V(VBoxManage modifyvm "vm01" --groups "/TestGroup/TestGroup2,/TestGroup3") will result in + the group C(TestGroup2) being a child group of C(TestGroup); and + the VM being a part of C(TestGroup2) and C(TestGroup3). + default: false + type: bool + version_added: 9.2.0 ''' EXAMPLES = ''' +--- # file must be named vbox.yaml or vbox.yml -simple_config_file: - plugin: community.general.virtualbox - settings_password_file: /etc/virtulbox/secrets - query: - logged_in_users: /VirtualBox/GuestInfo/OS/LoggedInUsersList - compose: - ansible_connection: ('indows' in vbox_Guest_OS)|ternary('winrm', 'ssh') +plugin: community.general.virtualbox +settings_password_file: /etc/virtualbox/secrets +query: + logged_in_users: /VirtualBox/GuestInfo/OS/LoggedInUsersList +compose: + ansible_connection: ('indows' in vbox_Guest_OS)|ternary('winrm', 'ssh') +--- # add hosts (all match with minishift vm) to the group container if any of the vms are in ansible_inventory' plugin: community.general.virtualbox groups: @@ -58,11 +77,13 @@ import os from subprocess import Popen, PIPE from ansible.errors import AnsibleParserError -from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text +from ansible.module_utils.common.text.converters import to_bytes, to_text from ansible.module_utils.common._collections_compat import MutableMapping from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable from ansible.module_utils.common.process import get_bin_path +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe + class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): ''' Host inventory parser for ansible using local virtualbox. ''' @@ -116,6 +137,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): self._add_host_to_keyed_groups(self.get_option('keyed_groups'), hostvars[host], host, strict=strict) def _populate_from_cache(self, source_data): + source_data = make_unsafe(source_data) hostvars = source_data.pop('_meta', {}).get('hostvars', {}) for group in source_data: if group == 'all': @@ -162,7 +184,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): v = v.strip() # found host if k.startswith('Name') and ',' not in v: # some setting strings appear in Name - current_host = v + current_host = make_unsafe(v) if current_host not in hostvars: hostvars[current_host] = {} self.inventory.add_host(current_host) @@ -170,32 +192,29 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): # try to get network info netdata = self._query_vbox_data(current_host, netinfo) if netdata: - self.inventory.set_variable(current_host, 'ansible_host', netdata) + self.inventory.set_variable(current_host, 'ansible_host', make_unsafe(netdata)) # found groups elif k == 'Groups': - for group in v.split('/'): - if group: - group = self.inventory.add_group(group) - self.inventory.add_child(group, current_host) - if group not in cacheable_results: - cacheable_results[group] = {'hosts': []} - cacheable_results[group]['hosts'].append(current_host) + if self.get_option('enable_advanced_group_parsing'): + self._handle_vboxmanage_group_string(v, current_host, cacheable_results) + else: + self._handle_group_string(v, current_host, cacheable_results) continue else: # found vars, accumulate in hostvars for clean inventory set - pref_k = 'vbox_' + k.strip().replace(' ', '_') + pref_k = make_unsafe(f"vbox_{k.strip().replace(' ', '_')}") leading_spaces = len(k) - len(k.lstrip(' ')) if 0 < leading_spaces <= 2: if prevkey not in hostvars[current_host] or not isinstance(hostvars[current_host][prevkey], dict): hostvars[current_host][prevkey] = {} - hostvars[current_host][prevkey][pref_k] = v + hostvars[current_host][prevkey][pref_k] = make_unsafe(v) elif leading_spaces > 2: continue else: if v != '': - hostvars[current_host][pref_k] = v + hostvars[current_host][pref_k] = make_unsafe(v) if self._ungrouped_host(current_host, cacheable_results): if 'ungrouped' not in cacheable_results: cacheable_results['ungrouped'] = {'hosts': []} @@ -223,6 +242,64 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): return all(find_host(host, inventory)) + def _handle_group_string(self, vboxmanage_group, current_host, cacheable_results): + '''Handles parsing the VM's Group assignment from VBoxManage according to this inventory's initial implementation.''' + # The original implementation of this inventory plugin treated `/` as + # a delimeter to split and use as Ansible Groups. + for group in vboxmanage_group.split('/'): + if group: + group = make_unsafe(group) + group = self.inventory.add_group(group) + self.inventory.add_child(group, current_host) + if group not in cacheable_results: + cacheable_results[group] = {'hosts': []} + cacheable_results[group]['hosts'].append(current_host) + + def _handle_vboxmanage_group_string(self, vboxmanage_group, current_host, cacheable_results): + '''Handles parsing the VM's Group assignment from VBoxManage according to VirtualBox documentation.''' + # Per the VirtualBox documentation, a VM can be part of many groups, + # and it is possible to have nested groups. + # Many groups are separated by commas ",", and nested groups use + # slash "/". + # https://www.virtualbox.org/manual/UserManual.html#gui-vmgroups + # Multi groups: VBoxManage modifyvm "vm01" --groups "/TestGroup,/TestGroup2" + # Nested groups: VBoxManage modifyvm "vm01" --groups "/TestGroup/TestGroup2" + + for group in vboxmanage_group.split(','): + if not group: + # We could get an empty element due how to split works, and + # possible assignments from VirtualBox. e.g. ,/Group1 + continue + + if group == "/": + # This is the "root" group. We get here if the VM was not + # assigned to a particular group. Consider the host to be + # unassigned to a group. + continue + + parent_group = None + for subgroup in group.split('/'): + if not subgroup: + # Similarly to above, we could get an empty element. + # e.g //Group1 + continue + + if subgroup == '/': + # "root" group. + # Consider the host to be unassigned + continue + + subgroup = make_unsafe(subgroup) + subgroup = self.inventory.add_group(subgroup) + if parent_group is not None: + self.inventory.add_child(parent_group, subgroup) + self.inventory.add_child(subgroup, current_host) + if subgroup not in cacheable_results: + cacheable_results[subgroup] = {'hosts': []} + cacheable_results[subgroup]['hosts'].append(current_host) + + parent_group = subgroup + def verify_file(self, path): valid = False @@ -276,7 +353,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): try: p = Popen(cmd, stdout=PIPE) except Exception as e: - raise AnsibleParserError(to_native(e)) + raise AnsibleParserError(str(e)) source_data = p.stdout.read().splitlines() diff --git a/plugins/inventory/xen_orchestra.py b/plugins/inventory/xen_orchestra.py index 3004ab3432..0a050d0bf9 100644 --- a/plugins/inventory/xen_orchestra.py +++ b/plugins/inventory/xen_orchestra.py @@ -84,6 +84,7 @@ from ansible.errors import AnsibleError from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable from ansible_collections.community.general.plugins.module_utils.version import LooseVersion +from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe # 3rd party imports try: @@ -137,7 +138,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): sslopt = None if validate_certs else {'cert_reqs': ssl.CERT_NONE} self.conn = create_connection( - '{0}://{1}/api/'.format(proto, xoa_api_host), sslopt=sslopt) + f'{proto}://{xoa_api_host}/api/', sslopt=sslopt) CALL_TIMEOUT = 100 """Number of 1/10ths of a second to wait before method call times out.""" @@ -161,8 +162,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): sleep(0.1) waited += 1 - raise AnsibleError( - 'Method call {method} timed out after {timeout} seconds.'.format(method=method, timeout=self.CALL_TIMEOUT / 10)) + raise AnsibleError(f'Method call {method} timed out after {self.CALL_TIMEOUT / 10} seconds.') def login(self, user, password): result = self.call('session.signIn', { @@ -170,15 +170,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): }) if 'error' in result: - raise AnsibleError( - 'Could not connect: {0}'.format(result['error'])) + raise AnsibleError(f"Could not connect: {result['error']}") def get_object(self, name): answer = self.call('xo.getAllObjects', {'filter': {'type': name}}) if 'error' in answer: - raise AnsibleError( - 'Could not request: {0}'.format(answer['error'])) + raise AnsibleError(f"Could not request: {answer['error']}") return answer['result'] @@ -251,8 +249,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): def _add_hosts(self, hosts, pools): for host in hosts.values(): entry_name = host['uuid'] - group_name = 'xo_host_{0}'.format( - clean_group_name(host['name_label'])) + group_name = f"xo_host_{clean_group_name(host['name_label'])}" pool_name = self._pool_group_name_for_uuid(pools, host['$poolId']) self.inventory.add_group(group_name) @@ -275,15 +272,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): entry_name, 'product_brand', host['productBrand']) for pool in pools.values(): - group_name = 'xo_pool_{0}'.format( - clean_group_name(pool['name_label'])) + group_name = f"xo_pool_{clean_group_name(pool['name_label'])}" self.inventory.add_group(group_name) def _add_pools(self, pools): for pool in pools.values(): - group_name = 'xo_pool_{0}'.format( - clean_group_name(pool['name_label'])) + group_name = f"xo_pool_{clean_group_name(pool['name_label'])}" self.inventory.add_group(group_name) @@ -291,16 +286,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): def _pool_group_name_for_uuid(self, pools, pool_uuid): for pool in pools: if pool == pool_uuid: - return 'xo_pool_{0}'.format( - clean_group_name(pools[pool_uuid]['name_label'])) + return f"xo_pool_{clean_group_name(pools[pool_uuid]['name_label'])}" # TODO: Refactor def _host_group_name_for_uuid(self, hosts, host_uuid): for host in hosts: if host == host_uuid: - return 'xo_host_{0}'.format( - clean_group_name(hosts[host_uuid]['name_label'] - )) + return f"xo_host_{clean_group_name(hosts[host_uuid]['name_label'])}" def _populate(self, objects): # Prepare general groups @@ -347,4 +339,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): self.protocol = 'ws' objects = self._get_objects() - self._populate(objects) + self._populate(make_unsafe(objects)) diff --git a/plugins/lookup/bitwarden.py b/plugins/lookup/bitwarden.py index 727a2bac4d..9a8b5749c2 100644 --- a/plugins/lookup/bitwarden.py +++ b/plugins/lookup/bitwarden.py @@ -29,6 +29,7 @@ DOCUMENTATION = """ - Field to retrieve, for example V(name) or V(id). - If set to V(id), only zero or one element can be returned. Use the Jinja C(first) filter to get the only list element. + - If set to V(None) or V(''), or if O(_terms) is empty, records are not filtered by fields. type: str default: name version_added: 5.7.0 @@ -39,6 +40,10 @@ DOCUMENTATION = """ description: Collection ID to filter results by collection. Leave unset to skip filtering. type: str version_added: 6.3.0 + organization_id: + description: Organization ID to filter results by organization. Leave unset to skip filtering. + type: str + version_added: 8.5.0 bw_session: description: Pass session key instead of reading from env. type: str @@ -75,6 +80,11 @@ EXAMPLES = """ ansible.builtin.debug: msg: >- {{ lookup('community.general.bitwarden', 'a_test', field='password', bw_session='bXZ9B5TXi6...') }} + +- name: "Get all Bitwarden records from collection" + ansible.builtin.debug: + msg: >- + {{ lookup('community.general.bitwarden', None, collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }} """ RETURN = """ @@ -136,7 +146,7 @@ class Bitwarden(object): raise BitwardenException(err) return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict') - def _get_matches(self, search_value, search_field, collection_id): + def _get_matches(self, search_value, search_field, collection_id=None, organization_id=None): """Return matching records whose search_field is equal to key. """ @@ -144,30 +154,37 @@ class Bitwarden(object): if search_field == 'id': params = ['get', 'item', search_value] else: - params = ['list', 'items', '--search', search_value] + params = ['list', 'items'] + if search_value: + params.extend(['--search', search_value]) if collection_id: params.extend(['--collectionid', collection_id]) + if organization_id: + params.extend(['--organizationid', organization_id]) out, err = self._run(params) # This includes things that matched in different fields. initial_matches = AnsibleJSONDecoder().raw_decode(out)[0] + if search_field == 'id': if initial_matches is None: initial_matches = [] else: initial_matches = [initial_matches] - # Filter to only include results from the right field. - return [item for item in initial_matches if item[search_field] == search_value] - def get_field(self, field, search_value, search_field="name", collection_id=None): + # Filter to only include results from the right field, if a search is requested by value or field + return [item for item in initial_matches + if not search_value or not search_field or item.get(search_field) == search_value] + + def get_field(self, field, search_value, search_field="name", collection_id=None, organization_id=None): """Return a list of the specified field for records whose search_field match search_value and filtered by collection if collection has been provided. If field is None, return the whole record for each match. """ - matches = self._get_matches(search_value, search_field, collection_id) + matches = self._get_matches(search_value, search_field, collection_id, organization_id) if not field: return matches field_matches = [] @@ -188,24 +205,30 @@ class Bitwarden(object): if field in match: field_matches.append(match[field]) continue + if matches and not field_matches: - raise AnsibleError("field {field} does not exist in {search_value}".format(field=field, search_value=search_value)) + raise AnsibleError(f"field {field} does not exist in {search_value}") + return field_matches class LookupModule(LookupBase): - def run(self, terms, variables=None, **kwargs): + def run(self, terms=None, variables=None, **kwargs): self.set_options(var_options=variables, direct=kwargs) field = self.get_option('field') search_field = self.get_option('search') collection_id = self.get_option('collection_id') + organization_id = self.get_option('organization_id') _bitwarden.session = self.get_option('bw_session') if not _bitwarden.unlocked: raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.") - return [_bitwarden.get_field(field, term, search_field, collection_id) for term in terms] + if not terms: + terms = [None] + + return [_bitwarden.get_field(field, term, search_field, collection_id, organization_id) for term in terms] _bitwarden = Bitwarden() diff --git a/plugins/lookup/bitwarden_secrets_manager.py b/plugins/lookup/bitwarden_secrets_manager.py index 2d6706bee1..3d08067105 100644 --- a/plugins/lookup/bitwarden_secrets_manager.py +++ b/plugins/lookup/bitwarden_secrets_manager.py @@ -70,12 +70,15 @@ RETURN = """ """ from subprocess import Popen, PIPE +from time import sleep from ansible.errors import AnsibleLookupError from ansible.module_utils.common.text.converters import to_text from ansible.parsing.ajson import AnsibleJSONDecoder from ansible.plugins.lookup import LookupBase +from ansible_collections.community.general.plugins.module_utils.version import LooseVersion + class BitwardenSecretsManagerException(AnsibleLookupError): pass @@ -84,17 +87,44 @@ class BitwardenSecretsManagerException(AnsibleLookupError): class BitwardenSecretsManager(object): def __init__(self, path='bws'): self._cli_path = path + self._max_retries = 3 + self._retry_delay = 1 @property def cli_path(self): return self._cli_path + def _run_with_retry(self, args, stdin=None, retries=0): + out, err, rc = self._run(args, stdin) + + if rc != 0: + if retries >= self._max_retries: + raise BitwardenSecretsManagerException("Max retries exceeded. Unable to retrieve secret.") + + if "Too many requests" in err: + delay = self._retry_delay * (2 ** retries) + sleep(delay) + return self._run_with_retry(args, stdin, retries + 1) + else: + raise BitwardenSecretsManagerException(f"Command failed with return code {rc}: {err}") + + return out, err, rc + def _run(self, args, stdin=None): p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE) out, err = p.communicate(stdin) rc = p.wait() return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict'), rc + def get_bws_version(self): + """Get the version of the Bitwarden Secrets Manager CLI. + """ + out, err, rc = self._run(['--version']) + if rc != 0: + raise BitwardenSecretsManagerException(to_text(err)) + # strip the prefix and grab the last segment, the version number + return out.split()[-1] + def get_secret(self, secret_id, bws_access_token): """Get and return the secret with the given secret_id. """ @@ -103,11 +133,19 @@ class BitwardenSecretsManager(object): # Color output was not always disabled correctly with the default 'auto' setting so explicitly disable it. params = [ '--color', 'no', - '--access-token', bws_access_token, - 'get', 'secret', secret_id + '--access-token', bws_access_token ] - out, err, rc = self._run(params) + # bws version 0.3.0 introduced a breaking change in the command line syntax: + # pre-0.3.0: verb noun + # 0.3.0 and later: noun verb + bws_version = self.get_bws_version() + if LooseVersion(bws_version) < LooseVersion('0.3.0'): + params.extend(['get', 'secret', secret_id]) + else: + params.extend(['secret', 'get', secret_id]) + + out, err, rc = self._run_with_retry(params) if rc != 0: raise BitwardenSecretsManagerException(to_text(err)) diff --git a/plugins/lookup/chef_databag.py b/plugins/lookup/chef_databag.py index b14d924ae8..eaa6a1aefa 100644 --- a/plugins/lookup/chef_databag.py +++ b/plugins/lookup/chef_databag.py @@ -22,10 +22,12 @@ DOCUMENTATION = ''' name: description: - Name of the databag + type: string required: true item: description: - Item to fetch + type: string required: true ''' @@ -79,11 +81,11 @@ class LookupModule(LookupBase): setattr(self, arg, parsed) except ValueError: raise AnsibleError( - "can't parse arg {0}={1} as string".format(arg, arg_raw) + f"can't parse arg {arg}={arg_raw} as string" ) if args: raise AnsibleError( - "unrecognized arguments to with_sequence: %r" % list(args.keys()) + f"unrecognized arguments to with_sequence: {list(args.keys())!r}" ) def run(self, terms, variables=None, **kwargs): diff --git a/plugins/lookup/collection_version.py b/plugins/lookup/collection_version.py index 33316fc2b0..28a9c34420 100644 --- a/plugins/lookup/collection_version.py +++ b/plugins/lookup/collection_version.py @@ -63,11 +63,11 @@ RETURN = """ import json import os import re +from importlib import import_module import yaml from ansible.errors import AnsibleLookupError -from ansible.module_utils.compat.importlib import import_module from ansible.plugins.lookup import LookupBase @@ -115,10 +115,10 @@ class LookupModule(LookupBase): for term in terms: if not FQCN_RE.match(term): - raise AnsibleLookupError('"{term}" is not a FQCN'.format(term=term)) + raise AnsibleLookupError(f'"{term}" is not a FQCN') try: - collection_pkg = import_module('ansible_collections.{fqcn}'.format(fqcn=term)) + collection_pkg = import_module(f'ansible_collections.{term}') except ImportError: # Collection not found result.append(not_found) @@ -127,7 +127,7 @@ class LookupModule(LookupBase): try: data = load_collection_meta(collection_pkg, no_version=no_version) except Exception as exc: - raise AnsibleLookupError('Error while loading metadata for {fqcn}: {error}'.format(fqcn=term, error=exc)) + raise AnsibleLookupError(f'Error while loading metadata for {term}: {exc}') result.append(data.get('version', no_version)) diff --git a/plugins/lookup/consul_kv.py b/plugins/lookup/consul_kv.py index f8aadadc19..cf7226d579 100644 --- a/plugins/lookup/consul_kv.py +++ b/plugins/lookup/consul_kv.py @@ -29,13 +29,17 @@ DOCUMENTATION = ''' index: description: - If the key has a value with the specified index then this is returned allowing access to historical values. + type: int datacenter: description: - Retrieve the key from a consul datacenter other than the default for the consul host. + type: str token: description: The acl token to allow access to restricted values. + type: str host: default: localhost + type: str description: - The target to connect to, must be a resolvable address. - Will be determined from E(ANSIBLE_CONSUL_URL) if that is set. @@ -46,22 +50,26 @@ DOCUMENTATION = ''' description: - The port of the target host to connect to. - If you use E(ANSIBLE_CONSUL_URL) this value will be used from there. + type: int default: 8500 scheme: default: http + type: str description: - Whether to use http or https. - If you use E(ANSIBLE_CONSUL_URL) this value will be used from there. validate_certs: default: true - description: Whether to verify the ssl connection or not. + description: Whether to verify the TLS connection or not. + type: bool env: - name: ANSIBLE_CONSUL_VALIDATE_CERTS ini: - section: lookup_consul key: validate_certs client_cert: - description: The client cert to verify the ssl connection. + description: The client cert to verify the TLS connection. + type: str env: - name: ANSIBLE_CONSUL_CLIENT_CERT ini: @@ -94,7 +102,7 @@ EXAMPLES = """ - name: retrieving a KV from a remote cluster on non default port ansible.builtin.debug: - msg: "{{ lookup('community.general.consul_kv', 'my/key', host='10.10.10.10', port='2000') }}" + msg: "{{ lookup('community.general.consul_kv', 'my/key', host='10.10.10.10', port=2000) }}" """ RETURN = """ @@ -163,7 +171,7 @@ class LookupModule(LookupBase): values.append(to_text(results[1]['Value'])) except Exception as e: raise AnsibleError( - "Error locating '%s' in kv store. Error was %s" % (term, e)) + f"Error locating '{term}' in kv store. Error was {e}") return values @@ -184,7 +192,7 @@ class LookupModule(LookupBase): if param and len(param) > 0: name, value = param.split('=') if name not in paramvals: - raise AnsibleAssertionError("%s not a valid consul lookup parameter" % name) + raise AnsibleAssertionError(f"{name} not a valid consul lookup parameter") paramvals[name] = value except (ValueError, AssertionError) as e: raise AnsibleError(e) diff --git a/plugins/lookup/credstash.py b/plugins/lookup/credstash.py index 6a3f58595b..0700a5ddcb 100644 --- a/plugins/lookup/credstash.py +++ b/plugins/lookup/credstash.py @@ -120,10 +120,10 @@ class LookupModule(LookupBase): aws_secret_access_key = self.get_option('aws_secret_access_key') aws_session_token = self.get_option('aws_session_token') - context = dict( - (k, v) for k, v in kwargs.items() + context = { + k: v for k, v in kwargs.items() if k not in ('version', 'region', 'table', 'profile_name', 'aws_access_key_id', 'aws_secret_access_key', 'aws_session_token') - ) + } kwargs_pass = { 'profile_name': profile_name, @@ -137,8 +137,8 @@ class LookupModule(LookupBase): try: ret.append(credstash.getSecret(term, version, region, table, context=context, **kwargs_pass)) except credstash.ItemNotFound: - raise AnsibleError('Key {0} not found'.format(term)) + raise AnsibleError(f'Key {term} not found') except Exception as e: - raise AnsibleError('Encountered exception while fetching {0}: {1}'.format(term, e)) + raise AnsibleError(f'Encountered exception while fetching {term}: {e}') return ret diff --git a/plugins/lookup/cyberarkpassword.py b/plugins/lookup/cyberarkpassword.py index c3cc427df8..4ed040dc6d 100644 --- a/plugins/lookup/cyberarkpassword.py +++ b/plugins/lookup/cyberarkpassword.py @@ -17,19 +17,23 @@ DOCUMENTATION = ''' options : _command: description: Cyberark CLI utility. + type: string env: - name: AIM_CLIPASSWORDSDK_CMD default: '/opt/CARKaim/sdk/clipasswordsdk' appid: description: Defines the unique ID of the application that is issuing the password request. + type: string required: true query: description: Describes the filter criteria for the password retrieval. + type: string required: true output: description: - Specifies the desired output fields separated by commas. - "They could be: Password, PassProps., PasswordChangeInProcess" + type: string default: 'password' _extra: description: for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide" @@ -80,7 +84,7 @@ from subprocess import Popen from ansible.errors import AnsibleError from ansible.plugins.lookup import LookupBase -from ansible.module_utils.common.text.converters import to_bytes, to_text, to_native +from ansible.module_utils.common.text.converters import to_bytes, to_native from ansible.utils.display import Display display = Display() @@ -101,7 +105,7 @@ class CyberarkPassword: self.extra_parms = [] for key, value in kwargs.items(): self.extra_parms.append('-p') - self.extra_parms.append("%s=%s" % (key, value)) + self.extra_parms.append(f"{key}={value}") if self.appid is None: raise AnsibleError("CyberArk Error: No Application ID specified") @@ -126,8 +130,8 @@ class CyberarkPassword: all_parms = [ CLIPASSWORDSDK_CMD, 'GetPassword', - '-p', 'AppDescs.AppID=%s' % self.appid, - '-p', 'Query=%s' % self.query, + '-p', f'AppDescs.AppID={self.appid}', + '-p', f'Query={self.query}', '-o', self.output, '-d', self.b_delimiter] all_parms.extend(self.extra_parms) @@ -140,7 +144,7 @@ class CyberarkPassword: b_credential = to_bytes(tmp_output) if tmp_error: - raise AnsibleError("ERROR => %s " % (tmp_error)) + raise AnsibleError(f"ERROR => {tmp_error} ") if b_credential and b_credential.endswith(b'\n'): b_credential = b_credential[:-1] @@ -160,7 +164,7 @@ class CyberarkPassword: except subprocess.CalledProcessError as e: raise AnsibleError(e.output) except OSError as e: - raise AnsibleError("ERROR - AIM not installed or clipasswordsdk not in standard location. ERROR=(%s) => %s " % (to_text(e.errno), e.strerror)) + raise AnsibleError(f"ERROR - AIM not installed or clipasswordsdk not in standard location. ERROR=({e.errno}) => {e.strerror} ") return [result_dict] @@ -173,11 +177,11 @@ class LookupModule(LookupBase): """ def run(self, terms, variables=None, **kwargs): - display.vvvv("%s" % terms) + display.vvvv(f"{terms}") if isinstance(terms, list): return_values = [] for term in terms: - display.vvvv("Term: %s" % term) + display.vvvv(f"Term: {term}") cyberark_conn = CyberarkPassword(**term) return_values.append(cyberark_conn.get()) return return_values diff --git a/plugins/lookup/dependent.py b/plugins/lookup/dependent.py index 31634e6e6e..1ec4369b32 100644 --- a/plugins/lookup/dependent.py +++ b/plugins/lookup/dependent.py @@ -173,8 +173,7 @@ class LookupModule(LookupBase): values = self.__evaluate(expression, templar, variables=vars) except Exception as e: raise AnsibleLookupError( - 'Caught "{error}" while evaluating {key!r} with item == {item!r}'.format( - error=e, key=key, item=current)) + f'Caught "{e}" while evaluating {key!r} with item == {current!r}') if isinstance(values, Mapping): for idx, val in sorted(values.items()): @@ -186,8 +185,7 @@ class LookupModule(LookupBase): self.__process(result, terms, index + 1, current, templar, variables) else: raise AnsibleLookupError( - 'Did not obtain dictionary or list while evaluating {key!r} with item == {item!r}, but {type}'.format( - key=key, item=current, type=type(values))) + f'Did not obtain dictionary or list while evaluating {key!r} with item == {current!r}, but {type(values)}') def run(self, terms, variables=None, **kwargs): """Generate list.""" @@ -201,16 +199,14 @@ class LookupModule(LookupBase): for index, term in enumerate(terms): if not isinstance(term, Mapping): raise AnsibleLookupError( - 'Parameter {index} must be a dictionary, got {type}'.format( - index=index, type=type(term))) + f'Parameter {index} must be a dictionary, got {type(term)}') if len(term) != 1: raise AnsibleLookupError( - 'Parameter {index} must be a one-element dictionary, got {count} elements'.format( - index=index, count=len(term))) + f'Parameter {index} must be a one-element dictionary, got {len(term)} elements') k, v = list(term.items())[0] if k in vars_so_far: raise AnsibleLookupError( - 'The variable {key!r} appears more than once'.format(key=k)) + f'The variable {k!r} appears more than once') vars_so_far.add(k) if isinstance(v, string_types): data.append((k, v, None)) @@ -218,7 +214,6 @@ class LookupModule(LookupBase): data.append((k, None, v)) else: raise AnsibleLookupError( - 'Parameter {key!r} (index {index}) must have a value of type string, dictionary or list, got type {type}'.format( - index=index, key=k, type=type(v))) + f'Parameter {k!r} (index {index}) must have a value of type string, dictionary or list, got type {type(v)}') self.__process(result, data, 0, {}, templar, variables) return result diff --git a/plugins/lookup/dig.py b/plugins/lookup/dig.py index 5be57cec78..cbb597b7b5 100644 --- a/plugins/lookup/dig.py +++ b/plugins/lookup/dig.py @@ -75,6 +75,11 @@ DOCUMENTATION = ''' default: false type: bool version_added: 7.5.0 + port: + description: Use port as target port when looking up DNS records. + default: 53 + type: int + version_added: 9.5.0 notes: - ALL is not a record per-se, merely the listed fields are available for any record results you retrieve in the form of a dictionary. - While the 'dig' lookup plugin supports anything which dnspython supports out of the box, only a subset can be converted into a dictionary. @@ -215,7 +220,6 @@ RETURN = """ from ansible.errors import AnsibleError from ansible.plugins.lookup import LookupBase -from ansible.module_utils.common.text.converters import to_native from ansible.module_utils.parsing.convert_bool import boolean from ansible.utils.display import Display import socket @@ -330,22 +334,23 @@ class LookupModule(LookupBase): myres.use_edns(0, ednsflags=dns.flags.DO, payload=edns_size) domains = [] + nameservers = [] qtype = self.get_option('qtype') flat = self.get_option('flat') fail_on_error = self.get_option('fail_on_error') real_empty = self.get_option('real_empty') tcp = self.get_option('tcp') + port = self.get_option('port') try: rdclass = dns.rdataclass.from_text(self.get_option('class')) except Exception as e: - raise AnsibleError("dns lookup illegal CLASS: %s" % to_native(e)) + raise AnsibleError(f"dns lookup illegal CLASS: {e}") myres.retry_servfail = self.get_option('retry_servfail') for t in terms: if t.startswith('@'): # e.g. "@10.0.1.2,192.0.2.1" is ok. nsset = t[1:].split(',') for ns in nsset: - nameservers = [] # Check if we have a valid IP address. If so, use that, otherwise # try to resolve name to address using system's resolver. If that # fails we bail out. @@ -357,8 +362,7 @@ class LookupModule(LookupBase): nsaddr = dns.resolver.query(ns)[0].address nameservers.append(nsaddr) except Exception as e: - raise AnsibleError("dns lookup NS: %s" % to_native(e)) - myres.nameservers = nameservers + raise AnsibleError(f"dns lookup NS: {e}") continue if '=' in t: try: @@ -374,7 +378,7 @@ class LookupModule(LookupBase): try: rdclass = dns.rdataclass.from_text(arg) except Exception as e: - raise AnsibleError("dns lookup illegal CLASS: %s" % to_native(e)) + raise AnsibleError(f"dns lookup illegal CLASS: {e}") elif opt == 'retry_servfail': myres.retry_servfail = boolean(arg) elif opt == 'fail_on_error': @@ -395,7 +399,12 @@ class LookupModule(LookupBase): else: domains.append(t) - # print "--- domain = {0} qtype={1} rdclass={2}".format(domain, qtype, rdclass) + # print "--- domain = {domain} qtype={qtype} rdclass={rdclass}" + + if port: + myres.port = port + if len(nameservers) > 0: + myres.nameservers = nameservers if qtype.upper() == 'PTR': reversed_domains = [] @@ -406,7 +415,7 @@ class LookupModule(LookupBase): except dns.exception.SyntaxError: pass except Exception as e: - raise AnsibleError("dns.reversename unhandled exception %s" % to_native(e)) + raise AnsibleError(f"dns.reversename unhandled exception {e}") domains = reversed_domains if len(domains) > 1: @@ -435,25 +444,20 @@ class LookupModule(LookupBase): ret.append(rd) except Exception as err: if fail_on_error: - raise AnsibleError("Lookup failed: %s" % str(err)) + raise AnsibleError(f"Lookup failed: {err}") ret.append(str(err)) except dns.resolver.NXDOMAIN as err: if fail_on_error: - raise AnsibleError("Lookup failed: %s" % str(err)) + raise AnsibleError(f"Lookup failed: {err}") if not real_empty: ret.append('NXDOMAIN') - except dns.resolver.NoAnswer as err: + except (dns.resolver.NoAnswer, dns.resolver.Timeout, dns.resolver.NoNameservers) as err: if fail_on_error: - raise AnsibleError("Lookup failed: %s" % str(err)) - if not real_empty: - ret.append("") - except dns.resolver.Timeout as err: - if fail_on_error: - raise AnsibleError("Lookup failed: %s" % str(err)) + raise AnsibleError(f"Lookup failed: {err}") if not real_empty: ret.append("") except dns.exception.DNSException as err: - raise AnsibleError("dns.resolver unhandled exception %s" % to_native(err)) + raise AnsibleError(f"dns.resolver unhandled exception {err}") return ret diff --git a/plugins/lookup/dnstxt.py b/plugins/lookup/dnstxt.py index 1ce511b849..baaa63aa98 100644 --- a/plugins/lookup/dnstxt.py +++ b/plugins/lookup/dnstxt.py @@ -64,7 +64,6 @@ except ImportError: pass from ansible.errors import AnsibleError -from ansible.module_utils.common.text.converters import to_native from ansible.plugins.lookup import LookupBase # ============================================================== @@ -108,7 +107,7 @@ class LookupModule(LookupBase): continue string = '' except DNSException as e: - raise AnsibleError("dns.resolver unhandled exception %s" % to_native(e)) + raise AnsibleError(f"dns.resolver unhandled exception {e}") ret.append(''.join(string)) diff --git a/plugins/lookup/dsv.py b/plugins/lookup/dsv.py index 2dbb7db3ea..eba3e36368 100644 --- a/plugins/lookup/dsv.py +++ b/plugins/lookup/dsv.py @@ -22,6 +22,7 @@ options: required: true tenant: description: The first format parameter in the default O(url_template). + type: string env: - name: DSV_TENANT ini: @@ -32,6 +33,7 @@ options: default: com description: The top-level domain of the tenant; the second format parameter in the default O(url_template). + type: string env: - name: DSV_TLD ini: @@ -40,6 +42,7 @@ options: required: false client_id: description: The client_id with which to request the Access Grant. + type: string env: - name: DSV_CLIENT_ID ini: @@ -48,6 +51,7 @@ options: required: true client_secret: description: The client secret associated with the specific O(client_id). + type: string env: - name: DSV_CLIENT_SECRET ini: @@ -58,6 +62,7 @@ options: default: https://{}.secretsvaultcloud.{}/v1 description: The path to prepend to the base URL to form a valid REST API request. + type: string env: - name: DSV_URL_TEMPLATE ini: @@ -130,17 +135,17 @@ class LookupModule(LookupBase): result = [] for term in terms: - display.debug("dsv_lookup term: %s" % term) + display.debug(f"dsv_lookup term: {term}") try: path = term.lstrip("[/:]") if path == "": - raise AnsibleOptionsError("Invalid secret path: %s" % term) + raise AnsibleOptionsError(f"Invalid secret path: {term}") - display.vvv(u"DevOps Secrets Vault GET /secrets/%s" % path) + display.vvv(f"DevOps Secrets Vault GET /secrets/{path}") result.append(vault.get_secret_json(path)) except SecretsVaultError as error: raise AnsibleError( - "DevOps Secrets Vault lookup failure: %s" % error.message + f"DevOps Secrets Vault lookup failure: {error.message}" ) return result diff --git a/plugins/lookup/etcd.py b/plugins/lookup/etcd.py index 5135e74877..1e7dc3c960 100644 --- a/plugins/lookup/etcd.py +++ b/plugins/lookup/etcd.py @@ -25,12 +25,14 @@ DOCUMENTATION = ''' url: description: - Environment variable with the URL for the etcd server + type: string default: 'http://127.0.0.1:4001' env: - name: ANSIBLE_ETCD_URL version: description: - Environment variable with the etcd protocol version + type: string default: 'v1' env: - name: ANSIBLE_ETCD_VERSION @@ -102,7 +104,7 @@ class Etcd: def __init__(self, url, version, validate_certs): self.url = url self.version = version - self.baseurl = '%s/%s/keys' % (self.url, self.version) + self.baseurl = f'{self.url}/{self.version}/keys' self.validate_certs = validate_certs def _parse_node(self, node): @@ -123,7 +125,7 @@ class Etcd: return path def get(self, key): - url = "%s/%s?recursive=true" % (self.baseurl, key) + url = f"{self.baseurl}/{key}?recursive=true" data = None value = {} try: diff --git a/plugins/lookup/etcd3.py b/plugins/lookup/etcd3.py index 0bda006e34..c67e975b97 100644 --- a/plugins/lookup/etcd3.py +++ b/plugins/lookup/etcd3.py @@ -168,7 +168,7 @@ def etcd3_client(client_params): etcd = etcd3.client(**client_params) etcd.status() except Exception as exp: - raise AnsibleLookupError('Cannot connect to etcd cluster: %s' % (to_native(exp))) + raise AnsibleLookupError(f'Cannot connect to etcd cluster: {exp}') return etcd @@ -204,7 +204,7 @@ class LookupModule(LookupBase): cnx_log = dict(client_params) if 'password' in cnx_log: cnx_log['password'] = '' - display.verbose("etcd3 connection parameters: %s" % cnx_log) + display.verbose(f"etcd3 connection parameters: {cnx_log}") # connect to etcd3 server etcd = etcd3_client(client_params) @@ -218,12 +218,12 @@ class LookupModule(LookupBase): if val and meta: ret.append({'key': to_native(meta.key), 'value': to_native(val)}) except Exception as exp: - display.warning('Caught except during etcd3.get_prefix: %s' % (to_native(exp))) + display.warning(f'Caught except during etcd3.get_prefix: {exp}') else: try: val, meta = etcd.get(term) if val and meta: ret.append({'key': to_native(meta.key), 'value': to_native(val)}) except Exception as exp: - display.warning('Caught except during etcd3.get: %s' % (to_native(exp))) + display.warning(f'Caught except during etcd3.get: {exp}') return ret diff --git a/plugins/lookup/filetree.py b/plugins/lookup/filetree.py index 2131de99a5..3036e152c2 100644 --- a/plugins/lookup/filetree.py +++ b/plugins/lookup/filetree.py @@ -17,8 +17,10 @@ description: This enables merging different trees in order of importance, or add role_vars to specific paths to influence different instances of the same role. options: _terms: - description: path(s) of files to read + description: Path(s) of files to read. required: true + type: list + elements: string ''' EXAMPLES = r""" @@ -156,7 +158,7 @@ def file_props(root, path): try: st = os.lstat(abspath) except OSError as e: - display.warning('filetree: Error using stat() on path %s (%s)' % (abspath, e)) + display.warning(f'filetree: Error using stat() on path {abspath} ({e})') return None ret = dict(root=root, path=path) @@ -170,7 +172,7 @@ def file_props(root, path): ret['state'] = 'file' ret['src'] = abspath else: - display.warning('filetree: Error file type of %s is not supported' % abspath) + display.warning(f'filetree: Error file type of {abspath} is not supported') return None ret['uid'] = st.st_uid @@ -183,7 +185,7 @@ def file_props(root, path): ret['group'] = to_text(grp.getgrgid(st.st_gid).gr_name) except KeyError: ret['group'] = st.st_gid - ret['mode'] = '0%03o' % (stat.S_IMODE(st.st_mode)) + ret['mode'] = f'0{stat.S_IMODE(st.st_mode):03o}' ret['size'] = st.st_size ret['mtime'] = st.st_mtime ret['ctime'] = st.st_ctime @@ -210,7 +212,7 @@ class LookupModule(LookupBase): term_file = os.path.basename(term) dwimmed_path = self._loader.path_dwim_relative(basedir, 'files', os.path.dirname(term)) path = os.path.join(dwimmed_path, term_file) - display.debug("Walking '{0}'".format(path)) + display.debug(f"Walking '{path}'") for root, dirs, files in os.walk(path, topdown=True): for entry in dirs + files: relpath = os.path.relpath(os.path.join(root, entry), path) @@ -219,7 +221,7 @@ class LookupModule(LookupBase): if relpath not in [entry['path'] for entry in ret]: props = file_props(path, relpath) if props is not None: - display.debug(" found '{0}'".format(os.path.join(path, relpath))) + display.debug(f" found '{os.path.join(path, relpath)}'") ret.append(props) return ret diff --git a/plugins/lookup/flattened.py b/plugins/lookup/flattened.py index 0071417a0d..5365f2ca99 100644 --- a/plugins/lookup/flattened.py +++ b/plugins/lookup/flattened.py @@ -78,7 +78,7 @@ class LookupModule(LookupBase): term = term2 if isinstance(term, list): - # if it's a list, check recursively for items that are a list + # if it is a list, check recursively for items that are a list term = self._do_flatten(term, variables) ret.extend(term) else: diff --git a/plugins/lookup/github_app_access_token.py b/plugins/lookup/github_app_access_token.py index 5cd99b81c7..73fd09a0a9 100644 --- a/plugins/lookup/github_app_access_token.py +++ b/plugins/lookup/github_app_access_token.py @@ -19,7 +19,7 @@ DOCUMENTATION = ''' key_path: description: - Path to your private key. - required: true + - Either O(key_path) or O(private_key) must be specified. type: path app_id: description: @@ -34,6 +34,12 @@ DOCUMENTATION = ''' - Alternatively, you can use PyGithub (U(https://github.com/PyGithub/PyGithub)) to get your installation ID. required: true type: str + private_key: + description: + - GitHub App private key in PEM file format as string. + - Either O(key_path) or O(private_key) must be specified. + type: str + version_added: 10.0.0 token_expiry: description: - How long the token should last for in seconds. @@ -49,8 +55,8 @@ EXAMPLES = ''' dest: /srv/checkout vars: github_token: >- - lookup('community.general.github_app_access_token', key_path='/home/to_your/key', - app_id='123456', installation_id='64209') + {{ lookup('community.general.github_app_access_token', key_path='/home/to_your/key', + app_id='123456', installation_id='64209') }} ''' RETURN = ''' @@ -71,7 +77,7 @@ import time import json from ansible.module_utils.urls import open_url from ansible.module_utils.six.moves.urllib.error import HTTPError -from ansible.errors import AnsibleError +from ansible.errors import AnsibleError, AnsibleOptionsError from ansible.plugins.lookup import LookupBase from ansible.utils.display import Display @@ -84,12 +90,14 @@ else: display = Display() -def read_key(path): +def read_key(path, private_key=None): try: + if private_key: + return jwk_from_pem(private_key.encode('utf-8')) with open(path, 'rb') as pem_file: return jwk_from_pem(pem_file.read()) except Exception as e: - raise AnsibleError("Error while parsing key file: {0}".format(e)) + raise AnsibleError(f"Error while parsing key file: {e}") def encode_jwt(app_id, jwk, exp=600): @@ -102,7 +110,7 @@ def encode_jwt(app_id, jwk, exp=600): try: return jwt_instance.encode(payload, jwk, alg='RS256') except Exception as e: - raise AnsibleError("Error while encoding jwt: {0}".format(e)) + raise AnsibleError(f"Error while encoding jwt: {e}") def post_request(generated_jwt, installation_id): @@ -116,24 +124,24 @@ def post_request(generated_jwt, installation_id): except HTTPError as e: try: error_body = json.loads(e.read().decode()) - display.vvv("Error returned: {0}".format(error_body)) + display.vvv(f"Error returned: {error_body}") except Exception: error_body = {} if e.code == 404: raise AnsibleError("Github return error. Please confirm your installationd_id value is valid") elif e.code == 401: raise AnsibleError("Github return error. Please confirm your private key is valid") - raise AnsibleError("Unexpected data returned: {0} -- {1}".format(e, error_body)) + raise AnsibleError(f"Unexpected data returned: {e} -- {error_body}") response_body = response.read() try: json_data = json.loads(response_body.decode('utf-8')) except json.decoder.JSONDecodeError as e: - raise AnsibleError("Error while dencoding JSON respone from github: {0}".format(e)) + raise AnsibleError(f"Error while dencoding JSON respone from github: {e}") return json_data.get('token') -def get_token(key_path, app_id, installation_id, expiry=600): - jwk = read_key(key_path) +def get_token(key_path, app_id, installation_id, private_key, expiry=600): + jwk = read_key(key_path, private_key) generated_jwt = encode_jwt(app_id, jwk, exp=expiry) return post_request(generated_jwt, installation_id) @@ -146,10 +154,16 @@ class LookupModule(LookupBase): self.set_options(var_options=variables, direct=kwargs) + if not (self.get_option("key_path") or self.get_option("private_key")): + raise AnsibleOptionsError("One of key_path or private_key is required") + if self.get_option("key_path") and self.get_option("private_key"): + raise AnsibleOptionsError("key_path and private_key are mutually exclusive") + t = get_token( self.get_option('key_path'), self.get_option('app_id'), self.get_option('installation_id'), + self.get_option('private_key'), self.get_option('token_expiry'), ) diff --git a/plugins/lookup/hiera.py b/plugins/lookup/hiera.py index fa4d0a1999..8463a8844e 100644 --- a/plugins/lookup/hiera.py +++ b/plugins/lookup/hiera.py @@ -25,12 +25,14 @@ DOCUMENTATION = ''' executable: description: - Binary file to execute Hiera. + type: string default: '/usr/bin/hiera' env: - name: ANSIBLE_HIERA_BIN config_file: description: - File that describes the hierarchy of Hiera. + type: string default: '/etc/hiera.yaml' env: - name: ANSIBLE_HIERA_CFG @@ -77,8 +79,7 @@ class Hiera(object): pargs.extend(hiera_key) - rc, output, err = run_cmd("{0} -c {1} {2}".format( - self.hiera_bin, self.hiera_cfg, hiera_key[0])) + rc, output, err = run_cmd(f"{self.hiera_bin} -c {self.hiera_cfg} {hiera_key[0]}") return to_text(output.strip()) diff --git a/plugins/lookup/keyring.py b/plugins/lookup/keyring.py index a4c914ed1a..ebc35a8ee1 100644 --- a/plugins/lookup/keyring.py +++ b/plugins/lookup/keyring.py @@ -57,17 +57,17 @@ class LookupModule(LookupBase): def run(self, terms, variables=None, **kwargs): if not HAS_KEYRING: - raise AnsibleError(u"Can't LOOKUP(keyring): missing required python library 'keyring'") + raise AnsibleError("Can't LOOKUP(keyring): missing required python library 'keyring'") self.set_options(var_options=variables, direct=kwargs) - display.vvvv(u"keyring: %s" % keyring.get_keyring()) + display.vvvv(f"keyring: {keyring.get_keyring()}") ret = [] for term in terms: (servicename, username) = (term.split()[0], term.split()[1]) - display.vvvv(u"username: %s, servicename: %s " % (username, servicename)) + display.vvvv(f"username: {username}, servicename: {servicename} ") password = keyring.get_password(servicename, username) if password is None: - raise AnsibleError(u"servicename: %s for user %s not found" % (servicename, username)) + raise AnsibleError(f"servicename: {servicename} for user {username} not found") ret.append(password.rstrip()) return ret diff --git a/plugins/lookup/lastpass.py b/plugins/lookup/lastpass.py index 8eb3090b76..70ef8d1414 100644 --- a/plugins/lookup/lastpass.py +++ b/plugins/lookup/lastpass.py @@ -83,9 +83,9 @@ class LPass(object): def get_field(self, key, field): if field in ['username', 'password', 'url', 'notes', 'id', 'name']: - out, err = self._run(self._build_args("show", ["--{0}".format(field), key])) + out, err = self._run(self._build_args("show", [f"--{field}", key])) else: - out, err = self._run(self._build_args("show", ["--field={0}".format(field), key])) + out, err = self._run(self._build_args("show", [f"--field={field}", key])) return out.strip() diff --git a/plugins/lookup/lmdb_kv.py b/plugins/lookup/lmdb_kv.py index a37cff9569..c09321d081 100644 --- a/plugins/lookup/lmdb_kv.py +++ b/plugins/lookup/lmdb_kv.py @@ -96,7 +96,7 @@ class LookupModule(LookupBase): try: env = lmdb.open(str(db), readonly=True) except Exception as e: - raise AnsibleError("LMDB can't open database %s: %s" % (db, to_native(e))) + raise AnsibleError(f"LMDB cannot open database {db}: {e}") ret = [] if len(terms) == 0: diff --git a/plugins/lookup/manifold.py b/plugins/lookup/manifold.py index 049d453e4f..9dbd2e118f 100644 --- a/plugins/lookup/manifold.py +++ b/plugins/lookup/manifold.py @@ -78,12 +78,14 @@ class ApiError(Exception): class ManifoldApiClient(object): - base_url = 'https://api.{api}.manifold.co/v1/{endpoint}' http_agent = 'python-manifold-ansible-1.0.0' def __init__(self, token): self._token = token + def _make_url(self, api, endpoint): + return f'https://api.{api}.manifold.co/v1/{endpoint}' + def request(self, api, endpoint, *args, **kwargs): """ Send a request to API backend and pre-process a response. @@ -98,11 +100,11 @@ class ManifoldApiClient(object): """ default_headers = { - 'Authorization': "Bearer {0}".format(self._token), + 'Authorization': f"Bearer {self._token}", 'Accept': "*/*" # Otherwise server doesn't set content-type header } - url = self.base_url.format(api=api, endpoint=endpoint) + url = self._make_url(api, endpoint) headers = default_headers arg_headers = kwargs.pop('headers', None) @@ -110,23 +112,22 @@ class ManifoldApiClient(object): headers.update(arg_headers) try: - display.vvvv('manifold lookup connecting to {0}'.format(url)) + display.vvvv(f'manifold lookup connecting to {url}') response = open_url(url, headers=headers, http_agent=self.http_agent, *args, **kwargs) data = response.read() if response.headers.get('content-type') == 'application/json': data = json.loads(data) return data except ValueError: - raise ApiError('JSON response can\'t be parsed while requesting {url}:\n{json}'.format(json=data, url=url)) + raise ApiError(f'JSON response can\'t be parsed while requesting {url}:\n{data}') except HTTPError as e: - raise ApiError('Server returned: {err} while requesting {url}:\n{response}'.format( - err=str(e), url=url, response=e.read())) + raise ApiError(f'Server returned: {e} while requesting {url}:\n{e.read()}') except URLError as e: - raise ApiError('Failed lookup url for {url} : {err}'.format(url=url, err=str(e))) + raise ApiError(f'Failed lookup url for {url} : {e}') except SSLValidationError as e: - raise ApiError('Error validating the server\'s certificate for {url}: {err}'.format(url=url, err=str(e))) + raise ApiError(f'Error validating the server\'s certificate for {url}: {e}') except ConnectionError as e: - raise ApiError('Error connecting to {url}: {err}'.format(url=url, err=str(e))) + raise ApiError(f'Error connecting to {url}: {e}') def get_resources(self, team_id=None, project_id=None, label=None): """ @@ -152,7 +153,7 @@ class ManifoldApiClient(object): query_params['label'] = label if query_params: - endpoint += '?' + urlencode(query_params) + endpoint += f"?{urlencode(query_params)}" return self.request(api, endpoint) @@ -188,7 +189,7 @@ class ManifoldApiClient(object): query_params['label'] = label if query_params: - endpoint += '?' + urlencode(query_params) + endpoint += f"?{urlencode(query_params)}" return self.request(api, endpoint) @@ -200,7 +201,7 @@ class ManifoldApiClient(object): :return: """ api = 'marketplace' - endpoint = 'credentials?' + urlencode({'resource_id': resource_id}) + endpoint = f"credentials?{urlencode({'resource_id': resource_id})}" return self.request(api, endpoint) @@ -229,7 +230,7 @@ class LookupModule(LookupBase): if team: team_data = client.get_teams(team) if len(team_data) == 0: - raise AnsibleError("Team '{0}' does not exist".format(team)) + raise AnsibleError(f"Team '{team}' does not exist") team_id = team_data[0]['id'] else: team_id = None @@ -237,7 +238,7 @@ class LookupModule(LookupBase): if project: project_data = client.get_projects(project) if len(project_data) == 0: - raise AnsibleError("Project '{0}' does not exist".format(project)) + raise AnsibleError(f"Project '{project}' does not exist") project_id = project_data[0]['id'] else: project_id = None @@ -252,7 +253,7 @@ class LookupModule(LookupBase): if labels and len(resources_data) < len(labels): fetched_labels = [r['body']['label'] for r in resources_data] not_found_labels = [label for label in labels if label not in fetched_labels] - raise AnsibleError("Resource(s) {0} do not exist".format(', '.join(not_found_labels))) + raise AnsibleError(f"Resource(s) {', '.join(not_found_labels)} do not exist") credentials = {} cred_map = {} @@ -262,17 +263,14 @@ class LookupModule(LookupBase): for cred_key, cred_val in six.iteritems(resource_credentials[0]['body']['values']): label = resource['body']['label'] if cred_key in credentials: - display.warning("'{cred_key}' with label '{old_label}' was replaced by resource data " - "with label '{new_label}'".format(cred_key=cred_key, - old_label=cred_map[cred_key], - new_label=label)) + display.warning(f"'{cred_key}' with label '{cred_map[cred_key]}' was replaced by resource data with label '{label}'") credentials[cred_key] = cred_val cred_map[cred_key] = label ret = [credentials] return ret except ApiError as e: - raise AnsibleError('API Error: {0}'.format(str(e))) + raise AnsibleError(f'API Error: {e}') except AnsibleError as e: raise e except Exception: diff --git a/plugins/lookup/merge_variables.py b/plugins/lookup/merge_variables.py index 4fc33014c0..e352524292 100644 --- a/plugins/lookup/merge_variables.py +++ b/plugins/lookup/merge_variables.py @@ -12,7 +12,7 @@ DOCUMENTATION = """ - Mark Ettema (@m-a-r-k-e) - Alexander Petrenz (@alpex8) name: merge_variables - short_description: merge variables with a certain suffix + short_description: merge variables whose names match a given pattern description: - This lookup returns the merged result of all variables in scope that match the given prefixes, suffixes, or regular expressions, optionally. @@ -149,7 +149,7 @@ class LookupModule(LookupBase): ret = [] for term in terms: if not isinstance(term, str): - raise AnsibleError("Non-string type '{0}' passed, only 'str' types are allowed!".format(type(term))) + raise AnsibleError(f"Non-string type '{type(term)}' passed, only 'str' types are allowed!") if not self._groups: # consider only own variables ret.append(self._merge_vars(term, initial_value, variables)) @@ -157,7 +157,9 @@ class LookupModule(LookupBase): cross_host_merge_result = initial_value for host in variables["hostvars"]: if self._is_host_in_allowed_groups(variables["hostvars"][host]["group_names"]): - cross_host_merge_result = self._merge_vars(term, cross_host_merge_result, variables["hostvars"][host]) + host_variables = dict(variables["hostvars"].raw_get(host)) + host_variables["hostvars"] = variables["hostvars"] # re-add hostvars + cross_host_merge_result = self._merge_vars(term, cross_host_merge_result, host_variables) ret.append(cross_host_merge_result) return ret @@ -184,9 +186,9 @@ class LookupModule(LookupBase): return False def _merge_vars(self, search_pattern, initial_value, variables): - display.vvv("Merge variables with {0}: {1}".format(self._pattern_type, search_pattern)) + display.vvv(f"Merge variables with {self._pattern_type}: {search_pattern}") var_merge_names = sorted([key for key in variables.keys() if self._var_matches(key, search_pattern)]) - display.vvv("The following variables will be merged: {0}".format(var_merge_names)) + display.vvv(f"The following variables will be merged: {var_merge_names}") prev_var_type = None result = None @@ -195,7 +197,8 @@ class LookupModule(LookupBase): result = initial_value for var_name in var_merge_names: - var_value = self._templar.template(variables[var_name]) # Render jinja2 templates + with self._templar.set_temporary_context(available_variables=variables): # tmp. switch renderer to context of current variables + var_value = self._templar.template(variables[var_name]) # Render jinja2 templates var_type = _verify_and_get_type(var_value) if prev_var_type is None: @@ -223,8 +226,7 @@ class LookupModule(LookupBase): dest[key] += value else: if (key in dest) and dest[key] != value: - msg = "The key '{0}' with value '{1}' will be overwritten with value '{2}' from '{3}.{0}'".format( - key, dest[key], value, ".".join(path)) + msg = f"The key '{key}' with value '{dest[key]}' will be overwritten with value '{value}' from '{'.'.join(path)}.{key}'" if self._override == "error": raise AnsibleError(msg) diff --git a/plugins/lookup/onepassword.py b/plugins/lookup/onepassword.py index 8ca95de0bc..60e0b2a69c 100644 --- a/plugins/lookup/onepassword.py +++ b/plugins/lookup/onepassword.py @@ -23,6 +23,8 @@ DOCUMENTATION = ''' _terms: description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve. required: true + type: list + elements: string account_id: version_added: 7.5.0 domain: @@ -133,16 +135,16 @@ class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)): self._version = None def _check_required_params(self, required_params): - non_empty_attrs = dict((param, getattr(self, param, None)) for param in required_params if getattr(self, param, None)) + non_empty_attrs = {param: getattr(self, param) for param in required_params if getattr(self, param, None)} missing = set(required_params).difference(non_empty_attrs) if missing: prefix = "Unable to sign in to 1Password. Missing required parameter" plural = "" - suffix = ": {params}.".format(params=", ".join(missing)) + suffix = f": {', '.join(missing)}." if len(missing) > 1: plural = "s" - msg = "{prefix}{plural}{suffix}".format(prefix=prefix, plural=plural, suffix=suffix) + msg = f"{prefix}{plural}{suffix}" raise AnsibleLookupError(msg) @abc.abstractmethod @@ -167,7 +169,7 @@ class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)): rc = p.wait() if not ignore_errors and rc != expected_rc: - raise AnsibleLookupError(to_text(err)) + raise AnsibleLookupError(str(err)) return rc, out, err @@ -208,12 +210,12 @@ class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)): try: bin_path = get_bin_path(cls.bin) except ValueError: - raise AnsibleLookupError("Unable to locate '%s' command line tool" % cls.bin) + raise AnsibleLookupError(f"Unable to locate '{cls.bin}' command line tool") try: b_out = subprocess.check_output([bin_path, "--version"], stderr=subprocess.PIPE) except subprocess.CalledProcessError as cpe: - raise AnsibleLookupError("Unable to get the op version: %s" % cpe) + raise AnsibleLookupError(f"Unable to get the op version: {cpe}") return to_text(b_out).strip() @@ -298,7 +300,7 @@ class OnePassCLIv1(OnePassCLIBase): if self.account_id: args.extend(["--account", self.account_id]) elif self.subdomain: - account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain) + account = f"{self.subdomain}.{self.domain}" args.extend(["--account", account]) rc, out, err = self._run(args, ignore_errors=True) @@ -324,7 +326,7 @@ class OnePassCLIv1(OnePassCLIBase): args = [ "signin", - "{0}.{1}".format(self.subdomain, self.domain), + f"{self.subdomain}.{self.domain}", to_bytes(self.username), to_bytes(self.secret_key), "--raw", @@ -339,7 +341,7 @@ class OnePassCLIv1(OnePassCLIBase): args.extend(["--account", self.account_id]) if vault is not None: - args += ["--vault={0}".format(vault)] + args += [f"--vault={vault}"] if token is not None: args += [to_bytes("--session=") + token] @@ -510,7 +512,7 @@ class OnePassCLIv2(OnePassCLIBase): args = ["account", "list"] if self.subdomain: - account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain) + account = f"{self.subdomain}.{self.domain}" args.extend(["--account", account]) rc, out, err = self._run(args) @@ -523,7 +525,7 @@ class OnePassCLIv2(OnePassCLIBase): if self.account_id: args.extend(["--account", self.account_id]) elif self.subdomain: - account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain) + account = f"{self.subdomain}.{self.domain}" args.extend(["--account", account]) rc, out, err = self._run(args, ignore_errors=True) @@ -543,7 +545,7 @@ class OnePassCLIv2(OnePassCLIBase): args = [ "account", "add", "--raw", - "--address", "{0}.{1}".format(self.subdomain, self.domain), + "--address", f"{self.subdomain}.{self.domain}", "--email", to_bytes(self.username), "--signin", ] @@ -558,7 +560,7 @@ class OnePassCLIv2(OnePassCLIBase): args.extend(["--account", self.account_id]) if vault is not None: - args += ["--vault={0}".format(vault)] + args += [f"--vault={vault}"] if self.connect_host and self.connect_token: if vault is None: @@ -625,7 +627,7 @@ class OnePass(object): except TypeError as e: raise AnsibleLookupError(e) - raise AnsibleLookupError("op version %s is unsupported" % version) + raise AnsibleLookupError(f"op version {version} is unsupported") def set_token(self): if self._config.config_file_path and os.path.isfile(self._config.config_file_path): diff --git a/plugins/lookup/onepassword_doc.py b/plugins/lookup/onepassword_doc.py index ab24795df2..b1728fce89 100644 --- a/plugins/lookup/onepassword_doc.py +++ b/plugins/lookup/onepassword_doc.py @@ -24,6 +24,8 @@ DOCUMENTATION = ''' _terms: description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve. required: true + type: list + elements: string extends_documentation_fragment: - community.general.onepassword @@ -53,7 +55,7 @@ class OnePassCLIv2Doc(OnePassCLIv2): def get_raw(self, item_id, vault=None, token=None): args = ["document", "get", item_id] if vault is not None: - args = [*args, "--vault={0}".format(vault)] + args = [*args, f"--vault={vault}"] if self.service_account_token: if vault is None: diff --git a/plugins/lookup/onepassword_raw.py b/plugins/lookup/onepassword_raw.py index 3eef535a1c..dc3e590329 100644 --- a/plugins/lookup/onepassword_raw.py +++ b/plugins/lookup/onepassword_raw.py @@ -23,6 +23,8 @@ DOCUMENTATION = ''' _terms: description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve. required: true + type: list + elements: string account_id: version_added: 7.5.0 domain: diff --git a/plugins/lookup/passwordstore.py b/plugins/lookup/passwordstore.py index 7a6fca7a01..584690c175 100644 --- a/plugins/lookup/passwordstore.py +++ b/plugins/lookup/passwordstore.py @@ -14,7 +14,7 @@ DOCUMENTATION = ''' short_description: manage passwords with passwordstore.org's pass utility description: - Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility. - It also retrieves YAML style keys stored as multilines in the passwordfile. + It can also retrieve, create or update YAML style keys stored as multilines in the passwordfile. - To avoid problems when accessing multiple secrets at once, add C(auto-expand-secmem) to C(~/.gnupg/gpg-agent.conf). Where this is not possible, consider using O(lock=readwrite) instead. options: @@ -33,17 +33,18 @@ DOCUMENTATION = ''' env: - name: PASSWORD_STORE_DIR create: - description: Create the password if it does not already exist. Takes precedence over O(missing). + description: Create the password or the subkey if it does not already exist. Takes precedence over O(missing). type: bool default: false overwrite: - description: Overwrite the password if it does already exist. + description: Overwrite the password or the subkey if it does already exist. type: bool default: false umask: description: - - Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable). + - Sets the umask for the created V(.gpg) files. The first octed must be greater than 3 (user readable). - Note pass' default value is V('077'). + type: string env: - name: PASSWORD_STORE_UMASK version_added: 1.3.0 @@ -52,7 +53,9 @@ DOCUMENTATION = ''' type: bool default: false subkey: - description: Return a specific subkey of the password. When set to V(password), always returns the first line. + description: + - By default return a specific subkey of the password. When set to V(password), always returns the first line. + - With O(overwrite=true), it will create the subkey and return it. type: str default: password userpass: @@ -63,7 +66,7 @@ DOCUMENTATION = ''' type: integer default: 16 backup: - description: Used with O(overwrite=true). Backup the previous password in a subkey. + description: Used with O(overwrite=true). Backup the previous password or subkey in a subkey. type: bool default: false nosymbols: @@ -139,6 +142,21 @@ DOCUMENTATION = ''' type: bool default: true version_added: 8.1.0 + missing_subkey: + description: + - Preference about what to do if the password subkey is missing. + - If set to V(error), the lookup will error out if the subkey does not exist. + - If set to V(empty) or V(warn), will return a V(none) in case the subkey does not exist. + version_added: 8.6.0 + type: str + default: empty + choices: + - error + - warn + - empty + ini: + - section: passwordstore_lookup + key: missing_subkey notes: - The lookup supports passing all options as lookup parameters since community.general 6.0.0. ''' @@ -147,6 +165,7 @@ ansible.cfg: | [passwordstore_lookup] lock=readwrite locktimeout=45s + missing_subkey=warn tasks.yml: | --- @@ -172,6 +191,17 @@ tasks.yml: | vars: mypassword: "{{ lookup('community.general.passwordstore', 'example/test', missing='create')}}" + - name: >- + Create a random 16 character password in a subkey. If the password file already exists, just add the subkey in it. + If the subkey exists, returns it + ansible.builtin.debug: + msg: "{{ lookup('community.general.passwordstore', 'example/test', create=true, subkey='foo') }}" + + - name: >- + Create a random 16 character password in a subkey. Overwrite if it already exists and backup the old one. + ansible.builtin.debug: + msg: "{{ lookup('community.general.passwordstore', 'example/test', create=true, subkey='user', overwrite=true, backup=true) }}" + - name: Prints 'abc' if example/test does not exist, just give the password otherwise ansible.builtin.debug: var: mypassword @@ -285,7 +315,7 @@ class LookupModule(LookupBase): ) self.realpass = 'pass: the standard unix password manager' in passoutput except (subprocess.CalledProcessError) as e: - raise AnsibleError('exit code {0} while running {1}. Error output: {2}'.format(e.returncode, e.cmd, e.output)) + raise AnsibleError(f'exit code {e.returncode} while running {e.cmd}. Error output: {e.output}') return self.realpass @@ -302,7 +332,7 @@ class LookupModule(LookupBase): for param in params[1:]: name, value = param.split('=', 1) if name not in self.paramvals: - raise AnsibleAssertionError('%s not in paramvals' % name) + raise AnsibleAssertionError(f'{name} not in paramvals') self.paramvals[name] = value except (ValueError, AssertionError) as e: raise AnsibleError(e) @@ -314,12 +344,12 @@ class LookupModule(LookupBase): except (ValueError, AssertionError) as e: raise AnsibleError(e) if self.paramvals['missing'] not in ['error', 'warn', 'create', 'empty']: - raise AnsibleError("{0} is not a valid option for missing".format(self.paramvals['missing'])) + raise AnsibleError(f"{self.paramvals['missing']} is not a valid option for missing") if not isinstance(self.paramvals['length'], int): if self.paramvals['length'].isdigit(): self.paramvals['length'] = int(self.paramvals['length']) else: - raise AnsibleError("{0} is not a correct value for length".format(self.paramvals['length'])) + raise AnsibleError(f"{self.paramvals['length']} is not a correct value for length") if self.paramvals['create']: self.paramvals['missing'] = 'create' @@ -334,7 +364,7 @@ class LookupModule(LookupBase): # Set PASSWORD_STORE_DIR self.env['PASSWORD_STORE_DIR'] = self.paramvals['directory'] elif self.is_real_pass(): - raise AnsibleError('Passwordstore directory \'{0}\' does not exist'.format(self.paramvals['directory'])) + raise AnsibleError(f"Passwordstore directory '{self.paramvals['directory']}' does not exist") # Set PASSWORD_STORE_UMASK if umask is set if self.paramvals.get('umask') is not None: @@ -364,19 +394,19 @@ class LookupModule(LookupBase): name, value = line.split(':', 1) self.passdict[name.strip()] = value.strip() if (self.backend == 'gopass' or - os.path.isfile(os.path.join(self.paramvals['directory'], self.passname + ".gpg")) + os.path.isfile(os.path.join(self.paramvals['directory'], f"{self.passname}.gpg")) or not self.is_real_pass()): # When using real pass, only accept password as found if there is a .gpg file for it (might be a tree node otherwise) return True except (subprocess.CalledProcessError) as e: # 'not in password store' is the expected error if a password wasn't found if 'not in the password store' not in e.output: - raise AnsibleError('exit code {0} while running {1}. Error output: {2}'.format(e.returncode, e.cmd, e.output)) + raise AnsibleError(f'exit code {e.returncode} while running {e.cmd}. Error output: {e.output}') if self.paramvals['missing'] == 'error': - raise AnsibleError('passwordstore: passname {0} not found and missing=error is set'.format(self.passname)) + raise AnsibleError(f'passwordstore: passname {self.passname} not found and missing=error is set') elif self.paramvals['missing'] == 'warn': - display.warning('passwordstore: passname {0} not found'.format(self.passname)) + display.warning(f'passwordstore: passname {self.passname} not found') return False @@ -394,19 +424,50 @@ class LookupModule(LookupBase): def update_password(self): # generate new password, insert old lines from current result and return new password + # if the target is a subkey, only modify the subkey newpass = self.get_newpass() datetime = time.strftime("%d/%m/%Y %H:%M:%S") - msg = newpass - if self.paramvals['preserve'] or self.paramvals['timestamp']: - msg += '\n' - if self.paramvals['preserve'] and self.passoutput[1:]: - msg += '\n'.join(self.passoutput[1:]) + '\n' - if self.paramvals['timestamp'] and self.paramvals['backup']: - msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime) + subkey = self.paramvals["subkey"] + + if subkey != "password": + + msg_lines = [] + subkey_exists = False + subkey_line = f"{subkey}: {newpass}" + oldpass = None + + for line in self.passoutput: + if line.startswith(f"{subkey}: "): + oldpass = self.passdict[subkey] + line = subkey_line + subkey_exists = True + + msg_lines.append(line) + + if not subkey_exists: + msg_lines.insert(2, subkey_line) + + if self.paramvals["timestamp"] and self.paramvals["backup"] and oldpass and oldpass != newpass: + msg_lines.append( + f"lookup_pass: old subkey '{subkey}' password was {oldpass} (Updated on {datetime})\n" + ) + + msg = os.linesep.join(msg_lines) + + else: + msg = newpass + + if self.paramvals['preserve'] or self.paramvals['timestamp']: + msg += '\n' + if self.paramvals['preserve'] and self.passoutput[1:]: + msg += '\n'.join(self.passoutput[1:]) + '\n' + if self.paramvals['timestamp'] and self.paramvals['backup']: + msg += f"lookup_pass: old password was {self.password} (Updated on {datetime})\n" + try: check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env) except (subprocess.CalledProcessError) as e: - raise AnsibleError('exit code {0} while running {1}. Error output: {2}'.format(e.returncode, e.cmd, e.output)) + raise AnsibleError(f'exit code {e.returncode} while running {e.cmd}. Error output: {e.output}') return newpass def generate_password(self): @@ -414,13 +475,21 @@ class LookupModule(LookupBase): # use pwgen to generate the password and insert values with pass -m newpass = self.get_newpass() datetime = time.strftime("%d/%m/%Y %H:%M:%S") - msg = newpass + subkey = self.paramvals["subkey"] + + if subkey != "password": + msg = f"\n\n{subkey}: {newpass}" + else: + msg = newpass + if self.paramvals['timestamp']: - msg += '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime) + msg += f"\nlookup_pass: First generated by ansible on {datetime}\n" + try: check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env) except (subprocess.CalledProcessError) as e: - raise AnsibleError('exit code {0} while running {1}. Error output: {2}'.format(e.returncode, e.cmd, e.output)) + raise AnsibleError(f'exit code {e.returncode} while running {e.cmd}. Error output: {e.output}') + return newpass def get_passresult(self): @@ -432,13 +501,24 @@ class LookupModule(LookupBase): if self.paramvals['subkey'] in self.passdict: return self.passdict[self.paramvals['subkey']] else: + if self.paramvals["missing_subkey"] == "error": + raise AnsibleError( + f"passwordstore: subkey {self.paramvals['subkey']} for passname {self.passname} not found and missing_subkey=error is set" + ) + + if self.paramvals["missing_subkey"] == "warn": + display.warning( + f"passwordstore: subkey {self.paramvals['subkey']} for passname {self.passname} not found" + ) + return None @contextmanager def opt_lock(self, type): if self.get_option('lock') == type: tmpdir = os.environ.get('TMPDIR', '/tmp') - lockfile = os.path.join(tmpdir, '.passwordstore.lock') + user = os.environ.get('USER') + lockfile = os.path.join(tmpdir, f'.{user}.passwordstore.lock') with FileLock().lock_file(lockfile, tmpdir, self.lock_timeout): self.locked = type yield @@ -452,7 +532,7 @@ class LookupModule(LookupBase): self.locked = None timeout = self.get_option('locktimeout') if not re.match('^[0-9]+[smh]$', timeout): - raise AnsibleError("{0} is not a correct value for locktimeout".format(timeout)) + raise AnsibleError(f"{timeout} is not a correct value for locktimeout") unit_to_seconds = {"s": 1, "m": 60, "h": 3600} self.lock_timeout = int(timeout[:-1]) * unit_to_seconds[timeout[-1]] @@ -481,6 +561,7 @@ class LookupModule(LookupBase): 'umask': self.get_option('umask'), 'timestamp': self.get_option('timestamp'), 'preserve': self.get_option('preserve'), + "missing_subkey": self.get_option("missing_subkey"), } def run(self, terms, variables, **kwargs): @@ -492,7 +573,10 @@ class LookupModule(LookupBase): self.parse_params(term) # parse the input into paramvals with self.opt_lock('readwrite'): if self.check_pass(): # password exists - if self.paramvals['overwrite'] and self.paramvals['subkey'] == 'password': + if self.paramvals['overwrite']: + with self.opt_lock('write'): + result.append(self.update_password()) + elif self.paramvals["subkey"] != "password" and not self.passdict.get(self.paramvals['subkey']): # password exists but not the subkey with self.opt_lock('write'): result.append(self.update_password()) else: diff --git a/plugins/lookup/random_pet.py b/plugins/lookup/random_pet.py index 71a62cbca0..77f1c34a51 100644 --- a/plugins/lookup/random_pet.py +++ b/plugins/lookup/random_pet.py @@ -95,6 +95,6 @@ class LookupModule(LookupBase): values = petname.Generate(words=words, separator=separator, letters=length) if prefix: - values = "%s%s%s" % (prefix, separator, values) + values = f"{prefix}{separator}{values}" return [values] diff --git a/plugins/lookup/random_string.py b/plugins/lookup/random_string.py index d3b29629d7..9b811dd8b3 100644 --- a/plugins/lookup/random_string.py +++ b/plugins/lookup/random_string.py @@ -104,37 +104,37 @@ EXAMPLES = r""" - name: Generate random string ansible.builtin.debug: var: lookup('community.general.random_string') - # Example result: ['DeadBeeF'] + # Example result: 'DeadBeeF' - name: Generate random string with length 12 ansible.builtin.debug: var: lookup('community.general.random_string', length=12) - # Example result: ['Uan0hUiX5kVG'] + # Example result: 'Uan0hUiX5kVG' - name: Generate base64 encoded random string ansible.builtin.debug: var: lookup('community.general.random_string', base64=True) - # Example result: ['NHZ6eWN5Qk0='] + # Example result: 'NHZ6eWN5Qk0=' - name: Generate a random string with 1 lower, 1 upper, 1 number and 1 special char (at least) ansible.builtin.debug: var: lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) - # Example result: ['&Qw2|E[-'] + # Example result: '&Qw2|E[-' - name: Generate a random string with all lower case characters - debug: + ansible.builtin.debug: var: query('community.general.random_string', upper=false, numbers=false, special=false) # Example result: ['exolxzyz'] - name: Generate random hexadecimal string - debug: + ansible.builtin.debug: var: query('community.general.random_string', upper=false, lower=false, override_special=hex_chars, numbers=false) vars: hex_chars: '0123456789ABCDEF' # Example result: ['D2A40737'] - name: Generate random hexadecimal string with override_all - debug: + ansible.builtin.debug: var: query('community.general.random_string', override_all=hex_chars) vars: hex_chars: '0123456789ABCDEF' diff --git a/plugins/lookup/redis.py b/plugins/lookup/redis.py index 43b046a798..5c669a7f23 100644 --- a/plugins/lookup/redis.py +++ b/plugins/lookup/redis.py @@ -19,8 +19,11 @@ DOCUMENTATION = ''' options: _terms: description: list of keys to query + type: list + elements: string host: description: location of Redis host + type: string default: '127.0.0.1' env: - name: ANSIBLE_REDIS_HOST @@ -113,5 +116,5 @@ class LookupModule(LookupBase): ret.append(to_text(res)) except Exception as e: # connection failed or key not found - raise AnsibleError('Encountered exception while fetching {0}: {1}'.format(term, e)) + raise AnsibleError(f'Encountered exception while fetching {term}: {e}') return ret diff --git a/plugins/lookup/revbitspss.py b/plugins/lookup/revbitspss.py index e4118e89eb..89c19cf23c 100644 --- a/plugins/lookup/revbitspss.py +++ b/plugins/lookup/revbitspss.py @@ -100,8 +100,8 @@ class LookupModule(LookupBase): result = [] for term in terms: try: - display.vvv("Secret Server lookup of Secret with ID %s" % term) + display.vvv(f"Secret Server lookup of Secret with ID {term}") result.append({term: secret_server.get_pam_secret(term)}) except Exception as error: - raise AnsibleError("Secret Server lookup failure: %s" % error.message) + raise AnsibleError(f"Secret Server lookup failure: {error.message}") return result diff --git a/plugins/lookup/shelvefile.py b/plugins/lookup/shelvefile.py index 35f1097c8b..4d965372fb 100644 --- a/plugins/lookup/shelvefile.py +++ b/plugins/lookup/shelvefile.py @@ -15,11 +15,15 @@ DOCUMENTATION = ''' options: _terms: description: Sets of key value pairs of parameters. + type: list + elements: str key: description: Key to query. + type: str required: true file: description: Path to shelve file. + type: path required: true ''' @@ -67,7 +71,7 @@ class LookupModule(LookupBase): for param in params: name, value = param.split('=') if name not in paramvals: - raise AnsibleAssertionError('%s not in paramvals' % name) + raise AnsibleAssertionError(f'{name} not in paramvals') paramvals[name] = value except (ValueError, AssertionError) as e: @@ -82,11 +86,11 @@ class LookupModule(LookupBase): if shelvefile: res = self.read_shelve(shelvefile, key) if res is None: - raise AnsibleError("Key %s not found in shelve file %s" % (key, shelvefile)) + raise AnsibleError(f"Key {key} not found in shelve file {shelvefile}") # Convert the value read to string ret.append(to_text(res)) break else: - raise AnsibleError("Could not locate shelve file in lookup: %s" % paramvals['file']) + raise AnsibleError(f"Could not locate shelve file in lookup: {paramvals['file']}") return ret diff --git a/plugins/lookup/tss.py b/plugins/lookup/tss.py index 80105ff715..ffae6bb824 100644 --- a/plugins/lookup/tss.py +++ b/plugins/lookup/tss.py @@ -25,7 +25,8 @@ options: _terms: description: The integer ID of the secret. required: true - type: int + type: list + elements: int secret_path: description: Indicate a full path of secret including folder and secret name when the secret ID is set to 0. required: false @@ -52,6 +53,7 @@ options: version_added: 7.0.0 base_url: description: The base URL of the server, for example V(https://localhost/SecretServer). + type: string env: - name: TSS_BASE_URL ini: @@ -60,6 +62,7 @@ options: required: true username: description: The username with which to request the OAuth2 Access Grant. + type: string env: - name: TSS_USERNAME ini: @@ -69,6 +72,7 @@ options: description: - The password associated with the supplied username. - Required when O(token) is not provided. + type: string env: - name: TSS_PASSWORD ini: @@ -80,6 +84,7 @@ options: - The domain with which to request the OAuth2 Access Grant. - Optional when O(token) is not provided. - Requires C(python-tss-sdk) version 1.0.0 or greater. + type: string env: - name: TSS_DOMAIN ini: @@ -92,6 +97,7 @@ options: - Existing token for Thycotic authorizer. - If provided, O(username) and O(password) are not needed. - Requires C(python-tss-sdk) version 1.0.0 or greater. + type: string env: - name: TSS_TOKEN ini: @@ -102,6 +108,7 @@ options: default: /api/v1 description: The path to append to the base URL to form a valid REST API request. + type: string env: - name: TSS_API_PATH_URI required: false @@ -109,6 +116,7 @@ options: default: /oauth2/token description: The path to append to the base URL to form a valid OAuth2 Access Grant request. + type: string env: - name: TSS_TOKEN_PATH_URI required: false @@ -298,14 +306,14 @@ class TSSClient(object): return TSSClientV0(**server_parameters) def get_secret(self, term, secret_path, fetch_file_attachments, file_download_path): - display.debug("tss_lookup term: %s" % term) + display.debug(f"tss_lookup term: {term}") secret_id = self._term_to_secret_id(term) if secret_id == 0 and secret_path: fetch_secret_by_path = True - display.vvv(u"Secret Server lookup of Secret with path %s" % secret_path) + display.vvv(f"Secret Server lookup of Secret with path {secret_path}") else: fetch_secret_by_path = False - display.vvv(u"Secret Server lookup of Secret with ID %d" % secret_id) + display.vvv(f"Secret Server lookup of Secret with ID {secret_id}") if fetch_file_attachments: if fetch_secret_by_path: @@ -317,12 +325,12 @@ class TSSClient(object): if i['isFile']: try: file_content = i['itemValue'].content - with open(os.path.join(file_download_path, str(obj['id']) + "_" + i['slug']), "wb") as f: + with open(os.path.join(file_download_path, f"{obj['id']}_{i['slug']}"), "wb") as f: f.write(file_content) except ValueError: - raise AnsibleOptionsError("Failed to download {0}".format(str(i['slug']))) + raise AnsibleOptionsError(f"Failed to download {i['slug']}") except AttributeError: - display.warning("Could not read file content for {0}".format(str(i['slug']))) + display.warning(f"Could not read file content for {i['slug']}") finally: i['itemValue'] = "*** Not Valid For Display ***" else: @@ -335,9 +343,9 @@ class TSSClient(object): return self._client.get_secret_json(secret_id) def get_secret_ids_by_folderid(self, term): - display.debug("tss_lookup term: %s" % term) + display.debug(f"tss_lookup term: {term}") folder_id = self._term_to_folder_id(term) - display.vvv(u"Secret Server lookup of Secret id's with Folder ID %d" % folder_id) + display.vvv(f"Secret Server lookup of Secret id's with Folder ID {folder_id}") return self._client.get_secret_ids_by_folderid(folder_id) @@ -439,4 +447,4 @@ class LookupModule(LookupBase): for term in terms ] except SecretServerError as error: - raise AnsibleError("Secret Server lookup failure: %s" % error.message) + raise AnsibleError(f"Secret Server lookup failure: {error.message}") diff --git a/plugins/module_utils/_filelock.py b/plugins/module_utils/_filelock.py index a35d0b91cf..4e782064be 100644 --- a/plugins/module_utils/_filelock.py +++ b/plugins/module_utils/_filelock.py @@ -46,8 +46,8 @@ class FileLock: ''' Create a lock file based on path with flock to prevent other processes using given path. - Please note that currently file locking only works when it's executed by - the same user, I.E single user scenarios + Please note that currently file locking only works when it is executed by + the same user, for example single user scenarios :kw path: Path (file) to lock :kw tmpdir: Path where to place the temporary .lock file diff --git a/plugins/module_utils/android_sdkmanager.py b/plugins/module_utils/android_sdkmanager.py new file mode 100644 index 0000000000..9cbb2df6b0 --- /dev/null +++ b/plugins/module_utils/android_sdkmanager.py @@ -0,0 +1,148 @@ +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Stanislav Shamilov +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import re + +from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt + +__state_map = { + "present": "--install", + "absent": "--uninstall" +} + +# sdkmanager --help 2>&1 | grep -A 2 -- --channel +__channel_map = { + "stable": 0, + "beta": 1, + "dev": 2, + "canary": 3 +} + + +def __map_channel(channel_name): + if channel_name not in __channel_map: + raise ValueError("Unknown channel name '%s'" % channel_name) + return __channel_map[channel_name] + + +def sdkmanager_runner(module, **kwargs): + return CmdRunner( + module, + command='sdkmanager', + arg_formats=dict( + state=cmd_runner_fmt.as_map(__state_map), + name=cmd_runner_fmt.as_list(), + installed=cmd_runner_fmt.as_fixed("--list_installed"), + list=cmd_runner_fmt.as_fixed('--list'), + newer=cmd_runner_fmt.as_fixed("--newer"), + sdk_root=cmd_runner_fmt.as_opt_eq_val("--sdk_root"), + channel=cmd_runner_fmt.as_func(lambda x: ["{0}={1}".format("--channel", __map_channel(x))]) + ), + force_lang="C.UTF-8", # Without this, sdkmanager binary crashes + **kwargs + ) + + +class Package: + def __init__(self, name): + self.name = name + + def __hash__(self): + return hash(self.name) + + def __ne__(self, other): + if not isinstance(other, Package): + return True + return self.name != other.name + + def __eq__(self, other): + if not isinstance(other, Package): + return False + + return self.name == other.name + + +class SdkManagerException(Exception): + pass + + +class AndroidSdkManager(object): + _RE_INSTALLED_PACKAGES_HEADER = re.compile(r'^Installed packages:$') + _RE_UPDATABLE_PACKAGES_HEADER = re.compile(r'^Available Updates:$') + + # Example: ' platform-tools | 27.0.0 | Android SDK Platform-Tools 27 | platform-tools ' + _RE_INSTALLED_PACKAGE = re.compile(r'^\s*(?P\S+)\s*\|\s*[0-9][^|]*\b\s*\|\s*.+\s*\|\s*(\S+)\s*$') + + # Example: ' platform-tools | 27.0.0 | 35.0.2' + _RE_UPDATABLE_PACKAGE = re.compile(r'^\s*(?P\S+)\s*\|\s*[0-9][^|]*\b\s*\|\s*[0-9].*\b\s*$') + + _RE_UNKNOWN_PACKAGE = re.compile(r'^Warning: Failed to find package \'(?P\S+)\'\s*$') + _RE_ACCEPT_LICENSE = re.compile(r'^The following packages can not be installed since their licenses or those of ' + r'the packages they depend on were not accepted') + + def __init__(self, module): + self.runner = sdkmanager_runner(module) + + def get_installed_packages(self): + with self.runner('installed sdk_root channel') as ctx: + rc, stdout, stderr = ctx.run() + return self._parse_packages(stdout, self._RE_INSTALLED_PACKAGES_HEADER, self._RE_INSTALLED_PACKAGE) + + def get_updatable_packages(self): + with self.runner('list newer sdk_root channel') as ctx: + rc, stdout, stderr = ctx.run() + return self._parse_packages(stdout, self._RE_UPDATABLE_PACKAGES_HEADER, self._RE_UPDATABLE_PACKAGE) + + def apply_packages_changes(self, packages, accept_licenses=False): + """ Install or delete packages, depending on the `module.vars.state` parameter """ + if len(packages) == 0: + return 0, '', '' + + if accept_licenses: + license_prompt_answer = 'y' + else: + license_prompt_answer = 'N' + for package in packages: + with self.runner('state name sdk_root channel', data=license_prompt_answer) as ctx: + rc, stdout, stderr = ctx.run(name=package.name) + + for line in stdout.splitlines(): + if self._RE_ACCEPT_LICENSE.match(line): + raise SdkManagerException("Licenses for some packages were not accepted") + + if rc != 0: + self._try_parse_stderr(stderr) + return rc, stdout, stderr + return 0, '', '' + + def _try_parse_stderr(self, stderr): + data = stderr.splitlines() + for line in data: + unknown_package_regex = self._RE_UNKNOWN_PACKAGE.match(line) + if unknown_package_regex: + package = unknown_package_regex.group('package') + raise SdkManagerException("Unknown package %s" % package) + + @staticmethod + def _parse_packages(stdout, header_regexp, row_regexp): + data = stdout.splitlines() + + section_found = False + packages = set() + + for line in data: + if not section_found: + section_found = header_regexp.match(line) + continue + else: + p = row_regexp.match(line) + if p: + packages.add(Package(p.group('name'))) + return packages diff --git a/plugins/module_utils/cmd_runner.py b/plugins/module_utils/cmd_runner.py index 8649871207..10278964bb 100644 --- a/plugins/module_utils/cmd_runner.py +++ b/plugins/module_utils/cmd_runner.py @@ -7,10 +7,10 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type import os -from functools import wraps from ansible.module_utils.common.collections import is_sequence -from ansible.module_utils.six import iteritems +from ansible.module_utils.common.locale import get_best_parsable_locale +from ansible_collections.community.general.plugins.module_utils import cmd_runner_fmt def _ensure_list(value): @@ -88,96 +88,6 @@ class FormatError(CmdRunnerException): ) -class _ArgFormat(object): - def __init__(self, func, ignore_none=None, ignore_missing_value=False): - self.func = func - self.ignore_none = ignore_none - self.ignore_missing_value = ignore_missing_value - - def __call__(self, value, ctx_ignore_none): - ignore_none = self.ignore_none if self.ignore_none is not None else ctx_ignore_none - if value is None and ignore_none: - return [] - f = self.func - return [str(x) for x in f(value)] - - -class _Format(object): - @staticmethod - def as_bool(args_true, args_false=None, ignore_none=None): - if args_false is not None: - if ignore_none is None: - ignore_none = False - else: - args_false = [] - return _ArgFormat(lambda value: _ensure_list(args_true) if value else _ensure_list(args_false), ignore_none=ignore_none) - - @staticmethod - def as_bool_not(args): - return _ArgFormat(lambda value: [] if value else _ensure_list(args), ignore_none=False) - - @staticmethod - def as_optval(arg, ignore_none=None): - return _ArgFormat(lambda value: ["{0}{1}".format(arg, value)], ignore_none=ignore_none) - - @staticmethod - def as_opt_val(arg, ignore_none=None): - return _ArgFormat(lambda value: [arg, value], ignore_none=ignore_none) - - @staticmethod - def as_opt_eq_val(arg, ignore_none=None): - return _ArgFormat(lambda value: ["{0}={1}".format(arg, value)], ignore_none=ignore_none) - - @staticmethod - def as_list(ignore_none=None): - return _ArgFormat(_ensure_list, ignore_none=ignore_none) - - @staticmethod - def as_fixed(args): - return _ArgFormat(lambda value: _ensure_list(args), ignore_none=False, ignore_missing_value=True) - - @staticmethod - def as_func(func, ignore_none=None): - return _ArgFormat(func, ignore_none=ignore_none) - - @staticmethod - def as_map(_map, default=None, ignore_none=None): - if default is None: - default = [] - return _ArgFormat(lambda value: _ensure_list(_map.get(value, default)), ignore_none=ignore_none) - - @staticmethod - def as_default_type(_type, arg="", ignore_none=None): - # - # DEPRECATION: This method is deprecated and will be removed in community.general 10.0.0 - # - # Instead of using the implicit formats provided here, use the explicit necessary format method. - # - fmt = _Format - if _type == "dict": - return fmt.as_func(lambda d: ["--{0}={1}".format(*a) for a in iteritems(d)], ignore_none=ignore_none) - if _type == "list": - return fmt.as_func(lambda value: ["--{0}".format(x) for x in value], ignore_none=ignore_none) - if _type == "bool": - return fmt.as_bool("--{0}".format(arg)) - - return fmt.as_opt_val("--{0}".format(arg), ignore_none=ignore_none) - - @staticmethod - def unpack_args(func): - @wraps(func) - def wrapper(v): - return func(*v) - return wrapper - - @staticmethod - def unpack_kwargs(func): - @wraps(func) - def wrapper(v): - return func(**v) - return wrapper - - class CmdRunner(object): """ Wrapper for ``AnsibleModule.run_command()``. @@ -197,9 +107,19 @@ class CmdRunner(object): self.default_args_order = self._prepare_args_order(default_args_order) if arg_formats is None: arg_formats = {} - self.arg_formats = dict(arg_formats) + self.arg_formats = {} + for fmt_name, fmt in arg_formats.items(): + if not cmd_runner_fmt.is_argformat(fmt): + fmt = cmd_runner_fmt.as_func(func=fmt, ignore_none=True) + self.arg_formats[fmt_name] = fmt self.check_rc = check_rc - self.force_lang = force_lang + if force_lang == "auto": + try: + self.force_lang = get_best_parsable_locale(module) + except RuntimeWarning: + self.force_lang = "C" + else: + self.force_lang = force_lang self.path_prefix = path_prefix if environ_update is None: environ_update = {} @@ -208,15 +128,20 @@ class CmdRunner(object): _cmd = self.command[0] self.command[0] = _cmd if (os.path.isabs(_cmd) or '/' in _cmd) else module.get_bin_path(_cmd, opt_dirs=path_prefix, required=True) - for mod_param_name, spec in iteritems(module.argument_spec): - if mod_param_name not in self.arg_formats: - self.arg_formats[mod_param_name] = _Format.as_default_type(spec.get('type', 'str'), mod_param_name) - @property def binary(self): return self.command[0] - def __call__(self, args_order=None, output_process=None, ignore_value_none=True, check_mode_skip=False, check_mode_return=None, **kwargs): + # remove parameter ignore_value_none in community.general 12.0.0 + def __call__(self, args_order=None, output_process=None, ignore_value_none=None, check_mode_skip=False, check_mode_return=None, **kwargs): + if ignore_value_none is None: + ignore_value_none = True + else: + self.module.deprecate( + "Using ignore_value_none when creating the runner context is now deprecated, " + "and the parameter will be removed in community.general 12.0.0. ", + version="12.0.0", collection_name="community.general" + ) if output_process is None: output_process = _process_as_is if args_order is None: @@ -228,7 +153,7 @@ class CmdRunner(object): return _CmdRunnerContext(runner=self, args_order=args_order, output_process=output_process, - ignore_value_none=ignore_value_none, + ignore_value_none=ignore_value_none, # DEPRECATION: remove in community.general 12.0.0 check_mode_skip=check_mode_skip, check_mode_return=check_mode_return, **kwargs) @@ -244,6 +169,7 @@ class _CmdRunnerContext(object): self.runner = runner self.args_order = tuple(args_order) self.output_process = output_process + # DEPRECATION: parameter ignore_value_none at the context level is deprecated and will be removed in community.general 12.0.0 self.ignore_value_none = ignore_value_none self.check_mode_skip = check_mode_skip self.check_mode_return = check_mode_return @@ -283,6 +209,7 @@ class _CmdRunnerContext(object): value = named_args[arg_name] elif not runner.arg_formats[arg_name].ignore_missing_value: raise MissingArgumentValue(self.args_order, arg_name) + # DEPRECATION: remove parameter ctx_ignore_none in 12.0.0 self.cmd.extend(runner.arg_formats[arg_name](value, ctx_ignore_none=self.ignore_value_none)) except MissingArgumentValue: raise @@ -299,7 +226,7 @@ class _CmdRunnerContext(object): @property def run_info(self): return dict( - ignore_value_none=self.ignore_value_none, + ignore_value_none=self.ignore_value_none, # DEPRECATION: remove in community.general 12.0.0 check_rc=self.check_rc, environ_update=self.environ_update, args_order=self.args_order, @@ -317,6 +244,3 @@ class _CmdRunnerContext(object): def __exit__(self, exc_type, exc_val, exc_tb): return False - - -cmd_runner_fmt = _Format() diff --git a/plugins/module_utils/cmd_runner_fmt.py b/plugins/module_utils/cmd_runner_fmt.py new file mode 100644 index 0000000000..bd6d00a15d --- /dev/null +++ b/plugins/module_utils/cmd_runner_fmt.py @@ -0,0 +1,123 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +from functools import wraps + +from ansible.module_utils.common.collections import is_sequence + + +def _ensure_list(value): + return list(value) if is_sequence(value) else [value] + + +class _ArgFormat(object): + # DEPRECATION: set default value for ignore_none to True in community.general 12.0.0 + def __init__(self, func, ignore_none=None, ignore_missing_value=False): + self.func = func + self.ignore_none = ignore_none + self.ignore_missing_value = ignore_missing_value + + # DEPRECATION: remove parameter ctx_ignore_none in community.general 12.0.0 + def __call__(self, value, ctx_ignore_none=True): + # DEPRECATION: replace ctx_ignore_none with True in community.general 12.0.0 + ignore_none = self.ignore_none if self.ignore_none is not None else ctx_ignore_none + if value is None and ignore_none: + return [] + f = self.func + return [str(x) for x in f(value)] + + def __str__(self): + return "".format( + self.func, + self.ignore_none, + self.ignore_missing_value, + ) + + def __repr__(self): + return str(self) + + +def as_bool(args_true, args_false=None, ignore_none=None): + if args_false is not None: + if ignore_none is None: + ignore_none = False + else: + args_false = [] + return _ArgFormat(lambda value: _ensure_list(args_true) if value else _ensure_list(args_false), ignore_none=ignore_none) + + +def as_bool_not(args): + return as_bool([], args, ignore_none=False) + + +def as_optval(arg, ignore_none=None): + return _ArgFormat(lambda value: ["{0}{1}".format(arg, value)], ignore_none=ignore_none) + + +def as_opt_val(arg, ignore_none=None): + return _ArgFormat(lambda value: [arg, value], ignore_none=ignore_none) + + +def as_opt_eq_val(arg, ignore_none=None): + return _ArgFormat(lambda value: ["{0}={1}".format(arg, value)], ignore_none=ignore_none) + + +def as_list(ignore_none=None, min_len=0, max_len=None): + def func(value): + value = _ensure_list(value) + if len(value) < min_len: + raise ValueError("Parameter must have at least {0} element(s)".format(min_len)) + if max_len is not None and len(value) > max_len: + raise ValueError("Parameter must have at most {0} element(s)".format(max_len)) + return value + return _ArgFormat(func, ignore_none=ignore_none) + + +def as_fixed(args): + return _ArgFormat(lambda value: _ensure_list(args), ignore_none=False, ignore_missing_value=True) + + +def as_func(func, ignore_none=None): + return _ArgFormat(func, ignore_none=ignore_none) + + +def as_map(_map, default=None, ignore_none=None): + if default is None: + default = [] + return _ArgFormat(lambda value: _ensure_list(_map.get(value, default)), ignore_none=ignore_none) + + +def unpack_args(func): + @wraps(func) + def wrapper(v): + return func(*v) + return wrapper + + +def unpack_kwargs(func): + @wraps(func) + def wrapper(v): + return func(**v) + return wrapper + + +def stack(fmt): + @wraps(fmt) + def wrapper(*args, **kwargs): + new_func = fmt(ignore_none=True, *args, **kwargs) + + def stacking(value): + stack = [new_func(v) for v in value if v] + stack = [x for args in stack for x in args] + return stack + return _ArgFormat(stacking, ignore_none=True) + return wrapper + + +def is_argformat(fmt): + return isinstance(fmt, _ArgFormat) diff --git a/plugins/module_utils/consul.py b/plugins/module_utils/consul.py index 68c1a130b4..cd54a105f8 100644 --- a/plugins/module_utils/consul.py +++ b/plugins/module_utils/consul.py @@ -10,6 +10,7 @@ __metaclass__ = type import copy import json +import re from ansible.module_utils.six.moves.urllib import error as urllib_error from ansible.module_utils.six.moves.urllib.parse import urlencode @@ -68,6 +69,25 @@ def camel_case_key(key): return "".join(parts) +def validate_check(check): + validate_duration_keys = ['Interval', 'Ttl', 'Timeout'] + validate_tcp_regex = r"(?P.*):(?P(?:[0-9]+))$" + if check.get('Tcp') is not None: + match = re.match(validate_tcp_regex, check['Tcp']) + if not match: + raise Exception('tcp check must be in host:port format') + for duration in validate_duration_keys: + if duration in check and check[duration] is not None: + check[duration] = validate_duration(check[duration]) + + +def validate_duration(duration): + if duration: + if not re.search(r"\d+(?:ns|us|ms|s|m|h)", duration): + duration = "{0}s".format(duration) + return duration + + STATE_PARAMETER = "state" STATE_PRESENT = "present" STATE_ABSENT = "absent" @@ -81,7 +101,7 @@ OPERATION_DELETE = "remove" def _normalize_params(params, arg_spec): final_params = {} for k, v in params.items(): - if k not in arg_spec: # Alias + if k not in arg_spec or v is None: # Alias continue spec = arg_spec[k] if ( @@ -105,9 +125,10 @@ class _ConsulModule: """ api_endpoint = None # type: str - unique_identifier = None # type: str + unique_identifiers = None # type: list result_key = None # type: str create_only_fields = set() + operational_attributes = set() params = {} def __init__(self, module): @@ -119,6 +140,8 @@ class _ConsulModule: if k not in STATE_PARAMETER and k not in AUTH_ARGUMENTS_SPEC } + self.operational_attributes.update({"CreateIndex", "CreateTime", "Hash", "ModifyIndex"}) + def execute(self): obj = self.read_object() @@ -203,14 +226,24 @@ class _ConsulModule: return False def prepare_object(self, existing, obj): - operational_attributes = {"CreateIndex", "CreateTime", "Hash", "ModifyIndex"} existing = { - k: v for k, v in existing.items() if k not in operational_attributes + k: v for k, v in existing.items() if k not in self.operational_attributes } for k, v in obj.items(): existing[k] = v return existing + def id_from_obj(self, obj, camel_case=False): + def key_func(key): + return camel_case_key(key) if camel_case else key + + if self.unique_identifiers: + for identifier in self.unique_identifiers: + identifier = key_func(identifier) + if identifier in obj: + return obj[identifier] + return None + def endpoint_url(self, operation, identifier=None): if operation == OPERATION_CREATE: return self.api_endpoint @@ -219,7 +252,8 @@ class _ConsulModule: raise RuntimeError("invalid arguments passed") def read_object(self): - url = self.endpoint_url(OPERATION_READ, self.params.get(self.unique_identifier)) + identifier = self.id_from_obj(self.params) + url = self.endpoint_url(OPERATION_READ, identifier) try: return self.get(url) except RequestError as e: @@ -233,25 +267,28 @@ class _ConsulModule: if self._module.check_mode: return obj else: - return self.put(self.api_endpoint, data=self.prepare_object({}, obj)) + url = self.endpoint_url(OPERATION_CREATE) + created_obj = self.put(url, data=self.prepare_object({}, obj)) + if created_obj is None: + created_obj = self.read_object() + return created_obj def update_object(self, existing, obj): - url = self.endpoint_url( - OPERATION_UPDATE, existing.get(camel_case_key(self.unique_identifier)) - ) merged_object = self.prepare_object(existing, obj) if self._module.check_mode: return merged_object else: - return self.put(url, data=merged_object) + url = self.endpoint_url(OPERATION_UPDATE, self.id_from_obj(existing, camel_case=True)) + updated_obj = self.put(url, data=merged_object) + if updated_obj is None: + updated_obj = self.read_object() + return updated_obj def delete_object(self, obj): if self._module.check_mode: return {} else: - url = self.endpoint_url( - OPERATION_DELETE, obj.get(camel_case_key(self.unique_identifier)) - ) + url = self.endpoint_url(OPERATION_DELETE, self.id_from_obj(obj, camel_case=True)) return self.delete(url) def _request(self, method, url_parts, data=None, params=None): @@ -309,7 +346,9 @@ class _ConsulModule: if 400 <= status < 600: raise RequestError(status, response_data) - return json.loads(response_data) + if response_data: + return json.loads(response_data) + return None def get(self, url_parts, **kwargs): return self._request("GET", url_parts, **kwargs) diff --git a/plugins/module_utils/csv.py b/plugins/module_utils/csv.py index 200548a46d..46408e4877 100644 --- a/plugins/module_utils/csv.py +++ b/plugins/module_utils/csv.py @@ -43,7 +43,7 @@ def initialize_dialect(dialect, **kwargs): raise DialectNotAvailableError("Dialect '%s' is not supported by your version of python." % dialect) # Create a dictionary from only set options - dialect_params = dict((k, v) for k, v in kwargs.items() if v is not None) + dialect_params = {k: v for k, v in kwargs.items() if v is not None} if dialect_params: try: csv.register_dialect('custom', dialect, **dialect_params) diff --git a/plugins/module_utils/datetime.py b/plugins/module_utils/datetime.py new file mode 100644 index 0000000000..c7899f68da --- /dev/null +++ b/plugins/module_utils/datetime.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# +# Copyright (c) 2023 Felix Fontein +# Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause) +# SPDX-License-Identifier: BSD-2-Clause + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import datetime as _datetime +import sys + + +_USE_TIMEZONE = sys.version_info >= (3, 6) + + +def ensure_timezone_info(value): + if not _USE_TIMEZONE or value.tzinfo is not None: + return value + return value.astimezone(_datetime.timezone.utc) + + +def fromtimestamp(value): + if _USE_TIMEZONE: + return _datetime.fromtimestamp(value, tz=_datetime.timezone.utc) + return _datetime.utcfromtimestamp(value) + + +def now(): + if _USE_TIMEZONE: + return _datetime.datetime.now(tz=_datetime.timezone.utc) + return _datetime.datetime.utcnow() diff --git a/plugins/module_utils/deps.py b/plugins/module_utils/deps.py index a2413d1952..66847ccd25 100644 --- a/plugins/module_utils/deps.py +++ b/plugins/module_utils/deps.py @@ -96,3 +96,7 @@ def validate(module, spec=None): def failed(spec=None): return any(_deps[d].failed for d in _select_names(spec)) + + +def clear(): + _deps.clear() diff --git a/plugins/module_utils/django.py b/plugins/module_utils/django.py new file mode 100644 index 0000000000..8314ed945e --- /dev/null +++ b/plugins/module_utils/django.py @@ -0,0 +1,124 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +from ansible.module_utils.common.dict_transformations import dict_merge +from ansible_collections.community.general.plugins.module_utils.cmd_runner import cmd_runner_fmt +from ansible_collections.community.general.plugins.module_utils.python_runner import PythonRunner +from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper + + +django_std_args = dict( + # environmental options + venv=dict(type="path"), + # default options of django-admin + settings=dict(type="str", required=True), + pythonpath=dict(type="path"), + traceback=dict(type="bool"), + verbosity=dict(type="int", choices=[0, 1, 2, 3]), + skip_checks=dict(type="bool"), +) + +_django_std_arg_fmts = dict( + command=cmd_runner_fmt.as_list(), + settings=cmd_runner_fmt.as_opt_eq_val("--settings"), + pythonpath=cmd_runner_fmt.as_opt_eq_val("--pythonpath"), + traceback=cmd_runner_fmt.as_bool("--traceback"), + verbosity=cmd_runner_fmt.as_opt_val("--verbosity"), + no_color=cmd_runner_fmt.as_fixed("--no-color"), + skip_checks=cmd_runner_fmt.as_bool("--skip-checks"), + version=cmd_runner_fmt.as_fixed("--version"), +) + +_django_database_args = dict( + database=dict(type="str", default="default"), +) + +_args_menu = dict( + std=(django_std_args, _django_std_arg_fmts), + database=(_django_database_args, {"database": cmd_runner_fmt.as_opt_eq_val("--database")}), + noinput=({}, {"noinput": cmd_runner_fmt.as_fixed("--noinput")}), + dry_run=({}, {"dry_run": cmd_runner_fmt.as_bool("--dry-run")}), + check=({}, {"check": cmd_runner_fmt.as_bool("--check")}), +) + + +class _DjangoRunner(PythonRunner): + def __init__(self, module, arg_formats=None, **kwargs): + arg_fmts = dict(arg_formats) if arg_formats else {} + arg_fmts.update(_django_std_arg_fmts) + + super(_DjangoRunner, self).__init__(module, ["-m", "django"], arg_formats=arg_fmts, **kwargs) + + def __call__(self, output_process=None, ignore_value_none=True, check_mode_skip=False, check_mode_return=None, **kwargs): + args_order = ( + ("command", "no_color", "settings", "pythonpath", "traceback", "verbosity", "skip_checks") + self._prepare_args_order(self.default_args_order) + ) + return super(_DjangoRunner, self).__call__(args_order, output_process, ignore_value_none, check_mode_skip, check_mode_return, **kwargs) + + def bare_context(self, *args, **kwargs): + return super(_DjangoRunner, self).__call__(*args, **kwargs) + + +class DjangoModuleHelper(ModuleHelper): + module = {} + use_old_vardict = False + django_admin_cmd = None + arg_formats = {} + django_admin_arg_order = () + use_old_vardict = False + _django_args = [] + _check_mode_arg = "" + + def __init__(self): + self.module["argument_spec"], self.arg_formats = self._build_args(self.module.get("argument_spec", {}), + self.arg_formats, + *(["std"] + self._django_args)) + super(DjangoModuleHelper, self).__init__(self.module) + if self.django_admin_cmd is not None: + self.vars.command = self.django_admin_cmd + + @staticmethod + def _build_args(arg_spec, arg_format, *names): + res_arg_spec = {} + res_arg_fmts = {} + for name in names: + args, fmts = _args_menu[name] + res_arg_spec = dict_merge(res_arg_spec, args) + res_arg_fmts = dict_merge(res_arg_fmts, fmts) + res_arg_spec = dict_merge(res_arg_spec, arg_spec) + res_arg_fmts = dict_merge(res_arg_fmts, arg_format) + + return res_arg_spec, res_arg_fmts + + def __run__(self): + runner = _DjangoRunner(self.module, + default_args_order=self.django_admin_arg_order, + arg_formats=self.arg_formats, + venv=self.vars.venv, + check_rc=True) + + run_params = self.vars.as_dict() + if self._check_mode_arg: + run_params.update({self._check_mode_arg: self.check_mode}) + + rc, out, err = runner.bare_context("version").run() + self.vars.version = out.strip() + + with runner() as ctx: + results = ctx.run(**run_params) + self.vars.stdout = ctx.results_out + self.vars.stderr = ctx.results_err + self.vars.cmd = ctx.cmd + self.vars.set("run_info", ctx.run_info, verbosity=3) + + return results + + @classmethod + def execute(cls): + cls().run() diff --git a/plugins/module_utils/gandi_livedns_api.py b/plugins/module_utils/gandi_livedns_api.py index 53245d44d0..824fea46e7 100644 --- a/plugins/module_utils/gandi_livedns_api.py +++ b/plugins/module_utils/gandi_livedns_api.py @@ -33,6 +33,7 @@ class GandiLiveDNSAPI(object): def __init__(self, module): self.module = module self.api_key = module.params['api_key'] + self.personal_access_token = module.params['personal_access_token'] def _build_error_message(self, module, info): s = '' @@ -50,7 +51,12 @@ class GandiLiveDNSAPI(object): return s def _gandi_api_call(self, api_call, method='GET', payload=None, error_on_404=True): - headers = {'Authorization': 'Apikey {0}'.format(self.api_key), + authorization_header = ( + 'Bearer {0}'.format(self.personal_access_token) + if self.personal_access_token + else 'Apikey {0}'.format(self.api_key) + ) + headers = {'Authorization': authorization_header, 'Content-Type': 'application/json'} data = None if payload: diff --git a/plugins/module_utils/gconftool2.py b/plugins/module_utils/gconftool2.py index e90c3fb2cb..8e04f9ee3f 100644 --- a/plugins/module_utils/gconftool2.py +++ b/plugins/module_utils/gconftool2.py @@ -27,6 +27,7 @@ def gconftool2_runner(module, **kwargs): value=cmd_runner_fmt.as_list(), direct=cmd_runner_fmt.as_bool("--direct"), config_source=cmd_runner_fmt.as_opt_val("--config-source"), + version=cmd_runner_fmt.as_fixed("--version"), ), **kwargs ) diff --git a/plugins/module_utils/gio_mime.py b/plugins/module_utils/gio_mime.py index e01709487d..c734e13a81 100644 --- a/plugins/module_utils/gio_mime.py +++ b/plugins/module_utils/gio_mime.py @@ -12,10 +12,12 @@ from ansible_collections.community.general.plugins.module_utils.cmd_runner impor def gio_mime_runner(module, **kwargs): return CmdRunner( module, - command=['gio', 'mime'], + command=['gio'], arg_formats=dict( + mime=cmd_runner_fmt.as_fixed('mime'), mime_type=cmd_runner_fmt.as_list(), handler=cmd_runner_fmt.as_list(), + version=cmd_runner_fmt.as_fixed('--version'), ), **kwargs ) @@ -28,5 +30,5 @@ def gio_mime_get(runner, mime_type): out = out.splitlines()[0] return out.split()[-1] - with runner("mime_type", output_process=process) as ctx: + with runner("mime mime_type", output_process=process) as ctx: return ctx.run(mime_type=mime_type) diff --git a/plugins/module_utils/gitlab.py b/plugins/module_utils/gitlab.py index f9872b877f..3c0014cfe9 100644 --- a/plugins/module_utils/gitlab.py +++ b/plugins/module_utils/gitlab.py @@ -81,16 +81,23 @@ def find_group(gitlab_instance, identifier): return group -def ensure_gitlab_package(module): +def ensure_gitlab_package(module, min_version=None): if not HAS_GITLAB_PACKAGE: module.fail_json( msg=missing_required_lib("python-gitlab", url='https://python-gitlab.readthedocs.io/en/stable/'), exception=GITLAB_IMP_ERR ) + gitlab_version = gitlab.__version__ + if min_version is not None and LooseVersion(gitlab_version) < LooseVersion(min_version): + module.fail_json( + msg="This module requires python-gitlab Python module >= %s " + "(installed version: %s). Please upgrade python-gitlab to version %s or above." + % (min_version, gitlab_version, min_version) + ) -def gitlab_authentication(module): - ensure_gitlab_package(module) +def gitlab_authentication(module, min_version=None): + ensure_gitlab_package(module, min_version=min_version) gitlab_url = module.params['api_url'] validate_certs = module.params['validate_certs'] @@ -104,24 +111,16 @@ def gitlab_authentication(module): verify = ca_path if validate_certs and ca_path else validate_certs try: - # python-gitlab library remove support for username/password authentication since 1.13.0 - # Changelog : https://github.com/python-gitlab/python-gitlab/releases/tag/v1.13.0 - # This condition allow to still support older version of the python-gitlab library - if LooseVersion(gitlab.__version__) < LooseVersion("1.13.0"): - gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, email=gitlab_user, password=gitlab_password, - private_token=gitlab_token, api_version=4) - else: - # We can create an oauth_token using a username and password - # https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow - if gitlab_user: - data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password} - resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify) - resp_data = resp.json() - gitlab_oauth_token = resp_data["access_token"] - - gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token, - oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4) + # We can create an oauth_token using a username and password + # https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow + if gitlab_user: + data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password} + resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify) + resp_data = resp.json() + gitlab_oauth_token = resp_data["access_token"] + gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token, + oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4) gitlab_instance.auth() except (gitlab.exceptions.GitlabAuthenticationError, gitlab.exceptions.GitlabGetError) as e: module.fail_json(msg="Failed to connect to GitLab server: %s" % to_native(e)) diff --git a/plugins/module_utils/homebrew.py b/plugins/module_utils/homebrew.py new file mode 100644 index 0000000000..4b5c4672e4 --- /dev/null +++ b/plugins/module_utils/homebrew.py @@ -0,0 +1,142 @@ +# -*- coding: utf-8 -*- +# Copyright (c) Ansible project +# Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause) +# SPDX-License-Identifier: BSD-2-Clause + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import os +import re +from ansible.module_utils.six import string_types + + +def _create_regex_group_complement(s): + lines = (line.strip() for line in s.split("\n") if line.strip()) + chars = filter(None, (line.split("#")[0].strip() for line in lines)) + group = r"[^" + r"".join(chars) + r"]" + return re.compile(group) + + +class HomebrewValidate(object): + # class regexes ------------------------------------------------ {{{ + VALID_PATH_CHARS = r""" + \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) + \s # spaces + : # colons + {sep} # the OS-specific path separator + . # dots + \- # dashes + """.format( + sep=os.path.sep + ) + + VALID_BREW_PATH_CHARS = r""" + \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) + \s # spaces + {sep} # the OS-specific path separator + . # dots + \- # dashes + """.format( + sep=os.path.sep + ) + + VALID_PACKAGE_CHARS = r""" + \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) + . # dots + / # slash (for taps) + \+ # plusses + \- # dashes + : # colons (for URLs) + @ # at-sign + """ + + INVALID_PATH_REGEX = _create_regex_group_complement(VALID_PATH_CHARS) + INVALID_BREW_PATH_REGEX = _create_regex_group_complement(VALID_BREW_PATH_CHARS) + INVALID_PACKAGE_REGEX = _create_regex_group_complement(VALID_PACKAGE_CHARS) + # /class regexes ----------------------------------------------- }}} + + # class validations -------------------------------------------- {{{ + @classmethod + def valid_path(cls, path): + """ + `path` must be one of: + - list of paths + - a string containing only: + - alphanumeric characters + - dashes + - dots + - spaces + - colons + - os.path.sep + """ + + if isinstance(path, string_types): + return not cls.INVALID_PATH_REGEX.search(path) + + try: + iter(path) + except TypeError: + return False + else: + paths = path + return all(cls.valid_brew_path(path_) for path_ in paths) + + @classmethod + def valid_brew_path(cls, brew_path): + """ + `brew_path` must be one of: + - None + - a string containing only: + - alphanumeric characters + - dashes + - dots + - spaces + - os.path.sep + """ + + if brew_path is None: + return True + + return isinstance( + brew_path, string_types + ) and not cls.INVALID_BREW_PATH_REGEX.search(brew_path) + + @classmethod + def valid_package(cls, package): + """A valid package is either None or alphanumeric.""" + + if package is None: + return True + + return isinstance( + package, string_types + ) and not cls.INVALID_PACKAGE_REGEX.search(package) + + +def parse_brew_path(module): + # type: (...) -> str + """Attempt to find the Homebrew executable path. + + Requires: + - module has a `path` parameter + - path is a valid path string for the target OS. Otherwise, module.fail_json() + is called with msg="Invalid_path: ". + """ + path = module.params["path"] + if not HomebrewValidate.valid_path(path): + module.fail_json(msg="Invalid path: {0}".format(path)) + + if isinstance(path, string_types): + paths = path.split(":") + elif isinstance(path, list): + paths = path + else: + module.fail_json(msg="Invalid path: {0}".format(path)) + + brew_path = module.get_bin_path("brew", required=True, opt_dirs=paths) + if not HomebrewValidate.valid_brew_path(brew_path): + module.fail_json(msg="Invalid brew path: {0}".format(brew_path)) + + return brew_path diff --git a/plugins/module_utils/identity/keycloak/keycloak.py b/plugins/module_utils/identity/keycloak/keycloak.py index f576821e28..e008131913 100644 --- a/plugins/module_utils/identity/keycloak/keycloak.py +++ b/plugins/module_utils/identity/keycloak/keycloak.py @@ -19,6 +19,7 @@ from ansible.module_utils.common.text.converters import to_native, to_text URL_REALM_INFO = "{url}/realms/{realm}" URL_REALMS = "{url}/admin/realms" URL_REALM = "{url}/admin/realms/{realm}" +URL_REALM_KEYS_METADATA = "{url}/admin/realms/{realm}/keys" URL_TOKEN = "{url}/realms/{realm}/protocol/openid-connect/token" URL_CLIENT = "{url}/admin/realms/{realm}/clients/{id}" @@ -28,6 +29,9 @@ URL_CLIENT_ROLES = "{url}/admin/realms/{realm}/clients/{id}/roles" URL_CLIENT_ROLE = "{url}/admin/realms/{realm}/clients/{id}/roles/{name}" URL_CLIENT_ROLE_COMPOSITES = "{url}/admin/realms/{realm}/clients/{id}/roles/{name}/composites" +URL_CLIENT_ROLE_SCOPE_CLIENTS = "{url}/admin/realms/{realm}/clients/{id}/scope-mappings/clients/{scopeid}" +URL_CLIENT_ROLE_SCOPE_REALM = "{url}/admin/realms/{realm}/clients/{id}/scope-mappings/realm" + URL_REALM_ROLES = "{url}/admin/realms/{realm}/roles" URL_REALM_ROLE = "{url}/admin/realms/{realm}/roles/{name}" URL_REALM_ROLEMAPPINGS = "{url}/admin/realms/{realm}/users/{id}/role-mappings/realm" @@ -182,8 +186,7 @@ def get_token(module_params): 'password': auth_password, } # Remove empty items, for instance missing client_secret - payload = dict( - (k, v) for k, v in temp_payload.items() if v is not None) + payload = {k: v for k, v in temp_payload.items() if v is not None} try: r = json.loads(to_native(open_url(auth_url, method='POST', validate_certs=validate_certs, http_agent=http_agent, timeout=connection_timeout, @@ -304,6 +307,37 @@ class KeycloakAPI(object): self.module.fail_json(msg='Could not obtain realm %s: %s' % (realm, str(e)), exception=traceback.format_exc()) + def get_realm_keys_metadata_by_id(self, realm='master'): + """Obtain realm public info by id + + :param realm: realm id + + :return: None, or a 'KeysMetadataRepresentation' + (https://www.keycloak.org/docs-api/latest/rest-api/index.html#KeysMetadataRepresentation) + -- a dict containing the keys 'active' and 'keys', the former containing a mapping + from algorithms to key-ids, the latter containing a list of dicts with key + information. + """ + realm_keys_metadata_url = URL_REALM_KEYS_METADATA.format(url=self.baseurl, realm=realm) + + try: + return json.loads(to_native(open_url(realm_keys_metadata_url, method='GET', http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs).read())) + + except HTTPError as e: + if e.code == 404: + return None + else: + self.fail_open_url(e, msg='Could not obtain realm %s: %s' % (realm, str(e)), + exception=traceback.format_exc()) + except ValueError as e: + self.module.fail_json(msg='API returned incorrect JSON when trying to obtain realm %s: %s' % (realm, str(e)), + exception=traceback.format_exc()) + except Exception as e: + self.module.fail_json(msg='Could not obtain realm %s: %s' % (realm, str(e)), + exception=traceback.format_exc()) + def get_realm_by_id(self, realm='master'): """ Obtain realm representation by id @@ -1127,8 +1161,8 @@ class KeycloakAPI(object): # prefer an exception since this is almost certainly a programming error in the module itself. raise Exception("Unable to delete group - one of group ID or name must be provided.") - # only lookup the name if cid isn't provided. - # in the case that both are provided, prefer the ID, since it's one + # only lookup the name if cid is not provided. + # in the case that both are provided, prefer the ID, since it is one # less lookup. if cid is None and name is not None: for clientscope in self.get_clientscopes(realm=realm): @@ -1466,6 +1500,23 @@ class KeycloakAPI(object): self.module.fail_json(msg="Could not fetch group %s in realm %s: %s" % (gid, realm, str(e))) + def get_subgroups(self, parent, realm="master"): + if 'subGroupCount' in parent: + # Since version 23, when GETting a group Keycloak does not + # return subGroups but only a subGroupCount. + # Children must be fetched in a second request. + if parent['subGroupCount'] == 0: + group_children = [] + else: + group_children_url = URL_GROUP_CHILDREN.format(url=self.baseurl, realm=realm, groupid=parent['id']) + group_children = json.loads(to_native(open_url(group_children_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs).read())) + subgroups = group_children + else: + subgroups = parent['subGroups'] + return subgroups + def get_group_by_name(self, name, realm="master", parents=None): """ Fetch a keycloak group within a realm based on its name. @@ -1486,7 +1537,7 @@ class KeycloakAPI(object): if not parent: return None - all_groups = parent['subGroups'] + all_groups = self.get_subgroups(parent, realm) else: all_groups = self.get_groups(realm=realm) @@ -1535,7 +1586,7 @@ class KeycloakAPI(object): return None for p in name_chain[1:]: - for sg in tmp['subGroups']: + for sg in self.get_subgroups(tmp): pv, is_id = self._get_normed_group_parent(p) if is_id: @@ -1669,7 +1720,7 @@ class KeycloakAPI(object): raise Exception("Unable to delete group - one of group ID or name must be provided.") # only lookup the name if groupid isn't provided. - # in the case that both are provided, prefer the ID, since it's one + # in the case that both are provided, prefer the ID, since it is one # less lookup. if groupid is None and name is not None: for group in self.get_groups(realm=realm): @@ -2021,7 +2072,7 @@ class KeycloakAPI(object): def get_authentication_flow_by_alias(self, alias, realm='master'): """ - Get an authentication flow by it's alias + Get an authentication flow by its alias :param alias: Alias of the authentication flow to get. :param realm: Realm. :return: Authentication flow representation. @@ -3080,6 +3131,105 @@ class KeycloakAPI(object): except Exception: return False + def get_client_role_scope_from_client(self, clientid, clientscopeid, realm="master"): + """ Fetch the roles associated with the client's scope for a specific client on the Keycloak server. + :param clientid: ID of the client from which to obtain the associated roles. + :param clientscopeid: ID of the client who owns the roles. + :param realm: Realm from which to obtain the scope. + :return: The client scope of roles from specified client. + """ + client_role_scope_url = URL_CLIENT_ROLE_SCOPE_CLIENTS.format(url=self.baseurl, realm=realm, id=clientid, scopeid=clientscopeid) + try: + return json.loads(to_native(open_url(client_role_scope_url, method='GET', http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs).read())) + except Exception as e: + self.fail_open_url(e, msg='Could not fetch roles scope for client %s in realm %s: %s' % (clientid, realm, str(e))) + + def update_client_role_scope_from_client(self, payload, clientid, clientscopeid, realm="master"): + """ Update and fetch the roles associated with the client's scope on the Keycloak server. + :param payload: List of roles to be added to the scope. + :param clientid: ID of the client to update scope. + :param clientscopeid: ID of the client who owns the roles. + :param realm: Realm from which to obtain the clients. + :return: The client scope of roles from specified client. + """ + client_role_scope_url = URL_CLIENT_ROLE_SCOPE_CLIENTS.format(url=self.baseurl, realm=realm, id=clientid, scopeid=clientscopeid) + try: + open_url(client_role_scope_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, + data=json.dumps(payload), validate_certs=self.validate_certs) + + except Exception as e: + self.fail_open_url(e, msg='Could not update roles scope for client %s in realm %s: %s' % (clientid, realm, str(e))) + + return self.get_client_role_scope_from_client(clientid, clientscopeid, realm) + + def delete_client_role_scope_from_client(self, payload, clientid, clientscopeid, realm="master"): + """ Delete the roles contains in the payload from the client's scope on the Keycloak server. + :param payload: List of roles to be deleted. + :param clientid: ID of the client to delete roles from scope. + :param clientscopeid: ID of the client who owns the roles. + :param realm: Realm from which to obtain the clients. + :return: The client scope of roles from specified client. + """ + client_role_scope_url = URL_CLIENT_ROLE_SCOPE_CLIENTS.format(url=self.baseurl, realm=realm, id=clientid, scopeid=clientscopeid) + try: + open_url(client_role_scope_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, + data=json.dumps(payload), validate_certs=self.validate_certs) + + except Exception as e: + self.fail_open_url(e, msg='Could not delete roles scope for client %s in realm %s: %s' % (clientid, realm, str(e))) + + return self.get_client_role_scope_from_client(clientid, clientscopeid, realm) + + def get_client_role_scope_from_realm(self, clientid, realm="master"): + """ Fetch the realm roles from the client's scope on the Keycloak server. + :param clientid: ID of the client from which to obtain the associated realm roles. + :param realm: Realm from which to obtain the clients. + :return: The client realm roles scope. + """ + client_role_scope_url = URL_CLIENT_ROLE_SCOPE_REALM.format(url=self.baseurl, realm=realm, id=clientid) + try: + return json.loads(to_native(open_url(client_role_scope_url, method='GET', http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs).read())) + except Exception as e: + self.fail_open_url(e, msg='Could not fetch roles scope for client %s in realm %s: %s' % (clientid, realm, str(e))) + + def update_client_role_scope_from_realm(self, payload, clientid, realm="master"): + """ Update and fetch the realm roles from the client's scope on the Keycloak server. + :param payload: List of realm roles to add. + :param clientid: ID of the client to update scope. + :param realm: Realm from which to obtain the clients. + :return: The client realm roles scope. + """ + client_role_scope_url = URL_CLIENT_ROLE_SCOPE_REALM.format(url=self.baseurl, realm=realm, id=clientid) + try: + open_url(client_role_scope_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, + data=json.dumps(payload), validate_certs=self.validate_certs) + + except Exception as e: + self.fail_open_url(e, msg='Could not update roles scope for client %s in realm %s: %s' % (clientid, realm, str(e))) + + return self.get_client_role_scope_from_realm(clientid, realm) + + def delete_client_role_scope_from_realm(self, payload, clientid, realm="master"): + """ Delete the realm roles contains in the payload from the client's scope on the Keycloak server. + :param payload: List of realm roles to delete. + :param clientid: ID of the client to delete roles from scope. + :param realm: Realm from which to obtain the clients. + :return: The client realm roles scope. + """ + client_role_scope_url = URL_CLIENT_ROLE_SCOPE_REALM.format(url=self.baseurl, realm=realm, id=clientid) + try: + open_url(client_role_scope_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, + data=json.dumps(payload), validate_certs=self.validate_certs) + + except Exception as e: + self.fail_open_url(e, msg='Could not delete roles scope for client %s in realm %s: %s' % (clientid, realm, str(e))) + + return self.get_client_role_scope_from_realm(clientid, realm) + def fail_open_url(self, e, msg, **kwargs): try: if isinstance(e, HTTPError): diff --git a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py index 85caa8e16b..366322c9df 100644 --- a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py +++ b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py @@ -61,7 +61,7 @@ def keycloak_clientsecret_module_resolve_params(module, kc): client_id = module.params.get('client_id') # only lookup the client_id if id isn't provided. - # in the case that both are provided, prefer the ID, since it's one + # in the case that both are provided, prefer the ID, since it is one # less lookup. if id is None: # Due to the required_one_of spec, client_id is guaranteed to not be None diff --git a/plugins/module_utils/ilo_redfish_utils.py b/plugins/module_utils/ilo_redfish_utils.py index 9cb6e527a3..808583ae63 100644 --- a/plugins/module_utils/ilo_redfish_utils.py +++ b/plugins/module_utils/ilo_redfish_utils.py @@ -29,6 +29,7 @@ class iLORedfishUtils(RedfishUtils): result['ret'] = True data = response['data'] + current_session = None if 'Oem' in data: if data["Oem"]["Hpe"]["Links"]["MySession"]["@odata.id"]: current_session = data["Oem"]["Hpe"]["Links"]["MySession"]["@odata.id"] diff --git a/plugins/module_utils/ipa.py b/plugins/module_utils/ipa.py index eda9b4132b..fb63d5556b 100644 --- a/plugins/module_utils/ipa.py +++ b/plugins/module_utils/ipa.py @@ -104,7 +104,7 @@ class IPAClient(object): def get_ipa_version(self): response = self.ping()['summary'] - ipa_ver_regex = re.compile(r'IPA server version (\d\.\d\.\d).*') + ipa_ver_regex = re.compile(r'IPA server version (\d+\.\d+\.\d+).*') version_match = ipa_ver_regex.match(response) ipa_version = None if version_match: diff --git a/plugins/module_utils/mh/deco.py b/plugins/module_utils/mh/deco.py index 5138b212c7..408891cb8e 100644 --- a/plugins/module_utils/mh/deco.py +++ b/plugins/module_utils/mh/deco.py @@ -13,23 +13,27 @@ from functools import wraps from ansible_collections.community.general.plugins.module_utils.mh.exceptions import ModuleHelperException -def cause_changes(on_success=None, on_failure=None): +def cause_changes(on_success=None, on_failure=None, when=None): + # Parameters on_success and on_failure are deprecated and should be removed in community.general 12.0.0 def deco(func): - if on_success is None and on_failure is None: - return func - @wraps(func) - def wrapper(*args, **kwargs): + def wrapper(self, *args, **kwargs): try: - self = args[0] - func(*args, **kwargs) + func(self, *args, **kwargs) if on_success is not None: self.changed = on_success + elif when == "success": + self.changed = True except Exception: if on_failure is not None: self.changed = on_failure + elif when == "failure": + self.changed = True raise + finally: + if when == "always": + self.changed = True return wrapper @@ -41,17 +45,15 @@ def module_fails_on_exception(func): @wraps(func) def wrapper(self, *args, **kwargs): + def fix_key(k): + return k if k not in conflict_list else "_" + k + def fix_var_conflicts(output): - result = dict([ - (k if k not in conflict_list else "_" + k, v) - for k, v in output.items() - ]) + result = {fix_key(k): v for k, v in output.items()} return result try: func(self, *args, **kwargs) - except SystemExit: - raise except ModuleHelperException as e: if e.update_output: self.update_output(e.update_output) @@ -73,6 +75,7 @@ def check_mode_skip(func): def wrapper(self, *args, **kwargs): if not self.module.check_mode: return func(self, *args, **kwargs) + return wrapper @@ -87,7 +90,7 @@ def check_mode_skip_returns(callable=None, value=None): return func(self, *args, **kwargs) return wrapper_callable - if value is not None: + else: @wraps(func) def wrapper_value(self, *args, **kwargs): if self.module.check_mode: @@ -95,7 +98,4 @@ def check_mode_skip_returns(callable=None, value=None): return func(self, *args, **kwargs) return wrapper_value - if callable is None and value is None: - return check_mode_skip - return deco diff --git a/plugins/module_utils/mh/mixins/deps.py b/plugins/module_utils/mh/mixins/deps.py index 772df8c0e9..dd879ff4b2 100644 --- a/plugins/module_utils/mh/mixins/deps.py +++ b/plugins/module_utils/mh/mixins/deps.py @@ -7,13 +7,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -import traceback - -from ansible_collections.community.general.plugins.module_utils.mh.base import ModuleHelperBase -from ansible_collections.community.general.plugins.module_utils.mh.deco import module_fails_on_exception - class DependencyCtxMgr(object): + """ + DEPRECATION WARNING + + This class is deprecated and will be removed in community.general 11.0.0 + Modules should use plugins/module_utils/deps.py instead. + """ def __init__(self, name, msg=None): self.name = name self.msg = msg @@ -35,39 +36,3 @@ class DependencyCtxMgr(object): @property def text(self): return self.msg or str(self.exc_val) - - -class DependencyMixin(ModuleHelperBase): - """ - THIS CLASS IS BEING DEPRECATED. - See the deprecation notice in ``DependencyMixin.fail_on_missing_deps()`` below. - - Mixin for mapping module options to running a CLI command with its arguments. - """ - _dependencies = [] - - @classmethod - def dependency(cls, name, msg): - cls._dependencies.append(DependencyCtxMgr(name, msg)) - return cls._dependencies[-1] - - def fail_on_missing_deps(self): - if not self._dependencies: - return - self.module.deprecate( - 'The DependencyMixin is being deprecated. ' - 'Modules should use community.general.plugins.module_utils.deps instead.', - version='9.0.0', - collection_name='community.general', - ) - for d in self._dependencies: - if not d.has_it: - self.module.fail_json(changed=False, - exception="\n".join(traceback.format_exception(d.exc_type, d.exc_val, d.exc_tb)), - msg=d.text, - **self.output) - - @module_fails_on_exception - def run(self): - self.fail_on_missing_deps() - super(DependencyMixin, self).run() diff --git a/plugins/module_utils/mh/mixins/vars.py b/plugins/module_utils/mh/mixins/vars.py index 91f4e4a189..7db9904f93 100644 --- a/plugins/module_utils/mh/mixins/vars.py +++ b/plugins/module_utils/mh/mixins/vars.py @@ -14,7 +14,7 @@ class VarMeta(object): """ DEPRECATION WARNING - This class is deprecated and will be removed in community.general 10.0.0 + This class is deprecated and will be removed in community.general 11.0.0 Modules should use the VarDict from plugins/module_utils/vardict.py instead. """ @@ -70,7 +70,7 @@ class VarDict(object): """ DEPRECATION WARNING - This class is deprecated and will be removed in community.general 10.0.0 + This class is deprecated and will be removed in community.general 11.0.0 Modules should use the VarDict from plugins/module_utils/vardict.py instead. """ def __init__(self): @@ -113,7 +113,7 @@ class VarDict(object): self._meta[name] = meta def output(self): - return dict((k, v) for k, v in self._data.items() if self.meta(k).output) + return {k: v for k, v in self._data.items() if self.meta(k).output} def diff(self): diff_results = [(k, self.meta(k).diff_result) for k in self._data] @@ -125,7 +125,7 @@ class VarDict(object): return None def facts(self): - facts_result = dict((k, v) for k, v in self._data.items() if self._meta[k].fact) + facts_result = {k: v for k, v in self._data.items() if self._meta[k].fact} return facts_result if facts_result else None def change_vars(self): @@ -139,7 +139,7 @@ class VarsMixin(object): """ DEPRECATION WARNING - This class is deprecated and will be removed in community.general 10.0.0 + This class is deprecated and will be removed in community.general 11.0.0 Modules should use the VarDict from plugins/module_utils/vardict.py instead. """ def __init__(self, module=None): diff --git a/plugins/module_utils/mh/module_helper.py b/plugins/module_utils/mh/module_helper.py index c33efb16b9..ca95199d9b 100644 --- a/plugins/module_utils/mh/module_helper.py +++ b/plugins/module_utils/mh/module_helper.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# (c) 2020, Alexei Znamensky -# Copyright (c) 2020, Ansible Project +# (c) 2020-2024, Alexei Znamensky +# Copyright (c) 2020-2024, Ansible Project # Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause) # SPDX-License-Identifier: BSD-2-Clause @@ -10,23 +10,40 @@ __metaclass__ = type from ansible.module_utils.common.dict_transformations import dict_merge +from ansible_collections.community.general.plugins.module_utils.vardict import VarDict as _NewVarDict # remove "as NewVarDict" in 11.0.0 # (TODO: remove AnsibleModule!) pylint: disable-next=unused-import -from ansible_collections.community.general.plugins.module_utils.mh.base import ModuleHelperBase, AnsibleModule # noqa: F401 +from ansible_collections.community.general.plugins.module_utils.mh.base import AnsibleModule # noqa: F401 DEPRECATED, remove in 11.0.0 +from ansible_collections.community.general.plugins.module_utils.mh.base import ModuleHelperBase from ansible_collections.community.general.plugins.module_utils.mh.mixins.state import StateMixin -from ansible_collections.community.general.plugins.module_utils.mh.mixins.deps import DependencyMixin -from ansible_collections.community.general.plugins.module_utils.mh.mixins.vars import VarsMixin +# (TODO: remove mh.mixins.vars!) pylint: disable-next=unused-import +from ansible_collections.community.general.plugins.module_utils.mh.mixins.vars import VarsMixin, VarDict as _OldVarDict # noqa: F401 remove in 11.0.0 from ansible_collections.community.general.plugins.module_utils.mh.mixins.deprecate_attrs import DeprecateAttrsMixin -class ModuleHelper(DeprecateAttrsMixin, VarsMixin, DependencyMixin, ModuleHelperBase): +class ModuleHelper(DeprecateAttrsMixin, ModuleHelperBase): facts_name = None output_params = () diff_params = () change_params = () facts_params = () + use_old_vardict = True # remove in 11.0.0 + mute_vardict_deprecation = False def __init__(self, module=None): - super(ModuleHelper, self).__init__(module) + if self.use_old_vardict: # remove first half of the if in 11.0.0 + self.vars = _OldVarDict() + super(ModuleHelper, self).__init__(module) + if not self.mute_vardict_deprecation: + self.module.deprecate( + "This class is using the old VarDict from ModuleHelper, which is deprecated. " + "Set the class variable use_old_vardict to False and make the necessary adjustments." + "The old VarDict class will be removed in community.general 11.0.0", + version="11.0.0", collection_name="community.general" + ) + else: + self.vars = _NewVarDict() + super(ModuleHelper, self).__init__(module) + for name, value in self.module.params.items(): self.vars.set( name, value, @@ -36,6 +53,12 @@ class ModuleHelper(DeprecateAttrsMixin, VarsMixin, DependencyMixin, ModuleHelper fact=name in self.facts_params, ) + def update_vars(self, meta=None, **kwargs): + if meta is None: + meta = {} + for k, v in kwargs.items(): + self.vars.set(k, v, **meta) + def update_output(self, **kwargs): self.update_vars(meta={"output": True}, **kwargs) @@ -43,7 +66,10 @@ class ModuleHelper(DeprecateAttrsMixin, VarsMixin, DependencyMixin, ModuleHelper self.update_vars(meta={"fact": True}, **kwargs) def _vars_changed(self): - return any(self.vars.has_changed(v) for v in self.vars.change_vars()) + if self.use_old_vardict: + return any(self.vars.has_changed(v) for v in self.vars.change_vars()) + + return self.vars.has_changed def has_changed(self): return self.changed or self._vars_changed() diff --git a/plugins/module_utils/module_helper.py b/plugins/module_utils/module_helper.py index 5aa16c057a..366699329a 100644 --- a/plugins/module_utils/module_helper.py +++ b/plugins/module_utils/module_helper.py @@ -9,14 +9,14 @@ __metaclass__ = type # pylint: disable=unused-import - from ansible_collections.community.general.plugins.module_utils.mh.module_helper import ( - ModuleHelper, StateModuleHelper, AnsibleModule + ModuleHelper, StateModuleHelper, + AnsibleModule # remove in 11.0.0 ) -from ansible_collections.community.general.plugins.module_utils.mh.mixins.state import StateMixin # noqa: F401 -from ansible_collections.community.general.plugins.module_utils.mh.mixins.deps import DependencyCtxMgr, DependencyMixin # noqa: F401 +from ansible_collections.community.general.plugins.module_utils.mh.mixins.state import StateMixin # noqa: F401 remove in 11.0.0 +from ansible_collections.community.general.plugins.module_utils.mh.mixins.deps import DependencyCtxMgr # noqa: F401 remove in 11.0.0 from ansible_collections.community.general.plugins.module_utils.mh.exceptions import ModuleHelperException # noqa: F401 from ansible_collections.community.general.plugins.module_utils.mh.deco import ( cause_changes, module_fails_on_exception, check_mode_skip, check_mode_skip_returns, ) -from ansible_collections.community.general.plugins.module_utils.mh.mixins.vars import VarMeta, VarDict, VarsMixin # noqa: F401 +from ansible_collections.community.general.plugins.module_utils.mh.mixins.vars import VarMeta, VarDict, VarsMixin # noqa: F401 remove in 11.0.0 diff --git a/plugins/module_utils/ocapi_utils.py b/plugins/module_utils/ocapi_utils.py index 232c915060..8b8687199a 100644 --- a/plugins/module_utils/ocapi_utils.py +++ b/plugins/module_utils/ocapi_utils.py @@ -56,7 +56,7 @@ class OcapiUtils(object): follow_redirects='all', use_proxy=True, timeout=self.timeout) data = json.loads(to_native(resp.read())) - headers = dict((k.lower(), v) for (k, v) in resp.info().items()) + headers = {k.lower(): v for (k, v) in resp.info().items()} except HTTPError as e: return {'ret': False, 'msg': "HTTP Error %s on GET request to '%s'" @@ -86,7 +86,7 @@ class OcapiUtils(object): data = json.loads(to_native(resp.read())) else: data = "" - headers = dict((k.lower(), v) for (k, v) in resp.info().items()) + headers = {k.lower(): v for (k, v) in resp.info().items()} except HTTPError as e: return {'ret': False, 'msg': "HTTP Error %s on DELETE request to '%s'" @@ -113,7 +113,7 @@ class OcapiUtils(object): force_basic_auth=basic_auth, validate_certs=False, follow_redirects='all', use_proxy=True, timeout=self.timeout) - headers = dict((k.lower(), v) for (k, v) in resp.info().items()) + headers = {k.lower(): v for (k, v) in resp.info().items()} except HTTPError as e: return {'ret': False, 'msg': "HTTP Error %s on PUT request to '%s'" @@ -144,7 +144,7 @@ class OcapiUtils(object): force_basic_auth=basic_auth, validate_certs=False, follow_redirects='all', use_proxy=True, timeout=self.timeout if timeout is None else timeout) - headers = dict((k.lower(), v) for (k, v) in resp.info().items()) + headers = {k.lower(): v for (k, v) in resp.info().items()} except HTTPError as e: return {'ret': False, 'msg': "HTTP Error %s on POST request to '%s'" diff --git a/plugins/module_utils/opennebula.py b/plugins/module_utils/opennebula.py index 94732e4f7c..24833350c6 100644 --- a/plugins/module_utils/opennebula.py +++ b/plugins/module_utils/opennebula.py @@ -16,6 +16,7 @@ from ansible.module_utils.six import string_types from ansible.module_utils.basic import AnsibleModule +IMAGE_STATES = ['INIT', 'READY', 'USED', 'DISABLED', 'LOCKED', 'ERROR', 'CLONE', 'DELETE', 'USED_PERS', 'LOCKED_USED', 'LOCKED_USED_PERS'] HAS_PYONE = True try: @@ -347,3 +348,90 @@ class OpenNebulaModule: result: the Ansible result """ raise NotImplementedError("Method requires implementation") + + def get_image_list_id(self, image, element): + """ + This is a helper function for get_image_info to iterate over a simple list of objects + """ + list_of_id = [] + + if element == 'VMS': + image_list = image.VMS + if element == 'CLONES': + image_list = image.CLONES + if element == 'APP_CLONES': + image_list = image.APP_CLONES + + for iter in image_list.ID: + list_of_id.append( + # These are optional so firstly check for presence + getattr(iter, 'ID', 'Null'), + ) + return list_of_id + + def get_image_snapshots_list(self, image): + """ + This is a helper function for get_image_info to iterate over a dictionary + """ + list_of_snapshots = [] + + for iter in image.SNAPSHOTS.SNAPSHOT: + list_of_snapshots.append({ + 'date': iter['DATE'], + 'parent': iter['PARENT'], + 'size': iter['SIZE'], + # These are optional so firstly check for presence + 'allow_orhans': getattr(image.SNAPSHOTS, 'ALLOW_ORPHANS', 'Null'), + 'children': getattr(iter, 'CHILDREN', 'Null'), + 'active': getattr(iter, 'ACTIVE', 'Null'), + 'name': getattr(iter, 'NAME', 'Null'), + }) + return list_of_snapshots + + def get_image_info(self, image): + """ + This method is used by one_image and one_image_info modules to retrieve + information from XSD scheme of an image + Returns: a copy of the parameters that includes the resolved parameters. + """ + info = { + 'id': image.ID, + 'name': image.NAME, + 'state': IMAGE_STATES[image.STATE], + 'running_vms': image.RUNNING_VMS, + 'used': bool(image.RUNNING_VMS), + 'user_name': image.UNAME, + 'user_id': image.UID, + 'group_name': image.GNAME, + 'group_id': image.GID, + 'permissions': { + 'owner_u': image.PERMISSIONS.OWNER_U, + 'owner_m': image.PERMISSIONS.OWNER_M, + 'owner_a': image.PERMISSIONS.OWNER_A, + 'group_u': image.PERMISSIONS.GROUP_U, + 'group_m': image.PERMISSIONS.GROUP_M, + 'group_a': image.PERMISSIONS.GROUP_A, + 'other_u': image.PERMISSIONS.OTHER_U, + 'other_m': image.PERMISSIONS.OTHER_M, + 'other_a': image.PERMISSIONS.OTHER_A + }, + 'type': image.TYPE, + 'disk_type': image.DISK_TYPE, + 'persistent': image.PERSISTENT, + 'regtime': image.REGTIME, + 'source': image.SOURCE, + 'path': image.PATH, + 'fstype': getattr(image, 'FSTYPE', 'Null'), + 'size': image.SIZE, + 'cloning_ops': image.CLONING_OPS, + 'cloning_id': image.CLONING_ID, + 'target_snapshot': image.TARGET_SNAPSHOT, + 'datastore_id': image.DATASTORE_ID, + 'datastore': image.DATASTORE, + 'vms': self.get_image_list_id(image, 'VMS'), + 'clones': self.get_image_list_id(image, 'CLONES'), + 'app_clones': self.get_image_list_id(image, 'APP_CLONES'), + 'snapshots': self.get_image_snapshots_list(image), + 'template': image.TEMPLATE, + } + return info diff --git a/plugins/module_utils/pipx.py b/plugins/module_utils/pipx.py index a385ec93e7..de43f80b40 100644 --- a/plugins/module_utils/pipx.py +++ b/plugins/module_utils/pipx.py @@ -6,46 +6,101 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt as fmt + +import json + + +from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt + + +pipx_common_argspec = { + "global": dict(type='bool', default=False), + "executable": dict(type='path'), +} _state_map = dict( install='install', + install_all='install-all', present='install', uninstall='uninstall', absent='uninstall', uninstall_all='uninstall-all', inject='inject', + uninject='uninject', upgrade='upgrade', + upgrade_shared='upgrade-shared', upgrade_all='upgrade-all', reinstall='reinstall', reinstall_all='reinstall-all', + pin='pin', + unpin='unpin', ) def pipx_runner(module, command, **kwargs): + arg_formats = dict( + state=cmd_runner_fmt.as_map(_state_map), + name=cmd_runner_fmt.as_list(), + name_source=cmd_runner_fmt.as_func(cmd_runner_fmt.unpack_args(lambda n, s: [s] if s else [n])), + install_apps=cmd_runner_fmt.as_bool("--include-apps"), + install_deps=cmd_runner_fmt.as_bool("--include-deps"), + inject_packages=cmd_runner_fmt.as_list(), + force=cmd_runner_fmt.as_bool("--force"), + include_injected=cmd_runner_fmt.as_bool("--include-injected"), + index_url=cmd_runner_fmt.as_opt_val('--index-url'), + python=cmd_runner_fmt.as_opt_val('--python'), + system_site_packages=cmd_runner_fmt.as_bool("--system-site-packages"), + _list=cmd_runner_fmt.as_fixed(['list', '--include-injected', '--json']), + editable=cmd_runner_fmt.as_bool("--editable"), + pip_args=cmd_runner_fmt.as_opt_eq_val('--pip-args'), + suffix=cmd_runner_fmt.as_opt_val('--suffix'), + spec_metadata=cmd_runner_fmt.as_list(), + version=cmd_runner_fmt.as_fixed('--version'), + ) + arg_formats["global"] = cmd_runner_fmt.as_bool("--global") + runner = CmdRunner( module, command=command, - arg_formats=dict( - - state=fmt.as_map(_state_map), - name=fmt.as_list(), - name_source=fmt.as_func(fmt.unpack_args(lambda n, s: [s] if s else [n])), - install_apps=fmt.as_bool("--include-apps"), - install_deps=fmt.as_bool("--include-deps"), - inject_packages=fmt.as_list(), - force=fmt.as_bool("--force"), - include_injected=fmt.as_bool("--include-injected"), - index_url=fmt.as_opt_val('--index-url'), - python=fmt.as_opt_val('--python'), - system_site_packages=fmt.as_bool("--system-site-packages"), - _list=fmt.as_fixed(['list', '--include-injected', '--json']), - editable=fmt.as_bool("--editable"), - pip_args=fmt.as_opt_eq_val('--pip-args'), - ), + arg_formats=arg_formats, environ_update={'USE_EMOJI': '0'}, check_rc=True, **kwargs ) return runner + + +def make_process_list(mod_helper, **kwargs): + def process_list(rc, out, err): + if not out: + return [] + + results = [] + raw_data = json.loads(out) + if kwargs.get("include_raw"): + mod_helper.vars.raw_output = raw_data + + if kwargs["name"]: + if kwargs["name"] in raw_data['venvs']: + data = {kwargs["name"]: raw_data['venvs'][kwargs["name"]]} + else: + data = {} + else: + data = raw_data['venvs'] + + for venv_name, venv in data.items(): + entry = { + 'name': venv_name, + 'version': venv['metadata']['main_package']['package_version'], + 'pinned': venv['metadata']['main_package'].get('pinned'), + } + if kwargs.get("include_injected"): + entry['injected'] = {k: v['package_version'] for k, v in venv['metadata']['injected_packages'].items()} + if kwargs.get("include_deps"): + entry['dependencies'] = list(venv['metadata']['main_package']['app_paths_of_dependencies']) + results.append(entry) + + return results + + return process_list diff --git a/plugins/module_utils/proxmox.py b/plugins/module_utils/proxmox.py index 5fd783d654..b0037dacb3 100644 --- a/plugins/module_utils/proxmox.py +++ b/plugins/module_utils/proxmox.py @@ -8,6 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type import traceback +from time import sleep PROXMOXER_IMP_ERR = None try: @@ -29,6 +30,9 @@ def proxmox_auth_argument_spec(): required=True, fallback=(env_fallback, ['PROXMOX_HOST']) ), + api_port=dict(type='int', + fallback=(env_fallback, ['PROXMOX_PORT']) + ), api_user=dict(type='str', required=True, fallback=(env_fallback, ['PROXMOX_USER']) @@ -67,6 +71,8 @@ def ansible_to_proxmox_bool(value): class ProxmoxAnsible(object): """Base class for Proxmox modules""" + TASK_TIMED_OUT = 'timeout expired' + def __init__(self, module): if not HAS_PROXMOXER: module.fail_json(msg=missing_required_lib('proxmoxer'), exception=PROXMOXER_IMP_ERR) @@ -82,6 +88,7 @@ class ProxmoxAnsible(object): def _connect(self): api_host = self.module.params['api_host'] + api_port = self.module.params['api_port'] api_user = self.module.params['api_user'] api_password = self.module.params['api_password'] api_token_id = self.module.params['api_token_id'] @@ -89,6 +96,10 @@ class ProxmoxAnsible(object): validate_certs = self.module.params['validate_certs'] auth_args = {'user': api_user} + + if api_port: + auth_args['port'] = api_port + if api_password: auth_args['password'] = api_password else: @@ -159,6 +170,32 @@ class ProxmoxAnsible(object): except Exception as e: self.module.fail_json(msg='Unable to retrieve API task ID from node %s: %s' % (node, e)) + def api_task_complete(self, node_name, task_id, timeout): + """Wait until the task stops or times out. + + :param node_name: Proxmox node name where the task is running. + :param task_id: ID of the running task. + :param timeout: Timeout in seconds to wait for the task to complete. + :return: Task completion status (True/False) and ``exitstatus`` message when status=False. + """ + status = {} + while timeout: + try: + status = self.proxmox_api.nodes(node_name).tasks(task_id).status.get() + except Exception as e: + self.module.fail_json(msg='Unable to retrieve API task ID from node %s: %s' % (node_name, e)) + + if status['status'] == 'stopped': + if status['exitstatus'] == 'OK': + return True, None + else: + return False, status['exitstatus'] + else: + timeout -= 1 + if timeout <= 0: + return False, ProxmoxAnsible.TASK_TIMED_OUT + sleep(1) + def get_pool(self, poolid): """Retrieve pool information diff --git a/plugins/module_utils/puppet.py b/plugins/module_utils/puppet.py index 8d553a2d28..e06683b3ee 100644 --- a/plugins/module_utils/puppet.py +++ b/plugins/module_utils/puppet.py @@ -103,9 +103,11 @@ def puppet_runner(module): modulepath=cmd_runner_fmt.as_opt_eq_val("--modulepath"), _execute=cmd_runner_fmt.as_func(execute_func), summarize=cmd_runner_fmt.as_bool("--summarize"), + waitforlock=cmd_runner_fmt.as_opt_val("--waitforlock"), debug=cmd_runner_fmt.as_bool("--debug"), verbose=cmd_runner_fmt.as_bool("--verbose"), ), check_rc=False, + force_lang=module.params["environment_lang"], ) return runner diff --git a/plugins/module_utils/python_runner.py b/plugins/module_utils/python_runner.py new file mode 100644 index 0000000000..b65867c61e --- /dev/null +++ b/plugins/module_utils/python_runner.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +import os + +from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, _ensure_list + + +class PythonRunner(CmdRunner): + def __init__(self, module, command, arg_formats=None, default_args_order=(), + check_rc=False, force_lang="C", path_prefix=None, environ_update=None, + python="python", venv=None): + self.python = python + self.venv = venv + self.has_venv = venv is not None + + if (os.path.isabs(python) or '/' in python): + self.python = python + elif self.has_venv: + if path_prefix is None: + path_prefix = [] + path_prefix.append(os.path.join(venv, "bin")) + if environ_update is None: + environ_update = {} + environ_update["PATH"] = "%s:%s" % (":".join(path_prefix), os.environ["PATH"]) + environ_update["VIRTUAL_ENV"] = venv + + python_cmd = [self.python] + _ensure_list(command) + + super(PythonRunner, self).__init__(module, python_cmd, arg_formats, default_args_order, + check_rc, force_lang, path_prefix, environ_update) diff --git a/plugins/module_utils/rax.py b/plugins/module_utils/rax.py deleted file mode 100644 index 6331c0d1be..0000000000 --- a/plugins/module_utils/rax.py +++ /dev/null @@ -1,334 +0,0 @@ -# -*- coding: utf-8 -*- -# This code is part of Ansible, but is an independent component. -# This particular file snippet, and this file snippet only, is BSD licensed. -# Modules you write using this snippet, which is embedded dynamically by -# Ansible still belong to the author of the module, and may assign their own -# license to the complete work. -# -# Copyright (c), Michael DeHaan , 2012-2013 -# -# Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause) -# SPDX-License-Identifier: BSD-2-Clause - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - - -import os -import re -from uuid import UUID - -from ansible.module_utils.six import text_type, binary_type - -FINAL_STATUSES = ('ACTIVE', 'ERROR') -VOLUME_STATUS = ('available', 'attaching', 'creating', 'deleting', 'in-use', - 'error', 'error_deleting') - -CLB_ALGORITHMS = ['RANDOM', 'LEAST_CONNECTIONS', 'ROUND_ROBIN', - 'WEIGHTED_LEAST_CONNECTIONS', 'WEIGHTED_ROUND_ROBIN'] -CLB_PROTOCOLS = ['DNS_TCP', 'DNS_UDP', 'FTP', 'HTTP', 'HTTPS', 'IMAPS', - 'IMAPv4', 'LDAP', 'LDAPS', 'MYSQL', 'POP3', 'POP3S', 'SMTP', - 'TCP', 'TCP_CLIENT_FIRST', 'UDP', 'UDP_STREAM', 'SFTP'] - -NON_CALLABLES = (text_type, binary_type, bool, dict, int, list, type(None)) -PUBLIC_NET_ID = "00000000-0000-0000-0000-000000000000" -SERVICE_NET_ID = "11111111-1111-1111-1111-111111111111" - - -def rax_slugify(value): - """Prepend a key with rax_ and normalize the key name""" - return 'rax_%s' % (re.sub(r'[^\w-]', '_', value).lower().lstrip('_')) - - -def rax_clb_node_to_dict(obj): - """Function to convert a CLB Node object to a dict""" - if not obj: - return {} - node = obj.to_dict() - node['id'] = obj.id - node['weight'] = obj.weight - return node - - -def rax_to_dict(obj, obj_type='standard'): - """Generic function to convert a pyrax object to a dict - - obj_type values: - standard - clb - server - - """ - instance = {} - for key in dir(obj): - value = getattr(obj, key) - if obj_type == 'clb' and key == 'nodes': - instance[key] = [] - for node in value: - instance[key].append(rax_clb_node_to_dict(node)) - elif (isinstance(value, list) and len(value) > 0 and - not isinstance(value[0], NON_CALLABLES)): - instance[key] = [] - for item in value: - instance[key].append(rax_to_dict(item)) - elif (isinstance(value, NON_CALLABLES) and not key.startswith('_')): - if obj_type == 'server': - if key == 'image': - if not value: - instance['rax_boot_source'] = 'volume' - else: - instance['rax_boot_source'] = 'local' - key = rax_slugify(key) - instance[key] = value - - if obj_type == 'server': - for attr in ['id', 'accessIPv4', 'name', 'status']: - instance[attr] = instance.get(rax_slugify(attr)) - - return instance - - -def rax_find_bootable_volume(module, rax_module, server, exit=True): - """Find a servers bootable volume""" - cs = rax_module.cloudservers - cbs = rax_module.cloud_blockstorage - server_id = rax_module.utils.get_id(server) - volumes = cs.volumes.get_server_volumes(server_id) - bootable_volumes = [] - for volume in volumes: - vol = cbs.get(volume) - if module.boolean(vol.bootable): - bootable_volumes.append(vol) - if not bootable_volumes: - if exit: - module.fail_json(msg='No bootable volumes could be found for ' - 'server %s' % server_id) - else: - return False - elif len(bootable_volumes) > 1: - if exit: - module.fail_json(msg='Multiple bootable volumes found for server ' - '%s' % server_id) - else: - return False - - return bootable_volumes[0] - - -def rax_find_image(module, rax_module, image, exit=True): - """Find a server image by ID or Name""" - cs = rax_module.cloudservers - try: - UUID(image) - except ValueError: - try: - image = cs.images.find(human_id=image) - except (cs.exceptions.NotFound, cs.exceptions.NoUniqueMatch): - try: - image = cs.images.find(name=image) - except (cs.exceptions.NotFound, - cs.exceptions.NoUniqueMatch): - if exit: - module.fail_json(msg='No matching image found (%s)' % - image) - else: - return False - - return rax_module.utils.get_id(image) - - -def rax_find_volume(module, rax_module, name): - """Find a Block storage volume by ID or name""" - cbs = rax_module.cloud_blockstorage - try: - UUID(name) - volume = cbs.get(name) - except ValueError: - try: - volume = cbs.find(name=name) - except rax_module.exc.NotFound: - volume = None - except Exception as e: - module.fail_json(msg='%s' % e) - return volume - - -def rax_find_network(module, rax_module, network): - """Find a cloud network by ID or name""" - cnw = rax_module.cloud_networks - try: - UUID(network) - except ValueError: - if network.lower() == 'public': - return cnw.get_server_networks(PUBLIC_NET_ID) - elif network.lower() == 'private': - return cnw.get_server_networks(SERVICE_NET_ID) - else: - try: - network_obj = cnw.find_network_by_label(network) - except (rax_module.exceptions.NetworkNotFound, - rax_module.exceptions.NetworkLabelNotUnique): - module.fail_json(msg='No matching network found (%s)' % - network) - else: - return cnw.get_server_networks(network_obj) - else: - return cnw.get_server_networks(network) - - -def rax_find_server(module, rax_module, server): - """Find a Cloud Server by ID or name""" - cs = rax_module.cloudservers - try: - UUID(server) - server = cs.servers.get(server) - except ValueError: - servers = cs.servers.list(search_opts=dict(name='^%s$' % server)) - if not servers: - module.fail_json(msg='No Server was matched by name, ' - 'try using the Server ID instead') - if len(servers) > 1: - module.fail_json(msg='Multiple servers matched by name, ' - 'try using the Server ID instead') - - # We made it this far, grab the first and hopefully only server - # in the list - server = servers[0] - return server - - -def rax_find_loadbalancer(module, rax_module, loadbalancer): - """Find a Cloud Load Balancer by ID or name""" - clb = rax_module.cloud_loadbalancers - try: - found = clb.get(loadbalancer) - except Exception: - found = [] - for lb in clb.list(): - if loadbalancer == lb.name: - found.append(lb) - - if not found: - module.fail_json(msg='No loadbalancer was matched') - - if len(found) > 1: - module.fail_json(msg='Multiple loadbalancers matched') - - # We made it this far, grab the first and hopefully only item - # in the list - found = found[0] - - return found - - -def rax_argument_spec(): - """Return standard base dictionary used for the argument_spec - argument in AnsibleModule - - """ - return dict( - api_key=dict(type='str', aliases=['password'], no_log=True), - auth_endpoint=dict(type='str'), - credentials=dict(type='path', aliases=['creds_file']), - env=dict(type='str'), - identity_type=dict(type='str', default='rackspace'), - region=dict(type='str'), - tenant_id=dict(type='str'), - tenant_name=dict(type='str'), - username=dict(type='str'), - validate_certs=dict(type='bool', aliases=['verify_ssl']), - ) - - -def rax_required_together(): - """Return the default list used for the required_together argument to - AnsibleModule""" - return [['api_key', 'username']] - - -def setup_rax_module(module, rax_module, region_required=True): - """Set up pyrax in a standard way for all modules""" - rax_module.USER_AGENT = 'ansible/%s %s' % (module.ansible_version, - rax_module.USER_AGENT) - - api_key = module.params.get('api_key') - auth_endpoint = module.params.get('auth_endpoint') - credentials = module.params.get('credentials') - env = module.params.get('env') - identity_type = module.params.get('identity_type') - region = module.params.get('region') - tenant_id = module.params.get('tenant_id') - tenant_name = module.params.get('tenant_name') - username = module.params.get('username') - verify_ssl = module.params.get('validate_certs') - - if env is not None: - rax_module.set_environment(env) - - rax_module.set_setting('identity_type', identity_type) - if verify_ssl is not None: - rax_module.set_setting('verify_ssl', verify_ssl) - if auth_endpoint is not None: - rax_module.set_setting('auth_endpoint', auth_endpoint) - if tenant_id is not None: - rax_module.set_setting('tenant_id', tenant_id) - if tenant_name is not None: - rax_module.set_setting('tenant_name', tenant_name) - - try: - username = username or os.environ.get('RAX_USERNAME') - if not username: - username = rax_module.get_setting('keyring_username') - if username: - api_key = 'USE_KEYRING' - if not api_key: - api_key = os.environ.get('RAX_API_KEY') - credentials = (credentials or os.environ.get('RAX_CREDENTIALS') or - os.environ.get('RAX_CREDS_FILE')) - region = (region or os.environ.get('RAX_REGION') or - rax_module.get_setting('region')) - except KeyError as e: - module.fail_json(msg='Unable to load %s' % e.message) - - try: - if api_key and username: - if api_key == 'USE_KEYRING': - rax_module.keyring_auth(username, region=region) - else: - rax_module.set_credentials(username, api_key=api_key, - region=region) - elif credentials: - credentials = os.path.expanduser(credentials) - rax_module.set_credential_file(credentials, region=region) - else: - raise Exception('No credentials supplied!') - except Exception as e: - if e.message: - msg = str(e.message) - else: - msg = repr(e) - module.fail_json(msg=msg) - - if region_required and region not in rax_module.regions: - module.fail_json(msg='%s is not a valid region, must be one of: %s' % - (region, ','.join(rax_module.regions))) - - return rax_module - - -def rax_scaling_group_personality_file(module, files): - if not files: - return [] - - results = [] - for rpath, lpath in files.items(): - lpath = os.path.expanduser(lpath) - try: - with open(lpath, 'r') as f: - results.append({ - 'path': rpath, - 'contents': f.read(), - }) - except Exception as e: - module.fail_json(msg='Failed to load %s: %s' % (lpath, str(e))) - return results diff --git a/plugins/module_utils/redfish_utils.py b/plugins/module_utils/redfish_utils.py index 4c20571295..0a8cc37bcc 100644 --- a/plugins/module_utils/redfish_utils.py +++ b/plugins/module_utils/redfish_utils.py @@ -11,6 +11,7 @@ import os import random import string import gzip +import time from io import BytesIO from ansible.module_utils.urls import open_url from ansible.module_utils.common.text.converters import to_native @@ -41,7 +42,7 @@ FAIL_MSG = 'Issuing a data modification command without specifying the '\ class RedfishUtils(object): def __init__(self, creds, root_uri, timeout, module, resource_id=None, - data_modification=False, strip_etag_quotes=False): + data_modification=False, strip_etag_quotes=False, ciphers=None): self.root_uri = root_uri self.creds = creds self.timeout = timeout @@ -52,8 +53,8 @@ class RedfishUtils(object): self.resource_id = resource_id self.data_modification = data_modification self.strip_etag_quotes = strip_etag_quotes + self.ciphers = ciphers self._vendor = None - self._init_session() def _auth_params(self, headers): """ @@ -118,7 +119,7 @@ class RedfishUtils(object): # Note: This is also a fallthrough for properties that are # arrays of objects. Some services erroneously omit properties - # within arrays of objects when not configured, and it's + # within arrays of objects when not configured, and it is # expecting the client to provide them anyway. if req_pyld[prop] != cur_pyld[prop]: @@ -132,11 +133,13 @@ class RedfishUtils(object): return resp # The following functions are to send GET/POST/PATCH/DELETE requests - def get_request(self, uri, override_headers=None, allow_no_resp=False): + def get_request(self, uri, override_headers=None, allow_no_resp=False, timeout=None): req_headers = dict(GET_HEADERS) if override_headers: req_headers.update(override_headers) username, password, basic_auth = self._auth_params(req_headers) + if timeout is None: + timeout = self.timeout try: # Service root is an unauthenticated resource; remove credentials # in case the caller will be using sessions later. @@ -146,8 +149,8 @@ class RedfishUtils(object): url_username=username, url_password=password, force_basic_auth=basic_auth, validate_certs=False, follow_redirects='all', - use_proxy=True, timeout=self.timeout) - headers = dict((k.lower(), v) for (k, v) in resp.info().items()) + use_proxy=True, timeout=timeout, ciphers=self.ciphers) + headers = {k.lower(): v for (k, v) in resp.info().items()} try: if headers.get('content-encoding') == 'gzip' and LooseVersion(ansible_version) < LooseVersion('2.14'): # Older versions of Ansible do not automatically decompress the data @@ -161,11 +164,11 @@ class RedfishUtils(object): if not allow_no_resp: raise except HTTPError as e: - msg = self._get_extended_message(e) + msg, data = self._get_extended_message(e) return {'ret': False, 'msg': "HTTP Error %s on GET request to '%s', extended message: '%s'" % (e.code, uri, msg), - 'status': e.code} + 'status': e.code, 'data': data} except URLError as e: return {'ret': False, 'msg': "URL Error on GET request to '%s': '%s'" % (uri, e.reason)} @@ -196,19 +199,19 @@ class RedfishUtils(object): url_username=username, url_password=password, force_basic_auth=basic_auth, validate_certs=False, follow_redirects='all', - use_proxy=True, timeout=self.timeout) + use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) try: data = json.loads(to_native(resp.read())) except Exception as e: # No response data; this is okay in many cases data = None - headers = dict((k.lower(), v) for (k, v) in resp.info().items()) + headers = {k.lower(): v for (k, v) in resp.info().items()} except HTTPError as e: - msg = self._get_extended_message(e) + msg, data = self._get_extended_message(e) return {'ret': False, 'msg': "HTTP Error %s on POST request to '%s', extended message: '%s'" % (e.code, uri, msg), - 'status': e.code} + 'status': e.code, 'data': data} except URLError as e: return {'ret': False, 'msg': "URL Error on POST request to '%s': '%s'" % (uri, e.reason)} @@ -250,13 +253,13 @@ class RedfishUtils(object): url_username=username, url_password=password, force_basic_auth=basic_auth, validate_certs=False, follow_redirects='all', - use_proxy=True, timeout=self.timeout) + use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) except HTTPError as e: - msg = self._get_extended_message(e) + msg, data = self._get_extended_message(e) return {'ret': False, 'changed': False, 'msg': "HTTP Error %s on PATCH request to '%s', extended message: '%s'" % (e.code, uri, msg), - 'status': e.code} + 'status': e.code, 'data': data} except URLError as e: return {'ret': False, 'changed': False, 'msg': "URL Error on PATCH request to '%s': '%s'" % (uri, e.reason)} @@ -285,13 +288,13 @@ class RedfishUtils(object): url_username=username, url_password=password, force_basic_auth=basic_auth, validate_certs=False, follow_redirects='all', - use_proxy=True, timeout=self.timeout) + use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) except HTTPError as e: - msg = self._get_extended_message(e) + msg, data = self._get_extended_message(e) return {'ret': False, 'msg': "HTTP Error %s on PUT request to '%s', extended message: '%s'" % (e.code, uri, msg), - 'status': e.code} + 'status': e.code, 'data': data} except URLError as e: return {'ret': False, 'msg': "URL Error on PUT request to '%s': '%s'" % (uri, e.reason)} @@ -311,13 +314,13 @@ class RedfishUtils(object): url_username=username, url_password=password, force_basic_auth=basic_auth, validate_certs=False, follow_redirects='all', - use_proxy=True, timeout=self.timeout) + use_proxy=True, timeout=self.timeout, ciphers=self.ciphers) except HTTPError as e: - msg = self._get_extended_message(e) + msg, data = self._get_extended_message(e) return {'ret': False, 'msg': "HTTP Error %s on DELETE request to '%s', extended message: '%s'" % (e.code, uri, msg), - 'status': e.code} + 'status': e.code, 'data': data} except URLError as e: return {'ret': False, 'msg': "URL Error on DELETE request to '%s': '%s'" % (uri, e.reason)} @@ -387,8 +390,10 @@ class RedfishUtils(object): :param error: an HTTPError exception :type error: HTTPError :return: the ExtendedInfo message if present, else standard HTTP error + :return: the JSON data of the response if present """ msg = http_client.responses.get(error.code, '') + data = None if error.code >= 400: try: body = error.read().decode('utf-8') @@ -402,10 +407,10 @@ class RedfishUtils(object): msg = str(data['error']['@Message.ExtendedInfo']) except Exception: pass - return msg + return msg, data def _init_session(self): - pass + self.module.deprecate("Method _init_session is deprecated and will be removed.", version="11.0.0", collection_name="community.general") def _get_vendor(self): # If we got the vendor info once, don't get it again @@ -606,12 +611,13 @@ class RedfishUtils(object): data = response['data'] if 'Parameters' in data: params = data['Parameters'] - ai = dict((p['Name'], p) - for p in params if 'Name' in p) + ai = {p['Name']: p for p in params if 'Name' in p} if not ai: - ai = dict((k[:-24], - {'AllowableValues': v}) for k, v in action.items() - if k.endswith('@Redfish.AllowableValues')) + ai = { + k[:-24]: {'AllowableValues': v} + for k, v in action.items() + if k.endswith('@Redfish.AllowableValues') + } return ai def _get_allowable_values(self, action, name, default_values=None): @@ -624,6 +630,24 @@ class RedfishUtils(object): allowable_values = default_values return allowable_values + def check_service_availability(self): + """ + Checks if the service is accessible. + + :return: dict containing the status of the service + """ + + # Get the service root + # Override the timeout since the service root is expected to be readily + # available. + service_root = self.get_request(self.root_uri + self.service_root, timeout=10) + if service_root['ret'] is False: + # Failed, either due to a timeout or HTTP error; not available + return {'ret': True, 'available': False} + + # Successfully accessed the service root; available + return {'ret': True, 'available': True} + def get_logs(self): log_svcs_uri_list = [] list_of_logs = [] @@ -670,7 +694,7 @@ class RedfishUtils(object): entry[prop] = logEntry.get(prop) if entry: list_of_log_entries.append(entry) - log_name = log_svcs_uri.split('/')[-1] + log_name = log_svcs_uri.rstrip('/').split('/')[-1] logs[log_name] = list_of_log_entries list_of_logs.append(logs) @@ -841,6 +865,7 @@ class RedfishUtils(object): return response data = response['data'] controller_name = 'Controller 1' + storage_id = data['Id'] if 'Controllers' in data: controllers_uri = data['Controllers'][u'@odata.id'] @@ -875,6 +900,7 @@ class RedfishUtils(object): data = response['data'] drive_result = {} + drive_result['RedfishURI'] = data['@odata.id'] for property in properties: if property in data: if data[property] is not None: @@ -886,6 +912,7 @@ class RedfishUtils(object): drive_result[property] = data[property] drive_results.append(drive_result) drives = {'Controller': controller_name, + 'StorageId': storage_id, 'Drives': drive_results} result["entries"].append(drives) @@ -1024,7 +1051,7 @@ class RedfishUtils(object): if 'Drives' in data[u'Links']: for link in data[u'Links'][u'Drives']: drive_id_link = link[u'@odata.id'] - drive_id = drive_id_link.split("/")[-1] + drive_id = drive_id_link.rstrip('/').split('/')[-1] drive_id_list.append({'Id': drive_id}) volume_result['Linked_drives'] = drive_id_list volume_results.append(volume_result) @@ -1083,11 +1110,12 @@ class RedfishUtils(object): return self.manage_power(command, self.systems_uri, '#ComputerSystem.Reset') - def manage_manager_power(self, command): + def manage_manager_power(self, command, wait=False, wait_timeout=120): return self.manage_power(command, self.manager_uri, - '#Manager.Reset') + '#Manager.Reset', wait, wait_timeout) - def manage_power(self, command, resource_uri, action_name): + def manage_power(self, command, resource_uri, action_name, wait=False, + wait_timeout=120): key = "Actions" reset_type_values = ['On', 'ForceOff', 'GracefulShutdown', 'GracefulRestart', 'ForceRestart', 'Nmi', @@ -1147,34 +1175,123 @@ class RedfishUtils(object): response = self.post_request(self.root_uri + action_uri, payload) if response['ret'] is False: return response + + # If requested to wait for the service to be available again, block + # until it is ready + if wait: + elapsed_time = 0 + start_time = time.time() + # Start with a large enough sleep. Some services will process new + # requests while in the middle of shutting down, thus breaking out + # early. + time.sleep(30) + + # Periodically check for the service's availability. + while elapsed_time <= wait_timeout: + status = self.check_service_availability() + if status['available']: + # It is available; we are done + break + time.sleep(5) + elapsed_time = time.time() - start_time + + if elapsed_time > wait_timeout: + # Exhausted the wait timer; error + return {'ret': False, 'changed': True, + 'msg': 'The service did not become available after %d seconds' % wait_timeout} return {'ret': True, 'changed': True} - def _find_account_uri(self, username=None, acct_id=None): - if not any((username, acct_id)): - return {'ret': False, 'msg': - 'Must provide either account_id or account_username'} + def manager_reset_to_defaults(self, command): + return self.reset_to_defaults(command, self.manager_uri, + '#Manager.ResetToDefaults') - response = self.get_request(self.root_uri + self.accounts_uri) + def reset_to_defaults(self, command, resource_uri, action_name): + key = "Actions" + reset_type_values = ['ResetAll', + 'PreserveNetworkAndUsers', + 'PreserveNetwork'] + + if command not in reset_type_values: + return {'ret': False, 'msg': 'Invalid Command (%s)' % command} + + # read the resource and get the current power state + response = self.get_request(self.root_uri + resource_uri) if response['ret'] is False: return response data = response['data'] - uris = [a.get('@odata.id') for a in data.get('Members', []) if - a.get('@odata.id')] - for uri in uris: - response = self.get_request(self.root_uri + uri) + # get the reset Action and target URI + if key not in data or action_name not in data[key]: + return {'ret': False, 'msg': 'Action %s not found' % action_name} + reset_action = data[key][action_name] + if 'target' not in reset_action: + return {'ret': False, + 'msg': 'target URI missing from Action %s' % action_name} + action_uri = reset_action['target'] + + # get AllowableValues + ai = self._get_all_action_info_values(reset_action) + allowable_values = ai.get('ResetType', {}).get('AllowableValues', []) + + # map ResetType to an allowable value if needed + if allowable_values and command not in allowable_values: + return {'ret': False, + 'msg': 'Specified reset type (%s) not supported ' + 'by service. Supported types: %s' % + (command, allowable_values)} + + # define payload + payload = {'ResetType': command} + + # POST to Action URI + response = self.post_request(self.root_uri + action_uri, payload) + if response['ret'] is False: + return response + return {'ret': True, 'changed': True} + + def _find_account_uri(self, username=None, acct_id=None, password_change_uri=None): + if not any((username, acct_id)): + return {'ret': False, 'msg': + 'Must provide either account_id or account_username'} + + if password_change_uri: + # Password change required; go directly to the specified URI + response = self.get_request(self.root_uri + password_change_uri) if response['ret'] is False: - continue + return response data = response['data'] headers = response['headers'] if username: if username == data.get('UserName'): return {'ret': True, 'data': data, - 'headers': headers, 'uri': uri} + 'headers': headers, 'uri': password_change_uri} if acct_id: if acct_id == data.get('Id'): return {'ret': True, 'data': data, - 'headers': headers, 'uri': uri} + 'headers': headers, 'uri': password_change_uri} + else: + # Walk the accounts collection to find the desired user + response = self.get_request(self.root_uri + self.accounts_uri) + if response['ret'] is False: + return response + data = response['data'] + + uris = [a.get('@odata.id') for a in data.get('Members', []) if + a.get('@odata.id')] + for uri in uris: + response = self.get_request(self.root_uri + uri) + if response['ret'] is False: + continue + data = response['data'] + headers = response['headers'] + if username: + if username == data.get('UserName'): + return {'ret': True, 'data': data, + 'headers': headers, 'uri': uri} + if acct_id: + if acct_id == data.get('Id'): + return {'ret': True, 'data': data, + 'headers': headers, 'uri': uri} return {'ret': False, 'no_match': True, 'msg': 'No account with the given account_id or account_username found'} @@ -1395,7 +1512,8 @@ class RedfishUtils(object): 'Must provide account_password for UpdateUserPassword command'} response = self._find_account_uri(username=user.get('account_username'), - acct_id=user.get('account_id')) + acct_id=user.get('account_id'), + password_change_uri=user.get('account_passwordchangerequired')) if not response['ret']: return response @@ -1438,6 +1556,52 @@ class RedfishUtils(object): resp['msg'] = 'Modified account service' return resp + def update_user_accounttypes(self, user): + account_types = user.get('account_accounttypes') + oemaccount_types = user.get('account_oemaccounttypes') + if account_types is None and oemaccount_types is None: + return {'ret': False, 'msg': + 'Must provide account_accounttypes or account_oemaccounttypes for UpdateUserAccountTypes command'} + + response = self._find_account_uri(username=user.get('account_username'), + acct_id=user.get('account_id')) + if not response['ret']: + return response + + uri = response['uri'] + payload = {} + if user.get('account_accounttypes'): + payload['AccountTypes'] = user.get('account_accounttypes') + if user.get('account_oemaccounttypes'): + payload['OEMAccountTypes'] = user.get('account_oemaccounttypes') + + return self.patch_request(self.root_uri + uri, payload, check_pyld=True) + + def check_password_change_required(self, return_data): + """ + Checks a response if a user needs to change their password + + :param return_data: The return data for a failed request + :return: None or the URI of the account to update + """ + uri = None + if 'data' in return_data: + # Find the extended messages in the response payload + extended_messages = return_data['data'].get('error', {}).get('@Message.ExtendedInfo', []) + if len(extended_messages) == 0: + extended_messages = return_data['data'].get('@Message.ExtendedInfo', []) + # Go through each message and look for Base.1.X.PasswordChangeRequired + for message in extended_messages: + message_id = message.get('MessageId') + if message_id is None: + # While this is invalid, treat the lack of a MessageId as "no message" + continue + if message_id.startswith('Base.1.') and message_id.endswith('.PasswordChangeRequired'): + # Password change required; get the URI of the user account + uri = message['MessageArgs'][0] + break + return uri + def get_sessions(self): result = {} # listing all users has always been slower than other operations, why? @@ -1549,6 +1713,8 @@ class RedfishUtils(object): data = response['data'] + result['multipart_supported'] = 'MultipartHttpPushUri' in data + if "Actions" in data: actions = data['Actions'] if len(actions) > 0: @@ -1647,7 +1813,7 @@ class RedfishUtils(object): operation_results['status'] = data.get('TaskState', data.get('JobState')) operation_results['messages'] = data.get('Messages', []) else: - # Error response body, which is a bit of a misnomer since it's used in successful action responses + # Error response body, which is a bit of a misnomer since it is used in successful action responses operation_results['status'] = 'Completed' if response.status >= 400: operation_results['status'] = 'Exception' @@ -1766,6 +1932,9 @@ class RedfishUtils(object): targets = update_opts.get('update_targets') apply_time = update_opts.get('update_apply_time') oem_params = update_opts.get('update_oem_params') + custom_oem_header = update_opts.get('update_custom_oem_header') + custom_oem_mime_type = update_opts.get('update_custom_oem_mime_type') + custom_oem_params = update_opts.get('update_custom_oem_params') # Ensure the image file is provided if not image_file: @@ -1791,7 +1960,7 @@ class RedfishUtils(object): update_uri = data['MultipartHttpPushUri'] # Assemble the JSON payload portion of the request - payload = {"@Redfish.OperationApplyTime": "Immediate"} + payload = {} if targets: payload["Targets"] = targets if apply_time: @@ -1802,6 +1971,11 @@ class RedfishUtils(object): 'UpdateParameters': {'content': json.dumps(payload), 'mime_type': 'application/json'}, 'UpdateFile': {'filename': image_file, 'content': image_payload, 'mime_type': 'application/octet-stream'} } + if custom_oem_params: + multipart_payload[custom_oem_header] = {'content': custom_oem_params} + if custom_oem_mime_type: + multipart_payload[custom_oem_header]['mime_type'] = custom_oem_mime_type + response = self.post_request(self.root_uri + update_uri, multipart_payload, multipart=True) if response['ret'] is False: return response @@ -2145,7 +2319,7 @@ class RedfishUtils(object): continue # If already set to requested value, remove it from PATCH payload - if data[u'Attributes'][attr_name] == attributes[attr_name]: + if data[u'Attributes'][attr_name] == attr_value: del attrs_to_patch[attr_name] warning = "" @@ -2165,11 +2339,19 @@ class RedfishUtils(object): # Construct payload and issue PATCH command payload = {"Attributes": attrs_to_patch} + + # WORKAROUND + # Dell systems require manually setting the apply time to "OnReset" + # to spawn a proprietary job to apply the BIOS settings + vendor = self._get_vendor()['Vendor'] + if vendor == 'Dell': + payload.update({"@Redfish.SettingsApplyTime": {"ApplyTime": "OnReset"}}) + response = self.patch_request(self.root_uri + set_bios_attr_uri, payload) if response['ret'] is False: return response return {'ret': True, 'changed': True, - 'msg': "Modified BIOS attributes %s" % (attrs_to_patch), + 'msg': "Modified BIOS attributes %s. A reboot is required" % (attrs_to_patch), 'warning': warning} def set_boot_order(self, boot_list): @@ -2683,9 +2865,11 @@ class RedfishUtils(object): def virtual_media_insert_via_patch(self, options, param_map, uri, data, image_only=False): # get AllowableValues - ai = dict((k[:-24], - {'AllowableValues': v}) for k, v in data.items() - if k.endswith('@Redfish.AllowableValues')) + ai = { + k[:-24]: {'AllowableValues': v} + for k, v in data.items() + if k.endswith('@Redfish.AllowableValues') + } # construct payload payload = self._insert_virt_media_payload(options, param_map, data, ai) if 'Inserted' not in payload and not image_only: @@ -3276,7 +3460,7 @@ class RedfishUtils(object): # Capture list of URIs that match a specified HostInterface resource Id if hostinterface_id: - matching_hostinterface_uris = [uri for uri in uris if hostinterface_id in uri.split('/')[-1]] + matching_hostinterface_uris = [uri for uri in uris if hostinterface_id in uri.rstrip('/').split('/')[-1]] if hostinterface_id and matching_hostinterface_uris: hostinterface_uri = list.pop(matching_hostinterface_uris) elif hostinterface_id and not matching_hostinterface_uris: @@ -3395,12 +3579,12 @@ class RedfishUtils(object): result = {} if manager is None: if len(self.manager_uris) == 1: - manager = self.manager_uris[0].split('/')[-1] + manager = self.manager_uris[0].rstrip('/').split('/')[-1] elif len(self.manager_uris) > 1: entries = self.get_multi_manager_inventory()['entries'] managers = [m[0]['manager_uri'] for m in entries if m[1].get('ServiceIdentification')] if len(managers) == 1: - manager = managers[0].split('/')[-1] + manager = managers[0].rstrip('/').split('/')[-1] else: self.module.fail_json(msg=[ "Multiple managers with ServiceIdentification were found: %s" % str(managers), @@ -3432,7 +3616,7 @@ class RedfishUtils(object): def verify_bios_attributes(self, bios_attributes): # This method verifies BIOS attributes against the provided input - server_bios = self.get_multi_bios_attributes() + server_bios = self.get_bios_attributes(self.systems_uri) if server_bios["ret"] is False: return server_bios @@ -3441,8 +3625,8 @@ class RedfishUtils(object): # Verify bios_attributes with BIOS settings available in the server for key, value in bios_attributes.items(): - if key in server_bios["entries"][0][1]: - if server_bios["entries"][0][1][key] != value: + if key in server_bios["entries"]: + if server_bios["entries"][key] != value: bios_dict.update({key: value}) else: wrong_param.update({key: value}) @@ -3558,7 +3742,7 @@ class RedfishUtils(object): # Matching Storage Subsystem ID with user input self.storage_subsystem_uri = "" for storage_subsystem_uri in self.storage_subsystems_uris: - if storage_subsystem_uri.split("/")[-2] == storage_subsystem_id: + if storage_subsystem_uri.rstrip('/').split('/')[-1] == storage_subsystem_id: self.storage_subsystem_uri = storage_subsystem_uri if not self.storage_subsystem_uri: @@ -3586,7 +3770,7 @@ class RedfishUtils(object): # Delete each volume for volume in self.volume_uris: - if volume.split("/")[-1] in volume_ids: + if volume.rstrip('/').split('/')[-1] in volume_ids: response = self.delete_request(self.root_uri + volume) if response['ret'] is False: return response @@ -3594,7 +3778,7 @@ class RedfishUtils(object): return {'ret': True, 'changed': True, 'msg': "The following volumes were deleted: %s" % str(volume_ids)} - def create_volume(self, volume_details, storage_subsystem_id): + def create_volume(self, volume_details, storage_subsystem_id, storage_none_volume_deletion=False): # Find the Storage resource from the requested ComputerSystem resource response = self.get_request(self.root_uri + self.systems_uri) if response['ret'] is False: @@ -3620,7 +3804,7 @@ class RedfishUtils(object): # Matching Storage Subsystem ID with user input self.storage_subsystem_uri = "" for storage_subsystem_uri in self.storage_subsystems_uris: - if storage_subsystem_uri.split("/")[-2] == storage_subsystem_id: + if storage_subsystem_uri.rstrip('/').split('/')[-1] == storage_subsystem_id: self.storage_subsystem_uri = storage_subsystem_uri if not self.storage_subsystem_uri: @@ -3629,8 +3813,8 @@ class RedfishUtils(object): 'msg': "Provided Storage Subsystem ID %s does not exist on the server" % storage_subsystem_id} # Validate input parameters - required_parameters = ['RAIDType', 'Drives', 'CapacityBytes'] - allowed_parameters = ['DisplayName', 'InitializeMethod', 'MediaSpanCount', + required_parameters = ['RAIDType', 'Drives'] + allowed_parameters = ['CapacityBytes', 'DisplayName', 'InitializeMethod', 'MediaSpanCount', 'Name', 'ReadCachePolicy', 'StripSizeBytes', 'VolumeUsage', 'WriteCachePolicy'] for parameter in required_parameters: @@ -3646,22 +3830,23 @@ class RedfishUtils(object): data = response['data'] # Deleting any volumes of RAIDType None present on the Storage Subsystem - response = self.get_request(self.root_uri + data['Volumes']['@odata.id']) - if response['ret'] is False: - return response - volume_data = response['data'] + if storage_none_volume_deletion: + response = self.get_request(self.root_uri + data['Volumes']['@odata.id']) + if response['ret'] is False: + return response + volume_data = response['data'] - if "Members" in volume_data: - for member in volume_data["Members"]: - response = self.get_request(self.root_uri + member['@odata.id']) - if response['ret'] is False: - return response - member_data = response['data'] - - if member_data["RAIDType"] == "None": - response = self.delete_request(self.root_uri + member['@odata.id']) + if "Members" in volume_data: + for member in volume_data["Members"]: + response = self.get_request(self.root_uri + member['@odata.id']) if response['ret'] is False: return response + member_data = response['data'] + + if member_data["RAIDType"] == "None": + response = self.delete_request(self.root_uri + member['@odata.id']) + if response['ret'] is False: + return response # Construct payload and issue POST command to create volume volume_details["Links"] = {} @@ -3736,7 +3921,7 @@ class RedfishUtils(object): vendor = self._get_vendor()['Vendor'] rsp_uri = "" for loc in resp_data['Location']: - if loc['Language'] == "en": + if loc['Language'].startswith("en"): rsp_uri = loc['Uri'] if vendor == 'HPE': # WORKAROUND @@ -3766,3 +3951,21 @@ class RedfishUtils(object): "rsp_uri": rsp_uri } return res + + def get_accountservice_properties(self): + # Find the AccountService resource + response = self.get_request(self.root_uri + self.service_root) + if response['ret'] is False: + return response + data = response['data'] + accountservice_uri = data.get("AccountService", {}).get("@odata.id") + if accountservice_uri is None: + return {'ret': False, 'msg': "AccountService resource not found"} + + response = self.get_request(self.root_uri + accountservice_uri) + if response['ret'] is False: + return response + return { + 'ret': True, + 'entries': response['data'] + } diff --git a/plugins/module_utils/redhat.py b/plugins/module_utils/redhat.py deleted file mode 100644 index 110159ddfc..0000000000 --- a/plugins/module_utils/redhat.py +++ /dev/null @@ -1,316 +0,0 @@ -# -*- coding: utf-8 -*- -# This code is part of Ansible, but is an independent component. -# This particular file snippet, and this file snippet only, is BSD licensed. -# Modules you write using this snippet, which is embedded dynamically by Ansible -# still belong to the author of the module, and may assign their own license -# to the complete work. -# -# Copyright (c), James Laska -# -# Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause) -# SPDX-License-Identifier: BSD-2-Clause - -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - - -import os -import re -import shutil -import tempfile -import types - -from ansible.module_utils.six.moves import configparser - - -class RegistrationBase(object): - """ - DEPRECATION WARNING - - This class is deprecated and will be removed in community.general 10.0.0. - There is no replacement for it; please contact the community.general - maintainers in case you are using it. - """ - - def __init__(self, module, username=None, password=None): - self.module = module - self.username = username - self.password = password - - def configure(self): - raise NotImplementedError("Must be implemented by a sub-class") - - def enable(self): - # Remove any existing redhat.repo - redhat_repo = '/etc/yum.repos.d/redhat.repo' - if os.path.isfile(redhat_repo): - os.unlink(redhat_repo) - - def register(self): - raise NotImplementedError("Must be implemented by a sub-class") - - def unregister(self): - raise NotImplementedError("Must be implemented by a sub-class") - - def unsubscribe(self): - raise NotImplementedError("Must be implemented by a sub-class") - - def update_plugin_conf(self, plugin, enabled=True): - plugin_conf = '/etc/yum/pluginconf.d/%s.conf' % plugin - - if os.path.isfile(plugin_conf): - tmpfd, tmpfile = tempfile.mkstemp() - shutil.copy2(plugin_conf, tmpfile) - cfg = configparser.ConfigParser() - cfg.read([tmpfile]) - - if enabled: - cfg.set('main', 'enabled', 1) - else: - cfg.set('main', 'enabled', 0) - - fd = open(tmpfile, 'w+') - cfg.write(fd) - fd.close() - self.module.atomic_move(tmpfile, plugin_conf) - - def subscribe(self, **kwargs): - raise NotImplementedError("Must be implemented by a sub-class") - - -class Rhsm(RegistrationBase): - """ - DEPRECATION WARNING - - This class is deprecated and will be removed in community.general 9.0.0. - There is no replacement for it; please contact the community.general - maintainers in case you are using it. - """ - - def __init__(self, module, username=None, password=None): - RegistrationBase.__init__(self, module, username, password) - self.config = self._read_config() - self.module = module - self.module.deprecate( - 'The Rhsm class is deprecated with no replacement.', - version='9.0.0', - collection_name='community.general', - ) - - def _read_config(self, rhsm_conf='/etc/rhsm/rhsm.conf'): - ''' - Load RHSM configuration from /etc/rhsm/rhsm.conf. - Returns: - * ConfigParser object - ''' - - # Read RHSM defaults ... - cp = configparser.ConfigParser() - cp.read(rhsm_conf) - - # Add support for specifying a default value w/o having to standup some configuration - # Yeah, I know this should be subclassed ... but, oh well - def get_option_default(self, key, default=''): - sect, opt = key.split('.', 1) - if self.has_section(sect) and self.has_option(sect, opt): - return self.get(sect, opt) - else: - return default - - cp.get_option = types.MethodType(get_option_default, cp, configparser.ConfigParser) - - return cp - - def enable(self): - ''' - Enable the system to receive updates from subscription-manager. - This involves updating affected yum plugins and removing any - conflicting yum repositories. - ''' - RegistrationBase.enable(self) - self.update_plugin_conf('rhnplugin', False) - self.update_plugin_conf('subscription-manager', True) - - def configure(self, **kwargs): - ''' - Configure the system as directed for registration with RHN - Raises: - * Exception - if error occurs while running command - ''' - args = ['subscription-manager', 'config'] - - # Pass supplied **kwargs as parameters to subscription-manager. Ignore - # non-configuration parameters and replace '_' with '.'. For example, - # 'server_hostname' becomes '--system.hostname'. - for k, v in kwargs.items(): - if re.search(r'^(system|rhsm)_', k): - args.append('--%s=%s' % (k.replace('_', '.'), v)) - - self.module.run_command(args, check_rc=True) - - @property - def is_registered(self): - ''' - Determine whether the current system - Returns: - * Boolean - whether the current system is currently registered to - RHN. - ''' - args = ['subscription-manager', 'identity'] - rc, stdout, stderr = self.module.run_command(args, check_rc=False) - if rc == 0: - return True - else: - return False - - def register(self, username, password, autosubscribe, activationkey): - ''' - Register the current system to the provided RHN server - Raises: - * Exception - if error occurs while running command - ''' - args = ['subscription-manager', 'register'] - - # Generate command arguments - if activationkey: - args.append('--activationkey "%s"' % activationkey) - else: - if autosubscribe: - args.append('--autosubscribe') - if username: - args.extend(['--username', username]) - if password: - args.extend(['--password', password]) - - # Do the needful... - rc, stderr, stdout = self.module.run_command(args, check_rc=True) - - def unsubscribe(self): - ''' - Unsubscribe a system from all subscribed channels - Raises: - * Exception - if error occurs while running command - ''' - args = ['subscription-manager', 'unsubscribe', '--all'] - rc, stderr, stdout = self.module.run_command(args, check_rc=True) - - def unregister(self): - ''' - Unregister a currently registered system - Raises: - * Exception - if error occurs while running command - ''' - args = ['subscription-manager', 'unregister'] - rc, stderr, stdout = self.module.run_command(args, check_rc=True) - self.update_plugin_conf('rhnplugin', False) - self.update_plugin_conf('subscription-manager', False) - - def subscribe(self, regexp): - ''' - Subscribe current system to available pools matching the specified - regular expression - Raises: - * Exception - if error occurs while running command - ''' - - # Available pools ready for subscription - available_pools = RhsmPools(self.module) - - for pool in available_pools.filter(regexp): - pool.subscribe() - - -class RhsmPool(object): - """ - Convenience class for housing subscription information - - DEPRECATION WARNING - - This class is deprecated and will be removed in community.general 9.0.0. - There is no replacement for it; please contact the community.general - maintainers in case you are using it. - """ - - def __init__(self, module, **kwargs): - self.module = module - for k, v in kwargs.items(): - setattr(self, k, v) - self.module.deprecate( - 'The RhsmPool class is deprecated with no replacement.', - version='9.0.0', - collection_name='community.general', - ) - - def __str__(self): - return str(self.__getattribute__('_name')) - - def subscribe(self): - args = "subscription-manager subscribe --pool %s" % self.PoolId - rc, stdout, stderr = self.module.run_command(args, check_rc=True) - if rc == 0: - return True - else: - return False - - -class RhsmPools(object): - """ - This class is used for manipulating pools subscriptions with RHSM - - DEPRECATION WARNING - - This class is deprecated and will be removed in community.general 9.0.0. - There is no replacement for it; please contact the community.general - maintainers in case you are using it. - """ - - def __init__(self, module): - self.module = module - self.products = self._load_product_list() - self.module.deprecate( - 'The RhsmPools class is deprecated with no replacement.', - version='9.0.0', - collection_name='community.general', - ) - - def __iter__(self): - return self.products.__iter__() - - def _load_product_list(self): - """ - Loads list of all available pools for system in data structure - """ - args = "subscription-manager list --available" - rc, stdout, stderr = self.module.run_command(args, check_rc=True) - - products = [] - for line in stdout.split('\n'): - # Remove leading+trailing whitespace - line = line.strip() - # An empty line implies the end of an output group - if len(line) == 0: - continue - # If a colon ':' is found, parse - elif ':' in line: - (key, value) = line.split(':', 1) - key = key.strip().replace(" ", "") # To unify - value = value.strip() - if key in ['ProductName', 'SubscriptionName']: - # Remember the name for later processing - products.append(RhsmPool(self.module, _name=value, key=value)) - elif products: - # Associate value with most recently recorded product - products[-1].__setattr__(key, value) - # FIXME - log some warning? - # else: - # warnings.warn("Unhandled subscription key/value: %s/%s" % (key,value)) - return products - - def filter(self, regexp='^$'): - ''' - Return a list of RhsmPools whose name matches the provided regular expression - ''' - r = re.compile(regexp) - for product in self.products: - if r.search(product._name): - yield product diff --git a/plugins/module_utils/redis.py b/plugins/module_utils/redis.py index c4d87aca51..e823f966dc 100644 --- a/plugins/module_utils/redis.py +++ b/plugins/module_utils/redis.py @@ -57,7 +57,9 @@ def redis_auth_argument_spec(tls_default=True): validate_certs=dict(type='bool', default=True ), - ca_certs=dict(type='str') + ca_certs=dict(type='str'), + client_cert_file=dict(type='str'), + client_key_file=dict(type='str'), ) @@ -71,6 +73,8 @@ def redis_auth_params(module): ca_certs = module.params['ca_certs'] if tls and ca_certs is None: ca_certs = str(certifi.where()) + client_cert_file = module.params['client_cert_file'] + client_key_file = module.params['client_key_file'] if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None: module.fail_json( msg='The option `username` in only supported with redis >= 3.4.0.') @@ -78,6 +82,8 @@ def redis_auth_params(module): 'port': login_port, 'password': login_password, 'ssl_ca_certs': ca_certs, + 'ssl_certfile': client_cert_file, + 'ssl_keyfile': client_key_file, 'ssl_cert_reqs': validate_certs, 'ssl': tls} if login_user is not None: diff --git a/plugins/module_utils/rundeck.py b/plugins/module_utils/rundeck.py index 7df68a3603..cffca7b4ee 100644 --- a/plugins/module_utils/rundeck.py +++ b/plugins/module_utils/rundeck.py @@ -28,7 +28,7 @@ def api_argument_spec(): return api_argument_spec -def api_request(module, endpoint, data=None, method="GET"): +def api_request(module, endpoint, data=None, method="GET", content_type="application/json"): """Manages Rundeck API requests via HTTP(S) :arg module: The AnsibleModule (used to get url, api_version, api_token, etc). @@ -63,7 +63,7 @@ def api_request(module, endpoint, data=None, method="GET"): data=json.dumps(data), method=method, headers={ - "Content-Type": "application/json", + "Content-Type": content_type, "Accept": "application/json", "X-Rundeck-Auth-Token": module.params["api_token"] } diff --git a/plugins/module_utils/scaleway.py b/plugins/module_utils/scaleway.py index 67b821103a..4768aafc9c 100644 --- a/plugins/module_utils/scaleway.py +++ b/plugins/module_utils/scaleway.py @@ -17,6 +17,10 @@ from ansible.module_utils.basic import env_fallback, missing_required_lib from ansible.module_utils.urls import fetch_url from ansible.module_utils.six.moves.urllib.parse import urlencode +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + SCALEWAY_SECRET_IMP_ERR = None try: from passlib.hash import argon2 @@ -47,11 +51,11 @@ def scaleway_waitable_resource_argument_spec(): def payload_from_object(scw_object): - return dict( - (k, v) + return { + k: v for k, v in scw_object.items() if k != 'id' and v is not None - ) + } class ScalewayException(Exception): @@ -113,10 +117,7 @@ class SecretVariables(object): @staticmethod def list_to_dict(source_list, hashed=False): key_value = 'hashed_value' if hashed else 'value' - return dict( - (var['key'], var[key_value]) - for var in source_list - ) + return {var['key']: var[key_value] for var in source_list} @classmethod def decode(cls, secrets_list, values_list): @@ -139,7 +140,7 @@ def resource_attributes_should_be_changed(target, wished, verifiable_mutable_att diff[attr] = wished[attr] if diff: - return dict((attr, wished[attr]) for attr in mutable_attributes) + return {attr: wished[attr] for attr in mutable_attributes} else: return diff @@ -306,10 +307,10 @@ class Scaleway(object): # Prevent requesting the resource status too soon time.sleep(wait_sleep_time) - start = datetime.datetime.utcnow() + start = now() end = start + datetime.timedelta(seconds=wait_timeout) - while datetime.datetime.utcnow() < end: + while now() < end: self.module.debug("We are going to wait for the resource to finish its transition") state = self.fetch_state(resource) diff --git a/plugins/module_utils/vardict.py b/plugins/module_utils/vardict.py index cfcce4d4d2..9bd104ce37 100644 --- a/plugins/module_utils/vardict.py +++ b/plugins/module_utils/vardict.py @@ -100,7 +100,7 @@ class _Variable(object): return def __str__(self): - return "<_Variable: value={0!r}, initial={1!r}, diff={2}, output={3}, change={4}, verbosity={5}>".format( + return "".format( self.value, self.initial_value, self.diff, self.output, self.change, self.verbosity ) @@ -175,18 +175,18 @@ class VarDict(object): self.__vars__[name] = var def output(self, verbosity=0): - return dict((n, v.value) for n, v in self.__vars__.items() if v.output and v.is_visible(verbosity)) + return {n: v.value for n, v in self.__vars__.items() if v.output and v.is_visible(verbosity)} def diff(self, verbosity=0): diff_results = [(n, v.diff_result) for n, v in self.__vars__.items() if v.diff_result and v.is_visible(verbosity)] if diff_results: - before = dict((n, dr['before']) for n, dr in diff_results) - after = dict((n, dr['after']) for n, dr in diff_results) + before = {n: dr['before'] for n, dr in diff_results} + after = {n: dr['after'] for n, dr in diff_results} return {'before': before, 'after': after} return None def facts(self, verbosity=0): - facts_result = dict((n, v.value) for n, v in self.__vars__.items() if v.fact and v.is_visible(verbosity)) + facts_result = {n: v.value for n, v in self.__vars__.items() if v.fact and v.is_visible(verbosity)} return facts_result if facts_result else None @property @@ -194,4 +194,4 @@ class VarDict(object): return any(var.has_changed for var in self.__vars__.values()) def as_dict(self): - return dict((name, var.value) for name, var in self.__vars__.items()) + return {name: var.value for name, var in self.__vars__.items()} diff --git a/plugins/module_utils/wdc_redfish_utils.py b/plugins/module_utils/wdc_redfish_utils.py index bc4b0c2cd0..8c6fd71bf8 100644 --- a/plugins/module_utils/wdc_redfish_utils.py +++ b/plugins/module_utils/wdc_redfish_utils.py @@ -11,6 +11,7 @@ import datetime import re import time import tarfile +import os from ansible.module_utils.urls import fetch_file from ansible_collections.community.general.plugins.module_utils.redfish_utils import RedfishUtils @@ -79,19 +80,25 @@ class WdcRedfishUtils(RedfishUtils): return response return self._find_updateservice_additional_uris() - def _is_enclosure_multi_tenant(self): + def _is_enclosure_multi_tenant_and_fetch_gen(self): """Determine if the enclosure is multi-tenant. The serial number of a multi-tenant enclosure will end in "-A" or "-B". + Fetching enclsoure generation. - :return: True/False if the enclosure is multi-tenant or not; None if unable to determine. + :return: True/False if the enclosure is multi-tenant or not and return enclosure generation; + None if unable to determine. """ response = self.get_request(self.root_uri + self.service_root + "Chassis/Enclosure") if response['ret'] is False: return None pattern = r".*-[A,B]" data = response['data'] - return re.match(pattern, data['SerialNumber']) is not None + if 'EnclVersion' not in data: + enc_version = 'G1' + else: + enc_version = data['EnclVersion'] + return re.match(pattern, data['SerialNumber']) is not None, enc_version def _find_updateservice_additional_uris(self): """Find & set WDC-specific update service URIs""" @@ -180,15 +187,44 @@ class WdcRedfishUtils(RedfishUtils): To determine if the bundle is multi-tenant or not, it looks inside the .bin file within the tarfile, and checks the appropriate byte in the file. + If not tarfile, the bundle is checked for 2048th byte to determine whether it is Gen2 bundle. + Gen2 is always single tenant at this time. + :param str bundle_uri: HTTP URI of the firmware bundle. - :return: Firmware version number contained in the bundle, and whether or not the bundle is multi-tenant. - Either value will be None if unable to determine. + :return: Firmware version number contained in the bundle, whether or not the bundle is multi-tenant + and bundle generation. Either value will be None if unable to determine. :rtype: str or None, bool or None """ bundle_temp_filename = fetch_file(module=self.module, url=bundle_uri) + bundle_version = None + is_multi_tenant = None + gen = None + + # If not tarfile, then if the file has "MMG2" or "DPG2" at 2048th byte + # then the bundle is for MM or DP G2 if not tarfile.is_tarfile(bundle_temp_filename): - return None, None + cookie1 = None + with open(bundle_temp_filename, "rb") as bundle_file: + file_size = os.path.getsize(bundle_temp_filename) + if file_size >= 2052: + bundle_file.seek(2048) + cookie1 = bundle_file.read(4) + # It is anticipated that DP firmware bundle will be having the value "DPG2" + # for cookie1 in the header + if cookie1 and cookie1.decode("utf8") == "MMG2" or cookie1.decode("utf8") == "DPG2": + file_name, ext = os.path.splitext(str(bundle_uri.rsplit('/', 1)[1])) + # G2 bundle file name: Ultrastar-Data102_3000_SEP_1010-032_2.1.12 + parsedFileName = file_name.split('_') + if len(parsedFileName) == 5: + bundle_version = parsedFileName[4] + # MM G2 is always single tanant + is_multi_tenant = False + gen = "G2" + + return bundle_version, is_multi_tenant, gen + + # Bundle is for MM or DP G1 tf = tarfile.open(bundle_temp_filename) pattern_pkg = r"oobm-(.+)\.pkg" pattern_bin = r"(.*\.bin)" @@ -205,8 +241,9 @@ class WdcRedfishUtils(RedfishUtils): bin_file.seek(11) byte_11 = bin_file.read(1) is_multi_tenant = byte_11 == b'\x80' + gen = "G1" - return bundle_version, is_multi_tenant + return bundle_version, is_multi_tenant, gen @staticmethod def uri_is_http(uri): @@ -267,15 +304,16 @@ class WdcRedfishUtils(RedfishUtils): # Check the FW version in the bundle file, and compare it to what is already on the IOMs # Bundle version number - bundle_firmware_version, is_bundle_multi_tenant = self._get_bundle_version(bundle_uri) - if bundle_firmware_version is None or is_bundle_multi_tenant is None: + bundle_firmware_version, is_bundle_multi_tenant, bundle_gen = self._get_bundle_version(bundle_uri) + if bundle_firmware_version is None or is_bundle_multi_tenant is None or bundle_gen is None: return { 'ret': False, - 'msg': 'Unable to extract bundle version or multi-tenant status from update image tarfile' + 'msg': 'Unable to extract bundle version or multi-tenant status or generation from update image file' } + is_enclosure_multi_tenant, enclosure_gen = self._is_enclosure_multi_tenant_and_fetch_gen() + # Verify that the bundle is correctly multi-tenant or not - is_enclosure_multi_tenant = self._is_enclosure_multi_tenant() if is_enclosure_multi_tenant != is_bundle_multi_tenant: return { 'ret': False, @@ -285,6 +323,16 @@ class WdcRedfishUtils(RedfishUtils): ) } + # Verify that the bundle is compliant with the target enclosure + if enclosure_gen != bundle_gen: + return { + 'ret': False, + 'msg': 'Enclosure generation is {0} but bundle is of {1}'.format( + enclosure_gen, + bundle_gen, + ) + } + # Version number installed on IOMs firmware_inventory = self.get_firmware_inventory() if not firmware_inventory["ret"]: diff --git a/plugins/module_utils/xfconf.py b/plugins/module_utils/xfconf.py index b63518d0c4..344bd1f3c9 100644 --- a/plugins/module_utils/xfconf.py +++ b/plugins/module_utils/xfconf.py @@ -7,10 +7,10 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type from ansible.module_utils.parsing.convert_bool import boolean -from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt as fmt +from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt -@fmt.unpack_args +@cmd_runner_fmt.unpack_args def _values_fmt(values, value_types): result = [] for value, value_type in zip(values, value_types): @@ -25,14 +25,21 @@ def xfconf_runner(module, **kwargs): module, command='xfconf-query', arg_formats=dict( - channel=fmt.as_opt_val("--channel"), - property=fmt.as_opt_val("--property"), - force_array=fmt.as_bool("--force-array"), - reset=fmt.as_bool("--reset"), - create=fmt.as_bool("--create"), - list_arg=fmt.as_bool("--list"), - values_and_types=fmt.as_func(_values_fmt), + channel=cmd_runner_fmt.as_opt_val("--channel"), + property=cmd_runner_fmt.as_opt_val("--property"), + force_array=cmd_runner_fmt.as_bool("--force-array"), + reset=cmd_runner_fmt.as_bool("--reset"), + create=cmd_runner_fmt.as_bool("--create"), + list_arg=cmd_runner_fmt.as_bool("--list"), + values_and_types=_values_fmt, + version=cmd_runner_fmt.as_fixed("--version"), ), **kwargs ) return runner + + +def get_xfconf_version(runner): + with runner("version") as ctx: + rc, out, err = ctx.run() + return out.splitlines()[0].split()[1] diff --git a/plugins/modules/aerospike_migrations.py b/plugins/modules/aerospike_migrations.py index 1eee5b1a2f..9a6084a6a1 100644 --- a/plugins/modules/aerospike_migrations.py +++ b/plugins/modules/aerospike_migrations.py @@ -9,15 +9,14 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: aerospike_migrations short_description: Check or wait for migrations between nodes description: - - This can be used to check for migrations in a cluster. - This makes it easy to do a rolling upgrade/update on Aerospike nodes. - - If waiting for migrations is not desired, simply just poll until - port 3000 if available or asinfo -v status returns ok + - This can be used to check for migrations in a cluster. This makes it easy to do a rolling upgrade/update on Aerospike + nodes. + - If waiting for migrations is not desired, simply just poll until port 3000 if available or C(asinfo -v status) returns + ok. author: "Albert Autin (@Alb0t)" extends_documentation_fragment: - community.general.attributes @@ -27,92 +26,84 @@ attributes: diff_mode: support: none options: - host: - description: - - Which host do we use as seed for info connection - required: false - type: str - default: localhost - port: - description: - - Which port to connect to Aerospike on (service port) - required: false - type: int - default: 3000 - connect_timeout: - description: - - How long to try to connect before giving up (milliseconds) - required: false - type: int - default: 1000 - consecutive_good_checks: - description: - - How many times should the cluster report "no migrations" - consecutively before returning OK back to ansible? - required: false - type: int - default: 3 - sleep_between_checks: - description: - - How long to sleep between each check (seconds). - required: false - type: int - default: 60 - tries_limit: - description: - - How many times do we poll before giving up and failing? - default: 300 - required: false - type: int - local_only: - description: - - Do you wish to only check for migrations on the local node - before returning, or do you want all nodes in the cluster - to finish before returning? - required: true - type: bool - min_cluster_size: - description: - - Check will return bad until cluster size is met - or until tries is exhausted - required: false - type: int - default: 1 - fail_on_cluster_change: - description: - - Fail if the cluster key changes - if something else is changing the cluster, we may want to fail - required: false - type: bool - default: true - migrate_tx_key: - description: - - The metric key used to determine if we have tx migrations - remaining. Changeable due to backwards compatibility. - required: false - type: str - default: migrate_tx_partitions_remaining - migrate_rx_key: - description: - - The metric key used to determine if we have rx migrations - remaining. Changeable due to backwards compatibility. - required: false - type: str - default: migrate_rx_partitions_remaining - target_cluster_size: - description: - - When all aerospike builds in the cluster are greater than - version 4.3, then the C(cluster-stable) info command will be used. - Inside this command, you can optionally specify what the target - cluster size is - but it is not necessary. You can still rely on - min_cluster_size if you don't want to use this option. - - If this option is specified on a cluster that has at least 1 - host <4.3 then it will be ignored until the min version reaches - 4.3. - required: false - type: int -''' -EXAMPLES = ''' + host: + description: + - Which host do we use as seed for info connection. + required: false + type: str + default: localhost + port: + description: + - Which port to connect to Aerospike on (service port). + required: false + type: int + default: 3000 + connect_timeout: + description: + - How long to try to connect before giving up (milliseconds). + required: false + type: int + default: 1000 + consecutive_good_checks: + description: + - How many times should the cluster report "no migrations" consecutively before returning OK back to ansible? + required: false + type: int + default: 3 + sleep_between_checks: + description: + - How long to sleep between each check (seconds). + required: false + type: int + default: 60 + tries_limit: + description: + - How many times do we poll before giving up and failing? + default: 300 + required: false + type: int + local_only: + description: + - Do you wish to only check for migrations on the local node before returning, or do you want all nodes in the cluster + to finish before returning? + required: true + type: bool + min_cluster_size: + description: + - Check will return bad until cluster size is met or until tries is exhausted. + required: false + type: int + default: 1 + fail_on_cluster_change: + description: + - Fail if the cluster key changes if something else is changing the cluster, we may want to fail. + required: false + type: bool + default: true + migrate_tx_key: + description: + - The metric key used to determine if we have tx migrations remaining. Changeable due to backwards compatibility. + required: false + type: str + default: migrate_tx_partitions_remaining + migrate_rx_key: + description: + - The metric key used to determine if we have rx migrations remaining. Changeable due to backwards compatibility. + required: false + type: str + default: migrate_rx_partitions_remaining + target_cluster_size: + description: + - When all aerospike builds in the cluster are greater than version 4.3, then the C(cluster-stable) info command will + be used. Inside this command, you can optionally specify what the target cluster size is - but it is not necessary. + You can still rely on O(min_cluster_size) if you do not want to use this option. + - If this option is specified on a cluster that has at least one host <4.3 then it will be ignored until the min version + reaches 4.3. + required: false + type: int +""" + +EXAMPLES = r""" # check for migrations on local node - name: Wait for migrations on local node before proceeding community.general.aerospike_migrations: @@ -132,13 +123,13 @@ EXAMPLES = ''' - name: Install dependencies ansible.builtin.apt: name: - - python - - python-pip - - python-setuptools + - python + - python-pip + - python-setuptools state: latest - name: Setup aerospike ansible.builtin.pip: - name: aerospike + name: aerospike # check for migrations every (sleep_between_checks) # If at least (consecutive_good_checks) checks come back OK in a row, then return OK. # Will exit if any exception, which can be caused by bad nodes, @@ -147,13 +138,13 @@ EXAMPLES = ''' # Tries Limit * Sleep Between Checks * delay * retries - name: Wait for aerospike migrations community.general.aerospike_migrations: - local_only: true - sleep_between_checks: 1 - tries_limit: 5 - consecutive_good_checks: 3 - fail_on_cluster_change: true - min_cluster_size: 3 - target_cluster_size: 4 + local_only: true + sleep_between_checks: 1 + tries_limit: 5 + consecutive_good_checks: 3 + fail_on_cluster_change: true + min_cluster_size: 3 + target_cluster_size: 4 register: migrations_check until: migrations_check is succeeded changed_when: false @@ -161,14 +152,14 @@ EXAMPLES = ''' retries: 120 - name: Another thing ansible.builtin.shell: | - echo foo + echo foo - name: Reboot ansible.builtin.reboot: -''' +""" -RETURN = ''' +RETURN = r""" # Returns only a success/failure result. Changed is always false. -''' +""" import traceback diff --git a/plugins/modules/airbrake_deployment.py b/plugins/modules/airbrake_deployment.py index bad1b2c9d4..d772062da4 100644 --- a/plugins/modules/airbrake_deployment.py +++ b/plugins/modules/airbrake_deployment.py @@ -9,15 +9,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: airbrake_deployment author: -- "Bruce Pennypacker (@bpennypacker)" -- "Patrick Humpal (@phumpal)" + - "Bruce Pennypacker (@bpennypacker)" + - "Patrick Humpal (@phumpal)" short_description: Notify airbrake about app deployments description: - - Notify airbrake about app deployments (see U(https://airbrake.io/docs/api/#deploys-v4)). + - Notify airbrake about app deployments (see U(https://airbrake.io/docs/api/#deploys-v4)). extends_documentation_fragment: - community.general.attributes attributes: @@ -28,7 +27,7 @@ attributes: options: project_id: description: - - Airbrake PROJECT_ID + - Airbrake PROJECT_ID. required: true type: str version_added: '0.2.0' @@ -40,27 +39,27 @@ options: version_added: '0.2.0' environment: description: - - The airbrake environment name, typically 'production', 'staging', etc. + - The airbrake environment name, typically v(production), V(staging), and so on. required: true type: str user: description: - - The username of the person doing the deployment + - The username of the person doing the deployment. required: false type: str repo: description: - - URL of the project repository + - URL of the project repository. required: false type: str revision: description: - - A hash, number, tag, or other identifier showing what revision from version control was deployed + - A hash, number, tag, or other identifier showing what revision from version control was deployed. required: false type: str version: description: - - A string identifying what version was deployed + - A string identifying what version was deployed. required: false type: str version_added: '1.0.0' @@ -72,16 +71,16 @@ options: type: str validate_certs: description: - - If V(false), SSL certificates for the target url will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates for the target URL will not be validated. This should only be used on personally controlled + sites using self-signed certificates. required: false default: true type: bool requirements: [] -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Notify airbrake about an app deployment community.general.airbrake_deployment: project_id: '12345' @@ -98,7 +97,7 @@ EXAMPLES = ''' user: ansible revision: 'e54dd3a01f2c421b558ef33b5f79db936e2dcf15' version: '0.2.0' -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url diff --git a/plugins/modules/aix_devices.py b/plugins/modules/aix_devices.py index a0f3cf48d9..68dbfb72d2 100644 --- a/plugins/modules/aix_devices.py +++ b/plugins/modules/aix_devices.py @@ -8,14 +8,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: -- Kairo Araujo (@kairoaraujo) + - Kairo Araujo (@kairoaraujo) module: aix_devices short_description: Manages AIX devices description: -- This module discovers, defines, removes and modifies attributes of AIX devices. + - This module discovers, defines, removes and modifies attributes of AIX devices. extends_documentation_fragment: - community.general.attributes attributes: @@ -26,35 +25,35 @@ attributes: options: attributes: description: - - A list of device attributes. + - A list of device attributes. type: dict device: description: - - The name of the device. - - V(all) is valid to rescan C(available) all devices (AIX cfgmgr command). + - The name of the device. + - V(all) is valid to rescan C(available) all devices (AIX C(cfgmgr) command). type: str force: description: - - Forces action. + - Forces action. type: bool default: false recursive: description: - - Removes or defines a device and children devices. + - Removes or defines a device and children devices. type: bool default: false state: description: - - Controls the device state. - - V(available) (alias V(present)) rescan a specific device or all devices (when O(device) is not specified). - - V(removed) (alias V(absent) removes a device. - - V(defined) changes device to Defined state. + - Controls the device state. + - V(available) (alias V(present)) rescan a specific device or all devices (when O(device) is not specified). + - V(removed) (alias V(absent) removes a device. + - V(defined) changes device to Defined state. type: str - choices: [ available, defined, removed ] + choices: [available, defined, removed] default: available -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Scan new devices community.general.aix_devices: device: all @@ -126,9 +125,9 @@ EXAMPLES = r''' attributes: alias4: 10.0.0.100,255.255.255.0 state: available -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/aix_filesystem.py b/plugins/modules/aix_filesystem.py index 6abf6317f2..8934d583ff 100644 --- a/plugins/modules/aix_filesystem.py +++ b/plugins/modules/aix_filesystem.py @@ -9,15 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: - Kairo Araujo (@kairoaraujo) module: aix_filesystem short_description: Configure LVM and NFS file systems for AIX description: - - This module creates, removes, mount and unmount LVM and NFS file system for - AIX using C(/etc/filesystems). + - This module creates, removes, mount and unmount LVM and NFS file system for AIX using C(/etc/filesystems). - For LVM file systems is possible to resize a file system. extends_documentation_fragment: - community.general.attributes @@ -60,7 +58,7 @@ options: description: - Set file system permissions. V(rw) (read-write) or V(ro) (read-only). type: str - choices: [ ro, rw ] + choices: [ro, rw] default: rw mount_group: description: @@ -84,9 +82,8 @@ options: description: - Specifies the file system size. - For already V(present) it will be resized. - - 512-byte blocks, Megabytes or Gigabytes. If the value has M specified - it will be in Megabytes. If the value has G specified it will be in - Gigabytes. + - 512-byte blocks, Megabytes or Gigabytes. If the value has M specified it will be in Megabytes. If the value has G + specified it will be in Gigabytes. - If no M or G the value will be 512-byte blocks. - If "+" is specified in begin of value, the value will be added. - If "-" is specified in begin of value, the value will be removed. @@ -101,7 +98,7 @@ options: - V(mounted) checks if the file system is mounted or mount the file system. - V(unmounted) check if the file system is unmounted or unmount the file system. type: str - choices: [ absent, mounted, present, unmounted ] + choices: [absent, mounted, present, unmounted] default: present vg: description: @@ -109,9 +106,9 @@ options: type: str notes: - For more O(attributes), please check "crfs" AIX manual. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create filesystem in a previously defined logical volume. community.general.aix_filesystem: device: testlv @@ -166,9 +163,9 @@ EXAMPLES = r''' filesystem: /newfs rm_mount_point: true state: absent -''' +""" -RETURN = r''' +RETURN = r""" changed: description: Return changed for aix_filesystems actions as true or false. returned: always @@ -177,7 +174,7 @@ msg: description: Return message regarding the action. returned: always type: str -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils._mount import ismount @@ -242,7 +239,7 @@ def _validate_vg(module, vg): if rc != 0: module.fail_json(msg="Failed executing %s command." % lsvg_cmd) - rc, current_all_vgs, err = module.run_command([lsvg_cmd, "%s"]) + rc, current_all_vgs, err = module.run_command([lsvg_cmd]) if rc != 0: module.fail_json(msg="Failed executing %s command." % lsvg_cmd) diff --git a/plugins/modules/aix_inittab.py b/plugins/modules/aix_inittab.py index d4c9aa0b56..0c32f91e7f 100644 --- a/plugins/modules/aix_inittab.py +++ b/plugins/modules/aix_inittab.py @@ -8,16 +8,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: - - Joris Weijters (@molekuul) + - Joris Weijters (@molekuul) module: aix_inittab -short_description: Manages the inittab on AIX +short_description: Manages the C(inittab) on AIX description: - - Manages the inittab on AIX. + - Manages the C(inittab) on AIX. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: full @@ -26,56 +25,56 @@ attributes: options: name: description: - - Name of the inittab entry. + - Name of the C(inittab) entry. type: str required: true - aliases: [ service ] + aliases: [service] runlevel: description: - - Runlevel of the entry. + - Runlevel of the entry. type: str required: true action: description: - - Action what the init has to do with this entry. + - Action what the init has to do with this entry. type: str choices: - - boot - - bootwait - - hold - - initdefault - - 'off' - - once - - ondemand - - powerfail - - powerwait - - respawn - - sysinit - - wait + - boot + - bootwait + - hold + - initdefault + - 'off' + - once + - ondemand + - powerfail + - powerwait + - respawn + - sysinit + - wait command: description: - - What command has to run. + - What command has to run. type: str required: true insertafter: description: - - After which inittabline should the new entry inserted. + - After which inittabline should the new entry inserted. type: str state: description: - - Whether the entry should be present or absent in the inittab file. + - Whether the entry should be present or absent in the inittab file. type: str - choices: [ absent, present ] + choices: [absent, present] default: present notes: - The changes are persistent across reboots. - You need root rights to read or adjust the inittab with the C(lsitab), C(chitab), C(mkitab) or C(rmitab) commands. - Tested on AIX 7.1. requirements: -- itertools -''' + - itertools +""" -EXAMPLES = ''' +EXAMPLES = r""" # Add service startmyservice to the inittab, directly after service existingservice. - name: Add startmyservice to inittab community.general.aix_inittab: @@ -105,25 +104,25 @@ EXAMPLES = ''' command: echo hello state: absent become: true -''' +""" -RETURN = ''' +RETURN = r""" name: - description: Name of the adjusted inittab entry - returned: always - type: str - sample: startmyservice + description: Name of the adjusted C(inittab) entry. + returned: always + type: str + sample: startmyservice msg: - description: Action done with the inittab entry - returned: changed - type: str - sample: changed inittab entry startmyservice + description: Action done with the C(inittab) entry. + returned: changed + type: str + sample: changed inittab entry startmyservice changed: - description: Whether the inittab changed or not - returned: always - type: bool - sample: true -''' + description: Whether the C(inittab) changed or not. + returned: always + type: bool + sample: true +""" # Import necessary libraries try: @@ -192,6 +191,7 @@ def main(): rmitab = module.get_bin_path('rmitab') chitab = module.get_bin_path('chitab') rc = 0 + err = None # check if the new entry exists current_entry = check_current_entry(module) diff --git a/plugins/modules/aix_lvg.py b/plugins/modules/aix_lvg.py index 2892a68ad9..29c0b7d3f9 100644 --- a/plugins/modules/aix_lvg.py +++ b/plugins/modules/aix_lvg.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: - Kairo Araujo (@kairoaraujo) module: aix_lvg @@ -26,43 +25,43 @@ attributes: options: force: description: - - Force volume group creation. + - Force volume group creation. type: bool default: false pp_size: description: - - The size of the physical partition in megabytes. + - The size of the physical partition in megabytes. type: int pvs: description: - - List of comma-separated devices to use as physical devices in this volume group. - - Required when creating or extending (V(present) state) the volume group. - - If not informed reducing (V(absent) state) the volume group will be removed. + - List of comma-separated devices to use as physical devices in this volume group. + - Required when creating or extending (V(present) state) the volume group. + - If not informed reducing (V(absent) state) the volume group will be removed. type: list elements: str state: description: - - Control if the volume group exists and volume group AIX state varyonvg V(varyon) or varyoffvg V(varyoff). + - Control if the volume group exists and volume group AIX state varyonvg V(varyon) or varyoffvg V(varyoff). type: str - choices: [ absent, present, varyoff, varyon ] + choices: [absent, present, varyoff, varyon] default: present vg: description: - - The name of the volume group. + - The name of the volume group. type: str required: true vg_type: description: - - The type of the volume group. + - The type of the volume group. type: str - choices: [ big, normal, scalable ] + choices: [big, normal, scalable] default: normal notes: -- AIX will permit remove VG only if all LV/Filesystems are not busy. -- Module does not modify PP size for already present volume group. -''' + - AIX will permit remove VG only if all LV/Filesystems are not busy. + - Module does not modify PP size for already present volume group. +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a volume group datavg community.general.aix_lvg: vg: datavg @@ -86,9 +85,9 @@ EXAMPLES = r''' vg: rootvg pvs: hdisk1 state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/aix_lvol.py b/plugins/modules/aix_lvol.py index 1e7b425687..5e34d0697b 100644 --- a/plugins/modules/aix_lvol.py +++ b/plugins/modules/aix_lvol.py @@ -9,10 +9,9 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: - - Alain Dejoux (@adejoux) + - Alain Dejoux (@adejoux) module: aix_lvol short_description: Configure AIX LVM logical volumes description: @@ -27,58 +26,58 @@ attributes: options: vg: description: - - The volume group this logical volume is part of. + - The volume group this logical volume is part of. type: str required: true lv: description: - - The name of the logical volume. + - The name of the logical volume. type: str required: true lv_type: description: - - The type of the logical volume. + - The type of the logical volume. type: str default: jfs2 size: description: - - The size of the logical volume with one of the [MGT] units. + - The size of the logical volume with one of the [MGT] units. type: str copies: description: - - The number of copies of the logical volume. - - Maximum copies are 3. + - The number of copies of the logical volume. + - Maximum copies are 3. type: int default: 1 policy: description: - - Sets the interphysical volume allocation policy. - - V(maximum) allocates logical partitions across the maximum number of physical volumes. - - V(minimum) allocates logical partitions across the minimum number of physical volumes. + - Sets the interphysical volume allocation policy. + - V(maximum) allocates logical partitions across the maximum number of physical volumes. + - V(minimum) allocates logical partitions across the minimum number of physical volumes. type: str - choices: [ maximum, minimum ] + choices: [maximum, minimum] default: maximum state: description: - - Control if the logical volume exists. If V(present) and the - volume does not already exist then the O(size) option is required. + - Control if the logical volume exists. If V(present) and the volume does not already exist then the O(size) option + is required. type: str - choices: [ absent, present ] + choices: [absent, present] default: present opts: description: - - Free-form options to be passed to the mklv command. + - Free-form options to be passed to the mklv command. type: str default: '' pvs: description: - - A list of physical volumes, for example V(hdisk1,hdisk2). + - A list of physical volumes, for example V(hdisk1,hdisk2). type: list elements: str default: [] -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a logical volume of 512M community.general.aix_lvol: vg: testvg @@ -90,7 +89,7 @@ EXAMPLES = r''' vg: testvg lv: test2lv size: 512M - pvs: [ hdisk1, hdisk2 ] + pvs: [hdisk1, hdisk2] - name: Create a logical volume of 512M mirrored community.general.aix_lvol: @@ -124,15 +123,15 @@ EXAMPLES = r''' vg: testvg lv: testlv state: absent -''' +""" -RETURN = r''' +RETURN = r""" msg: type: str description: A friendly message describing the task result. returned: always sample: Logical volume testlv created. -''' +""" import re @@ -240,8 +239,6 @@ def main(): state = module.params['state'] pvs = module.params['pvs'] - pv_list = ' '.join(pvs) - if policy == 'maximum': lv_policy = 'x' else: @@ -249,16 +246,16 @@ def main(): # Add echo command when running in check-mode if module.check_mode: - test_opt = 'echo ' + test_opt = [module.get_bin_path("echo", required=True)] else: - test_opt = '' + test_opt = [] # check if system commands are available lsvg_cmd = module.get_bin_path("lsvg", required=True) lslv_cmd = module.get_bin_path("lslv", required=True) # Get information on volume group requested - rc, vg_info, err = module.run_command("%s %s" % (lsvg_cmd, vg)) + rc, vg_info, err = module.run_command([lsvg_cmd, vg]) if rc != 0: if state == 'absent': @@ -273,8 +270,7 @@ def main(): lv_size = round_ppsize(convert_size(module, size), base=this_vg['pp_size']) # Get information on logical volume requested - rc, lv_info, err = module.run_command( - "%s %s" % (lslv_cmd, lv)) + rc, lv_info, err = module.run_command([lslv_cmd, lv]) if rc != 0: if state == 'absent': @@ -296,7 +292,7 @@ def main(): # create LV mklv_cmd = module.get_bin_path("mklv", required=True) - cmd = "%s %s -t %s -y %s -c %s -e %s %s %s %sM %s" % (test_opt, mklv_cmd, lv_type, lv, copies, lv_policy, opts, vg, lv_size, pv_list) + cmd = test_opt + [mklv_cmd, "-t", lv_type, "-y", lv, "-c", copies, "-e", lv_policy, opts, vg, "%sM" % (lv_size, )] + pvs rc, out, err = module.run_command(cmd) if rc == 0: module.exit_json(changed=True, msg="Logical volume %s created." % lv) @@ -306,7 +302,7 @@ def main(): if state == 'absent': # remove LV rmlv_cmd = module.get_bin_path("rmlv", required=True) - rc, out, err = module.run_command("%s %s -f %s" % (test_opt, rmlv_cmd, this_lv['name'])) + rc, out, err = module.run_command(test_opt + [rmlv_cmd, "-f", this_lv['name']]) if rc == 0: module.exit_json(changed=True, msg="Logical volume %s deleted." % lv) else: @@ -315,7 +311,7 @@ def main(): if this_lv['policy'] != policy: # change lv allocation policy chlv_cmd = module.get_bin_path("chlv", required=True) - rc, out, err = module.run_command("%s %s -e %s %s" % (test_opt, chlv_cmd, lv_policy, this_lv['name'])) + rc, out, err = module.run_command(test_opt + [chlv_cmd, "-e", lv_policy, this_lv['name']]) if rc == 0: module.exit_json(changed=True, msg="Logical volume %s policy changed: %s." % (lv, policy)) else: @@ -331,7 +327,7 @@ def main(): # resize LV based on absolute values if int(lv_size) > this_lv['size']: extendlv_cmd = module.get_bin_path("extendlv", required=True) - cmd = "%s %s %s %sM" % (test_opt, extendlv_cmd, lv, lv_size - this_lv['size']) + cmd = test_opt + [extendlv_cmd, lv, "%sM" % (lv_size - this_lv['size'], )] rc, out, err = module.run_command(cmd) if rc == 0: module.exit_json(changed=True, msg="Logical volume %s size extended to %sMB." % (lv, lv_size)) diff --git a/plugins/modules/alerta_customer.py b/plugins/modules/alerta_customer.py index 5e1a5f86c4..fc5ce32d5c 100644 --- a/plugins/modules/alerta_customer.py +++ b/plugins/modules/alerta_customer.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: alerta_customer short_description: Manage customers in Alerta version_added: 4.8.0 @@ -18,7 +17,7 @@ description: author: Christian Wollinger (@cwollinger) seealso: - name: API documentation - description: Documentation for Alerta API + description: Documentation for Alerta API. link: https://docs.alerta.io/api/reference.html#customers extends_documentation_fragment: - community.general.attributes @@ -60,11 +59,11 @@ options: - Whether the customer should exist or not. - Both O(customer) and O(match) identify a customer that should be added or removed. type: str - choices: [ absent, present ] + choices: [absent, present] default: present -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Create customer community.general.alerta_customer: alerta_url: https://alerta.example.com @@ -83,7 +82,7 @@ EXAMPLES = """ state: absent """ -RETURN = """ +RETURN = r""" msg: description: - Success or failure message. diff --git a/plugins/modules/ali_instance.py b/plugins/modules/ali_instance.py index 087dc64b6d..1a66850e14 100644 --- a/plugins/modules/ali_instance.py +++ b/plugins/modules/ali_instance.py @@ -24,243 +24,240 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ali_instance -short_description: Create, Start, Stop, Restart or Terminate an Instance in ECS; Add or Remove Instance to/from a Security Group +short_description: Create, Start, Stop, Restart or Terminate an Instance in ECS; Add or Remove Instance to/from a Security + Group description: - - Create, start, stop, restart, modify or terminate ecs instances. - - Add or remove ecs instances to/from security group. + - Create, start, stop, restart, modify or terminate ECS instances. + - Add or remove ecs instances to/from security group. attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - state: - description: - - The state of the instance after operating. - default: 'present' - choices: ['present', 'running', 'stopped', 'restarted', 'absent'] - type: str - availability_zone: - description: - - Aliyun availability zone ID in which to launch the instance. - If it is not specified, it will be allocated by system automatically. - aliases: ['alicloud_zone', 'zone_id'] - type: str - image_id: - description: - - Image ID used to launch instances. Required when O(state=present) and creating new ECS instances. - aliases: ['image'] - type: str - instance_type: - description: - - Instance type used to launch instances. Required when O(state=present) and creating new ECS instances. - aliases: ['type'] - type: str - security_groups: - description: - - A list of security group IDs. - aliases: ['group_ids'] - type: list - elements: str - vswitch_id: - description: - - The subnet ID in which to launch the instances (VPC). - aliases: ['subnet_id'] - type: str - instance_name: - description: - - The name of ECS instance, which is a string of 2 to 128 Chinese or English characters. It must begin with an - uppercase/lowercase letter or a Chinese character and can contain numerals, ".", "_" or "-". - It cannot begin with http:// or https://. - aliases: ['name'] - type: str + state: description: - description: - - The description of ECS instance, which is a string of 2 to 256 characters. It cannot begin with http:// or https://. - type: str - internet_charge_type: - description: - - Internet charge type of ECS instance. - default: 'PayByBandwidth' - choices: ['PayByBandwidth', 'PayByTraffic'] - type: str - max_bandwidth_in: - description: - - Maximum incoming bandwidth from the public network, measured in Mbps (Megabits per second). - default: 200 - type: int - max_bandwidth_out: - description: - - Maximum outgoing bandwidth to the public network, measured in Mbps (Megabits per second). - Required when O(allocate_public_ip=true). Ignored when O(allocate_public_ip=false). - default: 0 - type: int - host_name: - description: - - Instance host name. Ordered hostname is not supported. - type: str - unique_suffix: - description: - - Specifies whether to add sequential suffixes to the host_name. - The sequential suffix ranges from 001 to 999. - default: false - type: bool - version_added: '0.2.0' - password: - description: - - The password to login instance. After rebooting instances, modified password will take effect. - type: str - system_disk_category: - description: - - Category of the system disk. - default: 'cloud_efficiency' - choices: ['cloud_efficiency', 'cloud_ssd'] - type: str - system_disk_size: - description: - - Size of the system disk, in GB. The valid values are 40~500. - default: 40 - type: int - system_disk_name: - description: - - Name of the system disk. - type: str - system_disk_description: - description: - - Description of the system disk. - type: str - count: - description: - - The number of the new instance. An integer value which indicates how many instances that match O(count_tag) - should be running. Instances are either created or terminated based on this value. - default: 1 - type: int - count_tag: - description: - - O(count) determines how many instances based on a specific tag criteria should be present. - This can be expressed in multiple ways and is shown in the EXAMPLES section. - The specified count_tag must already exist or be passed in as the O(tags) option. - If it is not specified, it will be replaced by O(instance_name). - type: str - allocate_public_ip: - description: - - Whether allocate a public ip for the new instance. - default: false - aliases: [ 'assign_public_ip' ] - type: bool - instance_charge_type: - description: - - The charge type of the instance. - choices: ['PrePaid', 'PostPaid'] - default: 'PostPaid' - type: str - period: - description: - - The charge duration of the instance, in months. Required when O(instance_charge_type=PrePaid). - - The valid value are [1-9, 12, 24, 36]. - default: 1 - type: int - auto_renew: - description: - - Whether automate renew the charge of the instance. - type: bool - default: false - auto_renew_period: - description: - - The duration of the automatic renew the charge of the instance. Required when O(auto_renew=true). - choices: [1, 2, 3, 6, 12] - type: int - instance_ids: - description: - - A list of instance ids. It is required when need to operate existing instances. - If it is specified, O(count) will lose efficacy. - type: list - elements: str - force: - description: - - Whether the current operation needs to be execute forcibly. - default: false - type: bool - tags: - description: - - A hash/dictionaries of instance tags, to add to the new instance or for starting/stopping instance by tag. V({"key":"value"}) - aliases: ["instance_tags"] - type: dict - version_added: '0.2.0' - purge_tags: - description: - - Delete any tags not specified in the task that are on the instance. - If True, it means you have to specify all the desired tags on each task affecting an instance. - default: false - type: bool - version_added: '0.2.0' - key_name: - description: - - The name of key pair which is used to access ECS instance in SSH. - required: false - type: str - aliases: ['keypair'] - user_data: - description: - - User-defined data to customize the startup behaviors of an ECS instance and to pass data into an ECS instance. - It only will take effect when launching the new ECS instances. - required: false - type: str - ram_role_name: - description: - - The name of the instance RAM role. - type: str - version_added: '0.2.0' - spot_price_limit: - description: - - The maximum hourly price for the preemptible instance. This parameter supports a maximum of three decimal - places and takes effect when the SpotStrategy parameter is set to SpotWithPriceLimit. - type: float - version_added: '0.2.0' - spot_strategy: - description: - - The bidding mode of the pay-as-you-go instance. This parameter is valid when InstanceChargeType is set to PostPaid. - choices: ['NoSpot', 'SpotWithPriceLimit', 'SpotAsPriceGo'] - default: 'NoSpot' - type: str - version_added: '0.2.0' - period_unit: - description: - - The duration unit that you will buy the resource. It is valid when O(instance_charge_type=PrePaid). - choices: ['Month', 'Week'] - default: 'Month' - type: str - version_added: '0.2.0' - dry_run: - description: - - Specifies whether to send a dry-run request. - - If O(dry_run=true), Only a dry-run request is sent and no instance is created. The system checks whether the - required parameters are set, and validates the request format, service permissions, and available ECS instances. - If the validation fails, the corresponding error code is returned. If the validation succeeds, the DryRunOperation error code is returned. - - If O(dry_run=false), A request is sent. If the validation succeeds, the instance is created. - default: false - type: bool - version_added: '0.2.0' - include_data_disks: - description: - - Whether to change instance disks charge type when changing instance charge type. - default: true - type: bool - version_added: '0.2.0' + - The state of the instance after operating. + default: 'present' + choices: ['present', 'running', 'stopped', 'restarted', 'absent'] + type: str + availability_zone: + description: + - Aliyun availability zone ID in which to launch the instance. If it is not specified, it will be allocated by system + automatically. + aliases: ['alicloud_zone', 'zone_id'] + type: str + image_id: + description: + - Image ID used to launch instances. Required when O(state=present) and creating new ECS instances. + aliases: ['image'] + type: str + instance_type: + description: + - Instance type used to launch instances. Required when O(state=present) and creating new ECS instances. + aliases: ['type'] + type: str + security_groups: + description: + - A list of security group IDs. + aliases: ['group_ids'] + type: list + elements: str + vswitch_id: + description: + - The subnet ID in which to launch the instances (VPC). + aliases: ['subnet_id'] + type: str + instance_name: + description: + - The name of ECS instance, which is a string of 2 to 128 Chinese or English characters. It must begin with an uppercase/lowercase + letter or a Chinese character and can contain numerals, V(.), V(_) or V(-). It cannot begin with V(http://) or V(https://). + aliases: ['name'] + type: str + description: + description: + - The description of ECS instance, which is a string of 2 to 256 characters. It cannot begin with V(http://) or V(https://). + type: str + internet_charge_type: + description: + - Internet charge type of ECS instance. + default: 'PayByBandwidth' + choices: ['PayByBandwidth', 'PayByTraffic'] + type: str + max_bandwidth_in: + description: + - Maximum incoming bandwidth from the public network, measured in Mbps (Megabits per second). + default: 200 + type: int + max_bandwidth_out: + description: + - Maximum outgoing bandwidth to the public network, measured in Mbps (Megabits per second). Required when O(allocate_public_ip=true). + Ignored when O(allocate_public_ip=false). + default: 0 + type: int + host_name: + description: + - Instance host name. Ordered hostname is not supported. + type: str + unique_suffix: + description: + - Specifies whether to add sequential suffixes to the host_name. The sequential suffix ranges from 001 to 999. + default: false + type: bool + version_added: '0.2.0' + password: + description: + - The password to login instance. After rebooting instances, modified password will take effect. + type: str + system_disk_category: + description: + - Category of the system disk. + default: 'cloud_efficiency' + choices: ['cloud_efficiency', 'cloud_ssd'] + type: str + system_disk_size: + description: + - Size of the system disk, in GB. The valid values are V(40)~V(500). + default: 40 + type: int + system_disk_name: + description: + - Name of the system disk. + type: str + system_disk_description: + description: + - Description of the system disk. + type: str + count: + description: + - The number of the new instance. An integer value which indicates how many instances that match O(count_tag) should + be running. Instances are either created or terminated based on this value. + default: 1 + type: int + count_tag: + description: + - O(count) determines how many instances based on a specific tag criteria should be present. This can be expressed in + multiple ways and is shown in the EXAMPLES section. The specified count_tag must already exist or be passed in as + the O(tags) option. If it is not specified, it will be replaced by O(instance_name). + type: str + allocate_public_ip: + description: + - Whether allocate a public IP for the new instance. + default: false + aliases: ['assign_public_ip'] + type: bool + instance_charge_type: + description: + - The charge type of the instance. + choices: ['PrePaid', 'PostPaid'] + default: 'PostPaid' + type: str + period: + description: + - The charge duration of the instance, in months. Required when O(instance_charge_type=PrePaid). + - The valid value are [V(1-9), V(12), V(24), V(36)]. + default: 1 + type: int + auto_renew: + description: + - Whether automate renew the charge of the instance. + type: bool + default: false + auto_renew_period: + description: + - The duration of the automatic renew the charge of the instance. Required when O(auto_renew=true). + choices: [1, 2, 3, 6, 12] + type: int + instance_ids: + description: + - A list of instance IDs. It is required when need to operate existing instances. If it is specified, O(count) will + lose efficacy. + type: list + elements: str + force: + description: + - Whether the current operation needs to be execute forcibly. + default: false + type: bool + tags: + description: + - A hash/dictionaries of instance tags, to add to the new instance or for starting/stopping instance by tag. V({"key":"value"}). + aliases: ["instance_tags"] + type: dict + version_added: '0.2.0' + purge_tags: + description: + - Delete any tags not specified in the task that are on the instance. If V(true), it means you have to specify all the + desired tags on each task affecting an instance. + default: false + type: bool + version_added: '0.2.0' + key_name: + description: + - The name of key pair which is used to access ECS instance in SSH. + required: false + type: str + aliases: ['keypair'] + user_data: + description: + - User-defined data to customize the startup behaviors of an ECS instance and to pass data into an ECS instance. It + only will take effect when launching the new ECS instances. + required: false + type: str + ram_role_name: + description: + - The name of the instance RAM role. + type: str + version_added: '0.2.0' + spot_price_limit: + description: + - The maximum hourly price for the preemptible instance. This parameter supports a maximum of three decimal places and + takes effect when the SpotStrategy parameter is set to SpotWithPriceLimit. + type: float + version_added: '0.2.0' + spot_strategy: + description: + - The bidding mode of the pay-as-you-go instance. This parameter is valid when O(instance_charge_type=PostPaid). + choices: ['NoSpot', 'SpotWithPriceLimit', 'SpotAsPriceGo'] + default: 'NoSpot' + type: str + version_added: '0.2.0' + period_unit: + description: + - The duration unit that you will buy the resource. It is valid when O(instance_charge_type=PrePaid). + choices: ['Month', 'Week'] + default: 'Month' + type: str + version_added: '0.2.0' + dry_run: + description: + - Specifies whether to send a dry-run request. + - If O(dry_run=true), Only a dry-run request is sent and no instance is created. The system checks whether the required + parameters are set, and validates the request format, service permissions, and available ECS instances. If the validation + fails, the corresponding error code is returned. If the validation succeeds, the DryRunOperation error code is returned. + - If O(dry_run=false), a request is sent. If the validation succeeds, the instance is created. + default: false + type: bool + version_added: '0.2.0' + include_data_disks: + description: + - Whether to change instance disks charge type when changing instance charge type. + default: true + type: bool + version_added: '0.2.0' author: - - "He Guimin (@xiaozhu36)" + - "He Guimin (@xiaozhu36)" requirements: - - "Python >= 3.6" - - "footmark >= 1.19.0" + - "Python >= 3.6" + - "footmark >= 1.19.0" extends_documentation_fragment: - - community.general.alicloud - - community.general.attributes -''' + - community.general.alicloud + - community.general.attributes +""" -EXAMPLES = ''' +EXAMPLES = r""" # basic provisioning example vpc network - name: Basic provisioning example hosts: localhost @@ -298,7 +295,7 @@ EXAMPLES = ''' internet_charge_type: '{{ internet_charge_type }}' max_bandwidth_out: '{{ max_bandwidth_out }}' tags: - Name: created_one + Name: created_one host_name: '{{ host_name }}' password: '{{ password }}' @@ -316,11 +313,11 @@ EXAMPLES = ''' internet_charge_type: '{{ internet_charge_type }}' max_bandwidth_out: '{{ max_bandwidth_out }}' tags: - Name: created_one - Version: 0.1 + Name: created_one + Version: 0.1 count: 2 count_tag: - Name: created_one + Name: created_one host_name: '{{ host_name }}' password: '{{ password }}' @@ -348,278 +345,278 @@ EXAMPLES = ''' alicloud_region: '{{ alicloud_region }}' instance_ids: '{{ instance_ids }}' security_groups: '{{ security_groups }}' -''' +""" -RETURN = ''' +RETURN = r""" instances: - description: List of ECS instances - returned: always - type: complex - contains: - availability_zone: - description: The availability zone of the instance is in. - returned: always - type: str - sample: cn-beijing-a - block_device_mappings: - description: Any block device mapping entries for the instance. - returned: always - type: complex - contains: - device_name: - description: The device name exposed to the instance (for example, /dev/xvda). - returned: always - type: str - sample: /dev/xvda - attach_time: - description: The time stamp when the attachment initiated. - returned: always - type: str - sample: "2018-06-25T04:08:26Z" - delete_on_termination: - description: Indicates whether the volume is deleted on instance termination. - returned: always - type: bool - sample: true - status: - description: The attachment state. - returned: always - type: str - sample: in_use - volume_id: - description: The ID of the cloud disk. - returned: always - type: str - sample: d-2zei53pjsi117y6gf9t6 - cpu: - description: The CPU core count of the instance. - returned: always - type: int - sample: 4 - creation_time: - description: The time the instance was created. - returned: always - type: str - sample: "2018-06-25T04:08Z" - description: - description: The instance description. - returned: always - type: str - sample: "my ansible instance" - eip: - description: The attribution of EIP associated with the instance. - returned: always - type: complex - contains: - allocation_id: - description: The ID of the EIP. - returned: always - type: str - sample: eip-12345 - internet_charge_type: - description: The internet charge type of the EIP. - returned: always - type: str - sample: "paybybandwidth" - ip_address: - description: EIP address. - returned: always - type: str - sample: 42.10.2.2 - expired_time: - description: The time the instance will expire. - returned: always - type: str - sample: "2099-12-31T15:59Z" - gpu: - description: The attribution of instance GPU. - returned: always - type: complex - contains: - amount: - description: The count of the GPU. - returned: always - type: int - sample: 0 - spec: - description: The specification of the GPU. - returned: always - type: str - sample: "" - host_name: - description: The host name of the instance. - returned: always - type: str - sample: iZ2zewaoZ - id: - description: Alias of instance_id. - returned: always - type: str - sample: i-abc12345 - instance_id: - description: ECS instance resource ID. - returned: always - type: str - sample: i-abc12345 - image_id: - description: The ID of the image used to launch the instance. - returned: always - type: str - sample: m-0011223344 - inner_ip_address: - description: The inner IPv4 address of the classic instance. - returned: always - type: str - sample: 10.0.0.2 - instance_charge_type: - description: The instance charge type. - returned: always - type: str - sample: PostPaid - instance_name: - description: The name of the instance. - returned: always - type: str - sample: my-ecs - instance_type: - description: The instance type of the running instance. - returned: always - type: str - sample: ecs.sn1ne.xlarge - instance_type_family: - description: The instance type family of the instance belongs. - returned: always - type: str - sample: ecs.sn1ne - internet_charge_type: - description: The billing method of the network bandwidth. - returned: always - type: str - sample: PayByBandwidth - internet_max_bandwidth_in: - description: Maximum incoming bandwidth from the internet network. - returned: always - type: int - sample: 200 - internet_max_bandwidth_out: - description: Maximum incoming bandwidth from the internet network. - returned: always - type: int - sample: 20 - io_optimized: - description: Indicates whether the instance is optimized for EBS I/O. - returned: always - type: bool - sample: false - memory: - description: Memory size of the instance. - returned: always - type: int - sample: 8192 - network_interfaces: - description: One or more network interfaces for the instance. - returned: always - type: complex - contains: - mac_address: - description: The MAC address. - returned: always - type: str - sample: "00:11:22:33:44:55" - network_interface_id: - description: The ID of the network interface. - returned: always - type: str - sample: eni-01234567 - primary_ip_address: - description: The primary IPv4 address of the network interface within the vswitch. - returned: always - type: str - sample: 10.0.0.1 - osname: - description: The operation system name of the instance owned. - returned: always - type: str - sample: CentOS - ostype: - description: The operation system type of the instance owned. - returned: always - type: str - sample: linux - private_ip_address: - description: The IPv4 address of the network interface within the subnet. - returned: always - type: str - sample: 10.0.0.1 - public_ip_address: - description: The public IPv4 address assigned to the instance or eip address - returned: always - type: str - sample: 43.0.0.1 - resource_group_id: - description: The id of the resource group to which the instance belongs. - returned: always - type: str - sample: my-ecs-group - security_groups: - description: One or more security groups for the instance. - returned: always - type: list - elements: dict - contains: - group_id: - description: The ID of the security group. - returned: always - type: str - sample: sg-0123456 - group_name: - description: The name of the security group. - returned: always - type: str - sample: my-security-group - status: - description: The current status of the instance. - returned: always - type: str - sample: running - tags: - description: Any tags assigned to the instance. - returned: always - type: dict - sample: - user_data: - description: User-defined data. - returned: always - type: dict - sample: - vswitch_id: - description: The ID of the vswitch in which the instance is running. - returned: always - type: str - sample: vsw-dew00abcdef - vpc_id: - description: The ID of the VPC the instance is in. - returned: always - type: str - sample: vpc-0011223344 - spot_price_limit: - description: - - The maximum hourly price for the preemptible instance. - returned: always - type: float - sample: 0.97 - spot_strategy: - description: - - The bidding mode of the pay-as-you-go instance. + description: List of ECS instances. + returned: always + type: complex + contains: + availability_zone: + description: The availability zone of the instance is in. + returned: always + type: str + sample: cn-beijing-a + block_device_mappings: + description: Any block device mapping entries for the instance. + returned: always + type: complex + contains: + device_name: + description: The device name exposed to the instance. returned: always type: str - sample: NoSpot + sample: /dev/xvda + attach_time: + description: The time stamp when the attachment initiated. + returned: always + type: str + sample: "2018-06-25T04:08:26Z" + delete_on_termination: + description: Indicates whether the volume is deleted on instance termination. + returned: always + type: bool + sample: true + status: + description: The attachment state. + returned: always + type: str + sample: in_use + volume_id: + description: The ID of the cloud disk. + returned: always + type: str + sample: d-2zei53pjsi117y6gf9t6 + cpu: + description: The CPU core count of the instance. + returned: always + type: int + sample: 4 + creation_time: + description: The time the instance was created. + returned: always + type: str + sample: "2018-06-25T04:08Z" + description: + description: The instance description. + returned: always + type: str + sample: "my ansible instance" + eip: + description: The attribution of EIP associated with the instance. + returned: always + type: complex + contains: + allocation_id: + description: The ID of the EIP. + returned: always + type: str + sample: eip-12345 + internet_charge_type: + description: The internet charge type of the EIP. + returned: always + type: str + sample: "paybybandwidth" + ip_address: + description: EIP address. + returned: always + type: str + sample: 42.10.2.2 + expired_time: + description: The time the instance will expire. + returned: always + type: str + sample: "2099-12-31T15:59Z" + gpu: + description: The attribution of instance GPU. + returned: always + type: complex + contains: + amount: + description: The count of the GPU. + returned: always + type: int + sample: 0 + spec: + description: The specification of the GPU. + returned: always + type: str + sample: "" + host_name: + description: The host name of the instance. + returned: always + type: str + sample: iZ2zewaoZ + id: + description: Alias of instance_id. + returned: always + type: str + sample: i-abc12345 + instance_id: + description: ECS instance resource ID. + returned: always + type: str + sample: i-abc12345 + image_id: + description: The ID of the image used to launch the instance. + returned: always + type: str + sample: m-0011223344 + inner_ip_address: + description: The inner IPv4 address of the classic instance. + returned: always + type: str + sample: 10.0.0.2 + instance_charge_type: + description: The instance charge type. + returned: always + type: str + sample: PostPaid + instance_name: + description: The name of the instance. + returned: always + type: str + sample: my-ecs + instance_type: + description: The instance type of the running instance. + returned: always + type: str + sample: ecs.sn1ne.xlarge + instance_type_family: + description: The instance type family of the instance belongs. + returned: always + type: str + sample: ecs.sn1ne + internet_charge_type: + description: The billing method of the network bandwidth. + returned: always + type: str + sample: PayByBandwidth + internet_max_bandwidth_in: + description: Maximum incoming bandwidth from the internet network. + returned: always + type: int + sample: 200 + internet_max_bandwidth_out: + description: Maximum incoming bandwidth from the internet network. + returned: always + type: int + sample: 20 + io_optimized: + description: Indicates whether the instance is optimized for EBS I/O. + returned: always + type: bool + sample: false + memory: + description: Memory size of the instance. + returned: always + type: int + sample: 8192 + network_interfaces: + description: One or more network interfaces for the instance. + returned: always + type: complex + contains: + mac_address: + description: The MAC address. + returned: always + type: str + sample: "00:11:22:33:44:55" + network_interface_id: + description: The ID of the network interface. + returned: always + type: str + sample: eni-01234567 + primary_ip_address: + description: The primary IPv4 address of the network interface within the vswitch. + returned: always + type: str + sample: 10.0.0.1 + osname: + description: The operation system name of the instance owned. + returned: always + type: str + sample: CentOS + ostype: + description: The operation system type of the instance owned. + returned: always + type: str + sample: linux + private_ip_address: + description: The IPv4 address of the network interface within the subnet. + returned: always + type: str + sample: 10.0.0.1 + public_ip_address: + description: The public IPv4 address assigned to the instance or eip address. + returned: always + type: str + sample: 43.0.0.1 + resource_group_id: + description: The ID of the resource group to which the instance belongs. + returned: always + type: str + sample: my-ecs-group + security_groups: + description: One or more security groups for the instance. + returned: always + type: list + elements: dict + contains: + group_id: + description: The ID of the security group. + returned: always + type: str + sample: sg-0123456 + group_name: + description: The name of the security group. + returned: always + type: str + sample: my-security-group + status: + description: The current status of the instance. + returned: always + type: str + sample: running + tags: + description: Any tags assigned to the instance. + returned: always + type: dict + sample: + user_data: + description: User-defined data. + returned: always + type: dict + sample: + vswitch_id: + description: The ID of the vswitch in which the instance is running. + returned: always + type: str + sample: vsw-dew00abcdef + vpc_id: + description: The ID of the VPC the instance is in. + returned: always + type: str + sample: vpc-0011223344 + spot_price_limit: + description: + - The maximum hourly price for the preemptible instance. + returned: always + type: float + sample: 0.97 + spot_strategy: + description: + - The bidding mode of the pay-as-you-go instance. + returned: always + type: str + sample: NoSpot ids: - description: List of ECS instance IDs - returned: always - type: list - sample: [i-12345er, i-3245fs] -''' + description: List of ECS instance IDs. + returned: always + type: list + sample: [i-12345er, i-3245fs] +""" import re import time diff --git a/plugins/modules/ali_instance_info.py b/plugins/modules/ali_instance_info.py index d6a7873742..00e77b1ab2 100644 --- a/plugins/modules/ali_instance_info.py +++ b/plugins/modules/ali_instance_info.py @@ -24,51 +24,48 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ali_instance_info short_description: Gather information on instances of Alibaba Cloud ECS description: - - This module fetches data from the Open API in Alicloud. - The module must be called from within the ECS instance itself. - + - This module fetches data from the Open API in Alicloud. The module must be called from within the ECS instance itself. attributes: - check_mode: - version_added: 3.3.0 + check_mode: + version_added: 3.3.0 # This was backported to 2.5.4 and 1.3.11 as well, since this was a bugfix options: - name_prefix: - description: - - Use a instance name prefix to filter ecs instances. - type: str - version_added: '0.2.0' - tags: - description: - - A hash/dictionaries of instance tags. C({"key":"value"}) - aliases: ["instance_tags"] - type: dict - filters: - description: - - A dict of filters to apply. Each dict item consists of a filter key and a filter value. The filter keys can be - all of request parameters. See U(https://www.alibabacloud.com/help/doc-detail/25506.htm) for parameter details. - Filter keys can be same as request parameter name or be lower case and use underscore (V("_")) or dash (V("-")) to - connect different words in one parameter. C(InstanceIds) should be a list. - C(Tag.n.Key) and C(Tag.n.Value) should be a dict and using O(tags) instead. - type: dict - version_added: '0.2.0' + name_prefix: + description: + - Use a instance name prefix to filter ECS instances. + type: str + version_added: '0.2.0' + tags: + description: + - A hash/dictionaries of instance tags. C({"key":"value"}). + aliases: ["instance_tags"] + type: dict + filters: + description: + - A dict of filters to apply. Each dict item consists of a filter key and a filter value. The filter keys can be all + of request parameters. See U(https://www.alibabacloud.com/help/doc-detail/25506.htm) for parameter details. Filter + keys can be same as request parameter name or be lower case and use underscore (V("_")) or dash (V("-")) to connect + different words in one parameter. C(InstanceIds) should be a list. C(Tag.n.Key) and C(Tag.n.Value) should be a dict + and using O(tags) instead. + type: dict + version_added: '0.2.0' author: - - "He Guimin (@xiaozhu36)" + - "He Guimin (@xiaozhu36)" requirements: - - "Python >= 3.6" - - "footmark >= 1.13.0" + - "Python >= 3.6" + - "footmark >= 1.13.0" extends_documentation_fragment: - - community.general.alicloud - - community.general.attributes - - community.general.attributes.info_module -''' + - community.general.alicloud + - community.general.attributes + - community.general.attributes.info_module +""" -EXAMPLES = ''' +EXAMPLES = r""" # Fetch instances details according to setting different filters - name: Find all instances in the specified region @@ -91,261 +88,261 @@ EXAMPLES = ''' community.general.ali_instance_info: tags: Test: "add" -''' +""" -RETURN = ''' +RETURN = r""" instances: - description: List of ECS instances - returned: always - type: complex - contains: - availability_zone: - description: The availability zone of the instance is in. - returned: always - type: str - sample: cn-beijing-a - block_device_mappings: - description: Any block device mapping entries for the instance. - returned: always - type: complex - contains: - device_name: - description: The device name exposed to the instance (for example, /dev/xvda). - returned: always - type: str - sample: /dev/xvda - attach_time: - description: The time stamp when the attachment initiated. - returned: always - type: str - sample: "2018-06-25T04:08:26Z" - delete_on_termination: - description: Indicates whether the volume is deleted on instance termination. - returned: always - type: bool - sample: true - status: - description: The attachment state. - returned: always - type: str - sample: in_use - volume_id: - description: The ID of the cloud disk. - returned: always - type: str - sample: d-2zei53pjsi117y6gf9t6 - cpu: - description: The CPU core count of the instance. - returned: always - type: int - sample: 4 - creation_time: - description: The time the instance was created. - returned: always - type: str - sample: "2018-06-25T04:08Z" - description: - description: The instance description. - returned: always - type: str - sample: "my ansible instance" - eip: - description: The attribution of EIP associated with the instance. - returned: always - type: complex - contains: - allocation_id: - description: The ID of the EIP. - returned: always - type: str - sample: eip-12345 - internet_charge_type: - description: The internet charge type of the EIP. - returned: always - type: str - sample: "paybybandwidth" - ip_address: - description: EIP address. - returned: always - type: str - sample: 42.10.2.2 - expired_time: - description: The time the instance will expire. - returned: always - type: str - sample: "2099-12-31T15:59Z" - gpu: - description: The attribution of instance GPU. - returned: always - type: complex - contains: - amount: - description: The count of the GPU. - returned: always - type: int - sample: 0 - spec: - description: The specification of the GPU. - returned: always - type: str - sample: "" - host_name: - description: The host name of the instance. - returned: always - type: str - sample: iZ2zewaoZ - id: - description: Alias of instance_id. - returned: always - type: str - sample: i-abc12345 - instance_id: - description: ECS instance resource ID. - returned: always - type: str - sample: i-abc12345 - image_id: - description: The ID of the image used to launch the instance. - returned: always - type: str - sample: m-0011223344 - inner_ip_address: - description: The inner IPv4 address of the classic instance. - returned: always - type: str - sample: 10.0.0.2 - instance_charge_type: - description: The instance charge type. - returned: always - type: str - sample: PostPaid - instance_name: - description: The name of the instance. - returned: always - type: str - sample: my-ecs - instance_type_family: - description: The instance type family of the instance belongs. - returned: always - type: str - sample: ecs.sn1ne - instance_type: - description: The instance type of the running instance. - returned: always - type: str - sample: ecs.sn1ne.xlarge - internet_charge_type: - description: The billing method of the network bandwidth. - returned: always - type: str - sample: PayByBandwidth - internet_max_bandwidth_in: - description: Maximum incoming bandwidth from the internet network. - returned: always - type: int - sample: 200 - internet_max_bandwidth_out: - description: Maximum incoming bandwidth from the internet network. - returned: always - type: int - sample: 20 - io_optimized: - description: Indicates whether the instance is optimized for EBS I/O. - returned: always - type: bool - sample: false - memory: - description: Memory size of the instance. - returned: always - type: int - sample: 8192 - network_interfaces: - description: One or more network interfaces for the instance. - returned: always - type: complex - contains: - mac_address: - description: The MAC address. - returned: always - type: str - sample: "00:11:22:33:44:55" - network_interface_id: - description: The ID of the network interface. - returned: always - type: str - sample: eni-01234567 - primary_ip_address: - description: The primary IPv4 address of the network interface within the vswitch. - returned: always - type: str - sample: 10.0.0.1 - osname: - description: The operation system name of the instance owned. - returned: always - type: str - sample: CentOS - ostype: - description: The operation system type of the instance owned. - returned: always - type: str - sample: linux - private_ip_address: - description: The IPv4 address of the network interface within the subnet. - returned: always - type: str - sample: 10.0.0.1 - public_ip_address: - description: The public IPv4 address assigned to the instance or eip address - returned: always - type: str - sample: 43.0.0.1 - resource_group_id: - description: The id of the resource group to which the instance belongs. - returned: always - type: str - sample: my-ecs-group - security_groups: - description: One or more security groups for the instance. - returned: always - type: list - elements: dict - contains: - group_id: - description: The ID of the security group. - returned: always - type: str - sample: sg-0123456 - group_name: - description: The name of the security group. - returned: always - type: str - sample: my-security-group + description: List of ECS instances. + returned: always + type: complex + contains: + availability_zone: + description: The availability zone of the instance is in. + returned: always + type: str + sample: cn-beijing-a + block_device_mappings: + description: Any block device mapping entries for the instance. + returned: always + type: complex + contains: + device_name: + description: The device name exposed to the instance (for example, /dev/xvda). + returned: always + type: str + sample: /dev/xvda + attach_time: + description: The time stamp when the attachment initiated. + returned: always + type: str + sample: "2018-06-25T04:08:26Z" + delete_on_termination: + description: Indicates whether the volume is deleted on instance termination. + returned: always + type: bool + sample: true status: - description: The current status of the instance. - returned: always - type: str - sample: running - tags: - description: Any tags assigned to the instance. - returned: always - type: dict - sample: - vswitch_id: - description: The ID of the vswitch in which the instance is running. - returned: always - type: str - sample: vsw-dew00abcdef - vpc_id: - description: The ID of the VPC the instance is in. - returned: always - type: str - sample: vpc-0011223344 + description: The attachment state. + returned: always + type: str + sample: in_use + volume_id: + description: The ID of the cloud disk. + returned: always + type: str + sample: d-2zei53pjsi117y6gf9t6 + cpu: + description: The CPU core count of the instance. + returned: always + type: int + sample: 4 + creation_time: + description: The time the instance was created. + returned: always + type: str + sample: "2018-06-25T04:08Z" + description: + description: The instance description. + returned: always + type: str + sample: "my ansible instance" + eip: + description: The attribution of EIP associated with the instance. + returned: always + type: complex + contains: + allocation_id: + description: The ID of the EIP. + returned: always + type: str + sample: eip-12345 + internet_charge_type: + description: The internet charge type of the EIP. + returned: always + type: str + sample: "paybybandwidth" + ip_address: + description: EIP address. + returned: always + type: str + sample: 42.10.2.2 + expired_time: + description: The time the instance will expire. + returned: always + type: str + sample: "2099-12-31T15:59Z" + gpu: + description: The attribution of instance GPU. + returned: always + type: complex + contains: + amount: + description: The count of the GPU. + returned: always + type: int + sample: 0 + spec: + description: The specification of the GPU. + returned: always + type: str + sample: "" + host_name: + description: The host name of the instance. + returned: always + type: str + sample: iZ2zewaoZ + id: + description: Alias of instance_id. + returned: always + type: str + sample: i-abc12345 + instance_id: + description: ECS instance resource ID. + returned: always + type: str + sample: i-abc12345 + image_id: + description: The ID of the image used to launch the instance. + returned: always + type: str + sample: m-0011223344 + inner_ip_address: + description: The inner IPv4 address of the classic instance. + returned: always + type: str + sample: 10.0.0.2 + instance_charge_type: + description: The instance charge type. + returned: always + type: str + sample: PostPaid + instance_name: + description: The name of the instance. + returned: always + type: str + sample: my-ecs + instance_type_family: + description: The instance type family of the instance belongs. + returned: always + type: str + sample: ecs.sn1ne + instance_type: + description: The instance type of the running instance. + returned: always + type: str + sample: ecs.sn1ne.xlarge + internet_charge_type: + description: The billing method of the network bandwidth. + returned: always + type: str + sample: PayByBandwidth + internet_max_bandwidth_in: + description: Maximum incoming bandwidth from the internet network. + returned: always + type: int + sample: 200 + internet_max_bandwidth_out: + description: Maximum incoming bandwidth from the internet network. + returned: always + type: int + sample: 20 + io_optimized: + description: Indicates whether the instance is optimized for EBS I/O. + returned: always + type: bool + sample: false + memory: + description: Memory size of the instance. + returned: always + type: int + sample: 8192 + network_interfaces: + description: One or more network interfaces for the instance. + returned: always + type: complex + contains: + mac_address: + description: The MAC address. + returned: always + type: str + sample: "00:11:22:33:44:55" + network_interface_id: + description: The ID of the network interface. + returned: always + type: str + sample: eni-01234567 + primary_ip_address: + description: The primary IPv4 address of the network interface within the vswitch. + returned: always + type: str + sample: 10.0.0.1 + osname: + description: The operation system name of the instance owned. + returned: always + type: str + sample: CentOS + ostype: + description: The operation system type of the instance owned. + returned: always + type: str + sample: linux + private_ip_address: + description: The IPv4 address of the network interface within the subnet. + returned: always + type: str + sample: 10.0.0.1 + public_ip_address: + description: The public IPv4 address assigned to the instance or EIP address. + returned: always + type: str + sample: 43.0.0.1 + resource_group_id: + description: The ID of the resource group to which the instance belongs. + returned: always + type: str + sample: my-ecs-group + security_groups: + description: One or more security groups for the instance. + returned: always + type: list + elements: dict + contains: + group_id: + description: The ID of the security group. + returned: always + type: str + sample: sg-0123456 + group_name: + description: The name of the security group. + returned: always + type: str + sample: my-security-group + status: + description: The current status of the instance. + returned: always + type: str + sample: running + tags: + description: Any tags assigned to the instance. + returned: always + type: dict + sample: + vswitch_id: + description: The ID of the vswitch in which the instance is running. + returned: always + type: str + sample: vsw-dew00abcdef + vpc_id: + description: The ID of the VPC the instance is in. + returned: always + type: str + sample: vpc-0011223344 ids: - description: List of ECS instance IDs - returned: always - type: list - sample: [i-12345er, i-3245fs] -''' + description: List of ECS instance IDs. + returned: always + type: list + sample: [i-12345er, i-3245fs] +""" from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible_collections.community.general.plugins.module_utils.alicloud_ecs import ( diff --git a/plugins/modules/alternatives.py b/plugins/modules/alternatives.py index 0d1b1e8cbe..c96aede225 100644 --- a/plugins/modules/alternatives.py +++ b/plugins/modules/alternatives.py @@ -11,19 +11,18 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: alternatives short_description: Manages alternative programs for common commands description: - - Manages symbolic links using the 'update-alternatives' tool. - - Useful when multiple programs are installed but provide similar functionality (e.g. different editors). + - Manages symbolic links using the C(update-alternatives) tool. + - Useful when multiple programs are installed but provide similar functionality (for example, different editors). author: - - Marius Rieder (@jiuka) - - David Wittman (@DavidWittman) - - Gabe Mulley (@mulby) + - Marius Rieder (@jiuka) + - David Wittman (@DavidWittman) + - Gabe Mulley (@mulby) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: full @@ -39,12 +38,16 @@ options: description: - The path to the real executable that the link should point to. type: path - required: true + family: + description: + - The family groups similar alternatives. This option is available only on RHEL-based distributions. + type: str + version_added: 10.1.0 link: description: - The path to the symbolic link that should point to the real executable. - - This option is always required on RHEL-based distributions. On Debian-based distributions this option is - required when the alternative O(name) is unknown to the system. + - This option is always required on RHEL-based distributions. On Debian-based distributions this option is required + when the alternative O(name) is unknown to the system. type: path priority: description: @@ -52,14 +55,14 @@ options: type: int state: description: - - V(present) - install the alternative (if not already installed), but do - not set it as the currently selected alternative for the group. - - V(selected) - install the alternative (if not already installed), and - set it as the currently selected alternative for the group. - - V(auto) - install the alternative (if not already installed), and - set the group to auto mode. Added in community.general 5.1.0. + - V(present) - install the alternative (if not already installed), but do not set it as the currently selected alternative + for the group. + - V(selected) - install the alternative (if not already installed), and set it as the currently selected alternative + for the group. + - V(auto) - install the alternative (if not already installed), and set the group to auto mode. Added in community.general + 5.1.0. - V(absent) - removes the alternative. Added in community.general 5.1.0. - choices: [ present, selected, auto, absent ] + choices: [present, selected, auto, absent] default: selected type: str version_added: 4.8.0 @@ -67,8 +70,7 @@ options: description: - A list of subcommands. - Each subcommand needs a name, a link and a path parameter. - - Subcommands are also named 'slaves' or 'followers', depending on the version - of alternatives. + - Subcommands are also named C(slaves) or C(followers), depending on the version of C(alternatives). type: list elements: dict aliases: ['slaves'] @@ -89,15 +91,21 @@ options: type: path required: true version_added: 5.1.0 -requirements: [ update-alternatives ] -''' +requirements: [update-alternatives] +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Correct java version selected community.general.alternatives: name: java path: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java +- name: Select java-11-openjdk.x86_64 family + community.general.alternatives: + name: java + family: java-11-openjdk.x86_64 + when: ansible_os_family == 'RedHat' + - name: Alternatives link created community.general.alternatives: name: hadoop-conf @@ -133,7 +141,7 @@ EXAMPLES = r''' - name: keytool link: /usr/bin/keytool path: /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/keytool -''' +""" import os import re @@ -182,17 +190,25 @@ class AlternativesModule(object): subcommands_parameter = self.module.params['subcommands'] priority_parameter = self.module.params['priority'] if ( - self.path not in self.current_alternatives or - (priority_parameter is not None and self.current_alternatives[self.path].get('priority') != priority_parameter) or - (subcommands_parameter is not None and ( - not all(s in subcommands_parameter for s in self.current_alternatives[self.path].get('subcommands')) or - not all(s in self.current_alternatives[self.path].get('subcommands') for s in subcommands_parameter) - )) + self.path is not None and ( + self.path not in self.current_alternatives or + (priority_parameter is not None and self.current_alternatives[self.path].get('priority') != priority_parameter) or + (subcommands_parameter is not None and ( + not all(s in subcommands_parameter for s in self.current_alternatives[self.path].get('subcommands')) or + not all(s in self.current_alternatives[self.path].get('subcommands') for s in subcommands_parameter) + )) + ) ): self.install() # Check if we need to set the preference - if self.mode_selected and self.current_path != self.path: + is_same_path = self.path is not None and self.current_path == self.path + is_same_family = False + if self.current_path is not None and self.current_path in self.current_alternatives: + current_alternative = self.current_alternatives[self.current_path] + is_same_family = current_alternative.get('family') == self.family + + if self.mode_selected and not (is_same_path or is_same_family): self.set() # Check if we need to reset to auto @@ -213,6 +229,8 @@ class AlternativesModule(object): self.module.fail_json(msg='Needed to install the alternative, but unable to do so as we are missing the link') cmd = [self.UPDATE_ALTERNATIVES, '--install', self.link, self.name, self.path, str(self.priority)] + if self.family is not None: + cmd.extend(["--family", self.family]) if self.module.params['subcommands'] is not None: subcommands = [['--slave', subcmd['link'], subcmd['name'], subcmd['path']] for subcmd in self.subcommands] @@ -228,6 +246,7 @@ class AlternativesModule(object): self.result['diff']['after'] = dict( state=AlternativeState.PRESENT, path=self.path, + family=self.family, priority=self.priority, link=self.link, ) @@ -248,9 +267,15 @@ class AlternativesModule(object): self.result['diff']['after'] = dict(state=AlternativeState.ABSENT) def set(self): - cmd = [self.UPDATE_ALTERNATIVES, '--set', self.name, self.path] + # Path takes precedence over family as it is more specific + if self.path is None: + arg = self.family + else: + arg = self.path + + cmd = [self.UPDATE_ALTERNATIVES, '--set', self.name, arg] self.result['changed'] = True - self.messages.append("Set alternative '%s' for '%s'." % (self.path, self.name)) + self.messages.append("Set alternative '%s' for '%s'." % (arg, self.name)) if not self.module.check_mode: self.module.run_command(cmd, check_rc=True) @@ -277,6 +302,10 @@ class AlternativesModule(object): def path(self): return self.module.params.get('path') + @property + def family(self): + return self.module.params.get('family') + @property def link(self): return self.module.params.get('link') or self.current_link @@ -321,7 +350,7 @@ class AlternativesModule(object): current_link_regex = re.compile(r'^\s*link \w+ is (.*)$', re.MULTILINE) subcmd_path_link_regex = re.compile(r'^\s*(?:slave|follower) (\S+) is (.*)$', re.MULTILINE) - alternative_regex = re.compile(r'^(\/.*)\s-\s(?:family\s\S+\s)?priority\s(\d+)((?:\s+(?:slave|follower).*)*)', re.MULTILINE) + alternative_regex = re.compile(r'^(\/.*)\s-\s(?:family\s(\S+)\s)?priority\s(\d+)((?:\s+(?:slave|follower).*)*)', re.MULTILINE) subcmd_regex = re.compile(r'^\s+(?:slave|follower) (.*): (.*)$', re.MULTILINE) match = current_mode_regex.search(display_output) @@ -344,11 +373,12 @@ class AlternativesModule(object): subcmd_path_map = dict(subcmd_path_link_regex.findall(display_output)) if not subcmd_path_map and self.subcommands: - subcmd_path_map = dict((s['name'], s['link']) for s in self.subcommands) + subcmd_path_map = {s['name']: s['link'] for s in self.subcommands} - for path, prio, subcmd in alternative_regex.findall(display_output): + for path, family, prio, subcmd in alternative_regex.findall(display_output): self.current_alternatives[path] = dict( priority=int(prio), + family=family, subcommands=[dict( name=name, path=spath, @@ -383,7 +413,8 @@ def main(): module = AnsibleModule( argument_spec=dict( name=dict(type='str', required=True), - path=dict(type='path', required=True), + path=dict(type='path'), + family=dict(type='str'), link=dict(type='path'), priority=dict(type='int'), state=dict( @@ -398,6 +429,7 @@ def main(): )), ), supports_check_mode=True, + required_one_of=[('path', 'family')] ) AlternativesModule(module) diff --git a/plugins/modules/android_sdk.py b/plugins/modules/android_sdk.py new file mode 100644 index 0000000000..a604a510ed --- /dev/null +++ b/plugins/modules/android_sdk.py @@ -0,0 +1,210 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Stanislav Shamilov +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +module: android_sdk +short_description: Manages Android SDK packages +description: + - Manages Android SDK packages. + - Allows installation from different channels (stable, beta, dev, canary). + - Allows installation of packages to a non-default SDK root directory. +author: Stanislav Shamilov (@shamilovstas) +extends_documentation_fragment: + - community.general.attributes +attributes: + check_mode: + support: full + diff_mode: + support: none +version_added: 10.2.0 +options: + accept_licenses: + description: + - If this is set to V(true), the module will try to accept license prompts generated by C(sdkmanager) during package + installation. Otherwise, every license prompt will be rejected. + type: bool + default: false + name: + description: + - A name of an Android SDK package (for instance, V(build-tools;34.0.0)). + aliases: ['package', 'pkg'] + type: list + elements: str + state: + description: + - Indicates the desired package(s) state. + - V(present) ensures that package(s) is/are present. + - V(absent) ensures that package(s) is/are absent. + - V(latest) ensures that package(s) is/are installed and updated to the latest version(s). + choices: ['present', 'absent', 'latest'] + default: present + type: str + sdk_root: + description: + - Provides path for an alternative directory to install Android SDK packages to. By default, all packages are installed + to the directory where C(sdkmanager) is installed. + type: path + channel: + description: + - Indicates what channel must C(sdkmanager) use for installation of packages. + choices: ['stable', 'beta', 'dev', 'canary'] + default: stable + type: str +requirements: + - C(java) >= 17 + - C(sdkmanager) Command line tool for installing Android SDK packages. +notes: + - For some of the packages installed by C(sdkmanager) is it necessary to accept licenses. Usually it is done through command + line prompt in a form of a Y/N question when a licensed package is requested to be installed. If there are several packages + requested for installation and at least two of them belong to different licenses, the C(sdkmanager) tool will prompt for + these licenses in a loop. In order to install packages, the module must be able to answer these license prompts. Currently, + it is only possible to answer one license prompt at a time, meaning that instead of installing multiple packages as a + single invocation of the C(sdkmanager --install) command, it will be done by executing the command independently for each + package. This makes sure that at most only one license prompt will need to be answered. At the time of writing this module, + a C(sdkmanager)'s package may belong to at most one license type that needs to be accepted. However, if this changes in + the future, the module may hang as there might be more prompts generated by the C(sdkmanager) tool which the module will + not be able to answer. If this becomes the case, file an issue and in the meantime, consider accepting all the licenses + in advance, as it is described in the C(sdkmanager) L(documentation,https://developer.android.com/tools/sdkmanager#accept-licenses), + for instance, using the M(ansible.builtin.command) module. +seealso: + - name: sdkmanager tool documentation + description: Detailed information of how to install and use sdkmanager command line tool. + link: https://developer.android.com/tools/sdkmanager +""" + +EXAMPLES = r""" +- name: Install build-tools;34.0.0 + community.general.android_sdk: + name: build-tools;34.0.0 + accept_licenses: true + state: present + +- name: Install build-tools;34.0.0 and platform-tools + community.general.android_sdk: + name: + - build-tools;34.0.0 + - platform-tools + accept_licenses: true + state: present + +- name: Delete build-tools;34.0.0 + community.general.android_sdk: + name: build-tools;34.0.0 + state: absent + +- name: Install platform-tools or update if installed + community.general.android_sdk: + name: platform-tools + accept_licenses: true + state: latest + +- name: Install build-tools;34.0.0 to a different SDK root + community.general.android_sdk: + name: build-tools;34.0.0 + accept_licenses: true + state: present + sdk_root: "/path/to/new/root" + +- name: Install a package from another channel + community.general.android_sdk: + name: some-package-present-in-canary-channel + accept_licenses: true + state: present + channel: canary +""" + +RETURN = r""" +installed: + description: A list of packages that have been installed. + returned: when packages have changed + type: list + sample: ['build-tools;34.0.0', 'platform-tools'] + +removed: + description: A list of packages that have been removed. + returned: when packages have changed + type: list + sample: ['build-tools;34.0.0', 'platform-tools'] +""" + +from ansible_collections.community.general.plugins.module_utils.mh.module_helper import StateModuleHelper +from ansible_collections.community.general.plugins.module_utils.android_sdkmanager import Package, AndroidSdkManager + + +class AndroidSdk(StateModuleHelper): + module = dict( + argument_spec=dict( + state=dict(type='str', default='present', choices=['present', 'absent', 'latest']), + package=dict(type='list', elements='str', aliases=['pkg', 'name']), + sdk_root=dict(type='path'), + channel=dict(type='str', default='stable', choices=['stable', 'beta', 'dev', 'canary']), + accept_licenses=dict(type='bool', default=False) + ), + supports_check_mode=True + ) + use_old_vardict = False + + def __init_module__(self): + self.sdkmanager = AndroidSdkManager(self.module) + self.vars.set('installed', [], change=True) + self.vars.set('removed', [], change=True) + + def _parse_packages(self): + arg_pkgs = set(self.vars.package) + if len(arg_pkgs) < len(self.vars.package): + self.do_raise("Packages may not repeat") + return set([Package(p) for p in arg_pkgs]) + + def state_present(self): + packages = self._parse_packages() + installed = self.sdkmanager.get_installed_packages() + pending_installation = packages.difference(installed) + + self.vars.installed = AndroidSdk._map_packages_to_names(pending_installation) + if not self.check_mode: + rc, stdout, stderr = self.sdkmanager.apply_packages_changes(pending_installation, self.vars.accept_licenses) + if rc != 0: + self.do_raise("Could not install packages: %s" % stderr) + + def state_absent(self): + packages = self._parse_packages() + installed = self.sdkmanager.get_installed_packages() + to_be_deleted = packages.intersection(installed) + self.vars.removed = AndroidSdk._map_packages_to_names(to_be_deleted) + if not self.check_mode: + rc, stdout, stderr = self.sdkmanager.apply_packages_changes(to_be_deleted) + if rc != 0: + self.do_raise("Could not uninstall packages: %s" % stderr) + + def state_latest(self): + packages = self._parse_packages() + installed = self.sdkmanager.get_installed_packages() + updatable = self.sdkmanager.get_updatable_packages() + not_installed = packages.difference(installed) + to_be_installed = not_installed.union(updatable) + self.vars.installed = AndroidSdk._map_packages_to_names(to_be_installed) + + if not self.check_mode: + rc, stdout, stderr = self.sdkmanager.apply_packages_changes(to_be_installed, self.vars.accept_licenses) + if rc != 0: + self.do_raise("Could not install packages: %s" % stderr) + + @staticmethod + def _map_packages_to_names(packages): + return [x.name for x in packages] + + +def main(): + AndroidSdk.execute() + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/ansible_galaxy_install.py b/plugins/modules/ansible_galaxy_install.py index 3b0a8fd47b..ad055dfa14 100644 --- a/plugins/modules/ansible_galaxy_install.py +++ b/plugins/modules/ansible_galaxy_install.py @@ -8,7 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ +DOCUMENTATION = r""" module: ansible_galaxy_install author: - "Alexei Znamensky (@russoz)" @@ -18,10 +18,13 @@ description: - This module allows the installation of Ansible collections or roles using C(ansible-galaxy). notes: - Support for B(Ansible 2.9/2.10) was removed in community.general 8.0.0. - - > - The module will try and run using the C(C.UTF-8) locale. - If that fails, it will try C(en_US.UTF-8). - If that one also fails, the module will fail. + - The module will try and run using the C(C.UTF-8) locale. If that fails, it will try C(en_US.UTF-8). If that one also fails, + the module will fail. +seealso: + - name: C(ansible-galaxy) command manual page + description: Manual page for the command. + link: https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html + requirements: - ansible-core 2.11 or newer extends_documentation_fragment: @@ -32,20 +35,31 @@ attributes: diff_mode: support: none options: + state: + description: + - If O(state=present) then the collection or role will be installed. Note that the collections and roles are not updated + with this option. + - Currently the O(state=latest) is ignored unless O(type=collection), and it will ensure the collection is installed + and updated to the latest available version. + - Please note that O(force=true) can be used to perform upgrade regardless of O(type). + type: str + choices: [present, latest] + default: present + version_added: 9.1.0 type: description: - The type of installation performed by C(ansible-galaxy). - If O(type=both), then O(requirements_file) must be passed and it may contain both roles and collections. - - "Note however that the opposite is not true: if using a O(requirements_file), then O(type) can be any of the three choices." + - 'Note however that the opposite is not true: if using a O(requirements_file), then O(type) can be any of the three + choices.' type: str choices: [collection, role, both] required: true name: description: - Name of the collection or role being installed. - - > - Versions can be specified with C(ansible-galaxy) usual formats. - For example, the collection V(community.docker:1.6.1) or the role V(ansistrano.deploy,3.8.0). + - Versions can be specified with C(ansible-galaxy) usual formats. For example, the collection V(community.docker:1.6.1) + or the role V(ansistrano.deploy,3.8.0). - O(name) and O(requirements_file) are mutually exclusive. type: str requirements_file: @@ -57,9 +71,8 @@ options: dest: description: - The path to the directory containing your collections or roles, according to the value of O(type). - - > - Please notice that C(ansible-galaxy) will not install collections with O(type=both), when O(requirements_file) - contains both roles and collections and O(dest) is specified. + - Please notice that C(ansible-galaxy) will not install collections with O(type=both), when O(requirements_file) contains + both roles and collections and O(dest) is specified. type: path no_deps: description: @@ -69,23 +82,14 @@ options: default: false force: description: - - Force overwriting an existing role or collection. + - Force overwriting existing roles and/or collections. + - It can be used for upgrading, but the module output will always report C(changed=true). - Using O(force=true) is mandatory when downgrading. type: bool default: false - ack_ansible29: - description: - - This option has no longer any effect and will be removed in community.general 9.0.0. - type: bool - default: false - ack_min_ansiblecore211: - description: - - This option has no longer any effect and will be removed in community.general 9.0.0. - type: bool - default: false """ -EXAMPLES = """ +EXAMPLES = r""" - name: Install collection community.network community.general.ansible_galaxy_install: type: collection @@ -107,81 +111,86 @@ EXAMPLES = """ type: collection name: community.network:3.0.2 force: true - """ -RETURN = """ - type: - description: The value of the O(type) parameter. - type: str - returned: always - name: - description: The value of the O(name) parameter. - type: str - returned: always - dest: - description: The value of the O(dest) parameter. - type: str - returned: always - requirements_file: - description: The value of the O(requirements_file) parameter. - type: str - returned: always - force: - description: The value of the O(force) parameter. - type: bool - returned: always - installed_roles: - description: - - If O(requirements_file) is specified instead, returns dictionary with all the roles installed per path. - - If O(name) is specified, returns that role name and the version installed per path. - type: dict - returned: always when installing roles - contains: - "": - description: Roles and versions for that path. - type: dict - sample: - /home/user42/.ansible/roles: - ansistrano.deploy: 3.9.0 - baztian.xfce: v0.0.3 - /custom/ansible/roles: - ansistrano.deploy: 3.8.0 - installed_collections: - description: - - If O(requirements_file) is specified instead, returns dictionary with all the collections installed per path. - - If O(name) is specified, returns that collection name and the version installed per path. - type: dict - returned: always when installing collections - contains: - "": - description: Collections and versions for that path - type: dict - sample: - /home/az/.ansible/collections/ansible_collections: - community.docker: 1.6.0 - community.general: 3.0.2 - /custom/ansible/ansible_collections: - community.general: 3.1.0 - new_collections: - description: New collections installed by this module. - returned: success - type: dict - sample: - community.general: 3.1.0 - community.docker: 1.6.1 - new_roles: - description: New roles installed by this module. - returned: success - type: dict - sample: - ansistrano.deploy: 3.8.0 +RETURN = r""" +type: + description: The value of the O(type) parameter. + type: str + returned: always +name: + description: The value of the O(name) parameter. + type: str + returned: always +dest: + description: The value of the O(dest) parameter. + type: str + returned: always +requirements_file: + description: The value of the O(requirements_file) parameter. + type: str + returned: always +force: + description: The value of the O(force) parameter. + type: bool + returned: always +installed_roles: + description: + - If O(requirements_file) is specified instead, returns dictionary with all the roles installed per path. + - If O(name) is specified, returns that role name and the version installed per path. + type: dict + returned: always when installing roles + contains: + "": + description: Roles and versions for that path. + type: dict + sample: + /home/user42/.ansible/roles: + ansistrano.deploy: 3.9.0 baztian.xfce: v0.0.3 + /custom/ansible/roles: + ansistrano.deploy: 3.8.0 +installed_collections: + description: + - If O(requirements_file) is specified instead, returns dictionary with all the collections installed per path. + - If O(name) is specified, returns that collection name and the version installed per path. + type: dict + returned: always when installing collections + contains: + "": + description: Collections and versions for that path. + type: dict + sample: + /home/az/.ansible/collections/ansible_collections: + community.docker: 1.6.0 + community.general: 3.0.2 + /custom/ansible/ansible_collections: + community.general: 3.1.0 +new_collections: + description: New collections installed by this module. + returned: success + type: dict + sample: + community.general: 3.1.0 + community.docker: 1.6.1 +new_roles: + description: New roles installed by this module. + returned: success + type: dict + sample: + ansistrano.deploy: 3.8.0 + baztian.xfce: v0.0.3 +version: + description: Version of ansible-core for ansible-galaxy. + type: str + returned: always + sample: 2.17.4 + version_added: 10.0.0 """ import re -from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt as fmt +from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper, ModuleHelperException @@ -190,47 +199,40 @@ class AnsibleGalaxyInstall(ModuleHelper): _RE_LIST_PATH = re.compile(r'^# (?P.*)$') _RE_LIST_COLL = re.compile(r'^(?P\w+\.\w+)\s+(?P[\d\.]+)\s*$') _RE_LIST_ROLE = re.compile(r'^- (?P\w+\.\w+),\s+(?P[\d\.]+)\s*$') - _RE_INSTALL_OUTPUT = None # Set after determining ansible version, see __init_module__() + _RE_INSTALL_OUTPUT = re.compile( + r'^(?:(?P\w+\.\w+):(?P[\d\.]+)|- (?P\w+\.\w+) \((?P[\d\.]+)\)) was installed successfully$' + ) ansible_version = None output_params = ('type', 'name', 'dest', 'requirements_file', 'force', 'no_deps') module = dict( argument_spec=dict( + state=dict(type='str', choices=['present', 'latest'], default='present'), type=dict(type='str', choices=('collection', 'role', 'both'), required=True), name=dict(type='str'), requirements_file=dict(type='path'), dest=dict(type='path'), force=dict(type='bool', default=False), no_deps=dict(type='bool', default=False), - ack_ansible29=dict( - type='bool', - default=False, - removed_in_version='9.0.0', - removed_from_collection='community.general', - ), - ack_min_ansiblecore211=dict( - type='bool', - default=False, - removed_in_version='9.0.0', - removed_from_collection='community.general', - ), ), mutually_exclusive=[('name', 'requirements_file')], required_one_of=[('name', 'requirements_file')], required_if=[('type', 'both', ['requirements_file'])], supports_check_mode=False, ) + use_old_vardict = False command = 'ansible-galaxy' command_args_formats = dict( - type=fmt.as_func(lambda v: [] if v == 'both' else [v]), - galaxy_cmd=fmt.as_list(), - requirements_file=fmt.as_opt_val('-r'), - dest=fmt.as_opt_val('-p'), - force=fmt.as_bool("--force"), - no_deps=fmt.as_bool("--no-deps"), - version=fmt.as_bool("--version"), - name=fmt.as_list(), + type=cmd_runner_fmt.as_func(lambda v: [] if v == 'both' else [v]), + galaxy_cmd=cmd_runner_fmt.as_list(), + upgrade=cmd_runner_fmt.as_bool("--upgrade"), + requirements_file=cmd_runner_fmt.as_opt_val('-r'), + dest=cmd_runner_fmt.as_opt_val('-p'), + force=cmd_runner_fmt.as_bool("--force"), + no_deps=cmd_runner_fmt.as_bool("--no-deps"), + version=cmd_runner_fmt.as_fixed("--version"), + name=cmd_runner_fmt.as_list(), ) def _make_runner(self, lang): @@ -248,31 +250,22 @@ class AnsibleGalaxyInstall(ModuleHelper): if not match: self.do_raise("Unable to determine ansible-galaxy version from: {0}".format(line)) version = match.group("version") - version = tuple(int(x) for x in version.split('.')[:3]) return version try: runner = self._make_runner("C.UTF-8") with runner("version", check_rc=False, output_process=process) as ctx: - return runner, ctx.run(version=True) - except UnsupportedLocale as e: + return runner, ctx.run() + except UnsupportedLocale: runner = self._make_runner("en_US.UTF-8") with runner("version", check_rc=True, output_process=process) as ctx: - return runner, ctx.run(version=True) + return runner, ctx.run() def __init_module__(self): - # self.runner = CmdRunner(self.module, command=self.command, arg_formats=self.command_args_formats, force_lang=self.force_lang) - self.runner, self.ansible_version = self._get_ansible_galaxy_version() + self.runner, self.vars.version = self._get_ansible_galaxy_version() + self.ansible_version = tuple(int(x) for x in self.vars.version.split('.')[:3]) if self.ansible_version < (2, 11): - self.module.fail_json( - msg="Support for Ansible 2.9 and ansible-base 2.10 has ben removed." - ) - # Collection install output changed: - # ansible-base 2.10: "coll.name (x.y.z)" - # ansible-core 2.11+: "coll.name:x.y.z" - self._RE_INSTALL_OUTPUT = re.compile(r'^(?:(?P\w+\.\w+)(?: \(|:)(?P[\d\.]+)\)?' - r'|- (?P\w+\.\w+) \((?P[\d\.]+)\))' - r' was installed successfully$') + self.module.fail_json(msg="Support for Ansible 2.9 and ansible-base 2.10 has been removed.") self.vars.set("new_collections", {}, change=True) self.vars.set("new_roles", {}, change=True) if self.vars.type != "collection": @@ -325,8 +318,9 @@ class AnsibleGalaxyInstall(ModuleHelper): elif match.group("role"): self.vars.new_roles[match.group("role")] = match.group("rversion") - with self.runner("type galaxy_cmd force no_deps dest requirements_file name", output_process=process) as ctx: - ctx.run(galaxy_cmd="install") + upgrade = (self.vars.type == "collection" and self.vars.state == "latest") + with self.runner("type galaxy_cmd upgrade force no_deps dest requirements_file name", output_process=process) as ctx: + ctx.run(galaxy_cmd="install", upgrade=upgrade) if self.verbosity > 2: self.vars.set("run_info", ctx.run_info) diff --git a/plugins/modules/apache2_mod_proxy.py b/plugins/modules/apache2_mod_proxy.py index 8f561e8ae0..f70294bad1 100644 --- a/plugins/modules/apache2_mod_proxy.py +++ b/plugins/modules/apache2_mod_proxy.py @@ -9,19 +9,17 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: apache2_mod_proxy author: Olivier Boukili (@oboukili) short_description: Set and/or get members' attributes of an Apache httpd 2.4 mod_proxy balancer pool description: - - Set and/or get members' attributes of an Apache httpd 2.4 mod_proxy balancer - pool, using HTTP POST and GET requests. The httpd mod_proxy balancer-member - status page has to be enabled and accessible, as this module relies on parsing - this page. This module supports ansible check_mode, and requires BeautifulSoup - python module. + - Set and/or get members' attributes of an Apache httpd 2.4 mod_proxy balancer pool, using HTTP POST and GET requests. The + httpd mod_proxy balancer-member status page has to be enabled and accessible, as this module relies on parsing this page. extends_documentation_fragment: - community.general.attributes +requirements: + - Python package C(BeautifulSoup). attributes: check_mode: support: full @@ -31,28 +29,25 @@ options: balancer_url_suffix: type: str description: - - Suffix of the balancer pool url required to access the balancer pool - status page (e.g. balancer_vhost[:port]/balancer_url_suffix). + - Suffix of the balancer pool URL required to access the balancer pool status page (for example V(balancer_vhost[:port]/balancer_url_suffix)). default: /balancer-manager/ balancer_vhost: type: str description: - - (ipv4|ipv6|fqdn):port of the Apache httpd 2.4 mod_proxy balancer pool. + - (IPv4|IPv6|FQDN):port of the Apache httpd 2.4 mod_proxy balancer pool. required: true member_host: type: str description: - - (ipv4|ipv6|fqdn) of the balancer member to get or to set attributes to. - Port number is autodetected and should not be specified here. - If undefined, apache2_mod_proxy module will return a members list of - dictionaries of all the current balancer pool members' attributes. + - (IPv4|IPv6|FQDN) of the balancer member to get or to set attributes to. Port number is autodetected and should not + be specified here. If undefined, apache2_mod_proxy module will return a members list of dictionaries of all the current + balancer pool members' attributes. state: type: str description: - - Desired state of the member host. - (absent|disabled),drained,hot_standby,ignore_errors can be - simultaneously invoked by separating them with a comma (e.g. state=drained,ignore_errors). - - 'Accepted state values: ["present", "absent", "enabled", "disabled", "drained", "hot_standby", "ignore_errors"]' + - Desired state of the member host. (absent|disabled),drained,hot_standby,ignore_errors can be simultaneously invoked + by separating them with a comma (for example V(state=drained,ignore_errors)). + - 'Accepted state values: [V(present), V(absent), V(enabled), V(disabled), V(drained), V(hot_standby), V(ignore_errors)].' tls: description: - Use https to access balancer management page. @@ -63,9 +58,9 @@ options: - Validate ssl/tls certificates. type: bool default: true -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Get all current balancer pool members attributes community.general.apache2_mod_proxy: balancer_vhost: 10.0.0.2 @@ -110,98 +105,98 @@ EXAMPLES = ''' member_host: '{{ member.host }}' state: absent delegate_to: myloadbalancernode -''' +""" -RETURN = ''' +RETURN = r""" member: - description: specific balancer member information dictionary, returned when apache2_mod_proxy module is invoked with member_host parameter. - type: dict - returned: success - sample: - {"attributes": - {"Busy": "0", - "Elected": "42", - "Factor": "1", - "From": "136K", - "Load": "0", - "Route": null, - "RouteRedir": null, - "Set": "0", - "Status": "Init Ok ", - "To": " 47K", - "Worker URL": null - }, - "balancer_url": "http://10.10.0.2/balancer-manager/", - "host": "10.10.0.20", - "management_url": "http://10.10.0.2/lb/?b=mywsbalancer&w=http://10.10.0.20:8080/ws&nonce=8925436c-79c6-4841-8936-e7d13b79239b", - "path": "/ws", - "port": 8080, - "protocol": "http", - "status": { - "disabled": false, - "drained": false, - "hot_standby": false, - "ignore_errors": false - } + description: specific balancer member information dictionary, returned when apache2_mod_proxy module is invoked with C(member_host) parameter. + type: dict + returned: success + sample: + {"attributes": + {"Busy": "0", + "Elected": "42", + "Factor": "1", + "From": "136K", + "Load": "0", + "Route": null, + "RouteRedir": null, + "Set": "0", + "Status": "Init Ok ", + "To": " 47K", + "Worker URL": null + }, + "balancer_url": "http://10.10.0.2/balancer-manager/", + "host": "10.10.0.20", + "management_url": "http://10.10.0.2/lb/?b=mywsbalancer&w=http://10.10.0.20:8080/ws&nonce=8925436c-79c6-4841-8936-e7d13b79239b", + "path": "/ws", + "port": 8080, + "protocol": "http", + "status": { + "disabled": false, + "drained": false, + "hot_standby": false, + "ignore_errors": false } + } members: - description: list of member (defined above) dictionaries, returned when apache2_mod_proxy is invoked with no member_host and state args. - returned: success - type: list - sample: - [{"attributes": { - "Busy": "0", - "Elected": "42", - "Factor": "1", - "From": "136K", - "Load": "0", - "Route": null, - "RouteRedir": null, - "Set": "0", - "Status": "Init Ok ", - "To": " 47K", - "Worker URL": null - }, - "balancer_url": "http://10.10.0.2/balancer-manager/", - "host": "10.10.0.20", - "management_url": "http://10.10.0.2/lb/?b=mywsbalancer&w=http://10.10.0.20:8080/ws&nonce=8925436c-79c6-4841-8936-e7d13b79239b", - "path": "/ws", - "port": 8080, - "protocol": "http", - "status": { - "disabled": false, - "drained": false, - "hot_standby": false, - "ignore_errors": false - } - }, - {"attributes": { - "Busy": "0", - "Elected": "42", - "Factor": "1", - "From": "136K", - "Load": "0", - "Route": null, - "RouteRedir": null, - "Set": "0", - "Status": "Init Ok ", - "To": " 47K", - "Worker URL": null - }, - "balancer_url": "http://10.10.0.2/balancer-manager/", - "host": "10.10.0.21", - "management_url": "http://10.10.0.2/lb/?b=mywsbalancer&w=http://10.10.0.21:8080/ws&nonce=8925436c-79c6-4841-8936-e7d13b79239b", - "path": "/ws", - "port": 8080, - "protocol": "http", - "status": { - "disabled": false, - "drained": false, - "hot_standby": false, - "ignore_errors": false} - } - ] -''' + description: list of member (defined above) dictionaries, returned when apache2_mod_proxy is invoked with no C(member_host) and state args. + returned: success + type: list + sample: + [{"attributes": { + "Busy": "0", + "Elected": "42", + "Factor": "1", + "From": "136K", + "Load": "0", + "Route": null, + "RouteRedir": null, + "Set": "0", + "Status": "Init Ok ", + "To": " 47K", + "Worker URL": null + }, + "balancer_url": "http://10.10.0.2/balancer-manager/", + "host": "10.10.0.20", + "management_url": "http://10.10.0.2/lb/?b=mywsbalancer&w=http://10.10.0.20:8080/ws&nonce=8925436c-79c6-4841-8936-e7d13b79239b", + "path": "/ws", + "port": 8080, + "protocol": "http", + "status": { + "disabled": false, + "drained": false, + "hot_standby": false, + "ignore_errors": false + } + }, + {"attributes": { + "Busy": "0", + "Elected": "42", + "Factor": "1", + "From": "136K", + "Load": "0", + "Route": null, + "RouteRedir": null, + "Set": "0", + "Status": "Init Ok ", + "To": " 47K", + "Worker URL": null + }, + "balancer_url": "http://10.10.0.2/balancer-manager/", + "host": "10.10.0.21", + "management_url": "http://10.10.0.2/lb/?b=mywsbalancer&w=http://10.10.0.21:8080/ws&nonce=8925436c-79c6-4841-8936-e7d13b79239b", + "path": "/ws", + "port": 8080, + "protocol": "http", + "status": { + "disabled": false, + "drained": false, + "hot_standby": false, + "ignore_errors": false} + } + ] +""" import re import traceback @@ -277,7 +272,7 @@ class BalancerMember(object): for valuesset in subsoup[1::1]: if re.search(pattern=self.host, string=str(valuesset)): values = valuesset.findAll('td') - return dict((keys[x].string, values[x].string) for x in range(0, len(keys))) + return {keys[x].string: values[x].string for x in range(0, len(keys))} def get_member_status(self): """ Returns a dictionary of a balancer member's status attributes.""" @@ -286,7 +281,7 @@ class BalancerMember(object): 'hot_standby': 'Stby', 'ignore_errors': 'Ign'} actual_status = str(self.attributes['Status']) - status = dict((mode, patt in actual_status) for mode, patt in iteritems(status_mapping)) + status = {mode: patt in actual_status for mode, patt in iteritems(status_mapping)} return status def set_member_status(self, values): diff --git a/plugins/modules/apache2_module.py b/plugins/modules/apache2_module.py index a9fd72b24f..cacb870ee0 100644 --- a/plugins/modules/apache2_module.py +++ b/plugins/modules/apache2_module.py @@ -9,66 +9,64 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: apache2_module author: - - Christian Berendt (@berendt) - - Ralf Hertel (@n0trax) - - Robin Roth (@robinro) + - Christian Berendt (@berendt) + - Ralf Hertel (@n0trax) + - Robin Roth (@robinro) short_description: Enables/disables a module of the Apache2 webserver description: - - Enables or disables a specified module of the Apache2 webserver. + - Enables or disables a specified module of the Apache2 webserver. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - type: str - description: - - Name of the module to enable/disable as given to C(a2enmod/a2dismod). - required: true - identifier: - type: str - description: - - Identifier of the module as listed by C(apache2ctl -M). - This is optional and usually determined automatically by the common convention of - appending V(_module) to O(name) as well as custom exception for popular modules. - required: false - force: - description: - - Force disabling of default modules and override Debian warnings. - required: false - type: bool - default: false - state: - type: str - description: - - Desired state of the module. - choices: ['present', 'absent'] - default: present - ignore_configcheck: - description: - - Ignore configuration checks about inconsistent module configuration. Especially for mpm_* modules. - type: bool - default: false - warn_mpm_absent: - description: - - Control the behavior of the warning process for MPM modules. - type: bool - default: true - version_added: 6.3.0 -requirements: ["a2enmod","a2dismod"] + name: + type: str + description: + - Name of the module to enable/disable as given to C(a2enmod)/C(a2dismod). + required: true + identifier: + type: str + description: + - Identifier of the module as listed by C(apache2ctl -M). This is optional and usually determined automatically by the + common convention of appending V(_module) to O(name) as well as custom exception for popular modules. + required: false + force: + description: + - Force disabling of default modules and override Debian warnings. + required: false + type: bool + default: false + state: + type: str + description: + - Desired state of the module. + choices: ['present', 'absent'] + default: present + ignore_configcheck: + description: + - Ignore configuration checks about inconsistent module configuration. Especially for mpm_* modules. + type: bool + default: false + warn_mpm_absent: + description: + - Control the behavior of the warning process for MPM modules. + type: bool + default: true + version_added: 6.3.0 +requirements: ["a2enmod", "a2dismod"] notes: - - This does not work on RedHat-based distributions. It does work on Debian- and SuSE-based distributions. - Whether it works on others depend on whether the C(a2enmod) and C(a2dismod) tools are available or not. -''' + - This does not work on RedHat-based distributions. It does work on Debian- and SuSE-based distributions. Whether it works + on others depend on whether the C(a2enmod) and C(a2dismod) tools are available or not. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Enable the Apache2 module wsgi community.general.apache2_module: state: present @@ -98,40 +96,40 @@ EXAMPLES = ''' warn_mpm_absent: false ignore_configcheck: true loop: - - module: mpm_event - state: absent - - module: mpm_prefork - state: present + - module: mpm_event + state: absent + - module: mpm_prefork + state: present - name: Enable dump_io module, which is identified as dumpio_module inside apache2 community.general.apache2_module: state: present name: dump_io identifier: dumpio_module -''' +""" -RETURN = ''' +RETURN = r""" result: - description: message about action taken - returned: always - type: str + description: Message about action taken. + returned: always + type: str warnings: - description: list of warning messages - returned: when needed - type: list + description: List of warning messages. + returned: when needed + type: list rc: - description: return code of underlying command - returned: failed - type: int + description: Return code of underlying command. + returned: failed + type: int stdout: - description: stdout of underlying command - returned: failed - type: str + description: The stdout of underlying command. + returned: failed + type: str stderr: - description: stderr of underlying command - returned: failed - type: str -''' + description: The stderr of underlying command. + returned: failed + type: str +""" import re diff --git a/plugins/modules/apk.py b/plugins/modules/apk.py index a6b058b932..7f1f83ce56 100644 --- a/plugins/modules/apk.py +++ b/plugins/modules/apk.py @@ -12,8 +12,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: apk short_description: Manages apk packages description: @@ -29,15 +28,15 @@ attributes: options: available: description: - - During upgrade, reset versioned world dependencies and change logic to prefer replacing or downgrading packages (instead of holding them) - if the currently installed package is no longer available from any repository. + - During upgrade, reset versioned world dependencies and change logic to prefer replacing or downgrading packages (instead + of holding them) if the currently installed package is no longer available from any repository. type: bool default: false name: description: - A package name, like V(foo), or multiple packages, like V(foo,bar). - - Do not include additional whitespace when specifying multiple packages as a string. - Prefer YAML lists over comma-separating multiple package names. + - Do not include additional whitespace when specifying multiple packages as a string. Prefer YAML lists over comma-separating + multiple package names. type: list elements: str no_cache: @@ -48,8 +47,8 @@ options: version_added: 1.0.0 repository: description: - - A package repository or multiple repositories. - Unlike with the underlying apk command, this list will override the system repositories rather than supplement them. + - A package repository or multiple repositories. Unlike with the underlying apk command, this list will override the + system repositories rather than supplement them. type: list elements: str state: @@ -59,7 +58,7 @@ options: - V(absent) ensures the package(s) is/are absent. V(removed) can be used as an alias. - V(latest) ensures the package(s) is/are present and the latest version(s). default: present - choices: [ "present", "absent", "latest", "installed", "removed" ] + choices: ["present", "absent", "latest", "installed", "removed"] type: str update_cache: description: @@ -73,16 +72,18 @@ options: default: false world: description: - - Use a custom world file when checking for explicitly installed packages. + - Use a custom world file when checking for explicitly installed packages. The file is used only when a value is provided + for O(name), and O(state) is set to V(present) or V(latest). type: str default: /etc/apk/world version_added: 5.4.0 notes: - - 'O(name) and O(upgrade) are mutually exclusive.' - - When used with a C(loop:) each package will be processed individually, it is much more efficient to pass the list directly to the O(name) option. -''' + - O(name) and O(upgrade) are mutually exclusive. + - When used with a C(loop:) each package will be processed individually, it is much more efficient to pass the list directly + to the O(name) option. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Update repositories and install foo package community.general.apk: name: foo @@ -156,15 +157,15 @@ EXAMPLES = ''' name: foo state: latest world: /etc/apk/world.custom -''' +""" -RETURN = ''' +RETURN = r""" packages: - description: a list of packages that have been changed - returned: when packages have changed - type: list - sample: ['package', 'other-package'] -''' + description: A list of packages that have been changed. + returned: when packages have changed + type: list + sample: ['package', 'other-package'] +""" import re # Import module snippets. diff --git a/plugins/modules/apt_repo.py b/plugins/modules/apt_repo.py index 4c82587d03..87df0064ca 100644 --- a/plugins/modules/apt_repo.py +++ b/plugins/modules/apt_repo.py @@ -9,16 +9,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: apt_repo -short_description: Manage APT repositories via apt-repo +short_description: Manage APT repositories using C(apt-repo) description: - - Manages APT repositories using apt-repo tool. - - See U(https://www.altlinux.org/Apt-repo) for details about apt-repo + - Manages APT repositories using C(apt-repo) tool. + - See U(https://www.altlinux.org/Apt-repo) for details about C(apt-repo). notes: - - This module works on ALT based distros. - - Does NOT support checkmode, due to a limitation in apt-repo tool. + - This module works on ALT based distros. + - Does NOT support checkmode, due to a limitation in C(apt-repo) tool. extends_documentation_fragment: - community.general.attributes attributes: @@ -35,13 +34,13 @@ options: state: description: - Indicates the desired repository state. - choices: [ absent, present ] + choices: [absent, present] default: present type: str remove_others: description: - - Remove other then added repositories - - Used if O(state=present) + - Remove other then added repositories. + - Used if O(state=present). type: bool default: false update: @@ -50,10 +49,10 @@ options: type: bool default: false author: -- Mikhail Gordeev (@obirvalger) -''' + - Mikhail Gordeev (@obirvalger) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Remove all repositories community.general.apt_repo: repo: all @@ -70,9 +69,9 @@ EXAMPLES = ''' repo: copy:///space/ALT/Sisyphus state: present update: true -''' +""" -RETURN = ''' # ''' +RETURN = """ # """ import os diff --git a/plugins/modules/apt_rpm.py b/plugins/modules/apt_rpm.py index de1b574114..5a5ba57faf 100644 --- a/plugins/modules/apt_rpm.py +++ b/plugins/modules/apt_rpm.py @@ -11,8 +11,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: apt_rpm short_description: APT-RPM package manager description: @@ -28,28 +27,37 @@ options: package: description: - List of packages to install, upgrade, or remove. - - Since community.general 8.0.0, may include paths to local C(.rpm) files - if O(state=installed) or O(state=present), requires C(rpm) python - module. - aliases: [ name, pkg ] + - Since community.general 8.0.0, may include paths to local C(.rpm) files if O(state=installed) or O(state=present), + requires C(rpm) Python module. + aliases: [name, pkg] type: list elements: str state: description: - Indicates the desired package state. - choices: [ absent, present, installed, removed ] + - Please note that V(present) and V(installed) are equivalent to V(latest) right now. This will change in the future. + To simply ensure that a package is installed, without upgrading it, use the V(present_not_latest) state. + - The states V(latest) and V(present_not_latest) have been added in community.general 8.6.0. + choices: + - absent + - present + - present_not_latest + - installed + - removed + - latest default: present type: str update_cache: description: - - Run the equivalent of C(apt-get update) before the operation. Can be run as part of the package installation or as a separate step. + - Run the equivalent of C(apt-get update) before the operation. Can be run as part of the package installation or as + a separate step. - Default is not to update the cache. type: bool default: false clean: description: - - Run the equivalent of C(apt-get clean) to clear out the local repository of retrieved package files. It removes everything but - the lock file from C(/var/cache/apt/archives/) and C(/var/cache/apt/archives/partial/). + - Run the equivalent of C(apt-get clean) to clear out the local repository of retrieved package files. It removes everything + but the lock file from C(/var/cache/apt/archives/) and C(/var/cache/apt/archives/partial/). - Can be run as part of the package installation (clean runs before install) or as a separate step. type: bool default: false @@ -67,13 +75,12 @@ options: default: false version_added: 6.5.0 requirements: - - C(rpm) python package (rpm bindings), optional. Required if O(package) - option includes local files. + - C(rpm) Python package (rpm bindings), optional. Required if O(package) option includes local files. author: -- Evgenii Terechkov (@evgkrsk) -''' + - Evgenii Terechkov (@evgkrsk) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install package foo community.general.apt_rpm: pkg: foo @@ -112,7 +119,7 @@ EXAMPLES = ''' update_cache: true dist_upgrade: true update_kernel: true -''' +""" import os import re @@ -160,7 +167,7 @@ def local_rpm_package_name(path): def query_package(module, name): # rpm -q returns 0 if the package is installed, # 1 if it is not installed - rc, out, err = module.run_command("%s -q %s" % (RPM_PATH, name)) + rc, out, err = module.run_command([RPM_PATH, "-q", name]) if rc == 0: return True else: @@ -180,7 +187,7 @@ def check_package_version(module, name): return False -def query_package_provides(module, name): +def query_package_provides(module, name, allow_upgrade=False): # rpm -q returns 0 if the package is installed, # 1 if it is not installed if name.endswith('.rpm'): @@ -193,12 +200,13 @@ def query_package_provides(module, name): name = local_rpm_package_name(name) - rc, out, err = module.run_command("%s -q --provides %s" % (RPM_PATH, name)) + rc, out, err = module.run_command([RPM_PATH, "-q", "--provides", name]) if rc == 0: + if not allow_upgrade: + return True if check_package_version(module, name): return True - else: - return False + return False def update_package_db(module): @@ -242,7 +250,7 @@ def remove_packages(module, packages): if not query_package(module, package): continue - rc, out, err = module.run_command("%s -y remove %s" % (APT_PATH, package), environ_update={"LANG": "C"}) + rc, out, err = module.run_command([APT_PATH, "-y", "remove", package], environ_update={"LANG": "C"}) if rc != 0: module.fail_json(msg="failed to remove %s: %s" % (package, err)) @@ -255,28 +263,28 @@ def remove_packages(module, packages): return (False, "package(s) already absent") -def install_packages(module, pkgspec): +def install_packages(module, pkgspec, allow_upgrade=False): if pkgspec is None: return (False, "Empty package list") - packages = "" + packages = [] for package in pkgspec: - if not query_package_provides(module, package): - packages += "'%s' " % package + if not query_package_provides(module, package, allow_upgrade=allow_upgrade): + packages.append(package) - if len(packages) != 0: - - rc, out, err = module.run_command("%s -y install %s" % (APT_PATH, packages), environ_update={"LANG": "C"}) + if packages: + command = [APT_PATH, "-y", "install"] + packages + rc, out, err = module.run_command(command, environ_update={"LANG": "C"}) installed = True - for packages in pkgspec: - if not query_package_provides(module, package): + for package in pkgspec: + if not query_package_provides(module, package, allow_upgrade=False): installed = False # apt-rpm always have 0 for exit code if --force is used if rc or not installed: - module.fail_json(msg="'apt-get -y install %s' failed: %s" % (packages, err)) + module.fail_json(msg="'%s' failed: %s" % (" ".join(command), err)) else: return (True, "%s present(s)" % packages) else: @@ -286,7 +294,7 @@ def install_packages(module, pkgspec): def main(): module = AnsibleModule( argument_spec=dict( - state=dict(type='str', default='present', choices=['absent', 'installed', 'present', 'removed']), + state=dict(type='str', default='present', choices=['absent', 'installed', 'present', 'removed', 'present_not_latest', 'latest']), update_cache=dict(type='bool', default=False), clean=dict(type='bool', default=False), dist_upgrade=dict(type='bool', default=False), @@ -299,6 +307,18 @@ def main(): module.fail_json(msg="cannot find /usr/bin/apt-get and/or /usr/bin/rpm") p = module.params + if p['state'] in ['installed', 'present']: + module.deprecate( + 'state=%s currently behaves unexpectedly by always upgrading to the latest version if' + ' the package is already installed. This behavior is deprecated and will change in' + ' community.general 11.0.0. You can use state=latest to explicitly request this behavior' + ' or state=present_not_latest to explicitly request the behavior that state=%s will have' + ' in community.general 11.0.0, namely that the package will not be upgraded if it is' + ' already installed.' % (p['state'], p['state']), + version='11.0.0', + collection_name='community.general', + ) + modified = False output = "" @@ -320,8 +340,8 @@ def main(): output += out packages = p['package'] - if p['state'] in ['installed', 'present']: - (m, out) = install_packages(module, packages) + if p['state'] in ['installed', 'present', 'present_not_latest', 'latest']: + (m, out) = install_packages(module, packages, allow_upgrade=p['state'] != 'present_not_latest') modified = modified or m output += out diff --git a/plugins/modules/archive.py b/plugins/modules/archive.py index 6784aa1ac3..4e4b6368ce 100644 --- a/plugins/modules/archive.py +++ b/plugins/modules/archive.py @@ -10,17 +10,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: archive short_description: Creates a compressed archive of one or more files or trees extends_documentation_fragment: - - files - - community.general.attributes + - files + - community.general.attributes description: - - Creates or extends an archive. - - The source and archive are on the remote host, and the archive I(is not) copied to the local host. - - Source files can be deleted after archival by specifying O(remove=True). + - Creates or extends an archive. + - The source and archive are on the target host, and the archive I(is not) copied to the controller host. + - Source files can be deleted after archival by specifying O(remove=True). attributes: check_mode: support: full @@ -37,17 +36,19 @@ options: description: - The type of compression to use. type: str - choices: [ bz2, gz, tar, xz, zip ] + choices: [bz2, gz, tar, xz, zip] default: gz dest: description: - The file name of the destination archive. The parent directory must exists on the remote host. - - This is required when O(path) refers to multiple files by either specifying a glob, a directory or multiple paths in a list. + - This is required when O(path) refers to multiple files by either specifying a glob, a directory or multiple paths + in a list. - If the destination archive already exists, it will be truncated and overwritten. type: path exclude_path: description: - - Remote absolute path, glob, or list of paths or globs for the file or files to exclude from O(path) list and glob expansion. + - Remote absolute path, glob, or list of paths or globs for the file or files to exclude from O(path) list and glob + expansion. - Use O(exclusion_patterns) to instead exclude files or subdirectories below any of the paths from the O(path) list. type: list elements: path @@ -72,18 +73,19 @@ options: type: bool default: false notes: - - Can produce C(gzip), C(bzip2), C(lzma), and C(zip) compressed files or archives. - - This module uses C(tarfile), C(zipfile), C(gzip), and C(bz2) packages on the target host to create archives. - These are part of the Python standard library for Python 2 and 3. + - Can produce C(gzip), C(bzip2), C(lzma), and C(zip) compressed files or archives. + - This module uses C(tarfile), C(zipfile), C(gzip), and C(bz2) packages on the target host to create archives. These are + part of the Python standard library for Python 2 and 3. requirements: - - Requires C(lzma) (standard library of Python 3) or L(backports.lzma, https://pypi.org/project/backports.lzma/) (Python 2) if using C(xz) format. + - Requires C(lzma) (standard library of Python 3) or L(backports.lzma, https://pypi.org/project/backports.lzma/) (Python + 2) if using C(xz) format. seealso: - - module: ansible.builtin.unarchive + - module: ansible.builtin.unarchive author: - - Ben Doherty (@bendoh) -''' + - Ben Doherty (@bendoh) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Compress directory /path/to/foo/ into /path/to/foo.tgz community.general.archive: path: /path/to/foo @@ -102,28 +104,28 @@ EXAMPLES = r''' - name: Create a bz2 archive of multiple files, rooted at /path community.general.archive: path: - - /path/to/foo - - /path/wong/foo + - /path/to/foo + - /path/wong/foo dest: /path/file.tar.bz2 format: bz2 - name: Create a bz2 archive of a globbed path, while excluding specific dirnames community.general.archive: path: - - /path/to/foo/* + - /path/to/foo/* dest: /path/file.tar.bz2 exclude_path: - - /path/to/foo/bar - - /path/to/foo/baz + - /path/to/foo/bar + - /path/to/foo/baz format: bz2 - name: Create a bz2 archive of a globbed path, while excluding a glob of dirnames community.general.archive: path: - - /path/to/foo/* + - /path/to/foo/* dest: /path/file.tar.bz2 exclude_path: - - /path/to/foo/ba* + - /path/to/foo/ba* format: bz2 - name: Use gzip to compress a single archive (i.e don't archive it first with tar) @@ -138,45 +140,44 @@ EXAMPLES = r''' dest: /path/file.tar.gz format: gz force_archive: true -''' +""" -RETURN = r''' +RETURN = r""" state: - description: - The state of the input O(path). - type: str - returned: always + description: The state of the input O(path). + type: str + returned: always dest_state: - description: - - The state of the O(dest) file. - - V(absent) when the file does not exist. - - V(archive) when the file is an archive. - - V(compress) when the file is compressed, but not an archive. - - V(incomplete) when the file is an archive, but some files under O(path) were not found. - type: str - returned: success - version_added: 3.4.0 + description: + - The state of the O(dest) file. + - V(absent) when the file does not exist. + - V(archive) when the file is an archive. + - V(compress) when the file is compressed, but not an archive. + - V(incomplete) when the file is an archive, but some files under O(path) were not found. + type: str + returned: success + version_added: 3.4.0 missing: - description: Any files that were missing from the source. - type: list - returned: success + description: Any files that were missing from the source. + type: list + returned: success archived: - description: Any files that were compressed or added to the archive. - type: list - returned: success + description: Any files that were compressed or added to the archive. + type: list + returned: success arcroot: - description: The archive root. - type: str - returned: always + description: The archive root. + type: str + returned: always expanded_paths: - description: The list of matching paths from paths argument. - type: list - returned: always + description: The list of matching paths from paths argument. + type: list + returned: always expanded_exclude_paths: - description: The list of matching exclude paths from the exclude_path argument. - type: list - returned: always -''' + description: The list of matching exclude paths from the exclude_path argument. + type: list + returned: always +""" import abc import bz2 diff --git a/plugins/modules/atomic_container.py b/plugins/modules/atomic_container.py index d1567c8923..aba3827ea0 100644 --- a/plugins/modules/atomic_container.py +++ b/plugins/modules/atomic_container.py @@ -9,69 +9,71 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: atomic_container short_description: Manage the containers on the atomic host platform description: - - Manage the containers on the atomic host platform. - - Allows to manage the lifecycle of a container on the atomic host platform. + - Manage the containers on the atomic host platform. + - Allows to manage the lifecycle of a container on the atomic host platform. +deprecated: + removed_in: 13.0.0 + why: Project Atomic was sunset by the end of 2019. + alternative: There is none. author: "Giuseppe Scrivano (@giuseppe)" -notes: - - Host should support C(atomic) command requirements: - - atomic + - atomic +notes: + - According to U(https://projectatomic.io/) the project has been sunset around 2019/2020, in favor of C(podman) and Fedora CoreOS. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: none diff_mode: support: none options: - backend: - description: - - Define the backend to use for the container. - required: true - choices: ["docker", "ostree"] - type: str - name: - description: - - Name of the container. - required: true - type: str - image: - description: - - The image to use to install the container. - required: true - type: str - rootfs: - description: - - Define the rootfs of the image. - type: str - state: - description: - - State of the container. - choices: ["absent", "latest", "present", "rollback"] - default: "latest" - type: str - mode: - description: - - Define if it is an user or a system container. - choices: ["user", "system"] - type: str - values: - description: - - Values for the installation of the container. - - This option is permitted only with mode 'user' or 'system'. - - The values specified here will be used at installation time as --set arguments for atomic install. - type: list - elements: str - default: [] -''' - -EXAMPLES = r''' + backend: + description: + - Define the backend to use for the container. + required: true + choices: ["docker", "ostree"] + type: str + name: + description: + - Name of the container. + required: true + type: str + image: + description: + - The image to use to install the container. + required: true + type: str + rootfs: + description: + - Define the rootfs of the image. + type: str + state: + description: + - State of the container. + choices: ["absent", "latest", "present", "rollback"] + default: "latest" + type: str + mode: + description: + - Define if it is an user or a system container. + choices: ["user", "system"] + type: str + values: + description: + - Values for the installation of the container. + - This option is permitted only with mode 'user' or 'system'. + - The values specified here will be used at installation time as --set arguments for atomic install. + type: list + elements: str + default: [] +""" +EXAMPLES = r""" - name: Install the etcd system container community.general.atomic_container: name: etcd @@ -80,7 +82,7 @@ EXAMPLES = r''' state: latest mode: system values: - - ETCD_NAME=etcd.server + - ETCD_NAME=etcd.server - name: Uninstall the etcd system container community.general.atomic_container: @@ -89,15 +91,15 @@ EXAMPLES = r''' backend: ostree state: absent mode: system -''' +""" -RETURN = r''' +RETURN = r""" msg: - description: The command standard output - returned: always - type: str - sample: 'Using default tag: latest ...' -''' + description: The command standard output. + returned: always + type: str + sample: 'Using default tag: latest ...' +""" # import module snippets import traceback diff --git a/plugins/modules/atomic_host.py b/plugins/modules/atomic_host.py index ebb74caf16..fb9bfb2e6a 100644 --- a/plugins/modules/atomic_host.py +++ b/plugins/modules/atomic_host.py @@ -8,37 +8,41 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: atomic_host short_description: Manage the atomic host platform description: - - Manage the atomic host platform. - - Rebooting of Atomic host platform should be done outside this module. + - Manage the atomic host platform. + - Rebooting of Atomic host platform should be done outside this module. +deprecated: + removed_in: 13.0.0 + why: Project Atomic was sunset by the end of 2019. + alternative: There is none. author: -- Saravanan KR (@krsacme) + - Saravanan KR (@krsacme) notes: - - Host should be an atomic platform (verified by existence of '/run/ostree-booted' file). + - Host should be an atomic platform (verified by existence of '/run/ostree-booted' file). + - According to U(https://projectatomic.io/) the project has been sunset around 2019/2020, in favor of C(podman) and Fedora CoreOS. requirements: - atomic extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - revision: - description: - - The version number of the atomic host to be deployed. - - Providing V(latest) will upgrade to the latest available version. - default: 'latest' - aliases: [ version ] - type: str -''' + revision: + description: + - The version number of the atomic host to be deployed. + - Providing V(latest) will upgrade to the latest available version. + default: 'latest' + aliases: [version] + type: str +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Upgrade the atomic host platform to the latest version (atomic host upgrade) community.general.atomic_host: revision: latest @@ -46,15 +50,15 @@ EXAMPLES = r''' - name: Deploy a specific revision as the atomic host (atomic host deploy 23.130) community.general.atomic_host: revision: 23.130 -''' +""" -RETURN = r''' +RETURN = r""" msg: - description: The command standard output - returned: always - type: str - sample: 'Already on latest' -''' + description: The command standard output. + returned: always + type: str + sample: 'Already on latest' +""" import os import traceback diff --git a/plugins/modules/atomic_image.py b/plugins/modules/atomic_image.py index 4bd15e27ab..28011676af 100644 --- a/plugins/modules/atomic_image.py +++ b/plugins/modules/atomic_image.py @@ -8,52 +8,56 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: atomic_image short_description: Manage the container images on the atomic host platform description: - - Manage the container images on the atomic host platform. - - Allows to execute the commands specified by the RUN label in the container image when present. + - Manage the container images on the atomic host platform. + - Allows to execute the commands specified by the RUN label in the container image when present. +deprecated: + removed_in: 13.0.0 + why: Project Atomic was sunset by the end of 2019. + alternative: There is none. author: -- Saravanan KR (@krsacme) + - Saravanan KR (@krsacme) notes: - - Host should support C(atomic) command. + - According to U(https://projectatomic.io/) the project has been sunset around 2019/2020, in favor of C(podman) and Fedora CoreOS. requirements: - atomic extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - backend: - description: - - Define the backend where the image is pulled. - choices: [ 'docker', 'ostree' ] - type: str - name: - description: - - Name of the container image. - required: true - type: str - state: - description: - - The state of the container image. - - The state V(latest) will ensure container image is upgraded to the latest version and forcefully restart container, if running. - choices: [ 'absent', 'latest', 'present' ] - default: 'latest' - type: str - started: - description: - - Start or Stop the container. - type: bool - default: true -''' + backend: + description: + - Define the backend where the image is pulled. + choices: ['docker', 'ostree'] + type: str + name: + description: + - Name of the container image. + required: true + type: str + state: + description: + - The state of the container image. + - The state V(latest) will ensure container image is upgraded to the latest version and forcefully restart container, + if running. + choices: ['absent', 'latest', 'present'] + default: 'latest' + type: str + started: + description: + - Start or stop the container. + type: bool + default: true +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Execute the run command on rsyslog container image (atomic run rhel7/rsyslog) community.general.atomic_image: name: rhel7/rsyslog @@ -64,15 +68,15 @@ EXAMPLES = r''' name: busybox state: latest backend: ostree -''' +""" -RETURN = r''' +RETURN = r""" msg: - description: The command standard output - returned: always - type: str - sample: 'Using default tag: latest ...' -''' + description: The command standard output. + returned: always + type: str + sample: 'Using default tag: latest ...' +""" import traceback from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/awall.py b/plugins/modules/awall.py index f3c2384b5b..b95f36ea8d 100644 --- a/plugins/modules/awall.py +++ b/plugins/modules/awall.py @@ -9,15 +9,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: awall short_description: Manage awall policies author: Ted Trask (@tdtrask) description: - This modules allows for enable/disable/activate of C(awall) policies. - - Alpine Wall (C(awall)) generates a firewall configuration from the enabled policy files - and activates the configuration on the system. + - Alpine Wall (C(awall)) generates a firewall configuration from the enabled policy files and activates the configuration + on the system. extends_documentation_fragment: - community.general.attributes attributes: @@ -35,7 +34,7 @@ options: description: - Whether the policies should be enabled or disabled. type: str - choices: [ disabled, enabled ] + choices: [disabled, enabled] default: enabled activate: description: @@ -45,29 +44,29 @@ options: type: bool default: false notes: - - At least one of O(name) and O(activate) is required. -''' + - At least one of O(name) and O(activate) is required. +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Enable "foo" and "bar" policy community.general.awall: - name: [ foo bar ] + name: [foo bar] state: enabled - name: Disable "foo" and "bar" policy and activate new rules community.general.awall: name: - - foo - - bar + - foo + - bar state: disabled activate: false - name: Activate currently enabled firewall rules community.general.awall: activate: true -''' +""" -RETURN = ''' # ''' +RETURN = """ # """ import re from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/beadm.py b/plugins/modules/beadm.py index 8857fd8464..3d9d8ca651 100644 --- a/plugins/modules/beadm.py +++ b/plugins/modules/beadm.py @@ -9,62 +9,59 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: beadm short_description: Manage ZFS boot environments on FreeBSD/Solaris/illumos systems description: - - Create, delete or activate ZFS boot environments. - - Mount and unmount ZFS boot environments. + - Create, delete or activate ZFS boot environments. + - Mount and unmount ZFS boot environments. author: Adam Števko (@xen0l) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: - - ZFS boot environment name. - type: str - required: true - aliases: [ "be" ] - snapshot: - description: - - If specified, the new boot environment will be cloned from the given - snapshot or inactive boot environment. - type: str + name: description: - description: - - Associate a description with a new boot environment. This option is - available only on Solarish platforms. - type: str - options: - description: - - Create the datasets for new BE with specific ZFS properties. - - Multiple options can be specified. - - This option is available only on Solarish platforms. - type: str - mountpoint: - description: - - Path where to mount the ZFS boot environment. - type: path - state: - description: - - Create or delete ZFS boot environment. - type: str - choices: [ absent, activated, mounted, present, unmounted ] - default: present - force: - description: - - Specifies if the unmount should be forced. - type: bool - default: false -''' + - ZFS boot environment name. + type: str + required: true + aliases: ["be"] + snapshot: + description: + - If specified, the new boot environment will be cloned from the given snapshot or inactive boot environment. + type: str + description: + description: + - Associate a description with a new boot environment. This option is available only on Solarish platforms. + type: str + options: + description: + - Create the datasets for new BE with specific ZFS properties. + - Multiple options can be specified. + - This option is available only on Solarish platforms. + type: str + mountpoint: + description: + - Path where to mount the ZFS boot environment. + type: path + state: + description: + - Create or delete ZFS boot environment. + type: str + choices: [absent, activated, mounted, present, unmounted] + default: present + force: + description: + - Specifies if the unmount should be forced. + type: bool + default: false +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create ZFS boot environment community.general.beadm: name: upgrade-be @@ -103,45 +100,45 @@ EXAMPLES = r''' community.general.beadm: name: upgrade-be state: activated -''' +""" -RETURN = r''' +RETURN = r""" name: - description: BE name - returned: always - type: str - sample: pre-upgrade + description: BE name. + returned: always + type: str + sample: pre-upgrade snapshot: - description: ZFS snapshot to create BE from - returned: always - type: str - sample: rpool/ROOT/oi-hipster@fresh + description: ZFS snapshot to create BE from. + returned: always + type: str + sample: rpool/ROOT/oi-hipster@fresh description: - description: BE description - returned: always - type: str - sample: Upgrade from 9.0 to 10.0 + description: BE description. + returned: always + type: str + sample: Upgrade from 9.0 to 10.0 options: - description: BE additional options - returned: always - type: str - sample: compression=on + description: BE additional options. + returned: always + type: str + sample: compression=on mountpoint: - description: BE mountpoint - returned: always - type: str - sample: /mnt/be + description: BE mountpoint. + returned: always + type: str + sample: /mnt/be state: - description: state of the target - returned: always - type: str - sample: present + description: State of the target. + returned: always + type: str + sample: present force: - description: If forced action is wanted - returned: always - type: bool - sample: false -''' + description: If forced action is wanted. + returned: always + type: bool + sample: false +""" import os from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/bearychat.py b/plugins/modules/bearychat.py index f52737facd..1dec1bce68 100644 --- a/plugins/modules/bearychat.py +++ b/plugins/modules/bearychat.py @@ -7,12 +7,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: bearychat short_description: Send BearyChat notifications description: - - The M(community.general.bearychat) module sends notifications to U(https://bearychat.com) - via the Incoming Robot integration. + - The M(community.general.bearychat) module sends notifications to U(https://bearychat.com) using the Incoming Robot integration. author: "Jiangge Zhang (@tonyseek)" extends_documentation_fragment: - community.general.attributes @@ -25,8 +24,7 @@ options: url: type: str description: - - BearyChat WebHook URL. This authenticates you to the bearychat - service. It looks like + - BearyChat WebHook URL. This authenticates you to the bearychat service. It looks like V(https://hook.bearychat.com/=ae2CF/incoming/e61bd5c57b164e04b11ac02e66f47f60). required: true text: @@ -41,17 +39,16 @@ options: channel: type: str description: - - Channel to send the message to. If absent, the message goes to the - default channel selected by the O(url). + - Channel to send the message to. If absent, the message goes to the default channel selected by the O(url). attachments: type: list elements: dict description: - Define a list of attachments. For more information, see - https://github.com/bearyinnovative/bearychat-tutorial/blob/master/robots/incoming.md#attachments -''' + U(https://github.com/bearyinnovative/bearychat-tutorial/blob/master/robots/incoming.md#attachments). +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Send notification message via BearyChat local_action: module: bearychat @@ -75,12 +72,12 @@ EXAMPLES = """ - http://example.com/index.png """ -RETURN = """ +RETURN = r""" msg: - description: execution result - returned: success - type: str - sample: "OK" + description: Execution result. + returned: success + type: str + sample: "OK" """ try: diff --git a/plugins/modules/bigpanda.py b/plugins/modules/bigpanda.py index 7bde5fc1d8..aef9c15c92 100644 --- a/plugins/modules/bigpanda.py +++ b/plugins/modules/bigpanda.py @@ -8,13 +8,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: bigpanda author: "Hagai Kariti (@hkariti)" short_description: Notify BigPanda about deployments description: - - Notify BigPanda when deployments start and end (successfully or not). Returns a deployment object containing all the parameters for future module calls. + - Notify BigPanda when deployments start and end (successfully or not). Returns a deployment object containing all the parameters + for future module calls. extends_documentation_fragment: - community.general.attributes attributes: @@ -26,7 +26,7 @@ options: component: type: str description: - - "The name of the component being deployed. Ex: billing" + - 'The name of the component being deployed. Ex: V(billing).' required: true aliases: ['name'] version: @@ -55,7 +55,7 @@ options: env: type: str description: - - The environment name, typically 'production', 'staging', etc. + - The environment name, typically V(production), V(staging), and so on. required: false owner: type: str @@ -75,27 +75,27 @@ options: default: "https://api.bigpanda.io" validate_certs: description: - - If V(false), SSL certificates for the target url will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates for the target URL will not be validated. This should only be used on personally controlled + sites using self-signed certificates. required: false default: true type: bool deployment_message: type: str description: - - Message about the deployment. + - Message about the deployment. version_added: '0.2.0' source_system: type: str description: - - Source system used in the requests to the API + - Source system used in the requests to the API. default: ansible # informational: requirements for nodes -requirements: [ ] -''' +requirements: [] +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Notify BigPanda about a deployment community.general.bigpanda: component: myapp @@ -128,7 +128,7 @@ EXAMPLES = ''' token: '{{ deployment.token }}' state: finished delegate_to: localhost -''' +""" # =========================================== # Module execution. diff --git a/plugins/modules/bitbucket_access_key.py b/plugins/modules/bitbucket_access_key.py index 29c19b8b3d..f78f55d3bb 100644 --- a/plugins/modules/bitbucket_access_key.py +++ b/plugins/modules/bitbucket_access_key.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: bitbucket_access_key short_description: Manages Bitbucket repository access keys description: @@ -33,7 +32,7 @@ options: workspace: description: - The repository owner. - - "B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user)." + - B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user). type: str required: true key: @@ -50,13 +49,13 @@ options: - Indicates desired state of the access key. type: str required: true - choices: [ absent, present ] + choices: [absent, present] notes: - Bitbucket OAuth consumer or App password should have permissions to read and administrate account repositories. - Check mode is supported. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create access key community.general.bitbucket_access_key: repository: 'bitbucket-repo' @@ -71,9 +70,9 @@ EXAMPLES = r''' workspace: bitbucket_workspace label: Bitbucket state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper diff --git a/plugins/modules/bitbucket_pipeline_key_pair.py b/plugins/modules/bitbucket_pipeline_key_pair.py index 3bc41c2987..e16af96867 100644 --- a/plugins/modules/bitbucket_pipeline_key_pair.py +++ b/plugins/modules/bitbucket_pipeline_key_pair.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: bitbucket_pipeline_key_pair short_description: Manages Bitbucket pipeline SSH key pair description: @@ -33,7 +32,7 @@ options: workspace: description: - The repository owner. - - "B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user)." + - B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user). type: str required: true public_key: @@ -49,12 +48,12 @@ options: - Indicates desired state of the key pair. type: str required: true - choices: [ absent, present ] + choices: [absent, present] notes: - Check mode is supported. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create or update SSH key pair community.general.bitbucket_pipeline_key_pair: repository: 'bitbucket-repo' @@ -68,9 +67,9 @@ EXAMPLES = r''' repository: bitbucket-repo workspace: bitbucket_workspace state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper diff --git a/plugins/modules/bitbucket_pipeline_known_host.py b/plugins/modules/bitbucket_pipeline_known_host.py index 3e6c4bfbf1..f5594dc8ac 100644 --- a/plugins/modules/bitbucket_pipeline_known_host.py +++ b/plugins/modules/bitbucket_pipeline_known_host.py @@ -8,13 +8,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: bitbucket_pipeline_known_host short_description: Manages Bitbucket pipeline known hosts description: - Manages Bitbucket pipeline known hosts under the "SSH Keys" menu. - - The host fingerprint will be retrieved automatically, but in case of an error, one can use O(key) field to specify it manually. + - The host fingerprint will be retrieved automatically, but in case of an error, one can use O(key) field to specify it + manually. author: - Evgeniy Krysanov (@catcombo) extends_documentation_fragment: @@ -36,7 +36,7 @@ options: workspace: description: - The repository owner. - - "B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user)." + - B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user). type: str required: true name: @@ -53,12 +53,12 @@ options: - Indicates desired state of the record. type: str required: true - choices: [ absent, present ] + choices: [absent, present] notes: - Check mode is supported. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create known hosts from the list community.general.bitbucket_pipeline_known_host: repository: 'bitbucket-repo' @@ -83,9 +83,9 @@ EXAMPLES = r''' name: bitbucket.org key: '{{lookup("file", "bitbucket.pub") }}' state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ import socket diff --git a/plugins/modules/bitbucket_pipeline_variable.py b/plugins/modules/bitbucket_pipeline_variable.py index 1ff8e43753..08a1d3f1e8 100644 --- a/plugins/modules/bitbucket_pipeline_variable.py +++ b/plugins/modules/bitbucket_pipeline_variable.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: bitbucket_pipeline_variable short_description: Manages Bitbucket pipeline variables description: @@ -33,7 +32,7 @@ options: workspace: description: - The repository owner. - - "B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user)." + - B(Note:) O(ignore:username) used to be an alias of this option. Since community.general 6.0.0 it is an alias of O(user). type: str required: true name: @@ -55,13 +54,13 @@ options: - Indicates desired state of the variable. type: str required: true - choices: [ absent, present ] + choices: [absent, present] notes: - Check mode is supported. - For secured values return parameter C(changed) is always V(true). -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create or update pipeline variables from the list community.general.bitbucket_pipeline_variable: repository: 'bitbucket-repo' @@ -71,8 +70,8 @@ EXAMPLES = r''' secured: '{{ item.secured }}' state: present with_items: - - { name: AWS_ACCESS_KEY, value: ABCD1234, secured: false } - - { name: AWS_SECRET, value: qwe789poi123vbn0, secured: true } + - {name: AWS_ACCESS_KEY, value: ABCD1234, secured: false} + - {name: AWS_SECRET, value: qwe789poi123vbn0, secured: true} - name: Remove pipeline variable community.general.bitbucket_pipeline_variable: @@ -80,9 +79,9 @@ EXAMPLES = r''' workspace: bitbucket_workspace name: AWS_ACCESS_KEY state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.basic import AnsibleModule, _load_params from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper diff --git a/plugins/modules/bootc_manage.py b/plugins/modules/bootc_manage.py new file mode 100644 index 0000000000..44444960df --- /dev/null +++ b/plugins/modules/bootc_manage.py @@ -0,0 +1,93 @@ +#!/usr/bin/python + +# Copyright (c) 2024, Ryan Cook +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt +# or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = r""" +module: bootc_manage +version_added: 9.3.0 +author: + - Ryan Cook (@cooktheryan) +short_description: Bootc Switch and Upgrade +description: + - This module manages the switching and upgrading of C(bootc). +options: + state: + description: + - Control whether to apply the latest image or switch the image. + - B(Note:) This will not reboot the system. + - Please use M(ansible.builtin.reboot) to reboot the system. + required: true + type: str + choices: ['switch', 'latest'] + image: + description: + - The image to switch to. + - This is required when O(state=switch). + required: false + type: str +""" + +EXAMPLES = r""" +# Switch to a different image +- name: Provide image to switch to a different image and retain the current running image + community.general.bootc_manage: + state: switch + image: "example.com/image:latest" + +# Apply updates of the current running image +- name: Apply updates of the current running image + community.general.bootc_manage: + state: latest +""" + +RETURN = r""" +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.common.locale import get_best_parsable_locale + + +def main(): + argument_spec = dict( + state=dict(type='str', required=True, choices=['switch', 'latest']), + image=dict(type='str', required=False), + ) + module = AnsibleModule( + argument_spec=argument_spec, + required_if=[ + ('state', 'switch', ['image']), + ], + ) + + state = module.params['state'] + image = module.params['image'] + + if state == 'switch': + command = ['bootc', 'switch', image, '--retain'] + elif state == 'latest': + command = ['bootc', 'upgrade'] + + locale = get_best_parsable_locale(module) + module.run_command_environ_update = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale, LC_CTYPE=locale, LANGUAGE=locale) + rc, stdout, err = module.run_command(command, check_rc=True) + + if 'Queued for next boot: ' in stdout: + result = {'changed': True, 'stdout': stdout} + module.exit_json(**result) + elif 'No changes in ' in stdout or 'Image specification is unchanged.' in stdout: + result = {'changed': False, 'stdout': stdout} + module.exit_json(**result) + else: + result = {'changed': False, 'stderr': err} + module.fail_json(msg='ERROR: Command execution failed.', **result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/bower.py b/plugins/modules/bower.py index 1824e68bb8..3e7ebdaecc 100644 --- a/plugins/modules/bower.py +++ b/plugins/modules/bower.py @@ -9,12 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: bower -short_description: Manage bower packages with bower +short_description: Manage bower packages with C(bower) description: - - Manage bower packages with bower + - Manage bower packages with C(bower). author: "Michael Warkentin (@mwarkentin)" extends_documentation_fragment: - community.general.attributes @@ -27,39 +26,39 @@ options: name: type: str description: - - The name of a bower package to install + - The name of a bower package to install. offline: description: - - Install packages from local cache, if the packages were installed before + - Install packages from local cache, if the packages were installed before. type: bool default: false production: description: - - Install with --production flag + - Install with C(--production) flag. type: bool default: false path: type: path description: - - The base path where to install the bower packages + - The base path where to install the bower packages. required: true relative_execpath: type: path description: - - Relative path to bower executable from install path + - Relative path to bower executable from install path. state: type: str description: - - The state of the bower package + - The state of the bower package. default: present - choices: [ "present", "absent", "latest" ] + choices: ["present", "absent", "latest"] version: type: str description: - - The version to be installed -''' + - The version to be installed. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install "bootstrap" bower package. community.general.bower: name: bootstrap @@ -91,7 +90,8 @@ EXAMPLES = ''' - community.general.bower: path: /app/location relative_execpath: node_modules/.bin -''' +""" + import json import os diff --git a/plugins/modules/btrfs_info.py b/plugins/modules/btrfs_info.py index c367b9ed10..0e432dfaff 100644 --- a/plugins/modules/btrfs_info.py +++ b/plugins/modules/btrfs_info.py @@ -7,78 +7,73 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: btrfs_info short_description: Query btrfs filesystem info version_added: "6.6.0" -description: Query status of available btrfs filesystems, including uuid, label, subvolumes and mountpoints. +description: Query status of available btrfs filesystems, including UUID, label, subvolumes and mountpoints. author: - - Gregory Furlong (@gnfzdz) + - Gregory Furlong (@gnfzdz) extends_documentation_fragment: - - community.general.attributes - - community.general.attributes.info_module -''' - -EXAMPLES = r''' + - community.general.attributes + - community.general.attributes.info_module +""" +EXAMPLES = r""" - name: Query information about mounted btrfs filesystems community.general.btrfs_info: register: my_btrfs_info +""" -''' - -RETURN = r''' - +RETURN = r""" filesystems: - description: Summaries of the current state for all btrfs filesystems found on the target host. - type: list - elements: dict - returned: success - contains: - uuid: - description: A unique identifier assigned to the filesystem. - type: str - sample: 96c9c605-1454-49b8-a63a-15e2584c208e - label: - description: An optional label assigned to the filesystem. - type: str - sample: Tank - devices: - description: A list of devices assigned to the filesystem. - type: list - sample: - - /dev/sda1 - - /dev/sdb1 - default_subvolume: - description: The id of the filesystem's default subvolume. - type: int - sample: 5 - subvolumes: - description: A list of dicts containing metadata for all of the filesystem's subvolumes. - type: list - elements: dict - contains: - id: - description: An identifier assigned to the subvolume, unique within the containing filesystem. - type: int - sample: 256 - mountpoints: - description: Paths where the subvolume is mounted on the targeted host. - type: list - sample: ['/home'] - parent: - description: The identifier of this subvolume's parent. - type: int - sample: 5 - path: - description: The full path of the subvolume relative to the btrfs fileystem's root. - type: str - sample: /@home - -''' + description: Summaries of the current state for all btrfs filesystems found on the target host. + type: list + elements: dict + returned: success + contains: + uuid: + description: A unique identifier assigned to the filesystem. + type: str + sample: 96c9c605-1454-49b8-a63a-15e2584c208e + label: + description: An optional label assigned to the filesystem. + type: str + sample: Tank + devices: + description: A list of devices assigned to the filesystem. + type: list + sample: + - /dev/sda1 + - /dev/sdb1 + default_subvolume: + description: The ID of the filesystem's default subvolume. + type: int + sample: 5 + subvolumes: + description: A list of dicts containing metadata for all of the filesystem's subvolumes. + type: list + elements: dict + contains: + id: + description: An identifier assigned to the subvolume, unique within the containing filesystem. + type: int + sample: 256 + mountpoints: + description: Paths where the subvolume is mounted on the targeted host. + type: list + sample: ['/home'] + parent: + description: The identifier of this subvolume's parent. + type: int + sample: 5 + path: + description: The full path of the subvolume relative to the btrfs fileystem's root. + type: str + sample: /@home +""" from ansible_collections.community.general.plugins.module_utils.btrfs import BtrfsFilesystemsProvider diff --git a/plugins/modules/btrfs_subvolume.py b/plugins/modules/btrfs_subvolume.py index 864bb65a66..b1593a8ecd 100644 --- a/plugins/modules/btrfs_subvolume.py +++ b/plugins/modules/btrfs_subvolume.py @@ -7,8 +7,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: btrfs_subvolume short_description: Manage btrfs subvolumes version_added: "6.6.0" @@ -16,71 +15,73 @@ version_added: "6.6.0" description: Creates, updates and deletes btrfs subvolumes and snapshots. options: - automount: - description: - - Allow the module to temporarily mount the targeted btrfs filesystem in order to validate the current state and make any required changes. - type: bool - default: false - default: - description: - - Make the subvolume specified by O(name) the filesystem's default subvolume. - type: bool - default: false - filesystem_device: - description: - - A block device contained within the btrfs filesystem to be targeted. - - Useful when multiple btrfs filesystems are present to specify which filesystem should be targeted. - type: path - filesystem_label: - description: - - A descriptive label assigned to the btrfs filesystem to be targeted. - - Useful when multiple btrfs filesystems are present to specify which filesystem should be targeted. - type: str - filesystem_uuid: - description: - - A unique identifier assigned to the btrfs filesystem to be targeted. - - Useful when multiple btrfs filesystems are present to specify which filesystem should be targeted. - type: str - name: - description: - - Name of the subvolume/snapshot to be targeted. - required: true - type: str - recursive: - description: - - When true, indicates that parent/child subvolumes should be created/removedas necessary - to complete the operation (for O(state=present) and O(state=absent) respectively). - type: bool - default: false - snapshot_source: - description: - - Identifies the source subvolume for the created snapshot. - - Infers that the created subvolume is a snapshot. - type: str - snapshot_conflict: - description: - - Policy defining behavior when a subvolume already exists at the path of the requested snapshot. - - V(skip) - Create a snapshot only if a subvolume does not yet exist at the target location, otherwise indicate that no change is required. - Warning, this option does not yet verify that the target subvolume was generated from a snapshot of the requested source. - - V(clobber) - If a subvolume already exists at the requested location, delete it first. - This option is not idempotent and will result in a new snapshot being generated on every execution. - - V(error) - If a subvolume already exists at the requested location, return an error. - This option is not idempotent and will result in an error on replay of the module. - type: str - choices: [ skip, clobber, error ] - default: skip - state: - description: - - Indicates the current state of the targeted subvolume. - type: str - choices: [ absent, present ] - default: present + automount: + description: + - Allow the module to temporarily mount the targeted btrfs filesystem in order to validate the current state and make + any required changes. + type: bool + default: false + default: + description: + - Make the subvolume specified by O(name) the filesystem's default subvolume. + type: bool + default: false + filesystem_device: + description: + - A block device contained within the btrfs filesystem to be targeted. + - Useful when multiple btrfs filesystems are present to specify which filesystem should be targeted. + type: path + filesystem_label: + description: + - A descriptive label assigned to the btrfs filesystem to be targeted. + - Useful when multiple btrfs filesystems are present to specify which filesystem should be targeted. + type: str + filesystem_uuid: + description: + - A unique identifier assigned to the btrfs filesystem to be targeted. + - Useful when multiple btrfs filesystems are present to specify which filesystem should be targeted. + type: str + name: + description: + - Name of the subvolume/snapshot to be targeted. + required: true + type: str + recursive: + description: + - When true, indicates that parent/child subvolumes should be created/removedas necessary to complete the operation + (for O(state=present) and O(state=absent) respectively). + type: bool + default: false + snapshot_source: + description: + - Identifies the source subvolume for the created snapshot. + - Infers that the created subvolume is a snapshot. + type: str + snapshot_conflict: + description: + - Policy defining behavior when a subvolume already exists at the path of the requested snapshot. + - V(skip) - Create a snapshot only if a subvolume does not yet exist at the target location, otherwise indicate that + no change is required. Warning, this option does not yet verify that the target subvolume was generated from a snapshot + of the requested source. + - V(clobber) - If a subvolume already exists at the requested location, delete it first. This option is not idempotent + and will result in a new snapshot being generated on every execution. + - V(error) - If a subvolume already exists at the requested location, return an error. This option is not idempotent + and will result in an error on replay of the module. + type: str + choices: [skip, clobber, error] + default: skip + state: + description: + - Indicates the current state of the targeted subvolume. + type: str + choices: [absent, present] + default: present notes: - - If any or all of the options O(filesystem_device), O(filesystem_label) or O(filesystem_uuid) parameters are provided, there is expected - to be a matching btrfs filesystem. If none are provided and only a single btrfs filesystem exists or only a single - btrfs filesystem is mounted, that filesystem will be used; otherwise, the module will take no action and return an error. - + - If any or all of the options O(filesystem_device), O(filesystem_label) or O(filesystem_uuid) parameters are provided, + there is expected to be a matching btrfs filesystem. If none are provided and only a single btrfs filesystem exists or + only a single btrfs filesystem is mounted, that filesystem will be used; otherwise, the module will take no action and + return an error. extends_documentation_fragment: - community.general.attributes @@ -88,124 +89,121 @@ attributes: check_mode: support: partial details: - - In some scenarios it may erroneously report intermediate subvolumes being created. - After mounting, if a directory like file is found where the subvolume would have been created, the operation is skipped. + - In some scenarios it may erroneously report intermediate subvolumes being created. After mounting, if a directory + like file is found where the subvolume would have been created, the operation is skipped. diff_mode: support: none author: - - Gregory Furlong (@gnfzdz) -''' - -EXAMPLES = r''' + - Gregory Furlong (@gnfzdz) +""" +EXAMPLES = r""" - name: Create a @home subvolume under the root subvolume community.general.btrfs_subvolume: name: /@home - device: /dev/vda2 + filesystem_device: /dev/vda2 - name: Remove the @home subvolume if it exists community.general.btrfs_subvolume: name: /@home state: absent - device: /dev/vda2 + filesystem_device: /dev/vda2 - name: Create a snapshot of the root subvolume named @ community.general.btrfs_subvolume: name: /@ snapshot_source: / - device: /dev/vda2 + filesystem_device: /dev/vda2 - name: Create a snapshot of the root subvolume and make it the new default subvolume community.general.btrfs_subvolume: name: /@ snapshot_source: / default: Yes - device: /dev/vda2 + filesystem_device: /dev/vda2 - name: Create a snapshot of the /@ subvolume and recursively creating intermediate subvolumes as required community.general.btrfs_subvolume: name: /@snapshots/@2022_06_09 snapshot_source: /@ - recursive: True - device: /dev/vda2 + recursive: true + filesystem_device: /dev/vda2 - name: Remove the /@ subvolume and recursively delete child subvolumes as required community.general.btrfs_subvolume: name: /@snapshots/@2022_06_09 snapshot_source: /@ - recursive: True - device: /dev/vda2 - -''' - -RETURN = r''' + recursive: true + filesystem_device: /dev/vda2 +""" +RETURN = r""" filesystem: - description: + description: - A summary of the final state of the targeted btrfs filesystem. - type: dict - returned: success - contains: - uuid: - description: A unique identifier assigned to the filesystem. - returned: success - type: str - sample: 96c9c605-1454-49b8-a63a-15e2584c208e - label: - description: An optional label assigned to the filesystem. - returned: success - type: str - sample: Tank - devices: - description: A list of devices assigned to the filesystem. - returned: success - type: list - sample: - - /dev/sda1 - - /dev/sdb1 - default_subvolume: - description: The ID of the filesystem's default subvolume. - returned: success and if filesystem is mounted - type: int - sample: 5 - subvolumes: - description: A list of dicts containing metadata for all of the filesystem's subvolumes. - returned: success and if filesystem is mounted - type: list - elements: dict - contains: - id: - description: An identifier assigned to the subvolume, unique within the containing filesystem. - type: int - sample: 256 - mountpoints: - description: Paths where the subvolume is mounted on the targeted host. - type: list - sample: ['/home'] - parent: - description: The identifier of this subvolume's parent. - type: int - sample: 5 - path: - description: The full path of the subvolume relative to the btrfs fileystem's root. - type: str - sample: /@home + type: dict + returned: success + contains: + uuid: + description: A unique identifier assigned to the filesystem. + returned: success + type: str + sample: 96c9c605-1454-49b8-a63a-15e2584c208e + label: + description: An optional label assigned to the filesystem. + returned: success + type: str + sample: Tank + devices: + description: A list of devices assigned to the filesystem. + returned: success + type: list + sample: + - /dev/sda1 + - /dev/sdb1 + default_subvolume: + description: The ID of the filesystem's default subvolume. + returned: success and if filesystem is mounted + type: int + sample: 5 + subvolumes: + description: A list of dicts containing metadata for all of the filesystem's subvolumes. + returned: success and if filesystem is mounted + type: list + elements: dict + contains: + id: + description: An identifier assigned to the subvolume, unique within the containing filesystem. + type: int + sample: 256 + mountpoints: + description: Paths where the subvolume is mounted on the targeted host. + type: list + sample: ['/home'] + parent: + description: The identifier of this subvolume's parent. + type: int + sample: 5 + path: + description: The full path of the subvolume relative to the btrfs fileystem's root. + type: str + sample: /@home modifications: - description: + description: - A list where each element describes a change made to the target btrfs filesystem. - type: list - returned: Success - elements: str + type: list + returned: Success + elements: str target_subvolume_id: - description: + description: - The ID of the subvolume specified with the O(name) parameter, either pre-existing or created as part of module execution. - type: int - sample: 257 - returned: Success and subvolume exists after module execution -''' + type: int + sample: 257 + returned: Success and subvolume exists after module execution +""" from ansible_collections.community.general.plugins.module_utils.btrfs import BtrfsFilesystemsProvider, BtrfsCommands, BtrfsModuleException from ansible_collections.community.general.plugins.module_utils.btrfs import normalize_subvolume_path @@ -572,10 +570,7 @@ class BtrfsSubvolumeModule(object): self.__temporary_mounts[cache_key] = mountpoint mount = self.module.get_bin_path("mount", required=True) - command = "%s -o noatime,subvolid=%d %s %s " % (mount, - subvolid, - device, - mountpoint) + command = [mount, "-o", "noatime,subvolid=%d" % subvolid, device, mountpoint] result = self.module.run_command(command, check_rc=True) return mountpoint @@ -586,10 +581,10 @@ class BtrfsSubvolumeModule(object): def __cleanup_mount(self, mountpoint): umount = self.module.get_bin_path("umount", required=True) - result = self.module.run_command("%s %s" % (umount, mountpoint)) + result = self.module.run_command([umount, mountpoint]) if result[0] == 0: rmdir = self.module.get_bin_path("rmdir", required=True) - self.module.run_command("%s %s" % (rmdir, mountpoint)) + self.module.run_command([rmdir, mountpoint]) # Format and return results def get_results(self): diff --git a/plugins/modules/bundler.py b/plugins/modules/bundler.py index 59f10800c1..bfd7fe7ec1 100644 --- a/plugins/modules/bundler.py +++ b/plugins/modules/bundler.py @@ -9,12 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: bundler short_description: Manage Ruby Gem dependencies with Bundler description: - - Manage installation and Gem version dependencies for Ruby using the Bundler gem + - Manage installation and Gem version dependencies for Ruby using the Bundler gem. extends_documentation_fragment: - community.general.attributes attributes: @@ -26,80 +25,72 @@ options: executable: type: str description: - - The path to the bundler executable + - The path to the bundler executable. state: type: str description: - - The desired state of the Gem bundle. V(latest) updates gems to the most recent, acceptable version + - The desired state of the Gem bundle. V(latest) updates gems to the most recent, acceptable version. choices: [present, latest] default: present chdir: type: path description: - - The directory to execute the bundler commands from. This directory - needs to contain a valid Gemfile or .bundle/ directory - - If not specified, it will default to the temporary working directory + - The directory to execute the bundler commands from. This directory needs to contain a valid Gemfile or .bundle/ directory. + - If not specified, it will default to the temporary working directory. exclude_groups: type: list elements: str description: - - A list of Gemfile groups to exclude during operations. This only - applies when O(state=present). Bundler considers this - a 'remembered' property for the Gemfile and will automatically exclude - groups in future operations even if O(exclude_groups) is not set + - A list of Gemfile groups to exclude during operations. This only applies when O(state=present). Bundler considers + this a 'remembered' property for the Gemfile and will automatically exclude groups in future operations even if O(exclude_groups) + is not set. clean: description: - - Only applies if O(state=present). If set removes any gems on the - target host that are not in the gemfile + - Only applies if O(state=present). If set removes any gems on the target host that are not in the gemfile. type: bool default: false gemfile: type: path description: - Only applies if O(state=present). The path to the gemfile to use to install gems. - - If not specified it will default to the Gemfile in current directory + - If not specified it will default to the Gemfile in current directory. local: description: - - If set only installs gems from the cache on the target host + - If set only installs gems from the cache on the target host. type: bool default: false deployment_mode: description: - - Only applies if O(state=present). If set it will install gems in - ./vendor/bundle instead of the default location. Requires a Gemfile.lock - file to have been created prior + - Only applies if O(state=present). If set it will install gems in C(./vendor/bundle) instead of the default location. + Requires a C(Gemfile.lock) file to have been created prior. type: bool default: false user_install: description: - - Only applies if O(state=present). Installs gems in the local user's cache or for all users + - Only applies if O(state=present). Installs gems in the local user's cache or for all users. type: bool default: true gem_path: type: path description: - - Only applies if O(state=present). Specifies the directory to - install the gems into. If O(chdir) is set then this path is relative to - O(chdir) + - Only applies if O(state=present). Specifies the directory to install the gems into. If O(chdir) is set then this path + is relative to O(chdir). - If not specified the default RubyGems gem paths will be used. binstub_directory: type: path description: - - Only applies if O(state=present). Specifies the directory to - install any gem bins files to. When executed the bin files will run - within the context of the Gemfile and fail if any required gem - dependencies are not installed. If O(chdir) is set then this path is - relative to O(chdir) + - Only applies if O(state=present). Specifies the directory to install any gem bins files to. When executed the bin + files will run within the context of the Gemfile and fail if any required gem dependencies are not installed. If O(chdir) + is set then this path is relative to O(chdir). extra_args: type: str description: - - A space separated string of additional commands that can be applied to - the Bundler command. Refer to the Bundler documentation for more - information + - A space separated string of additional commands that can be applied to the Bundler command. Refer to the Bundler documentation + for more information. author: "Tim Hoiberg (@thoiberg)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install gems from a Gemfile in the current directory community.general.bundler: state: present @@ -124,7 +115,7 @@ EXAMPLES = ''' community.general.bundler: state: latest chdir: ~/rails_project -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/bzr.py b/plugins/modules/bzr.py index 5a60d765c7..7a4512a5dd 100644 --- a/plugins/modules/bzr.py +++ b/plugins/modules/bzr.py @@ -9,59 +9,55 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: bzr author: -- André Paramés (@andreparames) + - André Paramés (@andreparames) short_description: Deploy software (or files) from bzr branches description: - - Manage C(bzr) branches to deploy files or software. + - Manage C(bzr) branches to deploy files or software. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: none diff_mode: support: none options: - name: - description: - - SSH or HTTP protocol address of the parent branch. - aliases: [ parent ] - required: true - type: str - dest: - description: - - Absolute path of where the branch should be cloned to. - required: true - type: path - version: - description: - - What version of the branch to clone. This can be the - bzr revno or revid. - default: head - type: str - force: - description: - - If V(true), any modified files in the working - tree will be discarded. - type: bool - default: false - executable: - description: - - Path to bzr executable to use. If not supplied, - the normal mechanism for resolving binary paths will be used. - type: str -''' + name: + description: + - SSH or HTTP protocol address of the parent branch. + aliases: [parent] + required: true + type: str + dest: + description: + - Absolute path of where the branch should be cloned to. + required: true + type: path + version: + description: + - What version of the branch to clone. This can be the bzr revno or revid. + default: head + type: str + force: + description: + - If V(true), any modified files in the working tree will be discarded. + type: bool + default: false + executable: + description: + - Path to bzr executable to use. If not supplied, the normal mechanism for resolving binary paths will be used. + type: str +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Checkout community.general.bzr: name: bzr+ssh://foosball.example.org/path/to/branch dest: /srv/checkout version: 22 -''' +""" import os import re diff --git a/plugins/modules/campfire.py b/plugins/modules/campfire.py index 1e0f1ecea4..91e83fc7d1 100644 --- a/plugins/modules/campfire.py +++ b/plugins/modules/campfire.py @@ -9,15 +9,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: campfire short_description: Send a message to Campfire description: - - Send a message to Campfire. - - Messages with newlines will result in a "Paste" message being sent. + - Send a message to Campfire. + - Messages with newlines will result in a "Paste" message being sent. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: none @@ -49,22 +48,17 @@ options: description: - Send a notification sound before the message. required: false - choices: ["56k", "bell", "bezos", "bueller", "clowntown", - "cottoneyejoe", "crickets", "dadgummit", "dangerzone", - "danielsan", "deeper", "drama", "greatjob", "greyjoy", - "guarantee", "heygirl", "horn", "horror", - "inconceivable", "live", "loggins", "makeitso", "noooo", - "nyan", "ohmy", "ohyeah", "pushit", "rimshot", - "rollout", "rumble", "sax", "secret", "sexyback", - "story", "tada", "tmyk", "trololo", "trombone", "unix", - "vuvuzela", "what", "whoomp", "yeah", "yodel"] + choices: ["56k", "bell", "bezos", "bueller", "clowntown", "cottoneyejoe", "crickets", "dadgummit", "dangerzone", "danielsan", + "deeper", "drama", "greatjob", "greyjoy", "guarantee", "heygirl", "horn", "horror", "inconceivable", "live", "loggins", + "makeitso", "noooo", "nyan", "ohmy", "ohyeah", "pushit", "rimshot", "rollout", "rumble", "sax", "secret", "sexyback", + "story", "tada", "tmyk", "trololo", "trombone", "unix", "vuvuzela", "what", "whoomp", "yeah", "yodel"] # informational: requirements for nodes -requirements: [ ] +requirements: [] author: "Adam Garside (@fabulops)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Send a message to Campfire community.general.campfire: subscription: foo @@ -79,7 +73,7 @@ EXAMPLES = ''' room: 123 notify: loggins msg: Task completed ... with feeling. -''' +""" try: from html import escape as html_escape diff --git a/plugins/modules/capabilities.py b/plugins/modules/capabilities.py index a0b6d52223..088c15e4f6 100644 --- a/plugins/modules/capabilities.py +++ b/plugins/modules/capabilities.py @@ -8,48 +8,47 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: capabilities short_description: Manage Linux capabilities description: - - This module manipulates files privileges using the Linux capabilities(7) system. + - This module manipulates files privileges using the Linux capabilities(7) system. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - path: - description: - - Specifies the path to the file to be managed. - type: str - required: true - aliases: [ key ] - capability: - description: - - Desired capability to set (with operator and flags, if O(state=present)) or remove (if O(state=absent)) - type: str - required: true - aliases: [ cap ] - state: - description: - - Whether the entry should be present or absent in the file's capabilities. - type: str - choices: [ absent, present ] - default: present + path: + description: + - Specifies the path to the file to be managed. + type: str + required: true + aliases: [key] + capability: + description: + - Desired capability to set (with operator and flags, if O(state=present)) or remove (if O(state=absent)). + type: str + required: true + aliases: [cap] + state: + description: + - Whether the entry should be present or absent in the file's capabilities. + type: str + choices: [absent, present] + default: present notes: - - The capabilities system will automatically transform operators and flags into the effective set, - so for example, C(cap_foo=ep) will probably become C(cap_foo+ep). - - This module does not attempt to determine the final operator and flags to compare, - so you will want to ensure that your capabilities argument matches the final capabilities. + - The capabilities system will automatically transform operators and flags into the effective set, so for example, C(cap_foo=ep) + will probably become C(cap_foo+ep). + - This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your + capabilities argument matches the final capabilities. author: -- Nate Coraor (@natefoo) -''' + - Nate Coraor (@natefoo) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Set cap_sys_chroot+ep on /foo community.general.capabilities: path: /foo @@ -61,7 +60,7 @@ EXAMPLES = r''' path: /bar capability: cap_net_bind_service state: absent -''' +""" from ansible.module_utils.basic import AnsibleModule @@ -93,7 +92,7 @@ class CapabilitiesModule(object): if self.module.check_mode: self.module.exit_json(changed=True, msg='capabilities changed') else: - # remove from current cap list if it's already set (but op/flags differ) + # remove from current cap list if it is already set (but op/flags differ) current = list(filter(lambda x: x[0] != self.capability_tup[0], current)) # add new cap with correct op/flags current.append(self.capability_tup) diff --git a/plugins/modules/cargo.py b/plugins/modules/cargo.py index ba9c05ed7b..94a1102725 100644 --- a/plugins/modules/cargo.py +++ b/plugins/modules/cargo.py @@ -1,6 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # Copyright (c) 2021 Radek Sprta +# Copyright (c) 2024 Colin Nolan # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later @@ -10,7 +11,6 @@ __metaclass__ = type DOCUMENTATION = r""" ---- module: cargo short_description: Manage Rust packages with cargo version_added: 4.3.0 @@ -38,16 +38,12 @@ options: elements: str required: true path: - description: - -> - The base path where to install the Rust packages. Cargo automatically appends - V(/bin). In other words, V(/usr/local) will become V(/usr/local/bin). + description: The base path where to install the Rust packages. Cargo automatically appends V(/bin). In other words, V(/usr/local) + will become V(/usr/local/bin). type: path version: - description: - -> - The version to install. If O(name) contains multiple values, the module will - try to install all of them in this version. + description: The version to install. If O(name) contains multiple values, the module will try to install all of them in + this version. type: str required: false locked: @@ -64,9 +60,16 @@ options: required: false type: str default: present - choices: [ "present", "absent", "latest" ] + choices: ["present", "absent", "latest"] + directory: + description: + - Path to the source directory to install the Rust package from. + - This is only used when installing packages. + type: path + required: false + version_added: 9.1.0 requirements: - - cargo installed + - cargo installed """ EXAMPLES = r""" @@ -98,8 +101,14 @@ EXAMPLES = r""" community.general.cargo: name: ludusavi state: latest + +- name: Install "ludusavi" Rust package from source directory + community.general.cargo: + name: ludusavi + directory: /path/to/ludusavi/source """ +import json import os import re @@ -115,6 +124,7 @@ class Cargo(object): self.state = kwargs["state"] self.version = kwargs["version"] self.locked = kwargs["locked"] + self.directory = kwargs["directory"] @property def path(self): @@ -143,7 +153,7 @@ class Cargo(object): data, dummy = self._exec(cmd, True, False, False) - package_regex = re.compile(r"^([\w\-]+) v(.+):$") + package_regex = re.compile(r"^([\w\-]+) v(\S+).*:$") installed = {} for line in data.splitlines(): package_info = package_regex.match(line) @@ -163,19 +173,53 @@ class Cargo(object): if self.version: cmd.append("--version") cmd.append(self.version) + if self.directory: + cmd.append("--path") + cmd.append(self.directory) return self._exec(cmd) def is_outdated(self, name): installed_version = self.get_installed().get(name) + latest_version = ( + self.get_latest_published_version(name) + if not self.directory + else self.get_source_directory_version(name) + ) + return installed_version != latest_version + def get_latest_published_version(self, name): cmd = ["search", name, "--limit", "1"] data, dummy = self._exec(cmd, True, False, False) match = re.search(r'"(.+)"', data) - if match: - latest_version = match.group(1) + if not match: + self.module.fail_json( + msg="No published version for package %s found" % name + ) + return match.group(1) - return installed_version != latest_version + def get_source_directory_version(self, name): + cmd = [ + "metadata", + "--format-version", + "1", + "--no-deps", + "--manifest-path", + os.path.join(self.directory, "Cargo.toml"), + ] + data, dummy = self._exec(cmd, True, False, False) + manifest = json.loads(data) + + package = next( + (package for package in manifest["packages"] if package["name"] == name), + None, + ) + if not package: + self.module.fail_json( + msg="Package %s not defined in source, found: %s" + % (name, [x["name"] for x in manifest["packages"]]) + ) + return package["version"] def uninstall(self, packages=None): cmd = ["uninstall"] @@ -191,16 +235,21 @@ def main(): state=dict(default="present", choices=["present", "absent", "latest"]), version=dict(default=None, type="str"), locked=dict(default=False, type="bool"), + directory=dict(default=None, type="path"), ) module = AnsibleModule(argument_spec=arg_spec, supports_check_mode=True) name = module.params["name"] state = module.params["state"] version = module.params["version"] + directory = module.params["directory"] if not name: module.fail_json(msg="Package name must be specified") + if directory is not None and not os.path.isdir(directory): + module.fail_json(msg="Source directory does not exist") + # Set LANG env since we parse stdout module.run_command_environ_update = dict( LANG="C", LC_ALL="C", LC_MESSAGES="C", LC_CTYPE="C" diff --git a/plugins/modules/catapult.py b/plugins/modules/catapult.py index acd8398512..5329c90f54 100644 --- a/plugins/modules/catapult.py +++ b/plugins/modules/catapult.py @@ -11,14 +11,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: catapult -short_description: Send a sms / mms using the catapult bandwidth api +short_description: Send a sms / mms using the catapult bandwidth API description: - - Allows notifications to be sent using sms / mms via the catapult bandwidth api. + - Allows notifications to be sent using SMS / MMS using the catapult bandwidth API. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: none @@ -44,31 +43,30 @@ options: media: type: str description: - - For MMS messages, a media url to the location of the media to be sent with the message. + - For MMS messages, a media URL to the location of the media to be sent with the message. user_id: type: str description: - - User Id from Api account page. + - User ID from API account page. required: true api_token: type: str description: - - Api Token from Api account page. + - API Token from API account page. required: true api_secret: type: str description: - - Api Secret from Api account page. + - API Secret from API account page. required: true author: "Jonathan Mainguy (@Jmainguy)" notes: - - Will return changed even if the media url is wrong. - - Will return changed if the destination number is invalid. + - Will return changed even if the media URL is wrong. + - Will return changed if the destination number is invalid. +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Send a mms to multiple users community.general.catapult: src: "+15035555555" @@ -89,16 +87,15 @@ EXAMPLES = ''' user_id: "{{ user_id }}" api_token: "{{ api_token }}" api_secret: "{{ api_secret }}" +""" -''' - -RETURN = ''' +RETURN = r""" changed: - description: Whether the api accepted the message. - returned: always - type: bool - sample: true -''' + description: Whether the API accepted the message. + returned: always + type: bool + sample: true +""" import json diff --git a/plugins/modules/circonus_annotation.py b/plugins/modules/circonus_annotation.py index f3b94a0524..9e563171cd 100644 --- a/plugins/modules/circonus_annotation.py +++ b/plugins/modules/circonus_annotation.py @@ -9,62 +9,59 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: circonus_annotation -short_description: Create an annotation in circonus +short_description: Create an annotation in Circonus description: - - Create an annotation event with a given category, title and description. Optionally start, end or durations can be provided + - Create an annotation event with a given category, title and description. Optionally start, end or durations can be provided. author: "Nick Harring (@NickatEpic)" requirements: - - requests (either >= 2.0.0 for Python 3, or >= 1.0.0 for Python 2) -notes: - - Check mode isn't supported. + - requests (either >= 2.0.0 for Python 3, or >= 1.0.0 for Python 2) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - api_key: - type: str - description: - - Circonus API key - required: true - category: - type: str - description: - - Annotation Category - required: true + api_key: + type: str description: - type: str - description: - - Description of annotation - required: true - title: - type: str - description: - - Title of annotation - required: true - start: - type: int - description: - - Unix timestamp of event start - - If not specified, it defaults to "now". - stop: - type: int - description: - - Unix timestamp of event end - - If not specified, it defaults to "now" + O(duration). - duration: - type: int - description: - - Duration in seconds of annotation - default: 0 -''' -EXAMPLES = ''' + - Circonus API key. + required: true + category: + type: str + description: + - Annotation Category. + required: true + description: + type: str + description: + - Description of annotation. + required: true + title: + type: str + description: + - Title of annotation. + required: true + start: + type: int + description: + - Unix timestamp of event start. + - If not specified, it defaults to "now". + stop: + type: int + description: + - Unix timestamp of event end. + - If not specified, it defaults to "now" + O(duration). + duration: + type: int + description: + - Duration in seconds of annotation. + default: 0 +""" +EXAMPLES = r""" - name: Create a simple annotation event with a source, defaults to start and end time of now community.general.circonus_annotation: api_key: XXXXXXXXXXXXXXXXX @@ -88,66 +85,67 @@ EXAMPLES = ''' category: This category groups like annotations start_time: 1395940006 end_time: 1395954407 -''' +""" -RETURN = ''' +RETURN = r""" annotation: - description: details about the created annotation - returned: success - type: complex - contains: - _cid: - description: annotation identifier - returned: success - type: str - sample: /annotation/100000 - _created: - description: creation timestamp - returned: success - type: int - sample: 1502236928 - _last_modified: - description: last modification timestamp - returned: success - type: int - sample: 1502236928 - _last_modified_by: - description: last modified by - returned: success - type: str - sample: /user/1000 - category: - description: category of the created annotation - returned: success - type: str - sample: alerts - title: - description: title of the created annotation - returned: success - type: str - sample: WARNING - description: - description: description of the created annotation - returned: success - type: str - sample: Host is down. - start: - description: timestamp, since annotation applies - returned: success - type: int - sample: Host is down. - stop: - description: timestamp, since annotation ends - returned: success - type: str - sample: Host is down. - rel_metrics: - description: Array of metrics related to this annotation, each metrics is a string. - returned: success - type: list - sample: - - 54321_kbps -''' + description: Details about the created annotation. + returned: success + type: complex + contains: + _cid: + description: Annotation identifier. + returned: success + type: str + sample: /annotation/100000 + _created: + description: Creation timestamp. + returned: success + type: int + sample: 1502236928 + _last_modified: + description: Last modification timestamp. + returned: success + type: int + sample: 1502236928 + _last_modified_by: + description: Last modified by. + returned: success + type: str + sample: /user/1000 + category: + description: Category of the created annotation. + returned: success + type: str + sample: alerts + title: + description: Title of the created annotation. + returned: success + type: str + sample: WARNING + description: + description: Description of the created annotation. + returned: success + type: str + sample: Host is down. + start: + description: Timestamp, since annotation applies. + returned: success + type: int + sample: Host is down. + stop: + description: Timestamp, since annotation ends. + returned: success + type: str + sample: Host is down. + rel_metrics: + description: Array of metrics related to this annotation, each metrics is a string. + returned: success + type: list + sample: + - 54321_kbps +""" + import json import time import traceback diff --git a/plugins/modules/cisco_webex.py b/plugins/modules/cisco_webex.py index caa77f576d..14b8716846 100644 --- a/plugins/modules/cisco_webex.py +++ b/plugins/modules/cisco_webex.py @@ -9,17 +9,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: cisco_webex short_description: Send a message to a Cisco Webex Teams Room or Individual description: - - Send a message to a Cisco Webex Teams Room or Individual with options to control the formatting. + - Send a message to a Cisco Webex Teams Room or Individual with options to control the formatting. author: Drew Rusell (@drew-russell) notes: - The O(recipient_type) must be valid for the supplied O(recipient_id). - Full API documentation can be found at U(https://developer.webex.com/docs/api/basics). - extends_documentation_fragment: - community.general.attributes attributes: @@ -32,8 +30,8 @@ options: recipient_type: description: - - The request parameter you would like to send the message to. - - Messages can be sent to either a room or individual (by ID or E-Mail). + - The request parameter you would like to send the message to. + - Messages can be sent to either a room or individual (by ID or E-Mail). required: true choices: ['roomId', 'toPersonEmail', 'toPersonId'] type: str @@ -46,7 +44,7 @@ options: msg_type: description: - - Specifies how you would like the message formatted. + - Specifies how you would like the message formatted. default: text choices: ['text', 'markdown'] type: str @@ -64,9 +62,9 @@ options: - The message you would like to send. required: true type: str -''' +""" -EXAMPLES = """ +EXAMPLES = r""" # Note: The following examples assume a variable file has been imported # that contains the appropriate information. @@ -101,10 +99,9 @@ EXAMPLES = """ msg_type: text personal_token: "{{ token }}" msg: "Cisco Webex Teams Ansible Module - Text Message to Individual by E-Mail" - """ -RETURN = """ +RETURN = r""" status_code: description: - The Response Code returned by the Webex Teams API. @@ -114,12 +111,12 @@ status_code: sample: 200 message: - description: - - The Response Message returned by the Webex Teams API. - - Full Response Code explanations can be found at U(https://developer.webex.com/docs/api/basics). - returned: always - type: str - sample: OK (585 bytes) + description: + - The Response Message returned by the Webex Teams API. + - Full Response Code explanations can be found at U(https://developer.webex.com/docs/api/basics). + returned: always + type: str + sample: OK (585 bytes) """ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url diff --git a/plugins/modules/clc_aa_policy.py b/plugins/modules/clc_aa_policy.py index 05135bd957..eb8c57f60c 100644 --- a/plugins/modules/clc_aa_policy.py +++ b/plugins/modules/clc_aa_policy.py @@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_aa_policy -short_description: Create or Delete Anti Affinity Policies at CenturyLink Cloud +short_description: Create or Delete Anti-Affinity Policies at CenturyLink Cloud description: - - An Ansible module to Create or Delete Anti Affinity Policies at CenturyLink Cloud. + - An Ansible module to Create or Delete Anti-Affinity Policies at CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -24,7 +27,7 @@ attributes: options: name: description: - - The name of the Anti Affinity Policy. + - The name of the Anti-Affinity Policy. type: str required: true location: @@ -38,28 +41,10 @@ options: type: str required: false default: present - choices: ['present','absent'] -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' + choices: ['present', 'absent'] +""" -EXAMPLES = ''' -# Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - ---- +EXAMPLES = r""" - name: Create AA Policy hosts: localhost gather_facts: false @@ -91,11 +76,11 @@ EXAMPLES = ''' - name: Debug ansible.builtin.debug: var: policy -''' +""" -RETURN = ''' +RETURN = r""" policy: - description: The anti affinity policy information + description: The anti-affinity policy information. returned: success type: dict sample: @@ -121,7 +106,7 @@ policy: } ] } -''' +""" __version__ = '${version}' diff --git a/plugins/modules/clc_alert_policy.py b/plugins/modules/clc_alert_policy.py index b77c83e3b7..fda82021e4 100644 --- a/plugins/modules/clc_alert_policy.py +++ b/plugins/modules/clc_alert_policy.py @@ -1,6 +1,5 @@ #!/usr/bin/python # -*- coding: utf-8 -*- - # # Copyright (c) 2015 CenturyLink # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -10,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_alert_policy short_description: Create or Delete Alert Policies at CenturyLink Cloud description: - An Ansible module to Create or Delete Alert Policies at CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -25,67 +27,45 @@ attributes: options: alias: description: - - The alias of your CLC Account + - The alias of your CLC Account. type: str required: true name: description: - - The name of the alert policy. This is mutually exclusive with id + - The name of the alert policy. This is mutually exclusive with O(id). type: str id: description: - - The alert policy id. This is mutually exclusive with name + - The alert policy ID. This is mutually exclusive with O(name). type: str alert_recipients: description: - - A list of recipient email ids to notify the alert. - This is required for state 'present' + - A list of recipient email IDs to notify the alert. This is required for O(state=present). type: list elements: str metric: description: - - The metric on which to measure the condition that will trigger the alert. - This is required for state 'present' + - The metric on which to measure the condition that will trigger the alert. This is required for O(state=present). type: str - choices: ['cpu','memory','disk'] + choices: ['cpu', 'memory', 'disk'] duration: description: - - The length of time in minutes that the condition must exceed the threshold. - This is required for state 'present' + - The length of time in minutes that the condition must exceed the threshold. This is required for O(state=present). type: str threshold: description: - - The threshold that will trigger the alert when the metric equals or exceeds it. - This is required for state 'present' - This number represents a percentage and must be a value between 5.0 - 95.0 that is a multiple of 5.0 + - The threshold that will trigger the alert when the metric equals or exceeds it. This is required for O(state=present). + This number represents a percentage and must be a value between 5.0 - 95.0 that is a multiple of 5.0. type: int state: description: - Whether to create or delete the policy. type: str default: present - choices: ['present','absent'] -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' + choices: ['present', 'absent'] +""" -EXAMPLES = ''' -# Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - ---- +EXAMPLES = r""" - name: Create Alert Policy Example hosts: localhost gather_facts: false @@ -96,8 +76,8 @@ EXAMPLES = ''' alias: wfad name: 'alert for disk > 80%' alert_recipients: - - test1@centurylink.com - - test2@centurylink.com + - test1@centurylink.com + - test2@centurylink.com metric: 'disk' duration: '00:05:00' threshold: 80 @@ -121,11 +101,11 @@ EXAMPLES = ''' - name: Debug ansible.builtin.debug: var=policy -''' +""" -RETURN = ''' +RETURN = r""" policy: - description: The alert policy information + description: The alert policy information. returned: success type: dict sample: @@ -162,7 +142,7 @@ policy: } ] } -''' +""" __version__ = '${version}' diff --git a/plugins/modules/clc_blueprint_package.py b/plugins/modules/clc_blueprint_package.py index 672e06780f..59c47e13d8 100644 --- a/plugins/modules/clc_blueprint_package.py +++ b/plugins/modules/clc_blueprint_package.py @@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_blueprint_package short_description: Deploys a blue print package on a set of servers in CenturyLink Cloud description: - An Ansible module to deploy blue print package on a set of servers in CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -24,13 +27,13 @@ attributes: options: server_ids: description: - - A list of server Ids to deploy the blue print package. + - A list of server IDs to deploy the blue print package. type: list required: true elements: str package_id: description: - - The package id of the blue print. + - The package ID of the blue print. type: str required: true package_params: @@ -41,7 +44,7 @@ options: required: false state: description: - - Whether to install or uninstall the package. Currently it supports only "present" for install action. + - Whether to install or uninstall the package. Currently it supports only V(present) for install action. type: str required: false default: present @@ -52,46 +55,27 @@ options: type: str default: 'True' required: false -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - name: Deploy package community.general.clc_blueprint_package: - server_ids: - - UC1TEST-SERVER1 - - UC1TEST-SERVER2 - package_id: 77abb844-579d-478d-3955-c69ab4a7ba1a - package_params: {} -''' + server_ids: + - UC1TEST-SERVER1 + - UC1TEST-SERVER2 + package_id: 77abb844-579d-478d-3955-c69ab4a7ba1a + package_params: {} +""" -RETURN = ''' +RETURN = r""" server_ids: - description: The list of server ids that are changed - returned: success - type: list - sample: - [ - "UC1TEST-SERVER1", - "UC1TEST-SERVER2" - ] -''' + description: The list of server IDs that are changed. + returned: success + type: list + sample: ["UC1TEST-SERVER1", "UC1TEST-SERVER2"] +""" __version__ = '${version}' diff --git a/plugins/modules/clc_firewall_policy.py b/plugins/modules/clc_firewall_policy.py index b30037c6fe..0794b67382 100644 --- a/plugins/modules/clc_firewall_policy.py +++ b/plugins/modules/clc_firewall_policy.py @@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_firewall_policy short_description: Create/delete/update firewall policies description: - - Create or delete or update firewall policies on Centurylink Cloud + - Create or delete or update firewall policies on Centurylink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -24,46 +27,43 @@ attributes: options: location: description: - - Target datacenter for the firewall policy + - Target datacenter for the firewall policy. type: str required: true state: description: - - Whether to create or delete the firewall policy + - Whether to create or delete the firewall policy. type: str default: present choices: ['present', 'absent'] source: description: - - The list of source addresses for traffic on the originating firewall. - This is required when state is 'present' + - The list of source addresses for traffic on the originating firewall. This is required when O(state=present). type: list elements: str destination: description: - - The list of destination addresses for traffic on the terminating firewall. - This is required when state is 'present' + - The list of destination addresses for traffic on the terminating firewall. This is required when O(state=present). type: list elements: str ports: description: - - The list of ports associated with the policy. - TCP and UDP can take in single ports or port ranges. + - The list of ports associated with the policy. TCP and UDP can take in single ports or port ranges. - "Example: V(['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456'])." type: list elements: str firewall_policy_id: description: - - Id of the firewall policy. This is required to update or delete an existing firewall policy + - ID of the firewall policy. This is required to update or delete an existing firewall policy. type: str source_account_alias: description: - - CLC alias for the source account + - CLC alias for the source account. type: str required: true destination_account_alias: description: - - CLC alias for the destination account + - CLC alias for the destination account. type: str wait: description: @@ -72,29 +72,13 @@ options: default: 'True' enabled: description: - - Whether the firewall policy is enabled or disabled + - Whether the firewall policy is enabled or disabled. type: str choices: ['True', 'False'] default: 'True' -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' +""" -EXAMPLES = ''' ---- +EXAMPLES = r""" - name: Create Firewall Policy hosts: localhost gather_facts: false @@ -121,16 +105,16 @@ EXAMPLES = ''' location: VA1 state: absent firewall_policy_id: c62105233d7a4231bd2e91b9c791e43e1 -''' +""" -RETURN = ''' +RETURN = r""" firewall_policy_id: - description: The fire wall policy id - returned: success - type: str - sample: fc36f1bfd47242e488a9c44346438c05 + description: The firewall policy ID. + returned: success + type: str + sample: fc36f1bfd47242e488a9c44346438c05 firewall_policy: - description: The fire wall policy information + description: The firewall policy information. returned: success type: dict sample: @@ -162,7 +146,7 @@ firewall_policy: ], "status":"active" } -''' +""" __version__ = '${version}' diff --git a/plugins/modules/clc_group.py b/plugins/modules/clc_group.py index 88aef2d63d..8c9d086353 100644 --- a/plugins/modules/clc_group.py +++ b/plugins/modules/clc_group.py @@ -1,6 +1,5 @@ #!/usr/bin/python # -*- coding: utf-8 -*- - # # Copyright (c) 2015 CenturyLink # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -10,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_group short_description: Create/delete Server Groups at Centurylink Cloud description: - - Create or delete Server Groups at Centurylink Centurylink Cloud + - Create or delete Server Groups at Centurylink Centurylink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -25,12 +27,12 @@ attributes: options: name: description: - - The name of the Server Group + - The name of the Server Group. type: str required: true description: description: - - A description of the Server Group + - A description of the Server Group. type: str required: false parent: @@ -40,13 +42,13 @@ options: required: false location: description: - - Datacenter to create the group in. If location is not provided, the group gets created in the default datacenter - associated with the account + - Datacenter to create the group in. If location is not provided, the group gets created in the default datacenter associated + with the account. type: str required: false state: description: - - Whether to create or delete the group + - Whether to create or delete the group. type: str default: present choices: ['present', 'absent'] @@ -56,28 +58,10 @@ options: type: bool default: true required: false -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' - -EXAMPLES = ''' +""" +EXAMPLES = r""" # Create a Server Group - ---- - name: Create Server Group hosts: localhost gather_facts: false @@ -110,11 +94,11 @@ EXAMPLES = ''' - name: Debug ansible.builtin.debug: var: clc -''' +""" -RETURN = ''' +RETURN = r""" group: - description: The group information + description: The group information. returned: success type: dict sample: @@ -209,7 +193,7 @@ group: "status":"active", "type":"default" } -''' +""" __version__ = '${version}' diff --git a/plugins/modules/clc_loadbalancer.py b/plugins/modules/clc_loadbalancer.py index 675cc1100e..d3bb835970 100644 --- a/plugins/modules/clc_loadbalancer.py +++ b/plugins/modules/clc_loadbalancer.py @@ -2,7 +2,6 @@ # -*- coding: utf-8 -*- # # Copyright (c) 2015 CenturyLink -# # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later @@ -10,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_loadbalancer short_description: Create, Delete shared loadbalancers in CenturyLink Cloud description: - An Ansible module to Create, Delete shared loadbalancers in CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -25,74 +27,59 @@ attributes: options: name: description: - - The name of the loadbalancer + - The name of the loadbalancer. type: str required: true description: description: - - A description for the loadbalancer + - A description for the loadbalancer. type: str alias: description: - - The alias of your CLC Account + - The alias of your CLC Account. type: str required: true location: description: - - The location of the datacenter where the load balancer resides in + - The location of the datacenter where the load balancer resides in. type: str required: true method: description: - -The balancing method for the load balancer pool + - The balancing method for the load balancer pool. type: str choices: ['leastConnection', 'roundRobin'] persistence: description: - - The persistence method for the load balancer + - The persistence method for the load balancer. type: str choices: ['standard', 'sticky'] port: description: - - Port to configure on the public-facing side of the load balancer pool + - Port to configure on the public-facing side of the load balancer pool. type: str choices: ['80', '443'] nodes: description: - - A list of nodes that needs to be added to the load balancer pool + - A list of nodes that needs to be added to the load balancer pool. type: list default: [] elements: dict status: description: - - The status of the loadbalancer + - The status of the loadbalancer. type: str default: enabled choices: ['enabled', 'disabled'] state: description: - - Whether to create or delete the load balancer pool + - Whether to create or delete the load balancer pool. type: str default: present choices: ['present', 'absent', 'port_absent', 'nodes_present', 'nodes_absent'] -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - name: Create Loadbalancer hosts: localhost @@ -173,11 +160,11 @@ EXAMPLES = ''' - ipAddress: 10.11.22.123 privatePort: 80 state: absent -''' +""" -RETURN = ''' +RETURN = r""" loadbalancer: - description: The load balancer result object from CLC + description: The load balancer result object from CLC. returned: success type: dict sample: @@ -210,7 +197,7 @@ loadbalancer: ], "status":"enabled" } -''' +""" __version__ = '${version}' diff --git a/plugins/modules/clc_modify_server.py b/plugins/modules/clc_modify_server.py index b375d9d47a..e6da2c0661 100644 --- a/plugins/modules/clc_modify_server.py +++ b/plugins/modules/clc_modify_server.py @@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_modify_server short_description: Modify servers in CenturyLink Cloud description: - An Ansible module to modify servers in CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -24,13 +27,13 @@ attributes: options: server_ids: description: - - A list of server Ids to modify. + - A list of server IDs to modify. type: list required: true elements: str cpu: description: - - How many CPUs to update on the server + - How many CPUs to update on the server. type: str memory: description: @@ -38,23 +41,19 @@ options: type: str anti_affinity_policy_id: description: - - The anti affinity policy id to be set for a hyper scale server. - This is mutually exclusive with 'anti_affinity_policy_name' + - The anti affinity policy ID to be set for a hyper scale server. This is mutually exclusive with O(anti_affinity_policy_name). type: str anti_affinity_policy_name: description: - - The anti affinity policy name to be set for a hyper scale server. - This is mutually exclusive with 'anti_affinity_policy_id' + - The anti affinity policy name to be set for a hyper scale server. This is mutually exclusive with O(anti_affinity_policy_id). type: str alert_policy_id: description: - - The alert policy id to be associated to the server. - This is mutually exclusive with 'alert_policy_name' + - The alert policy ID to be associated to the server. This is mutually exclusive with O(alert_policy_name). type: str alert_policy_name: description: - - The alert policy name to be associated to the server. - This is mutually exclusive with 'alert_policy_id' + - The alert policy name to be associated to the server. This is mutually exclusive with O(alert_policy_id). type: str state: description: @@ -67,96 +66,77 @@ options: - Whether to wait for the provisioning tasks to finish before returning. type: bool default: true -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - name: Set the cpu count to 4 on a server community.general.clc_modify_server: server_ids: - - UC1TESTSVR01 - - UC1TESTSVR02 + - UC1TESTSVR01 + - UC1TESTSVR02 cpu: 4 state: present - name: Set the memory to 8GB on a server community.general.clc_modify_server: server_ids: - - UC1TESTSVR01 - - UC1TESTSVR02 + - UC1TESTSVR01 + - UC1TESTSVR02 memory: 8 state: present - name: Set the anti affinity policy on a server community.general.clc_modify_server: server_ids: - - UC1TESTSVR01 - - UC1TESTSVR02 + - UC1TESTSVR01 + - UC1TESTSVR02 anti_affinity_policy_name: 'aa_policy' state: present - name: Remove the anti affinity policy on a server community.general.clc_modify_server: server_ids: - - UC1TESTSVR01 - - UC1TESTSVR02 + - UC1TESTSVR01 + - UC1TESTSVR02 anti_affinity_policy_name: 'aa_policy' state: absent - name: Add the alert policy on a server community.general.clc_modify_server: server_ids: - - UC1TESTSVR01 - - UC1TESTSVR02 + - UC1TESTSVR01 + - UC1TESTSVR02 alert_policy_name: 'alert_policy' state: present - name: Remove the alert policy on a server community.general.clc_modify_server: server_ids: - - UC1TESTSVR01 - - UC1TESTSVR02 + - UC1TESTSVR01 + - UC1TESTSVR02 alert_policy_name: 'alert_policy' state: absent - name: Ret the memory to 16GB and cpu to 8 core on a lust if servers community.general.clc_modify_server: server_ids: - - UC1TESTSVR01 - - UC1TESTSVR02 + - UC1TESTSVR01 + - UC1TESTSVR02 cpu: 8 memory: 16 state: present -''' +""" -RETURN = ''' +RETURN = r""" server_ids: - description: The list of server ids that are changed - returned: success - type: list - sample: - [ - "UC1TEST-SVR01", - "UC1TEST-SVR02" - ] + description: The list of server IDs that are changed. + returned: success + type: list + sample: ["UC1TEST-SVR01", "UC1TEST-SVR02"] servers: - description: The list of server objects that are changed + description: The list of server objects that are changed. returned: success type: list sample: @@ -312,7 +292,7 @@ servers: "type":"standard" } ] -''' +""" __version__ = '${version}' diff --git a/plugins/modules/clc_publicip.py b/plugins/modules/clc_publicip.py index c1bffcea04..7e00b5baa7 100644 --- a/plugins/modules/clc_publicip.py +++ b/plugins/modules/clc_publicip.py @@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_publicip -short_description: Add and Delete public ips on servers in CenturyLink Cloud +short_description: Add and Delete public IPs on servers in CenturyLink Cloud description: - - An Ansible module to add or delete public ip addresses on an existing server or servers in CenturyLink Cloud. + - An Ansible module to add or delete public IP addresses on an existing server or servers in CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -30,19 +33,19 @@ options: choices: ['TCP', 'UDP', 'ICMP'] ports: description: - - A list of ports to expose. This is required when state is 'present' + - A list of ports to expose. This is required when O(state=present). type: list elements: int server_ids: description: - - A list of servers to create public ips on. + - A list of servers to create public IPs on. type: list required: true elements: str state: description: - - Determine whether to create or delete public IPs. If present module will not create a second public ip if one - already exists. + - Determine whether to create or delete public IPs. If V(present) module will not create a second public IP if one already + exists. type: str default: present choices: ['present', 'absent'] @@ -51,24 +54,9 @@ options: - Whether to wait for the tasks to finish before returning. type: bool default: true -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - name: Add Public IP to Server @@ -107,19 +95,15 @@ EXAMPLES = ''' - name: Debug ansible.builtin.debug: var: clc -''' +""" -RETURN = ''' +RETURN = r""" server_ids: - description: The list of server ids that are changed - returned: success - type: list - sample: - [ - "UC1TEST-SVR01", - "UC1TEST-SVR02" - ] -''' + description: The list of server IDs that are changed. + returned: success + type: list + sample: ["UC1TEST-SVR01", "UC1TEST-SVR02"] +""" __version__ = '${version}' diff --git a/plugins/modules/clc_server.py b/plugins/modules/clc_server.py index 6bfe5a9b9e..6574c1e556 100644 --- a/plugins/modules/clc_server.py +++ b/plugins/modules/clc_server.py @@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_server short_description: Create, Delete, Start and Stop servers in CenturyLink Cloud description: - An Ansible module to Create, Delete, Start and Stop servers in CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -24,13 +27,13 @@ attributes: options: additional_disks: description: - - The list of additional disks for the server + - The list of additional disks for the server. type: list elements: dict default: [] add_public_ip: description: - - Whether to add a public ip to the server + - Whether to add a public IP to the server. type: bool default: false alias: @@ -39,32 +42,32 @@ options: type: str anti_affinity_policy_id: description: - - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_name'. + - The anti-affinity policy to assign to the server. This is mutually exclusive with O(anti_affinity_policy_name). type: str anti_affinity_policy_name: description: - - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_id'. + - The anti-affinity policy to assign to the server. This is mutually exclusive with O(anti_affinity_policy_id). type: str alert_policy_id: description: - - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_name'. + - The alert policy to assign to the server. This is mutually exclusive with O(alert_policy_name). type: str alert_policy_name: description: - - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_id'. + - The alert policy to assign to the server. This is mutually exclusive with O(alert_policy_id). type: str count: description: - - The number of servers to build (mutually exclusive with exact_count) + - The number of servers to build (mutually exclusive with O(exact_count)). default: 1 type: int count_group: description: - - Required when exact_count is specified. The Server Group use to determine how many servers to deploy. + - Required when exact_count is specified. The Server Group use to determine how many servers to deploy. type: str cpu: description: - - How many CPUs to provision on the server + - How many CPUs to provision on the server. default: 1 type: int cpu_autoscale_policy_id: @@ -83,8 +86,8 @@ options: type: str exact_count: description: - - Run in idempotent mode. Will insure that this exact number of servers are running in the provided group, - creating and deleting them to reach that count. Requires count_group to be set. + - Run in idempotent mode. Will insure that this exact number of servers are running in the provided group, creating + and deleting them to reach that count. Requires O(count_group) to be set. type: int group: description: @@ -112,7 +115,7 @@ options: default: 1 name: description: - - A 1 to 6 character identifier to use for the server. This is required when state is 'present' + - A 1 to 6 character identifier to use for the server. This is required when O(state=present). type: str network_id: description: @@ -126,7 +129,7 @@ options: default: [] password: description: - - Password for the administrator / root user + - Password for the administrator / root user. type: str primary_dns: description: @@ -134,13 +137,13 @@ options: type: str public_ip_protocol: description: - - The protocol to use for the public ip if add_public_ip is set to True. + - The protocol to use for the public IP if O(add_public_ip=true). type: str default: 'TCP' choices: ['TCP', 'UDP', 'ICMP'] public_ip_ports: description: - - A list of ports to allow on the firewall to the servers public ip, if add_public_ip is set to True. + - A list of ports to allow on the firewall to the servers public IP, if O(add_public_ip=true). type: list elements: dict default: [] @@ -150,8 +153,7 @@ options: type: str server_ids: description: - - Required for started, stopped, and absent states. - A list of server Ids to insure are started, stopped, or absent. + - Required for started, stopped, and absent states. A list of server IDs to ensure are started, stopped, or absent. type: list default: [] elements: str @@ -173,12 +175,12 @@ options: choices: ['standard', 'hyperscale'] template: description: - - The template to use for server creation. Will search for a template if a partial string is provided. - This is required when state is 'present' + - The template to use for server creation. Will search for a template if a partial string is provided. This is required + when O(state=present). type: str ttl: description: - - The time to live for the server in seconds. The server will be deleted when this time expires. + - The time to live for the server in seconds. The server will be deleted when this time expires. type: str type: description: @@ -188,13 +190,12 @@ options: choices: ['standard', 'hyperscale', 'bareMetal'] configuration_id: description: - - Only required for bare metal servers. - Specifies the identifier for the specific configuration type of bare metal server to deploy. + - Only required for bare metal servers. Specifies the identifier for the specific configuration type of bare metal server + to deploy. type: str os_type: description: - - Only required for bare metal servers. - Specifies the OS to provision with the bare metal server. + - Only required for bare metal servers. Specifies the OS to provision with the bare metal server. type: str choices: ['redHat6_64Bit', 'centOS6_64Bit', 'windows2012R2Standard_64Bit', 'ubuntu14_64Bit'] wait: @@ -202,24 +203,9 @@ options: - Whether to wait for the provisioning tasks to finish before returning. type: bool default: true -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - name: Provision a single Ubuntu Server @@ -255,185 +241,177 @@ EXAMPLES = ''' server_ids: - UC1ACCT-TEST01 state: absent -''' +""" -RETURN = ''' +RETURN = r""" server_ids: - description: The list of server ids that are created - returned: success - type: list - sample: - [ - "UC1TEST-SVR01", - "UC1TEST-SVR02" - ] + description: The list of server IDs that are created. + returned: success + type: list + sample: ["UC1TEST-SVR01", "UC1TEST-SVR02"] partially_created_server_ids: - description: The list of server ids that are partially created - returned: success - type: list - sample: - [ - "UC1TEST-SVR01", - "UC1TEST-SVR02" - ] + description: The list of server IDs that are partially created. + returned: success + type: list + sample: ["UC1TEST-SVR01", "UC1TEST-SVR02"] servers: - description: The list of server objects returned from CLC - returned: success - type: list - sample: - [ - { - "changeInfo":{ - "createdBy":"service.wfad", - "createdDate":1438196820, - "modifiedBy":"service.wfad", - "modifiedDate":1438196820 - }, - "description":"test-server", - "details":{ - "alertPolicies":[ + description: The list of server objects returned from CLC. + returned: success + type: list + sample: + [ + { + "changeInfo":{ + "createdBy":"service.wfad", + "createdDate":1438196820, + "modifiedBy":"service.wfad", + "modifiedDate":1438196820 + }, + "description":"test-server", + "details":{ + "alertPolicies":[ - ], - "cpu":1, - "customFields":[ + ], + "cpu":1, + "customFields":[ - ], - "diskCount":3, - "disks":[ - { - "id":"0:0", - "partitionPaths":[ + ], + "diskCount":3, + "disks":[ + { + "id":"0:0", + "partitionPaths":[ - ], - "sizeGB":1 - }, - { - "id":"0:1", - "partitionPaths":[ + ], + "sizeGB":1 + }, + { + "id":"0:1", + "partitionPaths":[ - ], - "sizeGB":2 - }, - { - "id":"0:2", - "partitionPaths":[ + ], + "sizeGB":2 + }, + { + "id":"0:2", + "partitionPaths":[ - ], - "sizeGB":14 - } - ], - "hostName":"", - "inMaintenanceMode":false, - "ipAddresses":[ - { - "internal":"10.1.1.1" - } - ], - "memoryGB":1, - "memoryMB":1024, - "partitions":[ + ], + "sizeGB":14 + } + ], + "hostName":"", + "inMaintenanceMode":false, + "ipAddresses":[ + { + "internal":"10.1.1.1" + } + ], + "memoryGB":1, + "memoryMB":1024, + "partitions":[ - ], - "powerState":"started", - "snapshots":[ + ], + "powerState":"started", + "snapshots":[ - ], - "storageGB":17 - }, - "groupId":"086ac1dfe0b6411989e8d1b77c4065f0", - "id":"test-server", - "ipaddress":"10.120.45.23", - "isTemplate":false, - "links":[ - { - "href":"/v2/servers/wfad/test-server", - "id":"test-server", - "rel":"self", - "verbs":[ - "GET", - "PATCH", - "DELETE" - ] - }, - { - "href":"/v2/groups/wfad/086ac1dfe0b6411989e8d1b77c4065f0", - "id":"086ac1dfe0b6411989e8d1b77c4065f0", - "rel":"group" - }, - { - "href":"/v2/accounts/wfad", - "id":"wfad", - "rel":"account" - }, - { - "href":"/v2/billing/wfad/serverPricing/test-server", - "rel":"billing" - }, - { - "href":"/v2/servers/wfad/test-server/publicIPAddresses", - "rel":"publicIPAddresses", - "verbs":[ - "POST" - ] - }, - { - "href":"/v2/servers/wfad/test-server/credentials", - "rel":"credentials" - }, - { - "href":"/v2/servers/wfad/test-server/statistics", - "rel":"statistics" - }, - { - "href":"/v2/servers/wfad/510ec21ae82d4dc89d28479753bf736a/upcomingScheduledActivities", - "rel":"upcomingScheduledActivities" - }, - { - "href":"/v2/servers/wfad/510ec21ae82d4dc89d28479753bf736a/scheduledActivities", - "rel":"scheduledActivities", - "verbs":[ - "GET", - "POST" - ] - }, - { - "href":"/v2/servers/wfad/test-server/capabilities", - "rel":"capabilities" - }, - { - "href":"/v2/servers/wfad/test-server/alertPolicies", - "rel":"alertPolicyMappings", - "verbs":[ - "POST" - ] - }, - { - "href":"/v2/servers/wfad/test-server/antiAffinityPolicy", - "rel":"antiAffinityPolicyMapping", - "verbs":[ - "PUT", - "DELETE" - ] - }, - { - "href":"/v2/servers/wfad/test-server/cpuAutoscalePolicy", - "rel":"cpuAutoscalePolicyMapping", - "verbs":[ - "PUT", - "DELETE" - ] - } - ], - "locationId":"UC1", - "name":"test-server", - "os":"ubuntu14_64Bit", - "osType":"Ubuntu 14 64-bit", - "status":"active", - "storageType":"standard", - "type":"standard" - } - ] -''' + ], + "storageGB":17 + }, + "groupId":"086ac1dfe0b6411989e8d1b77c4065f0", + "id":"test-server", + "ipaddress":"10.120.45.23", + "isTemplate":false, + "links":[ + { + "href":"/v2/servers/wfad/test-server", + "id":"test-server", + "rel":"self", + "verbs":[ + "GET", + "PATCH", + "DELETE" + ] + }, + { + "href":"/v2/groups/wfad/086ac1dfe0b6411989e8d1b77c4065f0", + "id":"086ac1dfe0b6411989e8d1b77c4065f0", + "rel":"group" + }, + { + "href":"/v2/accounts/wfad", + "id":"wfad", + "rel":"account" + }, + { + "href":"/v2/billing/wfad/serverPricing/test-server", + "rel":"billing" + }, + { + "href":"/v2/servers/wfad/test-server/publicIPAddresses", + "rel":"publicIPAddresses", + "verbs":[ + "POST" + ] + }, + { + "href":"/v2/servers/wfad/test-server/credentials", + "rel":"credentials" + }, + { + "href":"/v2/servers/wfad/test-server/statistics", + "rel":"statistics" + }, + { + "href":"/v2/servers/wfad/510ec21ae82d4dc89d28479753bf736a/upcomingScheduledActivities", + "rel":"upcomingScheduledActivities" + }, + { + "href":"/v2/servers/wfad/510ec21ae82d4dc89d28479753bf736a/scheduledActivities", + "rel":"scheduledActivities", + "verbs":[ + "GET", + "POST" + ] + }, + { + "href":"/v2/servers/wfad/test-server/capabilities", + "rel":"capabilities" + }, + { + "href":"/v2/servers/wfad/test-server/alertPolicies", + "rel":"alertPolicyMappings", + "verbs":[ + "POST" + ] + }, + { + "href":"/v2/servers/wfad/test-server/antiAffinityPolicy", + "rel":"antiAffinityPolicyMapping", + "verbs":[ + "PUT", + "DELETE" + ] + }, + { + "href":"/v2/servers/wfad/test-server/cpuAutoscalePolicy", + "rel":"cpuAutoscalePolicyMapping", + "verbs":[ + "PUT", + "DELETE" + ] + } + ], + "locationId":"UC1", + "name":"test-server", + "os":"ubuntu14_64Bit", + "osType":"Ubuntu 14 64-bit", + "status":"active", + "storageType":"standard", + "type":"standard" + } + ] +""" __version__ = '${version}' @@ -816,7 +794,7 @@ class ClcServer: @staticmethod def _validate_name(module): """ - Validate that name is the correct length if provided, fail if it's not + Validate that name is the correct length if provided, fail if it is not :param module: the module to validate :return: none """ diff --git a/plugins/modules/clc_server_snapshot.py b/plugins/modules/clc_server_snapshot.py index 82b2a99568..0d76d20c4f 100644 --- a/plugins/modules/clc_server_snapshot.py +++ b/plugins/modules/clc_server_snapshot.py @@ -9,13 +9,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: clc_server_snapshot short_description: Create, Delete and Restore server snapshots in CenturyLink Cloud description: - An Ansible module to Create, Delete and Restore server snapshots in CenturyLink Cloud. extends_documentation_fragment: - community.general.attributes + - community.general.clc +author: + - "CLC Runner (@clc-runner)" attributes: check_mode: support: full @@ -24,7 +27,7 @@ attributes: options: server_ids: description: - - The list of CLC server Ids. + - The list of CLC server IDs. type: list required: true elements: str @@ -47,31 +50,16 @@ options: default: 'True' required: false type: str -requirements: - - python = 2.7 - - requests >= 2.5.0 - - clc-sdk -author: "CLC Runner (@clc-runner)" -notes: - - To use this module, it is required to set the below environment variables which enables access to the - Centurylink Cloud - - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - - CLC_V2_API_PASSWORD, the account password for the centurylink cloud - - Alternatively, the module accepts the API token and account alias. The API token can be generated using the - CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud - - Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Note - You must set the CLC_V2_API_USERNAME And CLC_V2_API_PASSWD Environment variables before running these examples - name: Create server snapshot community.general.clc_server_snapshot: server_ids: - - UC1TEST-SVR01 - - UC1TEST-SVR02 + - UC1TEST-SVR01 + - UC1TEST-SVR02 expiration_days: 10 wait: true state: present @@ -79,31 +67,27 @@ EXAMPLES = ''' - name: Restore server snapshot community.general.clc_server_snapshot: server_ids: - - UC1TEST-SVR01 - - UC1TEST-SVR02 + - UC1TEST-SVR01 + - UC1TEST-SVR02 wait: true state: restore - name: Delete server snapshot community.general.clc_server_snapshot: server_ids: - - UC1TEST-SVR01 - - UC1TEST-SVR02 + - UC1TEST-SVR01 + - UC1TEST-SVR02 wait: true state: absent -''' +""" -RETURN = ''' +RETURN = r""" server_ids: - description: The list of server ids that are changed - returned: success - type: list - sample: - [ - "UC1TEST-SVR01", - "UC1TEST-SVR02" - ] -''' + description: The list of server IDs that are changed. + returned: success + type: list + sample: ["UC1TEST-SVR01", "UC1TEST-SVR02"] +""" __version__ = '${version}' diff --git a/plugins/modules/cloud_init_data_facts.py b/plugins/modules/cloud_init_data_facts.py index d8209cc61a..360b4119ef 100644 --- a/plugins/modules/cloud_init_data_facts.py +++ b/plugins/modules/cloud_init_data_facts.py @@ -8,12 +8,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: cloud_init_data_facts short_description: Retrieve facts of cloud-init description: - - Gathers facts by reading the status.json and result.json of cloud-init. + - Gathers facts by reading the C(status.json) and C(result.json) of cloud-init. author: René Moser (@resmo) extends_documentation_fragment: - community.general.attributes @@ -22,14 +21,14 @@ extends_documentation_fragment: options: filter: description: - - Filter facts + - Filter facts. type: str - choices: [ status, result ] + choices: [status, result] notes: - See http://cloudinit.readthedocs.io/ for more information about cloud-init. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Gather all facts of cloud init community.general.cloud_init_data_facts: register: result @@ -44,10 +43,9 @@ EXAMPLES = ''' until: "res.cloud_init_data_facts.status.v1.stage is defined and not res.cloud_init_data_facts.status.v1.stage" retries: 50 delay: 5 -''' +""" -RETURN = ''' ---- +RETURN = r""" cloud_init_data_facts: description: Facts of result and status. returned: success @@ -84,7 +82,7 @@ cloud_init_data_facts: "stage": null } }' -''' +""" import os diff --git a/plugins/modules/cloudflare_dns.py b/plugins/modules/cloudflare_dns.py index 1904976440..6ce2ff8bb4 100644 --- a/plugins/modules/cloudflare_dns.py +++ b/plugins/modules/cloudflare_dns.py @@ -8,16 +8,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: cloudflare_dns author: -- Michael Gruener (@mgruener) + - Michael Gruener (@mgruener) short_description: Manage Cloudflare DNS records description: - - "Manages dns records via the Cloudflare API, see the docs: U(https://api.cloudflare.com/)." + - 'Manages DNS records using the Cloudflare API, see the docs: U(https://api.cloudflare.com/).' extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: full @@ -26,153 +25,162 @@ attributes: options: api_token: description: - - API token. - - Required for api token authentication. - - "You can obtain your API token from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)." - - Can be specified in E(CLOUDFLARE_TOKEN) environment variable since community.general 2.0.0. + - API token. + - Required for API token authentication. + - "You can obtain your API token from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)." + - Can be specified in E(CLOUDFLARE_TOKEN) environment variable since community.general 2.0.0. type: str - required: false version_added: '0.2.0' account_api_key: description: - - Account API key. - - Required for api keys authentication. - - "You can obtain your API key from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)." + - Account API key. + - Required for API keys authentication. + - "You can obtain your API key from the bottom of the Cloudflare 'My Account' page, found here: U(https://dash.cloudflare.com/)." type: str - required: false - aliases: [ account_api_token ] + aliases: [account_api_token] account_email: description: - - Account email. Required for API keys authentication. + - Account email. Required for API keys authentication. type: str - required: false algorithm: description: - - Algorithm number. - - Required for O(type=DS) and O(type=SSHFP) when O(state=present). + - Algorithm number. + - Required for O(type=DS) and O(type=SSHFP) when O(state=present). type: int cert_usage: description: - - Certificate usage number. - - Required for O(type=TLSA) when O(state=present). + - Certificate usage number. + - Required for O(type=TLSA) when O(state=present). type: int - choices: [ 0, 1, 2, 3 ] + choices: [0, 1, 2, 3] + comment: + description: + - Comments or notes about the DNS record. + type: str + version_added: 10.1.0 flag: description: - - Issuer Critical Flag. - - Required for O(type=CAA) when O(state=present). + - Issuer Critical Flag. + - Required for O(type=CAA) when O(state=present). type: int - choices: [ 0, 1 ] + choices: [0, 1] version_added: 8.0.0 tag: description: - - CAA issue restriction. - - Required for O(type=CAA) when O(state=present). + - CAA issue restriction. + - Required for O(type=CAA) when O(state=present). type: str - choices: [ issue, issuewild, iodef ] + choices: [issue, issuewild, iodef] version_added: 8.0.0 hash_type: description: - - Hash type number. - - Required for O(type=DS), O(type=SSHFP) and O(type=TLSA) when O(state=present). + - Hash type number. + - Required for O(type=DS), O(type=SSHFP) and O(type=TLSA) when O(state=present). type: int - choices: [ 1, 2 ] + choices: [1, 2] key_tag: description: - - DNSSEC key tag. - - Needed for O(type=DS) when O(state=present). + - DNSSEC key tag. + - Needed for O(type=DS) when O(state=present). type: int port: description: - - Service port. - - Required for O(type=SRV) and O(type=TLSA). + - Service port. + - Required for O(type=SRV) and O(type=TLSA). type: int priority: description: - - Record priority. - - Required for O(type=MX) and O(type=SRV) + - Record priority. + - Required for O(type=MX) and O(type=SRV). default: 1 type: int proto: description: - - Service protocol. Required for O(type=SRV) and O(type=TLSA). - - Common values are TCP and UDP. + - Service protocol. Required for O(type=SRV) and O(type=TLSA). + - Common values are TCP and UDP. type: str proxied: description: - - Proxy through Cloudflare network or just use DNS. + - Proxy through Cloudflare network or just use DNS. type: bool default: false record: description: - - Record to add. - - Required if O(state=present). - - Default is V(@) (that is, the zone name). + - Record to add. + - Required if O(state=present). + - Default is V(@) (that is, the zone name). type: str default: '@' - aliases: [ name ] + aliases: [name] selector: description: - - Selector number. - - Required for O(type=TLSA) when O(state=present). - choices: [ 0, 1 ] + - Selector number. + - Required for O(type=TLSA) when O(state=present). + choices: [0, 1] type: int service: description: - - Record service. - - Required for O(type=SRV). + - Record service. + - Required for O(type=SRV). type: str solo: description: - - Whether the record should be the only one for that record type and record name. - - Only use with O(state=present). - - This will delete all other records with the same record name and type. + - Whether the record should be the only one for that record type and record name. + - Only use with O(state=present). + - This will delete all other records with the same record name and type. type: bool state: description: - - Whether the record(s) should exist or not. + - Whether the record(s) should exist or not. type: str - choices: [ absent, present ] + choices: [absent, present] default: present + tags: + description: + - Custom tags for the DNS record. + type: list + elements: str + version_added: 10.1.0 timeout: description: - - Timeout for Cloudflare API calls. + - Timeout for Cloudflare API calls. type: int default: 30 ttl: description: - - The TTL to give the new record. - - Must be between 120 and 2,147,483,647 seconds, or 1 for automatic. + - The TTL to give the new record. + - Must be between V(120) and V(2,147,483,647) seconds, or V(1) for automatic. type: int default: 1 type: description: - The type of DNS record to create. Required if O(state=present). - - Support for V(SPF) has been removed from community.general 9.0.0 since that record type is no longer supported by CloudFlare. + - Support for V(SPF) has been removed from community.general 9.0.0 since that record type is no longer supported by + CloudFlare. type: str - choices: [ A, AAAA, CNAME, DS, MX, NS, SRV, SSHFP, TLSA, CAA, TXT ] + choices: [A, AAAA, CNAME, DS, MX, NS, SRV, SSHFP, TLSA, CAA, TXT] value: description: - - The record value. - - Required for O(state=present). + - The record value. + - Required for O(state=present). type: str - aliases: [ content ] + aliases: [content] weight: description: - - Service weight. - - Required for O(type=SRV). + - Service weight. + - Required for O(type=SRV). type: int default: 1 zone: description: - - The name of the Zone to work with (e.g. "example.com"). - - The Zone must already exist. + - The name of the Zone to work with (for example V(example.com)). + - The Zone must already exist. type: str required: true - aliases: [ domain ] -''' + aliases: [domain] +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a test.example.net A record to point to 127.0.0.1 community.general.cloudflare_dns: zone: example.net @@ -191,6 +199,18 @@ EXAMPLES = r''' value: 127.0.0.1 api_token: dummyapitoken +- name: Create a record with comment and tags + community.general.cloudflare_dns: + zone: example.net + record: test + type: A + value: 127.0.0.1 + comment: Local test website + tags: + - test + - local + api_token: dummyapitoken + - name: Create a example.net CNAME record to example.com community.general.cloudflare_dns: zone: example.net @@ -291,98 +311,116 @@ EXAMPLES = r''' algorithm: 8 hash_type: 2 value: B4EB5AC4467D2DFB3BAF9FB9961DC1B6FED54A58CDFAA3E465081EC86F89BFAB -''' +""" -RETURN = r''' +RETURN = r""" record: - description: A dictionary containing the record data. - returned: success, except on record deletion - type: complex - contains: - content: - description: The record content (details depend on record type). - returned: success - type: str - sample: 192.0.2.91 - created_on: - description: The record creation date. - returned: success - type: str - sample: "2016-03-25T19:09:42.516553Z" - data: - description: Additional record data. - returned: success, if type is SRV, DS, SSHFP TLSA or CAA - type: dict - sample: { - name: "jabber", - port: 8080, - priority: 10, - proto: "_tcp", - service: "_xmpp", - target: "jabberhost.sample.com", - weight: 5, - } - id: - description: The record ID. - returned: success - type: str - sample: f9efb0549e96abcb750de63b38c9576e - locked: - description: No documentation available. - returned: success - type: bool - sample: false - meta: - description: No documentation available. - returned: success - type: dict - sample: { auto_added: false } - modified_on: - description: Record modification date. - returned: success - type: str - sample: "2016-03-25T19:09:42.516553Z" - name: - description: The record name as FQDN (including _service and _proto for SRV). - returned: success - type: str - sample: www.sample.com - priority: - description: Priority of the MX record. - returned: success, if type is MX - type: int - sample: 10 - proxiable: - description: Whether this record can be proxied through Cloudflare. - returned: success - type: bool - sample: false - proxied: - description: Whether the record is proxied through Cloudflare. - returned: success - type: bool - sample: false - ttl: - description: The time-to-live for the record. - returned: success - type: int - sample: 300 - type: - description: The record type. - returned: success - type: str - sample: A - zone_id: - description: The ID of the zone containing the record. - returned: success - type: str - sample: abcede0bf9f0066f94029d2e6b73856a - zone_name: - description: The name of the zone containing the record. - returned: success - type: str - sample: sample.com -''' + description: A dictionary containing the record data. + returned: success, except on record deletion + type: complex + contains: + comment: + description: Comments or notes about the DNS record. + returned: success + type: str + sample: Domain verification record + version_added: 10.1.0 + comment_modified_on: + description: When the record comment was last modified. Omitted if there is no comment. + returned: success + type: str + sample: "2024-01-01T05:20:00.12345Z" + version_added: 10.1.0 + content: + description: The record content (details depend on record type). + returned: success + type: str + sample: 192.0.2.91 + created_on: + description: The record creation date. + returned: success + type: str + sample: "2016-03-25T19:09:42.516553Z" + data: + description: Additional record data. + returned: success, if type is SRV, DS, SSHFP TLSA or CAA + type: dict + sample: {name: "jabber", port: 8080, priority: 10, proto: "_tcp", service: "_xmpp", target: "jabberhost.sample.com", + weight: 5} + id: + description: The record ID. + returned: success + type: str + sample: f9efb0549e96abcb750de63b38c9576e + locked: + description: No documentation available. + returned: success + type: bool + sample: false + meta: + description: Extra Cloudflare-specific information about the record. + returned: success + type: dict + sample: {auto_added: false} + modified_on: + description: Record modification date. + returned: success + type: str + sample: "2016-03-25T19:09:42.516553Z" + name: + description: The record name as FQDN (including _service and _proto for SRV). + returned: success + type: str + sample: www.sample.com + priority: + description: Priority of the MX record. + returned: success, if type is MX + type: int + sample: 10 + proxiable: + description: Whether this record can be proxied through Cloudflare. + returned: success + type: bool + sample: false + proxied: + description: Whether the record is proxied through Cloudflare. + returned: success + type: bool + sample: false + tags: + description: Custom tags for the DNS record. + returned: success + type: list + elements: str + sample: ['production', 'app'] + version_added: 10.1.0 + tags_modified_on: + description: When the record tags were last modified. Omitted if there are no tags. + returned: success + type: str + sample: "2025-01-01T05:20:00.12345Z" + version_added: 10.1.0 + ttl: + description: The time-to-live for the record. + returned: success + type: int + sample: 300 + type: + description: The record type. + returned: success + type: str + sample: A + zone_id: + description: The ID of the zone containing the record. + returned: success + type: str + sample: abcede0bf9f0066f94029d2e6b73856a + zone_name: + description: The name of the zone containing the record. + returned: success + type: str + sample: sample.com +""" import json @@ -410,9 +448,11 @@ class CloudflareAPI(object): self.account_email = module.params['account_email'] self.algorithm = module.params['algorithm'] self.cert_usage = module.params['cert_usage'] + self.comment = module.params['comment'] self.hash_type = module.params['hash_type'] self.flag = module.params['flag'] self.tag = module.params['tag'] + self.tags = module.params['tags'] self.key_tag = module.params['key_tag'] self.port = module.params['port'] self.priority = module.params['priority'] @@ -662,7 +702,7 @@ class CloudflareAPI(object): def ensure_dns_record(self, **kwargs): params = {} for param in ['port', 'priority', 'proto', 'proxied', 'service', 'ttl', 'type', 'record', 'value', 'weight', 'zone', - 'algorithm', 'cert_usage', 'hash_type', 'selector', 'key_tag', 'flag', 'tag']: + 'algorithm', 'cert_usage', 'hash_type', 'selector', 'key_tag', 'flag', 'tag', 'tags', 'comment']: if param in kwargs: params[param] = kwargs[param] else: @@ -716,12 +756,14 @@ class CloudflareAPI(object): "port": params['port'], "weight": params['weight'], "priority": params['priority'], - "name": params['record'], - "proto": params['proto'], - "service": params['service'] } - new_record = {"type": params['type'], "ttl": params['ttl'], 'data': srv_data} + new_record = { + "type": params['type'], + "name": params['service'] + '.' + params['proto'] + '.' + params['record'], + "ttl": params['ttl'], + 'data': srv_data, + } search_value = str(params['weight']) + '\t' + str(params['port']) + '\t' + params['value'] search_record = params['service'] + '.' + params['proto'] + '.' + params['record'] @@ -796,6 +838,9 @@ class CloudflareAPI(object): } search_value = None + new_record['comment'] = params['comment'] or None + new_record['tags'] = params['tags'] or [] + zone_id = self._get_zone_id(params['zone']) records = self.get_dns_records(params['zone'], params['type'], search_record, search_value) # in theory this should be impossible as cloudflare does not allow @@ -824,6 +869,10 @@ class CloudflareAPI(object): do_update = True if (params['type'] == 'CNAME') and (cur_record['content'] != new_record['content']): do_update = True + if cur_record['comment'] != new_record['comment']: + do_update = True + if sorted(cur_record['tags']) != sorted(new_record['tags']): + do_update = True if do_update: if self.module.check_mode: result = new_record @@ -854,11 +903,13 @@ def main(): account_email=dict(type='str', required=False), algorithm=dict(type='int'), cert_usage=dict(type='int', choices=[0, 1, 2, 3]), + comment=dict(type='str'), hash_type=dict(type='int', choices=[1, 2]), key_tag=dict(type='int', no_log=False), port=dict(type='int'), flag=dict(type='int', choices=[0, 1]), tag=dict(type='str', choices=['issue', 'issuewild', 'iodef']), + tags=dict(type='list', elements='str'), priority=dict(type='int', default=1), proto=dict(type='str'), proxied=dict(type='bool', default=False), diff --git a/plugins/modules/cobbler_sync.py b/plugins/modules/cobbler_sync.py index 4ec87c96c7..95a3241b98 100644 --- a/plugins/modules/cobbler_sync.py +++ b/plugins/modules/cobbler_sync.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: cobbler_sync short_description: Sync Cobbler description: @@ -24,44 +23,44 @@ attributes: options: host: description: - - The name or IP address of the Cobbler system. + - The name or IP address of the Cobbler system. default: 127.0.0.1 type: str port: description: - - Port number to be used for REST connection. - - The default value depends on parameter O(use_ssl). + - Port number to be used for REST connection. + - The default value depends on parameter O(use_ssl). type: int username: description: - - The username to log in to Cobbler. + - The username to log in to Cobbler. default: cobbler type: str password: description: - - The password to log in to Cobbler. + - The password to log in to Cobbler. type: str use_ssl: description: - - If V(false), an HTTP connection will be used instead of the default HTTPS connection. + - If V(false), an HTTP connection will be used instead of the default HTTPS connection. type: bool default: true validate_certs: description: - - If V(false), SSL certificates will not be validated. - - This should only set to V(false) when used on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. + - This should only set to V(false) when used on personally controlled sites using self-signed certificates. type: bool default: true author: -- Dag Wieers (@dagwieers) + - Dag Wieers (@dagwieers) todo: notes: -- Concurrently syncing Cobbler is bound to fail with weird errors. -- On python 2.7.8 and older (i.e. on RHEL7) you may need to tweak the python behaviour to disable certificate validation. - More information at L(Certificate verification in Python standard library HTTP clients,https://access.redhat.com/articles/2039753). -''' + - Concurrently syncing Cobbler is bound to fail with weird errors. + - On Python 2.7.8 and older (such as RHEL7) you may need to tweak the Python behaviour to disable certificate validation. + More information at L(Certificate verification in Python standard library HTTP clients,https://access.redhat.com/articles/2039753). +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Commit Cobbler changes community.general.cobbler_sync: host: cobbler01 @@ -69,19 +68,22 @@ EXAMPLES = r''' password: MySuperSecureP4sswOrd run_once: true delegate_to: localhost -''' +""" -RETURN = r''' +RETURN = r""" # Default return values -''' +""" -import datetime import ssl from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.six.moves import xmlrpc_client from ansible.module_utils.common.text.converters import to_text +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + def main(): module = AnsibleModule( @@ -110,7 +112,7 @@ def main(): changed=True, ) - start = datetime.datetime.utcnow() + start = now() ssl_context = None if not validate_certs: @@ -142,7 +144,7 @@ def main(): except Exception as e: module.fail_json(msg="Failed to sync Cobbler. {error}".format(error=to_text(e))) - elapsed = datetime.datetime.utcnow() - start + elapsed = now() - start module.exit_json(elapsed=elapsed.seconds, **result) diff --git a/plugins/modules/cobbler_system.py b/plugins/modules/cobbler_system.py index cecc02f717..fd1db6bf3e 100644 --- a/plugins/modules/cobbler_system.py +++ b/plugins/modules/cobbler_system.py @@ -8,12 +8,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: cobbler_system short_description: Manage system objects in Cobbler description: - - Add, modify or remove systems in Cobbler + - Add, modify or remove systems in Cobbler. extends_documentation_fragment: - community.general.attributes attributes: @@ -24,67 +23,67 @@ attributes: options: host: description: - - The name or IP address of the Cobbler system. + - The name or IP address of the Cobbler system. default: 127.0.0.1 type: str port: description: - - Port number to be used for REST connection. - - The default value depends on parameter O(use_ssl). + - Port number to be used for REST connection. + - The default value depends on parameter O(use_ssl). type: int username: description: - - The username to log in to Cobbler. + - The username to log in to Cobbler. default: cobbler type: str password: description: - - The password to log in to Cobbler. + - The password to log in to Cobbler. type: str use_ssl: description: - - If V(false), an HTTP connection will be used instead of the default HTTPS connection. + - If V(false), an HTTP connection will be used instead of the default HTTPS connection. type: bool default: true validate_certs: description: - - If V(false), SSL certificates will not be validated. - - This should only set to V(false) when used on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. + - This should only set to V(false) when used on personally controlled sites using self-signed certificates. type: bool default: true name: description: - - The system name to manage. + - The system name to manage. type: str properties: description: - - A dictionary with system properties. + - A dictionary with system properties. type: dict interfaces: description: - - A list of dictionaries containing interface options. + - A list of dictionaries containing interface options. type: dict sync: description: - - Sync on changes. - - Concurrently syncing Cobbler is bound to fail. + - Sync on changes. + - Concurrently syncing Cobbler is bound to fail. type: bool default: false state: description: - - Whether the system should be present, absent or a query is made. - choices: [ absent, present, query ] + - Whether the system should be present, absent or a query is made. + choices: [absent, present, query] default: present type: str author: -- Dag Wieers (@dagwieers) + - Dag Wieers (@dagwieers) notes: -- Concurrently syncing Cobbler is bound to fail with weird errors. -- On python 2.7.8 and older (i.e. on RHEL7) you may need to tweak the python behaviour to disable certificate validation. - More information at L(Certificate verification in Python standard library HTTP clients,https://access.redhat.com/articles/2039753). -''' + - Concurrently syncing Cobbler is bound to fail with weird errors. + - On Python 2.7.8 and older (such as RHEL7) you may need to tweak the Python behaviour to disable certificate validation. + More information at L(Certificate verification in Python standard library HTTP clients,https://access.redhat.com/articles/2039753). +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure the system exists in Cobbler community.general.cobbler_system: host: cobbler01 @@ -93,7 +92,7 @@ EXAMPLES = r''' name: myhost properties: profile: CentOS6-x86_64 - name_servers: [ 2.3.4.5, 3.4.5.6 ] + name_servers: [2.3.4.5, 3.4.5.6] name_servers_search: foo.com, bar.com interfaces: eth0: @@ -139,20 +138,19 @@ EXAMPLES = r''' name: myhost state: absent delegate_to: localhost -''' +""" -RETURN = r''' +RETURN = r""" systems: - description: List of systems + description: List of systems. returned: O(state=query) and O(name) is not provided type: list system: - description: (Resulting) information about the system we are working with + description: (Resulting) information about the system we are working with. returned: when O(name) is provided type: dict -''' +""" -import datetime import ssl from ansible.module_utils.basic import AnsibleModule @@ -160,6 +158,10 @@ from ansible.module_utils.six import iteritems from ansible.module_utils.six.moves import xmlrpc_client from ansible.module_utils.common.text.converters import to_text +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + IFPROPS_MAPPING = dict( bondingopts='bonding_opts', bridgeopts='bridge_opts', @@ -232,7 +234,7 @@ def main(): changed=False, ) - start = datetime.datetime.utcnow() + start = now() ssl_context = None if not validate_certs: @@ -340,7 +342,7 @@ def main(): if module._diff: result['diff'] = dict(before=system, after=result['system']) - elapsed = datetime.datetime.utcnow() - start + elapsed = now() - start module.exit_json(elapsed=elapsed.seconds, **result) diff --git a/plugins/modules/composer.py b/plugins/modules/composer.py index 3d1c4a3465..6c935bfe75 100644 --- a/plugins/modules/composer.py +++ b/plugins/modules/composer.py @@ -9,115 +9,114 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: composer author: - - "Dimitrios Tydeas Mengidis (@dmtrs)" - - "René Moser (@resmo)" + - "Dimitrios Tydeas Mengidis (@dmtrs)" + - "René Moser (@resmo)" short_description: Dependency Manager for PHP description: - - > - Composer is a tool for dependency management in PHP. It allows you to - declare the dependent libraries your project needs and it will install - them in your project for you. + - Composer is a tool for dependency management in PHP. It allows you to declare the dependent libraries your project needs + and it will install them in your project for you. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - command: - type: str - description: - - Composer command like "install", "update" and so on. - default: install - arguments: - type: str - description: - - Composer arguments like required package, version and so on. - default: '' - executable: - type: path - description: - - Path to PHP Executable on the remote host, if PHP is not in PATH. - aliases: [ php_path ] - working_dir: - type: path - description: - - Directory of your project (see --working-dir). This is required when - the command is not run globally. - - Will be ignored if O(global_command=true). - global_command: - description: - - Runs the specified command globally. - type: bool - default: false - prefer_source: - description: - - Forces installation from package sources when possible (see --prefer-source). - default: false - type: bool - prefer_dist: - description: - - Forces installation from package dist even for dev versions (see --prefer-dist). - default: false - type: bool - no_dev: - description: - - Disables installation of require-dev packages (see --no-dev). - default: true - type: bool - no_scripts: - description: - - Skips the execution of all scripts defined in composer.json (see --no-scripts). - default: false - type: bool - no_plugins: - description: - - Disables all plugins (see --no-plugins). - default: false - type: bool - optimize_autoloader: - description: - - Optimize autoloader during autoloader dump (see --optimize-autoloader). - - Convert PSR-0/4 autoloading to classmap to get a faster autoloader. - - Recommended especially for production, but can take a bit of time to run. - default: true - type: bool - classmap_authoritative: - description: - - Autoload classes from classmap only. - - Implicitly enable optimize_autoloader. - - Recommended especially for production, but can take a bit of time to run. - default: false - type: bool - apcu_autoloader: - description: - - Uses APCu to cache found/not-found classes - default: false - type: bool - ignore_platform_reqs: - description: - - Ignore php, hhvm, lib-* and ext-* requirements and force the installation even if the local machine does not fulfill these. - default: false - type: bool - composer_executable: - type: path - description: - - Path to composer executable on the remote host, if composer is not in E(PATH) or a custom composer is needed. - version_added: 3.2.0 + command: + type: str + description: + - Composer command like V(install), V(update) and so on. + default: install + arguments: + type: str + description: + - Composer arguments like required package, version and so on. + default: '' + executable: + type: path + description: + - Path to PHP executable on the remote host, if PHP is not in E(PATH). + aliases: [php_path] + working_dir: + type: path + description: + - Directory of your project (see C(--working-dir)). This is required when the command is not run globally. + - Will be ignored if O(global_command=true). + global_command: + description: + - Runs the specified command globally. + type: bool + default: false + prefer_source: + description: + - Forces installation from package sources when possible (see C(--prefer-source)). + default: false + type: bool + prefer_dist: + description: + - Forces installation from package dist even for dev versions (see C(--prefer-dist)). + default: false + type: bool + no_dev: + description: + - Disables installation of require-dev packages (see C(--no-dev)). + default: true + type: bool + no_scripts: + description: + - Skips the execution of all scripts defined in composer.json (see C(--no-scripts)). + default: false + type: bool + no_plugins: + description: + - Disables all plugins (see C(--no-plugins)). + default: false + type: bool + optimize_autoloader: + description: + - Optimize autoloader during autoloader dump (see C(--optimize-autoloader)). + - Convert PSR-0/4 autoloading to classmap to get a faster autoloader. + - Recommended especially for production, but can take a bit of time to run. + default: true + type: bool + classmap_authoritative: + description: + - Autoload classes from classmap only. + - Implicitly enable optimize_autoloader. + - Recommended especially for production, but can take a bit of time to run. + default: false + type: bool + apcu_autoloader: + description: + - Uses APCu to cache found/not-found classes. + default: false + type: bool + ignore_platform_reqs: + description: + - Ignore php, hhvm, lib-* and ext-* requirements and force the installation even if the local machine does not fulfill + these. + default: false + type: bool + composer_executable: + type: path + description: + - Path to composer executable on the remote host, if composer is not in E(PATH) or a custom composer is needed. + version_added: 3.2.0 requirements: - - php - - composer installed in bin path (recommended /usr/local/bin) or specified in O(composer_executable) + - php + - composer installed in bin path (recommended C(/usr/local/bin)) or specified in O(composer_executable) notes: - - Default options that are always appended in each execution are --no-ansi, --no-interaction and --no-progress if available. - - We received reports about issues on macOS if composer was installed by Homebrew. Please use the official install method to avoid issues. -''' + - Default options that are always appended in each execution are C(--no-ansi), C(--no-interaction) and C(--no-progress) + if available. + - We received reports about issues on macOS if composer was installed by Homebrew. Please use the official install method + to avoid issues. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Download and installs all libs and dependencies outlined in the /path/to/project/composer.lock community.general.composer: command: install @@ -141,7 +140,7 @@ EXAMPLES = ''' command: require global_command: true arguments: my/package -''' +""" import re from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/consul.py b/plugins/modules/consul.py index fe1a898835..645ffe5bbd 100644 --- a/plugins/modules/consul.py +++ b/plugins/modules/consul.py @@ -9,26 +9,21 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: consul -short_description: Add, modify & delete services within a consul cluster +short_description: Add, modify & delete services within a Consul cluster description: - - Registers services and checks for an agent with a consul cluster. - A service is some process running on the agent node that should be advertised by - consul's discovery mechanism. It may optionally supply a check definition, - a periodic service test to notify the consul cluster of service's health. - - "Checks may also be registered per node e.g. disk usage, or cpu usage and - notify the health of the entire node to the cluster. - Service level checks do not require a check name or id as these are derived - by Consul from the Service name and id respectively by appending 'service:' - Node level checks require a O(check_name) and optionally a O(check_id)." - - Currently, there is no complete way to retrieve the script, interval or TTL - metadata for a registered check. Without this metadata it is not possible to - tell if the data supplied with ansible represents a change to a check. As a - result this does not attempt to determine changes and will always report a - changed occurred. An API method is planned to supply this metadata so at that - stage change management will be added. - - "See U(http://consul.io) for more details." + - Registers services and checks for an agent with a Consul cluster. A service is some process running on the agent node + that should be advertised by Consul's discovery mechanism. It may optionally supply a check definition, a periodic service + test to notify the Consul cluster of service's health. + - Checks may also be registered per node, for example disk usage, or cpu usage and notify the health of the entire node + to the cluster. Service level checks do not require a check name or ID as these are derived by Consul from the Service + name and ID respectively by appending V(service:) Node level checks require a O(check_name) and optionally a O(check_id). + - Currently, there is no complete way to retrieve the script, interval or TTL metadata for a registered check. Without this + metadata it is not possible to tell if the data supplied with ansible represents a change to a check. As a result this + does not attempt to determine changes and will always report a changed occurred. An API method is planned to supply this + metadata so at that stage change management will be added. + - See U(http://consul.io) for more details. requirements: - python-consul - requests @@ -41,143 +36,127 @@ attributes: diff_mode: support: none options: - state: - type: str - description: - - Register or deregister the consul service, defaults to present. - default: present - choices: ['present', 'absent'] - service_name: - type: str - description: - - Unique name for the service on a node, must be unique per node, - required if registering a service. May be omitted if registering - a node level check. - service_id: - type: str - description: - - The ID for the service, must be unique per node. If O(state=absent), - defaults to the service name if supplied. - host: - type: str - description: - - Host of the consul agent defaults to localhost. - default: localhost - port: - type: int - description: - - The port on which the consul agent is running. - default: 8500 - scheme: - type: str - description: - - The protocol scheme on which the consul agent is running. - default: http - validate_certs: - description: - - Whether to verify the TLS certificate of the consul agent. - type: bool - default: true - notes: - type: str - description: - - Notes to attach to check when registering it. - service_port: - type: int - description: - - The port on which the service is listening. Can optionally be supplied for - registration of a service, that is if O(service_name) or O(service_id) is set. - service_address: - type: str - description: - - The address to advertise that the service will be listening on. - This value will be passed as the C(address) parameter to Consul's - C(/v1/agent/service/register) API method, so refer to the Consul API - documentation for further details. - tags: - type: list - elements: str - description: - - Tags that will be attached to the service registration. - script: - type: str - description: - - The script/command that will be run periodically to check the health of the service. - - Requires O(interval) to be provided. - - Mutually exclusive with O(ttl), O(tcp) and O(http). - interval: - type: str - description: - - The interval at which the service check will be run. - This is a number with a V(s) or V(m) suffix to signify the units of seconds or minutes, for example V(15s) or V(1m). - If no suffix is supplied V(s) will be used by default, for example V(10) will be V(10s). - - Required if one of the parameters O(script), O(http), or O(tcp) is specified. - check_id: - type: str - description: - - An ID for the service check. If O(state=absent), defaults to - O(check_name). Ignored if part of a service definition. - check_name: - type: str - description: - - Name for the service check. Required if standalone, ignored if - part of service definition. - check_node: - description: - - Node name. - # TODO: properly document! - type: str - check_host: - description: - - Host name. - # TODO: properly document! - type: str - ttl: - type: str - description: - - Checks can be registered with a TTL instead of a O(script) and O(interval) - this means that the service will check in with the agent before the - TTL expires. If it doesn't the check will be considered failed. - Required if registering a check and the script an interval are missing - Similar to the interval this is a number with a V(s) or V(m) suffix to - signify the units of seconds or minutes, for example V(15s) or V(1m). - If no suffix is supplied V(s) will be used by default, for example V(10) will be V(10s). - - Mutually exclusive with O(script), O(tcp) and O(http). - tcp: - type: str - description: - - Checks can be registered with a TCP port. This means that consul - will check if the connection attempt to that port is successful (that is, the port is currently accepting connections). - The format is V(host:port), for example V(localhost:80). - - Requires O(interval) to be provided. - - Mutually exclusive with O(script), O(ttl) and O(http). - version_added: '1.3.0' - http: - type: str - description: - - Checks can be registered with an HTTP endpoint. This means that consul - will check that the http endpoint returns a successful HTTP status. - - Requires O(interval) to be provided. - - Mutually exclusive with O(script), O(ttl) and O(tcp). - timeout: - type: str - description: - - A custom HTTP check timeout. The consul default is 10 seconds. - Similar to the interval this is a number with a V(s) or V(m) suffix to - signify the units of seconds or minutes, for example V(15s) or V(1m). - If no suffix is supplied V(s) will be used by default, for example V(10) will be V(10s). - token: - type: str - description: - - The token key identifying an ACL rule set. May be required to register services. - ack_params_state_absent: - type: bool - description: - - This parameter has no more effect and is deprecated. It will be removed in community.general 10.0.0. -''' + state: + type: str + description: + - Register or deregister the Consul service, defaults to present. + default: present + choices: ['present', 'absent'] + service_name: + type: str + description: + - Unique name for the service on a node, must be unique per node, required if registering a service. May be omitted + if registering a node level check. + service_id: + type: str + description: + - The ID for the service, must be unique per node. If O(state=absent), defaults to the service name if supplied. + host: + type: str + description: + - Host of the Consul agent defaults to localhost. + default: localhost + port: + type: int + description: + - The port on which the Consul agent is running. + default: 8500 + scheme: + type: str + description: + - The protocol scheme on which the Consul agent is running. + default: http + validate_certs: + description: + - Whether to verify the TLS certificate of the Consul agent. + type: bool + default: true + notes: + type: str + description: + - Notes to attach to check when registering it. + service_port: + type: int + description: + - The port on which the service is listening. Can optionally be supplied for registration of a service, that is if O(service_name) + or O(service_id) is set. + service_address: + type: str + description: + - The address to advertise that the service will be listening on. This value will be passed as the C(address) parameter + to Consul's C(/v1/agent/service/register) API method, so refer to the Consul API documentation for further details. + tags: + type: list + elements: str + description: + - Tags that will be attached to the service registration. + script: + type: str + description: + - The script/command that will be run periodically to check the health of the service. + - Requires O(interval) to be provided. + - Mutually exclusive with O(ttl), O(tcp) and O(http). + interval: + type: str + description: + - The interval at which the service check will be run. This is a number with a V(s) or V(m) suffix to signify the units + of seconds or minutes, for example V(15s) or V(1m). If no suffix is supplied V(s) will be used by default, for example + V(10) will be V(10s). + - Required if one of the parameters O(script), O(http), or O(tcp) is specified. + check_id: + type: str + description: + - An ID for the service check. If O(state=absent), defaults to O(check_name). Ignored if part of a service definition. + check_name: + type: str + description: + - Name for the service check. Required if standalone, ignored if part of service definition. + check_node: + description: + - Node name. + type: str + check_host: + description: + - Host name. + type: str + ttl: + type: str + description: + - Checks can be registered with a TTL instead of a O(script) and O(interval) this means that the service will check + in with the agent before the TTL expires. If it does not the check will be considered failed. Required if registering + a check and the script an interval are missing Similar to the interval this is a number with a V(s) or V(m) suffix + to signify the units of seconds or minutes, for example V(15s) or V(1m). If no suffix is supplied V(s) will be used + by default, for example V(10) will be V(10s). + - Mutually exclusive with O(script), O(tcp) and O(http). + tcp: + type: str + description: + - Checks can be registered with a TCP port. This means that Consul will check if the connection attempt to that port + is successful (that is, the port is currently accepting connections). The format is V(host:port), for example V(localhost:80). + - Requires O(interval) to be provided. + - Mutually exclusive with O(script), O(ttl) and O(http). + version_added: '1.3.0' + http: + type: str + description: + - Checks can be registered with an HTTP endpoint. This means that Consul will check that the http endpoint returns a + successful HTTP status. + - Requires O(interval) to be provided. + - Mutually exclusive with O(script), O(ttl) and O(tcp). + timeout: + type: str + description: + - A custom HTTP check timeout. The Consul default is 10 seconds. Similar to the interval this is a number with a V(s) + or V(m) suffix to signify the units of seconds or minutes, for example V(15s) or V(1m). If no suffix is supplied V(s) + will be used by default, for example V(10) will be V(10s). + token: + type: str + description: + - The token key identifying an ACL rule set. May be required to register services. +""" -EXAMPLES = ''' -- name: Register nginx service with the local consul agent +EXAMPLES = r""" +- name: Register nginx service with the local Consul agent community.general.consul: service_name: nginx service_port: 80 @@ -243,7 +222,7 @@ EXAMPLES = ''' service_id: nginx interval: 60s http: http://localhost:80/morestatus -''' +""" try: import consul @@ -598,11 +577,6 @@ def main(): timeout=dict(type='str'), tags=dict(type='list', elements='str'), token=dict(no_log=True), - ack_params_state_absent=dict( - type='bool', - removed_in_version='10.0.0', - removed_from_collection='community.general', - ), ), mutually_exclusive=[ ('script', 'ttl', 'tcp', 'http'), diff --git a/plugins/modules/consul_acl.py b/plugins/modules/consul_acl.py deleted file mode 100644 index 4617090fd3..0000000000 --- a/plugins/modules/consul_acl.py +++ /dev/null @@ -1,695 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# -# Copyright (c) 2015, Steve Gargan -# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) -# SPDX-License-Identifier: GPL-3.0-or-later - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = ''' -module: consul_acl -short_description: Manipulate Consul ACL keys and rules -description: - - Allows the addition, modification and deletion of ACL keys and associated - rules in a consul cluster via the agent. For more details on using and - configuring ACLs, see https://www.consul.io/docs/guides/acl.html. -author: - - Steve Gargan (@sgargan) - - Colin Nolan (@colin-nolan) -extends_documentation_fragment: - - community.general.attributes -attributes: - check_mode: - support: none - diff_mode: - support: none -deprecated: - removed_in: 10.0.0 - why: The legacy ACL system was removed from Consul. - alternative: Use M(community.general.consul_token) and/or M(community.general.consul_policy) instead. -options: - mgmt_token: - description: - - a management token is required to manipulate the acl lists - required: true - type: str - state: - description: - - whether the ACL pair should be present or absent - required: false - choices: ['present', 'absent'] - default: present - type: str - token_type: - description: - - the type of token that should be created - choices: ['client', 'management'] - default: client - type: str - name: - description: - - the name that should be associated with the acl key, this is opaque - to Consul - required: false - type: str - token: - description: - - the token key identifying an ACL rule set. If generated by consul - this will be a UUID - required: false - type: str - rules: - type: list - elements: dict - description: - - rules that should be associated with a given token - required: false - host: - description: - - host of the consul agent defaults to localhost - required: false - default: localhost - type: str - port: - type: int - description: - - the port on which the consul agent is running - required: false - default: 8500 - scheme: - description: - - the protocol scheme on which the consul agent is running - required: false - default: http - type: str - validate_certs: - type: bool - description: - - whether to verify the tls certificate of the consul agent - required: false - default: true -requirements: - - python-consul - - pyhcl - - requests -''' - -EXAMPLES = """ -- name: Create an ACL with rules - community.general.consul_acl: - host: consul1.example.com - mgmt_token: some_management_acl - name: Foo access - rules: - - key: "foo" - policy: read - - key: "private/foo" - policy: deny - -- name: Create an ACL with a specific token - community.general.consul_acl: - host: consul1.example.com - mgmt_token: some_management_acl - name: Foo access - token: my-token - rules: - - key: "foo" - policy: read - -- name: Update the rules associated to an ACL token - community.general.consul_acl: - host: consul1.example.com - mgmt_token: some_management_acl - name: Foo access - token: some_client_token - rules: - - event: "bbq" - policy: write - - key: "foo" - policy: read - - key: "private" - policy: deny - - keyring: write - - node: "hgs4" - policy: write - - operator: read - - query: "" - policy: write - - service: "consul" - policy: write - - session: "standup" - policy: write - -- name: Remove a token - community.general.consul_acl: - host: consul1.example.com - mgmt_token: some_management_acl - token: 172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e - state: absent -""" - -RETURN = """ -token: - description: the token associated to the ACL (the ACL's ID) - returned: success - type: str - sample: a2ec332f-04cf-6fba-e8b8-acf62444d3da -rules: - description: the HCL JSON representation of the rules associated to the ACL, in the format described in the - Consul documentation (https://www.consul.io/docs/guides/acl.html#rule-specification). - returned: when O(state=present) - type: dict - sample: { - "key": { - "foo": { - "policy": "write" - }, - "bar": { - "policy": "deny" - } - } - } -operation: - description: the operation performed on the ACL - returned: changed - type: str - sample: update -""" - - -try: - import consul - python_consul_installed = True -except ImportError: - python_consul_installed = False - -try: - import hcl - pyhcl_installed = True -except ImportError: - pyhcl_installed = False - -try: - from requests.exceptions import ConnectionError - has_requests = True -except ImportError: - has_requests = False - -from collections import defaultdict -from ansible.module_utils.basic import to_text, AnsibleModule - - -RULE_SCOPES = [ - "agent", - "agent_prefix", - "event", - "event_prefix", - "key", - "key_prefix", - "keyring", - "node", - "node_prefix", - "operator", - "query", - "query_prefix", - "service", - "service_prefix", - "session", - "session_prefix", -] - -MANAGEMENT_PARAMETER_NAME = "mgmt_token" -HOST_PARAMETER_NAME = "host" -SCHEME_PARAMETER_NAME = "scheme" -VALIDATE_CERTS_PARAMETER_NAME = "validate_certs" -NAME_PARAMETER_NAME = "name" -PORT_PARAMETER_NAME = "port" -RULES_PARAMETER_NAME = "rules" -STATE_PARAMETER_NAME = "state" -TOKEN_PARAMETER_NAME = "token" -TOKEN_TYPE_PARAMETER_NAME = "token_type" - -PRESENT_STATE_VALUE = "present" -ABSENT_STATE_VALUE = "absent" - -CLIENT_TOKEN_TYPE_VALUE = "client" -MANAGEMENT_TOKEN_TYPE_VALUE = "management" - -REMOVE_OPERATION = "remove" -UPDATE_OPERATION = "update" -CREATE_OPERATION = "create" - -_POLICY_JSON_PROPERTY = "policy" -_RULES_JSON_PROPERTY = "Rules" -_TOKEN_JSON_PROPERTY = "ID" -_TOKEN_TYPE_JSON_PROPERTY = "Type" -_NAME_JSON_PROPERTY = "Name" -_POLICY_YML_PROPERTY = "policy" -_POLICY_HCL_PROPERTY = "policy" - -_ARGUMENT_SPEC = { - MANAGEMENT_PARAMETER_NAME: dict(required=True, no_log=True), - HOST_PARAMETER_NAME: dict(default='localhost'), - SCHEME_PARAMETER_NAME: dict(default='http'), - VALIDATE_CERTS_PARAMETER_NAME: dict(type='bool', default=True), - NAME_PARAMETER_NAME: dict(), - PORT_PARAMETER_NAME: dict(default=8500, type='int'), - RULES_PARAMETER_NAME: dict(type='list', elements='dict'), - STATE_PARAMETER_NAME: dict(default=PRESENT_STATE_VALUE, choices=[PRESENT_STATE_VALUE, ABSENT_STATE_VALUE]), - TOKEN_PARAMETER_NAME: dict(no_log=False), - TOKEN_TYPE_PARAMETER_NAME: dict(choices=[CLIENT_TOKEN_TYPE_VALUE, MANAGEMENT_TOKEN_TYPE_VALUE], - default=CLIENT_TOKEN_TYPE_VALUE) -} - - -def set_acl(consul_client, configuration): - """ - Sets an ACL based on the given configuration. - :param consul_client: the consul client - :param configuration: the run configuration - :return: the output of setting the ACL - """ - acls_as_json = decode_acls_as_json(consul_client.acl.list()) - existing_acls_mapped_by_name = dict((acl.name, acl) for acl in acls_as_json if acl.name is not None) - existing_acls_mapped_by_token = dict((acl.token, acl) for acl in acls_as_json) - if None in existing_acls_mapped_by_token: - raise AssertionError("expecting ACL list to be associated to a token: %s" % - existing_acls_mapped_by_token[None]) - - if configuration.token is None and configuration.name and configuration.name in existing_acls_mapped_by_name: - # No token but name given so can get token from name - configuration.token = existing_acls_mapped_by_name[configuration.name].token - - if configuration.token and configuration.token in existing_acls_mapped_by_token: - return update_acl(consul_client, configuration) - else: - if configuration.token in existing_acls_mapped_by_token: - raise AssertionError() - if configuration.name in existing_acls_mapped_by_name: - raise AssertionError() - return create_acl(consul_client, configuration) - - -def update_acl(consul_client, configuration): - """ - Updates an ACL. - :param consul_client: the consul client - :param configuration: the run configuration - :return: the output of the update - """ - existing_acl = load_acl_with_token(consul_client, configuration.token) - changed = existing_acl.rules != configuration.rules - - if changed: - name = configuration.name if configuration.name is not None else existing_acl.name - rules_as_hcl = encode_rules_as_hcl_string(configuration.rules) - updated_token = consul_client.acl.update( - configuration.token, name=name, type=configuration.token_type, rules=rules_as_hcl) - if updated_token != configuration.token: - raise AssertionError() - - return Output(changed=changed, token=configuration.token, rules=configuration.rules, operation=UPDATE_OPERATION) - - -def create_acl(consul_client, configuration): - """ - Creates an ACL. - :param consul_client: the consul client - :param configuration: the run configuration - :return: the output of the creation - """ - rules_as_hcl = encode_rules_as_hcl_string(configuration.rules) if len(configuration.rules) > 0 else None - token = consul_client.acl.create( - name=configuration.name, type=configuration.token_type, rules=rules_as_hcl, acl_id=configuration.token) - rules = configuration.rules - return Output(changed=True, token=token, rules=rules, operation=CREATE_OPERATION) - - -def remove_acl(consul, configuration): - """ - Removes an ACL. - :param consul: the consul client - :param configuration: the run configuration - :return: the output of the removal - """ - token = configuration.token - changed = consul.acl.info(token) is not None - if changed: - consul.acl.destroy(token) - return Output(changed=changed, token=token, operation=REMOVE_OPERATION) - - -def load_acl_with_token(consul, token): - """ - Loads the ACL with the given token (token == rule ID). - :param consul: the consul client - :param token: the ACL "token"/ID (not name) - :return: the ACL associated to the given token - :exception ConsulACLTokenNotFoundException: raised if the given token does not exist - """ - acl_as_json = consul.acl.info(token) - if acl_as_json is None: - raise ConsulACLNotFoundException(token) - return decode_acl_as_json(acl_as_json) - - -def encode_rules_as_hcl_string(rules): - """ - Converts the given rules into the equivalent HCL (string) representation. - :param rules: the rules - :return: the equivalent HCL (string) representation of the rules. Will be None if there is no rules (see internal - note for justification) - """ - if len(rules) == 0: - # Note: empty string is not valid HCL according to `hcl.load` however, the ACL `Rule` property will be an empty - # string if there is no rules... - return None - rules_as_hcl = "" - for rule in rules: - rules_as_hcl += encode_rule_as_hcl_string(rule) - return rules_as_hcl - - -def encode_rule_as_hcl_string(rule): - """ - Converts the given rule into the equivalent HCL (string) representation. - :param rule: the rule - :return: the equivalent HCL (string) representation of the rule - """ - if rule.pattern is not None: - return '%s "%s" {\n %s = "%s"\n}\n' % (rule.scope, rule.pattern, _POLICY_HCL_PROPERTY, rule.policy) - else: - return '%s = "%s"\n' % (rule.scope, rule.policy) - - -def decode_rules_as_hcl_string(rules_as_hcl): - """ - Converts the given HCL (string) representation of rules into a list of rule domain models. - :param rules_as_hcl: the HCL (string) representation of a collection of rules - :return: the equivalent domain model to the given rules - """ - rules_as_hcl = to_text(rules_as_hcl) - rules_as_json = hcl.loads(rules_as_hcl) - return decode_rules_as_json(rules_as_json) - - -def decode_rules_as_json(rules_as_json): - """ - Converts the given JSON representation of rules into a list of rule domain models. - :param rules_as_json: the JSON representation of a collection of rules - :return: the equivalent domain model to the given rules - """ - rules = RuleCollection() - for scope in rules_as_json: - if not isinstance(rules_as_json[scope], dict): - rules.add(Rule(scope, rules_as_json[scope])) - else: - for pattern, policy in rules_as_json[scope].items(): - rules.add(Rule(scope, policy[_POLICY_JSON_PROPERTY], pattern)) - return rules - - -def encode_rules_as_json(rules): - """ - Converts the given rules into the equivalent JSON representation according to the documentation: - https://www.consul.io/docs/guides/acl.html#rule-specification. - :param rules: the rules - :return: JSON representation of the given rules - """ - rules_as_json = defaultdict(dict) - for rule in rules: - if rule.pattern is not None: - if rule.pattern in rules_as_json[rule.scope]: - raise AssertionError() - rules_as_json[rule.scope][rule.pattern] = { - _POLICY_JSON_PROPERTY: rule.policy - } - else: - if rule.scope in rules_as_json: - raise AssertionError() - rules_as_json[rule.scope] = rule.policy - return rules_as_json - - -def decode_rules_as_yml(rules_as_yml): - """ - Converts the given YAML representation of rules into a list of rule domain models. - :param rules_as_yml: the YAML representation of a collection of rules - :return: the equivalent domain model to the given rules - """ - rules = RuleCollection() - if rules_as_yml: - for rule_as_yml in rules_as_yml: - rule_added = False - for scope in RULE_SCOPES: - if scope in rule_as_yml: - if rule_as_yml[scope] is None: - raise ValueError("Rule for '%s' does not have a value associated to the scope" % scope) - policy = rule_as_yml[_POLICY_YML_PROPERTY] if _POLICY_YML_PROPERTY in rule_as_yml \ - else rule_as_yml[scope] - pattern = rule_as_yml[scope] if _POLICY_YML_PROPERTY in rule_as_yml else None - rules.add(Rule(scope, policy, pattern)) - rule_added = True - break - if not rule_added: - raise ValueError("A rule requires one of %s and a policy." % ('/'.join(RULE_SCOPES))) - return rules - - -def decode_acl_as_json(acl_as_json): - """ - Converts the given JSON representation of an ACL into the equivalent domain model. - :param acl_as_json: the JSON representation of an ACL - :return: the equivalent domain model to the given ACL - """ - rules_as_hcl = acl_as_json[_RULES_JSON_PROPERTY] - rules = decode_rules_as_hcl_string(acl_as_json[_RULES_JSON_PROPERTY]) if rules_as_hcl.strip() != "" \ - else RuleCollection() - return ACL( - rules=rules, - token_type=acl_as_json[_TOKEN_TYPE_JSON_PROPERTY], - token=acl_as_json[_TOKEN_JSON_PROPERTY], - name=acl_as_json[_NAME_JSON_PROPERTY] - ) - - -def decode_acls_as_json(acls_as_json): - """ - Converts the given JSON representation of ACLs into a list of ACL domain models. - :param acls_as_json: the JSON representation of a collection of ACLs - :return: list of equivalent domain models for the given ACLs (order not guaranteed to be the same) - """ - return [decode_acl_as_json(acl_as_json) for acl_as_json in acls_as_json] - - -class ConsulACLNotFoundException(Exception): - """ - Exception raised if an ACL with is not found. - """ - - -class Configuration: - """ - Configuration for this module. - """ - - def __init__(self, management_token=None, host=None, scheme=None, validate_certs=None, name=None, port=None, - rules=None, state=None, token=None, token_type=None): - self.management_token = management_token # type: str - self.host = host # type: str - self.scheme = scheme # type: str - self.validate_certs = validate_certs # type: bool - self.name = name # type: str - self.port = port # type: int - self.rules = rules # type: RuleCollection - self.state = state # type: str - self.token = token # type: str - self.token_type = token_type # type: str - - -class Output: - """ - Output of an action of this module. - """ - - def __init__(self, changed=None, token=None, rules=None, operation=None): - self.changed = changed # type: bool - self.token = token # type: str - self.rules = rules # type: RuleCollection - self.operation = operation # type: str - - -class ACL: - """ - Consul ACL. See: https://www.consul.io/docs/guides/acl.html. - """ - - def __init__(self, rules, token_type, token, name): - self.rules = rules - self.token_type = token_type - self.token = token - self.name = name - - def __eq__(self, other): - return other \ - and isinstance(other, self.__class__) \ - and self.rules == other.rules \ - and self.token_type == other.token_type \ - and self.token == other.token \ - and self.name == other.name - - def __hash__(self): - return hash(self.rules) ^ hash(self.token_type) ^ hash(self.token) ^ hash(self.name) - - -class Rule: - """ - ACL rule. See: https://www.consul.io/docs/guides/acl.html#acl-rules-and-scope. - """ - - def __init__(self, scope, policy, pattern=None): - self.scope = scope - self.policy = policy - self.pattern = pattern - - def __eq__(self, other): - return isinstance(other, self.__class__) \ - and self.scope == other.scope \ - and self.policy == other.policy \ - and self.pattern == other.pattern - - def __ne__(self, other): - return not self.__eq__(other) - - def __hash__(self): - return (hash(self.scope) ^ hash(self.policy)) ^ hash(self.pattern) - - def __str__(self): - return encode_rule_as_hcl_string(self) - - -class RuleCollection: - """ - Collection of ACL rules, which are part of a Consul ACL. - """ - - def __init__(self): - self._rules = {} - for scope in RULE_SCOPES: - self._rules[scope] = {} - - def __iter__(self): - all_rules = [] - for scope, pattern_keyed_rules in self._rules.items(): - for pattern, rule in pattern_keyed_rules.items(): - all_rules.append(rule) - return iter(all_rules) - - def __len__(self): - count = 0 - for scope in RULE_SCOPES: - count += len(self._rules[scope]) - return count - - def __eq__(self, other): - return isinstance(other, self.__class__) \ - and set(self) == set(other) - - def __ne__(self, other): - return not self.__eq__(other) - - def __str__(self): - return encode_rules_as_hcl_string(self) - - def add(self, rule): - """ - Adds the given rule to this collection. - :param rule: model of a rule - :raises ValueError: raised if there already exists a rule for a given scope and pattern - """ - if rule.pattern in self._rules[rule.scope]: - patten_info = " and pattern '%s'" % rule.pattern if rule.pattern is not None else "" - raise ValueError("Duplicate rule for scope '%s'%s" % (rule.scope, patten_info)) - self._rules[rule.scope][rule.pattern] = rule - - -def get_consul_client(configuration): - """ - Gets a Consul client for the given configuration. - - Does not check if the Consul client can connect. - :param configuration: the run configuration - :return: Consul client - """ - token = configuration.management_token - if token is None: - token = configuration.token - if token is None: - raise AssertionError("Expecting the management token to always be set") - return consul.Consul(host=configuration.host, port=configuration.port, scheme=configuration.scheme, - verify=configuration.validate_certs, token=token) - - -def check_dependencies(): - """ - Checks that the required dependencies have been imported. - :exception ImportError: if it is detected that any of the required dependencies have not been imported - """ - if not python_consul_installed: - raise ImportError("python-consul required for this module. " - "See: https://python-consul.readthedocs.io/en/latest/#installation") - - if not pyhcl_installed: - raise ImportError("pyhcl required for this module. " - "See: https://pypi.org/project/pyhcl/") - - if not has_requests: - raise ImportError("requests required for this module. See https://pypi.org/project/requests/") - - -def main(): - """ - Main method. - """ - module = AnsibleModule(_ARGUMENT_SPEC, supports_check_mode=False) - - try: - check_dependencies() - except ImportError as e: - module.fail_json(msg=str(e)) - - configuration = Configuration( - management_token=module.params.get(MANAGEMENT_PARAMETER_NAME), - host=module.params.get(HOST_PARAMETER_NAME), - scheme=module.params.get(SCHEME_PARAMETER_NAME), - validate_certs=module.params.get(VALIDATE_CERTS_PARAMETER_NAME), - name=module.params.get(NAME_PARAMETER_NAME), - port=module.params.get(PORT_PARAMETER_NAME), - rules=decode_rules_as_yml(module.params.get(RULES_PARAMETER_NAME)), - state=module.params.get(STATE_PARAMETER_NAME), - token=module.params.get(TOKEN_PARAMETER_NAME), - token_type=module.params.get(TOKEN_TYPE_PARAMETER_NAME) - ) - consul_client = get_consul_client(configuration) - - try: - if configuration.state == PRESENT_STATE_VALUE: - output = set_acl(consul_client, configuration) - else: - output = remove_acl(consul_client, configuration) - except ConnectionError as e: - module.fail_json(msg='Could not connect to consul agent at %s:%s, error was %s' % ( - configuration.host, configuration.port, str(e))) - raise - - return_values = dict(changed=output.changed, token=output.token, operation=output.operation) - if output.rules is not None: - return_values["rules"] = encode_rules_as_json(output.rules) - module.exit_json(**return_values) - - -if __name__ == "__main__": - main() diff --git a/plugins/modules/consul_acl_bootstrap.py b/plugins/modules/consul_acl_bootstrap.py index bf1da110bf..7002c3d549 100644 --- a/plugins/modules/consul_acl_bootstrap.py +++ b/plugins/modules/consul_acl_bootstrap.py @@ -9,13 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ +DOCUMENTATION = r""" module: consul_acl_bootstrap short_description: Bootstrap ACLs in Consul version_added: 8.3.0 description: - - Allows bootstrapping of ACLs in a Consul cluster, see - U(https://developer.hashicorp.com/consul/api-docs/acl#bootstrap-acls) for details. + - Allows bootstrapping of ACLs in a Consul cluster, see U(https://developer.hashicorp.com/consul/api-docs/acl#bootstrap-acls) + for details. author: - Florian Apolloner (@apollo13) extends_documentation_fragment: @@ -40,35 +40,33 @@ options: type: str """ -EXAMPLES = """ +EXAMPLES = r""" - name: Bootstrap the ACL system community.general.consul_acl_bootstrap: bootstrap_secret: 22eaeed1-bdbd-4651-724e-42ae6c43e387 """ -RETURN = """ +RETURN = r""" result: - description: - - The bootstrap result as returned by the consul HTTP API. - - "B(Note:) If O(bootstrap_secret) has been specified the C(SecretID) and - C(ID) will not contain the secret but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER). - If you pass O(bootstrap_secret), make sure your playbook/role does not depend - on this return value!" - returned: changed - type: dict - sample: - AccessorID: 834a5881-10a9-a45b-f63c-490e28743557 - CreateIndex: 25 - CreateTime: '2024-01-21T20:26:27.114612038+01:00' - Description: Bootstrap Token (Global Management) - Hash: X2AgaFhnQGRhSSF/h0m6qpX1wj/HJWbyXcxkEM/5GrY= - ID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER - Local: false - ModifyIndex: 25 - Policies: + description: + - The bootstrap result as returned by the Consul HTTP API. + - B(Note:) If O(bootstrap_secret) has been specified the C(SecretID) and C(ID) will not contain the secret but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER). + If you pass O(bootstrap_secret), make sure your playbook/role does not depend on this return value! + returned: changed + type: dict + sample: + AccessorID: 834a5881-10a9-a45b-f63c-490e28743557 + CreateIndex: 25 + CreateTime: '2024-01-21T20:26:27.114612038+01:00' + Description: Bootstrap Token (Global Management) + Hash: X2AgaFhnQGRhSSF/h0m6qpX1wj/HJWbyXcxkEM/5GrY= + ID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + Local: false + ModifyIndex: 25 + Policies: - ID: 00000000-0000-0000-0000-000000000001 Name: global-management - SecretID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER + SecretID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER """ from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/consul_agent_check.py b/plugins/modules/consul_agent_check.py new file mode 100644 index 0000000000..ca1639063c --- /dev/null +++ b/plugins/modules/consul_agent_check.py @@ -0,0 +1,246 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Michael Ilg +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +module: consul_agent_check +short_description: Add, modify, and delete checks within a Consul cluster +version_added: 9.1.0 +description: + - Allows the addition, modification and deletion of checks in a Consul cluster using the agent. For more details on using + and configuring Checks, see U(https://developer.hashicorp.com/consul/api-docs/agent/check). + - Currently, there is no complete way to retrieve the script, interval or TTL metadata for a registered check. Without this + metadata it is not possible to tell if the data supplied with ansible represents a change to a check. As a result this + does not attempt to determine changes and will always report a changed occurred. An API method is planned to supply this + metadata so at that stage change management will be added. +author: + - Michael Ilg (@Ilgmi) +extends_documentation_fragment: + - community.general.consul + - community.general.consul.actiongroup_consul + - community.general.consul.token + - community.general.attributes +attributes: + check_mode: + support: full + details: + - The result is the object as it is defined in the module options and not the object structure of the Consul API. For + a better overview of what the object structure looks like, take a look at U(https://developer.hashicorp.com/consul/api-docs/agent/check#list-checks). + diff_mode: + support: partial + details: + - In check mode the diff will show the object as it is defined in the module options and not the object structure of + the Consul API. +options: + state: + description: + - Whether the check should be present or absent. + choices: ['present', 'absent'] + default: present + type: str + name: + description: + - Required name for the service check. + type: str + id: + description: + - Specifies a unique ID for this check on the node. This defaults to the O(name) parameter, but it may be necessary + to provide an ID for uniqueness. This value will return in the response as "CheckId". + type: str + interval: + description: + - The interval at which the service check will be run. This is a number with a V(s) or V(m) suffix to signify the units + of seconds or minutes, for example V(15s) or V(1m). If no suffix is supplied V(s) will be used by default, for example + V(10) will be V(10s). + - Required if one of the parameters O(args), O(http), or O(tcp) is specified. + type: str + notes: + description: + - Notes to attach to check when registering it. + type: str + args: + description: + - Specifies command arguments to run to update the status of the check. + - Requires O(interval) to be provided. + - Mutually exclusive with O(ttl), O(tcp) and O(http). + type: list + elements: str + ttl: + description: + - Checks can be registered with a TTL instead of a O(args) and O(interval) this means that the service will check in + with the agent before the TTL expires. If it does not the check will be considered failed. Required if registering + a check and the script an interval are missing Similar to the interval this is a number with a V(s) or V(m) suffix + to signify the units of seconds or minutes, for example V(15s) or V(1m). If no suffix is supplied V(s) will be used + by default, for example V(10) will be V(10s). + - Mutually exclusive with O(args), O(tcp) and O(http). + type: str + tcp: + description: + - Checks can be registered with a TCP port. This means that Consul will check if the connection attempt to that port + is successful (that is, the port is currently accepting connections). The format is V(host:port), for example V(localhost:80). + - Requires O(interval) to be provided. + - Mutually exclusive with O(args), O(ttl) and O(http). + type: str + version_added: '1.3.0' + http: + description: + - Checks can be registered with an HTTP endpoint. This means that Consul will check that the http endpoint returns a + successful HTTP status. + - Requires O(interval) to be provided. + - Mutually exclusive with O(args), O(ttl) and O(tcp). + type: str + timeout: + description: + - A custom HTTP check timeout. The Consul default is 10 seconds. Similar to the interval this is a number with a V(s) + or V(m) suffix to signify the units of seconds or minutes, for example V(15s) or V(1m). If no suffix is supplied V(s) + will be used by default, for example V(10) will be V(10s). + type: str + service_id: + description: + - The ID for the service, must be unique per node. If O(state=absent), defaults to the service name if supplied. + type: str +""" + +EXAMPLES = r""" +- name: Register tcp check for service 'nginx' + community.general.consul_agent_check: + name: nginx_tcp_check + service_id: nginx + interval: 60s + tcp: localhost:80 + notes: "Nginx Check" + +- name: Register http check for service 'nginx' + community.general.consul_agent_check: + name: nginx_http_check + service_id: nginx + interval: 60s + http: http://localhost:80/status + notes: "Nginx Check" + +- name: Remove check for service 'nginx' + community.general.consul_agent_check: + state: absent + id: nginx_http_check + service_id: "{{ nginx_service.ID }}" +""" + +RETURN = r""" +check: + description: The check as returned by the Consul HTTP API. + returned: always + type: dict + sample: + CheckID: nginx_check + ServiceID: nginx + Interval: 30s + Type: http + Notes: Nginx Check +operation: + description: The operation performed. + returned: changed + type: str + sample: update +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.general.plugins.module_utils.consul import ( + AUTH_ARGUMENTS_SPEC, + OPERATION_CREATE, + OPERATION_UPDATE, + OPERATION_DELETE, + OPERATION_READ, + _ConsulModule, + validate_check, +) + +_ARGUMENT_SPEC = { + "state": dict(default="present", choices=["present", "absent"]), + "name": dict(type='str'), + "id": dict(type='str'), + "interval": dict(type='str'), + "notes": dict(type='str'), + "args": dict(type='list', elements='str'), + "http": dict(type='str'), + "tcp": dict(type='str'), + "ttl": dict(type='str'), + "timeout": dict(type='str'), + "service_id": dict(type='str'), +} + +_MUTUALLY_EXCLUSIVE = [ + ('args', 'ttl', 'tcp', 'http'), +] + +_REQUIRED_IF = [ + ('state', 'present', ['name']), + ('state', 'absent', ('id', 'name'), True), +] + +_REQUIRED_BY = { + 'args': 'interval', + 'http': 'interval', + 'tcp': 'interval', +} + +_ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC) + + +class ConsulAgentCheckModule(_ConsulModule): + api_endpoint = "agent/check" + result_key = "check" + unique_identifiers = ["id", "name"] + operational_attributes = {"Node", "CheckID", "Output", "ServiceName", "ServiceTags", + "Status", "Type", "ExposedPort", "Definition"} + + def endpoint_url(self, operation, identifier=None): + if operation == OPERATION_READ: + return "agent/checks" + if operation in [OPERATION_CREATE, OPERATION_UPDATE]: + return "/".join([self.api_endpoint, "register"]) + if operation == OPERATION_DELETE: + return "/".join([self.api_endpoint, "deregister", identifier]) + + return super(ConsulAgentCheckModule, self).endpoint_url(operation, identifier) + + def read_object(self): + url = self.endpoint_url(OPERATION_READ) + checks = self.get(url) + identifier = self.id_from_obj(self.params) + if identifier in checks: + return checks[identifier] + return None + + def prepare_object(self, existing, obj): + existing = super(ConsulAgentCheckModule, self).prepare_object(existing, obj) + validate_check(existing) + return existing + + def delete_object(self, obj): + if not self._module.check_mode: + self.put(self.endpoint_url(OPERATION_DELETE, obj.get("CheckID"))) + return {} + + +def main(): + module = AnsibleModule( + _ARGUMENT_SPEC, + mutually_exclusive=_MUTUALLY_EXCLUSIVE, + required_if=_REQUIRED_IF, + required_by=_REQUIRED_BY, + supports_check_mode=True, + ) + + consul_module = ConsulAgentCheckModule(module) + consul_module.execute() + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/consul_agent_service.py b/plugins/modules/consul_agent_service.py new file mode 100644 index 0000000000..bd28dfd2c3 --- /dev/null +++ b/plugins/modules/consul_agent_service.py @@ -0,0 +1,283 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Michael Ilg +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +module: consul_agent_service +short_description: Add, modify and delete services within a Consul cluster +version_added: 9.1.0 +description: + - Allows the addition, modification and deletion of services in a Consul cluster using the agent. + - There are currently no plans to create services and checks in one. This is because the Consul API does not provide checks + for a service and the checks themselves do not match the module parameters. Therefore, only a service without checks can + be created in this module. +author: + - Michael Ilg (@Ilgmi) +extends_documentation_fragment: + - community.general.consul + - community.general.consul.actiongroup_consul + - community.general.consul.token + - community.general.attributes +attributes: + check_mode: + support: full + diff_mode: + support: partial + details: + - In check mode the diff will miss operational attributes. +options: + state: + description: + - Whether the service should be present or absent. + choices: ['present', 'absent'] + default: present + type: str + name: + description: + - Unique name for the service on a node, must be unique per node, required if registering a service. + type: str + id: + description: + - Specifies a unique ID for this service. This must be unique per agent. This defaults to the O(name) parameter if not + provided. If O(state=absent), defaults to the service name if supplied. + type: str + tags: + description: + - Tags that will be attached to the service registration. + type: list + elements: str + address: + description: + - The address to advertise that the service will be listening on. This value will be passed as the C(address) parameter + to Consul's C(/v1/agent/service/register) API method, so refer to the Consul API documentation for further details. + type: str + meta: + description: + - Optional meta data used for filtering. For keys, the characters C(A-Z), C(a-z), C(0-9), C(_), C(-) are allowed. Not + allowed characters are replaced with underscores. + type: dict + service_port: + description: + - The port on which the service is listening. Can optionally be supplied for registration of a service, that is if O(name) + or O(id) is set. + type: int + enable_tag_override: + description: + - Specifies to disable the anti-entropy feature for this service's tags. If C(EnableTagOverride) is set to true then + external agents can update this service in the catalog and modify the tags. + type: bool + default: false + weights: + description: + - Specifies weights for the service. + type: dict + suboptions: + passing: + description: + - Weights for passing. + type: int + default: 1 + warning: + description: + - Weights for warning. + type: int + default: 1 + default: {"passing": 1, "warning": 1} +""" + +EXAMPLES = r""" +- name: Register nginx service with the local Consul agent + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + name: nginx + service_port: 80 + +- name: Register nginx with a tcp check + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + name: nginx + service_port: 80 + +- name: Register nginx with an http check + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + name: nginx + service_port: 80 + +- name: Register external service nginx available at 10.1.5.23 + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + name: nginx + service_port: 80 + address: 10.1.5.23 + +- name: Register nginx with some service tags + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + name: nginx + service_port: 80 + tags: + - prod + - webservers + +- name: Register nginx with some service meta + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + name: nginx + service_port: 80 + meta: + nginx_version: 1.25.3 + +- name: Remove nginx service + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + service_id: nginx + state: absent + +- name: Register celery worker service + community.general.consul_agent_service: + host: consul1.example.com + token: some_management_acl + name: celery-worker + tags: + - prod + - worker +""" + +RETURN = r""" +service: + description: The service as returned by the Consul HTTP API. + returned: always + type: dict + sample: + ID: nginx + Service: nginx + Address: localhost + Port: 80 + Tags: + - http + Meta: + - nginx_version: 1.23.3 + Datacenter: dc1 + Weights: + Passing: 1 + Warning: 1 + ContentHash: 61a245cd985261ac + EnableTagOverride: false +operation: + description: The operation performed. + returned: changed + type: str + sample: update +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.general.plugins.module_utils.consul import ( + AUTH_ARGUMENTS_SPEC, + OPERATION_CREATE, + OPERATION_UPDATE, + OPERATION_DELETE, + _ConsulModule +) + +_CHECK_MUTUALLY_EXCLUSIVE = [('args', 'ttl', 'tcp', 'http')] +_CHECK_REQUIRED_BY = { + 'args': 'interval', + 'http': 'interval', + 'tcp': 'interval', +} + +_ARGUMENT_SPEC = { + "state": dict(default="present", choices=["present", "absent"]), + "name": dict(type='str'), + "id": dict(type='str'), + "tags": dict(type='list', elements='str'), + "address": dict(type='str'), + "meta": dict(type='dict'), + "service_port": dict(type='int'), + "enable_tag_override": dict(type='bool', default=False), + "weights": dict(type='dict', options=dict( + passing=dict(type='int', default=1, no_log=False), + warning=dict(type='int', default=1) + ), default={"passing": 1, "warning": 1}) +} + +_REQUIRED_IF = [ + ('state', 'present', ['name']), + ('state', 'absent', ('id', 'name'), True), +] + +_ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC) + + +class ConsulAgentServiceModule(_ConsulModule): + api_endpoint = "agent/service" + result_key = "service" + unique_identifiers = ["id", "name"] + operational_attributes = {"Service", "ContentHash", "Datacenter"} + + def endpoint_url(self, operation, identifier=None): + if operation in [OPERATION_CREATE, OPERATION_UPDATE]: + return "/".join([self.api_endpoint, "register"]) + if operation == OPERATION_DELETE: + return "/".join([self.api_endpoint, "deregister", identifier]) + + return super(ConsulAgentServiceModule, self).endpoint_url(operation, identifier) + + def prepare_object(self, existing, obj): + existing = super(ConsulAgentServiceModule, self).prepare_object(existing, obj) + if "ServicePort" in existing: + existing["Port"] = existing.pop("ServicePort") + + if "ID" not in existing: + existing["ID"] = existing["Name"] + + return existing + + def needs_update(self, api_obj, module_obj): + obj = {} + if "Service" in api_obj: + obj["Service"] = api_obj["Service"] + api_obj = self.prepare_object(api_obj, obj) + + if "Name" in module_obj: + module_obj["Service"] = module_obj.pop("Name") + if "ServicePort" in module_obj: + module_obj["Port"] = module_obj.pop("ServicePort") + + return super(ConsulAgentServiceModule, self).needs_update(api_obj, module_obj) + + def delete_object(self, obj): + if not self._module.check_mode: + url = self.endpoint_url(OPERATION_DELETE, self.id_from_obj(obj, camel_case=True)) + self.put(url) + return {} + + +def main(): + module = AnsibleModule( + _ARGUMENT_SPEC, + required_if=_REQUIRED_IF, + supports_check_mode=True, + ) + + consul_module = ConsulAgentServiceModule(module) + consul_module.execute() + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/consul_auth_method.py b/plugins/modules/consul_auth_method.py index afe549f6ef..a5cfd3b305 100644 --- a/plugins/modules/consul_auth_method.py +++ b/plugins/modules/consul_auth_method.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ +DOCUMENTATION = r""" module: consul_auth_method short_description: Manipulate Consul auth methods version_added: 8.3.0 description: - - Allows the addition, modification and deletion of auth methods in a consul - cluster via the agent. For more details on using and configuring ACLs, - see U(https://www.consul.io/docs/guides/acl.html). + - Allows the addition, modification and deletion of auth methods in a Consul cluster using the agent. For more details on + using and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html). author: - Florian Apolloner (@apollo13) extends_documentation_fragment: @@ -77,7 +76,7 @@ options: type: dict """ -EXAMPLES = """ +EXAMPLES = r""" - name: Create an auth method community.general.consul_auth_method: name: test @@ -103,9 +102,9 @@ EXAMPLES = """ token: "{{ consul_management_token }}" """ -RETURN = """ +RETURN = r""" auth_method: - description: The auth method as returned by the consul HTTP API. + description: The auth method as returned by the Consul HTTP API. returned: always type: dict sample: @@ -126,10 +125,10 @@ auth_method: Name: test Type: jwt operation: - description: The operation performed. - returned: changed - type: str - sample: update + description: The operation performed. + returned: changed + type: str + sample: update """ import re @@ -168,7 +167,7 @@ def normalize_ttl(ttl): class ConsulAuthMethodModule(_ConsulModule): api_endpoint = "acl/auth-method" result_key = "auth_method" - unique_identifier = "name" + unique_identifiers = ["name"] def map_param(self, k, v, is_update): if k == "config" and v: diff --git a/plugins/modules/consul_binding_rule.py b/plugins/modules/consul_binding_rule.py index 88496f8675..698ba5913f 100644 --- a/plugins/modules/consul_binding_rule.py +++ b/plugins/modules/consul_binding_rule.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ +DOCUMENTATION = r""" module: consul_binding_rule short_description: Manipulate Consul binding rules version_added: 8.3.0 description: - - Allows the addition, modification and deletion of binding rules in a consul - cluster via the agent. For more details on using and configuring binding rules, - see U(https://developer.hashicorp.com/consul/api-docs/acl/binding-rules). + - Allows the addition, modification and deletion of binding rules in a Consul cluster using the agent. For more details + on using and configuring binding rules, see U(https://developer.hashicorp.com/consul/api-docs/acl/binding-rules). author: - Florian Apolloner (@apollo13) extends_documentation_fragment: @@ -41,7 +40,8 @@ options: name: description: - Specifies a name for the binding rule. - - 'Note: This is used to identify the binding rule. But since the API does not support a name, it is prefixed to the description.' + - 'Note: This is used to identify the binding rule. But since the API does not support a name, it is prefixed to the + description.' type: str required: true description: @@ -74,7 +74,7 @@ options: type: dict """ -EXAMPLES = """ +EXAMPLES = r""" - name: Create a binding rule community.general.consul_binding_rule: name: my_name @@ -91,9 +91,9 @@ EXAMPLES = """ state: absent """ -RETURN = """ +RETURN = r""" binding_rule: - description: The binding rule as returned by the consul HTTP API. + description: The binding rule as returned by the Consul HTTP API. returned: always type: dict sample: @@ -124,7 +124,7 @@ from ansible_collections.community.general.plugins.module_utils.consul import ( class ConsulBindingRuleModule(_ConsulModule): api_endpoint = "acl/binding-rule" result_key = "binding_rule" - unique_identifier = "id" + unique_identifiers = ["id"] def read_object(self): url = "acl/binding-rules?authmethod={0}".format(self.params["auth_method"]) diff --git a/plugins/modules/consul_kv.py b/plugins/modules/consul_kv.py index 84169fc6b7..8152dd5c25 100644 --- a/plugins/modules/consul_kv.py +++ b/plugins/modules/consul_kv.py @@ -10,15 +10,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: consul_kv -short_description: Manipulate entries in the key/value store of a consul cluster +short_description: Manipulate entries in the key/value store of a Consul cluster description: - - Allows the retrieval, addition, modification and deletion of key/value entries in a - consul cluster via the agent. The entire contents of the record, including - the indices, flags and session are returned as C(value). - - If the O(key) represents a prefix then note that when a value is removed, the existing - value if any is returned as part of the results. + - Allows the retrieval, addition, modification and deletion of key/value entries in a Consul cluster using the agent. The + entire contents of the record, including the indices, flags and session are returned as C(value). + - If the O(key) represents a prefix then note that when a value is removed, the existing value if any is returned as part + of the results. - See http://www.consul.io/docs/agent/http.html#kv for more details. requirements: - python-consul @@ -29,92 +28,89 @@ author: extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - The action to take with the supplied key and value. If the state is V(present) and O(value) is set, the key - contents will be set to the value supplied and C(changed) will be set to V(true) only if the value was - different to the current contents. If the state is V(present) and O(value) is not set, the existing value - associated to the key will be returned. The state V(absent) will remove the key/value pair, - again C(changed) will be set to V(true) only if the key actually existed - prior to the removal. An attempt can be made to obtain or free the - lock associated with a key/value pair with the states V(acquire) or - V(release) respectively. a valid session must be supplied to make the - attempt changed will be true if the attempt is successful, false - otherwise. - type: str - choices: [ absent, acquire, present, release ] - default: present - key: - description: - - The key at which the value should be stored. - type: str - required: true - value: - description: - - The value should be associated with the given key, required if O(state) - is V(present). - type: str - recurse: - description: - - If the key represents a prefix, each entry with the prefix can be - retrieved by setting this to V(true). - type: bool - retrieve: - description: - - If the O(state) is V(present) and O(value) is set, perform a - read after setting the value and return this value. - default: true - type: bool - session: - description: - - The session that should be used to acquire or release a lock - associated with a key/value pair. - type: str - token: - description: - - The token key identifying an ACL rule set that controls access to - the key value pair - type: str - cas: - description: - - Used when acquiring a lock with a session. If the O(cas) is V(0), then - Consul will only put the key if it does not already exist. If the - O(cas) value is non-zero, then the key is only set if the index matches - the ModifyIndex of that key. - type: str - flags: - description: - - Opaque positive integer value that can be passed when setting a value. - type: str - host: - description: - - Host of the consul agent. - type: str - default: localhost - port: - description: - - The port on which the consul agent is running. - type: int - default: 8500 - scheme: - description: - - The protocol scheme on which the consul agent is running. - type: str - default: http - validate_certs: - description: - - Whether to verify the tls certificate of the consul agent. - type: bool - default: true -''' + state: + description: + - The action to take with the supplied key and value. If the state is V(present) and O(value) is set, the key contents + will be set to the value supplied and C(changed) will be set to V(true) only if the value was different to the current + contents. If the state is V(present) and O(value) is not set, the existing value associated to the key will be returned. + The state V(absent) will remove the key/value pair, again C(changed) will be set to V(true) only if the key actually + existed prior to the removal. An attempt can be made to obtain or free the lock associated with a key/value pair with + the states V(acquire) or V(release) respectively. A valid session must be supplied to make the attempt C(changed) + will be V(true) if the attempt is successful, V(false) otherwise. + type: str + choices: [absent, acquire, present, release] + default: present + key: + description: + - The key at which the value should be stored. + type: str + required: true + value: + description: + - The value should be associated with the given key, required if O(state) is V(present). + type: str + recurse: + description: + - If the key represents a prefix, each entry with the prefix can be retrieved by setting this to V(true). + type: bool + retrieve: + description: + - If the O(state) is V(present) and O(value) is set, perform a read after setting the value and return this value. + default: true + type: bool + session: + description: + - The session that should be used to acquire or release a lock associated with a key/value pair. + type: str + token: + description: + - The token key identifying an ACL rule set that controls access to the key value pair. + type: str + cas: + description: + - Used when acquiring a lock with a session. If the O(cas) is V(0), then Consul will only put the key if it does not + already exist. If the O(cas) value is non-zero, then the key is only set if the index matches the ModifyIndex of that + key. + type: str + flags: + description: + - Opaque positive integer value that can be passed when setting a value. + type: str + host: + description: + - Host of the Consul agent. + type: str + default: localhost + port: + description: + - The port on which the Consul agent is running. + type: int + default: 8500 + scheme: + description: + - The protocol scheme on which the Consul agent is running. + type: str + default: http + validate_certs: + description: + - Whether to verify the tls certificate of the Consul agent. + type: bool + default: true + datacenter: + description: + - The name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent + on O(host). + type: str + version_added: 10.0.0 +""" -EXAMPLES = ''' +EXAMPLES = r""" # If the key does not exist, the value associated to the "data" property in `retrieved_key` will be `None` # If the key value is empty string, `retrieved_key["data"]["Value"]` will be `None` - name: Retrieve a value from the key/value store @@ -132,7 +128,7 @@ EXAMPLES = ''' key: somekey state: absent -- name: Add a node to an arbitrary group via consul inventory (see consul.ini) +- name: Add a node to an arbitrary group using Consul inventory (see consul.ini) community.general.consul_kv: key: ansible/groups/dc1/somenode value: top_secret @@ -143,7 +139,7 @@ EXAMPLES = ''' value: 20160509 session: "{{ sessionid }}" state: acquire -''' +""" from ansible.module_utils.common.text.converters import to_text @@ -291,7 +287,8 @@ def get_consul_api(module): port=module.params.get('port'), scheme=module.params.get('scheme'), verify=module.params.get('validate_certs'), - token=module.params.get('token')) + token=module.params.get('token'), + dc=module.params.get('datacenter')) def test_dependencies(module): @@ -305,6 +302,7 @@ def main(): module = AnsibleModule( argument_spec=dict( cas=dict(type='str'), + datacenter=dict(type='str', default=None), flags=dict(type='str'), key=dict(type='str', required=True, no_log=False), host=dict(type='str', default='localhost'), diff --git a/plugins/modules/consul_policy.py b/plugins/modules/consul_policy.py index f020622a0c..c9758780b2 100644 --- a/plugins/modules/consul_policy.py +++ b/plugins/modules/consul_policy.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ +DOCUMENTATION = r""" module: consul_policy short_description: Manipulate Consul policies version_added: 7.2.0 description: - - Allows the addition, modification and deletion of policies in a consul - cluster via the agent. For more details on using and configuring ACLs, - see U(https://www.consul.io/docs/guides/acl.html). + - Allows the addition, modification and deletion of policies in a Consul cluster using the agent. For more details on using + and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html). author: - Håkon Lerring (@Hakon) extends_documentation_fragment: @@ -33,6 +32,8 @@ attributes: version_added: 8.3.0 details: - In check mode the diff will miss operational attributes. + action_group: + version_added: 8.3.0 options: state: description: @@ -47,8 +48,7 @@ options: elements: str name: description: - - The name that should be associated with the policy, this is opaque - to Consul. + - The name that should be associated with the policy, this is opaque to Consul. required: true type: str description: @@ -61,19 +61,19 @@ options: - Rule document that should be associated with the current policy. """ -EXAMPLES = """ +EXAMPLES = r""" - name: Create a policy with rules community.general.consul_policy: host: consul1.example.com token: some_management_acl name: foo-access rules: | - key "foo" { - policy = "read" - } - key "private/foo" { - policy = "deny" - } + key "foo" { + policy = "read" + } + key "private/foo" { + policy = "deny" + } - name: Update the rules associated to a policy community.general.consul_policy: @@ -81,15 +81,15 @@ EXAMPLES = """ token: some_management_acl name: foo-access rules: | - key "foo" { - policy = "read" - } - key "private/foo" { - policy = "deny" - } - event "bbq" { - policy = "write" - } + key "foo" { + policy = "read" + } + key "private/foo" { + policy = "deny" + } + event "bbq" { + policy = "write" + } - name: Remove a policy community.general.consul_policy: @@ -99,28 +99,28 @@ EXAMPLES = """ state: absent """ -RETURN = """ +RETURN = r""" policy: - description: The policy as returned by the consul HTTP API. - returned: always - type: dict - sample: - CreateIndex: 632 - Description: Testing - Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A= - Name: foo-access - Rules: |- - key "foo" { - policy = "read" - } - key "private/foo" { - policy = "deny" - } + description: The policy as returned by the Consul HTTP API. + returned: always + type: dict + sample: + CreateIndex: 632 + Description: Testing + Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A= + Name: foo-access + Rules: |- + key "foo" { + policy = "read" + } + key "private/foo" { + policy = "deny" + } operation: - description: The operation performed. - returned: changed - type: str - sample: update + description: The operation performed. + returned: changed + type: str + sample: update """ from ansible.module_utils.basic import AnsibleModule @@ -143,7 +143,7 @@ _ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC) class ConsulPolicyModule(_ConsulModule): api_endpoint = "acl/policy" result_key = "policy" - unique_identifier = "id" + unique_identifiers = ["id"] def endpoint_url(self, operation, identifier=None): if operation == OPERATION_READ: diff --git a/plugins/modules/consul_role.py b/plugins/modules/consul_role.py index 0da71507a6..9ba9856744 100644 --- a/plugins/modules/consul_role.py +++ b/plugins/modules/consul_role.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ +DOCUMENTATION = r""" module: consul_role short_description: Manipulate Consul roles version_added: 7.5.0 description: - - Allows the addition, modification and deletion of roles in a consul - cluster via the agent. For more details on using and configuring ACLs, - see U(https://www.consul.io/docs/guides/acl.html). + - Allows the addition, modification and deletion of roles in a Consul cluster using the agent. For more details on using + and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html). author: - Håkon Lerring (@Hakon) extends_documentation_fragment: @@ -32,6 +31,8 @@ attributes: details: - In check mode the diff will miss operational attributes. version_added: 8.3.0 + action_group: + version_added: 8.3.0 options: name: description: @@ -40,7 +41,7 @@ options: type: str state: description: - - whether the role should be present or absent. + - Whether the role should be present or absent. choices: ['present', 'absent'] default: present type: str @@ -96,9 +97,9 @@ options: description: - The name of the node. - Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. - - May only contain lowercase alphanumeric characters as well as - and _. - - This suboption has been renamed from O(service_identities[].name) to O(service_identities[].service_name) - in community.general 8.3.0. The old name can still be used. + - May only contain lowercase alphanumeric characters as well as V(-) and V(_). + - This suboption has been renamed from O(service_identities[].name) to O(service_identities[].service_name) in community.general + 8.3.0. The old name can still be used. type: str required: true aliases: @@ -108,7 +109,7 @@ options: - The datacenters the policies will be effective. - This will result in effective policy only being valid in this datacenter. - If an empty array (V([])) is specified, the policies will valid in all datacenters. - - including those which do not yet exist but may in the future. + - Including those which do not yet exist but may in the future. type: list elements: str node_identities: @@ -123,9 +124,9 @@ options: description: - The name of the node. - Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. - - May only contain lowercase alphanumeric characters as well as - and _. - - This suboption has been renamed from O(node_identities[].name) to O(node_identities[].node_name) - in community.general 8.3.0. The old name can still be used. + - May only contain lowercase alphanumeric characters as well as V(-) and V(_). + - This suboption has been renamed from O(node_identities[].name) to O(node_identities[].node_name) in community.general + 8.3.0. The old name can still be used. type: str required: true aliases: @@ -138,7 +139,7 @@ options: required: true """ -EXAMPLES = """ +EXAMPLES = r""" - name: Create a role with 2 policies community.general.consul_role: host: consul1.example.com @@ -175,28 +176,28 @@ EXAMPLES = """ state: absent """ -RETURN = """ +RETURN = r""" role: - description: The role object. - returned: success - type: dict - sample: - { - "CreateIndex": 39, - "Description": "", - "Hash": "Trt0QJtxVEfvTTIcdTUbIJRr6Dsi6E4EcwSFxx9tCYM=", - "ID": "9a300b8d-48db-b720-8544-a37c0f5dafb5", - "ModifyIndex": 39, - "Name": "foo-role", - "Policies": [ - {"ID": "b1a00172-d7a1-0e66-a12e-7a4045c4b774", "Name": "foo-access"} - ] - } + description: The role object. + returned: success + type: dict + sample: + { + "CreateIndex": 39, + "Description": "", + "Hash": "Trt0QJtxVEfvTTIcdTUbIJRr6Dsi6E4EcwSFxx9tCYM=", + "ID": "9a300b8d-48db-b720-8544-a37c0f5dafb5", + "ModifyIndex": 39, + "Name": "foo-role", + "Policies": [ + {"ID": "b1a00172-d7a1-0e66-a12e-7a4045c4b774", "Name": "foo-access"} + ] + } operation: - description: The operation performed on the role. - returned: changed - type: str - sample: update + description: The operation performed on the role. + returned: changed + type: str + sample: update """ from ansible.module_utils.basic import AnsibleModule @@ -210,7 +211,7 @@ from ansible_collections.community.general.plugins.module_utils.consul import ( class ConsulRoleModule(_ConsulModule): api_endpoint = "acl/role" result_key = "role" - unique_identifier = "id" + unique_identifiers = ["id"] def endpoint_url(self, operation, identifier=None): if operation == OPERATION_READ: diff --git a/plugins/modules/consul_session.py b/plugins/modules/consul_session.py index bd03b561a7..a72136ad66 100644 --- a/plugins/modules/consul_session.py +++ b/plugins/modules/consul_session.py @@ -8,14 +8,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: consul_session -short_description: Manipulate consul sessions +short_description: Manipulate Consul sessions description: - - Allows the addition, modification and deletion of sessions in a consul - cluster. These sessions can then be used in conjunction with key value pairs - to implement distributed locks. In depth documentation for working with - sessions can be found at http://www.consul.io/docs/internals/sessions.html + - Allows the addition, modification and deletion of sessions in a Consul cluster. These sessions can then be used in conjunction + with key value pairs to implement distributed locks. In depth documentation for working with sessions can be found at + U(http://www.consul.io/docs/internals/sessions.html). author: - Steve Gargan (@sgargan) - Håkon Lerring (@Hakon) @@ -25,76 +24,69 @@ extends_documentation_fragment: - community.general.consul.token - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none + action_group: + version_added: 8.3.0 options: - id: - description: - - ID of the session, required when O(state) is either V(info) or - V(remove). - type: str - state: - description: - - Whether the session should be present i.e. created if it doesn't - exist, or absent, removed if present. If created, the O(id) for the - session is returned in the output. If V(absent), O(id) is - required to remove the session. Info for a single session, all the - sessions for a node or all available sessions can be retrieved by - specifying V(info), V(node) or V(list) for the O(state); for V(node) - or V(info), the node O(name) or session O(id) is required as parameter. - choices: [ absent, info, list, node, present ] - type: str - default: present - name: - description: - - The name that should be associated with the session. Required when - O(state=node) is used. - type: str - delay: - description: - - The optional lock delay that can be attached to the session when it - is created. Locks for invalidated sessions ar blocked from being - acquired until this delay has expired. Durations are in seconds. - type: int - default: 15 - node: - description: - - The name of the node that with which the session will be associated. - by default this is the name of the agent. - type: str - datacenter: - description: - - The name of the datacenter in which the session exists or should be - created. - type: str - checks: - description: - - Checks that will be used to verify the session health. If - all the checks fail, the session will be invalidated and any locks - associated with the session will be release and can be acquired once - the associated lock delay has expired. - type: list - elements: str - behavior: - description: - - The optional behavior that can be attached to the session when it - is created. This controls the behavior when a session is invalidated. - choices: [ delete, release ] - type: str - default: release - ttl: - description: - - Specifies the duration of a session in seconds (between 10 and 86400). - type: int - version_added: 5.4.0 - token: - version_added: 5.6.0 -''' + id: + description: + - ID of the session, required when O(state) is either V(info) or V(remove). + type: str + state: + description: + - Whether the session should be present, in other words it should be created if it does not exist, or absent, removed + if present. If created, the O(id) for the session is returned in the output. If V(absent), O(id) is required to remove + the session. Info for a single session, all the sessions for a node or all available sessions can be retrieved by + specifying V(info), V(node) or V(list) for the O(state); for V(node) or V(info), the node O(name) or session O(id) + is required as parameter. + choices: [absent, info, list, node, present] + type: str + default: present + name: + description: + - The name that should be associated with the session. Required when O(state=node) is used. + type: str + delay: + description: + - The optional lock delay that can be attached to the session when it is created. Locks for invalidated sessions ar + blocked from being acquired until this delay has expired. Durations are in seconds. + type: int + default: 15 + node: + description: + - The name of the node that with which the session will be associated. By default this is the name of the agent. + type: str + datacenter: + description: + - The name of the datacenter in which the session exists or should be created. + type: str + checks: + description: + - Checks that will be used to verify the session health. If all the checks fail, the session will be invalidated and + any locks associated with the session will be release and can be acquired once the associated lock delay has expired. + type: list + elements: str + behavior: + description: + - The optional behavior that can be attached to the session when it is created. This controls the behavior when a session + is invalidated. + choices: [delete, release] + type: str + default: release + ttl: + description: + - Specifies the duration of a session in seconds (between 10 and 86400). + type: int + version_added: 5.4.0 + token: + version_added: 5.6.0 +""" -EXAMPLES = ''' -- name: Register basic session with consul +EXAMPLES = r""" +- name: Register basic session with Consul community.general.consul_session: name: session1 @@ -121,8 +113,8 @@ EXAMPLES = ''' - name: Register session with a ttl community.general.consul_session: name: session-with-ttl - ttl: 600 # sec -''' + ttl: 600 # sec +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.consul import ( diff --git a/plugins/modules/consul_token.py b/plugins/modules/consul_token.py index eee419863f..dccfa2f7a3 100644 --- a/plugins/modules/consul_token.py +++ b/plugins/modules/consul_token.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ +DOCUMENTATION = r""" module: consul_token short_description: Manipulate Consul tokens version_added: 8.3.0 description: - - Allows the addition, modification and deletion of tokens in a consul - cluster via the agent. For more details on using and configuring ACLs, - see U(https://www.consul.io/docs/guides/acl.html). + - Allows the addition, modification and deletion of tokens in a Consul cluster using the agent. For more details on using + and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html). author: - Florian Apolloner (@apollo13) extends_documentation_fragment: @@ -31,6 +30,8 @@ attributes: support: partial details: - In check mode the diff will miss operational attributes. + action_group: + version_added: 8.3.0 options: state: description: @@ -40,13 +41,11 @@ options: type: str accessor_id: description: - - Specifies a UUID to use as the token's Accessor ID. - If not specified a UUID will be generated for this field. + - Specifies a UUID to use as the token's Accessor ID. If not specified a UUID will be generated for this field. type: str secret_id: description: - - Specifies a UUID to use as the token's Secret ID. - If not specified a UUID will be generated for this field. + - Specifies a UUID to use as the token's Secret ID. If not specified a UUID will be generated for this field. type: str description: description: @@ -123,7 +122,7 @@ options: description: - The datacenters the token will be effective. - If an empty array (V([])) is specified, the token will valid in all datacenters. - - including those which do not yet exist but may in the future. + - Including those which do not yet exist but may in the future. type: list elements: str node_identities: @@ -149,18 +148,16 @@ options: required: true local: description: - - If true, indicates that the token should not be replicated globally - and instead be local to the current datacenter. + - If true, indicates that the token should not be replicated globally and instead be local to the current datacenter. type: bool expiration_ttl: description: - - This is a convenience field and if set will initialize the C(expiration_time). - Can be specified in the form of V(60s) or V(5m) (that is, 60 seconds or 5 minutes, - respectively). Ingored when the token is updated! + - This is a convenience field and if set will initialize the C(expiration_time). Can be specified in the form of V(60s) + or V(5m) (that is, 60 seconds or 5 minutes, respectively). Ingored when the token is updated! type: str """ -EXAMPLES = """ +EXAMPLES = r""" - name: Create / Update a token by accessor_id community.general.consul_token: state: present @@ -184,26 +181,26 @@ EXAMPLES = """ token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8 """ -RETURN = """ +RETURN = r""" token: - description: The token as returned by the consul HTTP API. - returned: always - type: dict - sample: - AccessorID: 07a7de84-c9c7-448a-99cc-beaf682efd21 - CreateIndex: 632 - CreateTime: "2024-01-14T21:53:01.402749174+01:00" - Description: Testing - Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A= - Local: false - ModifyIndex: 633 - SecretID: bd380fba-da17-7cee-8576-8d6427c6c930 - ServiceIdentities: [{"ServiceName": "test"}] + description: The token as returned by the Consul HTTP API. + returned: always + type: dict + sample: + AccessorID: 07a7de84-c9c7-448a-99cc-beaf682efd21 + CreateIndex: 632 + CreateTime: "2024-01-14T21:53:01.402749174+01:00" + Description: Testing + Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A= + Local: false + ModifyIndex: 633 + SecretID: bd380fba-da17-7cee-8576-8d6427c6c930 + ServiceIdentities: ["ServiceName": "test"] operation: - description: The operation performed. - returned: changed - type: str - sample: update + description: The operation performed. + returned: changed + type: str + sample: update """ from ansible.module_utils.basic import AnsibleModule @@ -233,13 +230,13 @@ def normalize_link_obj(api_obj, module_obj, key): class ConsulTokenModule(_ConsulModule): api_endpoint = "acl/token" result_key = "token" - unique_identifier = "accessor_id" + unique_identifiers = ["accessor_id"] create_only_fields = {"expiration_ttl"} def read_object(self): # if `accessor_id` is not supplied we can only create objects and are not idempotent - if not self.params.get(self.unique_identifier): + if not self.id_from_obj(self.params): return None return super(ConsulTokenModule, self).read_object() diff --git a/plugins/modules/copr.py b/plugins/modules/copr.py index 157a6c1605..90cb931210 100644 --- a/plugins/modules/copr.py +++ b/plugins/modules/copr.py @@ -9,49 +9,60 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r""" ---- module: copr short_description: Manage one of the Copr repositories version_added: 2.0.0 description: This module can enable, disable or remove the specified repository. author: Silvie Chlupova (@schlupov) requirements: - - dnf - - dnf-plugins-core + - dnf + - dnf-plugins-core notes: - - Supports C(check_mode). + - Supports C(check_mode). extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - host: - description: The Copr host to work with. - default: copr.fedorainfracloud.org - type: str - protocol: - description: This indicate which protocol to use with the host. - default: https - type: str - name: - description: Copr directory name, for example C(@copr/copr-dev). - required: true - type: str - state: - description: - - Whether to set this project as V(enabled), V(disabled), or V(absent). - default: enabled - type: str - choices: [absent, enabled, disabled] - chroot: - description: - - The name of the chroot that you want to enable/disable/remove in the project, - for example V(epel-7-x86_64). Default chroot is determined by the operating system, - version of the operating system, and architecture on which the module is run. - type: str + host: + description: The Copr host to work with. + default: copr.fedorainfracloud.org + type: str + protocol: + description: This indicate which protocol to use with the host. + default: https + type: str + name: + description: Copr directory name, for example C(@copr/copr-dev). + required: true + type: str + state: + description: + - Whether to set this project as V(enabled), V(disabled), or V(absent). + default: enabled + type: str + choices: [absent, enabled, disabled] + chroot: + description: + - The name of the chroot that you want to enable/disable/remove in the project, for example V(epel-7-x86_64). Default + chroot is determined by the operating system, version of the operating system, and architecture on which the module + is run. + type: str + includepkgs: + description: List of packages to include. + required: false + type: list + elements: str + version_added: 9.4.0 + excludepkgs: + description: List of packages to exclude. + required: false + type: list + elements: str + version_added: 9.4.0 """ EXAMPLES = r""" @@ -255,6 +266,12 @@ class CoprModule(object): """ if not repo_content: repo_content = self._download_repo_info() + if self.ansible_module.params["includepkgs"]: + includepkgs_value = ','.join(self.ansible_module.params['includepkgs']) + repo_content = repo_content.rstrip('\n') + '\nincludepkgs={0}\n'.format(includepkgs_value) + if self.ansible_module.params["excludepkgs"]: + excludepkgs_value = ','.join(self.ansible_module.params['excludepkgs']) + repo_content = repo_content.rstrip('\n') + '\nexcludepkgs={0}\n'.format(excludepkgs_value) if self._compare_repo_content(repo_filename_path, repo_content): return False if not self.check_mode: @@ -470,6 +487,8 @@ def run_module(): name=dict(type="str", required=True), state=dict(type="str", choices=["enabled", "disabled", "absent"], default="enabled"), chroot=dict(type="str"), + includepkgs=dict(type='list', elements="str", required=False), + excludepkgs=dict(type='list', elements="str", required=False), ) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) params = module.params diff --git a/plugins/modules/cpanm.py b/plugins/modules/cpanm.py index 20ac3e7149..3f708581ac 100644 --- a/plugins/modules/cpanm.py +++ b/plugins/modules/cpanm.py @@ -10,8 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: cpanm short_description: Manages Perl library dependencies description: @@ -68,30 +67,38 @@ options: mode: description: - Controls the module behavior. See notes below for more details. - - Default is V(compatibility) but that behavior is deprecated and will be changed to V(new) in community.general 9.0.0. + - The default changed from V(compatibility) to V(new) in community.general 9.0.0. type: str choices: [compatibility, new] + default: new version_added: 3.0.0 name_check: description: - - When O(mode=new), this parameter can be used to check if there is a module O(name) installed (at O(version), when specified). + - When O(mode=new), this parameter can be used to check if there is a module O(name) installed (at O(version), when + specified). type: str version_added: 3.0.0 notes: - Please note that U(http://search.cpan.org/dist/App-cpanminus/bin/cpanm, cpanm) must be installed on the remote host. - - "This module now comes with a choice of execution O(mode): V(compatibility) or V(new)." - - "O(mode=compatibility): When using V(compatibility) mode, the module will keep backward compatibility. This is the default mode. - O(name) must be either a module name or a distribution file. If the perl module given by O(name) is installed (at the exact O(version) - when specified), then nothing happens. Otherwise, it will be installed using the C(cpanm) executable. O(name) cannot be an URL, or a git URL. - C(cpanm) version specifiers do not work in this mode." - - "O(mode=new): When using V(new) mode, the module will behave differently. The O(name) parameter may refer to a module name, a distribution file, - a HTTP URL or a git repository URL as described in C(cpanminus) documentation. C(cpanm) version specifiers are recognized." + - 'This module now comes with a choice of execution O(mode): V(compatibility) or V(new).' + - 'O(mode=compatibility): When using V(compatibility) mode, the module will keep backward compatibility. This was the default + mode before community.general 9.0.0. O(name) must be either a module name or a distribution file. If the perl module given + by O(name) is installed (at the exact O(version) when specified), then nothing happens. Otherwise, it will be installed + using the C(cpanm) executable. O(name) cannot be an URL, or a git URL. C(cpanm) version specifiers do not work in this + mode.' + - 'O(mode=new): When using V(new) mode, the module will behave differently. The O(name) parameter may refer to a module + name, a distribution file, a HTTP URL or a git repository URL as described in C(cpanminus) documentation. C(cpanm) version + specifiers are recognized. This is the default mode from community.general 9.0.0 onwards.' +seealso: + - name: C(cpanm) command manual page + description: Manual page for the command. + link: https://metacpan.org/dist/App-cpanminus/view/bin/cpanm author: - "Franck Cuny (@fcuny)" - "Alexei Znamensky (@russoz)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install Dancer perl package community.general.cpanm: name: Dancer @@ -129,9 +136,20 @@ EXAMPLES = ''' community.general.cpanm: name: Dancer version: '1.0' -''' +""" + +RETURN = r""" +cpanm_version: + description: Version of CPANMinus. + type: str + returned: always + sample: "1.7047" + version_added: 10.0.0 +""" + import os +import re from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper @@ -150,7 +168,7 @@ class CPANMinus(ModuleHelper): mirror_only=dict(type='bool', default=False), installdeps=dict(type='bool', default=False), executable=dict(type='path'), - mode=dict(type='str', choices=['compatibility', 'new']), + mode=dict(type='str', default='new', choices=['compatibility', 'new']), name_check=dict(type='str') ), required_one_of=[('name', 'from_path')], @@ -164,18 +182,12 @@ class CPANMinus(ModuleHelper): mirror_only=cmd_runner_fmt.as_bool("--mirror-only"), installdeps=cmd_runner_fmt.as_bool("--installdeps"), pkg_spec=cmd_runner_fmt.as_list(), + cpanm_version=cmd_runner_fmt.as_fixed("--version"), ) + use_old_vardict = False def __init_module__(self): v = self.vars - if v.mode is None: - self.deprecate( - "The default value 'compatibility' for parameter 'mode' is being deprecated " - "and it will be replaced by 'new'", - version="9.0.0", - collection_name="community.general" - ) - v.mode = "compatibility" if v.mode == "compatibility": if v.name_check: self.do_raise("Parameter name_check can only be used with mode=new") @@ -187,6 +199,14 @@ class CPANMinus(ModuleHelper): self.runner = CmdRunner(self.module, self.command, self.command_args_formats, check_rc=True) self.vars.binary = self.runner.binary + with self.runner("cpanm_version") as ctx: + rc, out, err = ctx.run() + line = out.split('\n')[0] + match = re.search(r"version\s+([\d\.]+)\s+", line) + if not match: + self.do_raise("Failed to determine version number. First line of output: {0}".format(line)) + self.vars.cpanm_version = match.group(1) + def _is_package_installed(self, name, locallib, version): def process(rc, out, err): return rc == 0 diff --git a/plugins/modules/cronvar.py b/plugins/modules/cronvar.py index fdcbc7d24b..488e739704 100644 --- a/plugins/modules/cronvar.py +++ b/plugins/modules/cronvar.py @@ -17,8 +17,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: cronvar short_description: Manage variables in crontabs description: @@ -49,14 +48,13 @@ options: type: str insertbefore: description: - - Used with O(state=present). If specified, the variable will be inserted - just before the variable specified. + - Used with O(state=present). If specified, the variable will be inserted just before the variable specified. type: str state: description: - Whether to ensure that the variable is present or absent. type: str - choices: [ absent, present ] + choices: [absent, present] default: present user: description: @@ -71,18 +69,17 @@ options: type: str backup: description: - - If set, create a backup of the crontab before it is modified. - The location of the backup is returned in the C(backup) variable by this module. - # TODO: C() above should be RV(), but return values have not been documented! + - If set, create a backup of the crontab before it is modified. The location of the backup is returned in the C(backup) + variable by this module. type: bool default: false requirements: - cron author: -- Doug Luce (@dougluce) -''' + - Doug Luce (@dougluce) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure entry like "EMAIL=doug@ansibmod.con.com" exists community.general.cronvar: name: EMAIL @@ -99,7 +96,7 @@ EXAMPLES = r''' value: /var/log/yum-autoupdate.log user: root cron_file: ansible_yum-autoupdate -''' +""" import os import platform @@ -183,6 +180,7 @@ class CronVar(object): fileh = open(backup_file, 'w') elif self.cron_file: fileh = open(self.cron_file, 'w') + path = None else: filed, path = tempfile.mkstemp(prefix='crontab') fileh = os.fdopen(filed, 'w') diff --git a/plugins/modules/crypttab.py b/plugins/modules/crypttab.py index 931a0c930b..b6a0e52cc3 100644 --- a/plugins/modules/crypttab.py +++ b/plugins/modules/crypttab.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: crypttab short_description: Encrypted Linux block devices description: @@ -24,31 +23,27 @@ attributes: options: name: description: - - Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or - optionally prefixed with V(/dev/mapper/), as it appears in the filesystem. V(/dev/mapper/) - will be stripped from O(name). + - Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or optionally prefixed with V(/dev/mapper/), + as it appears in the filesystem. V(/dev/mapper/) will be stripped from O(name). type: str required: true state: description: - - Use V(present) to add a line to C(/etc/crypttab) or update its definition - if already present. + - Use V(present) to add a line to C(/etc/crypttab) or update its definition if already present. - Use V(absent) to remove a line with matching O(name). - - Use V(opts_present) to add options to those already present; options with - different values will be updated. + - Use V(opts_present) to add options to those already present; options with different values will be updated. - Use V(opts_absent) to remove options from the existing set. type: str required: true - choices: [ absent, opts_absent, opts_present, present ] + choices: [absent, opts_absent, opts_present, present] backing_device: description: - - Path to the underlying block device or file, or the UUID of a block-device - prefixed with V(UUID=). + - Path to the underlying block device or file, or the UUID of a block-device prefixed with V(UUID=). type: str password: description: - - Encryption password, the path to a file containing the password, or - V(-) or unset if the password should be entered at boot. + - Encryption password, the path to a file containing the password, or V(-) or unset if the password should be entered + at boot. type: path opts: description: @@ -61,10 +56,10 @@ options: type: path default: /etc/crypttab author: -- Steve (@groks) -''' + - Steve (@groks) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Set the options explicitly a device which must already exist community.general.crypttab: name: luks-home @@ -78,7 +73,7 @@ EXAMPLES = r''' opts: discard loop: '{{ ansible_mounts }}' when: "'/dev/mapper/luks-' in {{ item.device }}" -''' +""" import os import traceback diff --git a/plugins/modules/datadog_downtime.py b/plugins/modules/datadog_downtime.py index a3a6a660f0..f693ba3c2d 100644 --- a/plugins/modules/datadog_downtime.py +++ b/plugins/modules/datadog_downtime.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = """ ---- +DOCUMENTATION = r""" module: datadog_downtime short_description: Manages Datadog downtimes version_added: 2.0.0 @@ -25,105 +24,105 @@ requirements: extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - api_key: - description: - - Your Datadog API key. - required: true - type: str - api_host: - description: - - The URL to the Datadog API. - - This value can also be set with the E(DATADOG_HOST) environment variable. - required: false - default: https://api.datadoghq.com - type: str - app_key: - description: - - Your Datadog app key. - required: true - type: str - state: - description: - - The designated state of the downtime. - required: false - choices: ["present", "absent"] - default: present - type: str - id: - description: - - The identifier of the downtime. - - If empty, a new downtime gets created, otherwise it is either updated or deleted depending of the O(state). - - To keep your playbook idempotent, you should save the identifier in a file and read it in a lookup. - type: int + api_key: + description: + - Your Datadog API key. + required: true + type: str + api_host: + description: + - The URL to the Datadog API. + - This value can also be set with the E(DATADOG_HOST) environment variable. + required: false + default: https://api.datadoghq.com + type: str + app_key: + description: + - Your Datadog app key. + required: true + type: str + state: + description: + - The designated state of the downtime. + required: false + choices: ["present", "absent"] + default: present + type: str + id: + description: + - The identifier of the downtime. + - If empty, a new downtime gets created, otherwise it is either updated or deleted depending of the O(state). + - To keep your playbook idempotent, you should save the identifier in a file and read it in a lookup. + type: int + monitor_tags: + description: + - A list of monitor tags to which the downtime applies. + - The resulting downtime applies to monitors that match ALL provided monitor tags. + type: list + elements: str + scope: + description: + - A list of scopes to which the downtime applies. + - The resulting downtime applies to sources that matches ALL provided scopes. + type: list + elements: str + monitor_id: + description: + - The ID of the monitor to mute. If not provided, the downtime applies to all monitors. + type: int + downtime_message: + description: + - A message to include with notifications for this downtime. + - Email notifications can be sent to specific users by using the same "@username" notation as events. + type: str + start: + type: int + description: + - POSIX timestamp to start the downtime. If not provided, the downtime starts the moment it is created. + end: + type: int + description: + - POSIX timestamp to end the downtime. If not provided, the downtime is in effect until you cancel it. + timezone: + description: + - The timezone for the downtime. + type: str + rrule: + description: + - The C(RRULE) standard for defining recurring events. + - For example, to have a recurring event on the first day of each month, select a type of rrule and set the C(FREQ) + to C(MONTHLY) and C(BYMONTHDAY) to C(1). + - Most common rrule options from the iCalendar Spec are supported. + - Attributes specifying the duration in C(RRULE) are not supported (for example C(DTSTART), C(DTEND), C(DURATION)). + type: str +""" + +EXAMPLES = r""" +- name: Create a downtime + register: downtime_var + community.general.datadog_downtime: + state: present monitor_tags: - description: - - A list of monitor tags to which the downtime applies. - - The resulting downtime applies to monitors that match ALL provided monitor tags. - type: list - elements: str - scope: - description: - - A list of scopes to which the downtime applies. - - The resulting downtime applies to sources that matches ALL provided scopes. - type: list - elements: str - monitor_id: - description: - - The ID of the monitor to mute. If not provided, the downtime applies to all monitors. - type: int - downtime_message: - description: - - A message to include with notifications for this downtime. - - Email notifications can be sent to specific users by using the same "@username" notation as events. - type: str - start: - type: int - description: - - POSIX timestamp to start the downtime. If not provided, the downtime starts the moment it is created. - end: - type: int - description: - - POSIX timestamp to end the downtime. If not provided, the downtime is in effect until you cancel it. - timezone: - description: - - The timezone for the downtime. - type: str - rrule: - description: - - The C(RRULE) standard for defining recurring events. - - For example, to have a recurring event on the first day of each month, - select a type of rrule and set the C(FREQ) to C(MONTHLY) and C(BYMONTHDAY) to C(1). - - Most common rrule options from the iCalendar Spec are supported. - - Attributes specifying the duration in C(RRULE) are not supported (for example C(DTSTART), C(DTEND), C(DURATION)). - type: str + - "foo:bar" + downtime_message: "Downtime for foo:bar" + scope: "test" + api_key: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + app_key: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + # Lookup the id in the file and ignore errors if the file doesn't exits, so downtime gets created + id: "{{ lookup('file', inventory_hostname ~ '_downtime_id.txt', errors='ignore') }}" +- name: Save downtime id to file for later updates and idempotence + delegate_to: localhost + copy: + content: "{{ downtime.downtime.id }}" + dest: "{{ inventory_hostname ~ '_downtime_id.txt' }}" """ -EXAMPLES = """ - - name: Create a downtime - register: downtime_var - community.general.datadog_downtime: - state: present - monitor_tags: - - "foo:bar" - downtime_message: "Downtime for foo:bar" - scope: "test" - api_key: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - app_key: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - # Lookup the id in the file and ignore errors if the file doesn't exits, so downtime gets created - id: "{{ lookup('file', inventory_hostname ~ '_downtime_id.txt', errors='ignore') }}" - - name: Save downtime id to file for later updates and idempotence - delegate_to: localhost - copy: - content: "{{ downtime.downtime.id }}" - dest: "{{ inventory_hostname ~ '_downtime_id.txt' }}" -""" - -RETURN = """ +RETURN = r""" # Returns the downtime JSON dictionary from the API response under the C(downtime) key. # See https://docs.datadoghq.com/api/v1/downtimes/#schedule-a-downtime for more details. downtime: diff --git a/plugins/modules/datadog_event.py b/plugins/modules/datadog_event.py index 6008b565b3..97be0c9b16 100644 --- a/plugins/modules/datadog_event.py +++ b/plugins/modules/datadog_event.py @@ -14,81 +14,88 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: datadog_event short_description: Posts events to Datadog service description: - - "Allows to post events to Datadog (www.datadoghq.com) service." - - "Uses http://docs.datadoghq.com/api/#events API." + - Allows to post events to Datadog (www.datadoghq.com) service. + - Uses http://docs.datadoghq.com/api/#events API. author: - "Artūras 'arturaz' Šlajus (@arturaz)" - "Naoya Nakazawa (@n0ts)" extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - api_key: - type: str - description: ["Your DataDog API key."] - required: true - app_key: - type: str - description: ["Your DataDog app key."] - required: true - title: - type: str - description: ["The event title."] - required: true - text: - type: str - description: ["The body of the event."] - required: true - date_happened: - type: int - description: - - POSIX timestamp of the event. - - Default value is now. - priority: - type: str - description: ["The priority of the event."] - default: normal - choices: [normal, low] - host: - type: str - description: - - Host name to associate with the event. - - If not specified, it defaults to the remote system's hostname. - api_host: - type: str - description: - - DataDog API endpoint URL. - version_added: '3.3.0' - tags: - type: list - elements: str - description: ["Comma separated list of tags to apply to the event."] - alert_type: - type: str - description: ["Type of alert."] - default: info - choices: ['error', 'warning', 'info', 'success'] - aggregation_key: - type: str - description: ["An arbitrary string to use for aggregation."] - validate_certs: - description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. - type: bool - default: true -''' + api_key: + type: str + description: + - Your DataDog API key. + required: true + app_key: + type: str + description: + - Your DataDog app key. + required: true + title: + type: str + description: + - The event title. + required: true + text: + type: str + description: + - The body of the event. + required: true + date_happened: + type: int + description: + - POSIX timestamp of the event. + - Default value is now. + priority: + type: str + description: + - The priority of the event. + default: normal + choices: [normal, low] + host: + type: str + description: + - Host name to associate with the event. + - If not specified, it defaults to the remote system's hostname. + api_host: + type: str + description: + - DataDog API endpoint URL. + version_added: '3.3.0' + tags: + type: list + elements: str + description: + - Comma separated list of tags to apply to the event. + alert_type: + type: str + description: + - Type of alert. + default: info + choices: ['error', 'warning', 'info', 'success'] + aggregation_key: + type: str + description: + - An arbitrary string to use for aggregation. + validate_certs: + description: + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. + type: bool + default: true +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Post an event with low priority community.general.datadog_event: title: Testing from ansible @@ -116,8 +123,7 @@ EXAMPLES = ''' - aa - b - '#host:{{ inventory_hostname }}' - -''' +""" import platform import traceback diff --git a/plugins/modules/datadog_monitor.py b/plugins/modules/datadog_monitor.py index 75ae8c2332..eec0db0d32 100644 --- a/plugins/modules/datadog_monitor.py +++ b/plugins/modules/datadog_monitor.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: datadog_monitor short_description: Manages Datadog monitors description: @@ -21,181 +20,181 @@ requirements: [datadog] extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - api_key: - description: - - Your Datadog API key. - required: true - type: str - api_host: - description: - - The URL to the Datadog API. Default value is V(https://api.datadoghq.com). - - This value can also be set with the E(DATADOG_HOST) environment variable. - required: false - type: str - version_added: '0.2.0' - app_key: - description: - - Your Datadog app key. - required: true - type: str - state: - description: - - The designated state of the monitor. - required: true - choices: ['present', 'absent', 'mute', 'unmute'] - type: str - tags: - description: - - A list of tags to associate with your monitor when creating or updating. - - This can help you categorize and filter monitors. - type: list - elements: str - type: - description: - - The type of the monitor. - - The types V(query alert), V(trace-analytics alert) and V(rum alert) were added in community.general 2.1.0. - - The type V(composite) was added in community.general 3.4.0. - - The type V(event-v2 alert) was added in community.general 4.8.0. - choices: - - metric alert - - service check - - event alert - - event-v2 alert - - process alert - - log alert - - query alert - - trace-analytics alert - - rum alert - - composite - type: str - query: - description: - - The monitor query to notify on. - - Syntax varies depending on what type of monitor you are creating. - type: str - name: - description: - - The name of the alert. - required: true - type: str - notification_message: - description: - - A message to include with notifications for this monitor. - - Email notifications can be sent to specific users by using the same '@username' notation as events. - - Monitor message template variables can be accessed by using double square brackets, i.e '[[' and ']]'. - type: str - silenced: - type: dict - description: - - Dictionary of scopes to silence, with timestamps or None. - - Each scope will be muted until the given POSIX timestamp or forever if the value is None. - notify_no_data: - description: - - Whether this monitor will notify when data stops reporting. - type: bool - default: false - no_data_timeframe: - description: - - The number of minutes before a monitor will notify when data stops reporting. - - Must be at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. - - If not specified, it defaults to 2x timeframe for metric, 2 minutes for service. - type: str - timeout_h: - description: - - The number of hours of the monitor not reporting data before it will automatically resolve from a triggered state. - type: str - renotify_interval: - description: - - The number of minutes after the last notification before a monitor will re-notify on the current status. - - It will only re-notify if it is not resolved. - type: str - escalation_message: - description: - - A message to include with a re-notification. Supports the '@username' notification we allow elsewhere. - - Not applicable if O(renotify_interval=none). - type: str - notify_audit: - description: - - Whether tagged users will be notified on changes to this monitor. - type: bool - default: false - thresholds: - type: dict - description: - - A dictionary of thresholds by status. - - Only available for service checks and metric alerts. - - Because each of them can have multiple thresholds, we do not define them directly in the query. - - "If not specified, it defaults to: V({'ok': 1, 'critical': 1, 'warning': 1})." - locked: - description: - - Whether changes to this monitor should be restricted to the creator or admins. - type: bool - default: false - require_full_window: - description: - - Whether this monitor needs a full window of data before it gets evaluated. - - We highly recommend you set this to False for sparse metrics, otherwise some evaluations will be skipped. - type: bool - new_host_delay: - description: - - A positive integer representing the number of seconds to wait before evaluating the monitor for new hosts. - - This gives the host time to fully initialize. - type: str - evaluation_delay: - description: - - Time to delay evaluation (in seconds). - - Effective for sparse values. - type: str - id: - description: - - The ID of the alert. - - If set, will be used instead of the name to locate the alert. - type: str - include_tags: - description: - - Whether notifications from this monitor automatically inserts its triggering tags into the title. - type: bool - default: true - version_added: 1.3.0 - priority: - description: - - Integer from 1 (high) to 5 (low) indicating alert severity. - type: int - version_added: 4.6.0 - notification_preset_name: - description: - - Toggles the display of additional content sent in the monitor notification. - choices: - - show_all - - hide_query - - hide_handles - - hide_all - type: str - version_added: 7.1.0 - renotify_occurrences: - description: - - The number of times re-notification messages should be sent on the current status at the provided re-notification interval. - type: int - version_added: 7.1.0 - renotify_statuses: - description: - - The types of monitor statuses for which re-notification messages are sent. - choices: - - alert - - warn - - no data - type: list - elements: str - version_added: 7.1.0 + api_key: + description: + - Your Datadog API key. + required: true + type: str + api_host: + description: + - The URL to the Datadog API. Default value is V(https://api.datadoghq.com). + - This value can also be set with the E(DATADOG_HOST) environment variable. + required: false + type: str + version_added: '0.2.0' + app_key: + description: + - Your Datadog app key. + required: true + type: str + state: + description: + - The designated state of the monitor. + required: true + choices: ['present', 'absent', 'mute', 'unmute'] + type: str + tags: + description: + - A list of tags to associate with your monitor when creating or updating. + - This can help you categorize and filter monitors. + type: list + elements: str + type: + description: + - The type of the monitor. + - The types V(query alert), V(trace-analytics alert) and V(rum alert) were added in community.general 2.1.0. + - The type V(composite) was added in community.general 3.4.0. + - The type V(event-v2 alert) was added in community.general 4.8.0. + choices: + - metric alert + - service check + - event alert + - event-v2 alert + - process alert + - log alert + - query alert + - trace-analytics alert + - rum alert + - composite + type: str + query: + description: + - The monitor query to notify on. + - Syntax varies depending on what type of monitor you are creating. + type: str + name: + description: + - The name of the alert. + required: true + type: str + notification_message: + description: + - A message to include with notifications for this monitor. + - Email notifications can be sent to specific users by using the same '@username' notation as events. + - Monitor message template variables can be accessed by using double square brackets, in other words C([[) and C(]]). + type: str + silenced: + type: dict + description: + - Dictionary of scopes to silence, with timestamps or None. + - Each scope will be muted until the given POSIX timestamp or forever if the value is None. + notify_no_data: + description: + - Whether this monitor will notify when data stops reporting. + type: bool + default: false + no_data_timeframe: + description: + - The number of minutes before a monitor will notify when data stops reporting. + - Must be at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. + - If not specified, it defaults to 2x timeframe for metric, 2 minutes for service. + type: str + timeout_h: + description: + - The number of hours of the monitor not reporting data before it will automatically resolve from a triggered state. + type: str + renotify_interval: + description: + - The number of minutes after the last notification before a monitor will re-notify on the current status. + - It will only re-notify if it is not resolved. + type: str + escalation_message: + description: + - A message to include with a re-notification. Supports the '@username' notification we allow elsewhere. + - Not applicable if O(renotify_interval=none). + type: str + notify_audit: + description: + - Whether tagged users will be notified on changes to this monitor. + type: bool + default: false + thresholds: + type: dict + description: + - A dictionary of thresholds by status. + - Only available for service checks and metric alerts. + - Because each of them can have multiple thresholds, we do not define them directly in the query. + - "If not specified, it defaults to: V({'ok': 1, 'critical': 1, 'warning': 1})." + locked: + description: + - Whether changes to this monitor should be restricted to the creator or admins. + type: bool + default: false + require_full_window: + description: + - Whether this monitor needs a full window of data before it gets evaluated. + - We highly recommend you set this to False for sparse metrics, otherwise some evaluations will be skipped. + type: bool + new_host_delay: + description: + - A positive integer representing the number of seconds to wait before evaluating the monitor for new hosts. + - This gives the host time to fully initialize. + type: str + evaluation_delay: + description: + - Time to delay evaluation (in seconds). + - Effective for sparse values. + type: str + id: + description: + - The ID of the alert. + - If set, will be used instead of the name to locate the alert. + type: str + include_tags: + description: + - Whether notifications from this monitor automatically inserts its triggering tags into the title. + type: bool + default: true + version_added: 1.3.0 + priority: + description: + - Integer from V(1) (high) to V(5) (low) indicating alert severity. + type: int + version_added: 4.6.0 + notification_preset_name: + description: + - Toggles the display of additional content sent in the monitor notification. + choices: + - show_all + - hide_query + - hide_handles + - hide_all + type: str + version_added: 7.1.0 + renotify_occurrences: + description: + - The number of times re-notification messages should be sent on the current status at the provided re-notification + interval. + type: int + version_added: 7.1.0 + renotify_statuses: + description: + - The types of monitor statuses for which re-notification messages are sent. + choices: + - alert + - warn + - no data + type: list + elements: str + version_added: 7.1.0 +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a metric monitor community.general.datadog_monitor: type: "metric alert" @@ -239,7 +238,8 @@ EXAMPLES = ''' api_host: https://api.datadoghq.eu api_key: "9775a026f1ca7d1c6c5af9d94d9595a4" app_key: "87ce4a24b5553d2e482ea8a8500e71b8ad4554ff" -''' +""" + import traceback # Import Datadog diff --git a/plugins/modules/dconf.py b/plugins/modules/dconf.py index 065cf1a6a7..319d6770f2 100644 --- a/plugins/modules/dconf.py +++ b/plugins/modules/dconf.py @@ -9,53 +9,39 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: dconf author: - - "Branko Majic (@azaghal)" + - "Branko Majic (@azaghal)" short_description: Modify and read dconf database description: - - This module allows modifications and reading of C(dconf) database. The module - is implemented as a wrapper around C(dconf) tool. Please see the dconf(1) man - page for more details. - - Since C(dconf) requires a running D-Bus session to change values, the module - will try to detect an existing session and reuse it, or run the tool via - C(dbus-run-session). + - This module allows modifications and reading of C(dconf) database. The module is implemented as a wrapper around C(dconf) + tool. Please see the dconf(1) man page for more details. + - Since C(dconf) requires a running D-Bus session to change values, the module will try to detect an existing session and + reuse it, or run the tool using C(dbus-run-session). requirements: - - Optionally the C(gi.repository) Python library (usually included in the OS - on hosts which have C(dconf)); this will become a non-optional requirement - in a future major release of community.general. + - Optionally the C(gi.repository) Python library (usually included in the OS on hosts which have C(dconf)); this will become + a non-optional requirement in a future major release of community.general. notes: - - This module depends on C(psutil) Python library (version 4.0.0 and upwards), - C(dconf), C(dbus-send), and C(dbus-run-session) binaries. Depending on - distribution you are using, you may need to install additional packages to - have these available. - - This module uses the C(gi.repository) Python library when available for - accurate comparison of values in C(dconf) to values specified in Ansible - code. C(gi.repository) is likely to be present on most systems which have - C(dconf) but may not be present everywhere. When it is missing, a simple - string comparison between values is used, and there may be false positives, - that is, Ansible may think that a value is being changed when it is not. - This fallback will be removed in a future version of this module, at which - point the module will stop working on hosts without C(gi.repository). - - Detection of existing, running D-Bus session, required to change settings - via C(dconf), is not 100% reliable due to implementation details of D-Bus - daemon itself. This might lead to running applications not picking-up - changes on the fly if options are changed via Ansible and - C(dbus-run-session). - - Keep in mind that the C(dconf) CLI tool, which this module wraps around, - utilises an unusual syntax for the values (GVariant). For example, if you - wanted to provide a string value, the correct syntax would be - O(value="'myvalue'") - with single quotes as part of the Ansible parameter - value. - - When using loops in combination with a value like - V("[('xkb', 'us'\), ('xkb', 'se'\)]"), you need to be aware of possible - type conversions. Applying a filter V({{ item.value | string }}) - to the parameter variable can avoid potential conversion problems. - - The easiest way to figure out exact syntax/value you need to provide for a - key is by making the configuration change in application affected by the - key, and then having a look at value set via commands C(dconf dump - /path/to/dir/) or C(dconf read /path/to/key). + - This module depends on C(psutil) Python library (version 4.0.0 and upwards), C(dconf), C(dbus-send), and C(dbus-run-session) + binaries. Depending on distribution you are using, you may need to install additional packages to have these available. + - This module uses the C(gi.repository) Python library when available for accurate comparison of values in C(dconf) to values + specified in Ansible code. C(gi.repository) is likely to be present on most systems which have C(dconf) but may not be + present everywhere. When it is missing, a simple string comparison between values is used, and there may be false positives, + that is, Ansible may think that a value is being changed when it is not. This fallback will be removed in a future version + of this module, at which point the module will stop working on hosts without C(gi.repository). + - Detection of existing, running D-Bus session, required to change settings using C(dconf), is not 100% reliable due to + implementation details of D-Bus daemon itself. This might lead to running applications not picking-up changes on-the-fly + if options are changed using Ansible and C(dbus-run-session). + - Keep in mind that the C(dconf) CLI tool, which this module wraps around, utilises an unusual syntax for the values (GVariant). + For example, if you wanted to provide a string value, the correct syntax would be O(value="'myvalue'") - with single quotes + as part of the Ansible parameter value. + - When using loops in combination with a value like V("[('xkb', 'us'\), ('xkb', 'se'\)]"), you need to be aware of possible + type conversions. Applying a filter V({{ item.value | string }}) to the parameter variable can avoid potential conversion + problems. + - The easiest way to figure out exact syntax/value you need to provide for a key is by making the configuration change in + application affected by the key, and then having a look at value set using commands C(dconf dump /path/to/dir/) or C(dconf + read /path/to/key). extends_documentation_fragment: - community.general.attributes attributes: @@ -73,30 +59,27 @@ options: type: raw required: false description: - - Value to set for the specified dconf key. Value should be specified in - GVariant format. Due to complexity of this format, it is best to have a - look at existing values in the dconf database. + - Value to set for the specified dconf key. Value should be specified in GVariant format. Due to complexity of this + format, it is best to have a look at existing values in the dconf database. - Required for O(state=present). - - Although the type is specified as "raw", it should typically be - specified as a string. However, boolean values in particular are - handled properly even when specified as booleans rather than strings - (in fact, handling booleans properly is why the type of this parameter - is "raw"). + - Although the type is specified as "raw", it should typically be specified as a string. However, boolean values in + particular are handled properly even when specified as booleans rather than strings (in fact, handling booleans properly + is why the type of this parameter is "raw"). state: type: str required: false default: present - choices: [ 'read', 'present', 'absent' ] + choices: ['read', 'present', 'absent'] description: - The action to take upon the key/value. -''' +""" RETURN = r""" value: - description: value associated with the requested key - returned: success, state was "read" - type: str - sample: "'Default'" + description: Value associated with the requested key. + returned: success, state was "read" + type: str + sample: "'Default'" """ EXAMPLES = r""" diff --git a/plugins/modules/decompress.py b/plugins/modules/decompress.py new file mode 100644 index 0000000000..aa7a14aefb --- /dev/null +++ b/plugins/modules/decompress.py @@ -0,0 +1,213 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Stanislav Shamilov +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) + +__metaclass__ = type + +DOCUMENTATION = r""" +module: decompress +short_description: Decompresses compressed files +version_added: 10.1.0 +description: + - Decompresses compressed files. + - The source (compressed) file and destination (decompressed) files are on the remote host. + - Source file can be deleted after decompression. +extends_documentation_fragment: + - ansible.builtin.files + - community.general.attributes +attributes: + check_mode: + support: full + diff_mode: + support: none +options: + src: + description: + - Remote absolute path for the file to decompress. + type: path + required: true + dest: + description: + - The file name of the destination file where the compressed file will be decompressed. + - If the destination file exists, it will be truncated and overwritten. + - If not specified, the destination filename will be derived from O(src) by removing the compression format extension. + For example, if O(src) is V(/path/to/file.txt.gz) and O(format) is V(gz), O(dest) will be V(/path/to/file.txt). If + the O(src) file does not have an extension for the current O(format), the O(dest) filename will be made by appending + C(_decompressed) to the O(src) filename. For instance, if O(src) is V(/path/to/file.myextension), the (dest) filename + will be V(/path/to/file.myextension_decompressed). + type: path + format: + description: + - The type of compression to use to decompress. + type: str + choices: [gz, bz2, xz] + default: gz + remove: + description: + - Remove original compressed file after decompression. + type: bool + default: false +requirements: + - Requires C(lzma) (standard library of Python 3) or L(backports.lzma, https://pypi.org/project/backports.lzma/) (Python + 2) if using C(xz) format. +author: + - Stanislav Shamilov (@shamilovstas) +""" + +EXAMPLES = r""" +- name: Decompress file /path/to/file.txt.gz into /path/to/file.txt (gz compression is used by default) + community.general.decompress: + src: /path/to/file.txt.gz + dest: /path/to/file.txt + +- name: Decompress file /path/to/file.txt.gz into /path/to/file.txt + community.general.decompress: + src: /path/to/file.txt.gz + +- name: Decompress file compressed with bzip2 + community.general.decompress: + src: /path/to/file.txt.bz2 + dest: /path/to/file.bz2 + format: bz2 + +- name: Decompress file and delete the compressed file afterwards + community.general.decompress: + src: /path/to/file.txt.gz + dest: /path/to/file.txt + remove: true +""" + +RETURN = r""" +dest: + description: Path to decompressed file. + type: str + returned: success + sample: /path/to/file.txt +""" + +import bz2 +import filecmp +import gzip +import os +import shutil +import tempfile + +from ansible.module_utils import six +from ansible_collections.community.general.plugins.module_utils.mh.module_helper import ModuleHelper +from ansible.module_utils.common.text.converters import to_native, to_bytes +from ansible_collections.community.general.plugins.module_utils import deps + +with deps.declare("lzma"): + if six.PY3: + import lzma + else: + from backports import lzma + + +def lzma_decompress(src): + return lzma.open(src, "rb") + + +def bz2_decompress(src): + if six.PY3: + return bz2.open(src, "rb") + else: + return bz2.BZ2File(src, "rb") + + +def gzip_decompress(src): + return gzip.open(src, "rb") + + +def decompress(b_src, b_dest, handler): + with handler(b_src) as src_file: + with open(b_dest, "wb") as dest_file: + shutil.copyfileobj(src_file, dest_file) + + +class Decompress(ModuleHelper): + destination_filename_template = "%s_decompressed" + use_old_vardict = False + output_params = 'dest' + + module = dict( + argument_spec=dict( + src=dict(type='path', required=True), + dest=dict(type='path'), + format=dict(type='str', default='gz', choices=['gz', 'bz2', 'xz']), + remove=dict(type='bool', default=False) + ), + add_file_common_args=True, + supports_check_mode=True + ) + + def __init_module__(self): + self.handlers = {"gz": gzip_decompress, "bz2": bz2_decompress, "xz": lzma_decompress} + if self.vars.dest is None: + self.vars.dest = self.get_destination_filename() + deps.validate(self.module) + self.configure() + + def configure(self): + b_dest = to_bytes(self.vars.dest, errors='surrogate_or_strict') + b_src = to_bytes(self.vars.src, errors='surrogate_or_strict') + if not os.path.exists(b_src): + if self.vars.remove and os.path.exists(b_dest): + self.module.exit_json(changed=False) + else: + self.do_raise(msg="Path does not exist: '%s'" % b_src) + if os.path.isdir(b_src): + self.do_raise(msg="Cannot decompress directory '%s'" % b_src) + if os.path.isdir(b_dest): + self.do_raise(msg="Destination is a directory, cannot decompress: '%s'" % b_dest) + + def __run__(self): + b_dest = to_bytes(self.vars.dest, errors='surrogate_or_strict') + b_src = to_bytes(self.vars.src, errors='surrogate_or_strict') + + file_args = self.module.load_file_common_arguments(self.module.params, path=self.vars.dest) + handler = self.handlers[self.vars.format] + try: + tempfd, temppath = tempfile.mkstemp(dir=self.module.tmpdir) + self.module.add_cleanup_file(temppath) + b_temppath = to_bytes(temppath, errors='surrogate_or_strict') + decompress(b_src, b_temppath, handler) + except OSError as e: + self.do_raise(msg="Unable to create temporary file '%s'" % to_native(e)) + + if os.path.exists(b_dest): + self.changed = not filecmp.cmp(b_temppath, b_dest, shallow=False) + else: + self.changed = True + + if self.changed and not self.module.check_mode: + try: + self.module.atomic_move(b_temppath, b_dest) + except OSError: + self.do_raise(msg="Unable to move temporary file '%s' to '%s'" % (b_temppath, self.vars.dest)) + + if self.vars.remove and not self.check_mode: + os.remove(b_src) + self.changed = self.module.set_fs_attributes_if_different(file_args, self.changed) + + def get_destination_filename(self): + src = self.vars.src + fmt_extension = ".%s" % self.vars.format + if src.endswith(fmt_extension) and len(src) > len(fmt_extension): + filename = src[:-len(fmt_extension)] + else: + filename = Decompress.destination_filename_template % src + return filename + + +def main(): + Decompress.execute() + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/deploy_helper.py b/plugins/modules/deploy_helper.py index b47ed82540..14a7d4f8c7 100644 --- a/plugins/modules/deploy_helper.py +++ b/plugins/modules/deploy_helper.py @@ -11,27 +11,19 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: deploy_helper author: "Ramon de la Fuente (@ramondelafuente)" short_description: Manages some of the steps common in deploying projects description: - - The Deploy Helper manages some of the steps common in deploying software. - It creates a folder structure, manages a symlink for the current release - and cleans up old releases. - # TODO: convert below to RETURN documentation! - - "Running it with the O(state=query) or O(state=present) will return the C(deploy_helper) fact. - C(project_path), whatever you set in the O(path) parameter, - C(current_path), the path to the symlink that points to the active release, - C(releases_path), the path to the folder to keep releases in, - C(shared_path), the path to the folder to keep shared resources in, - C(unfinished_filename), the file to check for to recognize unfinished builds, - C(previous_release), the release the 'current' symlink is pointing to, - C(previous_release_path), the full path to the 'current' symlink target, - C(new_release), either the 'release' parameter or a generated timestamp, - C(new_release_path), the path to the new release folder (not created by the module)." - + - The Deploy Helper manages some of the steps common in deploying software. It creates a folder structure, manages a symlink + for the current release and cleans up old releases. + - Running it with the O(state=query) or O(state=present) will return the C(deploy_helper) fact. C(project_path), whatever + you set in the O(path) parameter, C(current_path), the path to the symlink that points to the active release, C(releases_path), + the path to the folder to keep releases in, C(shared_path), the path to the folder to keep shared resources in, C(unfinished_filename), + the file to check for to recognize unfinished builds, C(previous_release), the release the 'current' symlink is pointing + to, C(previous_release_path), the full path to the 'current' symlink target, C(new_release), either the O(release) parameter + or a generated timestamp, C(new_release_path), the path to the new release folder (not created by the module). attributes: check_mode: support: full @@ -44,42 +36,38 @@ options: required: true aliases: ['dest'] description: - - The root path of the project. - Returned in the C(deploy_helper.project_path) fact. - + - The root path of the project. Returned in the C(deploy_helper.project_path) fact. state: type: str description: - The state of the project. - V(query) will only gather facts. - V(present) will create the project C(root) folder, and in it the C(releases) and C(shared) folders. - - V(finalize) will remove the unfinished_filename file, create a symlink to the newly - deployed release and optionally clean old releases. + - V(finalize) will remove the unfinished_filename file, create a symlink to the newly deployed release and optionally + clean old releases. - V(clean) will remove failed & old releases. - V(absent) will remove the project folder (synonymous to the M(ansible.builtin.file) module with O(state=absent)). - choices: [ present, finalize, absent, clean, query ] + choices: [present, finalize, absent, clean, query] default: present release: type: str description: - The release version that is being deployed. Defaults to a timestamp format C(%Y%m%d%H%M%S) (for example V(20141119223359)). - This parameter is optional during O(state=present), but needs to be set explicitly for O(state=finalize). - You can use the generated fact C(release={{ deploy_helper.new_release }}). - + This parameter is optional during O(state=present), but needs to be set explicitly for O(state=finalize). You can + use the generated fact C(release={{ deploy_helper.new_release }}). releases_path: type: str description: - - The name of the folder that will hold the releases. This can be relative to O(path) or absolute. - Returned in the C(deploy_helper.releases_path) fact. + - The name of the folder that will hold the releases. This can be relative to O(path) or absolute. Returned in the C(deploy_helper.releases_path) + fact. default: releases shared_path: type: path description: - - The name of the folder that will hold the shared resources. This can be relative to O(path) or absolute. - If this is set to an empty string, no shared folder will be created. - Returned in the C(deploy_helper.shared_path) fact. + - The name of the folder that will hold the shared resources. This can be relative to O(path) or absolute. If this is + set to an empty string, no shared folder will be created. Returned in the C(deploy_helper.shared_path) fact. default: shared current_path: @@ -92,9 +80,9 @@ options: unfinished_filename: type: str description: - - The name of the file that indicates a deploy has not finished. All folders in the O(releases_path) that - contain this file will be deleted on O(state=finalize) with O(clean=true), or O(state=clean). This file is - automatically deleted from the C(new_release_path) during O(state=finalize). + - The name of the file that indicates a deploy has not finished. All folders in the O(releases_path) that contain this + file will be deleted on O(state=finalize) with O(clean=true), or O(state=clean). This file is automatically deleted + from the C(new_release_path) during O(state=finalize). default: DEPLOY_UNFINISHED clean: @@ -111,20 +99,18 @@ options: default: 5 notes: - - Facts are only returned for O(state=query) and O(state=present). If you use both, you should pass any overridden - parameters to both calls, otherwise the second call will overwrite the facts of the first one. - - When using O(state=clean), the releases are ordered by I(creation date). You should be able to switch to a - new naming strategy without problems. - - Because of the default behaviour of generating the C(new_release) fact, this module will not be idempotent - unless you pass your own release name with O(release). Due to the nature of deploying software, this should not - be much of a problem. + - Facts are only returned for O(state=query) and O(state=present). If you use both, you should pass any overridden parameters + to both calls, otherwise the second call will overwrite the facts of the first one. + - When using O(state=clean), the releases are ordered by I(creation date). You should be able to switch to a new naming + strategy without problems. + - Because of the default behaviour of generating the C(new_release) fact, this module will not be idempotent unless you + pass your own release name with O(release). Due to the nature of deploying software, this should not be much of a problem. extends_documentation_fragment: - ansible.builtin.files - community.general.attributes -''' - -EXAMPLES = ''' +""" +EXAMPLES = r""" # General explanation, starting with an example folder structure for a project: # root: @@ -192,10 +178,10 @@ EXAMPLES = ''' src: '{{ deploy_helper.shared_path }}/{{ item.src }}' state: link with_items: - - path: app/sessions - src: sessions - - path: web/uploads - src: uploads + - path: app/sessions + src: sessions + - path: web/uploads + src: uploads - name: Finalize the deploy, removing the unfinished file and switching the symlink community.general.deploy_helper: path: /path/to/root @@ -277,7 +263,8 @@ EXAMPLES = ''' path: /path/to/root - ansible.builtin.debug: var: deploy_helper -''' +""" + import os import shutil import time diff --git a/plugins/modules/dimensiondata_network.py b/plugins/modules/dimensiondata_network.py index cfb7d61cd9..6617d6aef1 100644 --- a/plugins/modules/dimensiondata_network.py +++ b/plugins/modules/dimensiondata_network.py @@ -14,8 +14,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: dimensiondata_network short_description: Create, update, and delete MCP 1.0 & 2.0 networks extends_documentation_fragment: @@ -24,7 +23,7 @@ extends_documentation_fragment: - community.general.attributes description: - - Create, update, and delete MCP 1.0 & 2.0 networks + - Create, update, and delete MCP 1.0 & 2.0 networks. author: 'Aimon Bustardo (@aimonb)' attributes: check_mode: @@ -55,9 +54,9 @@ options: choices: [present, absent] default: present type: str -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create an MCP 1.0 network community.general.dimensiondata_network: region: na @@ -79,43 +78,43 @@ EXAMPLES = ''' location: NA1 name: mynet state: absent -''' +""" -RETURN = ''' +RETURN = r""" network: - description: Dictionary describing the network. - returned: On success when O(state=present). - type: complex - contains: - id: - description: Network ID. - type: str - sample: "8c787000-a000-4050-a215-280893411a7d" - name: - description: Network name. - type: str - sample: "My network" - description: - description: Network description. - type: str - sample: "My network description" - location: - description: Datacenter location. - type: str - sample: NA3 - status: - description: Network status. (MCP 2.0 only) - type: str - sample: NORMAL - private_net: - description: Private network subnet. (MCP 1.0 only) - type: str - sample: "10.2.3.0" - multicast: - description: Multicast enabled? (MCP 1.0 only) - type: bool - sample: false -''' + description: Dictionary describing the network. + returned: On success when O(state=present). + type: complex + contains: + id: + description: Network ID. + type: str + sample: "8c787000-a000-4050-a215-280893411a7d" + name: + description: Network name. + type: str + sample: "My network" + description: + description: Network description. + type: str + sample: "My network description" + location: + description: Datacenter location. + type: str + sample: NA3 + status: + description: Network status. (MCP 2.0 only). + type: str + sample: NORMAL + private_net: + description: Private network subnet. (MCP 1.0 only). + type: str + sample: "10.2.3.0" + multicast: + description: Multicast enabled? (MCP 1.0 only). + type: bool + sample: false +""" import traceback from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/dimensiondata_vlan.py b/plugins/modules/dimensiondata_vlan.py index 9d129f3dea..2389d34333 100644 --- a/plugins/modules/dimensiondata_vlan.py +++ b/plugins/modules/dimensiondata_vlan.py @@ -10,8 +10,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: dimensiondata_vlan short_description: Manage a VLAN in a Cloud Control network domain extends_documentation_fragment: @@ -40,37 +39,39 @@ options: default: '' network_domain: description: - - The Id or name of the target network domain. + - The ID or name of the target network domain. required: true type: str private_ipv4_base_address: description: - - The base address for the VLAN's IPv4 network (e.g. 192.168.1.0). + - The base address for the VLAN's IPv4 network (for example V(192.168.1.0)). type: str default: '' private_ipv4_prefix_size: description: - - The size of the IPv4 address space, e.g 24. - - Required, if O(private_ipv4_base_address) is specified. + - The size of the IPv4 address space, for example V(24). + - Required, if O(private_ipv4_base_address) is specified. type: int default: 0 state: description: - The desired state for the target VLAN. - - V(readonly) ensures that the state is only ever read, not modified (the module will fail if the resource does not exist). + - V(readonly) ensures that the state is only ever read, not modified (the module will fail if the resource does not + exist). choices: [present, absent, readonly] default: present type: str allow_expand: description: - - Permit expansion of the target VLAN's network if the module parameters specify a larger network than the VLAN currently possesses. + - Permit expansion of the target VLAN's network if the module parameters specify a larger network than the VLAN currently + possesses. - If V(false), the module will fail under these conditions. - This is intended to prevent accidental expansion of a VLAN's network (since this operation is not reversible). type: bool default: false -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add or update VLAN community.general.dimensiondata_vlan: region: na @@ -100,59 +101,59 @@ EXAMPLES = ''' name: my_vlan_1 state: absent wait: true -''' +""" -RETURN = ''' +RETURN = r""" vlan: - description: Dictionary describing the VLAN. - returned: On success when O(state=present) - type: complex - contains: - id: - description: VLAN ID. - type: str - sample: "aaaaa000-a000-4050-a215-2808934ccccc" - name: - description: VLAN name. - type: str - sample: "My VLAN" - description: - description: VLAN description. - type: str - sample: "My VLAN description" - location: - description: Datacenter location. - type: str - sample: NA3 - private_ipv4_base_address: - description: The base address for the VLAN's private IPV4 network. - type: str - sample: 192.168.23.0 - private_ipv4_prefix_size: - description: The prefix size for the VLAN's private IPV4 network. - type: int - sample: 24 - private_ipv4_gateway_address: - description: The gateway address for the VLAN's private IPV4 network. - type: str - sample: 192.168.23.1 - private_ipv6_base_address: - description: The base address for the VLAN's IPV6 network. - type: str - sample: 2402:9900:111:1195:0:0:0:0 - private_ipv6_prefix_size: - description: The prefix size for the VLAN's IPV6 network. - type: int - sample: 64 - private_ipv6_gateway_address: - description: The gateway address for the VLAN's IPV6 network. - type: str - sample: 2402:9900:111:1195:0:0:0:1 - status: - description: VLAN status. - type: str - sample: NORMAL -''' + description: Dictionary describing the VLAN. + returned: On success when O(state=present) + type: complex + contains: + id: + description: VLAN ID. + type: str + sample: "aaaaa000-a000-4050-a215-2808934ccccc" + name: + description: VLAN name. + type: str + sample: "My VLAN" + description: + description: VLAN description. + type: str + sample: "My VLAN description" + location: + description: Datacenter location. + type: str + sample: NA3 + private_ipv4_base_address: + description: The base address for the VLAN's private IPV4 network. + type: str + sample: 192.168.23.0 + private_ipv4_prefix_size: + description: The prefix size for the VLAN's private IPV4 network. + type: int + sample: 24 + private_ipv4_gateway_address: + description: The gateway address for the VLAN's private IPV4 network. + type: str + sample: 192.168.23.1 + private_ipv6_base_address: + description: The base address for the VLAN's IPV6 network. + type: str + sample: 2402:9900:111:1195:0:0:0:0 + private_ipv6_prefix_size: + description: The prefix size for the VLAN's IPV6 network. + type: int + sample: 64 + private_ipv6_gateway_address: + description: The gateway address for the VLAN's IPV6 network. + type: str + sample: 2402:9900:111:1195:0:0:0:1 + status: + description: VLAN status. + type: str + sample: NORMAL +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.dimensiondata import DimensionDataModule, UnknownNetworkError diff --git a/plugins/modules/discord.py b/plugins/modules/discord.py index 130649f076..7cf05da0c1 100644 --- a/plugins/modules/discord.py +++ b/plugins/modules/discord.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: discord short_description: Send Discord messages version_added: 3.1.0 @@ -18,7 +17,7 @@ description: author: Christian Wollinger (@cwollinger) seealso: - name: API documentation - description: Documentation for Discord API + description: Documentation for Discord API. link: https://discord.com/developers/docs/resources/webhook#execute-webhook extends_documentation_fragment: - community.general.attributes @@ -31,13 +30,13 @@ options: webhook_id: description: - The webhook ID. - - "Format from Discord webhook URL: C(/webhooks/{webhook.id}/{webhook.token})." + - 'Format from Discord webhook URL: C(/webhooks/{webhook.id}/{webhook.token}).' required: true type: str webhook_token: description: - The webhook token. - - "Format from Discord webhook URL: C(/webhooks/{webhook.id}/{webhook.token})." + - 'Format from Discord webhook URL: C(/webhooks/{webhook.id}/{webhook.token}).' required: true type: str content: @@ -62,13 +61,13 @@ options: description: - Send messages as Embeds to the Discord channel. - Embeds can have a colored border, embedded images, text fields and more. - - "Allowed parameters are described in the Discord Docs: U(https://discord.com/developers/docs/resources/channel#embed-object)" + - 'Allowed parameters are described in the Discord Docs: U(https://discord.com/developers/docs/resources/channel#embed-object).' - At least one of O(content) and O(embeds) must be specified. type: list elements: dict -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Send a message to the Discord channel community.general.discord: webhook_id: "00000" @@ -119,7 +118,7 @@ EXAMPLES = """ timestamp: "{{ ansible_date_time.iso8601 }}" """ -RETURN = """ +RETURN = r""" http_code: description: - Response Code returned by Discord API. diff --git a/plugins/modules/django_check.py b/plugins/modules/django_check.py new file mode 100644 index 0000000000..9699428b9c --- /dev/null +++ b/plugins/modules/django_check.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r""" +module: django_check +author: + - Alexei Znamensky (@russoz) +short_description: Wrapper for C(django-admin check) +version_added: 9.1.0 +description: + - This module is a wrapper for the execution of C(django-admin check). +extends_documentation_fragment: + - community.general.attributes + - community.general.django +options: + database: + description: + - Specify databases to run checks against. + - If not specified, Django will not run database tests. + type: list + elements: str + deploy: + description: + - Include additional checks relevant in a deployment setting. + type: bool + default: false + fail_level: + description: + - Message level that will trigger failure. + - Default is the Django default value. Check the documentation for the version being used. + type: str + choices: [CRITICAL, ERROR, WARNING, INFO, DEBUG] + tags: + description: + - Restrict checks to specific tags. + type: list + elements: str + apps: + description: + - Restrict checks to specific applications. + - Default is to check all applications. + type: list + elements: str +notes: + - The outcome of the module is found in the common return values RV(ignore:stdout), RV(ignore:stderr), RV(ignore:rc). + - The module will fail if RV(ignore:rc) is not zero. +attributes: + check_mode: + support: full + diff_mode: + support: none +""" + +EXAMPLES = r""" +- name: Check the entire project + community.general.django_check: + settings: myproject.settings + +- name: Create the project using specific databases + community.general.django_check: + database: + - somedb + - myotherdb + settings: fancysite.settings + pythonpath: /home/joedoe/project/fancysite + venv: /home/joedoe/project/fancysite/venv +""" + +RETURN = r""" +run_info: + description: Command-line execution information. + type: dict + returned: success and C(verbosity) >= 3 +version: + description: Version of Django. + type: str + returned: always + sample: 5.1.2 + version_added: 10.0.0 +""" + +from ansible_collections.community.general.plugins.module_utils.django import DjangoModuleHelper +from ansible_collections.community.general.plugins.module_utils.cmd_runner import cmd_runner_fmt + + +class DjangoCheck(DjangoModuleHelper): + module = dict( + argument_spec=dict( + database=dict(type="list", elements="str"), + deploy=dict(type="bool", default=False), + fail_level=dict(type="str", choices=["CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG"]), + tags=dict(type="list", elements="str"), + apps=dict(type="list", elements="str"), + ), + supports_check_mode=True, + ) + arg_formats = dict( + database=cmd_runner_fmt.stack(cmd_runner_fmt.as_opt_val)("--database"), + deploy=cmd_runner_fmt.as_bool("--deploy"), + fail_level=cmd_runner_fmt.as_opt_val("--fail-level"), + tags=cmd_runner_fmt.stack(cmd_runner_fmt.as_opt_val)("--tag"), + apps=cmd_runner_fmt.as_list(), + ) + django_admin_cmd = "check" + django_admin_arg_order = "database deploy fail_level tags apps" + + +def main(): + DjangoCheck.execute() + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/django_command.py b/plugins/modules/django_command.py new file mode 100644 index 0000000000..72cffb5c9c --- /dev/null +++ b/plugins/modules/django_command.py @@ -0,0 +1,94 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r""" +module: django_command +author: + - Alexei Znamensky (@russoz) +short_description: Run Django admin commands +version_added: 9.0.0 +description: + - This module allows the execution of arbitrary Django admin commands. +extends_documentation_fragment: + - community.general.attributes + - community.general.django +attributes: + check_mode: + support: none + diff_mode: + support: none +options: + command: + description: + - Django admin command. It must be a valid command accepted by C(python -m django) at the target system. + type: str + required: true + extra_args: + type: list + elements: str + description: + - List of extra arguments passed to the django admin command. +""" + +EXAMPLES = r""" +- name: Check the project + community.general.django_command: + command: check + settings: myproject.settings + +- name: Check the project in specified python path, using virtual environment + community.general.django_command: + command: check + settings: fancysite.settings + pythonpath: /home/joedoe/project/fancysite + venv: /home/joedoe/project/fancysite/venv +""" + +RETURN = r""" +run_info: + description: Command-line execution information. + type: dict + returned: success and O(verbosity) >= 3 +version: + description: Version of Django. + type: str + returned: always + sample: 5.1.2 + version_added: 10.0.0 +""" + +import shlex + +from ansible_collections.community.general.plugins.module_utils.django import DjangoModuleHelper +from ansible_collections.community.general.plugins.module_utils.cmd_runner import cmd_runner_fmt + + +class DjangoCommand(DjangoModuleHelper): + module = dict( + argument_spec=dict( + command=dict(type="str", required=True), + extra_args=dict(type="list", elements="str"), + ), + supports_check_mode=False, + ) + arg_formats = dict( + extra_args=cmd_runner_fmt.as_list(), + ) + django_admin_arg_order = "extra_args" + + def __init_module__(self): + self.vars.command = shlex.split(self.vars.command) + + +def main(): + DjangoCommand.execute() + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/django_createcachetable.py b/plugins/modules/django_createcachetable.py new file mode 100644 index 0000000000..4d849624a9 --- /dev/null +++ b/plugins/modules/django_createcachetable.py @@ -0,0 +1,73 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Alexei Znamensky +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r""" +module: django_createcachetable +author: + - Alexei Znamensky (@russoz) +short_description: Wrapper for C(django-admin createcachetable) +version_added: 9.1.0 +description: + - This module is a wrapper for the execution of C(django-admin createcachetable). +extends_documentation_fragment: + - community.general.attributes + - community.general.django + - community.general.django.database +attributes: + check_mode: + support: full + diff_mode: + support: none +""" + +EXAMPLES = r""" +- name: Create cache table in the default database + community.general.django_createcachetable: + settings: myproject.settings + +- name: Create cache table in the other database + community.general.django_createcachetable: + database: myotherdb + settings: fancysite.settings + pythonpath: /home/joedoe/project/fancysite + venv: /home/joedoe/project/fancysite/venv +""" + +RETURN = r""" +run_info: + description: Command-line execution information. + type: dict + returned: success and O(verbosity) >= 3 +version: + description: Version of Django. + type: str + returned: always + sample: 5.1.2 + version_added: 10.0.0 +""" + +from ansible_collections.community.general.plugins.module_utils.django import DjangoModuleHelper + + +class DjangoCreateCacheTable(DjangoModuleHelper): + module = dict( + supports_check_mode=True, + ) + django_admin_cmd = "createcachetable" + django_admin_arg_order = "noinput database dry_run" + _django_args = ["noinput", "database", "dry_run"] + _check_mode_arg = "dry_run" + + +def main(): + DjangoCreateCacheTable.execute() + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/django_manage.py b/plugins/modules/django_manage.py index 114ec0353e..dab544a29d 100644 --- a/plugins/modules/django_manage.py +++ b/plugins/modules/django_manage.py @@ -10,13 +10,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: django_manage short_description: Manages a Django application description: - - Manages a Django application using the C(manage.py) application frontend to C(django-admin). With the - O(virtualenv) parameter, all management commands will be executed by the given C(virtualenv) installation. + - Manages a Django application using the C(manage.py) application frontend to C(django-admin). With the O(virtualenv) parameter, + all management commands will be executed by the given C(virtualenv) installation. extends_documentation_fragment: - community.general.attributes attributes: @@ -27,24 +26,18 @@ attributes: options: command: description: - - The name of the Django management command to run. The commands listed below are built in this module and have some basic parameter validation. - - > - V(cleanup) - clean up old data from the database (deprecated in Django 1.5). This parameter will be - removed in community.general 9.0.0. Use V(clearsessions) instead. + - The name of the Django management command to run. The commands listed below are built in this module and have some + basic parameter validation. - V(collectstatic) - Collects the static files into C(STATIC_ROOT). - V(createcachetable) - Creates the cache tables for use with the database cache backend. - V(flush) - Removes all data from the database. - V(loaddata) - Searches for and loads the contents of the named O(fixtures) into the database. - V(migrate) - Synchronizes the database state with models and migrations. - - > - V(syncdb) - Synchronizes the database state with models and migrations (deprecated in Django 1.7). - This parameter will be removed in community.general 9.0.0. Use V(migrate) instead. - V(test) - Runs tests for all installed apps. - - > - V(validate) - Validates all installed models (deprecated in Django 1.7). This parameter will be - removed in community.general 9.0.0. Use V(check) instead. - - Other commands can be entered, but will fail if they are unknown to Django. Other commands that may - prompt for user input should be run with the C(--noinput) flag. + - Other commands can be entered, but will fail if they are unknown to Django. Other commands that may prompt for user + input should be run with the C(--noinput) flag. + - Support for the values V(cleanup), V(syncdb), V(validate) was removed in community.general 9.0.0. See note about supported + versions of Django. type: str required: true project_path: @@ -60,8 +53,8 @@ options: required: false pythonpath: description: - - A directory to add to the Python path. Typically used to include the settings module if it is located - external to the application directory. + - A directory to add to the Python path. Typically used to include the settings module if it is located external to + the application directory. - This would be equivalent to adding O(pythonpath)'s value to the E(PYTHONPATH) environment variable. type: path required: false @@ -69,6 +62,7 @@ options: virtualenv: description: - An optional path to a C(virtualenv) installation to use while running the manage application. + - The virtual environment must exist, otherwise the module will fail. type: path aliases: [virtual_env] apps: @@ -90,8 +84,7 @@ options: type: bool database: description: - - The database to target. Used by the V(createcachetable), V(flush), V(loaddata), V(syncdb), - and V(migrate) commands. + - The database to target. Used by the V(createcachetable), V(flush), V(loaddata), V(syncdb), and V(migrate) commands. type: str required: false failfast: @@ -113,14 +106,13 @@ options: type: bool merge: description: - - Will run out-of-order or missing migrations as they are not rollback migrations, you can only use this - parameter with V(migrate) command. + - Will run out-of-order or missing migrations as they are not rollback migrations, you can only use this parameter with + V(migrate) command. required: false type: bool link: description: - - Will create links to the files instead of copying them, you can only use this parameter with - V(collectstatic) command. + - Will create links to the files instead of copying them, you can only use this parameter with V(collectstatic) command. required: false type: bool testrunner: @@ -132,33 +124,23 @@ options: aliases: [test_runner] ack_venv_creation_deprecation: description: - - >- - When a O(virtualenv) is set but the virtual environment does not exist, the current behavior is - to create a new virtual environment. That behavior is deprecated and if that case happens it will - generate a deprecation warning. Set this flag to V(true) to suppress the deprecation warning. - - Please note that you will receive no further warning about this being removed until the module - will start failing in such cases from community.general 9.0.0 on. + - This option no longer has any effect since community.general 9.0.0. + - It will be removed from community.general 11.0.0. type: bool version_added: 5.8.0 notes: - - > - B(ATTENTION - DEPRECATION): Support for Django releases older than 4.1 will be removed in - community.general version 9.0.0 (estimated to be released in May 2024). - Please notice that Django 4.1 requires Python 3.8 or greater. - - C(virtualenv) (U(http://www.virtualenv.org)) must be installed on the remote host if the O(virtualenv) parameter - is specified. This requirement is deprecated and will be removed in community.general version 9.0.0. - - This module will create a virtualenv if the O(virtualenv) parameter is specified and a virtual environment does not already - exist at the given location. This behavior is deprecated and will be removed in community.general version 9.0.0. - - The parameter O(virtualenv) will remain in use, but it will require the specified virtualenv to exist. - The recommended way to create one in Ansible is by using M(ansible.builtin.pip). - - This module assumes English error messages for the V(createcachetable) command to detect table existence, - unfortunately. - - To be able to use the V(migrate) command with django versions < 1.7, you must have C(south) installed and added - as an app in your settings. - - To be able to use the V(collectstatic) command, you must have enabled staticfiles in your settings. - - Your C(manage.py) application must be executable (C(rwxr-xr-x)), and must have a valid shebang, - for example C(#!/usr/bin/env python), for invoking the appropriate Python interpreter. + - 'B(ATTENTION): Support for Django releases older than 4.1 has been removed in community.general version 9.0.0. While the + module allows for free-form commands, not verifying the version of Django being used, it is B(strongly recommended) to + use a more recent version of the framework.' + - Please notice that Django 4.1 requires Python 3.8 or greater. + - This module will not create a virtualenv if the O(virtualenv) parameter is specified and a virtual environment does not + already exist at the given location. This behavior changed in community.general version 9.0.0. + - The recommended way to create a virtual environment in Ansible is by using M(ansible.builtin.pip). + - This module assumes English error messages for the V(createcachetable) command to detect table existence, unfortunately. + - To be able to use the V(collectstatic) command, you must have enabled C(staticfiles) in your settings. + - Your C(manage.py) application must be executable (C(rwxr-xr-x)), and must have a valid shebang, for example C(#!/usr/bin/env + python), for invoking the appropriate Python interpreter. seealso: - name: django-admin and manage.py Reference description: Reference for C(django-admin) or C(manage.py) commands. @@ -169,16 +151,16 @@ seealso: - name: What Python version can I use with Django? description: From the Django FAQ, the response to Python requirements for the framework. link: https://docs.djangoproject.com/en/dev/faq/install/#what-python-version-can-i-use-with-django -requirements: [ "virtualenv", "django" ] +requirements: ["django >= 4.1"] author: - Alexei Znamensky (@russoz) - Scott Anderson (@tastychutney) -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Run cleanup on the application installed in django_dir community.general.django_manage: - command: cleanup + command: clearsessions project_path: "{{ django_dir }}" - name: Load the initial_data fixture into the application @@ -189,7 +171,7 @@ EXAMPLES = """ - name: Run syncdb on the application community.general.django_manage: - command: syncdb + command: migrate project_path: "{{ django_dir }}" settings: "{{ settings_app_name }}" pythonpath: "{{ settings_dir }}" @@ -233,22 +215,7 @@ def _ensure_virtualenv(module): activate = os.path.join(vbin, 'activate') if not os.path.exists(activate): - # In version 9.0.0, if the venv is not found, it should fail_json() here. - if not module.params['ack_venv_creation_deprecation']: - module.deprecate( - 'The behavior of "creating the virtual environment when missing" is being ' - 'deprecated and will be removed in community.general version 9.0.0. ' - 'Set the module parameter `ack_venv_creation_deprecation: true` to ' - 'prevent this message from showing up when creating a virtualenv.', - version='9.0.0', - collection_name='community.general', - ) - - virtualenv = module.get_bin_path('virtualenv', True) - vcmd = [virtualenv, venv_param] - rc, out_venv, err_venv = module.run_command(vcmd) - if rc != 0: - _fail(module, vcmd, out_venv, err_venv) + module.fail_json(msg='%s does not point to a valid virtual environment' % venv_param) os.environ["PATH"] = "%s:%s" % (vbin, os.environ["PATH"]) os.environ["VIRTUAL_ENV"] = venv_param @@ -266,11 +233,6 @@ def loaddata_filter_output(line): return "Installed" in line and "Installed 0 object" not in line -def syncdb_filter_output(line): - return ("Creating table " in line) \ - or ("Installed" in line and "Installed 0 object" not in line) - - def migrate_filter_output(line): return ("Migrating forwards " in line) \ or ("Installed" in line and "Installed 0 object" not in line) \ @@ -283,13 +245,10 @@ def collectstatic_filter_output(line): def main(): command_allowed_param_map = dict( - cleanup=(), createcachetable=('cache_table', 'database', ), flush=('database', ), loaddata=('database', 'fixtures', ), - syncdb=('database', ), test=('failfast', 'testrunner', 'apps', ), - validate=(), migrate=('apps', 'skip', 'merge', 'database',), collectstatic=('clear', 'link', ), ) @@ -301,7 +260,6 @@ def main(): # forces --noinput on every command that needs it noinput_commands = ( 'flush', - 'syncdb', 'migrate', 'test', 'collectstatic', @@ -333,7 +291,7 @@ def main(): skip=dict(type='bool'), merge=dict(type='bool'), link=dict(type='bool'), - ack_venv_creation_deprecation=dict(type='bool'), + ack_venv_creation_deprecation=dict(type='bool', removed_in_version='11.0.0', removed_from_collection='community.general'), ), ) @@ -342,21 +300,6 @@ def main(): project_path = module.params['project_path'] virtualenv = module.params['virtualenv'] - try: - _deprecation = dict( - cleanup="clearsessions", - syncdb="migrate", - validate="check", - ) - module.deprecate( - 'The command {0} has been deprecated as it is no longer supported in recent Django versions.' - 'Please use the command {1} instead that provide similar capability.'.format(command_bin, _deprecation[command_bin]), - version='9.0.0', - collection_name='community.general' - ) - except KeyError: - pass - for param in specific_params: value = module.params[param] if value and param not in command_allowed_param_map[command_bin]: diff --git a/plugins/modules/dnf_config_manager.py b/plugins/modules/dnf_config_manager.py index 069fd0ddc7..2d896f3742 100644 --- a/plugins/modules/dnf_config_manager.py +++ b/plugins/modules/dnf_config_manager.py @@ -7,8 +7,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: dnf_config_manager short_description: Enable or disable dnf repositories using config-manager version_added: 8.2.0 @@ -43,9 +42,9 @@ options: seealso: - module: ansible.builtin.dnf - module: ansible.builtin.yum_repository -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure the crb repository is enabled community.general.dnf_config_manager: name: crb @@ -57,9 +56,9 @@ EXAMPLES = r''' - appstream - zfs state: disabled -''' +""" -RETURN = r''' +RETURN = r""" repo_states_pre: description: Repo IDs before action taken. returned: success @@ -115,12 +114,12 @@ repo_states_post: - crb-debug - crb-source changed_repos: - description: Repositories changed. - returned: success - type: list - elements: str - sample: [ 'crb' ] -''' + description: Repositories changed. + returned: success + type: list + elements: str + sample: ['crb'] +""" from ansible.module_utils.basic import AnsibleModule import os @@ -153,7 +152,7 @@ def get_repo_states(module): def set_repo_states(module, repo_ids, state): - module.run_command([DNF_BIN, 'config-manager', '--set-{0}'.format(state)] + repo_ids, check_rc=True) + module.run_command([DNF_BIN, 'config-manager', '--assumeyes', '--set-{0}'.format(state)] + repo_ids, check_rc=True) def pack_repo_states_for_return(states): @@ -186,6 +185,7 @@ def main(): argument_spec=module_args, supports_check_mode=True ) + module.run_command_environ_update = dict(LANGUAGE='C', LC_ALL='C') if not os.path.exists(DNF_BIN): module.fail_json(msg="%s was not found" % DNF_BIN) diff --git a/plugins/modules/dnf_versionlock.py b/plugins/modules/dnf_versionlock.py index 3fcf132eaf..07a85c11c2 100644 --- a/plugins/modules/dnf_versionlock.py +++ b/plugins/modules/dnf_versionlock.py @@ -7,37 +7,32 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: dnf_versionlock version_added: '4.0.0' short_description: Locks package versions in C(dnf) based systems description: -- Locks package versions using the C(versionlock) plugin in C(dnf) based - systems. This plugin takes a set of name and versions for packages and - excludes all other versions of those packages. This allows you to for example - protect packages from being updated by newer versions. The state of the - plugin that reflects locking of packages is the C(locklist). + - Locks package versions using the C(versionlock) plugin in C(dnf) based systems. This plugin takes a set of name and versions + for packages and excludes all other versions of those packages. This allows you to for example protect packages from being + updated by newer versions. The state of the plugin that reflects locking of packages is the C(locklist). extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: partial details: - - The logics of the C(versionlock) plugin for corner cases could be - confusing, so please take in account that this module will do its best to - give a C(check_mode) prediction on what is going to happen. In case of - doubt, check the documentation of the plugin. - - Sometimes the module could predict changes in C(check_mode) that will not - be such because C(versionlock) concludes that there is already a entry in - C(locklist) that already matches. + - The logics of the C(versionlock) plugin for corner cases could be confusing, so please take in account that this module + will do its best to give a C(check_mode) prediction on what is going to happen. In case of doubt, check the documentation + of the plugin. + - Sometimes the module could predict changes in C(check_mode) that will not be such because C(versionlock) concludes + that there is already a entry in C(locklist) that already matches. diff_mode: support: none options: name: description: - - Package name spec to add or exclude to or delete from the C(locklist) - using the format expected by the C(dnf repoquery) command. + - Package name spec to add or exclude to or delete from the C(locklist) using the format expected by the C(dnf repoquery) + command. - This parameter is mutually exclusive with O(state=clean). type: list required: false @@ -45,43 +40,34 @@ options: default: [] raw: description: - - Do not resolve package name specs to NEVRAs to find specific version - to lock to. Instead the package name specs are used as they are. This - enables locking to not yet available versions of the package. + - Do not resolve package name specs to NEVRAs to find specific version to lock to. Instead the package name specs are + used as they are. This enables locking to not yet available versions of the package. type: bool default: false state: description: - - Whether to add (V(present) or V(excluded)) to or remove (V(absent) or - V(clean)) from the C(locklist). - - V(present) will add a package name spec to the C(locklist). If there is a - installed package that matches, then only that version will be added. - Otherwise, all available package versions will be added. - - V(excluded) will add a package name spec as excluded to the - C(locklist). It means that packages represented by the package name - spec will be excluded from transaction operations. All available - package versions will be added. - - V(absent) will delete entries in the C(locklist) that match the - package name spec. - - V(clean) will delete all entries in the C(locklist). This option is - mutually exclusive with O(name). - choices: [ 'absent', 'clean', 'excluded', 'present' ] + - Whether to add (V(present) or V(excluded)) to or remove (V(absent) or V(clean)) from the C(locklist). + - V(present) will add a package name spec to the C(locklist). If there is a installed package that matches, then only + that version will be added. Otherwise, all available package versions will be added. + - V(excluded) will add a package name spec as excluded to the C(locklist). It means that packages represented by the + package name spec will be excluded from transaction operations. All available package versions will be added. + - V(absent) will delete entries in the C(locklist) that match the package name spec. + - V(clean) will delete all entries in the C(locklist). This option is mutually exclusive with O(name). + choices: ['absent', 'clean', 'excluded', 'present'] type: str default: present notes: - - In an ideal world, the C(versionlock) plugin would have a dry-run option to - know for sure what is going to happen. So far we have to work with a best - guess as close as possible to the behaviour inferred from its code. - - For most of cases where you want to lock and unlock specific versions of a - package, this works fairly well. + - In an ideal world, the C(versionlock) plugin would have a dry-run option to know for sure what is going to happen. So + far we have to work with a best guess as close as possible to the behaviour inferred from its code. + - For most of cases where you want to lock and unlock specific versions of a package, this works fairly well. requirements: - dnf - dnf-plugin-versionlock author: - Roberto Moreda (@moreda) -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Prevent installed nginx from being updated community.general.dnf_versionlock: name: nginx @@ -113,34 +99,34 @@ EXAMPLES = r''' - name: Delete all entries in the locklist of versionlock community.general.dnf_versionlock: state: clean -''' +""" -RETURN = r''' +RETURN = r""" locklist_pre: - description: Locklist before module execution. - returned: success - type: list - elements: str - sample: [ 'bash-0:4.4.20-1.el8_4.*', '!bind-32:9.11.26-4.el8_4.*' ] + description: Locklist before module execution. + returned: success + type: list + elements: str + sample: ['bash-0:4.4.20-1.el8_4.*', '!bind-32:9.11.26-4.el8_4.*'] locklist_post: - description: Locklist after module execution. - returned: success and (not check mode or state is clean) - type: list - elements: str - sample: [ 'bash-0:4.4.20-1.el8_4.*' ] + description: Locklist after module execution. + returned: success and (not check mode or state is clean) + type: list + elements: str + sample: ['bash-0:4.4.20-1.el8_4.*'] specs_toadd: - description: Package name specs meant to be added by versionlock. - returned: success - type: list - elements: str - sample: [ 'bash' ] + description: Package name specs meant to be added by versionlock. + returned: success + type: list + elements: str + sample: ['bash'] specs_todelete: - description: Package name specs meant to be deleted by versionlock. - returned: success - type: list - elements: str - sample: [ 'bind' ] -''' + description: Package name specs meant to be deleted by versionlock. + returned: success + type: list + elements: str + sample: ['bind'] +""" from ansible.module_utils.basic import AnsibleModule import fnmatch diff --git a/plugins/modules/dnsimple.py b/plugins/modules/dnsimple.py index c5829e36eb..ffa856f137 100644 --- a/plugins/modules/dnsimple.py +++ b/plugins/modules/dnsimple.py @@ -10,12 +10,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: dnsimple short_description: Interface with dnsimple.com (a DNS hosting service) description: - - "Manages domains and records via the DNSimple API, see the docs: U(http://developer.dnsimple.com/)." + - 'Manages domains and records using the DNSimple API, see the docs: U(http://developer.dnsimple.com/).' extends_documentation_fragment: - community.general.attributes attributes: @@ -27,8 +26,8 @@ options: account_email: description: - Account email. If omitted, the environment variables E(DNSIMPLE_EMAIL) and E(DNSIMPLE_API_TOKEN) will be looked for. - - "If those aren't found, a C(.dnsimple) file will be looked for, see: U(https://github.com/mikemaccana/dnsimple-python#getting-started)." - - "C(.dnsimple) config files are only supported in dnsimple-python<2.0.0" + - 'If those variables are not found, a C(.dnsimple) file will be looked for, see: U(https://github.com/mikemaccana/dnsimple-python#getting-started).' + - C(.dnsimple) config files are only supported in dnsimple-python<2.0.0. type: str account_api_token: description: @@ -36,9 +35,9 @@ options: type: str domain: description: - - Domain to work with. Can be the domain name (e.g. "mydomain.com") or the numeric ID of the domain in DNSimple. + - Domain to work with. Can be the domain name (for example V(mydomain.com)) or the numeric ID of the domain in DNSimple. - If omitted, a list of domains will be returned. - - If domain is present but the domain doesn't exist, it will be created. + - If domain is present but the domain does not exist, it will be created. type: str record: description: @@ -52,7 +51,8 @@ options: type: description: - The type of DNS record to create. - choices: [ 'A', 'ALIAS', 'CNAME', 'MX', 'SPF', 'URL', 'TXT', 'NS', 'SRV', 'NAPTR', 'PTR', 'AAAA', 'SSHFP', 'HINFO', 'POOL', 'CAA' ] + choices: ['A', 'ALIAS', 'CNAME', 'MX', 'SPF', 'URL', 'TXT', 'NS', 'SRV', 'NAPTR', 'PTR', 'AAAA', 'SSHFP', 'HINFO', 'POOL', + 'CAA'] type: str ttl: description: @@ -70,8 +70,8 @@ options: type: int state: description: - - whether the record should exist or not. - choices: [ 'present', 'absent' ] + - Whether the record should exist or not. + choices: ['present', 'absent'] default: present type: str solo: @@ -91,9 +91,9 @@ options: requirements: - "dnsimple >= 2.0.0" author: "Alex Coomans (@drcapulet)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Authenticate using email and API token and fetch all domains community.general.dnsimple: account_email: test@example.com @@ -149,7 +149,7 @@ EXAMPLES = ''' value: example.com state: absent delegate_to: localhost -''' +""" RETURN = r"""# """ diff --git a/plugins/modules/dnsimple_info.py b/plugins/modules/dnsimple_info.py index 46c2877f73..c508525fac 100644 --- a/plugins/modules/dnsimple_info.py +++ b/plugins/modules/dnsimple_info.py @@ -9,8 +9,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: dnsimple_info short_description: Pull basic info from DNSimple API @@ -20,45 +19,45 @@ version_added: "4.2.0" description: Retrieve existing records and domains from DNSimple API. extends_documentation_fragment: - - community.general.attributes - - community.general.attributes.info_module + - community.general.attributes + - community.general.attributes.info_module options: - name: - description: - - The domain name to retrieve info from. - - Will return all associated records for this domain if specified. - - If not specified, will return all domains associated with the account ID. - type: str + name: + description: + - The domain name to retrieve info from. + - Will return all associated records for this domain if specified. + - If not specified, will return all domains associated with the account ID. + type: str - account_id: - description: The account ID to query. - required: true - type: str + account_id: + description: The account ID to query. + required: true + type: str - api_key: - description: The API key to use. - required: true - type: str + api_key: + description: The API key to use. + required: true + type: str - record: - description: - - The record to find. - - If specified, only this record will be returned instead of all records. - required: false - type: str + record: + description: + - The record to find. + - If specified, only this record will be returned instead of all records. + required: false + type: str - sandbox: - description: Whether or not to use sandbox environment. - required: false - default: false - type: bool + sandbox: + description: Whether or not to use sandbox environment. + required: false + default: false + type: bool author: - - Edward Hilgendorf (@edhilgendorf) -''' + - Edward Hilgendorf (@edhilgendorf) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Get all domains from an account community.general.dnsimple_info: account_id: "1234" @@ -76,15 +75,15 @@ EXAMPLES = r''' record: "subdomain" account_id: "1234" api_key: "1234" -''' +""" -RETURN = r''' +RETURN = r""" dnsimple_domain_info: - description: Returns a list of dictionaries of all domains associated with the supplied account ID. - type: list - elements: dict - returned: success when O(name) is not specified - sample: + description: Returns a list of dictionaries of all domains associated with the supplied account ID. + type: list + elements: dict + returned: success when O(name) is not specified + sample: - account_id: 1234 created_at: '2021-10-16T21:25:42Z' id: 123456 @@ -93,41 +92,41 @@ dnsimple_domain_info: reverse: false secondary: false updated_at: '2021-11-10T20:22:50Z' - contains: - account_id: - description: The account ID. - type: int - created_at: - description: When the domain entry was created. - type: str - id: - description: ID of the entry. - type: int - last_transferred_at: - description: Date the domain was transferred, or empty if not. - type: str - name: - description: Name of the record. - type: str - reverse: - description: Whether or not it is a reverse zone record. - type: bool - updated_at: - description: When the domain entry was updated. - type: str + contains: + account_id: + description: The account ID. + type: int + created_at: + description: When the domain entry was created. + type: str + id: + description: ID of the entry. + type: int + last_transferred_at: + description: Date the domain was transferred, or empty if not. + type: str + name: + description: Name of the record. + type: str + reverse: + description: Whether or not it is a reverse zone record. + type: bool + updated_at: + description: When the domain entry was updated. + type: str dnsimple_records_info: - description: Returns a list of dictionaries with all records for the domain supplied. - type: list - elements: dict - returned: success when O(name) is specified, but O(record) is not - sample: + description: Returns a list of dictionaries with all records for the domain supplied. + type: list + elements: dict + returned: success when O(name) is specified, but O(record) is not + sample: - content: ns1.dnsimple.com admin.dnsimple.com created_at: '2021-10-16T19:07:34Z' id: 12345 name: 'catheadbiscuit' - parent_id: null - priority: null + parent_id: + priority: regions: - global system_record: true @@ -135,55 +134,55 @@ dnsimple_records_info: type: SOA updated_at: '2021-11-15T23:55:51Z' zone_id: example.com - contains: - content: - description: Content of the returned record. - type: str - created_at: - description: When the domain entry was created. - type: str - id: - description: ID of the entry. - type: int - name: - description: Name of the record. - type: str - parent_id: - description: Parent record or null. - type: int - priority: - description: Priority setting of the record. - type: str - regions: - description: List of regions where the record is available. - type: list - system_record: - description: Whether or not it is a system record. - type: bool - ttl: - description: Record TTL. - type: int - type: - description: Record type. - type: str - updated_at: - description: When the domain entry was updated. - type: str - zone_id: - description: ID of the zone that the record is associated with. - type: str + contains: + content: + description: Content of the returned record. + type: str + created_at: + description: When the domain entry was created. + type: str + id: + description: ID of the entry. + type: int + name: + description: Name of the record. + type: str + parent_id: + description: Parent record or null. + type: int + priority: + description: Priority setting of the record. + type: str + regions: + description: List of regions where the record is available. + type: list + system_record: + description: Whether or not it is a system record. + type: bool + ttl: + description: Record TTL. + type: int + type: + description: Record type. + type: str + updated_at: + description: When the domain entry was updated. + type: str + zone_id: + description: ID of the zone that the record is associated with. + type: str dnsimple_record_info: - description: Returns a list of dictionaries that match the record supplied. - returned: success when O(name) and O(record) are specified - type: list - elements: dict - sample: + description: Returns a list of dictionaries that match the record supplied. + returned: success when O(name) and O(record) are specified + type: list + elements: dict + sample: - content: 1.2.3.4 created_at: '2021-11-15T23:55:51Z' id: 123456 name: catheadbiscuit - parent_id: null - priority: null + parent_id: + priority: regions: - global system_record: false @@ -191,44 +190,44 @@ dnsimple_record_info: type: A updated_at: '2021-11-15T23:55:51Z' zone_id: example.com - contains: - content: - description: Content of the returned record. - type: str - created_at: - description: When the domain entry was created. - type: str - id: - description: ID of the entry. - type: int - name: - description: Name of the record. - type: str - parent_id: - description: Parent record or null. - type: int - priority: - description: Priority setting of the record. - type: str - regions: - description: List of regions where the record is available. - type: list - system_record: - description: Whether or not it is a system record. - type: bool - ttl: - description: Record TTL. - type: int - type: - description: Record type. - type: str - updated_at: - description: When the domain entry was updated. - type: str - zone_id: - description: ID of the zone that the record is associated with. - type: str -''' + contains: + content: + description: Content of the returned record. + type: str + created_at: + description: When the domain entry was created. + type: str + id: + description: ID of the entry. + type: int + name: + description: Name of the record. + type: str + parent_id: + description: Parent record or null. + type: int + priority: + description: Priority setting of the record. + type: str + regions: + description: List of regions where the record is available. + type: list + system_record: + description: Whether or not it is a system record. + type: bool + ttl: + description: Record TTL. + type: int + type: + description: Record type. + type: str + updated_at: + description: When the domain entry was updated. + type: str + zone_id: + description: ID of the zone that the record is associated with. + type: str +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils import deps diff --git a/plugins/modules/dnsmadeeasy.py b/plugins/modules/dnsmadeeasy.py index 47d9430e7b..83268af379 100644 --- a/plugins/modules/dnsmadeeasy.py +++ b/plugins/modules/dnsmadeeasy.py @@ -9,14 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: dnsmadeeasy short_description: Interface with dnsmadeeasy.com (a DNS hosting service) description: - - > - Manages DNS records via the v2 REST API of the DNS Made Easy service. It handles records only; there is no manipulation of domains or - monitor/account support yet. See: U(https://www.dnsmadeeasy.com/integration/restapi/) + - 'Manages DNS records using the v2 REST API of the DNS Made Easy service. It handles records only; there is no manipulation + of domains or monitor/account support yet. See: U(https://www.dnsmadeeasy.com/integration/restapi/).' extends_documentation_fragment: - community.general.attributes attributes: @@ -39,8 +37,8 @@ options: domain: description: - - Domain to work with. Can be the domain name (e.g. "mydomain.com") or the numeric ID of the domain in DNS Made Easy (e.g. "839989") for faster - resolution + - Domain to work with. Can be the domain name (for example V(mydomain.com)) or the numeric ID of the domain in DNS Made + Easy (for example V(839989)) for faster resolution. required: true type: str @@ -52,49 +50,47 @@ options: record_name: description: - - Record name to get/create/delete/update. If record_name is not specified; all records for the domain will be returned in "result" regardless - of the state argument. + - Record name to get/create/delete/update. If record_name is not specified; all records for the domain will be returned + in "result" regardless of the state argument. type: str record_type: description: - Record type. - choices: [ 'A', 'AAAA', 'CNAME', 'ANAME', 'HTTPRED', 'MX', 'NS', 'PTR', 'SRV', 'TXT' ] + choices: ['A', 'AAAA', 'CNAME', 'ANAME', 'HTTPRED', 'MX', 'NS', 'PTR', 'SRV', 'TXT'] type: str record_value: description: - - > - Record value. HTTPRED: , MX: , NS: , PTR: , - SRV: , TXT: " - - > - If record_value is not specified; no changes will be made and the record will be returned in 'result' - (in other words, this module can be used to fetch a record's current id, type, and ttl) + - 'Record value. HTTPRED: , MX: , NS: , PTR: , SRV: + , TXT: ".' + - If record_value is not specified; no changes will be made and the record will be returned in 'result' (in other words, + this module can be used to fetch a record's current ID, type, and ttl). type: str record_ttl: description: - - record's "Time to live". Number of seconds the record remains cached in DNS servers. + - Record's "Time-To-Live". Number of seconds the record remains cached in DNS servers. default: 1800 type: int state: description: - - whether the record should exist or not + - Whether the record should exist or not. required: true - choices: [ 'present', 'absent' ] + choices: ['present', 'absent'] type: str validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. type: bool default: true monitor: description: - - If V(true), add or change the monitor. This is applicable only for A records. + - If V(true), add or change the monitor. This is applicable only for A records. type: bool default: false @@ -132,7 +128,7 @@ options: contactList: description: - - Name or id of the contact list that the monitor will notify. + - Name or ID of the contact list that the monitor will notify. - The default V('') means the Account Owner. type: str @@ -153,7 +149,7 @@ options: failover: description: - - If V(true), add or change the failover. This is applicable only for A records. + - If V(true), add or change the failover. This is applicable only for A records. type: bool default: false @@ -192,20 +188,19 @@ options: type: str notes: - - The DNS Made Easy service requires that machines interacting with the API have the proper time and timezone set. Be sure you are within a few - seconds of actual time by using NTP. - - This module returns record(s) and monitor(s) in the "result" element when 'state' is set to 'present'. - These values can be be registered and used in your playbooks. - - Only A records can have a monitor or failover. - - To add failover, the 'failover', 'autoFailover', 'port', 'protocol', 'ip1', and 'ip2' options are required. - - To add monitor, the 'monitor', 'port', 'protocol', 'maxEmails', 'systemDescription', and 'ip1' options are required. - - The monitor and the failover will share 'port', 'protocol', and 'ip1' options. - -requirements: [ hashlib, hmac ] + - The DNS Made Easy service requires that machines interacting with the API have the proper time and timezone set. Be sure + you are within a few seconds of actual time by using NTP. + - This module returns record(s) and monitor(s) in the RV(ignore:result) element when O(state=present). These values can + be be registered and used in your playbooks. + - Only A records can have a O(monitor) or O(failover). + - To add failover, the O(failover), O(autoFailover), O(port), O(protocol), O(ip1), and O(ip2) options are required. + - To add monitor, the O(monitor), O(port), O(protocol), O(maxEmails), O(systemDescription), and O(ip1) options are required. + - The monitor and the failover will share O(port), O(protocol), and O(ip1) options. +requirements: [hashlib, hmac] author: "Brice Burgess (@briceburg)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Fetch my.com domain records community.general.dnsmadeeasy: account_key: key @@ -291,8 +286,8 @@ EXAMPLES = ''' record_value: 127.0.0.1 monitor: true ip1: 127.0.0.2 - protocol: HTTP # default - port: 80 # default + protocol: HTTP # default + port: 80 # default maxEmails: 1 systemDescription: Monitor Test A record contactList: my contact list @@ -308,11 +303,11 @@ EXAMPLES = ''' record_value: 127.0.0.1 monitor: true ip1: 127.0.0.2 - protocol: HTTP # default - port: 80 # default + protocol: HTTP # default + port: 80 # default maxEmails: 1 systemDescription: Monitor Test A record - contactList: 1174 # contact list id + contactList: 1174 # contact list id httpFqdn: http://my.com httpFile: example httpQueryString: some string @@ -357,7 +352,7 @@ EXAMPLES = ''' record_type: A record_value: 127.0.0.1 monitor: false -''' +""" # ============================================ # DNSMadeEasy module specific support methods. @@ -491,7 +486,7 @@ class DME2(object): return self.query(self.record_url, 'GET')['data'] def _instMap(self, type): - # @TODO cache this call so it's executed only once per ansible execution + # @TODO cache this call so it is executed only once per ansible execution map = {} results = {} diff --git a/plugins/modules/dpkg_divert.py b/plugins/modules/dpkg_divert.py index 5f0d924fe2..90ce464ccd 100644 --- a/plugins/modules/dpkg_divert.py +++ b/plugins/modules/dpkg_divert.py @@ -9,24 +9,20 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: dpkg_divert short_description: Override a debian package's version of a file version_added: '0.2.0' author: - quidame (@quidame) description: - - A diversion is for C(dpkg) the knowledge that only a given package - (or the local administrator) is allowed to install a file at a given - location. Other packages shipping their own version of this file will - be forced to O(divert) it, that is to install it at another location. It - allows one to keep changes in a file provided by a debian package by - preventing its overwrite at package upgrade. - - This module manages diversions of debian packages files using the - C(dpkg-divert) commandline tool. It can either create or remove a - diversion for a given file, but also update an existing diversion - to modify its O(holder) and/or its O(divert) location. + - A diversion is for C(dpkg) the knowledge that only a given package (or the local administrator) is allowed to install + a file at a given location. Other packages shipping their own version of this file will be forced to O(divert) it, that + is to install it at another location. It allows one to keep changes in a file provided by a debian package by preventing + it being overwritten on package upgrade. + - This module manages diversions of debian packages files using the C(dpkg-divert) commandline tool. It can either create + or remove a diversion for a given file, but also update an existing diversion to modify its O(holder) and/or its O(divert) + location. extends_documentation_fragment: - community.general.attributes attributes: @@ -37,28 +33,23 @@ attributes: options: path: description: - - The original and absolute path of the file to be diverted or - undiverted. This path is unique, i.e. it is not possible to get - two diversions for the same O(path). + - The original and absolute path of the file to be diverted or undiverted. This path is unique, in other words it is + not possible to get two diversions for the same O(path). required: true type: path state: description: - - When O(state=absent), remove the diversion of the specified - O(path); when O(state=present), create the diversion if it does - not exist, or update its package O(holder) or O(divert) location, - if it already exists. + - When O(state=absent), remove the diversion of the specified O(path); when O(state=present), create the diversion if + it does not exist, or update its package O(holder) or O(divert) location, if it already exists. type: str default: present choices: [absent, present] holder: description: - - The name of the package whose copy of file is not diverted, also - known as the diversion holder or the package the diversion belongs - to. - - The actual package does not have to be installed or even to exist - for its name to be valid. If not specified, the diversion is hold - by 'LOCAL', that is reserved by/for dpkg for local diversions. + - The name of the package whose copy of file is not diverted, also known as the diversion holder or the package the + diversion belongs to. + - The actual package does not have to be installed or even to exist for its name to be valid. If not specified, the + diversion is hold by 'LOCAL', that is reserved by/for dpkg for local diversions. - This parameter is ignored when O(state=absent). type: str divert: @@ -69,28 +60,25 @@ options: type: path rename: description: - - Actually move the file aside (when O(state=present)) or back (when - O(state=absent)), but only when changing the state of the diversion. - This parameter has no effect when attempting to add a diversion that - already exists or when removing an unexisting one. - - Unless O(force=true), renaming fails if the destination file already - exists (this lock being a dpkg-divert feature, and bypassing it being - a module feature). + - Actually move the file aside (when O(state=present)) or back (when O(state=absent)), but only when changing the state + of the diversion. This parameter has no effect when attempting to add a diversion that already exists or when removing + an unexisting one. + - Unless O(force=true), renaming fails if the destination file already exists (this lock being a dpkg-divert feature, + and bypassing it being a module feature). type: bool default: false force: description: - - When O(rename=true) and O(force=true), renaming is performed even if - the target of the renaming exists, i.e. the existing contents of the - file at this location will be lost. + - When O(rename=true) and O(force=true), renaming is performed even if the target of the renaming exists, in other words + the existing contents of the file at this location will be lost. - This parameter is ignored when O(rename=false). type: bool default: false requirements: - dpkg-divert >= 1.15.0 (Debian family) -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Divert /usr/bin/busybox to /usr/bin/busybox.distrib and keep file in place community.general.dpkg_divert: path: /usr/bin/busybox @@ -112,9 +100,9 @@ EXAMPLES = r''' state: absent rename: true force: true -''' +""" -RETURN = r''' +RETURN = r""" commands: description: The dpkg-divert commands ran internally by the module. type: list @@ -144,14 +132,8 @@ diversion: state: description: The state of the diversion. type: str - sample: - { - "divert": "/etc/foobarrc.distrib", - "holder": "LOCAL", - "path": "/etc/foobarrc", - "state": "present" - } -''' + sample: {"divert": "/etc/foobarrc.distrib", "holder": "LOCAL", "path": "/etc/foobarrc", "state": "present"} +""" import re diff --git a/plugins/modules/easy_install.py b/plugins/modules/easy_install.py index 2e8fc2f4f0..734f0dc4df 100644 --- a/plugins/modules/easy_install.py +++ b/plugins/modules/easy_install.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: easy_install short_description: Installs Python libraries description: - - Installs Python libraries, optionally in a C(virtualenv) + - Installs Python libraries, optionally in a C(virtualenv). extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: full @@ -31,31 +30,25 @@ options: virtualenv: type: str description: - - An optional O(virtualenv) directory path to install into. If the - O(virtualenv) does not exist, it is created automatically. + - An optional O(virtualenv) directory path to install into. If the O(virtualenv) does not exist, it is created automatically. virtualenv_site_packages: description: - - Whether the virtual environment will inherit packages from the - global site-packages directory. Note that if this setting is - changed on an already existing virtual environment it will not - have any effect, the environment must be deleted and newly - created. + - Whether the virtual environment will inherit packages from the global site-packages directory. Note that if this setting + is changed on an already existing virtual environment it will not have any effect, the environment must be deleted + and newly created. type: bool default: false virtualenv_command: type: str description: - - The command to create the virtual environment with. For example - V(pyvenv), V(virtualenv), V(virtualenv2). + - The command to create the virtual environment with. For example V(pyvenv), V(virtualenv), V(virtualenv2). default: virtualenv executable: type: str description: - - The explicit executable or a pathname to the executable to be used to - run easy_install for a specific version of Python installed in the - system. For example V(easy_install-3.3), if there are both Python 2.7 - and 3.3 installations in the system and you want to run easy_install - for the Python 3.3 installation. + - The explicit executable or a pathname to the executable to be used to run easy_install for a specific version of Python + installed in the system. For example V(easy_install-3.3), if there are both Python 2.7 and 3.3 installations in the + system and you want to run easy_install for the Python 3.3 installation. default: easy_install state: type: str @@ -64,17 +57,14 @@ options: choices: [present, latest] default: present notes: - - Please note that the C(easy_install) module can only install Python - libraries. Thus this module is not able to remove libraries. It is - generally recommended to use the M(ansible.builtin.pip) module which you can first install - using M(community.general.easy_install). - - Also note that C(virtualenv) must be installed on the remote host if the - O(virtualenv) parameter is specified. -requirements: [ "virtualenv" ] + - Please note that the C(easy_install) module can only install Python libraries. Thus this module is not able to remove + libraries. It is generally recommended to use the M(ansible.builtin.pip) module which you can first install using M(community.general.easy_install). + - Also note that C(virtualenv) must be installed on the remote host if the O(virtualenv) parameter is specified. +requirements: ["virtualenv"] author: "Matt Wright (@mattupstate)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install or update pip community.general.easy_install: name: pip @@ -84,7 +74,7 @@ EXAMPLES = ''' community.general.easy_install: name: bottle virtualenv: /webapps/myapp/venv -''' +""" import os import os.path diff --git a/plugins/modules/ejabberd_user.py b/plugins/modules/ejabberd_user.py index d0b575e1cd..f93612a516 100644 --- a/plugins/modules/ejabberd_user.py +++ b/plugins/modules/ejabberd_user.py @@ -9,57 +9,50 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ejabberd_user author: "Peter Sprygada (@privateip)" short_description: Manages users for ejabberd servers requirements: - - ejabberd with mod_admin_extra + - ejabberd with mod_admin_extra description: - - This module provides user management for ejabberd servers + - This module provides user management for ejabberd servers. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - username: - type: str - description: - - the name of the user to manage - required: true - host: - type: str - description: - - the ejabberd host associated with this username - required: true - password: - type: str - description: - - the password to assign to the username - required: false - logging: - description: - - enables or disables the local syslog facility for this module - required: false - default: false - type: bool - state: - type: str - description: - - describe the desired state of the user to be managed - required: false - default: 'present' - choices: [ 'present', 'absent' ] + username: + type: str + description: + - The name of the user to manage. + required: true + host: + type: str + description: + - The ejabberd host associated with this username. + required: true + password: + type: str + description: + - The password to assign to the username. + required: false + state: + type: str + description: + - Describe the desired state of the user to be managed. + required: false + default: 'present' + choices: ['present', 'absent'] notes: - - Password parameter is required for state == present only - - Passwords must be stored in clear text for this release - - The ejabberd configuration file must include mod_admin_extra as a module. -''' -EXAMPLES = ''' + - Password parameter is required for O(state=present) only. + - Passwords must be stored in clear text for this release. + - The ejabberd configuration file must include mod_admin_extra as a module. +""" +EXAMPLES = r""" # Example playbook entries using the ejabberd_user module to manage users state. - name: Create a user if it does not exist @@ -73,9 +66,7 @@ EXAMPLES = ''' username: test host: server state: absent -''' - -import syslog +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt @@ -91,7 +82,6 @@ class EjabberdUser(object): def __init__(self, module): self.module = module - self.logging = module.params.get('logging') self.state = module.params.get('state') self.host = module.params.get('host') self.user = module.params.get('username') @@ -125,10 +115,8 @@ class EjabberdUser(object): return self.run_command('check_account', 'user host', (lambda rc, out, err: not bool(rc))) def log(self, entry): - """ This method will log information to the local syslog facility """ - if self.logging: - syslog.openlog('ansible-%s' % self.module._name) - syslog.syslog(syslog.LOG_NOTICE, entry) + """ This method does nothing """ + pass def run_command(self, cmd, options, process=None): """ This method will run the any command specified and return the @@ -169,7 +157,6 @@ def main(): username=dict(required=True, type='str'), password=dict(type='str', no_log=True), state=dict(default='present', choices=['present', 'absent']), - logging=dict(default=False, type='bool', removed_in_version='10.0.0', removed_from_collection='community.general'), ), required_if=[ ('state', 'present', ['password']), diff --git a/plugins/modules/elasticsearch_plugin.py b/plugins/modules/elasticsearch_plugin.py index 92b628a740..f7b73b8323 100644 --- a/plugins/modules/elasticsearch_plugin.py +++ b/plugins/modules/elasticsearch_plugin.py @@ -9,88 +9,85 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: elasticsearch_plugin short_description: Manage Elasticsearch plugins description: - - Manages Elasticsearch plugins. + - Manages Elasticsearch plugins. author: - - Mathew Davies (@ThePixelDeveloper) - - Sam Doran (@samdoran) + - Mathew Davies (@ThePixelDeveloper) + - Sam Doran (@samdoran) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: - - Name of the plugin to install. - required: true - type: str - state: - description: - - Desired state of a plugin. - choices: ["present", "absent"] - default: present - type: str - src: - description: - - Optionally set the source location to retrieve the plugin from. This can be a file:// - URL to install from a local file, or a remote URL. If this is not set, the plugin - location is just based on the name. - - The name parameter must match the descriptor in the plugin ZIP specified. - - Is only used if the state would change, which is solely checked based on the name - parameter. If, for example, the plugin is already installed, changing this has no - effect. - - For ES 1.x use url. - required: false - type: str - url: - description: - - Set exact URL to download the plugin from (Only works for ES 1.x). - - For ES 2.x and higher, use src. - required: false - type: str - timeout: - description: - - "Timeout setting: 30s, 1m, 1h..." - - Only valid for Elasticsearch < 5.0. This option is ignored for Elasticsearch > 5.0. - default: 1m - type: str - force: - description: - - "Force batch mode when installing plugins. This is only necessary if a plugin requires additional permissions and console detection fails." - default: false - type: bool - plugin_bin: - description: - - Location of the plugin binary. If this file is not found, the default plugin binaries will be used. - type: path - plugin_dir: - description: - - Your configured plugin directory specified in Elasticsearch - default: /usr/share/elasticsearch/plugins/ - type: path - proxy_host: - description: - - Proxy host to use during plugin installation - type: str - proxy_port: - description: - - Proxy port to use during plugin installation - type: str - version: - description: - - Version of the plugin to be installed. - If plugin exists with previous version, it will NOT be updated - type: str -''' + name: + description: + - Name of the plugin to install. + required: true + type: str + state: + description: + - Desired state of a plugin. + choices: ["present", "absent"] + default: present + type: str + src: + description: + - Optionally set the source location to retrieve the plugin from. This can be a C(file://) URL to install from a local + file, or a remote URL. If this is not set, the plugin location is just based on the name. + - The name parameter must match the descriptor in the plugin ZIP specified. + - Is only used if the state would change, which is solely checked based on the name parameter. If, for example, the + plugin is already installed, changing this has no effect. + - For ES 1.x use O(url). + required: false + type: str + url: + description: + - Set exact URL to download the plugin from (Only works for ES 1.x). + - For ES 2.x and higher, use src. + required: false + type: str + timeout: + description: + - 'Timeout setting: V(30s), V(1m), V(1h)...' + - Only valid for Elasticsearch < 5.0. This option is ignored for Elasticsearch > 5.0. + default: 1m + type: str + force: + description: + - Force batch mode when installing plugins. This is only necessary if a plugin requires additional permissions and console + detection fails. + default: false + type: bool + plugin_bin: + description: + - Location of the plugin binary. If this file is not found, the default plugin binaries will be used. + type: path + plugin_dir: + description: + - Your configured plugin directory specified in Elasticsearch. + default: /usr/share/elasticsearch/plugins/ + type: path + proxy_host: + description: + - Proxy host to use during plugin installation. + type: str + proxy_port: + description: + - Proxy port to use during plugin installation. + type: str + version: + description: + - Version of the plugin to be installed. If plugin exists with previous version, it will NOT be updated. + type: str +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install Elasticsearch Head plugin in Elasticsearch 2.x community.general.elasticsearch_plugin: name: mobz/elasticsearch-head @@ -116,7 +113,7 @@ EXAMPLES = ''' name: ingest-geoip state: present force: true -''' +""" import os diff --git a/plugins/modules/emc_vnx_sg_member.py b/plugins/modules/emc_vnx_sg_member.py index b06cd01de3..bdb86625d1 100644 --- a/plugins/modules/emc_vnx_sg_member.py +++ b/plugins/modules/emc_vnx_sg_member.py @@ -12,52 +12,50 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: emc_vnx_sg_member short_description: Manage storage group member on EMC VNX description: - - "This module manages the members of an existing storage group." - + - This module manages the members of an existing storage group. extends_documentation_fragment: - - community.general.emc.emc_vnx - - community.general.attributes + - community.general.emc.emc_vnx + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: - - Name of the Storage group to manage. - required: true - type: str - lunid: - description: - - Lun id to be added. - required: true - type: int - state: - description: - - Indicates the desired lunid state. - - V(present) ensures specified lunid is present in the Storage Group. - - V(absent) ensures specified lunid is absent from Storage Group. - default: present - choices: [ "present", "absent"] - type: str + name: + description: + - Name of the Storage group to manage. + required: true + type: str + lunid: + description: + - LUN ID to be added. + required: true + type: int + state: + description: + - Indicates the desired lunid state. + - V(present) ensures specified O(lunid) is present in the Storage Group. + - V(absent) ensures specified O(lunid) is absent from Storage Group. + default: present + choices: ["present", "absent"] + type: str author: - - Luca 'remix_tj' Lorenzetto (@remixtj) -''' + - Luca 'remix_tj' Lorenzetto (@remixtj) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add lun to storage group community.general.emc_vnx_sg_member: name: sg01 @@ -75,14 +73,14 @@ EXAMPLES = ''' sp_password: sysadmin lunid: 100 state: absent -''' +""" -RETURN = ''' +RETURN = r""" hluid: - description: LUNID that hosts attached to the storage group will see. - type: int - returned: success -''' + description: LUNID that hosts attached to the storage group will see. + type: int + returned: success +""" import traceback diff --git a/plugins/modules/etcd3.py b/plugins/modules/etcd3.py index 2fdc3f2f83..ce3231d8e0 100644 --- a/plugins/modules/etcd3.py +++ b/plugins/modules/etcd3.py @@ -9,84 +9,83 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: etcd3 short_description: Set or delete key value pairs from an etcd3 cluster requirements: - etcd3 description: - - Sets or deletes values in etcd3 cluster using its v3 api. - - Needs python etcd3 lib to work + - Sets or deletes values in etcd3 cluster using its v3 API. + - Needs python etcd3 lib to work. extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - key: - type: str - description: - - the key where the information is stored in the cluster - required: true - value: - type: str - description: - - the information stored - required: true - host: - type: str - description: - - the IP address of the cluster - default: 'localhost' - port: - type: int - description: - - the port number used to connect to the cluster - default: 2379 - state: - type: str - description: - - the state of the value for the key. - - can be present or absent - required: true - choices: [ present, absent ] - user: - type: str - description: - - The etcd user to authenticate with. - password: - type: str - description: - - The password to use for authentication. - - Required if O(user) is defined. - ca_cert: - type: path - description: - - The Certificate Authority to use to verify the etcd host. - - Required if O(client_cert) and O(client_key) are defined. - client_cert: - type: path - description: - - PEM formatted certificate chain file to be used for SSL client authentication. - - Required if O(client_key) is defined. - client_key: - type: path - description: - - PEM formatted file that contains your private key to be used for SSL client authentication. - - Required if O(client_cert) is defined. - timeout: - type: int - description: - - The socket level timeout in seconds. + key: + type: str + description: + - The key where the information is stored in the cluster. + required: true + value: + type: str + description: + - The information stored. + required: true + host: + type: str + description: + - The IP address of the cluster. + default: 'localhost' + port: + type: int + description: + - The port number used to connect to the cluster. + default: 2379 + state: + type: str + description: + - The state of the value for the key. + - Can be present or absent. + required: true + choices: [present, absent] + user: + type: str + description: + - The etcd user to authenticate with. + password: + type: str + description: + - The password to use for authentication. + - Required if O(user) is defined. + ca_cert: + type: path + description: + - The Certificate Authority to use to verify the etcd host. + - Required if O(client_cert) and O(client_key) are defined. + client_cert: + type: path + description: + - PEM formatted certificate chain file to be used for SSL client authentication. + - Required if O(client_key) is defined. + client_key: + type: path + description: + - PEM formatted file that contains your private key to be used for SSL client authentication. + - Required if O(client_cert) is defined. + timeout: + type: int + description: + - The socket level timeout in seconds. author: - - Jean-Philippe Evrard (@evrardjp) - - Victor Fauth (@vfauth) -''' + - Jean-Philippe Evrard (@evrardjp) + - Victor Fauth (@vfauth) +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Store a value "bar" under the key "foo" for a cluster located "http://localhost:2379" community.general.etcd3: key: "foo" @@ -114,16 +113,16 @@ EXAMPLES = """ client_key: "/etc/ssl/private/key.pem" """ -RETURN = ''' +RETURN = r""" key: - description: The key that was queried - returned: always - type: str + description: The key that was queried. + returned: always + type: str old_value: - description: The previous value in the cluster - returned: always - type: str -''' + description: The previous value in the cluster. + returned: always + type: str +""" import traceback @@ -193,13 +192,8 @@ def run_module(): allowed_keys = ['host', 'port', 'ca_cert', 'cert_cert', 'cert_key', 'timeout', 'user', 'password'] - # TODO(evrardjp): Move this back to a dict comprehension when python 2.7 is - # the minimum supported version - # client_params = {key: value for key, value in module.params.items() if key in allowed_keys} - client_params = dict() - for key, value in module.params.items(): - if key in allowed_keys: - client_params[key] = value + + client_params = {key: value for key, value in module.params.items() if key in allowed_keys} try: etcd = etcd3.client(**client_params) except Exception as exp: diff --git a/plugins/modules/facter.py b/plugins/modules/facter.py index 87017246ae..ce9320282d 100644 --- a/plugins/modules/facter.py +++ b/plugins/modules/facter.py @@ -8,36 +8,38 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: facter short_description: Runs the discovery program C(facter) on the remote system description: - - Runs the C(facter) discovery program - (U(https://github.com/puppetlabs/facter)) on the remote system, returning - JSON data that can be useful for inventory purposes. + - Runs the C(facter) discovery program (U(https://github.com/puppetlabs/facter)) on the remote system, returning JSON data + that can be useful for inventory purposes. +deprecated: + removed_in: 12.0.0 + why: The module has been replaced by M(community.general.facter_facts). + alternative: Use M(community.general.facter_facts) instead. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - arguments: - description: - - Specifies arguments for facter. - type: list - elements: str + arguments: + description: + - Specifies arguments for facter. + type: list + elements: str requirements: - - facter - - ruby-json + - facter + - ruby-json author: - - Ansible Core Team - - Michael DeHaan -''' + - Ansible Core Team + - Michael DeHaan +""" -EXAMPLES = ''' +EXAMPLES = r""" # Example command-line invocation # ansible www.example.net -m facter @@ -47,11 +49,11 @@ EXAMPLES = ''' - name: Execute facter with arguments community.general.facter: arguments: - - -p - - system_uptime - - timezone - - is_virtual -''' + - -p + - system_uptime + - timezone + - is_virtual +""" import json from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/facter_facts.py b/plugins/modules/facter_facts.py index abc3f87ebe..8f73b37644 100644 --- a/plugins/modules/facter_facts.py +++ b/plugins/modules/facter_facts.py @@ -9,47 +9,45 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: facter_facts short_description: Runs the discovery program C(facter) on the remote system and return Ansible facts version_added: 8.0.0 description: - - Runs the C(facter) discovery program - (U(https://github.com/puppetlabs/facter)) on the remote system, returning Ansible facts from the - JSON data that can be useful for inventory purposes. + - Runs the C(facter) discovery program (U(https://github.com/puppetlabs/facter)) on the remote system, returning Ansible + facts from the JSON data that can be useful for inventory purposes. extends_documentation_fragment: - - community.general.attributes - - community.general.attributes.facts - - community.general.attributes.facts_module + - community.general.attributes + - community.general.attributes.facts + - community.general.attributes.facts_module options: - arguments: - description: - - Specifies arguments for facter. - type: list - elements: str + arguments: + description: + - Specifies arguments for facter. + type: list + elements: str requirements: - - facter - - ruby-json + - facter + - ruby-json author: - - Ansible Core Team - - Michael DeHaan -''' + - Ansible Core Team + - Michael DeHaan +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Execute facter no arguments community.general.facter_facts: - name: Execute facter with arguments community.general.facter_facts: arguments: - - -p - - system_uptime - - timezone - - is_virtual -''' + - -p + - system_uptime + - timezone + - is_virtual +""" -RETURN = r''' +RETURN = r""" ansible_facts: description: Dictionary with one key C(facter). returned: always @@ -59,7 +57,7 @@ ansible_facts: description: Dictionary containing facts discovered in the remote system. returned: always type: dict -''' +""" import json diff --git a/plugins/modules/filesize.py b/plugins/modules/filesize.py index 83de682883..777c00711f 100644 --- a/plugins/modules/filesize.py +++ b/plugins/modules/filesize.py @@ -9,17 +9,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: filesize short_description: Create a file with a given size, or resize it if it exists description: - - This module is a simple wrapper around C(dd) to create, extend or truncate - a file, given its size. It can be used to manage swap files (that require - contiguous blocks) or alternatively, huge sparse files. - + - This module is a simple wrapper around C(dd) to create, extend or truncate a file, given its size. It can be used to manage + swap files (that require contiguous blocks) or alternatively, huge sparse files. author: - quidame (@quidame) @@ -40,36 +37,27 @@ options: size: description: - Requested size of the file. - - The value is a number (either C(int) or C(float)) optionally followed - by a multiplicative suffix, that can be one of V(B) (bytes), V(KB) or - V(kB) (= 1000B), V(MB) or V(mB) (= 1000kB), V(GB) or V(gB) (= 1000MB), - and so on for V(T), V(P), V(E), V(Z) and V(Y); or alternatively one of - V(K), V(k) or V(KiB) (= 1024B); V(M), V(m) or V(MiB) (= 1024KiB); + - The value is a number (either C(int) or C(float)) optionally followed by a multiplicative suffix, that can be one + of V(B) (bytes), V(KB) or V(kB) (= 1000B), V(MB) or V(mB) (= 1000kB), V(GB) or V(gB) (= 1000MB), and so on for V(T), + V(P), V(E), V(Z) and V(Y); or alternatively one of V(K), V(k) or V(KiB) (= 1024B); V(M), V(m) or V(MiB) (= 1024KiB); V(G), V(g) or V(GiB) (= 1024MiB); and so on. - - If the multiplicative suffix is not provided, the value is treated as - an integer number of blocks of O(blocksize) bytes each (float values - are rounded to the closest integer). + - If the multiplicative suffix is not provided, the value is treated as an integer number of blocks of O(blocksize) + bytes each (float values are rounded to the closest integer). - When the O(size) value is equal to the current file size, does nothing. - - When the O(size) value is bigger than the current file size, bytes from - O(source) (if O(sparse) is not V(false)) are appended to the file - without truncating it, in other words, without modifying the existing - bytes of the file. - - When the O(size) value is smaller than the current file size, it is - truncated to the requested value without modifying bytes before this - value. - - That means that a file of any arbitrary size can be grown to any other - arbitrary size, and then resized down to its initial size without - modifying its initial content. + - When the O(size) value is bigger than the current file size, bytes from O(source) (if O(sparse) is not V(false)) are + appended to the file without truncating it, in other words, without modifying the existing bytes of the file. + - When the O(size) value is smaller than the current file size, it is truncated to the requested value without modifying + bytes before this value. + - That means that a file of any arbitrary size can be grown to any other arbitrary size, and then resized down to its + initial size without modifying its initial content. type: raw required: true blocksize: description: - Size of blocks, in bytes if not followed by a multiplicative suffix. - - The numeric value (before the unit) B(MUST) be an integer (or a C(float) - if it equals an integer). - - If not set, the size of blocks is guessed from the OS and commonly - results in V(512) or V(4096) bytes, that is used internally by the - module or when O(size) has no unit. + - The numeric value (before the unit) B(MUST) be an integer (or a C(float) if it equals an integer). + - If not set, the size of blocks is guessed from the OS and commonly results in V(512) or V(4096) bytes, that is used + internally by the module or when O(size) has no unit. type: raw source: description: @@ -79,26 +67,22 @@ options: default: /dev/zero force: description: - - Whether or not to overwrite the file if it exists, in other words, to - truncate it from 0. When V(true), the module is not idempotent, that - means it always reports C(changed=true). + - Whether or not to overwrite the file if it exists, in other words, to truncate it from 0. When V(true), the module + is not idempotent, that means it always reports C(changed=true). - O(force=true) and O(sparse=true) are mutually exclusive. type: bool default: false sparse: description: - Whether or not the file to create should be a sparse file. - - This option is effective only on newly created files, or when growing a - file, only for the bytes to append. + - This option is effective only on newly created files, or when growing a file, only for the bytes to append. - This option is not supported on OSes or filesystems not supporting sparse files. - O(force=true) and O(sparse=true) are mutually exclusive. type: bool default: false unsafe_writes: description: - - This option is silently ignored. This module always modifies file - size in-place. - + - This option is silently ignored. This module always modifies file size in-place. requirements: - dd (Data Duplicator) in PATH @@ -138,9 +122,9 @@ seealso: - name: busybox(1) manpage for Linux description: Manual page of the GNU/Linux's busybox, that provides its own dd implementation. link: https://www.unix.com/man-page/linux/1/busybox -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a file of 1G filled with null bytes community.general.filesize: path: /var/bigfile @@ -183,9 +167,9 @@ EXAMPLES = r''' mode: u=rw,go= owner: root group: root -''' +""" -RETURN = r''' +RETURN = r""" cmd: description: Command executed to create or resize the file. type: str @@ -229,7 +213,7 @@ path: type: str sample: /var/swap0 returned: always -''' +""" import re diff --git a/plugins/modules/filesystem.py b/plugins/modules/filesystem.py index ec361245bd..2edc8be5ab 100644 --- a/plugins/modules/filesystem.py +++ b/plugins/modules/filesystem.py @@ -10,8 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" author: - Alexander Bulimov (@abulimov) - quidame (@quidame) @@ -29,32 +28,29 @@ attributes: options: state: description: - - If O(state=present), the filesystem is created if it doesn't already - exist, that is the default behaviour if O(state) is omitted. - - If O(state=absent), filesystem signatures on O(dev) are wiped if it - contains a filesystem (as known by C(blkid)). - - When O(state=absent), all other options but O(dev) are ignored, and the - module does not fail if the device O(dev) doesn't actually exist. + - If O(state=present), the filesystem is created if it does not already exist, that is the default behaviour if O(state) + is omitted. + - If O(state=absent), filesystem signatures on O(dev) are wiped if it contains a filesystem (as known by C(blkid)). + - When O(state=absent), all other options but O(dev) are ignored, and the module does not fail if the device O(dev) + does not actually exist. type: str - choices: [ present, absent ] + choices: [present, absent] default: present version_added: 1.3.0 fstype: - choices: [ btrfs, ext2, ext3, ext4, ext4dev, f2fs, lvm, ocfs2, reiserfs, xfs, vfat, swap, ufs ] + choices: [bcachefs, btrfs, ext2, ext3, ext4, ext4dev, f2fs, lvm, ocfs2, reiserfs, xfs, vfat, swap, ufs] description: - - Filesystem type to be created. This option is required with - O(state=present) (or if O(state) is omitted). - - ufs support has been added in community.general 3.4.0. + - Filesystem type to be created. This option is required with O(state=present) (or if O(state) is omitted). + - Ufs support has been added in community.general 3.4.0. + - Bcachefs support has been added in community.general 8.6.0. type: str aliases: [type] dev: description: - - Target path to block device (Linux) or character device (FreeBSD) or - regular file (both). - - When setting Linux-specific filesystem types on FreeBSD, this module - only works when applying to regular files, aka disk images. - - Currently V(lvm) (Linux-only) and V(ufs) (FreeBSD-only) do not support - a regular file as their target O(dev). + - Target path to block device (Linux) or character device (FreeBSD) or regular file (both). + - When setting Linux-specific filesystem types on FreeBSD, this module only works when applying to regular files, aka + disk images. + - Currently V(lvm) (Linux-only) and V(ufs) (FreeBSD-only) do not support a regular file as their target O(dev). - Support for character devices on FreeBSD has been added in community.general 3.4.0. type: path required: true @@ -67,12 +63,11 @@ options: resizefs: description: - If V(true), if the block device and filesystem size differ, grow the filesystem into the space. - - Supported for C(btrfs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(f2fs), C(lvm), C(xfs), C(ufs) and C(vfat) filesystems. - Attempts to resize other filesystem types will fail. - - XFS Will only grow if mounted. Currently, the module is based on commands - from C(util-linux) package to perform operations, so resizing of XFS is - not supported on FreeBSD systems. - - vFAT will likely fail if C(fatresize < 1.04). + - Supported for C(bcachefs), C(btrfs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(f2fs), C(lvm), C(xfs), C(ufs) and C(vfat) + filesystems. Attempts to resize other filesystem types will fail. + - XFS Will only grow if mounted. Currently, the module is based on commands from C(util-linux) package to perform operations, + so resizing of XFS is not supported on FreeBSD systems. + - VFAT will likely fail if C(fatresize < 1.04). - Mutually exclusive with O(uuid). type: bool default: false @@ -86,38 +81,34 @@ options: - The UUID options specified in O(opts) take precedence over this value. - See xfs_admin(8) (C(xfs)), tune2fs(8) (C(ext2), C(ext3), C(ext4), C(ext4dev)) for possible values. - For O(fstype=lvm) the value is ignored, it resets the PV UUID if set. - - Supported for O(fstype) being one of C(ext2), C(ext3), C(ext4), C(ext4dev), C(lvm), or C(xfs). + - Supported for O(fstype) being one of C(bcachefs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(lvm), or C(xfs). - This is B(not idempotent). Specifying this option will always result in a change. - Mutually exclusive with O(resizefs). type: str version_added: 7.1.0 requirements: - - Uses specific tools related to the O(fstype) for creating or resizing a - filesystem (from packages e2fsprogs, xfsprogs, dosfstools, and so on). - - Uses generic tools mostly related to the Operating System (Linux or - FreeBSD) or available on both, as C(blkid). + - Uses specific tools related to the O(fstype) for creating or resizing a filesystem (from packages e2fsprogs, xfsprogs, + dosfstools, and so on). + - Uses generic tools mostly related to the Operating System (Linux or FreeBSD) or available on both, as C(blkid). - On FreeBSD, either C(util-linux) or C(e2fsprogs) package is required. notes: - - Potential filesystems on O(dev) are checked using C(blkid). In case C(blkid) - is unable to detect a filesystem (and in case C(fstyp) on FreeBSD is also - unable to detect a filesystem), this filesystem is overwritten even if - O(force) is V(false). - - On FreeBSD systems, both C(e2fsprogs) and C(util-linux) packages provide - a C(blkid) command that is compatible with this module. However, these - packages conflict with each other, and only the C(util-linux) package - provides the command required to not fail when O(state=absent). + - Potential filesystems on O(dev) are checked using C(blkid). In case C(blkid) is unable to detect a filesystem (and in + case C(fstyp) on FreeBSD is also unable to detect a filesystem), this filesystem is overwritten even if O(force) is V(false). + - On FreeBSD systems, both C(e2fsprogs) and C(util-linux) packages provide a C(blkid) command that is compatible with this + module. However, these packages conflict with each other, and only the C(util-linux) package provides the command required + to not fail when O(state=absent). seealso: - module: community.general.filesize - module: ansible.posix.mount - name: xfs_admin(8) manpage for Linux - description: Manual page of the GNU/Linux's xfs_admin implementation + description: Manual page of the GNU/Linux's xfs_admin implementation. link: https://man7.org/linux/man-pages/man8/xfs_admin.8.html - name: tune2fs(8) manpage for Linux - description: Manual page of the GNU/Linux's tune2fs implementation + description: Manual page of the GNU/Linux's tune2fs implementation. link: https://man7.org/linux/man-pages/man8/tune2fs.8.html -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a ext2 filesystem on /dev/sdb1 community.general.filesystem: fstype: ext2 @@ -156,7 +147,7 @@ EXAMPLES = ''' fstype: lvm dev: /dev/sdc uuid: random -''' +""" import os import platform @@ -405,6 +396,48 @@ class Reiserfs(Filesystem): MKFS_FORCE_FLAGS = ['-q'] +class Bcachefs(Filesystem): + MKFS = 'mkfs.bcachefs' + MKFS_FORCE_FLAGS = ['--force'] + MKFS_SET_UUID_OPTIONS = ['-U', '--uuid'] + INFO = 'bcachefs' + GROW = 'bcachefs' + GROW_MAX_SPACE_FLAGS = ['device', 'resize'] + + def get_fs_size(self, dev): + """Return size in bytes of filesystem on device (integer).""" + dummy, stdout, dummy = self.module.run_command([self.module.get_bin_path(self.INFO), + 'show-super', str(dev)], check_rc=True) + + for line in stdout.splitlines(): + if "Size: " in line: + parts = line.split() + unit = parts[2] + + base = None + exp = None + + units_2 = ["B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB"] + units_10 = ["B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"] + + try: + exp = units_2.index(unit) + base = 1024 + except ValueError: + exp = units_10.index(unit) + base = 1000 + + if exp == 0: + value = int(parts[1]) + else: + value = float(parts[1]) + + if base is not None and exp is not None: + return int(value * pow(base, exp)) + + raise ValueError(repr(stdout)) + + class Btrfs(Filesystem): MKFS = 'mkfs.btrfs' INFO = 'btrfs' @@ -567,6 +600,7 @@ class UFS(Filesystem): FILESYSTEMS = { + 'bcachefs': Bcachefs, 'ext2': Ext2, 'ext3': Ext3, 'ext4': Ext4, diff --git a/plugins/modules/flatpak.py b/plugins/modules/flatpak.py index 80dbabdfa0..13898c3349 100644 --- a/plugins/modules/flatpak.py +++ b/plugins/modules/flatpak.py @@ -10,8 +10,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: flatpak short_description: Manage flatpaks description: @@ -26,71 +25,68 @@ extends_documentation_fragment: - community.general.attributes attributes: check_mode: - support: full + support: partial + details: + - If O(state=latest), the module will always return C(changed=true). diff_mode: support: none options: executable: description: - - The path to the C(flatpak) executable to use. - - By default, this module looks for the C(flatpak) executable on the path. + - The path to the C(flatpak) executable to use. + - By default, this module looks for the C(flatpak) executable on the path. type: path default: flatpak method: description: - - The installation method to use. - - Defines if the C(flatpak) is supposed to be installed globally for the whole V(system) - or only for the current V(user). + - The installation method to use. + - Defines if the C(flatpak) is supposed to be installed globally for the whole V(system) or only for the current V(user). type: str - choices: [ system, user ] + choices: [system, user] default: system name: description: - - The name of the flatpak to manage. To operate on several packages this - can accept a list of packages. - - When used with O(state=present), O(name) can be specified as a URL to a - C(flatpakref) file or the unique reverse DNS name that identifies a flatpak. - - Both C(https://) and C(http://) URLs are supported. - - When supplying a reverse DNS name, you can use the O(remote) option to specify on what remote - to look for the flatpak. An example for a reverse DNS name is C(org.gnome.gedit). - - When used with O(state=absent), it is recommended to specify the name in the reverse DNS - format. - - When supplying a URL with O(state=absent), the module will try to match the - installed flatpak based on the name of the flatpakref to remove it. However, there is no - guarantee that the names of the flatpakref file and the reverse DNS name of the installed - flatpak do match. + - The name of the flatpak to manage. To operate on several packages this can accept a list of packages. + - When used with O(state=present), O(name) can be specified as a URL to a C(flatpakref) file or the unique reverse DNS + name that identifies a flatpak. + - Both C(https://) and C(http://) URLs are supported. + - When supplying a reverse DNS name, you can use the O(remote) option to specify on what remote to look for the flatpak. + An example for a reverse DNS name is C(org.gnome.gedit). + - When used with O(state=absent) or O(state=latest), it is recommended to specify the name in the reverse DNS format. + - When supplying a URL with O(state=absent) or O(state=latest), the module will try to match the installed flatpak based + on the name of the flatpakref to remove or update it. However, there is no guarantee that the names of the flatpakref + file and the reverse DNS name of the installed flatpak do match. type: list elements: str required: true no_dependencies: description: - - If installing runtime dependencies should be omitted or not - - This parameter is primarily implemented for integration testing this module. - There might however be some use cases where you would want to have this, like when you are - packaging your own flatpaks. + - If installing runtime dependencies should be omitted or not. + - This parameter is primarily implemented for integration testing this module. There might however be some use cases + where you would want to have this, like when you are packaging your own flatpaks. type: bool default: false version_added: 3.2.0 remote: description: - - The flatpak remote (repository) to install the flatpak from. - - By default, V(flathub) is assumed, but you do need to add the flathub flatpak_remote before - you can use this. - - See the M(community.general.flatpak_remote) module for managing flatpak remotes. + - The flatpak remote (repository) to install the flatpak from. + - By default, V(flathub) is assumed, but you do need to add the flathub flatpak_remote before you can use this. + - See the M(community.general.flatpak_remote) module for managing flatpak remotes. type: str default: flathub state: description: - - Indicates the desired package state. - choices: [ absent, present ] + - Indicates the desired package state. + - The value V(latest) is supported since community.general 8.6.0. + choices: [absent, present, latest] type: str default: present -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Install the spotify flatpak community.general.flatpak: - name: https://s3.amazonaws.com/alexlarsson/spotify-repo/spotify.flatpakref + name: https://s3.amazonaws.com/alexlarsson/spotify-repo/spotify.flatpakref state: present - name: Install the gedit flatpak package without dependencies (not recommended) @@ -118,6 +114,37 @@ EXAMPLES = r''' - org.inkscape.Inkscape - org.mozilla.firefox +- name: Update the spotify flatpak + community.general.flatpak: + name: https://s3.amazonaws.com/alexlarsson/spotify-repo/spotify.flatpakref + state: latest + +- name: Update the gedit flatpak package without dependencies (not recommended) + community.general.flatpak: + name: https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref + state: latest + no_dependencies: true + +- name: Update the gedit package from flathub for current user + community.general.flatpak: + name: org.gnome.gedit + state: latest + method: user + +- name: Update the Gnome Calendar flatpak from the gnome remote system-wide + community.general.flatpak: + name: org.gnome.Calendar + state: latest + remote: gnome + +- name: Update multiple packages + community.general.flatpak: + name: + - org.gimp.GIMP + - org.inkscape.Inkscape + - org.mozilla.firefox + state: latest + - name: Remove the gedit flatpak community.general.flatpak: name: org.gnome.gedit @@ -130,35 +157,35 @@ EXAMPLES = r''' - org.inkscape.Inkscape - org.mozilla.firefox state: absent -''' +""" -RETURN = r''' +RETURN = r""" command: - description: The exact flatpak command that was executed + description: The exact flatpak command that was executed. returned: When a flatpak command has been executed type: str sample: "/usr/bin/flatpak install --user --nontinteractive flathub org.gnome.Calculator" msg: - description: Module error message + description: Module error message. returned: failure type: str sample: "Executable '/usr/local/bin/flatpak' was not found on the system." rc: - description: Return code from flatpak binary + description: Return code from flatpak binary. returned: When a flatpak command has been executed type: int sample: 0 stderr: - description: Error output from flatpak binary + description: Error output from flatpak binary. returned: When a flatpak command has been executed type: str sample: "error: Error searching remote flathub: Can't find ref org.gnome.KDE" stdout: - description: Output from flatpak binary + description: Output from flatpak binary. returned: When a flatpak command has been executed type: str sample: "org.gnome.Calendar/x86_64/stable\tcurrent\norg.gnome.gitg/x86_64/stable\tcurrent\n" -''' +""" from ansible.module_utils.six.moves.urllib.parse import urlparse from ansible.module_utils.basic import AnsibleModule @@ -195,6 +222,28 @@ def install_flat(module, binary, remote, names, method, no_dependencies): result['changed'] = True +def update_flat(module, binary, names, method, no_dependencies): + """Update existing flatpaks.""" + global result # pylint: disable=global-variable-not-assigned + installed_flat_names = [ + _match_installed_flat_name(module, binary, name, method) + for name in names + ] + command = [binary, "update", "--{0}".format(method)] + flatpak_version = _flatpak_version(module, binary) + if LooseVersion(flatpak_version) < LooseVersion('1.1.3'): + command += ["-y"] + else: + command += ["--noninteractive"] + if no_dependencies: + command += ["--no-deps"] + command += installed_flat_names + stdout = _flatpak_command(module, module.check_mode, command) + result["changed"] = ( + True if module.check_mode else stdout.find("Nothing to do.") == -1 + ) + + def uninstall_flat(module, binary, names, method): """Remove existing flatpaks.""" global result # pylint: disable=global-variable-not-assigned @@ -273,13 +322,39 @@ def _match_flat_using_flatpak_column_feature(module, binary, parsed_name, method return row.split()[0] +def _is_flatpak_id(part): + # For guidelines on application IDs, refer to the following resources: + # Flatpak: + # https://docs.flatpak.org/en/latest/conventions.html#application-ids + # Flathub: + # https://docs.flathub.org/docs/for-app-authors/requirements#application-id + if '.' not in part: + return False + sections = part.split('.') + if len(sections) < 2: + return False + domain = sections[0] + if not domain.islower(): + return False + for section in sections[1:]: + if not section.isalnum(): + return False + return True + + def _parse_flatpak_name(name): if name.startswith('http://') or name.startswith('https://'): file_name = urlparse(name).path.split('/')[-1] file_name_without_extension = file_name.split('.')[0:-1] common_name = ".".join(file_name_without_extension) else: - common_name = name + parts = name.split('/') + for part in parts: + if _is_flatpak_id(part): + common_name = part + break + else: + common_name = name return common_name @@ -313,7 +388,7 @@ def main(): method=dict(type='str', default='system', choices=['user', 'system']), state=dict(type='str', default='present', - choices=['absent', 'present']), + choices=['absent', 'present', 'latest']), no_dependencies=dict(type='bool', default=False), executable=dict(type='path', default='flatpak') ), @@ -337,11 +412,16 @@ def main(): if not binary: module.fail_json(msg="Executable '%s' was not found on the system." % executable, **result) + module.run_command_environ_update = dict(LANGUAGE='C', LC_ALL='C') + installed, not_installed = flatpak_exists(module, binary, name, method) - if state == 'present' and not_installed: - install_flat(module, binary, remote, not_installed, method, no_dependencies) - elif state == 'absent' and installed: + if state == 'absent' and installed: uninstall_flat(module, binary, installed, method) + else: + if state == 'latest' and installed: + update_flat(module, binary, installed, method, no_dependencies) + if state in ('present', 'latest') and not_installed: + install_flat(module, binary, remote, not_installed, method, no_dependencies) module.exit_json(**result) diff --git a/plugins/modules/flatpak_remote.py b/plugins/modules/flatpak_remote.py index a4eb3ea27c..ba202d3033 100644 --- a/plugins/modules/flatpak_remote.py +++ b/plugins/modules/flatpak_remote.py @@ -10,15 +10,13 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: flatpak_remote short_description: Manage flatpak repository remotes description: - Allows users to add or remove flatpak remotes. - - The flatpak remotes concept is comparable to what is called repositories in other packaging - formats. - - Currently, remote addition is only supported via C(flatpakrepo) file URLs. + - The flatpak remotes concept is comparable to what is called repositories in other packaging formats. + - Currently, remote addition is only supported using C(flatpakrepo) file URLs. - Existing remotes will not be updated. - See the M(community.general.flatpak) module for managing flatpaks. author: @@ -36,49 +34,47 @@ attributes: options: executable: description: - - The path to the C(flatpak) executable to use. - - By default, this module looks for the C(flatpak) executable on the path. + - The path to the C(flatpak) executable to use. + - By default, this module looks for the C(flatpak) executable on the path. type: str default: flatpak flatpakrepo_url: description: - - The URL to the C(flatpakrepo) file representing the repository remote to add. - - When used with O(state=present), the flatpak remote specified under the O(flatpakrepo_url) - is added using the specified installation O(method). - - When used with O(state=absent), this is not required. - - Required when O(state=present). + - The URL to the C(flatpakrepo) file representing the repository remote to add. + - When used with O(state=present), the flatpak remote specified under the O(flatpakrepo_url) is added using the specified + installation O(method). + - When used with O(state=absent), this is not required. + - Required when O(state=present). type: str method: description: - - The installation method to use. - - Defines if the C(flatpak) is supposed to be installed globally for the whole V(system) - or only for the current V(user). + - The installation method to use. + - Defines if the C(flatpak) is supposed to be installed globally for the whole V(system) or only for the current V(user). type: str - choices: [ system, user ] + choices: [system, user] default: system name: description: - - The desired name for the flatpak remote to be registered under on the managed host. - - When used with O(state=present), the remote will be added to the managed host under - the specified O(name). - - When used with O(state=absent) the remote with that name will be removed. + - The desired name for the flatpak remote to be registered under on the managed host. + - When used with O(state=present), the remote will be added to the managed host under the specified O(name). + - When used with O(state=absent) the remote with that name will be removed. type: str required: true state: description: - - Indicates the desired package state. + - Indicates the desired package state. type: str - choices: [ absent, present ] + choices: [absent, present] default: present enabled: description: - - Indicates whether this remote is enabled. + - Indicates whether this remote is enabled. type: bool default: true version_added: 6.4.0 -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Add the Gnome flatpak remote to the system installation community.general.flatpak_remote: name: gnome @@ -108,35 +104,35 @@ EXAMPLES = r''' name: flathub state: present enabled: false -''' +""" -RETURN = r''' +RETURN = r""" command: - description: The exact flatpak command that was executed + description: The exact flatpak command that was executed. returned: When a flatpak command has been executed type: str sample: "/usr/bin/flatpak remote-add --system flatpak-test https://dl.flathub.org/repo/flathub.flatpakrepo" msg: - description: Module error message + description: Module error message. returned: failure type: str sample: "Executable '/usr/local/bin/flatpak' was not found on the system." rc: - description: Return code from flatpak binary + description: Return code from flatpak binary. returned: When a flatpak command has been executed type: int sample: 0 stderr: - description: Error output from flatpak binary + description: Error output from flatpak binary. returned: When a flatpak command has been executed type: str sample: "error: GPG verification enabled, but no summary found (check that the configured URL in remote config is correct)\n" stdout: - description: Output from flatpak binary + description: Output from flatpak binary. returned: When a flatpak command has been executed type: str sample: "flathub\tFlathub\thttps://dl.flathub.org/repo/\t1\t\n" -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.text.converters import to_bytes, to_native diff --git a/plugins/modules/flowdock.py b/plugins/modules/flowdock.py deleted file mode 100644 index 0e8a7461da..0000000000 --- a/plugins/modules/flowdock.py +++ /dev/null @@ -1,211 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# Copyright 2013 Matt Coddington -# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) -# SPDX-License-Identifier: GPL-3.0-or-later - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = ''' ---- - -deprecated: - removed_in: 9.0.0 - why: the endpoints this module relies on do not exist any more and do not resolve to IPs in DNS. - alternative: no known alternative at this point - -module: flowdock -author: "Matt Coddington (@mcodd)" -short_description: Send a message to a flowdock -description: - - Send a message to a flowdock team inbox or chat using the push API (see https://www.flowdock.com/api/team-inbox and https://www.flowdock.com/api/chat) -extends_documentation_fragment: - - community.general.attributes -attributes: - check_mode: - support: full - diff_mode: - support: none -options: - token: - type: str - description: - - API token. - required: true - type: - type: str - description: - - Whether to post to 'inbox' or 'chat' - required: true - choices: [ "inbox", "chat" ] - msg: - type: str - description: - - Content of the message - required: true - tags: - type: str - description: - - tags of the message, separated by commas - required: false - external_user_name: - type: str - description: - - (chat only - required) Name of the "user" sending the message - required: false - from_address: - type: str - description: - - (inbox only - required) Email address of the message sender - required: false - source: - type: str - description: - - (inbox only - required) Human readable identifier of the application that uses the Flowdock API - required: false - subject: - type: str - description: - - (inbox only - required) Subject line of the message - required: false - from_name: - type: str - description: - - (inbox only) Name of the message sender - required: false - reply_to: - type: str - description: - - (inbox only) Email address for replies - required: false - project: - type: str - description: - - (inbox only) Human readable identifier for more detailed message categorization - required: false - link: - type: str - description: - - (inbox only) Link associated with the message. This will be used to link the message subject in Team Inbox. - required: false - validate_certs: - description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. - required: false - default: true - type: bool - -requirements: [ ] -''' - -EXAMPLES = ''' -- name: Send a message to a flowdock - community.general.flowdock: - type: inbox - token: AAAAAA - from_address: user@example.com - source: my cool app - msg: test from ansible - subject: test subject - -- name: Send a message to a flowdock - community.general.flowdock: - type: chat - token: AAAAAA - external_user_name: testuser - msg: test from ansible - tags: tag1,tag2,tag3 -''' - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.six.moves.urllib.parse import urlencode -from ansible.module_utils.urls import fetch_url - - -# =========================================== -# Module execution. -# - -def main(): - - module = AnsibleModule( - argument_spec=dict( - token=dict(required=True, no_log=True), - msg=dict(required=True), - type=dict(required=True, choices=["inbox", "chat"]), - external_user_name=dict(required=False), - from_address=dict(required=False), - source=dict(required=False), - subject=dict(required=False), - from_name=dict(required=False), - reply_to=dict(required=False), - project=dict(required=False), - tags=dict(required=False), - link=dict(required=False), - validate_certs=dict(default=True, type='bool'), - ), - supports_check_mode=True - ) - - type = module.params["type"] - token = module.params["token"] - if type == 'inbox': - url = "https://api.flowdock.com/v1/messages/team_inbox/%s" % (token) - else: - url = "https://api.flowdock.com/v1/messages/chat/%s" % (token) - - params = {} - - # required params - params['content'] = module.params["msg"] - - # required params for the 'chat' type - if module.params['external_user_name']: - if type == 'inbox': - module.fail_json(msg="external_user_name is not valid for the 'inbox' type") - else: - params['external_user_name'] = module.params["external_user_name"] - elif type == 'chat': - module.fail_json(msg="external_user_name is required for the 'chat' type") - - # required params for the 'inbox' type - for item in ['from_address', 'source', 'subject']: - if module.params[item]: - if type == 'chat': - module.fail_json(msg="%s is not valid for the 'chat' type" % item) - else: - params[item] = module.params[item] - elif type == 'inbox': - module.fail_json(msg="%s is required for the 'inbox' type" % item) - - # optional params - if module.params["tags"]: - params['tags'] = module.params["tags"] - - # optional params for the 'inbox' type - for item in ['from_name', 'reply_to', 'project', 'link']: - if module.params[item]: - if type == 'chat': - module.fail_json(msg="%s is not valid for the 'chat' type" % item) - else: - params[item] = module.params[item] - - # If we're in check mode, just exit pretending like we succeeded - if module.check_mode: - module.exit_json(changed=False) - - # Send the data to Flowdock - data = urlencode(params) - response, info = fetch_url(module, url, data=data) - if info['status'] != 200: - module.fail_json(msg="unable to send msg: %s" % info['msg']) - - module.exit_json(changed=True, msg=module.params["msg"]) - - -if __name__ == '__main__': - main() diff --git a/plugins/modules/gandi_livedns.py b/plugins/modules/gandi_livedns.py index fdb7993a5e..e90483a49d 100644 --- a/plugins/modules/gandi_livedns.py +++ b/plugins/modules/gandi_livedns.py @@ -8,15 +8,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: gandi_livedns author: - Gregory Thiemonge (@gthiemonge) version_added: "2.3.0" short_description: Manage Gandi LiveDNS records description: - - "Manages DNS records by the Gandi LiveDNS API, see the docs: U(https://doc.livedns.gandi.net/)." + - 'Manages DNS records by the Gandi LiveDNS API, see the docs: U(https://doc.livedns.gandi.net/).' extends_documentation_fragment: - community.general.attributes attributes: @@ -25,26 +24,33 @@ attributes: diff_mode: support: none options: + personal_access_token: + description: + - Scoped API token. + - One of O(personal_access_token) and O(api_key) must be specified. + type: str + version_added: 9.0.0 api_key: description: - - Account API token. + - Account API token. + - Note that these type of keys are deprecated and might stop working at some point. Use personal access tokens instead. + - One of O(personal_access_token) and O(api_key) must be specified. type: str - required: true record: description: - - Record to add. + - Record to add. type: str required: true state: description: - - Whether the record(s) should exist or not. + - Whether the record(s) should exist or not. type: str - choices: [ absent, present ] + choices: [absent, present] default: present ttl: description: - - The TTL to give the new record. - - Required when O(state=present). + - The TTL to give the new record. + - Required when O(state=present). type: int type: description: @@ -53,27 +59,27 @@ options: required: true values: description: - - The record values. - - Required when O(state=present). + - The record values. + - Required when O(state=present). type: list elements: str domain: description: - - The name of the Domain to work with (for example, "example.com"). + - The name of the Domain to work with (for example, V(example.com)). required: true type: str -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a test A record to point to 127.0.0.1 in the my.com domain community.general.gandi_livedns: domain: my.com record: test type: A values: - - 127.0.0.1 + - 127.0.0.1 ttl: 7200 - api_key: dummyapitoken + personal_access_token: dummytoken register: record - name: Create a mail CNAME record to www.my.com domain @@ -82,9 +88,9 @@ EXAMPLES = r''' type: CNAME record: mail values: - - www + - www ttl: 7200 - api_key: dummyapitoken + personal_access_token: dummytoken state: present - name: Change its TTL @@ -93,9 +99,9 @@ EXAMPLES = r''' type: CNAME record: mail values: - - www + - www ttl: 10800 - api_key: dummyapitoken + personal_access_token: dummytoken state: present - name: Delete the record @@ -103,45 +109,55 @@ EXAMPLES = r''' domain: my.com type: CNAME record: mail - api_key: dummyapitoken + personal_access_token: dummytoken state: absent -''' -RETURN = r''' +- name: Use a (deprecated) API Key + community.general.gandi_livedns: + domain: my.com + record: test + type: A + values: + - 127.0.0.1 + ttl: 7200 + api_key: dummyapikey +""" + +RETURN = r""" record: - description: A dictionary containing the record data. - returned: success, except on record deletion - type: dict - contains: - values: - description: The record content (details depend on record type). - returned: success - type: list - elements: str - sample: - - 192.0.2.91 - - 192.0.2.92 - record: - description: The record name. - returned: success - type: str - sample: www - ttl: - description: The time-to-live for the record. - returned: success - type: int - sample: 300 - type: - description: The record type. - returned: success - type: str - sample: A - domain: - description: The domain associated with the record. - returned: success - type: str - sample: my.com -''' + description: A dictionary containing the record data. + returned: success, except on record deletion + type: dict + contains: + values: + description: The record content (details depend on record type). + returned: success + type: list + elements: str + sample: + - 192.0.2.91 + - 192.0.2.92 + record: + description: The record name. + returned: success + type: str + sample: www + ttl: + description: The time-to-live for the record. + returned: success + type: int + sample: 300 + type: + description: The record type. + returned: success + type: str + sample: A + domain: + description: The domain associated with the record. + returned: success + type: str + sample: my.com +""" from ansible.module_utils.basic import AnsibleModule @@ -151,7 +167,8 @@ from ansible_collections.community.general.plugins.module_utils.gandi_livedns_ap def main(): module = AnsibleModule( argument_spec=dict( - api_key=dict(type='str', required=True, no_log=True), + api_key=dict(type='str', no_log=True), + personal_access_token=dict(type='str', no_log=True), record=dict(type='str', required=True), state=dict(type='str', default='present', choices=['absent', 'present']), ttl=dict(type='int'), @@ -163,6 +180,12 @@ def main(): required_if=[ ('state', 'present', ['values', 'ttl']), ], + mutually_exclusive=[ + ('api_key', 'personal_access_token'), + ], + required_one_of=[ + ('api_key', 'personal_access_token'), + ], ) gandi_api = GandiLiveDNSAPI(module) diff --git a/plugins/modules/gconftool2.py b/plugins/modules/gconftool2.py index a40304a166..86e878ed61 100644 --- a/plugins/modules/gconftool2.py +++ b/plugins/modules/gconftool2.py @@ -9,14 +9,19 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gconftool2 author: - Kenneth D. Evensen (@kevensen) short_description: Edit GNOME Configurations description: - - This module allows for the manipulation of GNOME 2 Configuration via - gconftool-2. Please see the gconftool-2(1) man pages for more details. + - This module allows for the manipulation of GNOME 2 Configuration using C(gconftool-2). Please see the gconftool-2(1) man + pages for more details. +seealso: + - name: C(gconftool-2) command manual page + description: Manual page for the command. + link: https://help.gnome.org/admin//system-admin-guide/2.32/gconf-6.html.en + extends_documentation_fragment: - community.general.attributes attributes: @@ -28,42 +33,37 @@ options: key: type: str description: - - A GConf preference key is an element in the GConf repository - that corresponds to an application preference. See man gconftool-2(1). + - A GConf preference key is an element in the GConf repository that corresponds to an application preference. required: true value: type: str description: - - Preference keys typically have simple values such as strings, - integers, or lists of strings and integers. - This is ignored unless O(state=present). See man gconftool-2(1). + - Preference keys typically have simple values such as strings, integers, or lists of strings and integers. This is + ignored unless O(state=present). value_type: type: str description: - - The type of value being set. - This is ignored unless O(state=present). See man gconftool-2(1). - choices: [ bool, float, int, string ] + - The type of value being set. This is ignored unless O(state=present). + choices: [bool, float, int, string] state: type: str description: - - The action to take upon the key/value. + - The action to take upon the key/value. required: true - choices: [ absent, present ] + choices: [absent, present] config_source: type: str description: - - Specify a configuration source to use rather than the default path. - See man gconftool-2(1). + - Specify a configuration source to use rather than the default path. direct: description: - - Access the config database directly, bypassing server. If O(direct) is - specified then the O(config_source) must be specified as well. - See man gconftool-2(1). + - Access the config database directly, bypassing server. If O(direct) is specified then the O(config_source) must be + specified as well. type: bool default: false -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Change the widget font to "Serif 12" community.general.gconftool2: key: "/desktop/gnome/interface/font_name" @@ -71,33 +71,38 @@ EXAMPLES = """ value: "Serif 12" """ -RETURN = ''' - key: - description: The key specified in the module parameters. - returned: success - type: str - sample: /desktop/gnome/interface/font_name - value_type: - description: The type of the value that was changed. - returned: success - type: str - sample: string - value: - description: - - The value of the preference key after executing the module or V(null) if key is removed. - - From community.general 7.0.0 onwards it returns V(null) for a non-existent O(key), and returned V("") before that. - returned: success - type: str - sample: "Serif 12" - previous_value: - description: - - The value of the preference key before executing the module. - - From community.general 7.0.0 onwards it returns V(null) for a non-existent O(key), and returned V("") before that. - returned: success - type: str - sample: "Serif 12" -... -''' +RETURN = r""" +key: + description: The key specified in the module parameters. + returned: success + type: str + sample: /desktop/gnome/interface/font_name +value_type: + description: The type of the value that was changed. + returned: success + type: str + sample: string +value: + description: + - The value of the preference key after executing the module or V(null) if key is removed. + - From community.general 7.0.0 onwards it returns V(null) for a non-existent O(key), and returned V("") before that. + returned: success + type: str + sample: "Serif 12" +previous_value: + description: + - The value of the preference key before executing the module. + - From community.general 7.0.0 onwards it returns V(null) for a non-existent O(key), and returned V("") before that. + returned: success + type: str + sample: "Serif 12" +version: + description: Version of gconftool-2. + type: str + returned: always + sample: "3.2.6" + version_added: 10.0.0 +""" from ansible_collections.community.general.plugins.module_utils.module_helper import StateModuleHelper from ansible_collections.community.general.plugins.module_utils.gconftool2 import gconftool2_runner @@ -123,12 +128,16 @@ class GConftool(StateModuleHelper): ], supports_check_mode=True, ) + use_old_vardict = False def __init_module__(self): self.runner = gconftool2_runner(self.module, check_rc=True) - if self.vars.state != "get": - if not self.vars.direct and self.vars.config_source is not None: - self.module.fail_json(msg='If the "config_source" is specified then "direct" must be "true"') + if not self.vars.direct and self.vars.config_source is not None: + self.do_raise('If the "config_source" is specified then "direct" must be "true"') + + with self.runner("version") as ctx: + rc, out, err = ctx.run() + self.vars.version = out.strip() self.vars.set('previous_value', self._get(), fact=True) self.vars.set('value_type', self.vars.value_type) @@ -139,7 +148,7 @@ class GConftool(StateModuleHelper): def _make_process(self, fail_on_err): def process(rc, out, err): if err and fail_on_err: - self.ansible.fail_json(msg='gconftool-2 failed with error: %s' % (str(err))) + self.do_raise('gconftool-2 failed with error:\n%s' % err.strip()) out = out.rstrip() self.vars.value = None if out == "" else out return self.vars.value @@ -151,16 +160,14 @@ class GConftool(StateModuleHelper): def state_absent(self): with self.runner("state key", output_process=self._make_process(False)) as ctx: ctx.run() - if self.verbosity >= 4: - self.vars.run_info = ctx.run_info + self.vars.set('run_info', ctx.run_info, verbosity=4) self.vars.set('new_value', None, fact=True) self.vars._value = None def state_present(self): with self.runner("direct config_source value_type state key value", output_process=self._make_process(True)) as ctx: ctx.run() - if self.verbosity >= 4: - self.vars.run_info = ctx.run_info + self.vars.set('run_info', ctx.run_info, verbosity=4) self.vars.set('new_value', self._get(), fact=True) self.vars._value = self.vars.new_value diff --git a/plugins/modules/gconftool2_info.py b/plugins/modules/gconftool2_info.py index 282065b95e..29965be46b 100644 --- a/plugins/modules/gconftool2_info.py +++ b/plugins/modules/gconftool2_info.py @@ -7,10 +7,10 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gconftool2_info author: - - "Alexei Znamensky (@russoz)" + - "Alexei Znamensky (@russoz)" short_description: Retrieve GConf configurations version_added: 5.1.0 description: @@ -21,32 +21,39 @@ extends_documentation_fragment: options: key: description: - - The key name for an element in the GConf database. + - The key name for an element in the GConf database. type: str required: true -notes: - - See man gconftool-2(1) for more details. seealso: + - name: C(gconftool-2) command manual page + description: Manual page for the command. + link: https://help.gnome.org/admin//system-admin-guide/2.32/gconf-6.html.en - name: gconf repository (archived) description: Git repository for the project. It is an archived project, so the repository is read-only. link: https://gitlab.gnome.org/Archive/gconf -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Get value for a certain key in the database. community.general.gconftool2_info: key: /desktop/gnome/background/picture_filename register: result """ -RETURN = ''' - value: - description: +RETURN = r""" +value: + description: - The value of the property. - returned: success - type: str - sample: Monospace 10 -''' + returned: success + type: str + sample: Monospace 10 +version: + description: Version of gconftool-2. + type: str + returned: always + sample: "3.2.6" + version_added: 10.0.0 +""" from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper from ansible_collections.community.general.plugins.module_utils.gconftool2 import gconftool2_runner @@ -60,9 +67,13 @@ class GConftoolInfo(ModuleHelper): ), supports_check_mode=True, ) + use_old_vardict = False def __init_module__(self): self.runner = gconftool2_runner(self.module, check_rc=True) + with self.runner("version") as ctx: + rc, out, err = ctx.run() + self.vars.version = out.strip() def __run__(self): with self.runner.context(args_order=["state", "key"]) as ctx: diff --git a/plugins/modules/gem.py b/plugins/modules/gem.py index f51e3350da..c01433cb90 100644 --- a/plugins/modules/gem.py +++ b/plugins/modules/gem.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: gem short_description: Manage Ruby gems description: @@ -49,38 +48,37 @@ options: repository: type: str description: - - The repository from which the gem will be installed + - The repository from which the gem will be installed. required: false aliases: [source] user_install: description: - - Install gem in user's local gems cache or for all users + - Install gem in user's local gems cache or for all users. required: false type: bool default: true executable: type: path description: - - Override the path to the gem executable + - Override the path to the gem executable. required: false install_dir: type: path description: - - Install the gems into a specific directory. - These gems will be independent from the global installed ones. - Specifying this requires user_install to be false. + - Install the gems into a specific directory. These gems will be independent from the global installed ones. Specifying + this requires user_install to be false. required: false bindir: type: path description: - - Install executables into a specific directory. + - Install executables into a specific directory. version_added: 3.3.0 norc: type: bool default: true description: - - Avoid loading any C(.gemrc) file. Ignored for RubyGems prior to 2.5.2. - - The default changed from V(false) to V(true) in community.general 6.0.0. + - Avoid loading any C(.gemrc) file. Ignored for RubyGems prior to 2.5.2. + - The default changed from V(false) to V(true) in community.general 6.0.0. version_added: 3.3.0 env_shebang: description: @@ -108,7 +106,7 @@ options: build_flags: type: str description: - - Allow adding build flags for gem compilation + - Allow adding build flags for gem compilation. required: false force: description: @@ -117,11 +115,11 @@ options: default: false type: bool author: - - "Ansible Core Team" - - "Johan Wiren (@johanwiren)" -''' + - "Ansible Core Team" + - "Johan Wiren (@johanwiren)" +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install version 1.0 of vagrant community.general.gem: name: vagrant @@ -138,7 +136,7 @@ EXAMPLES = ''' name: rake gem_source: /path/to/gems/rake-1.0.gem state: present -''' +""" import re diff --git a/plugins/modules/gio_mime.py b/plugins/modules/gio_mime.py index 27f90581ef..216b7faae0 100644 --- a/plugins/modules/gio_mime.py +++ b/plugins/modules/gio_mime.py @@ -7,14 +7,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gio_mime author: - "Alexei Znamensky (@russoz)" short_description: Set default handler for MIME type, for applications using Gnome GIO version_added: 7.5.0 description: - - This module allows configuring the default handler for a specific MIME type, to be used by applications built with th Gnome GIO API. + - This module allows configuring the default handler for a specific MIME type, to be used by applications built with the + Gnome GIO API. extends_documentation_fragment: - community.general.attributes attributes: @@ -37,12 +38,15 @@ notes: - This module is a thin wrapper around the C(gio mime) command (and subcommand). - See man gio(1) for more details. seealso: + - name: C(gio) command manual page + description: Manual page for the command. + link: https://man.archlinux.org/man/gio.1 - name: GIO Documentation description: Reference documentation for the GIO API.. link: https://docs.gtk.org/gio/ -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Set chrome as the default handler for https community.general.gio_mime: mime_type: x-scheme-handler/https @@ -50,26 +54,32 @@ EXAMPLES = """ register: result """ -RETURN = ''' - handler: - description: +RETURN = r""" +handler: + description: - The handler set as default. - returned: success - type: str - sample: google-chrome.desktop - stdout: - description: + returned: success + type: str + sample: google-chrome.desktop +stdout: + description: - The output of the C(gio) command. - returned: success - type: str - sample: Set google-chrome.desktop as the default for x-scheme-handler/https - stderr: - description: + returned: success + type: str + sample: Set google-chrome.desktop as the default for x-scheme-handler/https +stderr: + description: - The error output of the C(gio) command. - returned: failure - type: str - sample: 'gio: Failed to load info for handler "never-existed.desktop"' -''' + returned: failure + type: str + sample: 'gio: Failed to load info for handler "never-existed.desktop"' +version: + description: Version of gio. + type: str + returned: always + sample: "2.80.0" + version_added: 10.0.0 +""" from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper from ansible_collections.community.general.plugins.module_utils.gio_mime import gio_mime_runner, gio_mime_get @@ -84,20 +94,23 @@ class GioMime(ModuleHelper): ), supports_check_mode=True, ) + use_old_vardict = False def __init_module__(self): self.runner = gio_mime_runner(self.module, check_rc=True) + with self.runner("version") as ctx: + rc, out, err = ctx.run() + self.vars.version = out.strip() self.vars.set_meta("handler", initial_value=gio_mime_get(self.runner, self.vars.mime_type), diff=True, change=True) def __run__(self): check_mode_return = (0, 'Module executed in check mode', '') - if self.vars.has_changed("handler"): - with self.runner.context(args_order=["mime_type", "handler"], check_mode_skip=True, check_mode_return=check_mode_return) as ctx: + if self.vars.has_changed: + with self.runner.context(args_order="mime mime_type handler", check_mode_skip=True, check_mode_return=check_mode_return) as ctx: rc, out, err = ctx.run() self.vars.stdout = out self.vars.stderr = err - if self.verbosity >= 4: - self.vars.run_info = ctx.run_info + self.vars.set("run_info", ctx.run_info, verbosity=4) def main(): diff --git a/plugins/modules/git_config.py b/plugins/modules/git_config.py index a8d2ebe979..6a6eff0be2 100644 --- a/plugins/modules/git_config.py +++ b/plugins/modules/git_config.py @@ -11,20 +11,18 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: git_config author: - Matthew Gamble (@djmattyg007) - Marius Gedminas (@mgedmin) requirements: ['git'] -short_description: Read and write git configuration +short_description: Update git configuration description: - - The M(community.general.git_config) module changes git configuration by invoking C(git config). - This is needed if you do not want to use M(ansible.builtin.template) for the entire git - config file (for example because you need to change just C(user.email) in - /etc/.git/config). Solutions involving M(ansible.builtin.command) are cumbersome or - do not work correctly in check mode. + - The M(community.general.git_config) module changes git configuration by invoking C(git config). This is needed if you + do not want to use M(ansible.builtin.template) for the entire git config file (for example because you need to change + just C(user.email) in C(/etc/.git/config)). Solutions involving M(ansible.builtin.command) are cumbersome or do not work + correctly in check mode. extends_documentation_fragment: - community.general.attributes attributes: @@ -36,17 +34,17 @@ options: list_all: description: - List all settings (optionally limited to a given O(scope)). + - This option is B(deprecated) and will be removed from community.general 11.0.0. Please use M(community.general.git_config_info) + instead. type: bool default: false name: description: - - The name of the setting. If no value is supplied, the value will - be read from the config if it has been set. + - The name of the setting. If no value is supplied, the value will be read from the config if it has been set. type: str repo: description: - - Path to a git repository for reading and writing values from a - specific repo. + - Path to a git repository for reading and writing values from a specific repo. type: path file: description: @@ -60,34 +58,34 @@ options: - If this is set to V(local), you must also specify the O(repo) parameter. - If this is set to V(file), you must also specify the O(file) parameter. - It defaults to system only when not using O(list_all=true). - choices: [ "file", "local", "global", "system" ] + choices: ["file", "local", "global", "system"] type: str state: description: - - "Indicates the setting should be set/unset. - This parameter has higher precedence than O(value) parameter: - when O(state=absent) and O(value) is defined, O(value) is discarded." - choices: [ 'present', 'absent' ] + - 'Indicates the setting should be set/unset. This parameter has higher precedence than O(value) parameter: when O(state=absent) + and O(value) is defined, O(value) is discarded.' + choices: ['present', 'absent'] default: 'present' type: str value: description: - - When specifying the name of a single setting, supply a value to - set that setting to the given value. + - When specifying the name of a single setting, supply a value to set that setting to the given value. + - From community.general 11.0.0 on, O(value) will be required if O(state=present). To read values, use the M(community.general.git_config_info) + module instead. type: str add_mode: description: - - Specify if a value should replace the existing value(s) or if the new - value should be added alongside other values with the same name. - - This option is only relevant when adding/replacing values. If O(state=absent) or - values are just read out, this option is not considered. - choices: [ "add", "replace-all" ] + - Specify if a value should replace the existing value(s) or if the new value should be added alongside other values + with the same name. + - This option is only relevant when adding/replacing values. If O(state=absent) or values are just read out, this option + is not considered. + choices: ["add", "replace-all"] type: str default: "replace-all" version_added: 8.1.0 -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add a setting to ~/.gitconfig community.general.git_config: name: alias.ci @@ -143,41 +141,17 @@ EXAMPLES = ''' repo: /etc scope: local value: 'root@{{ ansible_fqdn }}' +""" -- name: Read individual values from git config - community.general.git_config: - name: alias.ci - scope: global - -- name: Scope system is also assumed when reading values, unless list_all=true - community.general.git_config: - name: alias.diffc - -- name: Read all values from git config - community.general.git_config: - list_all: true - scope: global - -- name: When list_all is yes and no scope is specified, you get configuration from all scopes - community.general.git_config: - list_all: true - -- name: Specify a repository to include local settings - community.general.git_config: - list_all: true - repo: /path/to/repo.git -''' - -RETURN = ''' ---- +RETURN = r""" config_value: - description: When O(list_all=false) and value is not set, a string containing the value of the setting in name + description: When O(list_all=false) and value is not set, a string containing the value of the setting in name. returned: success type: str sample: "vim" config_values: - description: When O(list_all=true), a dict containing key/value pairs of multiple configuration settings + description: When O(list_all=true), a dict containing key/value pairs of multiple configuration settings. returned: success type: dict sample: @@ -185,7 +159,7 @@ config_values: color.ui: "auto" alias.diffc: "diff --cached" alias.remotev: "remote -v" -''' +""" from ansible.module_utils.basic import AnsibleModule @@ -193,7 +167,7 @@ from ansible.module_utils.basic import AnsibleModule def main(): module = AnsibleModule( argument_spec=dict( - list_all=dict(required=False, type='bool', default=False), + list_all=dict(required=False, type='bool', default=False, removed_in_version='11.0.0', removed_from_collection='community.general'), name=dict(type='str'), repo=dict(type='path'), file=dict(type='path'), @@ -222,6 +196,14 @@ def main(): new_value = params['value'] or '' add_mode = params['add_mode'] + if not unset and not new_value and not params['list_all']: + module.deprecate( + 'If state=present, a value must be specified from community.general 11.0.0 on.' + ' To read a config value, use the community.general.git_config_info module instead.', + version='11.0.0', + collection_name='community.general', + ) + scope = determine_scope(params) cwd = determine_cwd(scope, params) @@ -263,7 +245,7 @@ def main(): module.exit_json(changed=False, msg='', config_value=old_values[0] if old_values else '') elif unset and not out: module.exit_json(changed=False, msg='no setting to unset') - elif new_value in old_values and (len(old_values) == 1 or add_mode == "add"): + elif new_value in old_values and (len(old_values) == 1 or add_mode == "add") and not unset: module.exit_json(changed=False, msg="") # Until this point, the git config was just read and in case no change is needed, the module has already exited. diff --git a/plugins/modules/git_config_info.py b/plugins/modules/git_config_info.py index 147201fff3..c8152cfa42 100644 --- a/plugins/modules/git_config_info.py +++ b/plugins/modules/git_config_info.py @@ -10,8 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: git_config_info author: - Guenther Grill (@guenhter) @@ -19,8 +18,7 @@ version_added: 8.1.0 requirements: ['git'] short_description: Read git configuration description: - - The M(community.general.git_config_info) module reads the git configuration - by invoking C(git config). + - The M(community.general.git_config_info) module reads the git configuration by invoking C(git config). extends_documentation_fragment: - community.general.attributes - community.general.attributes.info_module @@ -44,12 +42,12 @@ options: - If set to V(system), the system git config is used. O(path) is ignored. - If set to V(local), O(path) must be set to the repo to read from. - If set to V(file), O(path) must be set to the config file to read from. - choices: [ "global", "system", "local", "file" ] + choices: ["global", "system", "local", "file"] default: "system" type: str -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Read a system wide config community.general.git_config_info: name: core.editor @@ -81,14 +79,13 @@ EXAMPLES = ''' community.general.git_config_info: scope: file path: /etc/gitconfig -''' +""" -RETURN = ''' ---- +RETURN = r""" config_value: - description: > - When O(name) is set, a string containing the value of the setting in name. If O(name) is not set, empty. - If a config key such as V(push.pushoption) has more then one entry, just the first one is returned here. + description: >- + When O(name) is set, a string containing the value of the setting in name. If O(name) is not set, empty. If a config key + such as V(push.pushoption) has more then one entry, just the first one is returned here. returned: success if O(name) is set type: str sample: "vim" @@ -97,8 +94,8 @@ config_values: description: - This is a dictionary mapping a git configuration setting to a list of its values. - When O(name) is not set, all configuration settings are returned here. - - When O(name) is set, only the setting specified in O(name) is returned here. - If that setting is not set, the key will still be present, and its value will be an empty list. + - When O(name) is set, only the setting specified in O(name) is returned here. If that setting is not set, the key will + still be present, and its value will be an empty list. returned: success type: dict sample: @@ -106,7 +103,7 @@ config_values: color.ui: ["auto"] push.pushoption: ["merge_request.create", "merge_request.draft"] alias.remotev: ["remote -v"] -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/github_deploy_key.py b/plugins/modules/github_deploy_key.py index ae90e04c91..509a67c491 100644 --- a/plugins/modules/github_deploy_key.py +++ b/plugins/modules/github_deploy_key.py @@ -9,15 +9,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: github_deploy_key author: "Ali (@bincyber)" short_description: Manages deploy keys for GitHub repositories description: - - "Adds or removes deploy keys for GitHub repositories. Supports authentication using username and password, - username and password and 2-factor authentication code (OTP), OAuth2 token, or personal access token. Admin - rights on the repository are required." + - Adds or removes deploy keys for GitHub repositories. Supports authentication using username and password, username and + password and 2-factor authentication code (OTP), OAuth2 token, or personal access token. Admin rights on the repository + are required. extends_documentation_fragment: - community.general.attributes attributes: @@ -28,7 +27,7 @@ attributes: options: github_url: description: - - The base URL of the GitHub API + - The base URL of the GitHub API. required: false type: str version_added: '0.2.0' @@ -37,19 +36,19 @@ options: description: - The name of the individual account or organization that owns the GitHub repository. required: true - aliases: [ 'account', 'organization' ] + aliases: ['account', 'organization'] type: str repo: description: - The name of the GitHub repository. required: true - aliases: [ 'repository' ] + aliases: ['repository'] type: str name: description: - The name for the deploy key. required: true - aliases: [ 'title', 'label' ] + aliases: ['title', 'label'] type: str key: description: @@ -58,14 +57,15 @@ options: type: str read_only: description: - - If V(true), the deploy key will only be able to read repository contents. Otherwise, the deploy key will be able to read and write. + - If V(true), the deploy key will only be able to read repository contents. Otherwise, the deploy key will be able to + read and write. type: bool default: true state: description: - The state of the deploy key. default: "present" - choices: [ "present", "absent" ] + choices: ["present", "absent"] type: str force: description: @@ -74,11 +74,12 @@ options: default: false username: description: - - The username to authenticate with. Should not be set when using personal access token + - The username to authenticate with. Should not be set when using personal access token. type: str password: description: - - The password to authenticate with. Alternatively, a personal access token can be used instead of O(username) and O(password) combination. + - The password to authenticate with. Alternatively, a personal access token can be used instead of O(username) and O(password) + combination. type: str token: description: @@ -89,10 +90,10 @@ options: - The 6 digit One Time Password for 2-Factor Authentication. Required together with O(username) and O(password). type: int notes: - - "Refer to GitHub's API documentation here: https://developer.github.com/v3/repos/keys/." -''' + - "Refer to GitHub's API documentation here: https://developer.github.com/v3/repos/keys/." +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add a new read-only deploy key to a GitHub repository using basic authentication community.general.github_deploy_key: owner: "johndoe" @@ -152,33 +153,33 @@ EXAMPLES = ''' read_only: true username: "janedoe" password: "supersecretpassword" -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: the status message describing what occurred - returned: always - type: str - sample: "Deploy key added successfully" + description: The status message describing what occurred. + returned: always + type: str + sample: "Deploy key added successfully" http_status_code: - description: the HTTP status code returned by the GitHub API - returned: failed - type: int - sample: 400 + description: The HTTP status code returned by the GitHub API. + returned: failed + type: int + sample: 400 error: - description: the error message returned by the GitHub API - returned: failed - type: str - sample: "key is already in use" + description: The error message returned by the GitHub API. + returned: failed + type: str + sample: "key is already in use" id: - description: the key identifier assigned by GitHub for the deploy key - returned: changed - type: int - sample: 24381901 -''' + description: The key identifier assigned by GitHub for the deploy key. + returned: changed + type: int + sample: 24381901 +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url diff --git a/plugins/modules/github_issue.py b/plugins/modules/github_issue.py index 4e10e9f925..86e81d38ef 100644 --- a/plugins/modules/github_issue.py +++ b/plugins/modules/github_issue.py @@ -10,7 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: github_issue short_description: View GitHub issue description: @@ -40,24 +40,24 @@ options: type: int action: description: - - Get various details about issue depending upon action specified. + - Get various details about issue depending upon action specified. default: 'get_status' choices: - - 'get_status' + - get_status type: str author: - - Abhijeet Kasurde (@Akasurde) -''' + - Abhijeet Kasurde (@Akasurde) +""" -RETURN = ''' +RETURN = r""" issue_status: - description: State of the GitHub issue - type: str - returned: success - sample: open, closed -''' + description: State of the GitHub issue. + type: str + returned: success + sample: open, closed +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Check if GitHub issue is closed or not community.general.github_issue: organization: ansible @@ -70,7 +70,7 @@ EXAMPLES = ''' ansible.builtin.debug: msg: Do something when issue 23642 is open when: r.issue_status == 'open' -''' +""" import json diff --git a/plugins/modules/github_key.py b/plugins/modules/github_key.py index fa3a0a01fa..f3d5863d54 100644 --- a/plugins/modules/github_key.py +++ b/plugins/modules/github_key.py @@ -9,7 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: github_key short_description: Manage GitHub access keys description: @@ -29,7 +29,7 @@ options: type: str name: description: - - SSH key name + - SSH key name. required: true type: str pubkey: @@ -44,34 +44,36 @@ options: type: str force: description: - - The default is V(true), which will replace the existing remote key - if it is different than O(pubkey). If V(false), the key will only be - set if no key with the given O(name) exists. + - The default is V(true), which will replace the existing remote key if it is different than O(pubkey). If V(false), + the key will only be set if no key with the given O(name) exists. type: bool default: true author: Robert Estelle (@erydo) -''' +""" -RETURN = ''' +RETURN = r""" deleted_keys: - description: An array of key objects that were deleted. Only present on state=absent - type: list - returned: When state=absent - sample: [{'id': 0, 'key': 'BASE64 encoded key', 'url': 'http://example.com/github key', 'created_at': 'YYYY-MM-DDTHH:MM:SZ', 'read_only': false}] + description: An array of key objects that were deleted. Only present on state=absent. + type: list + returned: When state=absent + sample: [{'id': 0, 'key': 'BASE64 encoded key', 'url': 'http://example.com/github key', 'created_at': 'YYYY-MM-DDTHH:MM:SZ', + 'read_only': false}] matching_keys: - description: An array of keys matching the specified name. Only present on state=present - type: list - returned: When state=present - sample: [{'id': 0, 'key': 'BASE64 encoded key', 'url': 'http://example.com/github key', 'created_at': 'YYYY-MM-DDTHH:MM:SZ', 'read_only': false}] + description: An array of keys matching the specified name. Only present on state=present. + type: list + returned: When state=present + sample: [{'id': 0, 'key': 'BASE64 encoded key', 'url': 'http://example.com/github key', 'created_at': 'YYYY-MM-DDTHH:MM:SZ', + 'read_only': false}] key: - description: Metadata about the key just created. Only present on state=present - type: dict - returned: success - sample: {'id': 0, 'key': 'BASE64 encoded key', 'url': 'http://example.com/github key', 'created_at': 'YYYY-MM-DDTHH:MM:SZ', 'read_only': false} -''' + description: Metadata about the key just created. Only present on state=present. + type: dict + returned: success + sample: {'id': 0, 'key': 'BASE64 encoded key', 'url': 'http://example.com/github key', 'created_at': 'YYYY-MM-DDTHH:MM:SZ', + 'read_only': false} +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Read SSH public key to authorize ansible.builtin.shell: cat /home/foo/.ssh/id_rsa.pub register: ssh_pub_key @@ -89,14 +91,19 @@ EXAMPLES = ''' name: Access Key for Some Machine token: '{{ github_access_token }}' pubkey: "{{ lookup('ansible.builtin.file', '/home/foo/.ssh/id_rsa.pub') }}" -''' +""" +import datetime import json import re from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + API_BASE = 'https://api.github.com' @@ -151,14 +158,13 @@ def get_all_keys(session): def create_key(session, name, pubkey, check_mode): if check_mode: - from datetime import datetime - now = datetime.utcnow() + now_t = now() return { 'id': 0, 'key': pubkey, 'title': name, 'url': 'http://example.com/CHECK_MODE_GITHUB_KEY', - 'created_at': datetime.strftime(now, '%Y-%m-%dT%H:%M:%SZ'), + 'created_at': datetime.datetime.strftime(now_t, '%Y-%m-%dT%H:%M:%SZ'), 'read_only': False, 'verified': False } diff --git a/plugins/modules/github_release.py b/plugins/modules/github_release.py index d8ee155b81..1376bf4f3d 100644 --- a/plugins/modules/github_release.py +++ b/plugins/modules/github_release.py @@ -9,78 +9,77 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: github_release short_description: Interact with GitHub Releases description: - - Fetch metadata about GitHub Releases + - Fetch metadata about GitHub Releases. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - token: - description: - - GitHub Personal Access Token for authenticating. Mutually exclusive with O(password). - type: str - user: - description: - - The GitHub account that owns the repository - type: str - required: true - password: - description: - - The GitHub account password for the user. Mutually exclusive with O(token). - type: str - repo: - description: - - Repository name - type: str - required: true - action: - description: - - Action to perform - type: str - required: true - choices: [ 'latest_release', 'create_release' ] - tag: - description: - - Tag name when creating a release. Required when using O(action=create_release). - type: str - target: - description: - - Target of release when creating a release - type: str - name: - description: - - Name of release when creating a release - type: str - body: - description: - - Description of the release when creating a release - type: str - draft: - description: - - Sets if the release is a draft or not. (boolean) - type: bool - default: false - prerelease: - description: - - Sets if the release is a prerelease or not. (boolean) - type: bool - default: false + token: + description: + - GitHub Personal Access Token for authenticating. Mutually exclusive with O(password). + type: str + user: + description: + - The GitHub account that owns the repository. + type: str + required: true + password: + description: + - The GitHub account password for the user. Mutually exclusive with O(token). + type: str + repo: + description: + - Repository name. + type: str + required: true + action: + description: + - Action to perform. + type: str + required: true + choices: ['latest_release', 'create_release'] + tag: + description: + - Tag name when creating a release. Required when using O(action=create_release). + type: str + target: + description: + - Target of release when creating a release. + type: str + name: + description: + - Name of release when creating a release. + type: str + body: + description: + - Description of the release when creating a release. + type: str + draft: + description: + - Sets if the release is a draft or not. (boolean). + type: bool + default: false + prerelease: + description: + - Sets if the release is a prerelease or not. (boolean). + type: bool + default: false author: - - "Adrian Moisey (@adrianmoisey)" + - "Adrian Moisey (@adrianmoisey)" requirements: - - "github3.py >= 1.0.0a3" -''' + - "github3.py >= 1.0.0a3" +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Get latest release of a public repository community.general.github_release: user: ansible @@ -111,16 +110,15 @@ EXAMPLES = ''' target: master name: My Release body: Some description +""" -''' - -RETURN = ''' +RETURN = r""" tag: - description: Version of the created/latest release. - type: str - returned: success - sample: 1.1.0 -''' + description: Version of the created/latest release. + type: str + returned: success + sample: 1.1.0 +""" import traceback diff --git a/plugins/modules/github_repo.py b/plugins/modules/github_repo.py index f02ad30ac3..2d2c6f8588 100644 --- a/plugins/modules/github_repo.py +++ b/plugins/modules/github_repo.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: github_repo short_description: Manage your repositories on Github version_added: 2.2.0 @@ -26,81 +25,82 @@ attributes: options: username: description: - - Username used for authentication. - - This is only needed when not using O(access_token). + - Username used for authentication. + - This is only needed when not using O(access_token). type: str required: false password: description: - - Password used for authentication. - - This is only needed when not using O(access_token). + - Password used for authentication. + - This is only needed when not using O(access_token). type: str required: false access_token: description: - - Token parameter for authentication. - - This is only needed when not using O(username) and O(password). + - Token parameter for authentication. + - This is only needed when not using O(username) and O(password). type: str required: false name: description: - - Repository name. + - Repository name. type: str required: true description: description: - - Description for the repository. - - Defaults to empty if O(force_defaults=true), which is the default in this module. - - Defaults to empty if O(force_defaults=false) when creating a new repository. - - This is only used when O(state) is V(present). + - Description for the repository. + - Defaults to empty if O(force_defaults=true), which is the default in this module. + - Defaults to empty if O(force_defaults=false) when creating a new repository. + - This is only used when O(state) is V(present). type: str required: false private: description: - - Whether the repository should be private or not. - - Defaults to V(false) if O(force_defaults=true), which is the default in this module. - - Defaults to V(false) if O(force_defaults=false) when creating a new repository. - - This is only used when O(state=present). + - Whether the repository should be private or not. + - Defaults to V(false) if O(force_defaults=true), which is the default in this module. + - Defaults to V(false) if O(force_defaults=false) when creating a new repository. + - This is only used when O(state=present). type: bool required: false state: description: - - Whether the repository should exist or not. + - Whether the repository should exist or not. type: str default: present - choices: [ absent, present ] + choices: [absent, present] required: false organization: description: - - Organization for the repository. - - When O(state=present), the repository will be created in the current user profile. + - Organization for the repository. + - When O(state=present), the repository will be created in the current user profile. type: str required: false api_url: description: - - URL to the GitHub API if not using github.com but you own instance. + - URL to the GitHub API if not using github.com but you own instance. type: str default: 'https://api.github.com' version_added: "3.5.0" force_defaults: description: - - Overwrite current O(description) and O(private) attributes with defaults if set to V(true), which currently is the default. - - The default for this option will be deprecated in a future version of this collection, and eventually change to V(false). + - Overwrite current O(description) and O(private) attributes with defaults if set to V(true), which currently is the + default. + - The default for this option will be deprecated in a future version of this collection, and eventually change to V(false). type: bool default: true required: false version_added: 4.1.0 requirements: -- PyGithub>=1.54 + - PyGithub>=1.54 notes: -- For Python 3, PyGithub>=1.54 should be used. -- "For Python 3.5, PyGithub==1.54 should be used. More information: U(https://pygithub.readthedocs.io/en/latest/changes.html#version-1-54-november-30-2020)." -- "For Python 2.7, PyGithub==1.45 should be used. More information: U(https://pygithub.readthedocs.io/en/latest/changes.html#version-1-45-december-29-2019)." + - For Python 3, PyGithub>=1.54 should be used. + - 'For Python 3.5, PyGithub==1.54 should be used. More information: U(https://pygithub.readthedocs.io/en/latest/changes.html#version-1-54-november-30-2020).' + - 'For Python 2.7, PyGithub==1.45 should be used. More information: U(https://pygithub.readthedocs.io/en/latest/changes.html#version-1-45-december-29-2019).' author: -- Álvaro Torres Cogollo (@atorrescogollo) -''' + - Álvaro Torres Cogollo (@atorrescogollo) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a Github repository community.general.github_repo: access_token: mytoken @@ -120,14 +120,14 @@ EXAMPLES = ''' name: myrepo state: absent register: result -''' +""" -RETURN = ''' +RETURN = r""" repo: description: Repository information as JSON. See U(https://docs.github.com/en/rest/reference/repos#get-a-repository). returned: success and O(state=present) type: dict -''' +""" import traceback from ansible.module_utils.basic import AnsibleModule, missing_required_lib diff --git a/plugins/modules/github_webhook.py b/plugins/modules/github_webhook.py index 11b115750b..8608c90bc9 100644 --- a/plugins/modules/github_webhook.py +++ b/plugins/modules/github_webhook.py @@ -8,12 +8,11 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: github_webhook short_description: Manage GitHub webhooks description: - - "Create and delete GitHub webhooks" + - Create and delete GitHub webhooks. requirements: - "PyGithub >= 1.3.5" extends_documentation_fragment: @@ -26,22 +25,22 @@ attributes: options: repository: description: - - Full name of the repository to configure a hook for + - Full name of the repository to configure a hook for. type: str required: true aliases: - repo url: description: - - URL to which payloads will be delivered + - URL to which payloads will be delivered. type: str required: true content_type: description: - - The media type used to serialize the payloads + - The media type used to serialize the payloads. type: str required: false - choices: [ form, json ] + choices: [form, json] default: form secret: description: @@ -50,61 +49,57 @@ options: required: false insecure_ssl: description: - - > - Flag to indicate that GitHub should skip SSL verification when calling - the hook. + - Flag to indicate that GitHub should skip SSL verification when calling the hook. required: false type: bool default: false events: description: - - > - A list of GitHub events the hook is triggered for. Events are listed at - U(https://developer.github.com/v3/activity/events/types/). Required - unless O(state=absent) + - A list of GitHub events the hook is triggered for. Events are listed at U(https://developer.github.com/v3/activity/events/types/). + Required unless O(state=absent). required: false type: list elements: str active: description: - - Whether or not the hook is active + - Whether or not the hook is active. required: false type: bool default: true state: description: - - Whether the hook should be present or absent + - Whether the hook should be present or absent. type: str required: false - choices: [ absent, present ] + choices: [absent, present] default: present user: description: - - User to authenticate to GitHub as + - User to authenticate to GitHub as. type: str required: true password: description: - - Password to authenticate to GitHub with + - Password to authenticate to GitHub with. type: str required: false token: description: - - Token to authenticate to GitHub with + - Token to authenticate to GitHub with. type: str required: false github_url: description: - - Base URL of the GitHub API + - Base URL of the GitHub API. type: str required: false default: https://api.github.com author: - "Chris St. Pierre (@stpierre)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a new webhook that triggers on push (password auth) community.general.github_webhook: repository: ansible/ansible @@ -135,16 +130,15 @@ EXAMPLES = ''' state: absent user: "{{ github_user }}" password: "{{ github_password }}" -''' +""" -RETURN = ''' ---- +RETURN = r""" hook_id: - description: The GitHub ID of the hook created/updated + description: The GitHub ID of the hook created/updated. returned: when state is 'present' type: int sample: 6206 -''' +""" import traceback diff --git a/plugins/modules/github_webhook_info.py b/plugins/modules/github_webhook_info.py index dcad02a369..440a373f1d 100644 --- a/plugins/modules/github_webhook_info.py +++ b/plugins/modules/github_webhook_info.py @@ -8,12 +8,11 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: github_webhook_info short_description: Query information about GitHub webhooks description: - - "Query information about GitHub webhooks" + - Query information about GitHub webhooks. requirements: - "PyGithub >= 1.3.5" extends_documentation_fragment: @@ -22,38 +21,38 @@ extends_documentation_fragment: options: repository: description: - - Full name of the repository to configure a hook for + - Full name of the repository to configure a hook for. type: str required: true aliases: - repo user: description: - - User to authenticate to GitHub as + - User to authenticate to GitHub as. type: str required: true password: description: - - Password to authenticate to GitHub with + - Password to authenticate to GitHub with. type: str required: false token: description: - - Token to authenticate to GitHub with + - Token to authenticate to GitHub with. type: str required: false github_url: description: - - Base URL of the github api + - Base URL of the GitHub API. type: str required: false default: https://api.github.com author: - "Chris St. Pierre (@stpierre)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: List hooks for a repository (password auth) community.general.github_webhook_info: repository: ansible/ansible @@ -68,12 +67,11 @@ EXAMPLES = ''' token: "{{ github_user_api_token }}" github_url: https://github.example.com/api/v3/ register: myrepo_webhooks -''' +""" -RETURN = ''' ---- +RETURN = r""" hooks: - description: A list of hooks that exist for the repo + description: A list of hooks that exist for the repo. returned: always type: list elements: dict @@ -88,7 +86,7 @@ hooks: "id": 6206, "last_response": {"status": "active", "message": "OK", "code": 200} } -''' +""" import traceback diff --git a/plugins/modules/gitlab_branch.py b/plugins/modules/gitlab_branch.py index 623c25644e..b32169ef5a 100644 --- a/plugins/modules/gitlab_branch.py +++ b/plugins/modules/gitlab_branch.py @@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_branch short_description: Create or delete a branch version_added: 4.2.0 @@ -50,10 +50,10 @@ options: - Reference branch to create from. - This must be specified if O(state=present). type: str -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create branch branch2 from main community.general.gitlab_branch: api_url: https://gitlab.com @@ -70,11 +70,10 @@ EXAMPLES = ''' project: "group1/project1" branch: branch2 state: absent +""" -''' - -RETURN = ''' -''' +RETURN = r""" +""" import traceback diff --git a/plugins/modules/gitlab_deploy_key.py b/plugins/modules/gitlab_deploy_key.py index 7c0ff06b7b..f5ae130324 100644 --- a/plugins/modules/gitlab_deploy_key.py +++ b/plugins/modules/gitlab_deploy_key.py @@ -11,11 +11,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_deploy_key short_description: Manages GitLab project deploy keys description: - - Adds, updates and removes project deploy keys + - Adds, updates and removes project deploy keys. author: - Marcus Watkins (@marwatk) - Guillaume Martinez (@Lunik) @@ -35,7 +35,7 @@ attributes: options: project: description: - - Id or Full path of project in the form of group/name. + - ID or Full path of project in the form of group/name. required: true type: str title: @@ -45,7 +45,7 @@ options: type: str key: description: - - Deploy key + - Deploy key. required: true type: str can_push: @@ -55,14 +55,14 @@ options: default: false state: description: - - When V(present) the deploy key added to the project if it doesn't exist. + - When V(present) the deploy key added to the project if it does not exist. - When V(absent) it will be removed from the project if it exists. default: present type: str - choices: [ "present", "absent" ] -''' + choices: ["present", "absent"] +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: "Adding a project deploy key" community.general.gitlab_deploy_key: api_url: https://gitlab.example.com/ @@ -88,32 +88,31 @@ EXAMPLES = ''' project: "my_group/my_project" state: absent key: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9w..." +""" -''' - -RETURN = ''' +RETURN = r""" msg: - description: Success or failure message + description: Success or failure message. returned: always type: str sample: "Success" result: - description: json parsed response from the server + description: JSON-parsed response from the server. returned: always type: dict error: - description: the error message returned by the GitLab API + description: The error message returned by the GitLab API. returned: failed type: str sample: "400: key is already in use" deploy_key: - description: API object + description: API object. returned: always type: dict -''' +""" from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.basic import AnsibleModule @@ -196,9 +195,9 @@ class GitLabDeployKey(object): changed = False for arg_key, arg_value in arguments.items(): - if arguments[arg_key] is not None: - if getattr(deploy_key, arg_key) != arguments[arg_key]: - setattr(deploy_key, arg_key, arguments[arg_key]) + if arg_value is not None: + if getattr(deploy_key, arg_key) != arg_value: + setattr(deploy_key, arg_key, arg_value) changed = True return (changed, deploy_key) diff --git a/plugins/modules/gitlab_group.py b/plugins/modules/gitlab_group.py index 3d57b18528..6d03476092 100644 --- a/plugins/modules/gitlab_group.py +++ b/plugins/modules/gitlab_group.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: gitlab_group short_description: Creates/updates/deletes GitLab Groups description: @@ -33,66 +32,35 @@ attributes: support: none options: - name: - description: - - Name of the group you want to create. - required: true - type: str - path: - description: - - The path of the group you want to create, this will be api_url/group_path - - If not supplied, the group_name will be used. - type: str - description: - description: - - A description for the group. - type: str - state: - description: - - create or delete group. - - Possible values are present and absent. - default: present - type: str - choices: ["present", "absent"] - parent: - description: - - Allow to create subgroups - - Id or Full path of parent group in the form of group/name - type: str - visibility: - description: - - Default visibility of the group - choices: ["private", "internal", "public"] - default: private - type: str - project_creation_level: - description: - - Determine if developers can create projects in the group. - choices: ["developer", "maintainer", "noone"] - type: str - version_added: 3.7.0 auto_devops_enabled: description: - Default to Auto DevOps pipeline for all projects within this group. type: bool version_added: 3.7.0 - subgroup_creation_level: - description: - - Allowed to create subgroups. - choices: ["maintainer", "owner"] - type: str - version_added: 3.7.0 - require_two_factor_authentication: - description: - - Require all users in this group to setup two-factor authentication. - type: bool - version_added: 3.7.0 avatar_path: description: - Absolute path image to configure avatar. File size should not exceed 200 kb. - This option is only used on creation, not for updates. type: path version_added: 4.2.0 + default_branch: + description: + - All merge requests and commits are made against this branch unless you specify a different one. + type: str + version_added: 9.5.0 + description: + description: + - A description for the group. + type: str + enabled_git_access_protocol: + description: + - V(all) means SSH and HTTP(S) is enabled. + - V(ssh) means only SSH is enabled. + - V(http) means only HTTP(S) is enabled. + - Only available for top level groups. + choices: ["all", "ssh", "http"] + type: str + version_added: 9.5.0 force_delete: description: - Force delete group even if projects in it. @@ -100,9 +68,116 @@ options: type: bool default: false version_added: 7.5.0 -''' + lfs_enabled: + description: + - Projects in this group can use Git LFS. + type: bool + version_added: 9.5.0 + lock_duo_features_enabled: + description: + - Enforce GitLab Duo features for all subgroups. + - Only available for top level groups. + type: bool + version_added: 9.5.0 + membership_lock: + description: + - Users cannot be added to projects in this group. + type: bool + version_added: 9.5.0 + mentions_disabled: + description: + - Group mentions are disabled. + type: bool + version_added: 9.5.0 + name: + description: + - Name of the group you want to create. + required: true + type: str + parent: + description: + - Allow to create subgroups. + - ID or Full path of parent group in the form of group/name. + type: str + path: + description: + - The path of the group you want to create, this will be api_url/group_path. + - If not supplied, the group_name will be used. + type: str + prevent_forking_outside_group: + description: + - Prevent forking outside of the group. + type: bool + version_added: 9.5.0 + prevent_sharing_groups_outside_hierarchy: + description: + - Members cannot invite groups outside of this group and its subgroups. + - Only available for top level groups. + type: bool + version_added: 9.5.0 + project_creation_level: + description: + - Determine if developers can create projects in the group. + choices: ["developer", "maintainer", "noone"] + type: str + version_added: 3.7.0 + request_access_enabled: + description: + - Users can request access (if visibility is public or internal). + type: bool + version_added: 9.5.0 + service_access_tokens_expiration_enforced: + description: + - Service account token expiration. + - Changes will not affect existing token expiration dates. + - Only available for top level groups. + type: bool + version_added: 9.5.0 + share_with_group_lock: + description: + - Projects cannot be shared with other groups. + type: bool + version_added: 9.5.0 + require_two_factor_authentication: + description: + - Require all users in this group to setup two-factor authentication. + type: bool + version_added: 3.7.0 + state: + description: + - Create or delete group. + - Possible values are present and absent. + default: present + type: str + choices: ["present", "absent"] + subgroup_creation_level: + description: + - Allowed to create subgroups. + choices: ["maintainer", "owner"] + type: str + version_added: 3.7.0 + two_factor_grace_period: + description: + - Delay 2FA enforcement (hours). + type: str + version_added: 9.5.0 + visibility: + description: + - Default visibility of the group. + choices: ["private", "internal", "public"] + default: private + type: str + wiki_access_level: + description: + - V(enabled) means everyone can access the wiki. + - V(private) means only members of this group can access the wiki. + - V(disabled) means group-level wiki is disabled. + choices: ["enabled", "private", "disabled"] + type: str + version_added: 9.5.0 +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: "Delete GitLab Group" community.general.gitlab_group: api_url: https://gitlab.example.com/ @@ -145,31 +220,31 @@ EXAMPLES = ''' project_creation_level: noone auto_devops_enabled: false subgroup_creation_level: maintainer -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Success or failure message + description: Success or failure message. returned: always type: str sample: "Success" result: - description: json parsed response from the server + description: JSON-parsed response from the server. returned: always type: dict error: - description: the error message returned by the GitLab API + description: The error message returned by the GitLab API. returned: failed type: str sample: "400: path is already in use" group: - description: API object + description: API object. returned: always type: dict -''' +""" from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.basic import AnsibleModule @@ -202,23 +277,38 @@ class GitLabGroup(object): def create_or_update_group(self, name, parent, options): changed = False + payload = { + 'auto_devops_enabled': options['auto_devops_enabled'], + 'default_branch': options['default_branch'], + 'description': options['description'], + 'lfs_enabled': options['lfs_enabled'], + 'membership_lock': options['membership_lock'], + 'mentions_disabled': options['mentions_disabled'], + 'name': name, + 'path': options['path'], + 'prevent_forking_outside_group': options['prevent_forking_outside_group'], + 'project_creation_level': options['project_creation_level'], + 'request_access_enabled': options['request_access_enabled'], + 'require_two_factor_authentication': options['require_two_factor_authentication'], + 'share_with_group_lock': options['share_with_group_lock'], + 'subgroup_creation_level': options['subgroup_creation_level'], + 'visibility': options['visibility'], + 'wiki_access_level': options['wiki_access_level'], + } + if options.get('enabled_git_access_protocol') and parent is None: + payload['enabled_git_access_protocol'] = options['enabled_git_access_protocol'] + if options.get('lock_duo_features_enabled') and parent is None: + payload['lock_duo_features_enabled'] = options['lock_duo_features_enabled'] + if options.get('prevent_sharing_groups_outside_hierarchy') and parent is None: + payload['prevent_sharing_groups_outside_hierarchy'] = options['prevent_sharing_groups_outside_hierarchy'] + if options.get('service_access_tokens_expiration_enforced') and parent is None: + payload['service_access_tokens_expiration_enforced'] = options['service_access_tokens_expiration_enforced'] + if options.get('two_factor_grace_period'): + payload['two_factor_grace_period'] = int(options['two_factor_grace_period']) + # Because we have already call userExists in main() if self.group_object is None: - parent_id = self.get_group_id(parent) - - payload = { - 'name': name, - 'path': options['path'], - 'parent_id': parent_id, - 'visibility': options['visibility'], - 'project_creation_level': options['project_creation_level'], - 'auto_devops_enabled': options['auto_devops_enabled'], - 'subgroup_creation_level': options['subgroup_creation_level'], - } - if options.get('description'): - payload['description'] = options['description'] - if options.get('require_two_factor_authentication'): - payload['require_two_factor_authentication'] = options['require_two_factor_authentication'] + payload['parent_id'] = self.get_group_id(parent) group = self.create_group(payload) # add avatar to group @@ -229,15 +319,7 @@ class GitLabGroup(object): self._module.fail_json(msg='Cannot open {0}: {1}'.format(options['avatar_path'], e)) changed = True else: - changed, group = self.update_group(self.group_object, { - 'name': name, - 'description': options['description'], - 'visibility': options['visibility'], - 'project_creation_level': options['project_creation_level'], - 'auto_devops_enabled': options['auto_devops_enabled'], - 'subgroup_creation_level': options['subgroup_creation_level'], - 'require_two_factor_authentication': options['require_two_factor_authentication'], - }) + changed, group = self.update_group(self.group_object, payload) self.group_object = group if changed: @@ -261,7 +343,7 @@ class GitLabGroup(object): try: # Filter out None values - filtered = dict((arg_key, arg_value) for arg_key, arg_value in arguments.items() if arg_value is not None) + filtered = {arg_key: arg_value for arg_key, arg_value in arguments.items() if arg_value is not None} group = self._gitlab.groups.create(filtered) except (gitlab.exceptions.GitlabCreateError) as e: @@ -277,9 +359,9 @@ class GitLabGroup(object): changed = False for arg_key, arg_value in arguments.items(): - if arguments[arg_key] is not None: - if getattr(group, arg_key) != arguments[arg_key]: - setattr(group, arg_key, arguments[arg_key]) + if arg_value is not None: + if getattr(group, arg_key) != arg_value: + setattr(group, arg_key, arg_value) changed = True return (changed, group) @@ -322,28 +404,41 @@ def main(): argument_spec = basic_auth_argument_spec() argument_spec.update(auth_argument_spec()) argument_spec.update(dict( - name=dict(type='str', required=True), - path=dict(type='str'), - description=dict(type='str'), - state=dict(type='str', default="present", choices=["absent", "present"]), - parent=dict(type='str'), - visibility=dict(type='str', default="private", choices=["internal", "private", "public"]), - project_creation_level=dict(type='str', choices=['developer', 'maintainer', 'noone']), auto_devops_enabled=dict(type='bool'), - subgroup_creation_level=dict(type='str', choices=['maintainer', 'owner']), - require_two_factor_authentication=dict(type='bool'), avatar_path=dict(type='path'), + default_branch=dict(type='str'), + description=dict(type='str'), + enabled_git_access_protocol=dict(type='str', choices=['all', 'ssh', 'http']), force_delete=dict(type='bool', default=False), + lfs_enabled=dict(type='bool'), + lock_duo_features_enabled=dict(type='bool'), + membership_lock=dict(type='bool'), + mentions_disabled=dict(type='bool'), + name=dict(type='str', required=True), + parent=dict(type='str'), + path=dict(type='str'), + prevent_forking_outside_group=dict(type='bool'), + prevent_sharing_groups_outside_hierarchy=dict(type='bool'), + project_creation_level=dict(type='str', choices=['developer', 'maintainer', 'noone']), + request_access_enabled=dict(type='bool'), + require_two_factor_authentication=dict(type='bool'), + service_access_tokens_expiration_enforced=dict(type='bool'), + share_with_group_lock=dict(type='bool'), + state=dict(type='str', default="present", choices=["absent", "present"]), + subgroup_creation_level=dict(type='str', choices=['maintainer', 'owner']), + two_factor_grace_period=dict(type='str'), + visibility=dict(type='str', default="private", choices=["internal", "private", "public"]), + wiki_access_level=dict(type='str', choices=['enabled', 'private', 'disabled']), )) module = AnsibleModule( argument_spec=argument_spec, mutually_exclusive=[ - ['api_username', 'api_token'], - ['api_username', 'api_oauth_token'], - ['api_username', 'api_job_token'], - ['api_token', 'api_oauth_token'], ['api_token', 'api_job_token'], + ['api_token', 'api_oauth_token'], + ['api_username', 'api_job_token'], + ['api_username', 'api_oauth_token'], + ['api_username', 'api_token'], ], required_together=[ ['api_username', 'api_password'], @@ -357,18 +452,31 @@ def main(): # check prerequisites and connect to gitlab server gitlab_instance = gitlab_authentication(module) + auto_devops_enabled = module.params['auto_devops_enabled'] + avatar_path = module.params['avatar_path'] + default_branch = module.params['default_branch'] + description = module.params['description'] + enabled_git_access_protocol = module.params['enabled_git_access_protocol'] + force_delete = module.params['force_delete'] group_name = module.params['name'] group_path = module.params['path'] - description = module.params['description'] - state = module.params['state'] - parent_identifier = module.params['parent'] group_visibility = module.params['visibility'] + lfs_enabled = module.params['lfs_enabled'] + lock_duo_features_enabled = module.params['lock_duo_features_enabled'] + membership_lock = module.params['membership_lock'] + mentions_disabled = module.params['mentions_disabled'] + parent_identifier = module.params['parent'] + prevent_forking_outside_group = module.params['prevent_forking_outside_group'] + prevent_sharing_groups_outside_hierarchy = module.params['prevent_sharing_groups_outside_hierarchy'] project_creation_level = module.params['project_creation_level'] - auto_devops_enabled = module.params['auto_devops_enabled'] - subgroup_creation_level = module.params['subgroup_creation_level'] + request_access_enabled = module.params['request_access_enabled'] require_two_factor_authentication = module.params['require_two_factor_authentication'] - avatar_path = module.params['avatar_path'] - force_delete = module.params['force_delete'] + service_access_tokens_expiration_enforced = module.params['service_access_tokens_expiration_enforced'] + share_with_group_lock = module.params['share_with_group_lock'] + state = module.params['state'] + subgroup_creation_level = module.params['subgroup_creation_level'] + two_factor_grace_period = module.params['two_factor_grace_period'] + wiki_access_level = module.params['wiki_access_level'] # Define default group_path based on group_name if group_path is None: @@ -380,7 +488,7 @@ def main(): if parent_identifier: parent_group = find_group(gitlab_instance, parent_identifier) if not parent_group: - module.fail_json(msg="Failed create GitLab group: Parent group doesn't exists") + module.fail_json(msg="Failed to create GitLab group: Parent group doesn't exist") group_exists = gitlab_group.exists_group(parent_group.full_path + '/' + group_path) else: @@ -391,18 +499,31 @@ def main(): gitlab_group.delete_group(force=force_delete) module.exit_json(changed=True, msg="Successfully deleted group %s" % group_name) else: - module.exit_json(changed=False, msg="Group deleted or does not exists") + module.exit_json(changed=False, msg="Group deleted or does not exist") if state == 'present': if gitlab_group.create_or_update_group(group_name, parent_group, { - "path": group_path, - "description": description, - "visibility": group_visibility, - "project_creation_level": project_creation_level, "auto_devops_enabled": auto_devops_enabled, - "subgroup_creation_level": subgroup_creation_level, - "require_two_factor_authentication": require_two_factor_authentication, "avatar_path": avatar_path, + "default_branch": default_branch, + "description": description, + "enabled_git_access_protocol": enabled_git_access_protocol, + "lfs_enabled": lfs_enabled, + "lock_duo_features_enabled": lock_duo_features_enabled, + "membership_lock": membership_lock, + "mentions_disabled": mentions_disabled, + "path": group_path, + "prevent_forking_outside_group": prevent_forking_outside_group, + "prevent_sharing_groups_outside_hierarchy": prevent_sharing_groups_outside_hierarchy, + "project_creation_level": project_creation_level, + "request_access_enabled": request_access_enabled, + "require_two_factor_authentication": require_two_factor_authentication, + "service_access_tokens_expiration_enforced": service_access_tokens_expiration_enforced, + "share_with_group_lock": share_with_group_lock, + "subgroup_creation_level": subgroup_creation_level, + "two_factor_grace_period": two_factor_grace_period, + "visibility": group_visibility, + "wiki_access_level": wiki_access_level, }): module.exit_json(changed=True, msg="Successfully created or updated the group %s" % group_name, group=gitlab_group.group_object._attrs) else: diff --git a/plugins/modules/gitlab_group_access_token.py b/plugins/modules/gitlab_group_access_token.py index 85bba205db..bcf75e056b 100644 --- a/plugins/modules/gitlab_group_access_token.py +++ b/plugins/modules/gitlab_group_access_token.py @@ -12,7 +12,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: gitlab_group_access_token short_description: Manages GitLab group access tokens version_added: 8.4.0 @@ -27,11 +27,10 @@ extends_documentation_fragment: - community.general.gitlab - community.general.attributes notes: - - Access tokens can not be changed. If a parameter needs to be changed, an acceess token has to be recreated. - Whether tokens will be recreated is controlled by the O(recreate) option, which defaults to V(never). + - Access tokens can not be changed. If a parameter needs to be changed, an acceess token has to be recreated. Whether tokens + will be recreated is controlled by the O(recreate) option, which defaults to V(never). - Token string is contained in the result only when access token is created or recreated. It can not be fetched afterwards. - Token matching is done by comparing O(name) option. - attributes: check_mode: support: full @@ -56,7 +55,8 @@ options: type: list elements: str aliases: ["scope"] - choices: ["api", "read_api", "read_registry", "write_registry", "read_repository", "write_repository", "create_runner", "ai_features", "k8s_proxy"] + choices: ["api", "read_api", "read_registry", "write_registry", "read_repository", "write_repository", "create_runner", + "ai_features", "k8s_proxy"] access_level: description: - Access level of the access token. @@ -84,10 +84,10 @@ options: - When V(absent) it will be removed from the group if it exists. default: present type: str - choices: [ "present", "absent" ] -''' + choices: ["present", "absent"] +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: "Creating a group access token" community.general.gitlab_group_access_token: api_url: https://gitlab.example.com/ @@ -131,16 +131,16 @@ EXAMPLES = r''' - write_repository recreate: state_change state: present -''' +""" -RETURN = r''' +RETURN = r""" access_token: description: - API object. - Only contains the value of the token if the token was created or recreated. returned: success and O(state=present) type: dict -''' +""" from datetime import datetime @@ -313,7 +313,10 @@ def main(): module.exit_json(changed=True, msg="Successfully recreated access token", access_token=gitlab_access_token.access_token_object._attrs) else: gitlab_access_token.create_access_token(group, {'name': name, 'scopes': scopes, 'access_level': access_level, 'expires_at': expires_at}) - module.exit_json(changed=True, msg="Successfully created access token", access_token=gitlab_access_token.access_token_object._attrs) + if module.check_mode: + module.exit_json(changed=True, msg="Successfully created access token", access_token={}) + else: + module.exit_json(changed=True, msg="Successfully created access token", access_token=gitlab_access_token.access_token_object._attrs) if __name__ == '__main__': diff --git a/plugins/modules/gitlab_group_members.py b/plugins/modules/gitlab_group_members.py index ca82891e30..86e9e6474a 100644 --- a/plugins/modules/gitlab_group_members.py +++ b/plugins/modules/gitlab_group_members.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: gitlab_group_members short_description: Manage group members on GitLab Server description: @@ -81,16 +80,16 @@ options: type: str purge_users: description: - - Adds/remove users of the given access_level to match the given O(gitlab_user)/O(gitlab_users_access) list. - If omitted do not purge orphaned members. + - Adds/remove users of the given access_level to match the given O(gitlab_user)/O(gitlab_users_access) list. If omitted + do not purge orphaned members. - Is only used when O(state=present). type: list elements: str choices: ['guest', 'reporter', 'developer', 'maintainer', 'owner'] version_added: 3.6.0 -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Add a user to a GitLab Group community.general.gitlab_group_members: api_url: 'https://gitlab.example.com' @@ -152,9 +151,9 @@ EXAMPLES = r''' - name: user2 access_level: maintainer state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/gitlab_group_variable.py b/plugins/modules/gitlab_group_variable.py index 32e5aaa904..926f4fe20a 100644 --- a/plugins/modules/gitlab_group_variable.py +++ b/plugins/modules/gitlab_group_variable.py @@ -9,15 +9,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: gitlab_group_variable short_description: Creates, updates, or deletes GitLab groups variables version_added: 1.2.0 description: - Creates a group variable if it does not exist. - When a group variable does exist, its value will be updated when the values are different. - - Variables which are untouched in the playbook, but are not untouched in the GitLab group, - they stay untouched (O(purge=false)) or will be deleted (O(purge=true)). + - Variables which are untouched in the playbook, but are not untouched in the GitLab group, they stay untouched (O(purge=false)) + or will be deleted (O(purge=true)). author: - Florent Madiot (@scodeman) requirements: @@ -53,8 +53,8 @@ options: vars: description: - When the list element is a simple key-value pair, masked, raw and protected will be set to false. - - When the list element is a dict with the keys C(value), C(masked), C(raw) and C(protected), the user can - have full control about whether a value should be masked, raw, protected or both. + - When the list element is a dict with the keys C(value), C(masked), C(raw) and C(protected), the user can have full + control about whether a value should be masked, raw, protected or both. - Support for group variables requires GitLab >= 9.5. - Support for environment_scope requires GitLab Premium >= 13.11. - Support for protected values requires GitLab >= 9.3. @@ -62,8 +62,8 @@ options: - Support for raw values requires GitLab >= 15.7. - A C(value) must be a string or a number. - Field C(variable_type) must be a string with either V(env_var), which is the default, or V(file). - - When a value is masked, it must be in Base64 and have a length of at least 8 characters. - See GitLab documentation on acceptable values for a masked variable (U(https://docs.gitlab.com/ce/ci/variables/#masked-variables)). + - When a value is masked, it must be in Base64 and have a length of at least 8 characters. See GitLab documentation + on acceptable values for a masked variable (U(https://docs.gitlab.com/ce/ci/variables/#masked-variables)). default: {} type: dict variables: @@ -106,17 +106,17 @@ options: description: - Whether a variable is an environment variable (V(env_var)) or a file (V(file)). type: str - choices: [ "env_var", "file" ] + choices: ["env_var", "file"] default: env_var environment_scope: description: - The scope for the variable. type: str default: '*' -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Set or update some CI/CD variables community.general.gitlab_group_variable: api_url: https://gitlab.com @@ -173,9 +173,9 @@ EXAMPLES = r''' state: absent vars: ACCESS_KEY_ID: abc123 -''' +""" -RETURN = r''' +RETURN = r""" group_variable: description: Four lists of the variablenames which were added, updated, removed or exist. returned: always @@ -201,7 +201,7 @@ group_variable: returned: always type: list sample: ['ACCESS_KEY_ID', 'SECRET_ACCESS_KEY'] -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec diff --git a/plugins/modules/gitlab_hook.py b/plugins/modules/gitlab_hook.py index 58781d182b..cb132c8aaa 100644 --- a/plugins/modules/gitlab_hook.py +++ b/plugins/modules/gitlab_hook.py @@ -11,12 +11,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: gitlab_hook short_description: Manages GitLab project hooks description: - - Adds, updates and removes project hook + - Adds, updates and removes project hook. author: - Marcus Watkins (@marwatk) - Guillaume Martinez (@Lunik) @@ -36,21 +35,21 @@ attributes: options: project: description: - - Id or Full path of the project in the form of group/name. + - ID or Full path of the project in the form of group/name. required: true type: str hook_url: description: - - The url that you want GitLab to post to, this is used as the primary key for updates and deletion. + - The URL that you want GitLab to post to, this is used as the primary key for updates and deletion. required: true type: str state: description: - - When V(present) the hook will be updated to match the input or created if it doesn't exist. + - When V(present) the hook will be updated to match the input or created if it does not exist. - When V(absent) hook will be deleted if it exists. default: present type: str - choices: [ "present", "absent" ] + choices: ["present", "absent"] push_events: description: - Trigger hook on push events. @@ -58,7 +57,7 @@ options: default: true push_events_branch_filter: description: - - Branch name of wildcard to trigger hook on push events + - Branch name of wildcard to trigger hook on push events. type: str version_added: '0.2.0' default: '' @@ -107,7 +106,7 @@ options: - Whether GitLab will do SSL verification when triggering the hook. type: bool default: false - aliases: [ enable_ssl_verification ] + aliases: [enable_ssl_verification] token: description: - Secret token to validate hook messages at the receiver. @@ -115,9 +114,9 @@ options: - Will show up in the X-GitLab-Token HTTP request header. required: false type: str -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: "Adding a project hook" community.general.gitlab_hook: api_url: https://gitlab.example.com/ @@ -144,31 +143,31 @@ EXAMPLES = ''' project: 10 hook_url: "https://my-ci-server.example.com/gitlab-hook" state: absent -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Success or failure message + description: Success or failure message. returned: always type: str sample: "Success" result: - description: json parsed response from the server + description: JSON parsed response from the server. returned: always type: dict error: - description: the error message returned by the GitLab API + description: The error message returned by the GitLab API. returned: failed type: str sample: "400: path is already in use" hook: - description: API object + description: API object. returned: always type: dict -''' +""" from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/gitlab_instance_variable.py b/plugins/modules/gitlab_instance_variable.py index cc2d812ca3..2023b0ad7d 100644 --- a/plugins/modules/gitlab_instance_variable.py +++ b/plugins/modules/gitlab_instance_variable.py @@ -10,7 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: gitlab_instance_variable short_description: Creates, updates, or deletes GitLab instance variables version_added: 7.1.0 @@ -18,8 +18,8 @@ description: - Creates a instance variable if it does not exist. - When a instance variable does exist, its value will be updated if the values are different. - Support for instance variables requires GitLab >= 13.0. - - Variables which are not mentioned in the modules options, but are present on the GitLab instance, - will either stay (O(purge=false)) or will be deleted (O(purge=true)). + - Variables which are not mentioned in the modules options, but are present on the GitLab instance, will either stay (O(purge=false)) + or will be deleted (O(purge=true)). author: - Benedikt Braunger (@benibr) requirements: @@ -74,16 +74,23 @@ options: - Whether variable value is protected or not. type: bool default: false + raw: + description: + - Whether variable value is raw or not. + - Support for raw values requires GitLab >= 15.7. + type: bool + default: false + version_added: 10.2.0 variable_type: description: - Whether a variable is an environment variable (V(env_var)) or a file (V(file)). type: str - choices: [ "env_var", "file" ] + choices: ["env_var", "file"] default: env_var -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Set or update some CI/CD variables community.general.gitlab_instance_variable: api_url: https://gitlab.com @@ -105,9 +112,9 @@ EXAMPLES = r''' state: absent variables: - name: ACCESS_KEY_ID -''' +""" -RETURN = r''' +RETURN = r""" instance_variable: description: Four lists of the variablenames which were added, updated, removed or exist. returned: always @@ -133,7 +140,7 @@ instance_variable: returned: always type: list sample: ['ACCESS_KEY_ID', 'SECRET_ACCESS_KEY'] -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec @@ -160,6 +167,7 @@ class GitlabInstanceVariables(object): "value": var_obj.get('value'), "masked": var_obj.get('masked'), "protected": var_obj.get('protected'), + "raw": var_obj.get('raw'), "variable_type": var_obj.get('variable_type'), } @@ -227,6 +235,8 @@ def native_python_main(this_gitlab, purge, requested_variables, state, module): item['protected'] = False if item.get('masked') is None: item['masked'] = False + if item.get('raw') is None: + item['raw'] = False if item.get('variable_type') is None: item['variable_type'] = 'env_var' @@ -297,6 +307,7 @@ def main(): value=dict(type='str', no_log=True), masked=dict(type='bool', default=False), protected=dict(type='bool', default=False), + raw=dict(type='bool', default=False), variable_type=dict(type='str', default='env_var', choices=["env_var", "file"]) )), state=dict(type='str', default="present", choices=["absent", "present"]), diff --git a/plugins/modules/gitlab_issue.py b/plugins/modules/gitlab_issue.py index 6d95bf6cff..47b6f072e8 100644 --- a/plugins/modules/gitlab_issue.py +++ b/plugins/modules/gitlab_issue.py @@ -12,7 +12,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_issue short_description: Create, update, or delete GitLab issues version_added: '8.1.0' @@ -97,10 +97,10 @@ options: - A title for the issue. The title is used as a unique identifier to ensure idempotency. type: str required: true -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create Issue community.general.gitlab_issue: api_url: https://gitlab.com @@ -109,10 +109,10 @@ EXAMPLES = ''' title: "Ansible demo Issue" description: "Demo Issue description" labels: - - Ansible - - Demo + - Ansible + - Demo assignee_ids: - - testassignee + - testassignee state_filter: "opened" state: present @@ -124,9 +124,9 @@ EXAMPLES = ''' title: "Ansible demo Issue" state_filter: "opened" state: absent -''' +""" -RETURN = r''' +RETURN = r""" msg: description: Success or failure message. returned: always @@ -137,13 +137,12 @@ issue: description: API object. returned: success type: dict -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.common.text.converters import to_native, to_text -from ansible_collections.community.general.plugins.module_utils.version import LooseVersion from ansible_collections.community.general.plugins.module_utils.gitlab import ( auth_argument_spec, gitlab_authentication, gitlab, find_project, find_group ) @@ -265,14 +264,14 @@ class GitlabIssue(object): if key == 'milestone_id': old_milestone = getattr(issue, 'milestone')['id'] if getattr(issue, 'milestone') else "" - if options[key] != old_milestone: + if value != old_milestone: return True elif key == 'assignee_ids': - if options[key] != sorted([user["id"] for user in getattr(issue, 'assignees')]): + if value != sorted([user["id"] for user in getattr(issue, 'assignees')]): return True elif key == 'labels': - if options[key] != sorted(getattr(issue, key)): + if value != sorted(getattr(issue, key)): return True elif getattr(issue, key) != value: @@ -330,13 +329,8 @@ def main(): state_filter = module.params['state_filter'] title = module.params['title'] - gitlab_version = gitlab.__version__ - if LooseVersion(gitlab_version) < LooseVersion('2.3.0'): - module.fail_json(msg="community.general.gitlab_issue requires python-gitlab Python module >= 2.3.0 (installed version: [%s])." - " Please upgrade python-gitlab to version 2.3.0 or above." % gitlab_version) - # check prerequisites and connect to gitlab server - gitlab_instance = gitlab_authentication(module) + gitlab_instance = gitlab_authentication(module, min_version='2.3.0') this_project = find_project(gitlab_instance, project) if this_project is None: diff --git a/plugins/modules/gitlab_label.py b/plugins/modules/gitlab_label.py index f2c8393f22..8b9503e325 100644 --- a/plugins/modules/gitlab_label.py +++ b/plugins/modules/gitlab_label.py @@ -7,9 +7,9 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_label -short_description: Creates/updates/deletes GitLab Labels belonging to project or group. +short_description: Creates/updates/deletes GitLab Labels belonging to project or group version_added: 8.3.0 description: - When a label does not exist, it will be created. @@ -45,12 +45,12 @@ options: required: false project: description: - - The path and name of the project. Either this or O(group) is required. + - The path and name of the project. Either this or O(group) is required. required: false type: str group: description: - - The path of the group. Either this or O(project) is required. + - The path of the group. Either this or O(project) is required. required: false type: str labels: @@ -76,21 +76,21 @@ options: - Integer value to give priority to the label. type: int required: false - default: null + default: description: description: - Label's description. type: str - default: null + default: new_name: description: - Optional field to change label's name. type: str - default: null -''' + default: +""" -EXAMPLES = ''' +EXAMPLES = r""" # same project's task can be executed for group - name: Create one Label community.general.gitlab_label: @@ -185,9 +185,9 @@ EXAMPLES = ''' labels: - name: label-abc123 - name: label-two -''' +""" -RETURN = ''' +RETURN = r""" labels: description: Four lists of the labels which were added, updated, removed or exist. returned: success @@ -217,14 +217,13 @@ labels_obj: description: API object. returned: success type: dict -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec -from ansible_collections.community.general.plugins.module_utils.version import LooseVersion from ansible_collections.community.general.plugins.module_utils.gitlab import ( - auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project, gitlab + auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project ) @@ -276,6 +275,8 @@ class GitlabLabels(object): _label.description = var_obj.get('description') if var_obj.get('priority') is not None: _label.priority = var_obj.get('priority') + if var_obj.get('color') is not None: + _label.color = var_obj.get('color') # save returns None _label.save() @@ -347,7 +348,7 @@ def native_python_main(this_gitlab, purge, requested_labels, state, module): item.pop('description_html') item.pop('text_color') item.pop('subscribed') - # field present only when it's a project's label + # field present only when it is a project's label if 'is_project_label' in item: item.pop('is_project_label') item['new_name'] = None @@ -450,14 +451,7 @@ def main(): label_list = module.params['labels'] state = module.params['state'] - gitlab_version = gitlab.__version__ - _min_gitlab = '3.2.0' - if LooseVersion(gitlab_version) < LooseVersion(_min_gitlab): - module.fail_json(msg="community.general.gitlab_label requires python-gitlab Python module >= %s " - "(installed version: [%s]). Please upgrade " - "python-gitlab to version %s or above." % (_min_gitlab, gitlab_version, _min_gitlab)) - - gitlab_instance = gitlab_authentication(module) + gitlab_instance = gitlab_authentication(module, min_version='3.2.0') # find_project can return None, but the other must exist gitlab_project_id = find_project(gitlab_instance, gitlab_project) @@ -478,7 +472,7 @@ def main(): if state == 'present': _existing_labels = [x.asdict()['name'] for x in this_gitlab.list_all_labels()] - # color is mandatory when creating label, but it's optional when changing name or updating other fields + # color is mandatory when creating label, but it is optional when changing name or updating other fields if any(x['color'] is None and x['new_name'] is None and x['name'] not in _existing_labels for x in label_list): module.fail_json(msg='color parameter is required for new labels') diff --git a/plugins/modules/gitlab_merge_request.py b/plugins/modules/gitlab_merge_request.py index 5bb9cb9c7d..fd6068980a 100644 --- a/plugins/modules/gitlab_merge_request.py +++ b/plugins/modules/gitlab_merge_request.py @@ -12,7 +12,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_merge_request short_description: Create, update, or delete GitLab merge requests version_added: 7.1.0 @@ -21,8 +21,7 @@ description: - When a single merge request does exist, it will be updated if the provided parameters are different. - When a single merge request does exist and O(state=absent), the merge request will be deleted. - When multiple merge requests are detected, the task fails. - - Existing merge requests are matched based on O(title), O(source_branch), O(target_branch), - and O(state_filter) filters. + - Existing merge requests are matched based on O(title), O(source_branch), O(target_branch), and O(state_filter) filters. author: - zvaraondrej (@zvaraondrej) requirements: @@ -102,10 +101,10 @@ options: - Comma separated list of reviewers usernames omitting V(@) character. - Set to empty string to unassign all reviewers. type: str -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create Merge Request from branch1 to branch2 community.general.gitlab_merge_request: api_url: https://gitlab.com @@ -117,7 +116,7 @@ EXAMPLES = ''' description: "Demo MR description" labels: "Ansible,Demo" state_filter: "opened" - remove_source_branch: True + remove_source_branch: true state: present - name: Delete Merge Request from branch1 to branch2 @@ -130,9 +129,9 @@ EXAMPLES = ''' title: "Ansible demo MR" state_filter: "opened" state: absent -''' +""" -RETURN = r''' +RETURN = r""" msg: description: Success or failure message. returned: always @@ -143,7 +142,7 @@ mr: description: API object. returned: success type: dict -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec @@ -263,15 +262,15 @@ class GitlabMergeRequest(object): key = 'force_remove_source_branch' if key == 'assignee_ids': - if options[key] != sorted([user["id"] for user in getattr(mr, 'assignees')]): + if value != sorted([user["id"] for user in getattr(mr, 'assignees')]): return True elif key == 'reviewer_ids': - if options[key] != sorted([user["id"] for user in getattr(mr, 'reviewers')]): + if value != sorted([user["id"] for user in getattr(mr, 'reviewers')]): return True elif key == 'labels': - if options[key] != sorted(getattr(mr, key)): + if value != sorted(getattr(mr, key)): return True elif getattr(mr, key) != value: diff --git a/plugins/modules/gitlab_milestone.py b/plugins/modules/gitlab_milestone.py index 0a616ea475..99b922c4dd 100644 --- a/plugins/modules/gitlab_milestone.py +++ b/plugins/modules/gitlab_milestone.py @@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_milestone short_description: Creates/updates/deletes GitLab Milestones belonging to project or group version_added: 8.3.0 @@ -83,10 +83,10 @@ options: - Milestone's description. type: str default: null -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # same project's task can be executed for group - name: Create one milestone community.general.gitlab_milestone: @@ -169,9 +169,9 @@ EXAMPLES = ''' milestones: - title: milestone-abc123 - title: milestone-two -''' +""" -RETURN = ''' +RETURN = r""" milestones: description: Four lists of the milestones which were added, updated, removed or exist. returned: success @@ -201,14 +201,13 @@ milestones_obj: description: API object. returned: success type: dict -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec -from ansible_collections.community.general.plugins.module_utils.version import LooseVersion from ansible_collections.community.general.plugins.module_utils.gitlab import ( - auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project, gitlab + auth_argument_spec, gitlab_authentication, ensure_gitlab_package, find_group, find_project ) from datetime import datetime @@ -452,14 +451,7 @@ def main(): milestone_list = module.params['milestones'] state = module.params['state'] - gitlab_version = gitlab.__version__ - _min_gitlab = '3.2.0' - if LooseVersion(gitlab_version) < LooseVersion(_min_gitlab): - module.fail_json(msg="community.general.gitlab_milestone requires python-gitlab Python module >= %s " - "(installed version: [%s]). Please upgrade " - "python-gitlab to version %s or above." % (_min_gitlab, gitlab_version, _min_gitlab)) - - gitlab_instance = gitlab_authentication(module) + gitlab_instance = gitlab_authentication(module, min_version='3.2.0') # find_project can return None, but the other must exist gitlab_project_id = find_project(gitlab_instance, gitlab_project) diff --git a/plugins/modules/gitlab_project.py b/plugins/modules/gitlab_project.py index f1b96bfac5..8ef73de1fd 100644 --- a/plugins/modules/gitlab_project.py +++ b/plugins/modules/gitlab_project.py @@ -9,13 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: gitlab_project short_description: Creates/updates/deletes GitLab Projects description: - When the project does not exist in GitLab, it will be created. - - When the project does exists and O(state=absent), the project will be deleted. + - When the project does exist and O(state=absent), the project will be deleted. - When changes are made to the project, the project will be updated. author: - Werner Dijkerman (@dj-wasabi) @@ -34,152 +33,17 @@ attributes: support: none options: - group: - description: - - Id or the full path of the group of which this projects belongs to. - type: str - name: - description: - - The name of the project. - required: true - type: str - path: - description: - - The path of the project you want to create, this will be server_url//path. - - If not supplied, name will be used. - type: str - description: - description: - - An description for the project. - type: str - initialize_with_readme: - description: - - Will initialize the project with a default C(README.md). - - Is only used when the project is created, and ignored otherwise. - type: bool - default: false - version_added: "4.0.0" - issues_enabled: - description: - - Whether you want to create issues or not. - - Possible values are true and false. - type: bool - default: true - merge_requests_enabled: - description: - - If merge requests can be made or not. - - Possible values are true and false. - type: bool - default: true - wiki_enabled: - description: - - If an wiki for this project should be available or not. - type: bool - default: true - snippets_enabled: - description: - - If creating snippets should be available or not. - type: bool - default: true - visibility: - description: - - V(private) Project access must be granted explicitly for each user. - - V(internal) The project can be cloned by any logged in user. - - V(public) The project can be cloned without any authentication. - default: private - type: str - choices: ["private", "internal", "public"] - aliases: - - visibility_level - import_url: - description: - - Git repository which will be imported into gitlab. - - GitLab server needs read access to this git repository. - required: false - type: str - state: - description: - - Create or delete project. - - Possible values are present and absent. - default: present - type: str - choices: ["present", "absent"] - merge_method: - description: - - What requirements are placed upon merges. - - Possible values are V(merge), V(rebase_merge) merge commit with semi-linear history, V(ff) fast-forward merges only. - type: str - choices: ["ff", "merge", "rebase_merge"] - default: merge - version_added: "1.0.0" - lfs_enabled: - description: - - Enable Git large file systems to manages large files such - as audio, video, and graphics files. - type: bool - required: false - default: false - version_added: "2.0.0" - username: - description: - - Used to create a personal project under a user's name. - type: str - version_added: "3.3.0" allow_merge_on_skipped_pipeline: description: - Allow merge when skipped pipelines exist. type: bool version_added: "3.4.0" - only_allow_merge_if_all_discussions_are_resolved: - description: - - All discussions on a merge request (MR) have to be resolved. - type: bool - version_added: "3.4.0" - only_allow_merge_if_pipeline_succeeds: - description: - - Only allow merges if pipeline succeeded. - type: bool - version_added: "3.4.0" - packages_enabled: - description: - - Enable GitLab package repository. - type: bool - version_added: "3.4.0" - remove_source_branch_after_merge: - description: - - Remove the source branch after merge. - type: bool - version_added: "3.4.0" - squash_option: - description: - - Squash commits when merging. - type: str - choices: ["never", "always", "default_off", "default_on"] - version_added: "3.4.0" - ci_config_path: - description: - - Custom path to the CI configuration file for this project. - type: str - version_added: "3.7.0" - shared_runners_enabled: - description: - - Enable shared runners for this project. - type: bool - version_added: "3.7.0" avatar_path: description: - Absolute path image to configure avatar. File size should not exceed 200 kb. - This option is only used on creation, not for updates. type: path version_added: "4.2.0" - default_branch: - description: - - The default branch name for this project. - - For project creation, this option requires O(initialize_with_readme=true). - - For project update, the branch must exist. - - Supports project's default branch update since community.general 8.0.0. - type: str - version_added: "4.2.0" builds_access_level: description: - V(private) means that repository CI/CD is allowed only to project members. @@ -188,14 +52,46 @@ options: type: str choices: ["private", "disabled", "enabled"] version_added: "6.2.0" - forking_access_level: + ci_config_path: description: - - V(private) means that repository forks is allowed only to project members. - - V(disabled) means that repository forks are disabled. - - V(enabled) means that repository forks are enabled. + - Custom path to the CI configuration file for this project. type: str - choices: ["private", "disabled", "enabled"] - version_added: "6.2.0" + version_added: "3.7.0" + container_expiration_policy: + description: + - Project cleanup policy for its container registry. + type: dict + suboptions: + cadence: + description: + - How often cleanup should be run. + type: str + choices: ["1d", "7d", "14d", "1month", "3month"] + enabled: + description: + - Enable the cleanup policy. + type: bool + keep_n: + description: + - Number of tags kept per image name. + - V(0) clears the field. + type: int + choices: [0, 1, 5, 10, 25, 50, 100] + older_than: + description: + - Destroy tags older than this. + - V(0d) clears the field. + type: str + choices: ["0d", "7d", "14d", "30d", "90d"] + name_regex: + description: + - Destroy tags matching this regular expression. + type: str + name_regex_keep: + description: + - Keep tags matching this regular expression. + type: str + version_added: "9.3.0" container_registry_access_level: description: - V(private) means that container registry is allowed only to project members. @@ -204,14 +100,18 @@ options: type: str choices: ["private", "disabled", "enabled"] version_added: "6.2.0" - releases_access_level: + default_branch: description: - - V(private) means that accessing release is allowed only to project members. - - V(disabled) means that accessing release is disabled. - - V(enabled) means that accessing release is enabled. + - The default branch name for this project. + - For project creation, this option requires O(initialize_with_readme=true). + - For project update, the branch must exist. + - Supports project's default branch update since community.general 8.0.0. + type: str + version_added: "4.2.0" + description: + description: + - An description for the project. type: str - choices: ["private", "disabled", "enabled"] - version_added: "6.4.0" environments_access_level: description: - V(private) means that deployment to environment is allowed only to project members. @@ -228,6 +128,24 @@ options: type: str choices: ["private", "disabled", "enabled"] version_added: "6.4.0" + forking_access_level: + description: + - V(private) means that repository forks is allowed only to project members. + - V(disabled) means that repository forks are disabled. + - V(enabled) means that repository forks are enabled. + type: str + choices: ["private", "disabled", "enabled"] + version_added: "6.2.0" + group: + description: + - ID or the full path of the group of which this projects belongs to. + type: str + import_url: + description: + - Git repository which will be imported into gitlab. + - GitLab server needs read access to this git repository. + required: false + type: str infrastructure_access_level: description: - V(private) means that configuring infrastructure is allowed only to project members. @@ -236,6 +154,56 @@ options: type: str choices: ["private", "disabled", "enabled"] version_added: "6.4.0" + initialize_with_readme: + description: + - Will initialize the project with a default C(README.md). + - Is only used when the project is created, and ignored otherwise. + type: bool + default: false + version_added: "4.0.0" + issues_access_level: + description: + - V(private) means that accessing issues tab is allowed only to project members. + - V(disabled) means that accessing issues tab is disabled. + - V(enabled) means that accessing issues tab is enabled. + - O(issues_access_level) and O(issues_enabled) are mutually exclusive. + type: str + choices: ["private", "disabled", "enabled"] + version_added: "9.4.0" + issues_enabled: + description: + - Whether you want to create issues or not. + - O(issues_access_level) and O(issues_enabled) are mutually exclusive. + type: bool + default: true + lfs_enabled: + description: + - Enable Git large file systems to manages large files such as audio, video, and graphics files. + type: bool + required: false + default: false + version_added: "2.0.0" + merge_method: + description: + - What requirements are placed upon merges. + - Possible values are V(merge), V(rebase_merge) merge commit with semi-linear history, V(ff) fast-forward merges only. + type: str + choices: ["ff", "merge", "rebase_merge"] + default: merge + version_added: "1.0.0" + merge_requests_enabled: + description: + - If merge requests can be made or not. + type: bool + default: true + model_registry_access_level: + description: + - V(private) means that accessing model registry tab is allowed only to project members. + - V(disabled) means that accessing model registry tab is disabled. + - V(enabled) means that accessing model registry tab is enabled. + type: str + choices: ["private", "disabled", "enabled"] + version_added: "9.3.0" monitor_access_level: description: - V(private) means that monitoring health is allowed only to project members. @@ -244,6 +212,60 @@ options: type: str choices: ["private", "disabled", "enabled"] version_added: "6.4.0" + name: + description: + - The name of the project. + required: true + type: str + only_allow_merge_if_all_discussions_are_resolved: + description: + - All discussions on a merge request (MR) have to be resolved. + type: bool + version_added: "3.4.0" + only_allow_merge_if_pipeline_succeeds: + description: + - Only allow merges if pipeline succeeded. + type: bool + version_added: "3.4.0" + packages_enabled: + description: + - Enable GitLab package repository. + type: bool + version_added: "3.4.0" + pages_access_level: + description: + - V(private) means that accessing pages tab is allowed only to project members. + - V(disabled) means that accessing pages tab is disabled. + - V(enabled) means that accessing pages tab is enabled. + type: str + choices: ["private", "disabled", "enabled"] + version_added: "9.3.0" + path: + description: + - The path of the project you want to create, this will be server_url//path. + - If not supplied, name will be used. + type: str + releases_access_level: + description: + - V(private) means that accessing release is allowed only to project members. + - V(disabled) means that accessing release is disabled. + - V(enabled) means that accessing release is enabled. + type: str + choices: ["private", "disabled", "enabled"] + version_added: "6.4.0" + remove_source_branch_after_merge: + description: + - Remove the source branch after merge. + type: bool + version_added: "3.4.0" + repository_access_level: + description: + - V(private) means that accessing repository is allowed only to project members. + - V(disabled) means that accessing repository is disabled. + - V(enabled) means that accessing repository is enabled. + type: str + choices: ["private", "disabled", "enabled"] + version_added: "9.3.0" security_and_compliance_access_level: description: - V(private) means that accessing security and complicance tab is allowed only to project members. @@ -252,6 +274,34 @@ options: type: str choices: ["private", "disabled", "enabled"] version_added: "6.4.0" + service_desk_enabled: + description: + - Enable Service Desk. + type: bool + version_added: "9.3.0" + shared_runners_enabled: + description: + - Enable shared runners for this project. + type: bool + version_added: "3.7.0" + snippets_enabled: + description: + - If creating snippets should be available or not. + type: bool + default: true + squash_option: + description: + - Squash commits when merging. + type: str + choices: ["never", "always", "default_off", "default_on"] + version_added: "3.4.0" + state: + description: + - Create or delete project. + - Possible values are present and absent. + default: present + type: str + choices: ["present", "absent"] topics: description: - A topic or list of topics to be assigned to a project. @@ -259,9 +309,29 @@ options: type: list elements: str version_added: "6.6.0" -''' + username: + description: + - Used to create a personal project under a user's name. + type: str + version_added: "3.3.0" + visibility: + description: + - V(private) Project access must be granted explicitly for each user. + - V(internal) The project can be cloned by any logged in user. + - V(public) The project can be cloned without any authentication. + default: private + type: str + choices: ["private", "internal", "public"] + aliases: + - visibility_level + wiki_enabled: + description: + - If an wiki for this project should be available or not. + type: bool + default: true +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create GitLab Project community.general.gitlab_project: api_url: https://gitlab.example.com/ @@ -306,9 +376,9 @@ EXAMPLES = r''' api_password: "{{ initial_root_password }}" name: my_second_project group: "10481470" -''' +""" -RETURN = r''' +RETURN = r""" msg: description: Success or failure message. returned: always @@ -316,12 +386,12 @@ msg: sample: "Success" result: - description: json parsed response from the server. + description: JSON-parsed response from the server. returned: always type: dict error: - description: the error message returned by the GitLab API. + description: The error message returned by the GitLab API. returned: failed type: str sample: "400: path is already in use" @@ -330,7 +400,7 @@ project: description: API object. returned: always type: dict -''' +""" from ansible.module_utils.api import basic_auth_argument_spec @@ -358,32 +428,38 @@ class GitLabProject(object): def create_or_update_project(self, module, project_name, namespace, options): changed = False project_options = { - 'name': project_name, - 'description': options['description'], - 'issues_enabled': options['issues_enabled'], - 'merge_requests_enabled': options['merge_requests_enabled'], - 'merge_method': options['merge_method'], - 'wiki_enabled': options['wiki_enabled'], - 'snippets_enabled': options['snippets_enabled'], - 'visibility': options['visibility'], - 'lfs_enabled': options['lfs_enabled'], 'allow_merge_on_skipped_pipeline': options['allow_merge_on_skipped_pipeline'], + 'builds_access_level': options['builds_access_level'], + 'ci_config_path': options['ci_config_path'], + 'container_expiration_policy': options['container_expiration_policy'], + 'container_registry_access_level': options['container_registry_access_level'], + 'description': options['description'], + 'environments_access_level': options['environments_access_level'], + 'feature_flags_access_level': options['feature_flags_access_level'], + 'forking_access_level': options['forking_access_level'], + 'infrastructure_access_level': options['infrastructure_access_level'], + 'issues_access_level': options['issues_access_level'], + 'issues_enabled': options['issues_enabled'], + 'lfs_enabled': options['lfs_enabled'], + 'merge_method': options['merge_method'], + 'merge_requests_enabled': options['merge_requests_enabled'], + 'model_registry_access_level': options['model_registry_access_level'], + 'monitor_access_level': options['monitor_access_level'], + 'name': project_name, 'only_allow_merge_if_all_discussions_are_resolved': options['only_allow_merge_if_all_discussions_are_resolved'], 'only_allow_merge_if_pipeline_succeeds': options['only_allow_merge_if_pipeline_succeeds'], 'packages_enabled': options['packages_enabled'], - 'remove_source_branch_after_merge': options['remove_source_branch_after_merge'], - 'squash_option': options['squash_option'], - 'ci_config_path': options['ci_config_path'], - 'shared_runners_enabled': options['shared_runners_enabled'], - 'builds_access_level': options['builds_access_level'], - 'forking_access_level': options['forking_access_level'], - 'container_registry_access_level': options['container_registry_access_level'], + 'pages_access_level': options['pages_access_level'], 'releases_access_level': options['releases_access_level'], - 'environments_access_level': options['environments_access_level'], - 'feature_flags_access_level': options['feature_flags_access_level'], - 'infrastructure_access_level': options['infrastructure_access_level'], - 'monitor_access_level': options['monitor_access_level'], + 'remove_source_branch_after_merge': options['remove_source_branch_after_merge'], + 'repository_access_level': options['repository_access_level'], 'security_and_compliance_access_level': options['security_and_compliance_access_level'], + 'service_desk_enabled': options['service_desk_enabled'], + 'shared_runners_enabled': options['shared_runners_enabled'], + 'snippets_enabled': options['snippets_enabled'], + 'squash_option': options['squash_option'], + 'visibility': options['visibility'], + 'wiki_enabled': options['wiki_enabled'], } # topics was introduced on gitlab >=14 and replace tag_list. We get current gitlab version @@ -396,7 +472,7 @@ class GitLabProject(object): # Because we have already call userExists in main() if self.project_object is None: if options['default_branch'] and not options['initialize_with_readme']: - module.fail_json(msg="Param default_branch need param initialize_with_readme set to true") + module.fail_json(msg="Param default_branch needs param initialize_with_readme set to true") project_options.update({ 'path': options['path'], 'import_url': options['import_url'], @@ -430,7 +506,7 @@ class GitLabProject(object): try: project.save() except Exception as e: - self._module.fail_json(msg="Failed update project: %s " % e) + self._module.fail_json(msg="Failed to update project: %s " % e) return True return False @@ -443,6 +519,8 @@ class GitLabProject(object): return True arguments['namespace_id'] = namespace.id + if 'container_expiration_policy' in arguments: + arguments['container_expiration_policy_attributes'] = arguments['container_expiration_policy'] try: project = self._gitlab.projects.create(arguments) except (gitlab.exceptions.GitlabCreateError) as e: @@ -454,11 +532,7 @@ class GitLabProject(object): @param arguments Attributes of the project ''' def get_options_with_value(self, arguments): - ret_arguments = dict() - for arg_key, arg_value in arguments.items(): - if arguments[arg_key] is not None: - ret_arguments[arg_key] = arg_value - + ret_arguments = {k: v for k, v in arguments.items() if v is not None} return ret_arguments ''' @@ -469,9 +543,22 @@ class GitLabProject(object): changed = False for arg_key, arg_value in arguments.items(): - if arguments[arg_key] is not None: - if getattr(project, arg_key) != arguments[arg_key]: - setattr(project, arg_key, arguments[arg_key]) + if arg_value is not None: + if getattr(project, arg_key, None) != arg_value: + if arg_key == 'container_expiration_policy': + old_val = getattr(project, arg_key, {}) + final_val = {key: value for key, value in arg_value.items() if value is not None} + + if final_val.get('older_than') == '0d': + final_val['older_than'] = None + if final_val.get('keep_n') == 0: + final_val['keep_n'] = None + + if all(old_val.get(key) == value for key, value in final_val.items()): + continue + setattr(project, 'container_expiration_policy_attributes', final_val) + else: + setattr(project, arg_key, arg_value) changed = True return (changed, project) @@ -501,41 +588,54 @@ def main(): argument_spec = basic_auth_argument_spec() argument_spec.update(auth_argument_spec()) argument_spec.update(dict( - group=dict(type='str'), - name=dict(type='str', required=True), - path=dict(type='str'), - description=dict(type='str'), - initialize_with_readme=dict(type='bool', default=False), - default_branch=dict(type='str'), - issues_enabled=dict(type='bool', default=True), - merge_requests_enabled=dict(type='bool', default=True), - merge_method=dict(type='str', default='merge', choices=["merge", "rebase_merge", "ff"]), - wiki_enabled=dict(type='bool', default=True), - snippets_enabled=dict(default=True, type='bool'), - visibility=dict(type='str', default="private", choices=["internal", "private", "public"], aliases=["visibility_level"]), - import_url=dict(type='str'), - state=dict(type='str', default="present", choices=["absent", "present"]), - lfs_enabled=dict(default=False, type='bool'), - username=dict(type='str'), allow_merge_on_skipped_pipeline=dict(type='bool'), + avatar_path=dict(type='path'), + builds_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + ci_config_path=dict(type='str'), + container_expiration_policy=dict(type='dict', default=None, options=dict( + cadence=dict(type='str', choices=["1d", "7d", "14d", "1month", "3month"]), + enabled=dict(type='bool'), + keep_n=dict(type='int', choices=[0, 1, 5, 10, 25, 50, 100]), + older_than=dict(type='str', choices=["0d", "7d", "14d", "30d", "90d"]), + name_regex=dict(type='str'), + name_regex_keep=dict(type='str'), + )), + container_registry_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + default_branch=dict(type='str'), + description=dict(type='str'), + environments_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + feature_flags_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + forking_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + group=dict(type='str'), + import_url=dict(type='str'), + infrastructure_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + initialize_with_readme=dict(type='bool', default=False), + issues_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + issues_enabled=dict(type='bool', default=True), + lfs_enabled=dict(default=False, type='bool'), + merge_method=dict(type='str', default='merge', choices=["merge", "rebase_merge", "ff"]), + merge_requests_enabled=dict(type='bool', default=True), + model_registry_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + monitor_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + name=dict(type='str', required=True), only_allow_merge_if_all_discussions_are_resolved=dict(type='bool'), only_allow_merge_if_pipeline_succeeds=dict(type='bool'), packages_enabled=dict(type='bool'), - remove_source_branch_after_merge=dict(type='bool'), - squash_option=dict(type='str', choices=['never', 'always', 'default_off', 'default_on']), - ci_config_path=dict(type='str'), - shared_runners_enabled=dict(type='bool'), - avatar_path=dict(type='path'), - builds_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), - forking_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), - container_registry_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + pages_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + path=dict(type='str'), releases_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), - environments_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), - feature_flags_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), - infrastructure_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), - monitor_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + remove_source_branch_after_merge=dict(type='bool'), + repository_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), security_and_compliance_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']), + service_desk_enabled=dict(type='bool'), + shared_runners_enabled=dict(type='bool'), + snippets_enabled=dict(default=True, type='bool'), + squash_option=dict(type='str', choices=['never', 'always', 'default_off', 'default_on']), + state=dict(type='str', default="present", choices=["absent", "present"]), topics=dict(type='list', elements='str'), + username=dict(type='str'), + visibility=dict(type='str', default="private", choices=["internal", "private", "public"], aliases=["visibility_level"]), + wiki_enabled=dict(type='bool', default=True), )) module = AnsibleModule( @@ -547,6 +647,7 @@ def main(): ['api_token', 'api_oauth_token'], ['api_token', 'api_job_token'], ['group', 'username'], + ['issues_access_level', 'issues_enabled'], ], required_together=[ ['api_username', 'api_password'], @@ -560,41 +661,47 @@ def main(): # check prerequisites and connect to gitlab server gitlab_instance = gitlab_authentication(module) - group_identifier = module.params['group'] - project_name = module.params['name'] - project_path = module.params['path'] - project_description = module.params['description'] - initialize_with_readme = module.params['initialize_with_readme'] - issues_enabled = module.params['issues_enabled'] - merge_requests_enabled = module.params['merge_requests_enabled'] - merge_method = module.params['merge_method'] - wiki_enabled = module.params['wiki_enabled'] - snippets_enabled = module.params['snippets_enabled'] - visibility = module.params['visibility'] - import_url = module.params['import_url'] - state = module.params['state'] - lfs_enabled = module.params['lfs_enabled'] - username = module.params['username'] allow_merge_on_skipped_pipeline = module.params['allow_merge_on_skipped_pipeline'] + avatar_path = module.params['avatar_path'] + builds_access_level = module.params['builds_access_level'] + ci_config_path = module.params['ci_config_path'] + container_expiration_policy = module.params['container_expiration_policy'] + container_registry_access_level = module.params['container_registry_access_level'] + default_branch = module.params['default_branch'] + environments_access_level = module.params['environments_access_level'] + feature_flags_access_level = module.params['feature_flags_access_level'] + forking_access_level = module.params['forking_access_level'] + group_identifier = module.params['group'] + import_url = module.params['import_url'] + infrastructure_access_level = module.params['infrastructure_access_level'] + initialize_with_readme = module.params['initialize_with_readme'] + issues_access_level = module.params['issues_access_level'] + issues_enabled = module.params['issues_enabled'] + lfs_enabled = module.params['lfs_enabled'] + merge_method = module.params['merge_method'] + merge_requests_enabled = module.params['merge_requests_enabled'] + model_registry_access_level = module.params['model_registry_access_level'] + monitor_access_level = module.params['monitor_access_level'] only_allow_merge_if_all_discussions_are_resolved = module.params['only_allow_merge_if_all_discussions_are_resolved'] only_allow_merge_if_pipeline_succeeds = module.params['only_allow_merge_if_pipeline_succeeds'] packages_enabled = module.params['packages_enabled'] - remove_source_branch_after_merge = module.params['remove_source_branch_after_merge'] - squash_option = module.params['squash_option'] - ci_config_path = module.params['ci_config_path'] - shared_runners_enabled = module.params['shared_runners_enabled'] - avatar_path = module.params['avatar_path'] - default_branch = module.params['default_branch'] - builds_access_level = module.params['builds_access_level'] - forking_access_level = module.params['forking_access_level'] - container_registry_access_level = module.params['container_registry_access_level'] + pages_access_level = module.params['pages_access_level'] + project_description = module.params['description'] + project_name = module.params['name'] + project_path = module.params['path'] releases_access_level = module.params['releases_access_level'] - environments_access_level = module.params['environments_access_level'] - feature_flags_access_level = module.params['feature_flags_access_level'] - infrastructure_access_level = module.params['infrastructure_access_level'] - monitor_access_level = module.params['monitor_access_level'] + remove_source_branch_after_merge = module.params['remove_source_branch_after_merge'] + repository_access_level = module.params['repository_access_level'] security_and_compliance_access_level = module.params['security_and_compliance_access_level'] + service_desk_enabled = module.params['service_desk_enabled'] + shared_runners_enabled = module.params['shared_runners_enabled'] + snippets_enabled = module.params['snippets_enabled'] + squash_option = module.params['squash_option'] + state = module.params['state'] topics = module.params['topics'] + username = module.params['username'] + visibility = module.params['visibility'] + wiki_enabled = module.params['wiki_enabled'] # Set project_path to project_name if it is empty. if project_path is None: @@ -607,7 +714,7 @@ def main(): if group_identifier: group = find_group(gitlab_instance, group_identifier) if group is None: - module.fail_json(msg="Failed to create project: group %s doesn't exists" % group_identifier) + module.fail_json(msg="Failed to create project: group %s doesn't exist" % group_identifier) namespace_id = group.id else: @@ -633,42 +740,48 @@ def main(): if project_exists: gitlab_project.delete_project() module.exit_json(changed=True, msg="Successfully deleted project %s" % project_name) - module.exit_json(changed=False, msg="Project deleted or does not exists") + module.exit_json(changed=False, msg="Project deleted or does not exist") if state == 'present': if gitlab_project.create_or_update_project(module, project_name, namespace, { - "path": project_path, - "description": project_description, - "initialize_with_readme": initialize_with_readme, - "default_branch": default_branch, - "issues_enabled": issues_enabled, - "merge_requests_enabled": merge_requests_enabled, - "merge_method": merge_method, - "wiki_enabled": wiki_enabled, - "snippets_enabled": snippets_enabled, - "visibility": visibility, - "import_url": import_url, - "lfs_enabled": lfs_enabled, "allow_merge_on_skipped_pipeline": allow_merge_on_skipped_pipeline, + "avatar_path": avatar_path, + "builds_access_level": builds_access_level, + "ci_config_path": ci_config_path, + "container_expiration_policy": container_expiration_policy, + "container_registry_access_level": container_registry_access_level, + "default_branch": default_branch, + "description": project_description, + "environments_access_level": environments_access_level, + "feature_flags_access_level": feature_flags_access_level, + "forking_access_level": forking_access_level, + "import_url": import_url, + "infrastructure_access_level": infrastructure_access_level, + "initialize_with_readme": initialize_with_readme, + "issues_access_level": issues_access_level, + "issues_enabled": issues_enabled, + "lfs_enabled": lfs_enabled, + "merge_method": merge_method, + "merge_requests_enabled": merge_requests_enabled, + "model_registry_access_level": model_registry_access_level, + "monitor_access_level": monitor_access_level, "only_allow_merge_if_all_discussions_are_resolved": only_allow_merge_if_all_discussions_are_resolved, "only_allow_merge_if_pipeline_succeeds": only_allow_merge_if_pipeline_succeeds, "packages_enabled": packages_enabled, - "remove_source_branch_after_merge": remove_source_branch_after_merge, - "squash_option": squash_option, - "ci_config_path": ci_config_path, - "shared_runners_enabled": shared_runners_enabled, - "avatar_path": avatar_path, - "builds_access_level": builds_access_level, - "forking_access_level": forking_access_level, - "container_registry_access_level": container_registry_access_level, + "pages_access_level": pages_access_level, + "path": project_path, "releases_access_level": releases_access_level, - "environments_access_level": environments_access_level, - "feature_flags_access_level": feature_flags_access_level, - "infrastructure_access_level": infrastructure_access_level, - "monitor_access_level": monitor_access_level, + "remove_source_branch_after_merge": remove_source_branch_after_merge, + "repository_access_level": repository_access_level, "security_and_compliance_access_level": security_and_compliance_access_level, + "service_desk_enabled": service_desk_enabled, + "shared_runners_enabled": shared_runners_enabled, + "snippets_enabled": snippets_enabled, + "squash_option": squash_option, "topics": topics, + "visibility": visibility, + "wiki_enabled": wiki_enabled, }): module.exit_json(changed=True, msg="Successfully created or updated the project %s" % project_name, project=gitlab_project.project_object._attrs) diff --git a/plugins/modules/gitlab_project_access_token.py b/plugins/modules/gitlab_project_access_token.py index e692a30577..a93d5531bf 100644 --- a/plugins/modules/gitlab_project_access_token.py +++ b/plugins/modules/gitlab_project_access_token.py @@ -12,7 +12,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: gitlab_project_access_token short_description: Manages GitLab project access tokens version_added: 8.4.0 @@ -27,11 +27,10 @@ extends_documentation_fragment: - community.general.gitlab - community.general.attributes notes: - - Access tokens can not be changed. If a parameter needs to be changed, an acceess token has to be recreated. - Whether tokens will be recreated is controlled by the O(recreate) option, which defaults to V(never). + - Access tokens can not be changed. If a parameter needs to be changed, an acceess token has to be recreated. Whether tokens + will be recreated is controlled by the O(recreate) option, which defaults to V(never). - Token string is contained in the result only when access token is created or recreated. It can not be fetched afterwards. - Token matching is done by comparing O(name) option. - attributes: check_mode: support: full @@ -56,7 +55,8 @@ options: type: list elements: str aliases: ["scope"] - choices: ["api", "read_api", "read_registry", "write_registry", "read_repository", "write_repository", "create_runner", "ai_features", "k8s_proxy"] + choices: ["api", "read_api", "read_registry", "write_registry", "read_repository", "write_repository", "create_runner", + "ai_features", "k8s_proxy"] access_level: description: - Access level of the access token. @@ -84,10 +84,10 @@ options: - When V(absent) it will be removed from the project if it exists. default: present type: str - choices: [ "present", "absent" ] -''' + choices: ["present", "absent"] +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: "Creating a project access token" community.general.gitlab_project_access_token: api_url: https://gitlab.example.com/ @@ -131,16 +131,16 @@ EXAMPLES = r''' - write_repository recreate: state_change state: present -''' +""" -RETURN = r''' +RETURN = r""" access_token: description: - API object. - Only contains the value of the token if the token was created or recreated. returned: success and O(state=present) type: dict -''' +""" from datetime import datetime @@ -311,7 +311,10 @@ def main(): module.exit_json(changed=True, msg="Successfully recreated access token", access_token=gitlab_access_token.access_token_object._attrs) else: gitlab_access_token.create_access_token(project, {'name': name, 'scopes': scopes, 'access_level': access_level, 'expires_at': expires_at}) - module.exit_json(changed=True, msg="Successfully created access token", access_token=gitlab_access_token.access_token_object._attrs) + if module.check_mode: + module.exit_json(changed=True, msg="Successfully created access token", access_token={}) + else: + module.exit_json(changed=True, msg="Successfully created access token", access_token=gitlab_access_token.access_token_object._attrs) if __name__ == '__main__': diff --git a/plugins/modules/gitlab_project_badge.py b/plugins/modules/gitlab_project_badge.py index fee9389492..b62d651c7c 100644 --- a/plugins/modules/gitlab_project_badge.py +++ b/plugins/modules/gitlab_project_badge.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: gitlab_project_badge short_description: Manage project badges on GitLab Server version_added: 6.1.0 @@ -57,9 +56,9 @@ options: - A badge is identified by this URL. required: true type: str -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Add a badge to a GitLab Project community.general.gitlab_project_badge: api_url: 'https://example.gitlab.com' @@ -77,9 +76,9 @@ EXAMPLES = r''' state: absent link_url: 'https://example.gitlab.com/%{project_path}' image_url: 'https://example.gitlab.com/%{project_path}/badges/%{default_branch}/pipeline.svg' -''' +""" -RETURN = ''' +RETURN = r""" badge: description: The badge information. returned: when O(state=present) @@ -91,7 +90,7 @@ badge: rendered_link_url: 'http://example.com/ci_status.svg?project=example-org/example-project&ref=master' rendered_image_url: 'https://shields.io/my/badge' kind: project -''' +""" from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/gitlab_project_members.py b/plugins/modules/gitlab_project_members.py index 2ce277f688..228af9a062 100644 --- a/plugins/modules/gitlab_project_members.py +++ b/plugins/modules/gitlab_project_members.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: gitlab_project_members short_description: Manage project members on GitLab Server version_added: 2.2.0 @@ -82,16 +81,16 @@ options: type: str purge_users: description: - - Adds/remove users of the given access_level to match the given O(gitlab_user)/O(gitlab_users_access) list. - If omitted do not purge orphaned members. + - Adds/remove users of the given access_level to match the given O(gitlab_user)/O(gitlab_users_access) list. If omitted + do not purge orphaned members. - Is only used when O(state=present). type: list elements: str choices: ['guest', 'reporter', 'developer', 'maintainer'] version_added: 3.7.0 -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Add a user to a GitLab Project community.general.gitlab_project_members: api_url: 'https://gitlab.example.com' @@ -154,9 +153,9 @@ EXAMPLES = r''' - name: user2 access_level: maintainer state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/gitlab_project_variable.py b/plugins/modules/gitlab_project_variable.py index 329e7a414b..5903c9b5c4 100644 --- a/plugins/modules/gitlab_project_variable.py +++ b/plugins/modules/gitlab_project_variable.py @@ -7,14 +7,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_project_variable short_description: Creates/updates/deletes GitLab Projects Variables description: - When a project variable does not exist, it will be created. - When a project variable does exist, its value will be updated when the values are different. - - Variables which are untouched in the playbook, but are not untouched in the GitLab project, - they stay untouched (O(purge=false)) or will be deleted (O(purge=true)). + - Variables which are untouched in the playbook, but are not untouched in the GitLab project, they stay untouched (O(purge=false)) + or will be deleted (O(purge=true)). author: - "Markus Bergholz (@markuman)" requirements: @@ -51,8 +51,8 @@ options: vars: description: - When the list element is a simple key-value pair, masked, raw and protected will be set to false. - - When the list element is a dict with the keys C(value), C(masked), C(raw) and C(protected), the user can - have full control about whether a value should be masked, raw, protected or both. + - When the list element is a dict with the keys C(value), C(masked), C(raw) and C(protected), the user can have full + control about whether a value should be masked, raw, protected or both. - Support for protected values requires GitLab >= 9.3. - Support for masked values requires GitLab >= 11.10. - Support for raw values requires GitLab >= 15.7. @@ -61,8 +61,8 @@ options: - A C(value) must be a string or a number. - Field C(variable_type) must be a string with either V(env_var), which is the default, or V(file). - Field C(environment_scope) must be a string defined by scope environment. - - When a value is masked, it must be in Base64 and have a length of at least 8 characters. - See GitLab documentation on acceptable values for a masked variable (https://docs.gitlab.com/ce/ci/variables/#masked-variables). + - When a value is masked, it must be in Base64 and have a length of at least 8 characters. See GitLab documentation + on acceptable values for a masked variable (https://docs.gitlab.com/ce/ci/variables/#masked-variables). default: {} type: dict variables: @@ -116,10 +116,10 @@ options: - Support for O(variables[].environment_scope) requires GitLab Premium >= 13.11. type: str default: '*' -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Set or update some CI/CD variables community.general.gitlab_project_variable: api_url: https://gitlab.com @@ -190,9 +190,9 @@ EXAMPLES = ''' state: absent vars: ACCESS_KEY_ID: abc123 -''' +""" -RETURN = ''' +RETURN = r""" project_variable: description: Four lists of the variablenames which were added, updated, removed or exist. returned: always @@ -218,7 +218,7 @@ project_variable: returned: always type: list sample: ['ACCESS_KEY_ID', 'SECRET_ACCESS_KEY'] -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec diff --git a/plugins/modules/gitlab_protected_branch.py b/plugins/modules/gitlab_protected_branch.py index 8d2d75736b..4a3b7177ee 100644 --- a/plugins/modules/gitlab_protected_branch.py +++ b/plugins/modules/gitlab_protected_branch.py @@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: gitlab_protected_branch short_description: Manage protection of existing branches version_added: 3.4.0 @@ -58,10 +58,10 @@ options: default: maintainer type: str choices: ["maintainer", "developer", "nobody"] -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create protected branch on main community.general.gitlab_protected_branch: api_url: https://gitlab.com @@ -70,11 +70,10 @@ EXAMPLES = ''' name: main merge_access_levels: maintainer push_access_level: nobody +""" -''' - -RETURN = ''' -''' +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.api import basic_auth_argument_spec diff --git a/plugins/modules/gitlab_runner.py b/plugins/modules/gitlab_runner.py index e6163a6b6c..62875c552a 100644 --- a/plugins/modules/gitlab_runner.py +++ b/plugins/modules/gitlab_runner.py @@ -10,27 +10,31 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: gitlab_runner short_description: Create, modify and delete GitLab Runners description: - - Register, update and delete runners with the GitLab API. + - Register, update and delete runners on GitLab Server side with the GitLab API. - All operations are performed using the GitLab API v4. - - For details, consult the full API documentation at U(https://docs.gitlab.com/ee/api/runners.html). - - A valid private API token is required for all operations. You can create as many tokens as you like using the GitLab web interface at - U(https://$GITLAB_URL/profile/personal_access_tokens). - - A valid registration token is required for registering a new runner. - To create shared runners, you need to ask your administrator to give you this token. - It can be found at U(https://$GITLAB_URL/admin/runners/). + - For details, consult the full API documentation at U(https://docs.gitlab.com/ee/api/runners.html) and + U(https://docs.gitlab.com/ee/api/users.html#create-a-runner-linked-to-a-user). + - A valid private API token is required for all operations. You can create as many tokens as you like using the GitLab web + interface at U(https://$GITLAB_URL/profile/personal_access_tokens). + - A valid registration token is required for registering a new runner. To create shared runners, you need to ask your administrator + to give you this token. It can be found at U(https://$GITLAB_URL/admin/runners/). + - This module does not handle the C(gitlab-runner) process part, but only manages the runner on GitLab Server side through + its API. Once the module has created the runner, you may use the generated token to run C(gitlab-runner register) command. notes: - To create a new runner at least the O(api_token), O(description) and O(api_url) options are required. - - Runners need to have unique descriptions. + - Runners need to have unique descriptions, since this attribute is used as key for idempotency. author: - Samy Coenen (@SamyCoenen) - Guillaume Martinez (@Lunik) requirements: - - python-gitlab >= 1.5.0 + - python-gitlab >= 1.5.0 for legacy runner registration workflow (runner registration token - + U(https://docs.gitlab.com/runner/register/#register-with-a-runner-registration-token-deprecated)) + - python-gitlab >= 4.0.0 for new runner registration workflow (runner authentication token - + U(https://docs.gitlab.com/runner/register/#register-with-a-runner-authentication-token)) extends_documentation_fragment: - community.general.auth_basic - community.general.gitlab @@ -67,7 +71,8 @@ options: - name state: description: - - Make sure that the runner with the same name exists with the same configuration or delete the runner with the same name. + - Make sure that the runner with the same name exists with the same configuration or delete the runner with the same + name. required: false default: present choices: ["present", "absent"] @@ -112,12 +117,12 @@ options: access_level: description: - Determines if a runner can pick up jobs only from protected branches. - - If O(access_level_on_creation) is not explicitly set to V(true), this option is ignored on registration and - is only applied on updates. + - If O(access_level_on_creation) is not explicitly set to V(true), this option is ignored on registration and is only + applied on updates. - If set to V(not_protected), runner can pick up jobs from both protected and unprotected branches. - If set to V(ref_protected), runner can pick up jobs only from protected branches. - - Before community.general 8.0.0 the default was V(ref_protected). This was changed to no default in community.general 8.0.0. - If this option is not specified explicitly, GitLab will use V(not_protected) on creation, and the value set + - Before community.general 8.0.0 the default was V(ref_protected). This was changed to no default in community.general + 8.0.0. If this option is not specified explicitly, GitLab will use V(not_protected) on creation, and the value set will not be changed on any updates. required: false choices: ["not_protected", "ref_protected"] @@ -150,10 +155,48 @@ options: default: [] type: list elements: str -''' +""" -EXAMPLES = ''' -- name: "Register runner" +EXAMPLES = r""" +- name: Create an instance-level runner + community.general.gitlab_runner: + api_url: https://gitlab.example.com/ + api_token: "{{ access_token }}" + description: Docker Machine t1 + state: present + active: true + tag_list: ['docker'] + run_untagged: false + locked: false + register: runner # Register module output to run C(gitlab-runner register) command in another task + +- name: Create a group-level runner + community.general.gitlab_runner: + api_url: https://gitlab.example.com/ + api_token: "{{ access_token }}" + description: Docker Machine t1 + state: present + active: true + tag_list: ['docker'] + run_untagged: false + locked: false + group: top-level-group/subgroup + register: runner # Register module output to run C(gitlab-runner register) command in another task + +- name: Create a project-level runner + community.general.gitlab_runner: + api_url: https://gitlab.example.com/ + api_token: "{{ access_token }}" + description: Docker Machine t1 + state: present + active: true + tag_list: ['docker'] + run_untagged: false + locked: false + project: top-level-group/subgroup/project + register: runner # Register module output to run C(gitlab-runner register) command in another task + +- name: "Register instance-level runner with registration token (deprecated)" community.general.gitlab_runner: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" @@ -164,6 +207,7 @@ EXAMPLES = ''' tag_list: ['docker'] run_untagged: false locked: false + register: runner # Register module output to run C(gitlab-runner register) command in another task - name: "Delete runner" community.general.gitlab_runner: @@ -180,7 +224,7 @@ EXAMPLES = ''' owned: true state: absent -- name: Register runner for a specific project +- name: "Register a project-level runner with registration token (deprecated)" community.general.gitlab_runner: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" @@ -188,31 +232,32 @@ EXAMPLES = ''' description: MyProject runner state: present project: mygroup/mysubgroup/myproject -''' + register: runner # Register module output to run C(gitlab-runner register) command in another task +""" -RETURN = ''' +RETURN = r""" msg: - description: Success or failure message + description: Success or failure message. returned: always type: str sample: "Success" result: - description: json parsed response from the server + description: JSON-parsed response from the server. returned: always type: dict error: - description: the error message returned by the GitLab API + description: The error message returned by the GitLab API. returned: failed type: str sample: "400: path is already in use" runner: - description: API object + description: API object. returned: always type: dict -''' +""" from ansible.module_utils.api import basic_auth_argument_spec from ansible.module_utils.basic import AnsibleModule @@ -322,18 +367,18 @@ class GitLabRunner(object): changed = False for arg_key, arg_value in arguments.items(): - if arguments[arg_key] is not None: - if isinstance(arguments[arg_key], list): + if arg_value is not None: + if isinstance(arg_value, list): list1 = getattr(runner, arg_key) list1.sort() - list2 = arguments[arg_key] + list2 = arg_value list2.sort() if list1 != list2: - setattr(runner, arg_key, arguments[arg_key]) + setattr(runner, arg_key, arg_value) changed = True else: - if getattr(runner, arg_key) != arguments[arg_key]: - setattr(runner, arg_key, arguments[arg_key]) + if getattr(runner, arg_key) != arg_value: + setattr(runner, arg_key, arg_value) changed = True return (changed, runner) @@ -423,6 +468,7 @@ def main(): state = module.params['state'] runner_description = module.params['description'] runner_active = module.params['active'] + runner_paused = module.params['paused'] tag_list = module.params['tag_list'] run_untagged = module.params['run_untagged'] runner_locked = module.params['locked'] @@ -457,7 +503,7 @@ def main(): module.exit_json(changed=False, msg="Runner deleted or does not exists") if state == 'present': - if gitlab_runner.create_or_update_runner(runner_description, { + runner_values = { "active": runner_active, "tag_list": tag_list, "run_untagged": run_untagged, @@ -467,7 +513,11 @@ def main(): "registration_token": registration_token, "group": group, "project": project, - }): + } + if LooseVersion(gitlab_runner._gitlab.version()[0]) >= LooseVersion("14.8.0"): + # the paused attribute for runners is available since 14.8 + runner_values["paused"] = runner_paused + if gitlab_runner.create_or_update_runner(runner_description, runner_values): module.exit_json(changed=True, runner=gitlab_runner.runner_object._attrs, msg="Successfully created or updated the runner %s" % runner_description) else: diff --git a/plugins/modules/gitlab_user.py b/plugins/modules/gitlab_user.py index 6e5ab4ece0..3be684b1e9 100644 --- a/plugins/modules/gitlab_user.py +++ b/plugins/modules/gitlab_user.py @@ -10,8 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: gitlab_user short_description: Creates/updates/deletes/blocks/unblocks GitLab Users description: @@ -83,18 +82,13 @@ options: version_added: 3.1.0 group: description: - - Id or Full path of parent group in the form of group/name. + - ID or Full path of parent group in the form of group/name. - Add user as a member to this group. type: str access_level: description: - - The access level to the group. One of the following can be used. - - guest - - reporter - - developer - - master (alias for maintainer) - - maintainer - - owner + - The access level to the group. + - The value V(master) is an alias for V(maintainer). default: guest type: str choices: ["guest", "reporter", "developer", "master", "maintainer", "owner"] @@ -128,7 +122,7 @@ options: suboptions: provider: description: - - The name of the external identity provider + - The name of the external identity provider. type: str extern_uid: description: @@ -143,9 +137,9 @@ options: type: bool default: false version_added: 3.3.0 -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: "Delete GitLab User" community.general.gitlab_user: api_url: https://gitlab.example.com/ @@ -179,8 +173,8 @@ EXAMPLES = ''' password: mysecretpassword email: me@example.com identities: - - provider: Keycloak - extern_uid: f278f95c-12c7-4d51-996f-758cc2eb11bc + - provider: Keycloak + extern_uid: f278f95c-12c7-4d51-996f-758cc2eb11bc state: present group: super_group/mon_group access_level: owner @@ -198,31 +192,31 @@ EXAMPLES = ''' api_token: "{{ access_token }}" username: myusername state: unblocked -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Success or failure message + description: Success or failure message. returned: always type: str sample: "Success" result: - description: json parsed response from the server + description: JSON-parsed response from the server. returned: always type: dict error: - description: the error message returned by the GitLab API + description: The error message returned by the GitLab API. returned: failed type: str sample: "400: path is already in use" user: - description: API object + description: API object. returned: always type: dict -''' +""" from ansible.module_utils.api import basic_auth_argument_spec diff --git a/plugins/modules/grove.py b/plugins/modules/grove.py index b50546b4da..abdc303f90 100644 --- a/plugins/modules/grove.py +++ b/plugins/modules/grove.py @@ -9,13 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: grove short_description: Sends a notification to a grove.io channel description: - - The C(grove) module sends a message for a service to a Grove.io - channel. + - The C(grove) module sends a message for a service to a Grove.io channel. extends_documentation_fragment: - community.general.attributes attributes: @@ -32,7 +30,7 @@ options: service: type: str description: - - Name of the service (displayed as the "user" in the message) + - Name of the service (displayed as the "user" in the message). required: false default: ansible message_content: @@ -44,29 +42,29 @@ options: url: type: str description: - - Service URL for the web client + - Service URL for the web client. required: false icon_url: type: str description: - - Icon for the service + - Icon for the service. required: false validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. default: true type: bool author: "Jonas Pfenniger (@zimbatm)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Sends a notification to a grove.io channel community.general.grove: channel_token: 6Ph62VBBJOccmtTPZbubiPzdrhipZXtg service: my-app message: 'deployed {{ target }}' -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.six.moves.urllib.parse import urlencode diff --git a/plugins/modules/gunicorn.py b/plugins/modules/gunicorn.py index 2b2abcf8e6..8118e0f60d 100644 --- a/plugins/modules/gunicorn.py +++ b/plugins/modules/gunicorn.py @@ -9,21 +9,18 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: gunicorn short_description: Run gunicorn with various settings description: - - Starts gunicorn with the parameters specified. Common settings for gunicorn - configuration are supported. For additional configuration use a config file - See U(https://gunicorn-docs.readthedocs.io/en/latest/settings.html) for more - options. It's recommended to always use the chdir option to avoid problems - with the location of the app. + - Starts gunicorn with the parameters specified. Common settings for gunicorn configuration are supported. For additional + configuration use a config file See U(https://gunicorn-docs.readthedocs.io/en/latest/settings.html) for more options. + It's recommended to always use the chdir option to avoid problems with the location of the app. requirements: [gunicorn] author: - - "Alejandro Gomez (@agmezr)" + - "Alejandro Gomez (@agmezr)" extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: none @@ -40,37 +37,36 @@ options: type: path aliases: ['virtualenv'] description: - - 'Path to the virtualenv directory.' + - Path to the virtualenv directory. config: type: path description: - - 'Path to the gunicorn configuration file.' + - Path to the gunicorn configuration file. aliases: ['conf'] chdir: type: path description: - - 'Chdir to specified directory before apps loading.' + - Chdir to specified directory before apps loading. pid: type: path description: - - 'A filename to use for the PID file. If not set and not found on the configuration file a tmp - pid file will be created to check a successful run of gunicorn.' + - A filename to use for the PID file. If not set and not found on the configuration file a tmp pid file will be created + to check a successful run of gunicorn. worker: type: str choices: ['sync', 'eventlet', 'gevent', 'tornado ', 'gthread', 'gaiohttp'] description: - - 'The type of workers to use. The default class (sync) should handle most "normal" types of workloads.' + - The type of workers to use. The default class (sync) should handle most "normal" types of workloads. user: type: str description: - - 'Switch worker processes to run as this user.' + - Switch worker processes to run as this user. notes: - - If not specified on config file, a temporary error log will be created on /tmp dir. - Please make sure you have write access in /tmp dir. Not needed but will help you to - identify any problem with configuration. -''' + - If not specified on config file, a temporary error log will be created on /tmp dir. Please make sure you have write access + in /tmp dir. Not needed but will help you to identify any problem with configuration. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Simple gunicorn run example community.general.gunicorn: app: 'wsgi' @@ -96,15 +92,15 @@ EXAMPLES = ''' venv: '/workspace/example/venv' pid: '/workspace/example/gunicorn.pid' user: 'ansible' -''' +""" -RETURN = ''' +RETURN = r""" gunicorn: - description: process id of gunicorn - returned: changed - type: str - sample: "1234" -''' + description: Process ID of gunicorn. + returned: changed + type: str + sample: "1234" +""" import os import time diff --git a/plugins/modules/haproxy.py b/plugins/modules/haproxy.py index 05f52d55c8..9c60e59040 100644 --- a/plugins/modules/haproxy.py +++ b/plugins/modules/haproxy.py @@ -8,23 +8,21 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: haproxy short_description: Enable, disable, and set weights for HAProxy backend servers using socket commands author: - - Ravi Bhure (@ravibhure) + - Ravi Bhure (@ravibhure) description: - - Enable, disable, drain and set weights for HAProxy backend servers using socket commands. + - Enable, disable, drain and set weights for HAProxy backend servers using socket commands. notes: - - Enable, disable and drain commands are restricted and can only be issued on - sockets configured for level 'admin'. For example, you can add the line - 'stats socket /var/run/haproxy.sock level admin' to the general section of - haproxy.cfg. See U(http://haproxy.1wt.eu/download/1.5/doc/configuration.txt). - - Depends on netcat (C(nc)) being available; you need to install the appropriate - package for your operating system before this module can be used. + - Enable, disable and drain commands are restricted and can only be issued on sockets configured for level C(admin). For + example, you can add the line C(stats socket /var/run/haproxy.sock level admin) to the general section of C(haproxy.cfg). + See U(http://haproxy.1wt.eu/download/1.5/doc/configuration.txt). + - Depends on netcat (C(nc)) being available; you need to install the appropriate package for your operating system before + this module can be used. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: none @@ -38,8 +36,8 @@ options: type: str drain: description: - - Wait until the server has no active connections or until the timeout - determined by wait_interval and wait_retries is reached. + - Wait until the server has no active connections or until the timeout determined by O(wait_interval) and O(wait_retries) + is reached. - Continue only after the status changes to C(MAINT). - This overrides the shutdown_sessions option. type: bool @@ -51,10 +49,9 @@ options: required: true shutdown_sessions: description: - - When disabling a server, immediately terminate all the sessions attached - to the specified server. - - This can be used to terminate long-running sessions after a server is put - into maintenance mode. Overridden by the drain option. + - When disabling a server, immediately terminate all the sessions attached to the specified server. + - This can be used to terminate long-running sessions after a server is put into maintenance mode. Overridden by the + drain option. type: bool default: false socket: @@ -65,12 +62,11 @@ options: state: description: - Desired state of the provided backend host. - - Note that V(drain) state was added in version 2.4. - - It is supported only by HAProxy version 1.5 or later, - - When used on versions < 1.5, it will be ignored. + - Note that V(drain) state is supported only by HAProxy version 1.5 or later. When used on versions < 1.5, it will be + ignored. type: str required: true - choices: [ disabled, drain, enabled ] + choices: [disabled, drain, enabled] agent: description: - Disable/enable agent checks (depending on O(state) value). @@ -90,8 +86,8 @@ options: default: false wait: description: - - Wait until the server reports a status of C(UP) when O(state=enabled), - status of C(MAINT) when O(state=disabled) or status of C(DRAIN) when O(state=drain). + - Wait until the server reports a status of C(UP) when O(state=enabled), status of C(MAINT) when O(state=disabled) or + status of C(DRAIN) when O(state=drain). type: bool default: false wait_interval: @@ -107,14 +103,12 @@ options: weight: description: - The value passed in argument. - - If the value ends with the V(%) sign, then the new weight will be - relative to the initially configured weight. - - Relative weights are only permitted between 0 and 100% and absolute - weights are permitted between 0 and 256. + - If the value ends with the V(%) sign, then the new weight will be relative to the initially configured weight. + - Relative weights are only permitted between 0 and 100% and absolute weights are permitted between 0 and 256. type: str -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Disable server in 'www' backend pool community.general.haproxy: state: disabled @@ -169,7 +163,8 @@ EXAMPLES = r''' socket: /var/run/haproxy.sock shutdown_sessions: true -- name: Disable server without backend pool name (apply to all available backend pool) but fail when the backend host is not found +- name: Disable server without backend pool name (apply to all available backend pool) but fail when the backend host is + not found community.general.haproxy: state: disabled host: '{{ inventory_hostname }}' @@ -188,7 +183,8 @@ EXAMPLES = r''' backend: www wait: true -- name: Enable server in 'www' backend pool wait until healthy. Retry 10 times with intervals of 5 seconds to retrieve the health +- name: Enable server in 'www' backend pool wait until healthy. Retry 10 times with intervals of 5 seconds to retrieve the + health community.general.haproxy: state: enabled host: '{{ inventory_hostname }}' @@ -211,7 +207,7 @@ EXAMPLES = r''' host: '{{ inventory_hostname }}' socket: /var/run/haproxy.sock backend: www -''' +""" import csv import socket @@ -343,7 +339,7 @@ class HAProxy(object): if state is not None: self.execute(Template(cmd).substitute(pxname=backend, svname=svname)) - if self.wait: + if self.wait and not (wait_for_status == "DRAIN" and state == "DOWN"): self.wait_until_status(backend, svname, wait_for_status) def get_state_for(self, pxname, svname): diff --git a/plugins/modules/heroku_collaborator.py b/plugins/modules/heroku_collaborator.py index e07ae333dd..1d278339e4 100644 --- a/plugins/modules/heroku_collaborator.py +++ b/plugins/modules/heroku_collaborator.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: heroku_collaborator short_description: Add or delete app collaborators on Heroku description: @@ -32,35 +31,35 @@ options: api_key: type: str description: - - Heroku API key + - Heroku API key. apps: type: list elements: str description: - - List of Heroku App names + - List of Heroku App names. required: true suppress_invitation: description: - - Suppress email invitation when creating collaborator + - Suppress email invitation when creating collaborator. type: bool default: false user: type: str description: - - User ID or e-mail + - User ID or e-mail. required: true state: type: str description: - - Create or remove the heroku collaborator + - Create or remove the heroku collaborator. choices: ["present", "absent"] default: "present" notes: - E(HEROKU_API_KEY) and E(TF_VAR_HEROKU_API_KEY) environment variables can be used instead setting O(api_key). - - If you use C(check_mode), you can also pass the C(-v) flag to see affected apps in C(msg), e.g. ["heroku-example-app"]. -''' + - If you use C(check_mode), you can also pass the C(-v) flag to see affected apps in C(msg), for example C(["heroku-example-app"]). +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a heroku collaborator community.general.heroku_collaborator: api_key: YOUR_API_KEY @@ -76,12 +75,12 @@ EXAMPLES = ''' suppress_invitation: '{{ item.suppress_invitation | default(suppress_invitation) }}' state: '{{ item.state | default("present") }}' with_items: - - { user: 'a.b@example.com' } - - { state: 'absent', user: 'b.c@example.com', suppress_invitation: false } - - { user: 'x.y@example.com', apps: ["heroku-example-app"] } -''' + - {user: 'a.b@example.com'} + - {state: 'absent', user: 'b.c@example.com', suppress_invitation: false} + - {user: 'x.y@example.com', apps: ["heroku-example-app"]} +""" -RETURN = ''' # ''' +RETURN = """ # """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.heroku import HerokuHelper diff --git a/plugins/modules/hg.py b/plugins/modules/hg.py index 4b6b7c4330..f269628abb 100644 --- a/plugins/modules/hg.py +++ b/plugins/modules/hg.py @@ -9,75 +9,71 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hg short_description: Manages Mercurial (hg) repositories description: - - Manages Mercurial (hg) repositories. Supports SSH, HTTP/S and local address. + - Manages Mercurial (hg) repositories. Supports SSH, HTTP/S and local address. author: "Yeukhon Wong (@yeukhon)" extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - repo: - description: - - The repository address. - required: true - aliases: [ name ] - type: str - dest: - description: - - Absolute path of where the repository should be cloned to. - This parameter is required, unless clone and update are set to no - type: path - revision: - description: - - Equivalent C(-r) option in hg command which could be the changeset, revision number, - branch name or even tag. - aliases: [ version ] - type: str - force: - description: - - Discards uncommitted changes. Runs C(hg update -C). - type: bool - default: false - purge: - description: - - Deletes untracked files. Runs C(hg purge). - type: bool - default: false - update: - description: - - If V(false), do not retrieve new revisions from the origin repository - type: bool - default: true - clone: - description: - - If V(false), do not clone the repository if it does not exist locally. - type: bool - default: true - executable: - description: - - Path to hg executable to use. If not supplied, - the normal mechanism for resolving binary paths will be used. - type: str + repo: + description: + - The repository address. + required: true + aliases: [name] + type: str + dest: + description: + - Absolute path of where the repository should be cloned to. This parameter is required, unless clone and update are + set to no. + type: path + revision: + description: + - Equivalent C(-r) option in hg command which could be the changeset, revision number, branch name or even tag. + aliases: [version] + type: str + force: + description: + - Discards uncommitted changes. Runs C(hg update -C). + type: bool + default: false + purge: + description: + - Deletes untracked files. Runs C(hg purge). + type: bool + default: false + update: + description: + - If V(false), do not retrieve new revisions from the origin repository. + type: bool + default: true + clone: + description: + - If V(false), do not clone the repository if it does not exist locally. + type: bool + default: true + executable: + description: + - Path to hg executable to use. If not supplied, the normal mechanism for resolving binary paths will be used. + type: str notes: - - This module does not support push capability. See U(https://github.com/ansible/ansible/issues/31156). - - "If the task seems to be hanging, first verify remote host is in C(known_hosts). - SSH will prompt user to authorize the first contact with a remote host. To avoid this prompt, - one solution is to add the remote host public key in C(/etc/ssh/ssh_known_hosts) before calling - the hg module, with the following command: ssh-keyscan remote_host.com >> /etc/ssh/ssh_known_hosts." - - As per 01 Dec 2018, Bitbucket has dropped support for TLSv1 and TLSv1.1 connections. As such, - if the underlying system still uses a Python version below 2.7.9, you will have issues checking out - bitbucket repositories. See U(https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01). -''' + - This module does not support push capability. See U(https://github.com/ansible/ansible/issues/31156). + - 'If the task seems to be hanging, first verify remote host is in C(known_hosts). SSH will prompt user to authorize the + first contact with a remote host. To avoid this prompt, one solution is to add the remote host public key in C(/etc/ssh/ssh_known_hosts) + before calling the hg module, with the following command: C(ssh-keyscan remote_host.com >> /etc/ssh/ssh_known_hosts).' + - As per 01 Dec 2018, Bitbucket has dropped support for TLSv1 and TLSv1.1 connections. As such, if the underlying system + still uses a Python version below 2.7.9, you will have issues checking out bitbucket repositories. See + U(https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01). +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Ensure the current working copy is inside the stable branch and deletes untracked files if any. community.general.hg: repo: https://bitbucket.org/user/repo1 @@ -91,7 +87,7 @@ EXAMPLES = ''' dest: /srv/checkout clone: false update: false -''' +""" import os @@ -209,7 +205,7 @@ class Hg(object): if the desired changeset is already the current changeset. """ if self.revision is None or len(self.revision) < 7: - # Assume it's a rev number, tag, or branch + # Assume it is a rev number, tag, or branch return False (rc, out, err) = self._command(['--debug', 'id', '-i', '-R', self.dest]) if rc != 0: diff --git a/plugins/modules/hipchat.py b/plugins/modules/hipchat.py index 83e253679c..14b8bb2cb4 100644 --- a/plugins/modules/hipchat.py +++ b/plugins/modules/hipchat.py @@ -9,14 +9,17 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hipchat short_description: Send a message to Hipchat description: - - Send a message to a Hipchat room, with options to control the formatting. + - Send a message to a Hipchat room, with options to control the formatting. extends_documentation_fragment: - community.general.attributes +deprecated: + removed_in: 11.0.0 + why: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020. + alternative: There is none. attributes: check_mode: support: full @@ -36,8 +39,7 @@ options: msg_from: type: str description: - - Name the message will appear to be sent from. Max length is 15 - characters - above this it will be truncated. + - Name the message will appear to be sent from. Max length is 15 characters - above this it will be truncated. default: Ansible aliases: [from] msg: @@ -50,13 +52,13 @@ options: description: - Background color for the message. default: yellow - choices: [ "yellow", "red", "green", "purple", "gray", "random" ] + choices: ["yellow", "red", "green", "purple", "gray", "random"] msg_format: type: str description: - Message format. default: text - choices: [ "text", "html" ] + choices: ["text", "html"] notify: description: - If true, a notification will be triggered for users in the room. @@ -64,23 +66,23 @@ options: default: true validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. type: bool default: true api: type: str description: - - API url if using a self-hosted hipchat server. For Hipchat API version - 2 use the default URI with C(/v2) instead of C(/v1). + - API URL if using a self-hosted hipchat server. For Hipchat API version 2 use the default URI with C(/v2) instead of + C(/v1). default: 'https://api.hipchat.com/v1' author: -- Shirou Wakayama (@shirou) -- Paul Bourdel (@pb8226) -''' + - Shirou Wakayama (@shirou) + - Paul Bourdel (@pb8226) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Send a message to a Hipchat room community.general.hipchat: room: notif @@ -92,7 +94,7 @@ EXAMPLES = ''' token: OAUTH2_TOKEN room: notify msg: Ansible task finished -''' +""" # =========================================== # HipChat module specific support methods. diff --git a/plugins/modules/homebrew.py b/plugins/modules/homebrew.py index 5d471797a7..c5e1c85313 100644 --- a/plugins/modules/homebrew.py +++ b/plugins/modules/homebrew.py @@ -14,74 +14,80 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: homebrew author: - - "Indrajit Raychaudhuri (@indrajitr)" - - "Daniel Jaouen (@danieljaouen)" - - "Andrew Dunham (@andrew-d)" + - "Indrajit Raychaudhuri (@indrajitr)" + - "Daniel Jaouen (@danieljaouen)" + - "Andrew Dunham (@andrew-d)" requirements: - - homebrew must already be installed on the target system + - homebrew must already be installed on the target system short_description: Package manager for Homebrew description: - - Manages Homebrew packages + - Manages Homebrew packages. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: - - A list of names of packages to install/remove. - aliases: [ 'formula', 'package', 'pkg' ] - type: list - elements: str - path: - description: - - "A V(:) separated list of paths to search for C(brew) executable. - Since a package (I(formula) in homebrew parlance) location is prefixed relative to the actual path of C(brew) command, - providing an alternative C(brew) path enables managing different set of packages in an alternative location in the system." - default: '/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin' - type: path - state: - description: - - state of the package. - choices: [ 'absent', 'head', 'installed', 'latest', 'linked', 'present', 'removed', 'uninstalled', 'unlinked', 'upgraded' ] - default: present - type: str - update_homebrew: - description: - - update homebrew itself first. - type: bool - default: false - upgrade_all: - description: - - upgrade all homebrew packages. - type: bool - default: false - aliases: ['upgrade'] - install_options: - description: - - options flags to install a package. - aliases: ['options'] - type: list - elements: str - upgrade_options: - description: - - Option flags to upgrade. - type: list - elements: str - version_added: '0.2.0' + name: + description: + - A list of names of packages to install/remove. + aliases: ['formula', 'package', 'pkg'] + type: list + elements: str + path: + description: + - A V(:) separated list of paths to search for C(brew) executable. Since a package (I(formula) in homebrew parlance) + location is prefixed relative to the actual path of C(brew) command, providing an alternative C(brew) path enables + managing different set of packages in an alternative location in the system. + default: '/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin' + type: path + state: + description: + - State of the package. + choices: ['absent', 'head', 'installed', 'latest', 'linked', 'present', 'removed', 'uninstalled', 'unlinked', 'upgraded'] + default: present + type: str + update_homebrew: + description: + - Update homebrew itself first. + type: bool + default: false + upgrade_all: + description: + - Upgrade all homebrew packages. + type: bool + default: false + aliases: ['upgrade'] + install_options: + description: + - Options flags to install a package. + aliases: ['options'] + type: list + elements: str + upgrade_options: + description: + - Option flags to upgrade. + type: list + elements: str + version_added: '0.2.0' + force_formula: + description: + - Force the package(s) to be treated as a formula (equivalent to C(brew --formula)). + - To install a cask, use the M(community.general.homebrew_cask) module. + type: bool + default: false + version_added: 9.0.0 notes: - - When used with a C(loop:) each package will be processed individually, - it is much more efficient to pass the list directly to the O(name) option. -''' + - When used with a C(loop:) each package will be processed individually, it is much more efficient to pass the list directly + to the O(name) option. +""" -EXAMPLES = ''' +EXAMPLES = r""" # Install formula foo with 'brew' in default path - community.general.homebrew: name: foo @@ -141,34 +147,41 @@ EXAMPLES = ''' community.general.homebrew: upgrade_all: true upgrade_options: ignore-pinned -''' -RETURN = ''' +- name: Force installing a formula whose name is also a cask name + community.general.homebrew: + name: ambiguous_formula + state: present + force_formula: true +""" + +RETURN = r""" msg: - description: if the cache was updated or not - returned: always - type: str - sample: "Changed: 0, Unchanged: 2" + description: If the cache was updated or not. + returned: always + type: str + sample: "Changed: 0, Unchanged: 2" unchanged_pkgs: - description: - - List of package names which are unchanged after module run - returned: success - type: list - sample: ["awscli", "ag"] - version_added: '0.2.0' + description: + - List of package names which are unchanged after module run. + returned: success + type: list + sample: ["awscli", "ag"] + version_added: '0.2.0' changed_pkgs: - description: - - List of package names which are changed after module run - returned: success - type: list - sample: ['git', 'git-cola'] - version_added: '0.2.0' -''' + description: + - List of package names which are changed after module run. + returned: success + type: list + sample: ['git', 'git-cola'] + version_added: '0.2.0' +""" import json -import os.path import re +from ansible_collections.community.general.plugins.module_utils.homebrew import HomebrewValidate + from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.six import iteritems, string_types @@ -195,98 +208,7 @@ def _check_package_in_json(json_output, package_type): class Homebrew(object): '''A class to manage Homebrew packages.''' - # class regexes ------------------------------------------------ {{{ - VALID_PATH_CHARS = r''' - \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) - \s # spaces - : # colons - {sep} # the OS-specific path separator - . # dots - \- # dashes - '''.format(sep=os.path.sep) - - VALID_BREW_PATH_CHARS = r''' - \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) - \s # spaces - {sep} # the OS-specific path separator - . # dots - \- # dashes - '''.format(sep=os.path.sep) - - VALID_PACKAGE_CHARS = r''' - \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) - . # dots - / # slash (for taps) - \+ # plusses - \- # dashes - : # colons (for URLs) - @ # at-sign - ''' - - INVALID_PATH_REGEX = _create_regex_group_complement(VALID_PATH_CHARS) - INVALID_BREW_PATH_REGEX = _create_regex_group_complement(VALID_BREW_PATH_CHARS) - INVALID_PACKAGE_REGEX = _create_regex_group_complement(VALID_PACKAGE_CHARS) - # /class regexes ----------------------------------------------- }}} - # class validations -------------------------------------------- {{{ - @classmethod - def valid_path(cls, path): - ''' - `path` must be one of: - - list of paths - - a string containing only: - - alphanumeric characters - - dashes - - dots - - spaces - - colons - - os.path.sep - ''' - - if isinstance(path, string_types): - return not cls.INVALID_PATH_REGEX.search(path) - - try: - iter(path) - except TypeError: - return False - else: - paths = path - return all(cls.valid_brew_path(path_) for path_ in paths) - - @classmethod - def valid_brew_path(cls, brew_path): - ''' - `brew_path` must be one of: - - None - - a string containing only: - - alphanumeric characters - - dashes - - dots - - spaces - - os.path.sep - ''' - - if brew_path is None: - return True - - return ( - isinstance(brew_path, string_types) - and not cls.INVALID_BREW_PATH_REGEX.search(brew_path) - ) - - @classmethod - def valid_package(cls, package): - '''A valid package is either None or alphanumeric.''' - - if package is None: - return True - - return ( - isinstance(package, string_types) - and not cls.INVALID_PACKAGE_REGEX.search(package) - ) - @classmethod def valid_state(cls, state): ''' @@ -346,7 +268,7 @@ class Homebrew(object): @path.setter def path(self, path): - if not self.valid_path(path): + if not HomebrewValidate.valid_path(path): self._path = [] self.failed = True self.message = 'Invalid path: {0}.'.format(path) @@ -366,7 +288,7 @@ class Homebrew(object): @brew_path.setter def brew_path(self, brew_path): - if not self.valid_brew_path(brew_path): + if not HomebrewValidate.valid_brew_path(brew_path): self._brew_path = None self.failed = True self.message = 'Invalid brew_path: {0}.'.format(brew_path) @@ -385,26 +307,12 @@ class Homebrew(object): self._params = self.module.params return self._params - @property - def current_package(self): - return self._current_package - - @current_package.setter - def current_package(self, package): - if not self.valid_package(package): - self._current_package = None - self.failed = True - self.message = 'Invalid package: {0}.'.format(package) - raise HomebrewException(self.message) - - else: - self._current_package = package - return package # /class properties -------------------------------------------- }}} def __init__(self, module, path, packages=None, state=None, update_homebrew=False, upgrade_all=False, - install_options=None, upgrade_options=None): + install_options=None, upgrade_options=None, + force_formula=False): if not install_options: install_options = list() if not upgrade_options: @@ -414,7 +322,8 @@ class Homebrew(object): state=state, update_homebrew=update_homebrew, upgrade_all=upgrade_all, install_options=install_options, - upgrade_options=upgrade_options,) + upgrade_options=upgrade_options, + force_formula=force_formula) self._prep() @@ -422,13 +331,13 @@ class Homebrew(object): def _setup_status_vars(self): self.failed = False self.changed = False - self.changed_count = 0 - self.unchanged_count = 0 self.changed_pkgs = [] self.unchanged_pkgs = [] self.message = '' def _setup_instance_vars(self, **kwargs): + self.installed_packages = set() + self.outdated_packages = set() for key, val in iteritems(kwargs): setattr(self, key, val) @@ -455,8 +364,59 @@ class Homebrew(object): return self.brew_path - def _status(self): - return (self.failed, self.changed, self.message) + def _validate_packages_names(self): + invalid_packages = [] + for package in self.packages: + if not HomebrewValidate.valid_package(package): + invalid_packages.append(package) + + if invalid_packages: + self.failed = True + self.message = 'Invalid package{0}: {1}'.format( + "s" if len(invalid_packages) > 1 else "", + ", ".join(invalid_packages), + ) + raise HomebrewException(self.message) + + def _save_package_info(self, package_detail, package_name): + if bool(package_detail.get("installed")): + self.installed_packages.add(package_name) + if bool(package_detail.get("outdated")): + self.outdated_packages.add(package_name) + + def _extract_package_name(self, package_detail, is_cask): + canonical_name = package_detail["full_token"] if is_cask else package_detail["full_name"] # For ex: 'sqlite' + all_valid_names = set(package_detail.get("aliases", [])) # For ex: {'sqlite3'} + all_valid_names.add(canonical_name) + + # Then make sure the user provided name resurface. + return (all_valid_names & set(self.packages)).pop() + + def _get_packages_info(self): + cmd = [ + "{brew_path}".format(brew_path=self.brew_path), + "info", + "--json=v2", + ] + cmd.extend(self.packages) + if self.force_formula: + cmd.append("--formula") + + rc, out, err = self.module.run_command(cmd) + if rc != 0: + self.failed = True + self.message = err.strip() or ("Unknown failure with exit code %d" % rc) + raise HomebrewException(self.message) + + data = json.loads(out) + for package_detail in data.get("formulae", []): + package_name = self._extract_package_name(package_detail, is_cask=False) + self._save_package_info(package_detail, package_name) + + for package_detail in data.get("casks", []): + package_name = self._extract_package_name(package_detail, is_cask=True) + self._save_package_info(package_detail, package_name) + # /prep -------------------------------------------------------- }}} def run(self): @@ -465,68 +425,14 @@ class Homebrew(object): except HomebrewException: pass - if not self.failed and (self.changed_count + self.unchanged_count > 1): + changed_count = len(self.changed_pkgs) + unchanged_count = len(self.unchanged_pkgs) + if not self.failed and (changed_count + unchanged_count > 1): self.message = "Changed: %d, Unchanged: %d" % ( - self.changed_count, - self.unchanged_count, + changed_count, + unchanged_count, ) - (failed, changed, message) = self._status() - - return (failed, changed, message) - - # checks ------------------------------------------------------- {{{ - def _current_package_is_installed(self): - if not self.valid_package(self.current_package): - self.failed = True - self.message = 'Invalid package: {0}.'.format(self.current_package) - raise HomebrewException(self.message) - - cmd = [ - "{brew_path}".format(brew_path=self.brew_path), - "info", - "--json=v2", - self.current_package, - ] - rc, out, err = self.module.run_command(cmd) - if err: - self.failed = True - self.message = err.strip() - raise HomebrewException(self.message) - data = json.loads(out) - - return _check_package_in_json(data, "formulae") or _check_package_in_json(data, "casks") - - def _current_package_is_outdated(self): - if not self.valid_package(self.current_package): - return False - - rc, out, err = self.module.run_command([ - self.brew_path, - 'outdated', - self.current_package, - ]) - - return rc != 0 - - def _current_package_is_installed_from_head(self): - if not Homebrew.valid_package(self.current_package): - return False - elif not self._current_package_is_installed(): - return False - - rc, out, err = self.module.run_command([ - self.brew_path, - 'info', - self.current_package, - ]) - - try: - version_info = [line for line in out.split('\n') if line][0] - except IndexError: - return False - - return version_info.split(' ')[-1] == 'HEAD' - # /checks ------------------------------------------------------ }}} + return (self.failed, self.changed, self.message) # commands ----------------------------------------------------- {{{ def _run(self): @@ -537,6 +443,8 @@ class Homebrew(object): self._upgrade_all() if self.packages: + self._validate_packages_names() + self._get_packages_info() if self.state == 'installed': return self._install_packages() elif self.state == 'upgraded': @@ -606,24 +514,22 @@ class Homebrew(object): # /_upgrade_all -------------------------- }}} # installed ------------------------------ {{{ - def _install_current_package(self): - if not self.valid_package(self.current_package): - self.failed = True - self.message = 'Invalid package: {0}.'.format(self.current_package) - raise HomebrewException(self.message) + def _install_packages(self): + packages_to_install = set(self.packages) - self.installed_packages - if self._current_package_is_installed(): - self.unchanged_count += 1 - self.unchanged_pkgs.append(self.current_package) - self.message = 'Package already installed: {0}'.format( - self.current_package, + if len(packages_to_install) == 0: + self.unchanged_pkgs.extend(self.packages) + self.message = 'Package{0} already installed: {1}'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages), ) return True if self.module.check_mode: self.changed = True - self.message = 'Package would be installed: {0}'.format( - self.current_package + self.message = 'Package{0} would be installed: {1}'.format( + "s" if len(packages_to_install) > 1 else "", + ", ".join(packages_to_install) ) raise HomebrewException(self.message) @@ -632,79 +538,36 @@ class Homebrew(object): else: head = None + if self.force_formula: + formula = '--formula' + else: + formula = None + opts = ( [self.brew_path, 'install'] + self.install_options - + [self.current_package, head] + + list(packages_to_install) + + [head, formula] ) cmd = [opt for opt in opts if opt] rc, out, err = self.module.run_command(cmd) - if self._current_package_is_installed(): - self.changed_count += 1 - self.changed_pkgs.append(self.current_package) + if rc == 0: + self.changed_pkgs.extend(packages_to_install) + self.unchanged_pkgs.extend(self.installed_packages) self.changed = True - self.message = 'Package installed: {0}'.format(self.current_package) + self.message = 'Package{0} installed: {1}'.format( + "s" if len(packages_to_install) > 1 else "", + ", ".join(packages_to_install) + ) return True else: self.failed = True self.message = err.strip() raise HomebrewException(self.message) - - def _install_packages(self): - for package in self.packages: - self.current_package = package - self._install_current_package() - - return True # /installed ----------------------------- }}} # upgraded ------------------------------- {{{ - def _upgrade_current_package(self): - command = 'upgrade' - - if not self.valid_package(self.current_package): - self.failed = True - self.message = 'Invalid package: {0}.'.format(self.current_package) - raise HomebrewException(self.message) - - if not self._current_package_is_installed(): - command = 'install' - - if self._current_package_is_installed() and not self._current_package_is_outdated(): - self.message = 'Package is already upgraded: {0}'.format( - self.current_package, - ) - self.unchanged_count += 1 - self.unchanged_pkgs.append(self.current_package) - return True - - if self.module.check_mode: - self.changed = True - self.message = 'Package would be upgraded: {0}'.format( - self.current_package - ) - raise HomebrewException(self.message) - - opts = ( - [self.brew_path, command] - + self.install_options - + [self.current_package] - ) - cmd = [opt for opt in opts if opt] - rc, out, err = self.module.run_command(cmd) - - if self._current_package_is_installed() and not self._current_package_is_outdated(): - self.changed_count += 1 - self.changed_pkgs.append(self.current_package) - self.changed = True - self.message = 'Package upgraded: {0}'.format(self.current_package) - return True - else: - self.failed = True - self.message = err.strip() - raise HomebrewException(self.message) - def _upgrade_all_packages(self): opts = ( [self.brew_path, 'upgrade'] @@ -726,153 +589,188 @@ class Homebrew(object): if not self.packages: self._upgrade_all_packages() else: - for package in self.packages: - self.current_package = package - self._upgrade_current_package() - return True + # There are 3 action possible here depending on installed and outdated states: + # - not installed -> 'install' + # - installed and outdated -> 'upgrade' + # - installed and NOT outdated -> Nothing to do! + packages_to_install = set(self.packages) - self.installed_packages + packages_to_upgrade = self.installed_packages & self.outdated_packages + packages_to_install_or_upgrade = packages_to_install | packages_to_upgrade + + if len(packages_to_install_or_upgrade) == 0: + self.unchanged_pkgs.extend(self.packages) + self.message = 'Package{0} already upgraded: {1}'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages), + ) + return True + + if self.module.check_mode: + self.changed = True + self.message = 'Package{0} would be upgraded: {1}'.format( + "s" if len(packages_to_install_or_upgrade) > 1 else "", + ", ".join(packages_to_install_or_upgrade) + ) + raise HomebrewException(self.message) + + for command, packages in [ + ("install", packages_to_install), + ("upgrade", packages_to_upgrade) + ]: + if not packages: + continue + + opts = ( + [self.brew_path, command] + + self.install_options + + list(packages) + ) + cmd = [opt for opt in opts if opt] + rc, out, err = self.module.run_command(cmd) + + if rc != 0: + self.failed = True + self.message = err.strip() + raise HomebrewException(self.message) + + self.changed_pkgs.extend(packages_to_install_or_upgrade) + self.unchanged_pkgs.extend(set(self.packages) - packages_to_install_or_upgrade) + self.changed = True + self.message = 'Package{0} upgraded: {1}'.format( + "s" if len(packages_to_install_or_upgrade) > 1 else "", + ", ".join(packages_to_install_or_upgrade), + ) # /upgraded ------------------------------ }}} # uninstalled ---------------------------- {{{ - def _uninstall_current_package(self): - if not self.valid_package(self.current_package): - self.failed = True - self.message = 'Invalid package: {0}.'.format(self.current_package) - raise HomebrewException(self.message) + def _uninstall_packages(self): + packages_to_uninstall = self.installed_packages & set(self.packages) - if not self._current_package_is_installed(): - self.unchanged_count += 1 - self.unchanged_pkgs.append(self.current_package) - self.message = 'Package already uninstalled: {0}'.format( - self.current_package, + if len(packages_to_uninstall) == 0: + self.unchanged_pkgs.extend(self.packages) + self.message = 'Package{0} already uninstalled: {1}'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages), ) return True if self.module.check_mode: self.changed = True - self.message = 'Package would be uninstalled: {0}'.format( - self.current_package + self.message = 'Package{0} would be uninstalled: {1}'.format( + "s" if len(packages_to_uninstall) > 1 else "", + ", ".join(packages_to_uninstall) ) raise HomebrewException(self.message) opts = ( [self.brew_path, 'uninstall', '--force'] + self.install_options - + [self.current_package] + + list(packages_to_uninstall) ) cmd = [opt for opt in opts if opt] rc, out, err = self.module.run_command(cmd) - if not self._current_package_is_installed(): - self.changed_count += 1 - self.changed_pkgs.append(self.current_package) + if rc == 0: + self.changed_pkgs.extend(packages_to_uninstall) + self.unchanged_pkgs.extend(set(self.packages) - self.installed_packages) self.changed = True - self.message = 'Package uninstalled: {0}'.format(self.current_package) + self.message = 'Package{0} uninstalled: {1}'.format( + "s" if len(packages_to_uninstall) > 1 else "", + ", ".join(packages_to_uninstall) + ) return True else: self.failed = True self.message = err.strip() raise HomebrewException(self.message) - - def _uninstall_packages(self): - for package in self.packages: - self.current_package = package - self._uninstall_current_package() - - return True # /uninstalled ----------------------------- }}} # linked --------------------------------- {{{ - def _link_current_package(self): - if not self.valid_package(self.current_package): + def _link_packages(self): + missing_packages = set(self.packages) - self.installed_packages + if missing_packages: self.failed = True - self.message = 'Invalid package: {0}.'.format(self.current_package) - raise HomebrewException(self.message) - - if not self._current_package_is_installed(): - self.failed = True - self.message = 'Package not installed: {0}.'.format(self.current_package) + self.message = 'Package{0} not installed: {1}.'.format( + "s" if len(missing_packages) > 1 else "", + ", ".join(missing_packages), + ) raise HomebrewException(self.message) if self.module.check_mode: self.changed = True - self.message = 'Package would be linked: {0}'.format( - self.current_package + self.message = 'Package{0} would be linked: {1}'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages) ) raise HomebrewException(self.message) opts = ( [self.brew_path, 'link'] + self.install_options - + [self.current_package] + + self.packages ) cmd = [opt for opt in opts if opt] rc, out, err = self.module.run_command(cmd) if rc == 0: - self.changed_count += 1 - self.changed_pkgs.append(self.current_package) + self.changed_pkgs.extend(self.packages) self.changed = True - self.message = 'Package linked: {0}'.format(self.current_package) - + self.message = 'Package{0} linked: {1}'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages) + ) return True else: self.failed = True - self.message = 'Package could not be linked: {0}.'.format(self.current_package) + self.message = 'Package{0} could not be linked: {1}.'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages) + ) raise HomebrewException(self.message) - - def _link_packages(self): - for package in self.packages: - self.current_package = package - self._link_current_package() - - return True # /linked -------------------------------- }}} # unlinked ------------------------------- {{{ - def _unlink_current_package(self): - if not self.valid_package(self.current_package): + def _unlink_packages(self): + missing_packages = set(self.packages) - self.installed_packages + if missing_packages: self.failed = True - self.message = 'Invalid package: {0}.'.format(self.current_package) - raise HomebrewException(self.message) - - if not self._current_package_is_installed(): - self.failed = True - self.message = 'Package not installed: {0}.'.format(self.current_package) + self.message = 'Package{0} not installed: {1}.'.format( + "s" if len(missing_packages) > 1 else "", + ", ".join(missing_packages), + ) raise HomebrewException(self.message) if self.module.check_mode: self.changed = True - self.message = 'Package would be unlinked: {0}'.format( - self.current_package + self.message = 'Package{0} would be unlinked: {1}'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages) ) raise HomebrewException(self.message) opts = ( [self.brew_path, 'unlink'] + self.install_options - + [self.current_package] + + self.packages ) cmd = [opt for opt in opts if opt] rc, out, err = self.module.run_command(cmd) if rc == 0: - self.changed_count += 1 - self.changed_pkgs.append(self.current_package) + self.changed_pkgs.extend(self.packages) self.changed = True - self.message = 'Package unlinked: {0}'.format(self.current_package) - + self.message = 'Package{0} unlinked: {1}'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages) + ) return True else: self.failed = True - self.message = 'Package could not be unlinked: {0}.'.format(self.current_package) + self.message = 'Package{0} could not be unlinked: {1}.'.format( + "s" if len(self.packages) > 1 else "", + ", ".join(self.packages) + ) raise HomebrewException(self.message) - - def _unlink_packages(self): - for package in self.packages: - self.current_package = package - self._unlink_current_package() - - return True # /unlinked ------------------------------ }}} # /commands ---------------------------------------------------- }}} @@ -919,7 +817,11 @@ def main(): default=None, type='list', elements='str', - ) + ), + force_formula=dict( + default=False, + type='bool', + ), ), supports_check_mode=True, ) @@ -951,6 +853,7 @@ def main(): if state in ('absent', 'removed', 'uninstalled'): state = 'absent' + force_formula = p['force_formula'] update_homebrew = p['update_homebrew'] if not update_homebrew: module.run_command_environ_update.update( @@ -967,7 +870,7 @@ def main(): brew = Homebrew(module=module, path=path, packages=packages, state=state, update_homebrew=update_homebrew, upgrade_all=upgrade_all, install_options=install_options, - upgrade_options=upgrade_options) + upgrade_options=upgrade_options, force_formula=force_formula) (failed, changed, message) = brew.run() changed_pkgs = brew.changed_pkgs unchanged_pkgs = brew.unchanged_pkgs diff --git a/plugins/modules/homebrew_cask.py b/plugins/modules/homebrew_cask.py index c992693b68..d69fd266a2 100644 --- a/plugins/modules/homebrew_cask.py +++ b/plugins/modules/homebrew_cask.py @@ -11,8 +11,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: homebrew_cask author: - "Indrajit Raychaudhuri (@indrajitr)" @@ -31,60 +30,59 @@ attributes: options: name: description: - - Name of cask to install or remove. - aliases: [ 'cask', 'package', 'pkg' ] + - Name of cask to install or remove. + aliases: ['cask', 'package', 'pkg'] type: list elements: str path: description: - - "':' separated list of paths to search for 'brew' executable." + - "':' separated list of paths to search for 'brew' executable." default: '/usr/local/bin:/opt/homebrew/bin' type: path state: description: - - State of the cask. - choices: [ 'absent', 'installed', 'latest', 'present', 'removed', 'uninstalled', 'upgraded' ] + - State of the cask. + choices: ['absent', 'installed', 'latest', 'present', 'removed', 'uninstalled', 'upgraded'] default: present type: str sudo_password: description: - - The sudo password to be passed to SUDO_ASKPASS. + - The sudo password to be passed to E(SUDO_ASKPASS). required: false type: str update_homebrew: description: - - Update homebrew itself first. - - Note that C(brew cask update) is a synonym for C(brew update). + - Update homebrew itself first. + - Note that C(brew cask update) is a synonym for C(brew update). type: bool default: false install_options: description: - - Options flags to install a package. - aliases: [ 'options' ] + - Options flags to install a package. + aliases: ['options'] type: list elements: str accept_external_apps: description: - - Allow external apps. + - Allow external apps. type: bool default: false upgrade_all: description: - - Upgrade all casks. - - Mutually exclusive with C(upgraded) state. + - Upgrade all casks. + - Mutually exclusive with C(upgraded) state. type: bool default: false - aliases: [ 'upgrade' ] + aliases: ['upgrade'] greedy: description: - - Upgrade casks that auto update. - - Passes C(--greedy) to C(brew outdated --cask) when checking - if an installed cask has a newer version available, - or to C(brew upgrade --cask) when upgrading all casks. + - Upgrade casks that auto update. + - Passes C(--greedy) to C(brew outdated --cask) when checking if an installed cask has a newer version available, or + to C(brew upgrade --cask) when upgrading all casks. type: bool default: false -''' -EXAMPLES = ''' +""" +EXAMPLES = r""" - name: Install cask community.general.homebrew_cask: name: alfred @@ -151,13 +149,14 @@ EXAMPLES = ''' name: wireshark state: present sudo_password: "{{ ansible_become_pass }}" -''' +""" import os import re import tempfile from ansible_collections.community.general.plugins.module_utils.version import LooseVersion +from ansible_collections.community.general.plugins.module_utils.homebrew import HomebrewValidate from ansible.module_utils.common.text.converters import to_bytes from ansible.module_utils.basic import AnsibleModule @@ -183,83 +182,19 @@ class HomebrewCask(object): '''A class to manage Homebrew casks.''' # class regexes ------------------------------------------------ {{{ - VALID_PATH_CHARS = r''' - \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) - \s # spaces - : # colons - {sep} # the OS-specific path separator - . # dots - \- # dashes - '''.format(sep=os.path.sep) - - VALID_BREW_PATH_CHARS = r''' - \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) - \s # spaces - {sep} # the OS-specific path separator - . # dots - \- # dashes - '''.format(sep=os.path.sep) - VALID_CASK_CHARS = r''' \w # alphanumeric characters (i.e., [a-zA-Z0-9_]) . # dots / # slash (for taps) \- # dashes @ # at symbol + \+ # plus symbol ''' - INVALID_PATH_REGEX = _create_regex_group_complement(VALID_PATH_CHARS) - INVALID_BREW_PATH_REGEX = _create_regex_group_complement(VALID_BREW_PATH_CHARS) INVALID_CASK_REGEX = _create_regex_group_complement(VALID_CASK_CHARS) # /class regexes ----------------------------------------------- }}} # class validations -------------------------------------------- {{{ - @classmethod - def valid_path(cls, path): - ''' - `path` must be one of: - - list of paths - - a string containing only: - - alphanumeric characters - - dashes - - dots - - spaces - - colons - - os.path.sep - ''' - - if isinstance(path, (string_types)): - return not cls.INVALID_PATH_REGEX.search(path) - - try: - iter(path) - except TypeError: - return False - else: - paths = path - return all(cls.valid_brew_path(path_) for path_ in paths) - - @classmethod - def valid_brew_path(cls, brew_path): - ''' - `brew_path` must be one of: - - None - - a string containing only: - - alphanumeric characters - - dashes - - dots - - spaces - - os.path.sep - ''' - - if brew_path is None: - return True - - return ( - isinstance(brew_path, string_types) - and not cls.INVALID_BREW_PATH_REGEX.search(brew_path) - ) - @classmethod def valid_cask(cls, cask): '''A valid cask is either None or alphanumeric + backslashes.''' @@ -321,7 +256,7 @@ class HomebrewCask(object): @path.setter def path(self, path): - if not self.valid_path(path): + if not HomebrewValidate.valid_path(path): self._path = [] self.failed = True self.message = 'Invalid path: {0}.'.format(path) @@ -341,7 +276,7 @@ class HomebrewCask(object): @brew_path.setter def brew_path(self, brew_path): - if not self.valid_brew_path(brew_path): + if not HomebrewValidate.valid_brew_path(brew_path): self._brew_path = None self.failed = True self.message = 'Invalid brew_path: {0}.'.format(brew_path) @@ -598,7 +533,12 @@ class HomebrewCask(object): rc, out, err = self.module.run_command(cmd) if rc == 0: - if re.search(r'==> No Casks to upgrade', out.strip(), re.IGNORECASE): + # 'brew upgrade --cask' does not output anything if no casks are upgraded + if not out.strip(): + self.message = 'Homebrew casks already upgraded.' + + # handle legacy 'brew cask upgrade' + elif re.search(r'==> No Casks to upgrade', out.strip(), re.IGNORECASE): self.message = 'Homebrew casks already upgraded.' else: diff --git a/plugins/modules/homebrew_services.py b/plugins/modules/homebrew_services.py new file mode 100644 index 0000000000..5d84563d33 --- /dev/null +++ b/plugins/modules/homebrew_services.py @@ -0,0 +1,255 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2013, Andrew Dunham +# Copyright (c) 2013, Daniel Jaouen +# Copyright (c) 2015, Indrajit Raychaudhuri +# Copyright (c) 2024, Kit Ham +# +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +DOCUMENTATION = r""" +module: homebrew_services +author: + - "Kit Ham (@kitizz)" +requirements: + - homebrew must already be installed on the target system +short_description: Services manager for Homebrew +version_added: 9.3.0 +description: + - Manages daemons and services using Homebrew. +extends_documentation_fragment: + - community.general.attributes +attributes: + check_mode: + support: full + diff_mode: + support: none +options: + name: + description: + - An installed homebrew package whose service is to be updated. + aliases: ['formula'] + type: str + required: true + path: + description: + - A V(:) separated list of paths to search for C(brew) executable. Since a package (I(formula) in homebrew parlance) + location is prefixed relative to the actual path of C(brew) command, providing an alternative C(brew) path enables + managing different set of packages in an alternative location in the system. + default: '/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin' + type: path + state: + description: + - State of the package's service. + choices: ['present', 'absent', 'restarted'] + default: present + type: str +""" + +EXAMPLES = r""" +- name: Install foo package + community.general.homebrew: + name: foo + state: present + +- name: Start the foo service (equivalent to `brew services start foo`) + community.general.homebrew_services: + name: foo + state: present + +- name: Restart the foo service (equivalent to `brew services restart foo`) + community.general.homebrew_services: + name: foo + state: restarted + +- name: Remove the foo service (equivalent to `brew services stop foo`) + community.general.homebrew_services: + name: foo + service_state: absent +""" + +RETURN = r""" +pid: + description: + - If the service is now running, this is the PID of the service, otherwise -1. + returned: success + type: int + sample: 1234 +running: + description: + - Whether the service is running after running this command. + returned: success + type: bool + sample: true +""" + +import json +import sys + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.general.plugins.module_utils.homebrew import ( + HomebrewValidate, + parse_brew_path, +) + +if sys.version_info < (3, 5): + from collections import namedtuple + + # Stores validated arguments for an instance of an action. + # See DOCUMENTATION string for argument-specific information. + HomebrewServiceArgs = namedtuple( + "HomebrewServiceArgs", ["name", "state", "brew_path"] + ) + + # Stores the state of a Homebrew service. + HomebrewServiceState = namedtuple("HomebrewServiceState", ["running", "pid"]) + +else: + from typing import NamedTuple, Optional + + # Stores validated arguments for an instance of an action. + # See DOCUMENTATION string for argument-specific information. + HomebrewServiceArgs = NamedTuple( + "HomebrewServiceArgs", [("name", str), ("state", str), ("brew_path", str)] + ) + + # Stores the state of a Homebrew service. + HomebrewServiceState = NamedTuple( + "HomebrewServiceState", [("running", bool), ("pid", Optional[int])] + ) + + +def _brew_service_state(args, module): + # type: (HomebrewServiceArgs, AnsibleModule) -> HomebrewServiceState + cmd = [args.brew_path, "services", "info", args.name, "--json"] + rc, stdout, stderr = module.run_command(cmd, check_rc=True) + + try: + data = json.loads(stdout)[0] + except json.JSONDecodeError: + module.fail_json(msg="Failed to parse JSON output:\n{0}".format(stdout)) + + return HomebrewServiceState(running=data["status"] == "started", pid=data["pid"]) + + +def _exit_with_state(args, module, changed=False, message=None): + # type: (HomebrewServiceArgs, AnsibleModule, bool, Optional[str]) -> None + state = _brew_service_state(args, module) + if message is None: + message = ( + "Running: {state.running}, Changed: {changed}, PID: {state.pid}".format( + state=state, changed=changed + ) + ) + module.exit_json(msg=message, pid=state.pid, running=state.running, changed=changed) + + +def validate_and_load_arguments(module): + # type: (AnsibleModule) -> HomebrewServiceArgs + """Reuse the Homebrew module's validation logic to validate these arguments.""" + package = module.params["name"] # type: ignore + if not HomebrewValidate.valid_package(package): + module.fail_json(msg="Invalid package name: {0}".format(package)) + + state = module.params["state"] # type: ignore + if state not in ["present", "absent", "restarted"]: + module.fail_json(msg="Invalid state: {0}".format(state)) + + brew_path = parse_brew_path(module) + + return HomebrewServiceArgs(name=package, state=state, brew_path=brew_path) + + +def start_service(args, module): + # type: (HomebrewServiceArgs, AnsibleModule) -> None + """Start the requested brew service if it is not already running.""" + state = _brew_service_state(args, module) + if state.running: + # Nothing to do, return early. + _exit_with_state(args, module, changed=False, message="Service already running") + + if module.check_mode: + _exit_with_state(args, module, changed=True, message="Service would be started") + + start_cmd = [args.brew_path, "services", "start", args.name] + rc, stdout, stderr = module.run_command(start_cmd, check_rc=True) + + _exit_with_state(args, module, changed=True) + + +def stop_service(args, module): + # type: (HomebrewServiceArgs, AnsibleModule) -> None + """Stop the requested brew service if it is running.""" + state = _brew_service_state(args, module) + if not state.running: + # Nothing to do, return early. + _exit_with_state(args, module, changed=False, message="Service already stopped") + + if module.check_mode: + _exit_with_state(args, module, changed=True, message="Service would be stopped") + + stop_cmd = [args.brew_path, "services", "stop", args.name] + rc, stdout, stderr = module.run_command(stop_cmd, check_rc=True) + + _exit_with_state(args, module, changed=True) + + +def restart_service(args, module): + # type: (HomebrewServiceArgs, AnsibleModule) -> None + """Restart the requested brew service. This always results in a change.""" + if module.check_mode: + _exit_with_state( + args, module, changed=True, message="Service would be restarted" + ) + + restart_cmd = [args.brew_path, "services", "restart", args.name] + rc, stdout, stderr = module.run_command(restart_cmd, check_rc=True) + + _exit_with_state(args, module, changed=True) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + name=dict( + aliases=["formula"], + required=True, + type="str", + ), + state=dict( + choices=["present", "absent", "restarted"], + default="present", + ), + path=dict( + default="/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin", + type="path", + ), + ), + supports_check_mode=True, + ) + + module.run_command_environ_update = dict( + LANG="C", LC_ALL="C", LC_MESSAGES="C", LC_CTYPE="C" + ) + + # Pre-validate arguments. + service_args = validate_and_load_arguments(module) + + # Choose logic based on the desired state. + if service_args.state == "present": + start_service(service_args, module) + elif service_args.state == "absent": + stop_service(service_args, module) + elif service_args.state == "restarted": + restart_service(service_args, module) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/homebrew_tap.py b/plugins/modules/homebrew_tap.py index 151d09d328..f070ccccc7 100644 --- a/plugins/modules/homebrew_tap.py +++ b/plugins/modules/homebrew_tap.py @@ -13,56 +13,53 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: homebrew_tap author: - - "Indrajit Raychaudhuri (@indrajitr)" - - "Daniel Jaouen (@danieljaouen)" + - "Indrajit Raychaudhuri (@indrajitr)" + - "Daniel Jaouen (@danieljaouen)" short_description: Tap a Homebrew repository description: - - Tap external Homebrew repositories. + - Tap external Homebrew repositories. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: - - The GitHub user/organization repository to tap. - required: true - aliases: ['tap'] - type: list - elements: str - url: - description: - - The optional git URL of the repository to tap. The URL is not - assumed to be on GitHub, and the protocol doesn't have to be HTTP. - Any location and protocol that git can handle is fine. - - O(name) option may not be a list of multiple taps (but a single - tap instead) when this option is provided. - required: false - type: str - state: - description: - - state of the repository. - choices: [ 'present', 'absent' ] - required: false - default: 'present' - type: str - path: - description: - - "A V(:) separated list of paths to search for C(brew) executable." - default: '/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin' - type: path - version_added: '2.1.0' -requirements: [ homebrew ] -''' + name: + description: + - The GitHub user/organization repository to tap. + required: true + aliases: ['tap'] + type: list + elements: str + url: + description: + - The optional git URL of the repository to tap. The URL is not assumed to be on GitHub, and the protocol does not have + to be HTTP. Any location and protocol that git can handle is fine. + - O(name) option may not be a list of multiple taps (but a single tap instead) when this option is provided. + required: false + type: str + state: + description: + - State of the repository. + choices: ['present', 'absent'] + required: false + default: 'present' + type: str + path: + description: + - A V(:) separated list of paths to search for C(brew) executable. + default: '/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin' + type: path + version_added: '2.1.0' +requirements: [homebrew] +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Tap a Homebrew repository, state present community.general.homebrew_tap: name: homebrew/dupes @@ -81,7 +78,7 @@ EXAMPLES = r''' community.general.homebrew_tap: name: telemachus/brew url: 'https://bitbucket.org/telemachus/brew' -''' +""" import re diff --git a/plugins/modules/homectl.py b/plugins/modules/homectl.py index ca4c19a875..72f1882dec 100644 --- a/plugins/modules/homectl.py +++ b/plugins/modules/homectl.py @@ -8,180 +8,185 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: homectl author: - - "James Livulpi (@jameslivulpi)" + - "James Livulpi (@jameslivulpi)" short_description: Manage user accounts with systemd-homed version_added: 4.4.0 description: - - Manages a user's home directory managed by systemd-homed. + - Manages a user's home directory managed by systemd-homed. +notes: + - This module requires the deprecated L(crypt Python module, https://docs.python.org/3.12/library/crypt.html) library which + was removed from Python 3.13. For Python 3.13 or newer, you need to install L(legacycrypt, https://pypi.org/project/legacycrypt/). +requirements: + - legacycrypt (on Python 3.13 or newer) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: - - The user name to create, remove, or update. - required: true - aliases: [ 'user', 'username' ] - type: str - password: - description: - - Set the user's password to this. - - Homed requires this value to be in cleartext on user creation and updating a user. - - The module takes the password and generates a password hash in SHA-512 with 10000 rounds of salt generation using crypt. - - See U(https://systemd.io/USER_RECORD/). - - This is required for O(state=present). When an existing user is updated this is checked against the stored hash in homed. - type: str - state: - description: - - The operation to take on the user. - choices: [ 'absent', 'present' ] - default: present - type: str - storage: - description: - - Indicates the storage mechanism for the user's home directory. - - If the storage type is not specified, ``homed.conf(5)`` defines which default storage to use. - - Only used when a user is first created. - choices: [ 'classic', 'luks', 'directory', 'subvolume', 'fscrypt', 'cifs' ] - type: str - disksize: - description: - - The intended home directory disk space. - - Human readable value such as V(10G), V(10M), or V(10B). - type: str - resize: - description: - - When used with O(disksize) this will attempt to resize the home directory immediately. - default: false - type: bool - realname: - description: - - The user's real ('human') name. - - This can also be used to add a comment to maintain compatibility with C(useradd). - aliases: [ 'comment' ] - type: str - realm: - description: - - The 'realm' a user is defined in. - type: str - email: - description: - - The email address of the user. - type: str - location: - description: - - A free-form location string describing the location of the user. - type: str - iconname: - description: - - The name of an icon picked by the user, for example for the purpose of an avatar. - - Should follow the semantics defined in the Icon Naming Specification. - - See U(https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html) for specifics. - type: str - homedir: - description: - - Path to use as home directory for the user. - - This is the directory the user's home directory is mounted to while the user is logged in. - - This is not where the user's data is actually stored, see O(imagepath) for that. - - Only used when a user is first created. - type: path - imagepath: - description: - - Path to place the user's home directory. - - See U(https://www.freedesktop.org/software/systemd/man/homectl.html#--image-path=PATH) for more information. - - Only used when a user is first created. - type: path - uid: - description: - - Sets the UID of the user. - - If using O(gid) homed requires the value to be the same. - - Only used when a user is first created. - type: int - gid: - description: - - Sets the gid of the user. - - If using O(uid) homed requires the value to be the same. - - Only used when a user is first created. - type: int - mountopts: - description: - - String separated by comma each indicating mount options for a users home directory. - - Valid options are V(nosuid), V(nodev) or V(noexec). - - Homed by default uses V(nodev) and V(nosuid) while V(noexec) is off. - type: str - umask: - description: - - Sets the umask for the user's login sessions - - Value from V(0000) to V(0777). - type: int - memberof: - description: - - String separated by comma each indicating a UNIX group this user shall be a member of. - - Groups the user should be a member of should be supplied as comma separated list. - aliases: [ 'groups' ] - type: str - skeleton: - description: - - The absolute path to the skeleton directory to populate a new home directory from. - - This is only used when a home directory is first created. - - If not specified homed by default uses V(/etc/skel). - aliases: [ 'skel' ] - type: path - shell: - description: - - Shell binary to use for terminal logins of given user. - - If not specified homed by default uses V(/bin/bash). - type: str - environment: - description: - - String separated by comma each containing an environment variable and its value to - set for the user's login session, in a format compatible with ``putenv()``. - - Any environment variable listed here is automatically set by pam_systemd for all - login sessions of the user. - aliases: [ 'setenv' ] - type: str - timezone: - description: - - Preferred timezone to use for the user. - - Should be a tzdata compatible location string such as V(America/New_York). - type: str - locked: - description: - - Whether the user account should be locked or not. - type: bool - language: - description: - - The preferred language/locale for the user. - - This should be in a format compatible with the E(LANG) environment variable. - type: str - passwordhint: - description: - - Password hint for the given user. - type: str - sshkeys: - description: - - String separated by comma each listing a SSH public key that is authorized to access the account. - - The keys should follow the same format as the lines in a traditional C(~/.ssh/authorized_key) file. - type: str - notbefore: - description: - - A time since the UNIX epoch before which the record should be considered invalid for the purpose of logging in. - type: int - notafter: - description: - - A time since the UNIX epoch after which the record should be considered invalid for the purpose of logging in. - type: int -''' + name: + description: + - The user name to create, remove, or update. + required: true + aliases: ['user', 'username'] + type: str + password: + description: + - Set the user's password to this. + - Homed requires this value to be in cleartext on user creation and updating a user. + - The module takes the password and generates a password hash in SHA-512 with 10000 rounds of salt generation using + crypt. + - See U(https://systemd.io/USER_RECORD/). + - This is required for O(state=present). When an existing user is updated this is checked against the stored hash in + homed. + type: str + state: + description: + - The operation to take on the user. + choices: ['absent', 'present'] + default: present + type: str + storage: + description: + - Indicates the storage mechanism for the user's home directory. + - If the storage type is not specified, C(homed.conf(5\)) defines which default storage to use. + - Only used when a user is first created. + choices: ['classic', 'luks', 'directory', 'subvolume', 'fscrypt', 'cifs'] + type: str + disksize: + description: + - The intended home directory disk space. + - Human readable value such as V(10G), V(10M), or V(10B). + type: str + resize: + description: + - When used with O(disksize) this will attempt to resize the home directory immediately. + default: false + type: bool + realname: + description: + - The user's real ('human') name. + - This can also be used to add a comment to maintain compatibility with C(useradd). + aliases: ['comment'] + type: str + realm: + description: + - The 'realm' a user is defined in. + type: str + email: + description: + - The email address of the user. + type: str + location: + description: + - A free-form location string describing the location of the user. + type: str + iconname: + description: + - The name of an icon picked by the user, for example for the purpose of an avatar. + - Should follow the semantics defined in the Icon Naming Specification. + - See U(https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html) for specifics. + type: str + homedir: + description: + - Path to use as home directory for the user. + - This is the directory the user's home directory is mounted to while the user is logged in. + - This is not where the user's data is actually stored, see O(imagepath) for that. + - Only used when a user is first created. + type: path + imagepath: + description: + - Path to place the user's home directory. + - See U(https://www.freedesktop.org/software/systemd/man/homectl.html#--image-path=PATH) for more information. + - Only used when a user is first created. + type: path + uid: + description: + - Sets the UID of the user. + - If using O(gid) homed requires the value to be the same. + - Only used when a user is first created. + type: int + gid: + description: + - Sets the gid of the user. + - If using O(uid) homed requires the value to be the same. + - Only used when a user is first created. + type: int + mountopts: + description: + - String separated by comma each indicating mount options for a users home directory. + - Valid options are V(nosuid), V(nodev) or V(noexec). + - Homed by default uses V(nodev) and V(nosuid) while V(noexec) is off. + type: str + umask: + description: + - Sets the umask for the user's login sessions. + - Value from V(0000) to V(0777). + type: int + memberof: + description: + - String separated by comma each indicating a UNIX group this user shall be a member of. + - Groups the user should be a member of should be supplied as comma separated list. + aliases: ['groups'] + type: str + skeleton: + description: + - The absolute path to the skeleton directory to populate a new home directory from. + - This is only used when a home directory is first created. + - If not specified homed by default uses V(/etc/skel). + aliases: ['skel'] + type: path + shell: + description: + - Shell binary to use for terminal logins of given user. + - If not specified homed by default uses V(/bin/bash). + type: str + environment: + description: + - String separated by comma each containing an environment variable and its value to set for the user's login session, + in a format compatible with C(putenv(\)). + - Any environment variable listed here is automatically set by pam_systemd for all login sessions of the user. + aliases: ['setenv'] + type: str + timezone: + description: + - Preferred timezone to use for the user. + - Should be a tzdata compatible location string such as V(America/New_York). + type: str + locked: + description: + - Whether the user account should be locked or not. + type: bool + language: + description: + - The preferred language/locale for the user. + - This should be in a format compatible with the E(LANG) environment variable. + type: str + passwordhint: + description: + - Password hint for the given user. + type: str + sshkeys: + description: + - String separated by comma each listing a SSH public key that is authorized to access the account. + - The keys should follow the same format as the lines in a traditional C(~/.ssh/authorized_key) file. + type: str + notbefore: + description: + - A time since the UNIX epoch before which the record should be considered invalid for the purpose of logging in. + type: int + notafter: + description: + - A time since the UNIX epoch after which the record should be considered invalid for the purpose of logging in. + type: int +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add the user 'james' community.general.homectl: name: johnd @@ -209,11 +214,11 @@ EXAMPLES = ''' community.general.homectl: name: janet state: absent -''' +""" -RETURN = ''' +RETURN = r""" data: - description: A json dictionary returned from C(homectl inspect -j). + description: Dictionary returned from C(homectl inspect -j). returned: success type: dict sample: { @@ -261,14 +266,34 @@ data: "userName": "james", } } -''' +""" -import crypt import json -from ansible.module_utils.basic import AnsibleModule +import traceback +from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.basic import jsonify from ansible.module_utils.common.text.formatters import human_to_bytes +try: + import crypt +except ImportError: + HAS_CRYPT = False + CRYPT_IMPORT_ERROR = traceback.format_exc() +else: + HAS_CRYPT = True + CRYPT_IMPORT_ERROR = None + +try: + import legacycrypt + if not HAS_CRYPT: + crypt = legacycrypt +except ImportError: + HAS_LEGACYCRYPT = False + LEGACYCRYPT_IMPORT_ERROR = traceback.format_exc() +else: + HAS_LEGACYCRYPT = True + LEGACYCRYPT_IMPORT_ERROR = None + class Homectl(object): '''#TODO DOC STRINGS''' @@ -591,6 +616,12 @@ def main(): ] ) + if not HAS_CRYPT and not HAS_LEGACYCRYPT: + module.fail_json( + msg=missing_required_lib('crypt (part of standard library up to Python 3.12) or legacycrypt (PyPI)'), + exception=CRYPT_IMPORT_ERROR, + ) + homectl = Homectl(module) homectl.result['state'] = homectl.state diff --git a/plugins/modules/honeybadger_deployment.py b/plugins/modules/honeybadger_deployment.py index cf52745ac7..b303313f70 100644 --- a/plugins/modules/honeybadger_deployment.py +++ b/plugins/modules/honeybadger_deployment.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: honeybadger_deployment author: "Benjamin Curtis (@stympy)" short_description: Notify Honeybadger.io about app deployments @@ -31,20 +30,20 @@ options: environment: type: str description: - - The environment name, typically 'production', 'staging', etc. + - The environment name, typically V(production), V(staging), and so on. required: true user: type: str description: - - The username of the person doing the deployment + - The username of the person doing the deployment. repo: type: str description: - - URL of the project repository + - URL of the project repository. revision: type: str description: - - A hash, number, tag, or other identifier showing what revision was deployed + - A hash, number, tag, or other identifier showing what revision was deployed. url: type: str description: @@ -52,14 +51,13 @@ options: default: "https://api.honeybadger.io/v1/deploys" validate_certs: description: - - If V(false), SSL certificates for the target url will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates for the target URL will not be validated. This should only be used on personally controlled + sites using self-signed certificates. type: bool default: true +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Notify Honeybadger.io about an app deployment community.general.honeybadger_deployment: token: AAAAAA @@ -67,9 +65,9 @@ EXAMPLES = ''' user: ansible revision: b6826b8 repo: 'git@github.com:user/repo.git' -''' +""" -RETURN = '''# ''' +RETURN = """# """ import traceback diff --git a/plugins/modules/hpilo_boot.py b/plugins/modules/hpilo_boot.py index ace79a493a..ecef60f66a 100644 --- a/plugins/modules/hpilo_boot.py +++ b/plugins/modules/hpilo_boot.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hpilo_boot author: Dag Wieers (@dagwieers) short_description: Boot system using specific media through HP iLO interface description: - - "This module boots a system through its HP iLO interface. The boot media - can be one of: cdrom, floppy, hdd, network or usb." + - 'This module boots a system through its HP iLO interface. The boot media can be one of: V(cdrom), V(floppy), V(hdd), V(network), + or V(usb).' - This module requires the hpilo python module. extends_documentation_fragment: - community.general.attributes @@ -43,33 +42,32 @@ options: type: str media: description: - - The boot media to boot the system from - choices: [ "cdrom", "floppy", "rbsu", "hdd", "network", "normal", "usb" ] + - The boot media to boot the system from. + choices: ["cdrom", "floppy", "rbsu", "hdd", "network", "normal", "usb"] type: str image: description: - - The URL of a cdrom, floppy or usb boot media image. - protocol://username:password@hostname:port/filename - - protocol is either 'http' or 'https' - - username:password is optional - - port is optional + - The URL of a cdrom, floppy or usb boot media image in the form V(protocol://username:password@hostname:port/filename). + - V(protocol) is either V(http) or V(https). + - V(username:password) is optional. + - V(port) is optional. type: str state: description: - The state of the boot media. - - "no_boot: Do not boot from the device" - - "boot_once: Boot from the device once and then notthereafter" - - "boot_always: Boot from the device each time the server is rebooted" - - "connect: Connect the virtual media device and set to boot_always" - - "disconnect: Disconnects the virtual media device and set to no_boot" - - "poweroff: Power off the server" + - 'V(no_boot): Do not boot from the device.' + - 'V(boot_once): Boot from the device once and then notthereafter.' + - 'V(boot_always): Boot from the device each time the server is rebooted.' + - 'V(connect): Connect the virtual media device and set to boot_always.' + - 'V(disconnect): Disconnects the virtual media device and set to no_boot.' + - 'V(poweroff): Power off the server.' default: boot_once type: str - choices: [ "boot_always", "boot_once", "connect", "disconnect", "no_boot", "poweroff" ] + choices: ["boot_always", "boot_once", "connect", "disconnect", "no_boot", "poweroff"] force: description: - - Whether to force a reboot (even when the system is already booted). - - As a safeguard, without force, hpilo_boot will refuse to reboot a server that is already running. + - Whether to force a reboot (even when the system is already booted). + - As a safeguard, without force, hpilo_boot will refuse to reboot a server that is already running. default: false type: bool ssl_version: @@ -77,16 +75,16 @@ options: - Change the ssl_version used. default: TLSv1 type: str - choices: [ "SSLv3", "SSLv23", "TLSv1", "TLSv1_1", "TLSv1_2" ] + choices: ["SSLv3", "SSLv23", "TLSv1", "TLSv1_1", "TLSv1_2"] requirements: -- python-hpilo + - python-hpilo notes: -- To use a USB key image you need to specify floppy as boot media. -- This module ought to be run from a system that can access the HP iLO - interface directly, either by using C(local_action) or using C(delegate_to). -''' + - To use a USB key image you need to specify floppy as boot media. + - This module ought to be run from a system that can access the HP iLO interface directly, either by using C(local_action) + or using C(delegate_to). +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Task to boot a system using an ISO from an HP iLO interface only if the system is an HP server community.general.hpilo_boot: host: YOUR_ILO_ADDRESS @@ -104,11 +102,11 @@ EXAMPLES = r''' password: YOUR_ILO_PASSWORD state: poweroff delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" # Default return values -''' +""" import time import traceback diff --git a/plugins/modules/hpilo_info.py b/plugins/modules/hpilo_info.py index d329764b4c..70eecb8b0e 100644 --- a/plugins/modules/hpilo_info.py +++ b/plugins/modules/hpilo_info.py @@ -9,23 +9,21 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: hpilo_info author: Dag Wieers (@dagwieers) short_description: Gather information through an HP iLO interface description: -- This module gathers information on a specific system using its HP iLO interface. - These information includes hardware and network related information useful - for provisioning (e.g. macaddress, uuid). -- This module requires the C(hpilo) python module. + - This module gathers information on a specific system using its HP iLO interface. These information includes hardware and + network related information useful for provisioning (for example macaddress, uuid). + - This module requires the C(hpilo) python module. extends_documentation_fragment: -- community.general.attributes -- community.general.attributes.info_module + - community.general.attributes + - community.general.attributes.info_module options: host: description: - - The HP iLO hostname/address that is linked to the physical system. + - The HP iLO hostname/address that is linked to the physical system. type: str required: true login: @@ -43,15 +41,15 @@ options: - Change the ssl_version used. default: TLSv1 type: str - choices: [ "SSLv3", "SSLv23", "TLSv1", "TLSv1_1", "TLSv1_2" ] + choices: ["SSLv3", "SSLv23", "TLSv1", "TLSv1_1", "TLSv1_2"] requirements: -- hpilo + - hpilo notes: -- This module ought to be run from a system that can access the HP iLO - interface directly, either by using C(local_action) or using C(delegate_to). -''' + - This module ought to be run from a system that can access the HP iLO interface directly, either by using C(local_action) + or using C(delegate_to). +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Gather facts from a HP iLO interface only if the system is an HP server community.general.hpilo_info: host: YOUR_ILO_ADDRESS @@ -64,71 +62,71 @@ EXAMPLES = r''' - ansible.builtin.fail: msg: 'CMDB serial ({{ cmdb_serialno }}) does not match hardware serial ({{ results.hw_system_serial }}) !' when: cmdb_serialno != results.hw_system_serial -''' +""" -RETURN = r''' +RETURN = r""" # Typical output of HP iLO_info for a physical system hw_bios_date: - description: BIOS date - returned: always - type: str - sample: 05/05/2011 + description: BIOS date. + returned: always + type: str + sample: 05/05/2011 hw_bios_version: - description: BIOS version - returned: always - type: str - sample: P68 + description: BIOS version. + returned: always + type: str + sample: P68 hw_ethX: - description: Interface information (for each interface) - returned: always - type: dict - sample: - - macaddress: 00:11:22:33:44:55 - macaddress_dash: 00-11-22-33-44-55 + description: Interface information (for each interface). + returned: always + type: dict + sample: + - macaddress: 00:11:22:33:44:55 + macaddress_dash: 00-11-22-33-44-55 hw_eth_ilo: - description: Interface information (for the iLO network interface) - returned: always - type: dict - sample: - - macaddress: 00:11:22:33:44:BA - - macaddress_dash: 00-11-22-33-44-BA + description: Interface information (for the iLO network interface). + returned: always + type: dict + sample: + - macaddress: 00:11:22:33:44:BA + - macaddress_dash: 00-11-22-33-44-BA hw_product_name: - description: Product name - returned: always - type: str - sample: ProLiant DL360 G7 + description: Product name. + returned: always + type: str + sample: ProLiant DL360 G7 hw_product_uuid: - description: Product UUID - returned: always - type: str - sample: ef50bac8-2845-40ff-81d9-675315501dac + description: Product UUID. + returned: always + type: str + sample: ef50bac8-2845-40ff-81d9-675315501dac hw_system_serial: - description: System serial number - returned: always - type: str - sample: ABC12345D6 + description: System serial number. + returned: always + type: str + sample: ABC12345D6 hw_uuid: - description: Hardware UUID - returned: always - type: str - sample: 123456ABC78901D2 + description: Hardware UUID. + returned: always + type: str + sample: 123456ABC78901D2 host_power_status: - description: - - Power status of host. - - Will be one of V(ON), V(OFF) and V(UNKNOWN). - returned: always - type: str - sample: "ON" - version_added: 3.5.0 -''' + description: + - Power status of host. + - Will be one of V(ON), V(OFF) and V(UNKNOWN). + returned: always + type: str + sample: "ON" + version_added: 3.5.0 +""" import re import traceback diff --git a/plugins/modules/hponcfg.py b/plugins/modules/hponcfg.py index 612a20d923..654ba2c710 100644 --- a/plugins/modules/hponcfg.py +++ b/plugins/modules/hponcfg.py @@ -9,13 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: hponcfg author: Dag Wieers (@dagwieers) -short_description: Configure HP iLO interface using hponcfg +short_description: Configure HP iLO interface using C(hponcfg) description: - - This modules configures the HP iLO interface using hponcfg. + - This modules configures the HP iLO interface using C(hponcfg). extends_documentation_fragment: - community.general.attributes attributes: @@ -26,32 +25,32 @@ attributes: options: path: description: - - The XML file as accepted by hponcfg. + - The XML file as accepted by C(hponcfg). required: true aliases: ['src'] type: path minfw: description: - - The minimum firmware level needed. + - The minimum firmware level needed. required: false type: str executable: description: - - Path to the hponcfg executable (C(hponcfg) which uses $PATH). + - Path to the hponcfg executable (C(hponcfg) which uses E(PATH)). default: hponcfg type: str verbose: description: - - Run hponcfg in verbose mode (-v). + - Run C(hponcfg) in verbose mode (-v). default: false type: bool requirements: - - hponcfg tool + - hponcfg tool notes: - - You need a working hponcfg on the target system. -''' + - You need a working C(hponcfg) on the target system. +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Example hponcfg configuration XML ansible.builtin.copy: content: | @@ -78,7 +77,7 @@ EXAMPLES = r''' community.general.hponcfg: src: /tmp/enable-ssh.xml executable: /opt/hp/tools/hponcfg -''' +""" from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper @@ -98,6 +97,7 @@ class HPOnCfg(ModuleHelper): verbose=cmd_runner_fmt.as_bool("-v"), minfw=cmd_runner_fmt.as_opt_val("-m"), ) + use_old_vardict = False def __run__(self): runner = CmdRunner( diff --git a/plugins/modules/htpasswd.py b/plugins/modules/htpasswd.py index 9633ce2fb5..de94765130 100644 --- a/plugins/modules/htpasswd.py +++ b/plugins/modules/htpasswd.py @@ -9,7 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: htpasswd short_description: Manage user files for basic authentication description: @@ -24,13 +24,13 @@ options: path: type: path required: true - aliases: [ dest, destfile ] + aliases: [dest, destfile] description: - Path to the file that contains the usernames and passwords. name: type: str required: true - aliases: [ username ] + aliases: [username] description: - User name to add or remove. password: @@ -44,19 +44,17 @@ options: required: false default: "apr_md5_crypt" description: - - Hashing scheme to be used. As well as the four choices listed - here, you can also use any other hash supported by passlib, such as - V(portable_apache22) and V(host_apache24); or V(md5_crypt) and V(sha256_crypt), - which are Linux passwd hashes. Only some schemes in addition to - the four choices below will be compatible with Apache or Nginx, and - supported schemes depend on passlib version and its dependencies. + - Hashing scheme to be used. As well as the four choices listed here, you can also use any other hash supported by passlib, + such as V(portable_apache22) and V(host_apache24); or V(md5_crypt) and V(sha256_crypt), which are Linux passwd hashes. + Only some schemes in addition to the four choices below will be compatible with Apache or Nginx, and supported schemes + depend on passlib version and its dependencies. - See U(https://passlib.readthedocs.io/en/stable/lib/passlib.apache.html#passlib.apache.HtpasswdFile) parameter C(default_scheme). - 'Some of the available choices might be: V(apr_md5_crypt), V(des_crypt), V(ldap_sha1), V(plaintext).' aliases: [crypt_scheme] state: type: str required: false - choices: [ present, absent ] + choices: [present, absent] default: "present" description: - Whether the user entry should be present or not. @@ -65,22 +63,21 @@ options: type: bool default: true description: - - Used with O(state=present). If V(true), the file will be created - if it does not exist. Conversely, if set to V(false) and the file - does not exist it will fail. + - Used with O(state=present). If V(true), the file will be created if it does not exist. Conversely, if set to V(false) + and the file does not exist it will fail. notes: - - "This module depends on the C(passlib) Python library, which needs to be installed on all target systems." - - "On Debian < 11, Ubuntu <= 20.04, or Fedora: install C(python-passlib)." - - "On Debian, Ubuntu: install C(python3-passlib)." - - "On RHEL or CentOS: Enable EPEL, then install C(python-passlib)." -requirements: [ passlib>=1.6 ] + - This module depends on the C(passlib) Python library, which needs to be installed on all target systems. + - 'On Debian < 11, Ubuntu <= 20.04, or Fedora: install C(python-passlib).' + - 'On Debian, Ubuntu: install C(python3-passlib).' + - 'On RHEL or CentOS: Enable EPEL, then install C(python-passlib).' +requirements: [passlib>=1.6] author: "Ansible Core Team" extends_documentation_fragment: - files - community.general.attributes -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Add a user to a password file and ensure permissions are set community.general.htpasswd: path: /etc/nginx/passwdfile @@ -246,8 +243,9 @@ def main(): (msg, changed) = absent(path, username, check_mode) else: module.fail_json(msg="Invalid state: %s" % state) + return # needed to make pylint happy - check_file_attrs(module, changed, msg) + (msg, changed) = check_file_attrs(module, changed, msg) module.exit_json(msg=msg, changed=changed) except Exception as e: module.fail_json(msg=to_native(e)) diff --git a/plugins/modules/hwc_ecs_instance.py b/plugins/modules/hwc_ecs_instance.py index 9ba95dc96d..f01b7c48fd 100644 --- a/plugins/modules/hwc_ecs_instance.py +++ b/plugins/modules/hwc_ecs_instance.py @@ -12,230 +12,207 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_ecs_instance description: - - instance management. + - Instance management. short_description: Creates a resource of Ecs/Instance in Huawei Cloud version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huawei Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - timeouts: - description: - - The timeouts for each operations. - type: dict - default: {} - suboptions: - create: - description: - - The timeouts for create operation. - type: str - default: '30m' - update: - description: - - The timeouts for update operation. - type: str - default: '30m' - delete: - description: - - The timeouts for delete operation. - type: str - default: '30m' - availability_zone: - description: - - Specifies the name of the AZ where the ECS is located. - type: str - required: true - flavor_name: - description: - - Specifies the name of the system flavor. - type: str - required: true - image_id: - description: - - Specifies the ID of the system image. - type: str - required: true - name: - description: - - Specifies the ECS name. Value requirements consists of 1 to 64 - characters, including letters, digits, underscores (V(_)), hyphens - (V(-)), periods (V(.)). - type: str - required: true - nics: - description: - - Specifies the NIC information of the ECS. Constraints the - network of the NIC must belong to the VPC specified by vpc_id. A - maximum of 12 NICs can be attached to an ECS. - type: list - elements: dict - required: true - suboptions: - ip_address: - description: - - Specifies the IP address of the NIC. The value is an IPv4 - address. Its value must be an unused IP - address in the network segment of the subnet. - type: str - required: true - subnet_id: - description: - - Specifies the ID of subnet. - type: str - required: true - root_volume: - description: - - Specifies the configuration of the ECS's system disks. - type: dict - required: true - suboptions: - volume_type: - description: - - Specifies the ECS system disk type. - - SATA is common I/O disk type. - - SAS is high I/O disk type. - - SSD is ultra-high I/O disk type. - - co-p1 is high I/O (performance-optimized I) disk type. - - uh-l1 is ultra-high I/O (latency-optimized) disk type. - - NOTE is For HANA, HL1, and HL2 ECSs, use co-p1 and uh-l1 - disks. For other ECSs, do not use co-p1 or uh-l1 disks. - type: str - required: true - size: - description: - - Specifies the system disk size, in GB. The value range is - 1 to 1024. The system disk size must be - greater than or equal to the minimum system disk size - supported by the image (min_disk attribute of the image). - If this parameter is not specified or is set to 0, the - default system disk size is the minimum value of the - system disk in the image (min_disk attribute of the - image). - type: int - required: false - snapshot_id: - description: - - Specifies the snapshot ID or ID of the original data disk - contained in the full-ECS image. - type: str - required: false - vpc_id: - description: - - Specifies the ID of the VPC to which the ECS belongs. - type: str - required: true - admin_pass: - description: - - Specifies the initial login password of the administrator account - for logging in to an ECS using password authentication. The Linux - administrator is root, and the Windows administrator is - Administrator. Password complexity requirements, consists of 8 to - 26 characters. The password must contain at least three of the - following character types 'uppercase letters, lowercase letters, - digits, and special characters (!@$%^-_=+[{}]:,./?)'. The password - cannot contain the username or the username in reverse. The - Windows ECS password cannot contain the username, the username in - reverse, or more than two consecutive characters in the username. - type: str - required: false - data_volumes: - description: - - Specifies the data disks of ECS instance. - type: list - elements: dict - required: false - suboptions: - volume_id: - description: - - Specifies the disk ID. - type: str - required: true - device: - description: - - Specifies the disk device name. - type: str - required: false + state: description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + timeouts: + description: + - The timeouts for each operations. + type: dict + default: {} + suboptions: + create: description: - - Specifies the description of an ECS, which is a null string by - default. Can contain a maximum of 85 characters. Cannot contain - special characters, such as < and >. + - The timeouts for create operation. + type: str + default: '30m' + update: + description: + - The timeouts for update operation. + type: str + default: '30m' + delete: + description: + - The timeouts for delete operation. + type: str + default: '30m' + availability_zone: + description: + - Specifies the name of the AZ where the ECS is located. + type: str + required: true + flavor_name: + description: + - Specifies the name of the system flavor. + type: str + required: true + image_id: + description: + - Specifies the ID of the system image. + type: str + required: true + name: + description: + - Specifies the ECS name. Value requirements consists of 1 to 64 characters, including letters, digits, underscores + (V(_)), hyphens (V(-)), periods (V(.)). + type: str + required: true + nics: + description: + - Specifies the NIC information of the ECS. Constraints the network of the NIC must belong to the VPC specified by vpc_id. + A maximum of 12 NICs can be attached to an ECS. + type: list + elements: dict + required: true + suboptions: + ip_address: + description: + - Specifies the IP address of the NIC. The value is an IPv4 address. Its value must be an unused IP address in the + network segment of the subnet. + type: str + required: true + subnet_id: + description: + - Specifies the ID of subnet. + type: str + required: true + root_volume: + description: + - Specifies the configuration of the ECS's system disks. + type: dict + required: true + suboptions: + volume_type: + description: + - Specifies the ECS system disk type. + - SATA is common I/O disk type. + - SAS is high I/O disk type. + - SSD is ultra-high I/O disk type. + - Co-p1 is high I/O (performance-optimized I) disk type. + - Uh-l1 is ultra-high I/O (latency-optimized) disk type. + - NOTE is For HANA, HL1, and HL2 ECSs, use co-p1 and uh-l1 disks. For other ECSs, do not use co-p1 or uh-l1 disks. + type: str + required: true + size: + description: + - Specifies the system disk size, in GB. The value range is 1 to 1024. The system disk size must be greater than + or equal to the minimum system disk size supported by the image (min_disk attribute of the image). If this parameter + is not specified or is set to 0, the default system disk size is the minimum value of the system disk in the image + (min_disk attribute of the image). + type: int + required: false + snapshot_id: + description: + - Specifies the snapshot ID or ID of the original data disk contained in the full-ECS image. type: str required: false - eip_id: + vpc_id: + description: + - Specifies the ID of the VPC to which the ECS belongs. + type: str + required: true + admin_pass: + description: + - Specifies the initial login password of the administrator account for logging in to an ECS using password authentication. + The Linux administrator is root, and the Windows administrator is Administrator. Password complexity requirements, + consists of 8 to 26 characters. The password must contain at least three of the following character types 'uppercase + letters, lowercase letters, digits, and special characters (V(!@$%^-_=+[{}]:,./?))'. The password cannot contain the + username or the username in reverse. The Windows ECS password cannot contain the username, the username in reverse, + or more than two consecutive characters in the username. + type: str + required: false + data_volumes: + description: + - Specifies the data disks of ECS instance. + type: list + elements: dict + required: false + suboptions: + volume_id: description: - - Specifies the ID of the elastic IP address assigned to the ECS. - Only elastic IP addresses in the DOWN state can be - assigned. - type: str - required: false - enable_auto_recovery: - description: - - Specifies whether automatic recovery is enabled on the ECS. - type: bool - required: false - enterprise_project_id: - description: - - Specifies the ID of the enterprise project to which the ECS - belongs. - type: str - required: false - security_groups: - description: - - Specifies the security groups of the ECS. If this - parameter is left blank, the default security group is bound to - the ECS by default. - type: list - elements: str - required: false - server_metadata: - description: - - Specifies the metadata of ECS to be created. - type: dict - required: false - server_tags: - description: - - Specifies the tags of an ECS. When you create ECSs, one ECS - supports up to 10 tags. - type: dict - required: false - ssh_key_name: - description: - - Specifies the name of the SSH key used for logging in to the ECS. - type: str - required: false - user_data: - description: - - Specifies the user data to be injected during the ECS creation - process. Text, text files, and gzip files can be injected. - The content to be injected must be encoded with - base64. The maximum size of the content to be injected (before - encoding) is 32 KB. For Linux ECSs, this parameter does not take - effect when adminPass is used. + - Specifies the disk ID. + type: str + required: true + device: + description: + - Specifies the disk device name. type: str required: false + description: + description: + - Specifies the description of an ECS, which is a null string by default. Can contain a maximum of 85 characters. Cannot + contain special characters, such as V(<) and V(>). + type: str + required: false + eip_id: + description: + - Specifies the ID of the elastic IP address assigned to the ECS. Only elastic IP addresses in the DOWN state can be + assigned. + type: str + required: false + enable_auto_recovery: + description: + - Specifies whether automatic recovery is enabled on the ECS. + type: bool + required: false + enterprise_project_id: + description: + - Specifies the ID of the enterprise project to which the ECS belongs. + type: str + required: false + security_groups: + description: + - Specifies the security groups of the ECS. If this parameter is left blank, the default security group is bound to + the ECS by default. + type: list + elements: str + required: false + server_metadata: + description: + - Specifies the metadata of ECS to be created. + type: dict + required: false + server_tags: + description: + - Specifies the tags of an ECS. When you create ECSs, one ECS supports up to 10 tags. + type: dict + required: false + ssh_key_name: + description: + - Specifies the name of the SSH key used for logging in to the ECS. + type: str + required: false + user_data: + description: + - Specifies the user data to be injected during the ECS creation process. Text, text files, and gzip files can be injected. + The content to be injected must be encoded with base64. The maximum size of the content to be injected (before encoding) + is 32 KB. For Linux ECSs, this parameter does not take effect when adminPass is used. + type: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create an ecs instance - name: Create a vpc hwc_network_vpc: @@ -285,238 +262,216 @@ EXAMPLES = ''' vpc_id: "{{ vpc.id }}" root_volume: volume_type: "SAS" -''' +""" -RETURN = ''' - availability_zone: - description: - - Specifies the name of the AZ where the ECS is located. - type: str - returned: success - flavor_name: - description: - - Specifies the name of the system flavor. - type: str - returned: success - image_id: - description: - - Specifies the ID of the system image. - type: str - returned: success - name: - description: - - Specifies the ECS name. Value requirements "Consists of 1 to 64 - characters, including letters, digits, underscores (V(_)), hyphens - (V(-)), periods (V(.)).". - type: str - returned: success - nics: - description: - - Specifies the NIC information of the ECS. The - network of the NIC must belong to the VPC specified by vpc_id. A - maximum of 12 NICs can be attached to an ECS. - type: list - returned: success - contains: - ip_address: - description: - - Specifies the IP address of the NIC. The value is an IPv4 - address. Its value must be an unused IP - address in the network segment of the subnet. - type: str - returned: success - subnet_id: - description: - - Specifies the ID of subnet. - type: str - returned: success - port_id: - description: - - Specifies the port ID corresponding to the IP address. - type: str - returned: success - root_volume: - description: - - Specifies the configuration of the ECS's system disks. - type: dict - returned: success - contains: - volume_type: - description: - - Specifies the ECS system disk type. - - SATA is common I/O disk type. - - SAS is high I/O disk type. - - SSD is ultra-high I/O disk type. - - co-p1 is high I/O (performance-optimized I) disk type. - - uh-l1 is ultra-high I/O (latency-optimized) disk type. - - NOTE is For HANA, HL1, and HL2 ECSs, use co-p1 and uh-l1 - disks. For other ECSs, do not use co-p1 or uh-l1 disks. - type: str - returned: success - size: - description: - - Specifies the system disk size, in GB. The value range is - 1 to 1024. The system disk size must be - greater than or equal to the minimum system disk size - supported by the image (min_disk attribute of the image). - If this parameter is not specified or is set to 0, the - default system disk size is the minimum value of the - system disk in the image (min_disk attribute of the - image). - type: int - returned: success - snapshot_id: - description: - - Specifies the snapshot ID or ID of the original data disk - contained in the full-ECS image. - type: str - returned: success - device: - description: - - Specifies the disk device name. - type: str - returned: success - volume_id: - description: - - Specifies the disk ID. - type: str - returned: success - vpc_id: - description: - - Specifies the ID of the VPC to which the ECS belongs. - type: str - returned: success - admin_pass: - description: - - Specifies the initial login password of the administrator account - for logging in to an ECS using password authentication. The Linux - administrator is root, and the Windows administrator is - Administrator. Password complexity requirements consists of 8 to - 26 characters. The password must contain at least three of the - following character types "uppercase letters, lowercase letters, - digits, and special characters (!@$%^-_=+[{}]:,./?)". The password - cannot contain the username or the username in reverse. The - Windows ECS password cannot contain the username, the username in - reverse, or more than two consecutive characters in the username. - type: str - returned: success - data_volumes: - description: - - Specifies the data disks of ECS instance. - type: list - returned: success - contains: - volume_id: - description: - - Specifies the disk ID. - type: str - returned: success - device: - description: - - Specifies the disk device name. - type: str - returned: success - description: - description: - - Specifies the description of an ECS, which is a null string by - default. Can contain a maximum of 85 characters. Cannot contain - special characters, such as < and >. - type: str - returned: success - eip_id: - description: - - Specifies the ID of the elastic IP address assigned to the ECS. - Only elastic IP addresses in the DOWN state can be assigned. - type: str - returned: success - enable_auto_recovery: - description: - - Specifies whether automatic recovery is enabled on the ECS. - type: bool - returned: success - enterprise_project_id: - description: - - Specifies the ID of the enterprise project to which the ECS - belongs. - type: str - returned: success - security_groups: - description: - - Specifies the security groups of the ECS. If this parameter is left - blank, the default security group is bound to the ECS by default. - type: list - returned: success - server_metadata: - description: - - Specifies the metadata of ECS to be created. - type: dict - returned: success - server_tags: - description: - - Specifies the tags of an ECS. When you create ECSs, one ECS - supports up to 10 tags. - type: dict - returned: success - ssh_key_name: - description: - - Specifies the name of the SSH key used for logging in to the ECS. - type: str - returned: success - user_data: - description: - - Specifies the user data to be injected during the ECS creation - process. Text, text files, and gzip files can be injected. - The content to be injected must be encoded with base64. The maximum - size of the content to be injected (before encoding) is 32 KB. For - Linux ECSs, this parameter does not take effect when adminPass is - used. - type: str - returned: success - config_drive: - description: - - Specifies the configuration driver. - type: str - returned: success - created: - description: - - Specifies the time when an ECS was created. - type: str - returned: success - disk_config_type: - description: - - Specifies the disk configuration type. MANUAL is The image - space is not expanded. AUTO is the image space of the system disk - will be expanded to be as same as the flavor. - type: str - returned: success - host_name: - description: - - Specifies the host name of the ECS. - type: str - returned: success - image_name: - description: - - Specifies the image name of the ECS. - type: str - returned: success - power_state: - description: - - Specifies the power status of the ECS. - type: int - returned: success - server_alias: - description: - - Specifies the ECS alias. - type: str - returned: success - status: - description: - - Specifies the ECS status. Options are ACTIVE, REBOOT, HARD_REBOOT, - REBUILD, MIGRATING, BUILD, SHUTOFF, RESIZE, VERIFY_RESIZE, ERROR, - and DELETED. - type: str - returned: success -''' +RETURN = r""" +availability_zone: + description: + - Specifies the name of the AZ where the ECS is located. + type: str + returned: success +flavor_name: + description: + - Specifies the name of the system flavor. + type: str + returned: success +image_id: + description: + - Specifies the ID of the system image. + type: str + returned: success +name: + description: + - Specifies the ECS name. Value requirements "Consists of 1 to 64 characters, including letters, digits, underscores (V(_)), + hyphens (V(-)), periods (V(.)).". + type: str + returned: success +nics: + description: + - Specifies the NIC information of the ECS. The network of the NIC must belong to the VPC specified by vpc_id. A maximum + of 12 NICs can be attached to an ECS. + type: list + returned: success + contains: + ip_address: + description: + - Specifies the IP address of the NIC. The value is an IPv4 address. Its value must be an unused IP address in the + network segment of the subnet. + type: str + returned: success + subnet_id: + description: + - Specifies the ID of subnet. + type: str + returned: success + port_id: + description: + - Specifies the port ID corresponding to the IP address. + type: str + returned: success +root_volume: + description: + - Specifies the configuration of the ECS's system disks. + type: dict + returned: success + contains: + volume_type: + description: + - Specifies the ECS system disk type. + - SATA is common I/O disk type. + - SAS is high I/O disk type. + - SSD is ultra-high I/O disk type. + - Co-p1 is high I/O (performance-optimized I) disk type. + - Uh-l1 is ultra-high I/O (latency-optimized) disk type. + - NOTE is For HANA, HL1, and HL2 ECSs, use co-p1 and uh-l1 disks. For other ECSs, do not use co-p1 or uh-l1 disks. + type: str + returned: success + size: + description: + - Specifies the system disk size, in GB. The value range is 1 to 1024. The system disk size must be greater than or + equal to the minimum system disk size supported by the image (min_disk attribute of the image). If this parameter + is not specified or is set to 0, the default system disk size is the minimum value of the system disk in the image + (min_disk attribute of the image). + type: int + returned: success + snapshot_id: + description: + - Specifies the snapshot ID or ID of the original data disk contained in the full-ECS image. + type: str + returned: success + device: + description: + - Specifies the disk device name. + type: str + returned: success + volume_id: + description: + - Specifies the disk ID. + type: str + returned: success +vpc_id: + description: + - Specifies the ID of the VPC to which the ECS belongs. + type: str + returned: success +admin_pass: + description: + - Specifies the initial login password of the administrator account for logging in to an ECS using password authentication. + The Linux administrator is root, and the Windows administrator is Administrator. Password complexity requirements consists + of 8 to 26 characters. The password must contain at least three of the following character types "uppercase letters, + lowercase letters, digits, and special characters (!@$%^-_=+[{}]:,./?)". The password cannot contain the username or + the username in reverse. The Windows ECS password cannot contain the username, the username in reverse, or more than + two consecutive characters in the username. + type: str + returned: success +data_volumes: + description: + - Specifies the data disks of ECS instance. + type: list + returned: success + contains: + volume_id: + description: + - Specifies the disk ID. + type: str + returned: success + device: + description: + - Specifies the disk device name. + type: str + returned: success +description: + description: + - Specifies the description of an ECS, which is a null string by default. Can contain a maximum of 85 characters. Cannot + contain special characters, such as < and >. + type: str + returned: success +eip_id: + description: + - Specifies the ID of the elastic IP address assigned to the ECS. Only elastic IP addresses in the DOWN state can be assigned. + type: str + returned: success +enable_auto_recovery: + description: + - Specifies whether automatic recovery is enabled on the ECS. + type: bool + returned: success +enterprise_project_id: + description: + - Specifies the ID of the enterprise project to which the ECS belongs. + type: str + returned: success +security_groups: + description: + - Specifies the security groups of the ECS. If this parameter is left blank, the default security group is bound to the + ECS by default. + type: list + returned: success +server_metadata: + description: + - Specifies the metadata of ECS to be created. + type: dict + returned: success +server_tags: + description: + - Specifies the tags of an ECS. When you create ECSs, one ECS supports up to 10 tags. + type: dict + returned: success +ssh_key_name: + description: + - Specifies the name of the SSH key used for logging in to the ECS. + type: str + returned: success +user_data: + description: + - Specifies the user data to be injected during the ECS creation process. Text, text files, and gzip files can be injected. + The content to be injected must be encoded with base64. The maximum size of the content to be injected (before encoding) + is 32 KB. For Linux ECSs, this parameter does not take effect when adminPass is used. + type: str + returned: success +config_drive: + description: + - Specifies the configuration driver. + type: str + returned: success +created: + description: + - Specifies the time when an ECS was created. + type: str + returned: success +disk_config_type: + description: + - Specifies the disk configuration type. MANUAL is The image space is not expanded. AUTO is the image space of the system + disk will be expanded to be as same as the flavor. + type: str + returned: success +host_name: + description: + - Specifies the host name of the ECS. + type: str + returned: success +image_name: + description: + - Specifies the image name of the ECS. + type: str + returned: success +power_state: + description: + - Specifies the power status of the ECS. + type: int + returned: success +server_alias: + description: + - Specifies the ECS alias. + type: str + returned: success +status: + description: + - Specifies the ECS status. Options are ACTIVE, REBOOT, HARD_REBOOT, REBUILD, MIGRATING, BUILD, SHUTOFF, RESIZE, VERIFY_RESIZE, + ERROR, and DELETED. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcModule, are_different_dicts, build_path, @@ -1163,8 +1118,7 @@ def send_delete_volume_request(module, params, client, info): path_parameters = { "volume_id": ["volume_id"], } - data = dict((key, navigate_value(info, path)) - for key, path in path_parameters.items()) + data = {key: navigate_value(info, path) for key, path in path_parameters.items()} url = build_path(module, "cloudservers/{id}/detachvolume/{volume_id}", data) diff --git a/plugins/modules/hwc_evs_disk.py b/plugins/modules/hwc_evs_disk.py index 7d445ddd21..0763c07b01 100644 --- a/plugins/modules/hwc_evs_disk.py +++ b/plugins/modules/hwc_evs_disk.py @@ -12,155 +12,135 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_evs_disk description: - - block storage management. + - Block storage management. short_description: Creates a resource of Evs/Disk in Huawei Cloud version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huaweicloud Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - timeouts: - description: - - The timeouts for each operations. - type: dict - default: {} - suboptions: - create: - description: - - The timeouts for create operation. - type: str - default: '30m' - update: - description: - - The timeouts for update operation. - type: str - default: '30m' - delete: - description: - - The timeouts for delete operation. - type: str - default: '30m' - availability_zone: - description: - - Specifies the AZ where you want to create the disk. - type: str - required: true - name: - description: - - Specifies the disk name. The value can contain a maximum of 255 - bytes. - type: str - required: true - volume_type: - description: - - Specifies the disk type. Currently, the value can be SSD, SAS, or - SATA. - - SSD specifies the ultra-high I/O disk type. - - SAS specifies the high I/O disk type. - - SATA specifies the common I/O disk type. - - If the specified disk type is not available in the AZ, the - disk will fail to create. If the EVS disk is created from a - snapshot, the volume_type field must be the same as that of the - snapshot's source disk. - type: str - required: true - backup_id: - description: - - Specifies the ID of the backup that can be used to create a disk. - This parameter is mandatory when you use a backup to create the - disk. - type: str - required: false + state: description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + timeouts: + description: + - The timeouts for each operations. + type: dict + default: {} + suboptions: + create: description: - - Specifies the disk description. The value can contain a maximum - of 255 bytes. + - The timeouts for create operation. type: str - required: false - enable_full_clone: + default: '30m' + update: description: - - If the disk is created from a snapshot and linked cloning needs - to be used, set this parameter to True. - type: bool - required: false - enable_scsi: - description: - - If this parameter is set to True, the disk device type will be - SCSI, which allows ECS OSs to directly access underlying storage - media. SCSI reservation command is supported. If this parameter - is set to False, the disk device type will be VBD, which supports - only simple SCSI read/write commands. - - If parameter enable_share is set to True and this parameter - is not specified, shared SCSI disks are created. SCSI EVS disks - cannot be created from backups, which means that this parameter - cannot be True if backup_id has been specified. - type: bool - required: false - enable_share: - description: - - Specifies whether the disk is shareable. The default value is - False. - type: bool - required: false - encryption_id: - description: - - Specifies the encryption ID. The length of it fixes at 36 bytes. + - The timeouts for update operation. type: str - required: false - enterprise_project_id: + default: '30m' + delete: description: - - Specifies the enterprise project ID. This ID is associated with - the disk during the disk creation. If it is not specified, the - disk is bound to the default enterprise project. + - The timeouts for delete operation. type: str - required: false - image_id: - description: - - Specifies the image ID. If this parameter is specified, the disk - is created from an image. BMS system disks cannot be - created from BMS images. - type: str - required: false - size: - description: - - Specifies the disk size, in GB. Its values are as follows, System - disk 1 GB to 1024 GB, Data disk 10 GB to 32768 GB. This - parameter is mandatory when you create an empty disk or use an - image or a snapshot to create a disk. If you use an image or a - snapshot to create a disk, the disk size must be greater than or - equal to the image or snapshot size. This parameter is optional - when you use a backup to create a disk. If this parameter is not - specified, the disk size is equal to the backup size. - type: int - required: false - snapshot_id: - description: - - Specifies the snapshot ID. If this parameter is specified, the - disk is created from a snapshot. - type: str - required: false + default: '30m' + availability_zone: + description: + - Specifies the AZ where you want to create the disk. + type: str + required: true + name: + description: + - Specifies the disk name. The value can contain a maximum of 255 bytes. + type: str + required: true + volume_type: + description: + - Specifies the disk type. Currently, the value can be SSD, SAS, or SATA. + - SSD specifies the ultra-high I/O disk type. + - SAS specifies the high I/O disk type. + - SATA specifies the common I/O disk type. + - If the specified disk type is not available in the AZ, the disk will fail to create. If the EVS disk is created from + a snapshot, the volume_type field must be the same as that of the snapshot's source disk. + type: str + required: true + backup_id: + description: + - Specifies the ID of the backup that can be used to create a disk. This parameter is mandatory when you use a backup + to create the disk. + type: str + required: false + description: + description: + - Specifies the disk description. The value can contain a maximum of 255 bytes. + type: str + required: false + enable_full_clone: + description: + - If the disk is created from a snapshot and linked cloning needs to be used, set this parameter to True. + type: bool + required: false + enable_scsi: + description: + - If this parameter is set to True, the disk device type will be SCSI, which allows ECS OSs to directly access underlying + storage media. SCSI reservation command is supported. If this parameter is set to False, the disk device type will + be VBD, which supports only simple SCSI read/write commands. + - If parameter enable_share is set to True and this parameter is not specified, shared SCSI disks are created. SCSI + EVS disks cannot be created from backups, which means that this parameter cannot be True if backup_id has been specified. + type: bool + required: false + enable_share: + description: + - Specifies whether the disk is shareable. The default value is False. + type: bool + required: false + encryption_id: + description: + - Specifies the encryption ID. The length of it fixes at 36 bytes. + type: str + required: false + enterprise_project_id: + description: + - Specifies the enterprise project ID. This ID is associated with the disk during the disk creation. If it is not specified, + the disk is bound to the default enterprise project. + type: str + required: false + image_id: + description: + - Specifies the image ID. If this parameter is specified, the disk is created from an image. BMS system disks cannot + be created from BMS images. + type: str + required: false + size: + description: + - Specifies the disk size, in GB. Its values are as follows, System disk 1 GB to 1024 GB, Data disk 10 GB to 32768 GB. + This parameter is mandatory when you create an empty disk or use an image or a snapshot to create a disk. If you use + an image or a snapshot to create a disk, the disk size must be greater than or equal to the image or snapshot size. + This parameter is optional when you use a backup to create a disk. If this parameter is not specified, the disk size + is equal to the backup size. + type: int + required: false + snapshot_id: + description: + - Specifies the snapshot ID. If this parameter is specified, the disk is created from a snapshot. + type: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # test create disk - name: Create a disk community.general.hwc_evs_disk: @@ -168,176 +148,153 @@ EXAMPLES = ''' name: "ansible_evs_disk_test" volume_type: "SATA" size: 10 -''' +""" -RETURN = ''' - availability_zone: - description: - - Specifies the AZ where you want to create the disk. - type: str - returned: success - name: - description: - - Specifies the disk name. The value can contain a maximum of 255 - bytes. - type: str - returned: success - volume_type: - description: - - Specifies the disk type. Currently, the value can be SSD, SAS, or - SATA. - - SSD specifies the ultra-high I/O disk type. - - SAS specifies the high I/O disk type. - - SATA specifies the common I/O disk type. - - If the specified disk type is not available in the AZ, the - disk will fail to create. If the EVS disk is created from a - snapshot, the volume_type field must be the same as that of the - snapshot's source disk. - type: str - returned: success - backup_id: - description: - - Specifies the ID of the backup that can be used to create a disk. - This parameter is mandatory when you use a backup to create the - disk. - type: str - returned: success - description: - description: - - Specifies the disk description. The value can contain a maximum - of 255 bytes. - type: str - returned: success - enable_full_clone: - description: - - If the disk is created from a snapshot and linked cloning needs - to be used, set this parameter to True. - type: bool - returned: success - enable_scsi: - description: - - If this parameter is set to True, the disk device type will be - SCSI, which allows ECS OSs to directly access underlying storage - media. SCSI reservation command is supported. If this parameter - is set to False, the disk device type will be VBD, which supports - only simple SCSI read/write commands. - - If parameter enable_share is set to True and this parameter - is not specified, shared SCSI disks are created. SCSI EVS disks - cannot be created from backups, which means that this parameter - cannot be True if backup_id has been specified. - type: bool - returned: success - enable_share: - description: - - Specifies whether the disk is shareable. The default value is - False. - type: bool - returned: success - encryption_id: - description: - - Specifies the encryption ID. The length of it fixes at 36 bytes. - type: str - returned: success - enterprise_project_id: - description: - - Specifies the enterprise project ID. This ID is associated with - the disk during the disk creation. If it is not specified, the - disk is bound to the default enterprise project. - type: str - returned: success - image_id: - description: - - Specifies the image ID. If this parameter is specified, the disk - is created from an image. BMS system disks cannot be - created from BMS images. - type: str - returned: success - size: - description: - - Specifies the disk size, in GB. Its values are as follows, System - disk 1 GB to 1024 GB, Data disk 10 GB to 32768 GB. This - parameter is mandatory when you create an empty disk or use an - image or a snapshot to create a disk. If you use an image or a - snapshot to create a disk, the disk size must be greater than or - equal to the image or snapshot size. This parameter is optional - when you use a backup to create a disk. If this parameter is not - specified, the disk size is equal to the backup size. - type: int - returned: success - snapshot_id: - description: - - Specifies the snapshot ID. If this parameter is specified, the - disk is created from a snapshot. - type: str - returned: success - attachments: - description: - - Specifies the disk attachment information. - type: complex - returned: success - contains: - attached_at: - description: - - Specifies the time when the disk was attached. Time - format is 'UTC YYYY-MM-DDTHH:MM:SS'. - type: str - returned: success - attachment_id: - description: - - Specifies the ID of the attachment information. - type: str - returned: success - device: - description: - - Specifies the device name. - type: str - returned: success - server_id: - description: - - Specifies the ID of the server to which the disk is - attached. - type: str - returned: success - backup_policy_id: - description: - - Specifies the backup policy ID. - type: str - returned: success - created_at: - description: - - Specifies the time when the disk was created. Time format is 'UTC - YYYY-MM-DDTHH:MM:SS'. - type: str - returned: success - is_bootable: - description: - - Specifies whether the disk is bootable. - type: bool - returned: success - is_readonly: - description: - - Specifies whether the disk is read-only or read/write. True - indicates that the disk is read-only. False indicates that the - disk is read/write. - type: bool - returned: success - source_volume_id: - description: - - Specifies the source disk ID. This parameter has a value if the - disk is created from a source disk. - type: str - returned: success - status: - description: - - Specifies the disk status. - type: str - returned: success - tags: - description: - - Specifies the disk tags. - type: dict - returned: success -''' +RETURN = r""" +availability_zone: + description: + - Specifies the AZ where you want to create the disk. + type: str + returned: success +name: + description: + - Specifies the disk name. The value can contain a maximum of 255 bytes. + type: str + returned: success +volume_type: + description: + - Specifies the disk type. Currently, the value can be SSD, SAS, or SATA. + - SSD specifies the ultra-high I/O disk type. + - SAS specifies the high I/O disk type. + - SATA specifies the common I/O disk type. + - If the specified disk type is not available in the AZ, the disk will fail to create. If the EVS disk is created from + a snapshot, the volume_type field must be the same as that of the snapshot's source disk. + type: str + returned: success +backup_id: + description: + - Specifies the ID of the backup that can be used to create a disk. This parameter is mandatory when you use a backup + to create the disk. + type: str + returned: success +description: + description: + - Specifies the disk description. The value can contain a maximum of 255 bytes. + type: str + returned: success +enable_full_clone: + description: + - If the disk is created from a snapshot and linked cloning needs to be used, set this parameter to True. + type: bool + returned: success +enable_scsi: + description: + - If this parameter is set to True, the disk device type will be SCSI, which allows ECS OSs to directly access underlying + storage media. SCSI reservation command is supported. If this parameter is set to False, the disk device type will be + VBD, which supports only simple SCSI read/write commands. + - If parameter enable_share is set to True and this parameter is not specified, shared SCSI disks are created. SCSI EVS + disks cannot be created from backups, which means that this parameter cannot be True if backup_id has been specified. + type: bool + returned: success +enable_share: + description: + - Specifies whether the disk is shareable. The default value is False. + type: bool + returned: success +encryption_id: + description: + - Specifies the encryption ID. The length of it fixes at 36 bytes. + type: str + returned: success +enterprise_project_id: + description: + - Specifies the enterprise project ID. This ID is associated with the disk during the disk creation. If it is not specified, + the disk is bound to the default enterprise project. + type: str + returned: success +image_id: + description: + - Specifies the image ID. If this parameter is specified, the disk is created from an image. BMS system disks cannot be + created from BMS images. + type: str + returned: success +size: + description: + - Specifies the disk size, in GB. Its values are as follows, System disk 1 GB to 1024 GB, Data disk 10 GB to 32768 GB. + This parameter is mandatory when you create an empty disk or use an image or a snapshot to create a disk. If you use + an image or a snapshot to create a disk, the disk size must be greater than or equal to the image or snapshot size. + This parameter is optional when you use a backup to create a disk. If this parameter is not specified, the disk size + is equal to the backup size. + type: int + returned: success +snapshot_id: + description: + - Specifies the snapshot ID. If this parameter is specified, the disk is created from a snapshot. + type: str + returned: success +attachments: + description: + - Specifies the disk attachment information. + type: complex + returned: success + contains: + attached_at: + description: + - Specifies the time when the disk was attached. Time format is 'UTC YYYY-MM-DDTHH:MM:SS'. + type: str + returned: success + attachment_id: + description: + - Specifies the ID of the attachment information. + type: str + returned: success + device: + description: + - Specifies the device name. + type: str + returned: success + server_id: + description: + - Specifies the ID of the server to which the disk is attached. + type: str + returned: success +backup_policy_id: + description: + - Specifies the backup policy ID. + type: str + returned: success +created_at: + description: + - Specifies the time when the disk was created. Time format is 'UTC YYYY-MM-DDTHH:MM:SS'. + type: str + returned: success +is_bootable: + description: + - Specifies whether the disk is bootable. + type: bool + returned: success +is_readonly: + description: + - Specifies whether the disk is read-only or read/write. True indicates that the disk is read-only. False indicates that + the disk is read/write. + type: bool + returned: success +source_volume_id: + description: + - Specifies the source disk ID. This parameter has a value if the disk is created from a source disk. + type: str + returned: success +status: + description: + - Specifies the disk status. + type: str + returned: success +tags: + description: + - Specifies the disk tags. + type: dict + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcModule, are_different_dicts, build_path, @@ -771,8 +728,7 @@ def async_wait(config, result, client, timeout): path_parameters = { "job_id": ["job_id"], } - data = dict((key, navigate_value(result, path)) - for key, path in path_parameters.items()) + data = {key: navigate_value(result, path) for key, path in path_parameters.items()} url = build_path(module, "jobs/{job_id}", data) diff --git a/plugins/modules/hwc_network_vpc.py b/plugins/modules/hwc_network_vpc.py index 357fd55204..3342280061 100644 --- a/plugins/modules/hwc_network_vpc.py +++ b/plugins/modules/hwc_network_vpc.py @@ -12,123 +12,120 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_network_vpc description: - - Represents an vpc resource. + - Represents an vpc resource. short_description: Creates a Huawei Cloud VPC author: Huawei Inc. (@huaweicloud) requirements: - - requests >= 2.18.4 - - keystoneauth1 >= 3.6.0 + - requests >= 2.18.4 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: + state: + description: + - Whether the given object should exist in VPC. + type: str + choices: ['present', 'absent'] + default: 'present' + timeouts: + description: + - The timeouts for each operations. + type: dict + default: {} + suboptions: + create: description: - - Whether the given object should exist in vpc. + - The timeout for create operation. type: str - choices: ['present', 'absent'] - default: 'present' - timeouts: + default: '15m' + update: description: - - The timeouts for each operations. - type: dict - default: {} - suboptions: - create: - description: - - The timeout for create operation. - type: str - default: '15m' - update: - description: - - The timeout for update operation. - type: str - default: '15m' - delete: - description: - - The timeout for delete operation. - type: str - default: '15m' - name: - description: - - The name of vpc. + - The timeout for update operation. type: str - required: true - cidr: + default: '15m' + delete: description: - - The range of available subnets in the vpc. + - The timeout for delete operation. type: str - required: true + default: '15m' + name: + description: + - The name of vpc. + type: str + required: true + cidr: + description: + - The range of available subnets in the VPC. + type: str + required: true extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a vpc community.general.hwc_network_vpc: - identity_endpoint: "{{ identity_endpoint }}" - user: "{{ user }}" - password: "{{ password }}" - domain: "{{ domain }}" - project: "{{ project }}" - region: "{{ region }}" - name: "vpc_1" - cidr: "192.168.100.0/24" - state: present -''' + identity_endpoint: "{{ identity_endpoint }}" + user: "{{ user }}" + password: "{{ password }}" + domain: "{{ domain }}" + project: "{{ project }}" + region: "{{ region }}" + name: "vpc_1" + cidr: "192.168.100.0/24" + state: present +""" -RETURN = ''' - id: - description: - - the id of vpc. - type: str - returned: success - name: - description: - - the name of vpc. - type: str - returned: success - cidr: - description: - - the range of available subnets in the vpc. - type: str - returned: success - status: - description: - - the status of vpc. - type: str - returned: success - routes: - description: - - the route information. - type: complex - returned: success - contains: - destination: - description: - - the destination network segment of a route. - type: str - returned: success - next_hop: - description: - - the next hop of a route. If the route type is peering, - it will provide VPC peering connection ID. - type: str - returned: success - enable_shared_snat: - description: - - show whether the shared snat is enabled. - type: bool - returned: success -''' +RETURN = r""" +id: + description: + - The ID of VPC. + type: str + returned: success +name: + description: + - The name of VPC. + type: str + returned: success +cidr: + description: + - The range of available subnets in the VPC. + type: str + returned: success +status: + description: + - The status of VPC. + type: str + returned: success +routes: + description: + - The route information. + type: complex + returned: success + contains: + destination: + description: + - The destination network segment of a route. + type: str + returned: success + next_hop: + description: + - The next hop of a route. If the route type is peering, it will provide VPC peering connection ID. + type: str + returned: success +enable_shared_snat: + description: + - Show whether the shared SNAT is enabled. + type: bool + returned: success +""" ############################################################################### # Imports diff --git a/plugins/modules/hwc_smn_topic.py b/plugins/modules/hwc_smn_topic.py index bb983fba71..45923833e6 100644 --- a/plugins/modules/hwc_smn_topic.py +++ b/plugins/modules/hwc_smn_topic.py @@ -12,101 +12,92 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_smn_topic description: - - Represents a SMN notification topic resource. -short_description: Creates a resource of SMNTopic in Huaweicloud Cloud + - Represents a SMN notification topic resource. +short_description: Creates a resource of SMNTopic in Huawei Cloud author: Huawei Inc. (@huaweicloud) requirements: - - requests >= 2.18.4 - - keystoneauth1 >= 3.6.0 + - requests >= 2.18.4 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huaweicloud Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - display_name: - description: - - Topic display name, which is presented as the name of the email - sender in an email message. The topic display name contains a - maximum of 192 bytes. - type: str - required: false - name: - description: - - Name of the topic to be created. The topic name is a string of 1 - to 256 characters. It must contain upper- or lower-case letters, - digits, hyphens (V(-)), and underscores (V(_)), and must start with a - letter or digit. - type: str - required: true + state: + description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + display_name: + description: + - Topic display name, which is presented as the name of the email sender in an email message. The topic display name + contains a maximum of 192 bytes. + type: str + required: false + name: + description: + - Name of the topic to be created. The topic name is a string of 1 to 256 characters. It must contain upper- or lower-case + letters, digits, hyphens (V(-)), and underscores (V(_)), and must start with a letter or digit. + type: str + required: true extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a smn topic community.general.hwc_smn_topic: - identity_endpoint: "{{ identity_endpoint }}" - user_name: "{{ user_name }}" - password: "{{ password }}" - domain_name: "{{ domain_name }}" - project_name: "{{ project_name }}" - region: "{{ region }}" - name: "ansible_smn_topic_test" - state: present -''' + identity_endpoint: "{{ identity_endpoint }}" + user_name: "{{ user_name }}" + password: "{{ password }}" + domain_name: "{{ domain_name }}" + project_name: "{{ project_name }}" + region: "{{ region }}" + name: "ansible_smn_topic_test" + state: present +""" -RETURN = ''' +RETURN = r""" create_time: - description: - - Time when the topic was created. - returned: success - type: str + description: + - Time when the topic was created. + returned: success + type: str display_name: - description: - - Topic display name, which is presented as the name of the email - sender in an email message. The topic display name contains a - maximum of 192 bytes. - returned: success - type: str + description: + - Topic display name, which is presented as the name of the email sender in an email message. The topic display name contains + a maximum of 192 bytes. + returned: success + type: str name: - description: - - Name of the topic to be created. The topic name is a string of 1 - to 256 characters. It must contain upper- or lower-case letters, - digits, hyphens (V(-)), and underscores (V(_)), and must start with a - letter or digit. - returned: success - type: str + description: + - Name of the topic to be created. The topic name is a string of 1 to 256 characters. It must contain upper- or lower-case + letters, digits, hyphens (V(-)), and underscores (V(_)), and must start with a letter or digit. + returned: success + type: str push_policy: - description: - - Message pushing policy. 0 indicates that the message sending - fails and the message is cached in the queue. 1 indicates that - the failed message is discarded. - returned: success - type: int + description: + - Message pushing policy. V(0) indicates that the message sending fails and the message is cached in the queue. V(1) indicates + that the failed message is discarded. + returned: success + type: int topic_urn: - description: - - Resource identifier of a topic, which is unique. - returned: success - type: str + description: + - Resource identifier of a topic, which is unique. + returned: success + type: str update_time: - description: - - Time when the topic was updated. - returned: success - type: str -''' + description: + - Time when the topic was updated. + returned: success + type: str +""" ############################################################################### # Imports diff --git a/plugins/modules/hwc_vpc_eip.py b/plugins/modules/hwc_vpc_eip.py index 5c44319409..b818fe0d86 100644 --- a/plugins/modules/hwc_vpc_eip.py +++ b/plugins/modules/hwc_vpc_eip.py @@ -12,126 +12,110 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_eip description: - - elastic ip management. -short_description: Creates a resource of Vpc/EIP in Huawei Cloud + - Elastic IP management. +short_description: Creates a resource of VPC/EIP in Huawei Cloud version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: + state: + description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + timeouts: + description: + - The timeouts for each operations. + type: dict + default: {} + suboptions: + create: description: - - Whether the given object should exist in Huawei Cloud. + - The timeouts for create operation. type: str - choices: ['present', 'absent'] - default: 'present' - timeouts: + default: '5m' + update: description: - - The timeouts for each operations. - type: dict - default: {} - suboptions: - create: - description: - - The timeouts for create operation. - type: str - default: '5m' - update: - description: - - The timeouts for update operation. - type: str - default: '5m' - type: + - The timeouts for update operation. + type: str + default: '5m' + type: + description: + - Specifies the EIP type. + type: str + required: true + dedicated_bandwidth: + description: + - Specifies the dedicated bandwidth object. + type: dict + required: false + suboptions: + charge_mode: description: - - Specifies the EIP type. + - Specifies whether the bandwidth is billed by traffic or by bandwidth size. The value can be bandwidth or traffic. + If this parameter is left blank or is null character string, default value bandwidth is used. For IPv6 addresses, + the default parameter value is bandwidth outside China and is traffic in China. type: str required: true - dedicated_bandwidth: + name: description: - - Specifies the dedicated bandwidth object. - type: dict - required: false - suboptions: - charge_mode: - description: - - Specifies whether the bandwidth is billed by traffic or - by bandwidth size. The value can be bandwidth or traffic. - If this parameter is left blank or is null character - string, default value bandwidth is used. For IPv6 - addresses, the default parameter value is bandwidth - outside China and is traffic in China. - type: str - required: true - name: - description: - - Specifies the bandwidth name. The value is a string of 1 - to 64 characters that can contain letters, digits, - underscores (V(_)), hyphens (V(-)), and periods (V(.)). - type: str - required: true - size: - description: - - Specifies the bandwidth size. The value ranges from 1 - Mbit/s to 2000 Mbit/s by default. (The specific range may - vary depending on the configuration in each region. You - can see the bandwidth range of each region on the - management console.) The minimum unit for bandwidth - adjustment varies depending on the bandwidth range. The - details are as follows. - - The minimum unit is 1 Mbit/s if the allowed bandwidth - size ranges from 0 to 300 Mbit/s (with 300 Mbit/s - included). - - The minimum unit is 50 Mbit/s if the allowed bandwidth - size ranges 300 Mbit/s to 1000 Mbit/s (with 1000 Mbit/s - included). - - The minimum unit is 500 Mbit/s if the allowed bandwidth - size is greater than 1000 Mbit/s. - type: int - required: true - enterprise_project_id: - description: - - Specifies the enterprise project ID. + - Specifies the bandwidth name. The value is a string of 1 to 64 characters that can contain letters, digits, underscores + (V(_)), hyphens (V(-)), and periods (V(.)). type: str - required: false - ip_version: + required: true + size: description: - - The value can be 4 (IPv4 address) or 6 (IPv6 address). If this - parameter is left blank, an IPv4 address will be assigned. + - Specifies the bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. (The specific range may + vary depending on the configuration in each region. You can see the bandwidth range of each region on the management + console.) The minimum unit for bandwidth adjustment varies depending on the bandwidth range. The details are as + follows. + - The minimum unit is 1 Mbit/s if the allowed bandwidth size ranges from 0 to 300 Mbit/s (with 300 Mbit/s included). + - The minimum unit is 50 Mbit/s if the allowed bandwidth size ranges 300 Mbit/s to 1000 Mbit/s (with 1000 Mbit/s + included). + - The minimum unit is 500 Mbit/s if the allowed bandwidth size is greater than 1000 Mbit/s. type: int - required: false - ipv4_address: - description: - - Specifies the obtained IPv4 EIP. The system automatically assigns - an EIP if you do not specify it. - type: str - required: false - port_id: - description: - - Specifies the port ID. This parameter is returned only when a - private IP address is bound with the EIP. - type: str - required: false - shared_bandwidth_id: - description: - - Specifies the ID of shared bandwidth. - type: str - required: false + required: true + enterprise_project_id: + description: + - Specifies the enterprise project ID. + type: str + required: false + ip_version: + description: + - The value can be 4 (IPv4 address) or 6 (IPv6 address). If this parameter is left blank, an IPv4 address will be assigned. + type: int + required: false + ipv4_address: + description: + - Specifies the obtained IPv4 EIP. The system automatically assigns an EIP if you do not specify it. + type: str + required: false + port_id: + description: + - Specifies the port ID. This parameter is returned only when a private IP address is bound with the EIP. + type: str + required: false + shared_bandwidth_id: + description: + - Specifies the ID of shared bandwidth. + type: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create an eip and bind it to a port - name: Create vpc hwc_network_vpc: @@ -159,107 +143,91 @@ EXAMPLES = ''' name: "ansible_test_dedicated_bandwidth" size: 1 port_id: "{{ port.id }}" -''' +""" -RETURN = ''' - type: - description: - - Specifies the EIP type. - type: str - returned: success - dedicated_bandwidth: - description: - - Specifies the dedicated bandwidth object. - type: dict - returned: success - contains: - charge_mode: - description: - - Specifies whether the bandwidth is billed by traffic or - by bandwidth size. The value can be bandwidth or traffic. - If this parameter is left blank or is null character - string, default value bandwidth is used. For IPv6 - addresses, the default parameter value is bandwidth - outside China and is traffic in China. - type: str - returned: success - name: - description: - - Specifies the bandwidth name. The value is a string of 1 - to 64 characters that can contain letters, digits, - underscores (V(_)), hyphens (V(-)), and periods (V(.)). - type: str - returned: success - size: - description: - - Specifies the bandwidth size. The value ranges from 1 - Mbit/s to 2000 Mbit/s by default. (The specific range may - vary depending on the configuration in each region. You - can see the bandwidth range of each region on the - management console.) The minimum unit for bandwidth - adjustment varies depending on the bandwidth range. The - details are as follows:. - - The minimum unit is 1 Mbit/s if the allowed bandwidth - size ranges from 0 to 300 Mbit/s (with 300 Mbit/s - included). - - The minimum unit is 50 Mbit/s if the allowed bandwidth - size ranges 300 Mbit/s to 1000 Mbit/s (with 1000 Mbit/s - included). - - The minimum unit is 500 Mbit/s if the allowed bandwidth - size is greater than 1000 Mbit/s. - type: int - returned: success - id: - description: - - Specifies the ID of dedicated bandwidth. - type: str - returned: success - enterprise_project_id: - description: - - Specifies the enterprise project ID. - type: str - returned: success - ip_version: - description: - - The value can be 4 (IPv4 address) or 6 (IPv6 address). If this - parameter is left blank, an IPv4 address will be assigned. - type: int - returned: success - ipv4_address: - description: - - Specifies the obtained IPv4 EIP. The system automatically assigns - an EIP if you do not specify it. - type: str - returned: success - port_id: - description: - - Specifies the port ID. This parameter is returned only when a - private IP address is bound with the EIP. - type: str - returned: success - shared_bandwidth_id: - description: - - Specifies the ID of shared bandwidth. - type: str - returned: success - create_time: - description: - - Specifies the time (UTC time) when the EIP was assigned. - type: str - returned: success - ipv6_address: - description: - - Specifies the obtained IPv6 EIP. - type: str - returned: success - private_ip_address: - description: - - Specifies the private IP address bound with the EIP. This - parameter is returned only when a private IP address is bound - with the EIP. - type: str - returned: success -''' +RETURN = r""" +type: + description: + - Specifies the EIP type. + type: str + returned: success +dedicated_bandwidth: + description: + - Specifies the dedicated bandwidth object. + type: dict + returned: success + contains: + charge_mode: + description: + - Specifies whether the bandwidth is billed by traffic or by bandwidth size. The value can be bandwidth or traffic. + If this parameter is left blank or is null character string, default value bandwidth is used. For IPv6 addresses, + the default parameter value is bandwidth outside China and is traffic in China. + type: str + returned: success + name: + description: + - Specifies the bandwidth name. The value is a string of 1 to 64 characters that can contain letters, digits, underscores + (V(_)), hyphens (V(-)), and periods (V(.)). + type: str + returned: success + size: + description: + - Specifies the bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. (The specific range may + vary depending on the configuration in each region. You can see the bandwidth range of each region on the management + console.) The minimum unit for bandwidth adjustment varies depending on the bandwidth range. The details are as + follows:. + - The minimum unit is 1 Mbit/s if the allowed bandwidth size ranges from 0 to 300 Mbit/s (with 300 Mbit/s included). + - The minimum unit is 50 Mbit/s if the allowed bandwidth size ranges 300 Mbit/s to 1000 Mbit/s (with 1000 Mbit/s included). + - The minimum unit is 500 Mbit/s if the allowed bandwidth size is greater than 1000 Mbit/s. + type: int + returned: success + id: + description: + - Specifies the ID of dedicated bandwidth. + type: str + returned: success +enterprise_project_id: + description: + - Specifies the enterprise project ID. + type: str + returned: success +ip_version: + description: + - The value can be 4 (IPv4 address) or 6 (IPv6 address). If this parameter is left blank, an IPv4 address will be assigned. + type: int + returned: success +ipv4_address: + description: + - Specifies the obtained IPv4 EIP. The system automatically assigns an EIP if you do not specify it. + type: str + returned: success +port_id: + description: + - Specifies the port ID. This parameter is returned only when a private IP address is bound with the EIP. + type: str + returned: success +shared_bandwidth_id: + description: + - Specifies the ID of shared bandwidth. + type: str + returned: success +create_time: + description: + - Specifies the time (UTC time) when the EIP was assigned. + type: str + returned: success +ipv6_address: + description: + - Specifies the obtained IPv6 EIP. + type: str + returned: success +private_ip_address: + description: + - Specifies the private IP address bound with the EIP. This parameter is returned only when a private IP address is bound + with the EIP. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcClientException404, HwcModule, @@ -547,8 +515,7 @@ def async_wait_create(config, result, client, timeout): path_parameters = { "publicip_id": ["publicip", "id"], } - data = dict((key, navigate_value(result, path)) - for key, path in path_parameters.items()) + data = {key: navigate_value(result, path) for key, path in path_parameters.items()} url = build_path(module, "publicips/{publicip_id}", data) diff --git a/plugins/modules/hwc_vpc_peering_connect.py b/plugins/modules/hwc_vpc_peering_connect.py index 2d6832ce5d..478b28a2c8 100644 --- a/plugins/modules/hwc_vpc_peering_connect.py +++ b/plugins/modules/hwc_vpc_peering_connect.py @@ -13,79 +13,75 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_peering_connect description: - - vpc peering management. -short_description: Creates a resource of Vpc/PeeringConnect in Huawei Cloud + - VPC peering management. +short_description: Creates a resource of VPC/PeeringConnect in Huawei Cloud version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huawei Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - timeouts: - description: - - The timeouts for each operations. - type: dict - default: {} - suboptions: - create: - description: - - The timeouts for create operation. - type: str - default: '15m' - local_vpc_id: - description: - - Specifies the ID of local VPC. - type: str - required: true - name: - description: - - Specifies the name of the VPC peering connection. The value can - contain 1 to 64 characters. - type: str - required: true - peering_vpc: - description: - - Specifies information about the peering VPC. - type: dict - required: true - suboptions: - vpc_id: - description: - - Specifies the ID of peering VPC. - type: str - required: true - project_id: - description: - - Specifies the ID of the project which the peering vpc - belongs to. - type: str - required: false + state: description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + timeouts: + description: + - The timeouts for each operations. + type: dict + default: {} + suboptions: + create: description: - - The description of vpc peering connection. + - The timeouts for create operation. + type: str + default: '15m' + local_vpc_id: + description: + - Specifies the ID of local VPC. + type: str + required: true + name: + description: + - Specifies the name of the VPC peering connection. The value can contain 1 to 64 characters. + type: str + required: true + peering_vpc: + description: + - Specifies information about the peering VPC. + type: dict + required: true + suboptions: + vpc_id: + description: + - Specifies the ID of peering VPC. + type: str + required: true + project_id: + description: + - Specifies the ID of the project which the peering vpc belongs to. type: str required: false + description: + description: + - The description of vpc peering connection. + type: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create a peering connect - name: Create a local vpc hwc_network_vpc: @@ -103,43 +99,41 @@ EXAMPLES = ''' name: "ansible_network_peering_test" peering_vpc: vpc_id: "{{ vpc2.id }}" -''' +""" -RETURN = ''' - local_vpc_id: - description: - - Specifies the ID of local VPC. - type: str - returned: success - name: - description: - - Specifies the name of the VPC peering connection. The value can - contain 1 to 64 characters. - type: str - returned: success - peering_vpc: - description: - - Specifies information about the peering VPC. - type: dict - returned: success - contains: - vpc_id: - description: - - Specifies the ID of peering VPC. - type: str - returned: success - project_id: - description: - - Specifies the ID of the project which the peering vpc - belongs to. - type: str - returned: success - description: - description: - - The description of vpc peering connection. - type: str - returned: success -''' +RETURN = r""" +local_vpc_id: + description: + - Specifies the ID of local VPC. + type: str + returned: success +name: + description: + - Specifies the name of the VPC peering connection. The value can contain 1 to 64 characters. + type: str + returned: success +peering_vpc: + description: + - Specifies information about the peering VPC. + type: dict + returned: success + contains: + vpc_id: + description: + - Specifies the ID of peering VPC. + type: str + returned: success + project_id: + description: + - Specifies the ID of the project which the peering vpc belongs to. + type: str + returned: success +description: + description: + - The description of vpc peering connection. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcClientException404, HwcModule, @@ -407,8 +401,7 @@ def async_wait_create(config, result, client, timeout): path_parameters = { "peering_id": ["peering", "id"], } - data = dict((key, navigate_value(result, path)) - for key, path in path_parameters.items()) + data = {key: navigate_value(result, path) for key, path in path_parameters.items()} url = build_path(module, "v2.0/vpc/peerings/{peering_id}", data) diff --git a/plugins/modules/hwc_vpc_port.py b/plugins/modules/hwc_vpc_port.py index 2d830493d4..47f911821e 100644 --- a/plugins/modules/hwc_vpc_port.py +++ b/plugins/modules/hwc_vpc_port.py @@ -12,110 +12,105 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_port description: - - vpc port management. -short_description: Creates a resource of Vpc/Port in Huawei Cloud + - VPC port management. +short_description: Creates a resource of VPC/Port in Huawei Cloud version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: + state: + description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + timeouts: + description: + - The timeouts for each operations. + type: dict + default: {} + suboptions: + create: description: - - Whether the given object should exist in Huawei Cloud. + - The timeouts for create operation. type: str - choices: ['present', 'absent'] - default: 'present' - timeouts: + default: '15m' + subnet_id: + description: + - Specifies the ID of the subnet to which the port belongs. + type: str + required: true + admin_state_up: + description: + - Specifies the administrative state of the port. + type: bool + required: false + allowed_address_pairs: + description: + - Specifies a set of zero or more allowed address pairs. + required: false + type: list + elements: dict + suboptions: + ip_address: description: - - The timeouts for each operations. - type: dict - default: {} - suboptions: - create: - description: - - The timeouts for create operation. - type: str - default: '15m' - subnet_id: - description: - - Specifies the ID of the subnet to which the port belongs. - type: str - required: true - admin_state_up: - description: - - Specifies the administrative state of the port. - type: bool - required: false - allowed_address_pairs: - description: - - Specifies a set of zero or more allowed address pairs. - required: false - type: list - elements: dict - suboptions: - ip_address: - description: - - Specifies the IP address. It cannot set it to 0.0.0.0. - Configure an independent security group for the port if a - large CIDR block (subnet mask less than 24) is configured - for parameter allowed_address_pairs. - type: str - required: false - mac_address: - description: - - Specifies the MAC address. - type: str - required: false - extra_dhcp_opts: - description: - - Specifies the extended option of DHCP. - type: list - elements: dict - required: false - suboptions: - name: - description: - - Specifies the option name. - type: str - required: false - value: - description: - - Specifies the option value. - type: str - required: false - ip_address: - description: - - Specifies the port IP address. + - Specifies the IP address. It cannot set it to 0.0.0.0. Configure an independent security group for the port if + a large CIDR block (subnet mask less than 24) is configured for parameter allowed_address_pairs. type: str required: false - name: + mac_address: description: - - Specifies the port name. The value can contain no more than 255 - characters. + - Specifies the MAC address. type: str required: false - security_groups: + extra_dhcp_opts: + description: + - Specifies the extended option of DHCP. + type: list + elements: dict + required: false + suboptions: + name: description: - - Specifies the ID of the security group. - type: list - elements: str + - Specifies the option name. + type: str required: false + value: + description: + - Specifies the option value. + type: str + required: false + ip_address: + description: + - Specifies the port IP address. + type: str + required: false + name: + description: + - Specifies the port name. The value can contain no more than 255 characters. + type: str + required: false + security_groups: + description: + - Specifies the ID of the security group. + type: list + elements: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create a port - name: Create vpc hwc_network_vpc: @@ -134,76 +129,73 @@ EXAMPLES = ''' community.general.hwc_vpc_port: subnet_id: "{{ subnet.id }}" ip_address: "192.168.100.33" -''' +""" -RETURN = ''' - subnet_id: - description: - - Specifies the ID of the subnet to which the port belongs. - type: str - returned: success - admin_state_up: - description: - - Specifies the administrative state of the port. - type: bool - returned: success - allowed_address_pairs: - description: - - Specifies a set of zero or more allowed address pairs. - type: list - returned: success - contains: - ip_address: - description: - - Specifies the IP address. It cannot set it to 0.0.0.0. - Configure an independent security group for the port if a - large CIDR block (subnet mask less than 24) is configured - for parameter allowed_address_pairs. - type: str - returned: success - mac_address: - description: - - Specifies the MAC address. - type: str - returned: success - extra_dhcp_opts: - description: - - Specifies the extended option of DHCP. - type: list - returned: success - contains: - name: - description: - - Specifies the option name. - type: str - returned: success - value: - description: - - Specifies the option value. - type: str - returned: success +RETURN = r""" +subnet_id: + description: + - Specifies the ID of the subnet to which the port belongs. + type: str + returned: success +admin_state_up: + description: + - Specifies the administrative state of the port. + type: bool + returned: success +allowed_address_pairs: + description: + - Specifies a set of zero or more allowed address pairs. + type: list + returned: success + contains: ip_address: - description: - - Specifies the port IP address. - type: str - returned: success - name: - description: - - Specifies the port name. The value can contain no more than 255 - characters. - type: str - returned: success - security_groups: - description: - - Specifies the ID of the security group. - type: list - returned: success + description: + - Specifies the IP address. It cannot set it to 0.0.0.0. Configure an independent security group for the port if a + large CIDR block (subnet mask less than 24) is configured for parameter allowed_address_pairs. + type: str + returned: success mac_address: - description: - - Specifies the port MAC address. - type: str - returned: success -''' + description: + - Specifies the MAC address. + type: str + returned: success +extra_dhcp_opts: + description: + - Specifies the extended option of DHCP. + type: list + returned: success + contains: + name: + description: + - Specifies the option name. + type: str + returned: success + value: + description: + - Specifies the option value. + type: str + returned: success +ip_address: + description: + - Specifies the port IP address. + type: str + returned: success +name: + description: + - Specifies the port name. The value can contain no more than 255 characters. + type: str + returned: success +security_groups: + description: + - Specifies the ID of the security group. + type: list + returned: success +mac_address: + description: + - Specifies the port MAC address. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcClientException404, HwcModule, @@ -560,8 +552,7 @@ def async_wait_create(config, result, client, timeout): path_parameters = { "port_id": ["port", "id"], } - data = dict((key, navigate_value(result, path)) - for key, path in path_parameters.items()) + data = {key: navigate_value(result, path) for key, path in path_parameters.items()} url = build_path(module, "ports/{port_id}", data) diff --git a/plugins/modules/hwc_vpc_private_ip.py b/plugins/modules/hwc_vpc_private_ip.py index 95e759f6f2..695c644cb9 100644 --- a/plugins/modules/hwc_vpc_private_ip.py +++ b/plugins/modules/hwc_vpc_private_ip.py @@ -12,54 +12,51 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_private_ip description: - - vpc private ip management. -short_description: Creates a resource of Vpc/PrivateIP in Huawei Cloud + - VPC private IP management. +short_description: Creates a resource of VPC/PrivateIP in Huawei Cloud notes: - - If O(id) option is provided, it takes precedence over O(subnet_id), O(ip_address) for private ip selection. - - O(subnet_id), O(ip_address) are used for private ip selection. If more than one private ip with this options exists, execution is aborted. - - No parameter support updating. If one of option is changed, the module will create a new resource. + - If O(id) option is provided, it takes precedence over O(subnet_id), O(ip_address) for private IP selection. + - O(subnet_id), O(ip_address) are used for private IP selection. If more than one private IP with this options exists, execution + is aborted. + - No parameter support updating. If one of option is changed, the module will create a new resource. version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huawei Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - subnet_id: - description: - - Specifies the ID of the subnet from which IP addresses are - assigned. Cannot be changed after creating the private ip. - type: str - required: true - ip_address: - description: - - Specifies the target IP address. The value can be an available IP - address in the subnet. If it is not specified, the system - automatically assigns an IP address. Cannot be changed after - creating the private ip. - type: str - required: false + state: + description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + subnet_id: + description: + - Specifies the ID of the subnet from which IP addresses are assigned. Cannot be changed after creating the private + IP. + type: str + required: true + ip_address: + description: + - Specifies the target IP address. The value can be an available IP address in the subnet. If it is not specified, the + system automatically assigns an IP address. Cannot be changed after creating the private IP. + type: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' -# create a private ip +EXAMPLES = r""" +# create a private IP - name: Create vpc hwc_network_vpc: cidr: "192.168.100.0/24" @@ -73,27 +70,25 @@ EXAMPLES = ''' vpc_id: "{{ vpc.id }}" cidr: "192.168.100.0/26" register: subnet -- name: Create a private ip +- name: Create a private IP community.general.hwc_vpc_private_ip: subnet_id: "{{ subnet.id }}" ip_address: "192.168.100.33" -''' +""" -RETURN = ''' - subnet_id: - description: - - Specifies the ID of the subnet from which IP addresses are - assigned. - type: str - returned: success - ip_address: - description: - - Specifies the target IP address. The value can be an available IP - address in the subnet. If it is not specified, the system - automatically assigns an IP address. - type: str - returned: success -''' +RETURN = r""" +subnet_id: + description: + - Specifies the ID of the subnet from which IP addresses are assigned. + type: str + returned: success +ip_address: + description: + - Specifies the target IP address. The value can be an available IP address in the subnet. If it is not specified, the + system automatically assigns an IP address. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcModule, are_different_dicts, build_path, diff --git a/plugins/modules/hwc_vpc_route.py b/plugins/modules/hwc_vpc_route.py index 091b49b0c8..85224fd4c8 100644 --- a/plugins/modules/hwc_vpc_route.py +++ b/plugins/modules/hwc_vpc_route.py @@ -12,60 +12,59 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_route description: - - vpc route management. -short_description: Creates a resource of Vpc/Route in Huawei Cloud + - VPC route management. +short_description: Creates a resource of VPC/Route in Huawei Cloud notes: - - If O(id) option is provided, it takes precedence over O(destination), O(vpc_id), O(type), and O(next_hop) for route selection. - - O(destination), O(vpc_id), O(type) and O(next_hop) are used for route selection. If more than one route with this options exists, execution is aborted. - - No parameter support updating. If one of option is changed, the module will create a new resource. + - If O(id) option is provided, it takes precedence over O(destination), O(vpc_id), O(type), and O(next_hop) for route selection. + - O(destination), O(vpc_id), O(type) and O(next_hop) are used for route selection. If more than one route with this options + exists, execution is aborted. + - No parameter support updating. If one of option is changed, the module will create a new resource. version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huawei Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - destination: - description: - - Specifies the destination IP address or CIDR block. - type: str - required: true - next_hop: - description: - - Specifies the next hop. The value is VPC peering connection ID. - type: str - required: true - vpc_id: - description: - - Specifies the VPC ID to which route is added. - type: str - required: true - type: - description: - - Specifies the type of route. - type: str - required: false - default: 'peering' + state: + description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + destination: + description: + - Specifies the destination IP address or CIDR block. + type: str + required: true + next_hop: + description: + - Specifies the next hop. The value is VPC peering connection ID. + type: str + required: true + vpc_id: + description: + - Specifies the VPC ID to which route is added. + type: str + required: true + type: + description: + - Specifies the type of route. + type: str + required: false + default: 'peering' extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create a peering connect - name: Create a local vpc hwc_network_vpc: @@ -91,35 +90,35 @@ EXAMPLES = ''' vpc_id: "{{ vpc1.id }}" destination: "192.168.0.0/16" next_hop: "{{ connect.id }}" -''' +""" -RETURN = ''' - id: - description: - - UUID of the route. - type: str - returned: success - destination: - description: - - Specifies the destination IP address or CIDR block. - type: str - returned: success - next_hop: - description: - - Specifies the next hop. The value is VPC peering connection ID. - type: str - returned: success - vpc_id: - description: - - Specifies the VPC ID to which route is added. - type: str - returned: success - type: - description: - - Specifies the type of route. - type: str - returned: success -''' +RETURN = r""" +id: + description: + - UUID of the route. + type: str + returned: success +destination: + description: + - Specifies the destination IP address or CIDR block. + type: str + returned: success +next_hop: + description: + - Specifies the next hop. The value is VPC peering connection ID. + type: str + returned: success +vpc_id: + description: + - Specifies the VPC ID to which route is added. + type: str + returned: success +type: + description: + - Specifies the type of route. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcModule, are_different_dicts, build_path, diff --git a/plugins/modules/hwc_vpc_security_group.py b/plugins/modules/hwc_vpc_security_group.py index aa65e801c4..9f53b49c0d 100644 --- a/plugins/modules/hwc_vpc_security_group.py +++ b/plugins/modules/hwc_vpc_security_group.py @@ -12,162 +12,141 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_security_group description: - - vpc security group management. -short_description: Creates a resource of Vpc/SecurityGroup in Huawei Cloud + - VPC security group management. +short_description: Creates a resource of VPC/SecurityGroup in Huawei Cloud notes: - - If O(id) option is provided, it takes precedence over O(name), - O(enterprise_project_id), and O(vpc_id) for security group selection. - - O(name), O(enterprise_project_id) and O(vpc_id) are used for security - group selection. If more than one security group with this options exists, - execution is aborted. - - No parameter support updating. If one of option is changed, the module - will create a new resource. + - If O(id) option is provided, it takes precedence over O(name), O(enterprise_project_id), and O(vpc_id) for security group + selection. + - O(name), O(enterprise_project_id) and O(vpc_id) are used for security group selection. If more than one security group + with this options exists, execution is aborted. + - No parameter support updating. If one of option is changed, the module will create a new resource. version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huawei Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - name: - description: - - Specifies the security group name. The value is a string of 1 to - 64 characters that can contain letters, digits, underscores (V(_)), - hyphens (V(-)), and periods (V(.)). - type: str - required: true - enterprise_project_id: - description: - - Specifies the enterprise project ID. When creating a security - group, associate the enterprise project ID with the security - group.s - type: str - required: false - vpc_id: - description: - - Specifies the resource ID of the VPC to which the security group - belongs. - type: str - required: false + state: + description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + name: + description: + - Specifies the security group name. The value is a string of 1 to 64 characters that can contain letters, digits, underscores + (V(_)), hyphens (V(-)), and periods (V(.)). + type: str + required: true + enterprise_project_id: + description: + - Specifies the enterprise project ID. When creating a security group, associate the enterprise project ID with the + security group.s. + type: str + required: false + vpc_id: + description: + - Specifies the resource ID of the VPC to which the security group belongs. + type: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create a security group - name: Create a security group community.general.hwc_vpc_security_group: name: "ansible_network_security_group_test" -''' +""" -RETURN = ''' - name: - description: - - Specifies the security group name. The value is a string of 1 to - 64 characters that can contain letters, digits, underscores (V(_)), - hyphens (V(-)), and periods (V(.)). - type: str - returned: success - enterprise_project_id: - description: - - Specifies the enterprise project ID. When creating a security - group, associate the enterprise project ID with the security - group. - type: str - returned: success - vpc_id: - description: - - Specifies the resource ID of the VPC to which the security group - belongs. - type: str - returned: success - rules: - description: - - Specifies the security group rule, which ensures that resources - in the security group can communicate with one another. - type: complex - returned: success - contains: - description: - description: - - Provides supplementary information about the security - group rule. - type: str - returned: success - direction: - description: - - Specifies the direction of access control. The value can - be egress or ingress. - type: str - returned: success - ethertype: - description: - - Specifies the IP protocol version. The value can be IPv4 - or IPv6. - type: str - returned: success - id: - description: - - Specifies the security group rule ID. - type: str - returned: success - port_range_max: - description: - - Specifies the end port number. The value ranges from 1 to - 65535. If the protocol is not icmp, the value cannot be - smaller than the port_range_min value. An empty value - indicates all ports. - type: int - returned: success - port_range_min: - description: - - Specifies the start port number. The value ranges from 1 - to 65535. The value cannot be greater than the - port_range_max value. An empty value indicates all ports. - type: int - returned: success - protocol: - description: - - Specifies the protocol type. The value can be icmp, tcp, - udp, or others. If the parameter is left blank, the - security group supports all protocols. - type: str - returned: success - remote_address_group_id: - description: - - Specifies the ID of remote IP address group. - type: str - returned: success - remote_group_id: - description: - - Specifies the ID of the peer security group. - type: str - returned: success - remote_ip_prefix: - description: - - Specifies the remote IP address. If the access control - direction is set to egress, the parameter specifies the - source IP address. If the access control direction is set - to ingress, the parameter specifies the destination IP - address. - type: str - returned: success -''' +RETURN = r""" +name: + description: + - Specifies the security group name. The value is a string of 1 to 64 characters that can contain letters, digits, underscores + (V(_)), hyphens (V(-)), and periods (V(.)). + type: str + returned: success +enterprise_project_id: + description: + - Specifies the enterprise project ID. When creating a security group, associate the enterprise project ID with the security + group. + type: str + returned: success +vpc_id: + description: + - Specifies the resource ID of the VPC to which the security group belongs. + type: str + returned: success +rules: + description: + - Specifies the security group rule, which ensures that resources in the security group can communicate with one another. + type: complex + returned: success + contains: + description: + description: + - Provides supplementary information about the security group rule. + type: str + returned: success + direction: + description: + - Specifies the direction of access control. The value can be egress or ingress. + type: str + returned: success + ethertype: + description: + - Specifies the IP protocol version. The value can be IPv4 or IPv6. + type: str + returned: success + id: + description: + - Specifies the security group rule ID. + type: str + returned: success + port_range_max: + description: + - Specifies the end port number. The value ranges from 1 to 65535. If the protocol is not icmp, the value cannot be + smaller than the port_range_min value. An empty value indicates all ports. + type: int + returned: success + port_range_min: + description: + - Specifies the start port number. The value ranges from 1 to 65535. The value cannot be greater than the port_range_max + value. An empty value indicates all ports. + type: int + returned: success + protocol: + description: + - Specifies the protocol type. The value can be icmp, tcp, udp, or others. If the parameter is left blank, the security + group supports all protocols. + type: str + returned: success + remote_address_group_id: + description: + - Specifies the ID of remote IP address group. + type: str + returned: success + remote_group_id: + description: + - Specifies the ID of the peer security group. + type: str + returned: success + remote_ip_prefix: + description: + - Specifies the remote IP address. If the access control direction is set to egress, the parameter specifies the source + IP address. If the access control direction is set to ingress, the parameter specifies the destination IP address. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcModule, are_different_dicts, build_path, diff --git a/plugins/modules/hwc_vpc_security_group_rule.py b/plugins/modules/hwc_vpc_security_group_rule.py index 899647e8ce..0848901cd5 100644 --- a/plugins/modules/hwc_vpc_security_group_rule.py +++ b/plugins/modules/hwc_vpc_security_group_rule.py @@ -12,105 +12,90 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_security_group_rule description: - - vpc security group management. -short_description: Creates a resource of Vpc/SecurityGroupRule in Huawei Cloud + - VPC security group management. +short_description: Creates a resource of VPC/SecurityGroupRule in Huawei Cloud notes: - - If O(id) option is provided, it takes precedence over - O(security_group_id) for security group rule selection. - - O(security_group_id) is used for security group rule selection. If more - than one security group rule with this options exists, execution is - aborted. - - No parameter support updating. If one of option is changed, the module - will create a new resource. + - If O(id) option is provided, it takes precedence over O(security_group_id) for security group rule selection. + - O(security_group_id) is used for security group rule selection. If more than one security group rule with this options + exists, execution is aborted. + - No parameter support updating. If one of option is changed, the module will create a new resource. version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - description: - - Whether the given object should exist in Huawei Cloud. - type: str - choices: ['present', 'absent'] - default: 'present' - direction: - description: - - Specifies the direction of access control. The value can be - egress or ingress. - type: str - required: true - security_group_id: - description: - - Specifies the security group rule ID, which uniquely identifies - the security group rule. - type: str - required: true + state: description: - description: - - Provides supplementary information about the security group rule. - The value is a string of no more than 255 characters that can - contain letters and digits. - type: str - required: false - ethertype: - description: - - Specifies the IP protocol version. The value can be IPv4 or IPv6. - If you do not set this parameter, IPv4 is used by default. - type: str - required: false - port_range_max: - description: - - Specifies the end port number. The value ranges from 1 to 65535. - If the protocol is not icmp, the value cannot be smaller than the - port_range_min value. An empty value indicates all ports. - type: int - required: false - port_range_min: - description: - - Specifies the start port number. The value ranges from 1 to - 65535. The value cannot be greater than the port_range_max value. - An empty value indicates all ports. - type: int - required: false - protocol: - description: - - Specifies the protocol type. The value can be icmp, tcp, or udp. - If the parameter is left blank, the security group supports all - protocols. - type: str - required: false - remote_group_id: - description: - - Specifies the ID of the peer security group. The value is - exclusive with parameter remote_ip_prefix. - type: str - required: false - remote_ip_prefix: - description: - - Specifies the remote IP address. If the access control direction - is set to egress, the parameter specifies the source IP address. - If the access control direction is set to ingress, the parameter - specifies the destination IP address. The value can be in the - CIDR format or IP addresses. The parameter is exclusive with - parameter remote_group_id. - type: str - required: false + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + direction: + description: + - Specifies the direction of access control. The value can be egress or ingress. + type: str + required: true + security_group_id: + description: + - Specifies the security group rule ID, which uniquely identifies the security group rule. + type: str + required: true + description: + description: + - Provides supplementary information about the security group rule. The value is a string of no more than 255 characters + that can contain letters and digits. + type: str + required: false + ethertype: + description: + - Specifies the IP protocol version. The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by + default. + type: str + required: false + port_range_max: + description: + - Specifies the end port number. The value ranges from 1 to 65535. If the protocol is not icmp, the value cannot be + smaller than the port_range_min value. An empty value indicates all ports. + type: int + required: false + port_range_min: + description: + - Specifies the start port number. The value ranges from 1 to 65535. The value cannot be greater than the port_range_max + value. An empty value indicates all ports. + type: int + required: false + protocol: + description: + - Specifies the protocol type. The value can be icmp, tcp, or udp. If the parameter is left blank, the security group + supports all protocols. + type: str + required: false + remote_group_id: + description: + - Specifies the ID of the peer security group. The value is exclusive with parameter remote_ip_prefix. + type: str + required: false + remote_ip_prefix: + description: + - Specifies the remote IP address. If the access control direction is set to egress, the parameter specifies the source + IP address. If the access control direction is set to ingress, the parameter specifies the destination IP address. + The value can be in the CIDR format or IP addresses. The parameter is exclusive with parameter remote_group_id. + type: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create a security group rule - name: Create a security group hwc_vpc_security_group: @@ -125,72 +110,62 @@ EXAMPLES = ''' security_group_id: "{{ sg.id }}" port_range_min: 22 remote_ip_prefix: "0.0.0.0/0" -''' +""" -RETURN = ''' - direction: - description: - - Specifies the direction of access control. The value can be - egress or ingress. - type: str - returned: success - security_group_id: - description: - - Specifies the security group rule ID, which uniquely identifies - the security group rule. - type: str - returned: success - description: - description: - - Provides supplementary information about the security group rule. - The value is a string of no more than 255 characters that can - contain letters and digits. - type: str - returned: success - ethertype: - description: - - Specifies the IP protocol version. The value can be IPv4 or IPv6. - If you do not set this parameter, IPv4 is used by default. - type: str - returned: success - port_range_max: - description: - - Specifies the end port number. The value ranges from 1 to 65535. - If the protocol is not icmp, the value cannot be smaller than the - port_range_min value. An empty value indicates all ports. - type: int - returned: success - port_range_min: - description: - - Specifies the start port number. The value ranges from 1 to - 65535. The value cannot be greater than the port_range_max value. - An empty value indicates all ports. - type: int - returned: success - protocol: - description: - - Specifies the protocol type. The value can be icmp, tcp, or udp. - If the parameter is left blank, the security group supports all - protocols. - type: str - returned: success - remote_group_id: - description: - - Specifies the ID of the peer security group. The value is - exclusive with parameter remote_ip_prefix. - type: str - returned: success - remote_ip_prefix: - description: - - Specifies the remote IP address. If the access control direction - is set to egress, the parameter specifies the source IP address. - If the access control direction is set to ingress, the parameter - specifies the destination IP address. The value can be in the - CIDR format or IP addresses. The parameter is exclusive with - parameter remote_group_id. - type: str - returned: success -''' +RETURN = r""" +direction: + description: + - Specifies the direction of access control. The value can be egress or ingress. + type: str + returned: success +security_group_id: + description: + - Specifies the security group rule ID, which uniquely identifies the security group rule. + type: str + returned: success +description: + description: + - Provides supplementary information about the security group rule. The value is a string of no more than 255 characters + that can contain letters and digits. + type: str + returned: success +ethertype: + description: + - Specifies the IP protocol version. The value can be IPv4 or IPv6. If you do not set this parameter, IPv4 is used by + default. + type: str + returned: success +port_range_max: + description: + - Specifies the end port number. The value ranges from 1 to 65535. If the protocol is not icmp, the value cannot be smaller + than the port_range_min value. An empty value indicates all ports. + type: int + returned: success +port_range_min: + description: + - Specifies the start port number. The value ranges from 1 to 65535. The value cannot be greater than the port_range_max + value. An empty value indicates all ports. + type: int + returned: success +protocol: + description: + - Specifies the protocol type. The value can be icmp, tcp, or udp. If the parameter is left blank, the security group + supports all protocols. + type: str + returned: success +remote_group_id: + description: + - Specifies the ID of the peer security group. The value is exclusive with parameter remote_ip_prefix. + type: str + returned: success +remote_ip_prefix: + description: + - Specifies the remote IP address. If the access control direction is set to egress, the parameter specifies the source + IP address. If the access control direction is set to ingress, the parameter specifies the destination IP address. The + value can be in the CIDR format or IP addresses. The parameter is exclusive with parameter remote_group_id. + type: str + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcModule, are_different_dicts, build_path, diff --git a/plugins/modules/hwc_vpc_subnet.py b/plugins/modules/hwc_vpc_subnet.py index 7ba7473301..84a9219370 100644 --- a/plugins/modules/hwc_vpc_subnet.py +++ b/plugins/modules/hwc_vpc_subnet.py @@ -12,99 +12,90 @@ __metaclass__ = type # Documentation ############################################################################### -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: hwc_vpc_subnet description: - - subnet management. -short_description: Creates a resource of Vpc/Subnet in Huawei Cloud + - Subnet management. +short_description: Creates a resource of VPC/Subnet in Huawei Cloud version_added: '0.2.0' author: Huawei Inc. (@huaweicloud) requirements: - - keystoneauth1 >= 3.6.0 + - keystoneauth1 >= 3.6.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: + state: + description: + - Whether the given object should exist in Huawei Cloud. + type: str + choices: ['present', 'absent'] + default: 'present' + timeouts: + description: + - The timeouts for each operations. + type: dict + default: {} + suboptions: + create: description: - - Whether the given object should exist in Huawei Cloud. + - The timeouts for create operation. type: str - choices: ['present', 'absent'] - default: 'present' - timeouts: + default: '15m' + update: description: - - The timeouts for each operations. - type: dict - default: {} - suboptions: - create: - description: - - The timeouts for create operation. - type: str - default: '15m' - update: - description: - - The timeouts for update operation. - type: str - default: '15m' - cidr: - description: - - Specifies the subnet CIDR block. The value must be within the VPC - CIDR block and be in CIDR format. The subnet mask cannot be - greater than 28. Cannot be changed after creating the subnet. + - The timeouts for update operation. type: str - required: true - gateway_ip: - description: - - Specifies the gateway of the subnet. The value must be an IP - address in the subnet. Cannot be changed after creating the subnet. - type: str - required: true - name: - description: - - Specifies the subnet name. The value is a string of 1 to 64 - characters that can contain letters, digits, underscores (V(_)), - hyphens (V(-)), and periods (V(.)). - type: str - required: true - vpc_id: - description: - - Specifies the ID of the VPC to which the subnet belongs. Cannot - be changed after creating the subnet. - type: str - required: true - availability_zone: - description: - - Specifies the AZ to which the subnet belongs. Cannot be changed - after creating the subnet. - type: str - required: false - dhcp_enable: - description: - - Specifies whether DHCP is enabled for the subnet. The value can - be true (enabled) or false(disabled), and default value is true. - If this parameter is set to false, newly created ECSs cannot - obtain IP addresses, and usernames and passwords cannot be - injected using Cloud-init. - type: bool - required: false - dns_address: - description: - - Specifies the DNS server addresses for subnet. The address - in the head will be used first. - type: list - elements: str - required: false + default: '15m' + cidr: + description: + - Specifies the subnet CIDR block. The value must be within the VPC CIDR block and be in CIDR format. The subnet mask + cannot be greater than 28. Cannot be changed after creating the subnet. + type: str + required: true + gateway_ip: + description: + - Specifies the gateway of the subnet. The value must be an IP address in the subnet. Cannot be changed after creating + the subnet. + type: str + required: true + name: + description: + - Specifies the subnet name. The value is a string of 1 to 64 characters that can contain letters, digits, underscores + (V(_)), hyphens (V(-)), and periods (V(.)). + type: str + required: true + vpc_id: + description: + - Specifies the ID of the VPC to which the subnet belongs. Cannot be changed after creating the subnet. + type: str + required: true + availability_zone: + description: + - Specifies the AZ to which the subnet belongs. Cannot be changed after creating the subnet. + type: str + required: false + dhcp_enable: + description: + - Specifies whether DHCP is enabled for the subnet. The value can be true (enabled) or false(disabled), and default + value is true. If this parameter is set to false, newly created ECSs cannot obtain IP addresses, and usernames and + passwords cannot be injected using Cloud-init. + type: bool + required: false + dns_address: + description: + - Specifies the DNS server addresses for subnet. The address in the head will be used first. + type: list + elements: str + required: false extends_documentation_fragment: - community.general.hwc - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # create subnet - name: Create vpc hwc_network_vpc: @@ -118,55 +109,49 @@ EXAMPLES = ''' gateway_ip: "192.168.100.32" name: "ansible_network_subnet_test" dhcp_enable: true -''' +""" -RETURN = ''' - cidr: - description: - - Specifies the subnet CIDR block. The value must be within the VPC - CIDR block and be in CIDR format. The subnet mask cannot be - greater than 28. - type: str - returned: success - gateway_ip: - description: - - Specifies the gateway of the subnet. The value must be an IP - address in the subnet. - type: str - returned: success - name: - description: - - Specifies the subnet name. The value is a string of 1 to 64 - characters that can contain letters, digits, underscores (V(_)), - hyphens (V(-)), and periods (V(.)). - type: str - returned: success - vpc_id: - description: - - Specifies the ID of the VPC to which the subnet belongs. - type: str - returned: success - availability_zone: - description: - - Specifies the AZ to which the subnet belongs. - type: str - returned: success - dhcp_enable: - description: - - Specifies whether DHCP is enabled for the subnet. The value can - be true (enabled) or false(disabled), and default value is true. - If this parameter is set to false, newly created ECSs cannot - obtain IP addresses, and usernames and passwords cannot be - injected using Cloud-init. - type: bool - returned: success - dns_address: - description: - - Specifies the DNS server addresses for subnet. The address - in the head will be used first. - type: list - returned: success -''' +RETURN = r""" +cidr: + description: + - Specifies the subnet CIDR block. The value must be within the VPC CIDR block and be in CIDR format. The subnet mask + cannot be greater than 28. + type: str + returned: success +gateway_ip: + description: + - Specifies the gateway of the subnet. The value must be an IP address in the subnet. + type: str + returned: success +name: + description: + - Specifies the subnet name. The value is a string of 1 to 64 characters that can contain letters, digits, underscores + (V(_)), hyphens (V(-)), and periods (V(.)). + type: str + returned: success +vpc_id: + description: + - Specifies the ID of the VPC to which the subnet belongs. + type: str + returned: success +availability_zone: + description: + - Specifies the AZ to which the subnet belongs. + type: str + returned: success +dhcp_enable: + description: + - Specifies whether DHCP is enabled for the subnet. The value can be true (enabled) or false(disabled), and default value + is true. If this parameter is set to false, newly created ECSs cannot obtain IP addresses, and usernames and passwords + cannot be injected using Cloud-init. + type: bool + returned: success +dns_address: + description: + - Specifies the DNS server addresses for subnet. The address in the head will be used first. + type: list + returned: success +""" from ansible_collections.community.general.plugins.module_utils.hwc_utils import ( Config, HwcClientException, HwcClientException404, HwcModule, @@ -440,8 +425,7 @@ def async_wait_create(config, result, client, timeout): path_parameters = { "subnet_id": ["subnet", "id"], } - data = dict((key, navigate_value(result, path)) - for key, path in path_parameters.items()) + data = {key: navigate_value(result, path) for key, path in path_parameters.items()} url = build_path(module, "subnets/{subnet_id}", data) @@ -538,8 +522,7 @@ def async_wait_update(config, result, client, timeout): path_parameters = { "subnet_id": ["subnet", "id"], } - data = dict((key, navigate_value(result, path)) - for key, path in path_parameters.items()) + data = {key: navigate_value(result, path) for key, path in path_parameters.items()} url = build_path(module, "subnets/{subnet_id}", data) diff --git a/plugins/modules/ibm_sa_domain.py b/plugins/modules/ibm_sa_domain.py index 774f29134c..d34474b551 100644 --- a/plugins/modules/ibm_sa_domain.py +++ b/plugins/modules/ibm_sa_domain.py @@ -10,92 +10,90 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ibm_sa_domain short_description: Manages domains on IBM Spectrum Accelerate Family storage systems description: - - "This module can be used to add domains to or removes them from IBM Spectrum Accelerate Family storage systems." - + - This module can be used to add domains to or removes them from IBM Spectrum Accelerate Family storage systems. attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - domain: - description: - - Name of the domain to be managed. - required: true - type: str - state: - description: - - The desired state of the domain. - default: "present" - choices: [ "present", "absent" ] - type: str - ldap_id: - description: - - ldap id to add to the domain. - required: false - type: str - size: - description: - - Size of the domain. - required: false - type: str - hard_capacity: - description: - - Hard capacity of the domain. - required: false - type: str - soft_capacity: - description: - - Soft capacity of the domain. - required: false - type: str - max_cgs: - description: - - Number of max cgs. - required: false - type: str - max_dms: - description: - - Number of max dms. - required: false - type: str - max_mirrors: - description: - - Number of max_mirrors. - required: false - type: str - max_pools: - description: - - Number of max_pools. - required: false - type: str - max_volumes: - description: - - Number of max_volumes. - required: false - type: str - perf_class: - description: - - Add the domain to a performance class. - required: false - type: str + domain: + description: + - Name of the domain to be managed. + required: true + type: str + state: + description: + - The desired state of the domain. + default: "present" + choices: ["present", "absent"] + type: str + ldap_id: + description: + - LDAP ID to add to the domain. + required: false + type: str + size: + description: + - Size of the domain. + required: false + type: str + hard_capacity: + description: + - Hard capacity of the domain. + required: false + type: str + soft_capacity: + description: + - Soft capacity of the domain. + required: false + type: str + max_cgs: + description: + - Number of max cgs. + required: false + type: str + max_dms: + description: + - Number of max dms. + required: false + type: str + max_mirrors: + description: + - Number of max_mirrors. + required: false + type: str + max_pools: + description: + - Number of max_pools. + required: false + type: str + max_volumes: + description: + - Number of max_volumes. + required: false + type: str + perf_class: + description: + - Add the domain to a performance class. + required: false + type: str extends_documentation_fragment: - community.general.ibm_storage - community.general.attributes author: - - Tzur Eliyahu (@tzure) -''' + - Tzur Eliyahu (@tzure) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Define new domain. community.general.ibm_sa_domain: domain: domain_name @@ -112,14 +110,14 @@ EXAMPLES = ''' username: admin password: secret endpoints: hostdev-system -''' -RETURN = ''' +""" +RETURN = r""" msg: - description: module return status. - returned: as needed - type: str - sample: "domain 'domain_name' created successfully." -''' + description: Module return status. + returned: as needed + type: str + sample: "domain 'domain_name' created successfully." +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ibm_sa_utils import execute_pyxcli_command, \ diff --git a/plugins/modules/ibm_sa_host.py b/plugins/modules/ibm_sa_host.py index 614865ae01..f6613b3b29 100644 --- a/plugins/modules/ibm_sa_host.py +++ b/plugins/modules/ibm_sa_host.py @@ -10,66 +10,61 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ibm_sa_host short_description: Adds hosts to or removes them from IBM Spectrum Accelerate Family storage systems description: - - "This module adds hosts to or removes them from IBM Spectrum Accelerate Family storage systems." - + - This module adds hosts to or removes them from IBM Spectrum Accelerate Family storage systems. attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - host: - description: - - Host name. - required: true - type: str - state: - description: - - Host state. - default: "present" - choices: [ "present", "absent" ] - type: str - cluster: - description: - - The name of the cluster to include the host. - required: false - type: str - domain: - description: - - The domains the cluster will be attached to. - To include more than one domain, - separate domain names with commas. - To include all existing domains, use an asterisk ("*"). - required: false - type: str - iscsi_chap_name: - description: - - The host's CHAP name identifier - required: false - type: str - iscsi_chap_secret: - description: - - The password of the initiator used to - authenticate to the system when CHAP is enable - required: false - type: str + host: + description: + - Host name. + required: true + type: str + state: + description: + - Host state. + default: "present" + choices: ["present", "absent"] + type: str + cluster: + description: + - The name of the cluster to include the host. + required: false + type: str + domain: + description: + - The domains the cluster will be attached to. To include more than one domain, separate domain names with commas. To + include all existing domains, use an asterisk (V(*)). + required: false + type: str + iscsi_chap_name: + description: + - The host's CHAP name identifier. + required: false + type: str + iscsi_chap_secret: + description: + - The password of the initiator used to authenticate to the system when CHAP is enable. + required: false + type: str extends_documentation_fragment: - community.general.ibm_storage - community.general.attributes author: - - Tzur Eliyahu (@tzure) -''' + - Tzur Eliyahu (@tzure) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Define new host. community.general.ibm_sa_host: host: host_name @@ -85,9 +80,9 @@ EXAMPLES = ''' username: admin password: secret endpoints: hostdev-system -''' -RETURN = ''' -''' +""" +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ibm_sa_utils import execute_pyxcli_command, \ diff --git a/plugins/modules/ibm_sa_host_ports.py b/plugins/modules/ibm_sa_host_ports.py index fdb27f85a2..25342eb62e 100644 --- a/plugins/modules/ibm_sa_host_ports.py +++ b/plugins/modules/ibm_sa_host_ports.py @@ -10,58 +10,55 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ibm_sa_host_ports short_description: Add host ports on IBM Spectrum Accelerate Family storage systems description: - - "This module adds ports to or removes them from the hosts - on IBM Spectrum Accelerate Family storage systems." - + - This module adds ports to or removes them from the hosts on IBM Spectrum Accelerate Family storage systems. attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - host: - description: - - Host name. - required: true - type: str - state: - description: - - Host ports state. - default: "present" - choices: [ "present", "absent" ] - type: str - iscsi_name: - description: - - iSCSI initiator name. - required: false - type: str - fcaddress: - description: - - Fiber channel address. - required: false - type: str - num_of_visible_targets: - description: - - Number of visible targets. - required: false - type: str + host: + description: + - Host name. + required: true + type: str + state: + description: + - Host ports state. + default: "present" + choices: ["present", "absent"] + type: str + iscsi_name: + description: + - The iSCSI initiator name. + required: false + type: str + fcaddress: + description: + - Fiber channel address. + required: false + type: str + num_of_visible_targets: + description: + - Number of visible targets. + required: false + type: str extends_documentation_fragment: - community.general.ibm_storage - community.general.attributes author: - - Tzur Eliyahu (@tzure) -''' + - Tzur Eliyahu (@tzure) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add ports for host. community.general.ibm_sa_host_ports: host: test_host @@ -79,10 +76,9 @@ EXAMPLES = ''' password: secret endpoints: hostdev-system state: absent - -''' -RETURN = ''' -''' +""" +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ibm_sa_utils import (execute_pyxcli_command, connect_ssl, diff --git a/plugins/modules/ibm_sa_pool.py b/plugins/modules/ibm_sa_pool.py index 88065aa4ec..38f3820435 100644 --- a/plugins/modules/ibm_sa_pool.py +++ b/plugins/modules/ibm_sa_pool.py @@ -10,62 +10,60 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ibm_sa_pool short_description: Handles pools on IBM Spectrum Accelerate Family storage systems description: - - "This module creates or deletes pools to be used on IBM Spectrum Accelerate Family storage systems" - + - This module creates or deletes pools to be used on IBM Spectrum Accelerate Family storage systems. attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - pool: - description: - - Pool name. - required: true - type: str - state: - description: - - Pool state. - default: "present" - choices: [ "present", "absent" ] - type: str - size: - description: - - Pool size in GB - required: false - type: str - snapshot_size: - description: - - Pool snapshot size in GB - required: false - type: str - domain: - description: - - Adds the pool to the specified domain. - required: false - type: str - perf_class: - description: - - Assigns a perf_class to the pool. - required: false - type: str + pool: + description: + - Pool name. + required: true + type: str + state: + description: + - Pool state. + default: "present" + choices: ["present", "absent"] + type: str + size: + description: + - Pool size in GB. + required: false + type: str + snapshot_size: + description: + - Pool snapshot size in GB. + required: false + type: str + domain: + description: + - Adds the pool to the specified domain. + required: false + type: str + perf_class: + description: + - Assigns a perf_class to the pool. + required: false + type: str extends_documentation_fragment: - community.general.ibm_storage - community.general.attributes author: - - Tzur Eliyahu (@tzure) -''' + - Tzur Eliyahu (@tzure) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create new pool. community.general.ibm_sa_pool: name: pool_name @@ -82,9 +80,9 @@ EXAMPLES = ''' username: admin password: secret endpoints: hostdev-system -''' -RETURN = ''' -''' +""" +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ibm_sa_utils import execute_pyxcli_command, \ diff --git a/plugins/modules/ibm_sa_vol.py b/plugins/modules/ibm_sa_vol.py index bc5f81b32f..f9d0837b17 100644 --- a/plugins/modules/ibm_sa_vol.py +++ b/plugins/modules/ibm_sa_vol.py @@ -10,52 +10,50 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ibm_sa_vol short_description: Handle volumes on IBM Spectrum Accelerate Family storage systems description: - - "This module creates or deletes volumes to be used on IBM Spectrum Accelerate Family storage systems." - + - This module creates or deletes volumes to be used on IBM Spectrum Accelerate Family storage systems. attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - vol: - description: - - Volume name. - required: true - type: str - pool: - description: - - Volume pool. - required: false - type: str - state: - description: - - Volume state. - default: "present" - choices: [ "present", "absent" ] - type: str - size: - description: - - Volume size. - required: false - type: str + vol: + description: + - Volume name. + required: true + type: str + pool: + description: + - Volume pool. + required: false + type: str + state: + description: + - Volume state. + default: "present" + choices: ["present", "absent"] + type: str + size: + description: + - Volume size. + required: false + type: str extends_documentation_fragment: - community.general.ibm_storage - community.general.attributes author: - - Tzur Eliyahu (@tzure) -''' + - Tzur Eliyahu (@tzure) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a new volume. community.general.ibm_sa_vol: vol: volume_name @@ -73,9 +71,9 @@ EXAMPLES = ''' username: admin password: secret endpoints: hostdev-system -''' -RETURN = ''' -''' +""" +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ibm_sa_utils import execute_pyxcli_command, \ diff --git a/plugins/modules/ibm_sa_vol_map.py b/plugins/modules/ibm_sa_vol_map.py index ea8b485ef1..7f5edf83ba 100644 --- a/plugins/modules/ibm_sa_vol_map.py +++ b/plugins/modules/ibm_sa_vol_map.py @@ -10,65 +10,61 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ibm_sa_vol_map short_description: Handles volume mapping on IBM Spectrum Accelerate Family storage systems description: - - "This module maps volumes to or unmaps them from the hosts on - IBM Spectrum Accelerate Family storage systems." - + - This module maps volumes to or unmaps them from the hosts on IBM Spectrum Accelerate Family storage systems. attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - vol: - description: - - Volume name. - required: true - type: str - state: - default: "present" - choices: [ "present", "absent" ] - description: - - When the state is present the volume is mapped. - When the state is absent, the volume is meant to be unmapped. - type: str + vol: + description: + - Volume name. + required: true + type: str + state: + default: "present" + choices: ["present", "absent"] + description: + - When the state is present the volume is mapped. When the state is absent, the volume is meant to be unmapped. + type: str - cluster: - description: - - Maps the volume to a cluster. - required: false - type: str - host: - description: - - Maps the volume to a host. - required: false - type: str - lun: - description: - - The LUN identifier. - required: false - type: str - override: - description: - - Overrides the existing volume mapping. - required: false - type: str + cluster: + description: + - Maps the volume to a cluster. + required: false + type: str + host: + description: + - Maps the volume to a host. + required: false + type: str + lun: + description: + - The LUN identifier. + required: false + type: str + override: + description: + - Overrides the existing volume mapping. + required: false + type: str extends_documentation_fragment: - community.general.ibm_storage - community.general.attributes author: - - Tzur Eliyahu (@tzure) -''' + - Tzur Eliyahu (@tzure) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Map volume to host. community.general.ibm_sa_vol_map: vol: volume_name @@ -96,9 +92,9 @@ EXAMPLES = ''' password: secret endpoints: hostdev-system state: absent -''' -RETURN = ''' -''' +""" +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ibm_sa_utils import (execute_pyxcli_command, diff --git a/plugins/modules/icinga2_feature.py b/plugins/modules/icinga2_feature.py index 0c79f6cba9..1b39a857e4 100644 --- a/plugins/modules/icinga2_feature.py +++ b/plugins/modules/icinga2_feature.py @@ -13,39 +13,38 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: icinga2_feature short_description: Manage Icinga2 feature description: - - This module can be used to enable or disable an Icinga2 feature. + - This module can be used to enable or disable an Icinga2 feature. author: "Loic Blot (@nerzhul)" extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - type: str - description: + name: + type: str + description: - This is the feature name to enable or disable. - required: true - state: - type: str - description: + required: true + state: + type: str + description: - If set to V(present) and feature is disabled, then feature is enabled. - If set to V(present) and feature is already enabled, then nothing is changed. - If set to V(absent) and feature is enabled, then feature is disabled. - If set to V(absent) and feature is already disabled, then nothing is changed. - choices: [ "present", "absent" ] - default: present -''' + choices: ["present", "absent"] + default: present +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Enable ido-pgsql feature community.general.icinga2_feature: name: ido-pgsql @@ -55,11 +54,11 @@ EXAMPLES = ''' community.general.icinga2_feature: name: api state: absent -''' +""" -RETURN = ''' +RETURN = r""" # -''' +""" import re from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/icinga2_host.py b/plugins/modules/icinga2_host.py index ec04d8df74..8d0a3b554b 100644 --- a/plugins/modules/icinga2_host.py +++ b/plugins/modules/icinga2_host.py @@ -11,13 +11,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: icinga2_host short_description: Manage a host in Icinga2 description: - - "Add or remove a host to Icinga2 through the API." - - "See U(https://www.icinga.com/docs/icinga2/latest/doc/12-icinga2-api/)" + - Add or remove a host to Icinga2 through the API. + - See U(https://www.icinga.com/docs/icinga2/latest/doc/12-icinga2-api/). author: "Jurgen Brand (@t794104)" attributes: check_mode: @@ -28,17 +27,16 @@ options: url: type: str description: - - HTTP, HTTPS, or FTP URL in the form (http|https|ftp)://[user[:pass]]@host.domain[:port]/path + - HTTP, HTTPS, or FTP URL in the form V((http|https|ftp\)://[user[:pass]]@host.domain[:port]/path). use_proxy: description: - - If V(false), it will not use a proxy, even if one is defined in - an environment variable on the target hosts. + - If V(false), it will not use a proxy, even if one is defined in an environment variable on the target hosts. type: bool default: true validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. type: bool default: true url_username: @@ -49,33 +47,30 @@ options: url_password: type: str description: - - The password for use in HTTP basic authentication. - - If the O(url_username) parameter is not specified, the O(url_password) parameter will not be used. + - The password for use in HTTP basic authentication. + - If the O(url_username) parameter is not specified, the O(url_password) parameter will not be used. force_basic_auth: description: - - httplib2, the library used by the uri module only sends authentication information when a webservice - responds to an initial request with a 401 status. Since some basic auth services do not properly - send a 401, logins will fail. This option forces the sending of the Basic authentication header - upon initial request. + - C(httplib2), the library used by Ansible's HTTP request code only sends authentication information when a webservice responds to + an initial request with a 401 status. Since some basic auth services do not properly send a 401, logins will fail. + This option forces the sending of the Basic authentication header upon initial request. type: bool default: false client_cert: type: path description: - - PEM formatted certificate chain file to be used for SSL client - authentication. This file can also include the key as well, and if - the key is included, O(client_key) is not required. + - PEM formatted certificate chain file to be used for SSL client authentication. This file can also include the key + as well, and if the key is included, O(client_key) is not required. client_key: type: path description: - - PEM formatted file that contains your private key to be used for SSL - client authentication. If O(client_cert) contains both the certificate - and key, this option is not required. + - PEM formatted file that contains your private key to be used for SSL client authentication. If O(client_cert) contains + both the certificate and key, this option is not required. state: type: str description: - Apply feature state. - choices: [ "present", "absent" ] + choices: ["present", "absent"] default: present name: type: str @@ -114,9 +109,9 @@ options: extends_documentation_fragment: - ansible.builtin.url - community.general.attributes -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add host to icinga community.general.icinga2_host: url: "https://icinga2.example.com" @@ -128,18 +123,18 @@ EXAMPLES = ''' variables: foo: "bar" delegate_to: 127.0.0.1 -''' +""" -RETURN = ''' +RETURN = r""" name: - description: The name used to create, modify or delete the host - type: str - returned: always + description: The name used to create, modify or delete the host. + type: str + returned: always data: - description: The data structure used for create, modify or delete of the host - type: dict - returned: always -''' + description: The data structure used for create, modify or delete of the host. + type: dict + returned: always +""" import json @@ -282,9 +277,7 @@ def main(): 'vars.made_by': "ansible" } } - - for key, value in variables.items(): - data['attrs']['vars.' + key] = value + data['attrs'].update({'vars.' + key: value for key, value in variables.items()}) changed = False if icinga.exists(name): diff --git a/plugins/modules/idrac_redfish_command.py b/plugins/modules/idrac_redfish_command.py index d760a2c3a3..531da53162 100644 --- a/plugins/modules/idrac_redfish_command.py +++ b/plugins/modules/idrac_redfish_command.py @@ -8,13 +8,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: idrac_redfish_command short_description: Manages Out-Of-Band controllers using iDRAC OEM Redfish APIs description: - - Builds Redfish URIs locally and sends them to remote OOB controllers to - perform an action. + - Builds Redfish URIs locally and sends them to remote OOB controllers to perform an action. - For use with Dell iDRAC operations that require Redfish OEM extensions. extends_documentation_fragment: - community.general.attributes @@ -66,34 +64,32 @@ options: version_added: '0.2.0' author: "Jose Delarosa (@jose-delarosa)" -''' +""" -EXAMPLES = ''' - - name: Create BIOS configuration job (schedule BIOS setting update) - community.general.idrac_redfish_command: - category: Systems - command: CreateBiosConfigJob - resource_id: System.Embedded.1 - baseuri: "{{ baseuri }}" - username: "{{ username }}" - password: "{{ password }}" -''' +EXAMPLES = r""" +- name: Create BIOS configuration job (schedule BIOS setting update) + community.general.idrac_redfish_command: + category: Systems + command: CreateBiosConfigJob + resource_id: System.Embedded.1 + baseuri: "{{ baseuri }}" + username: "{{ username }}" + password: "{{ password }}" +""" -RETURN = ''' +RETURN = r""" msg: - description: Message with action result or error description - returned: always - type: str - sample: "Action was successful" + description: Message with action result or error description. + returned: always + type: str + sample: "Action was successful" return_values: - description: Dictionary containing command-specific response data from the action. - returned: on success - type: dict - version_added: 6.6.0 - sample: { - "job_id": "/redfish/v1/Managers/iDRAC.Embedded.1/Jobs/JID_471269252011" - } -''' + description: Dictionary containing command-specific response data from the action. + returned: on success + type: dict + version_added: 6.6.0 + sample: {"job_id": "/redfish/v1/Managers/iDRAC.Embedded.1/Jobs/JID_471269252011"} +""" import re from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/idrac_redfish_config.py b/plugins/modules/idrac_redfish_config.py index 0388bf00fb..97d7a62d04 100644 --- a/plugins/modules/idrac_redfish_config.py +++ b/plugins/modules/idrac_redfish_config.py @@ -8,14 +8,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: idrac_redfish_config short_description: Manages servers through iDRAC using Dell Redfish APIs description: - - For use with Dell iDRAC operations that require Redfish OEM extensions - - Builds Redfish URIs locally and sends them to remote iDRAC controllers to - set or update a configuration attribute. + - For use with Dell iDRAC operations that require Redfish OEM extensions. + - Builds Redfish URIs locally and sends them to remote iDRAC controllers to set or update a configuration attribute. extends_documentation_fragment: - community.general.attributes attributes: @@ -33,9 +31,8 @@ options: required: true description: - List of commands to execute on iDRAC. - - V(SetManagerAttributes), V(SetLifecycleControllerAttributes) and - V(SetSystemAttributes) are mutually exclusive commands when O(category) - is V(Manager). + - V(SetManagerAttributes), V(SetLifecycleControllerAttributes) and V(SetSystemAttributes) are mutually exclusive commands + when O(category) is V(Manager). type: list elements: str baseuri: @@ -76,81 +73,81 @@ options: version_added: '0.2.0' author: "Jose Delarosa (@jose-delarosa)" -''' +""" -EXAMPLES = ''' - - name: Enable NTP and set NTP server and Time zone attributes in iDRAC - community.general.idrac_redfish_config: - category: Manager - command: SetManagerAttributes - resource_id: iDRAC.Embedded.1 - manager_attributes: - NTPConfigGroup.1.NTPEnable: "Enabled" - NTPConfigGroup.1.NTP1: "{{ ntpserver1 }}" - Time.1.Timezone: "{{ timezone }}" - baseuri: "{{ baseuri }}" - username: "{{ username}}" - password: "{{ password }}" +EXAMPLES = r""" +- name: Enable NTP and set NTP server and Time zone attributes in iDRAC + community.general.idrac_redfish_config: + category: Manager + command: SetManagerAttributes + resource_id: iDRAC.Embedded.1 + manager_attributes: + NTPConfigGroup.1.NTPEnable: "Enabled" + NTPConfigGroup.1.NTP1: "{{ ntpserver1 }}" + Time.1.Timezone: "{{ timezone }}" + baseuri: "{{ baseuri }}" + username: "{{ username}}" + password: "{{ password }}" - - name: Enable Syslog and set Syslog servers in iDRAC - community.general.idrac_redfish_config: - category: Manager - command: SetManagerAttributes - resource_id: iDRAC.Embedded.1 - manager_attributes: - SysLog.1.SysLogEnable: "Enabled" - SysLog.1.Server1: "{{ syslog_server1 }}" - SysLog.1.Server2: "{{ syslog_server2 }}" - baseuri: "{{ baseuri }}" - username: "{{ username}}" - password: "{{ password }}" +- name: Enable Syslog and set Syslog servers in iDRAC + community.general.idrac_redfish_config: + category: Manager + command: SetManagerAttributes + resource_id: iDRAC.Embedded.1 + manager_attributes: + SysLog.1.SysLogEnable: "Enabled" + SysLog.1.Server1: "{{ syslog_server1 }}" + SysLog.1.Server2: "{{ syslog_server2 }}" + baseuri: "{{ baseuri }}" + username: "{{ username}}" + password: "{{ password }}" - - name: Configure SNMP community string, port, protocol and trap format - community.general.idrac_redfish_config: - category: Manager - command: SetManagerAttributes - resource_id: iDRAC.Embedded.1 - manager_attributes: - SNMP.1.AgentEnable: "Enabled" - SNMP.1.AgentCommunity: "public_community_string" - SNMP.1.TrapFormat: "SNMPv1" - SNMP.1.SNMPProtocol: "All" - SNMP.1.DiscoveryPort: 161 - SNMP.1.AlertPort: 162 - baseuri: "{{ baseuri }}" - username: "{{ username}}" - password: "{{ password }}" +- name: Configure SNMP community string, port, protocol and trap format + community.general.idrac_redfish_config: + category: Manager + command: SetManagerAttributes + resource_id: iDRAC.Embedded.1 + manager_attributes: + SNMP.1.AgentEnable: "Enabled" + SNMP.1.AgentCommunity: "public_community_string" + SNMP.1.TrapFormat: "SNMPv1" + SNMP.1.SNMPProtocol: "All" + SNMP.1.DiscoveryPort: 161 + SNMP.1.AlertPort: 162 + baseuri: "{{ baseuri }}" + username: "{{ username}}" + password: "{{ password }}" - - name: Enable CSIOR - community.general.idrac_redfish_config: - category: Manager - command: SetLifecycleControllerAttributes - resource_id: iDRAC.Embedded.1 - manager_attributes: - LCAttributes.1.CollectSystemInventoryOnRestart: "Enabled" - baseuri: "{{ baseuri }}" - username: "{{ username}}" - password: "{{ password }}" +- name: Enable CSIOR + community.general.idrac_redfish_config: + category: Manager + command: SetLifecycleControllerAttributes + resource_id: iDRAC.Embedded.1 + manager_attributes: + LCAttributes.1.CollectSystemInventoryOnRestart: "Enabled" + baseuri: "{{ baseuri }}" + username: "{{ username}}" + password: "{{ password }}" - - name: Set Power Supply Redundancy Policy to A/B Grid Redundant - community.general.idrac_redfish_config: - category: Manager - command: SetSystemAttributes - resource_id: iDRAC.Embedded.1 - manager_attributes: - ServerPwr.1.PSRedPolicy: "A/B Grid Redundant" - baseuri: "{{ baseuri }}" - username: "{{ username}}" - password: "{{ password }}" -''' +- name: Set Power Supply Redundancy Policy to A/B Grid Redundant + community.general.idrac_redfish_config: + category: Manager + command: SetSystemAttributes + resource_id: iDRAC.Embedded.1 + manager_attributes: + ServerPwr.1.PSRedPolicy: "A/B Grid Redundant" + baseuri: "{{ baseuri }}" + username: "{{ username}}" + password: "{{ password }}" +""" -RETURN = ''' +RETURN = r""" msg: - description: Message with action result or error description - returned: always - type: str - sample: "Action was successful" -''' + description: Message with action result or error description. + returned: always + type: str + sample: "Action was successful" +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.validation import ( diff --git a/plugins/modules/idrac_redfish_info.py b/plugins/modules/idrac_redfish_info.py index 90b355d13b..3a8ea8103f 100644 --- a/plugins/modules/idrac_redfish_info.py +++ b/plugins/modules/idrac_redfish_info.py @@ -8,13 +8,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: idrac_redfish_info short_description: Gather PowerEdge server information through iDRAC using Redfish APIs description: - - Builds Redfish URIs locally and sends them to remote iDRAC controllers to - get information back. + - Builds Redfish URIs locally and sends them to remote iDRAC controllers to get information back. - For use with Dell EMC iDRAC operations that require Redfish OEM extensions. extends_documentation_fragment: - community.general.attributes @@ -33,8 +31,7 @@ options: required: true description: - List of commands to execute on iDRAC. - - V(GetManagerAttributes) returns the list of dicts containing iDRAC, - LifecycleController and System attributes. + - V(GetManagerAttributes) returns the list of dicts containing iDRAC, LifecycleController and System attributes. type: list elements: str baseuri: @@ -62,67 +59,69 @@ options: type: int author: "Jose Delarosa (@jose-delarosa)" -''' +""" -EXAMPLES = ''' - - name: Get Manager attributes with a default of 20 seconds - community.general.idrac_redfish_info: - category: Manager - command: GetManagerAttributes - baseuri: "{{ baseuri }}" - username: "{{ username }}" - password: "{{ password }}" - timeout: 20 - register: result +EXAMPLES = r""" +- name: Get Manager attributes with a default of 20 seconds + community.general.idrac_redfish_info: + category: Manager + command: GetManagerAttributes + baseuri: "{{ baseuri }}" + username: "{{ username }}" + password: "{{ password }}" + timeout: 20 + register: result - # Examples to display the value of all or a single iDRAC attribute - - name: Store iDRAC attributes as a fact variable - ansible.builtin.set_fact: - idrac_attributes: "{{ result.redfish_facts.entries | selectattr('Id', 'defined') | selectattr('Id', 'equalto', 'iDRACAttributes') | list | first }}" +# Examples to display the value of all or a single iDRAC attribute +- name: Store iDRAC attributes as a fact variable + ansible.builtin.set_fact: + idrac_attributes: "{{ result.redfish_facts.entries | selectattr('Id', 'defined') | selectattr('Id', 'equalto', 'iDRACAttributes') + | list | first }}" - - name: Display all iDRAC attributes - ansible.builtin.debug: - var: idrac_attributes +- name: Display all iDRAC attributes + ansible.builtin.debug: + var: idrac_attributes - - name: Display the value of 'Syslog.1.SysLogEnable' iDRAC attribute - ansible.builtin.debug: - var: idrac_attributes['Syslog.1.SysLogEnable'] +- name: Display the value of 'Syslog.1.SysLogEnable' iDRAC attribute + ansible.builtin.debug: + var: idrac_attributes['Syslog.1.SysLogEnable'] - # Examples to display the value of all or a single LifecycleController attribute - - name: Store LifecycleController attributes as a fact variable - ansible.builtin.set_fact: - lc_attributes: "{{ result.redfish_facts.entries | selectattr('Id', 'defined') | selectattr('Id', 'equalto', 'LCAttributes') | list | first }}" +# Examples to display the value of all or a single LifecycleController attribute +- name: Store LifecycleController attributes as a fact variable + ansible.builtin.set_fact: + lc_attributes: "{{ result.redfish_facts.entries | selectattr('Id', 'defined') | selectattr('Id', 'equalto', 'LCAttributes') + | list | first }}" - - name: Display LifecycleController attributes - ansible.builtin.debug: - var: lc_attributes +- name: Display LifecycleController attributes + ansible.builtin.debug: + var: lc_attributes - - name: Display the value of 'CollectSystemInventoryOnRestart' attribute - ansible.builtin.debug: - var: lc_attributes['LCAttributes.1.CollectSystemInventoryOnRestart'] +- name: Display the value of 'CollectSystemInventoryOnRestart' attribute + ansible.builtin.debug: + var: lc_attributes['LCAttributes.1.CollectSystemInventoryOnRestart'] - # Examples to display the value of all or a single System attribute - - name: Store System attributes as a fact variable - ansible.builtin.set_fact: - system_attributes: "{{ result.redfish_facts.entries | selectattr('Id', 'defined') | selectattr('Id', 'equalto', 'SystemAttributes') | list | first }}" +# Examples to display the value of all or a single System attribute +- name: Store System attributes as a fact variable + ansible.builtin.set_fact: + system_attributes: "{{ result.redfish_facts.entries | selectattr('Id', 'defined') | selectattr('Id', 'equalto', 'SystemAttributes') + | list | first }}" - - name: Display System attributes - ansible.builtin.debug: - var: system_attributes +- name: Display System attributes + ansible.builtin.debug: + var: system_attributes - - name: Display the value of 'PSRedPolicy' - ansible.builtin.debug: - var: system_attributes['ServerPwr.1.PSRedPolicy'] +- name: Display the value of 'PSRedPolicy' + ansible.builtin.debug: + var: system_attributes['ServerPwr.1.PSRedPolicy'] +""" -''' - -RETURN = ''' +RETURN = r""" msg: - description: different results depending on task - returned: always - type: dict - sample: List of Manager attributes -''' + description: Different results depending on task. + returned: always + type: dict + sample: List of Manager attributes +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.redfish_utils import RedfishUtils diff --git a/plugins/modules/ilo_redfish_command.py b/plugins/modules/ilo_redfish_command.py index e0e28f855d..3e698fc049 100644 --- a/plugins/modules/ilo_redfish_command.py +++ b/plugins/modules/ilo_redfish_command.py @@ -6,14 +6,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ilo_redfish_command short_description: Manages Out-Of-Band controllers using Redfish APIs version_added: 6.6.0 description: - - Builds Redfish URIs locally and sends them to remote OOB controllers to - perform an action. + - Builds Redfish URIs locally and sends them to remote OOB controllers to perform an action. attributes: check_mode: support: none @@ -62,35 +60,35 @@ options: type: int author: - Varni H P (@varini-hp) -''' +""" -EXAMPLES = ''' - - name: Wait for iLO Reboot Completion - community.general.ilo_redfish_command: - category: Systems - command: WaitforiLORebootCompletion - baseuri: "{{ baseuri }}" - username: "{{ username }}" - password: "{{ password }}" -''' +EXAMPLES = r""" +- name: Wait for iLO Reboot Completion + community.general.ilo_redfish_command: + category: Systems + command: WaitforiLORebootCompletion + baseuri: "{{ baseuri }}" + username: "{{ username }}" + password: "{{ password }}" +""" -RETURN = ''' +RETURN = r""" ilo_redfish_command: - description: Returns the status of the operation performed on the iLO. - type: dict - contains: - WaitforiLORebootCompletion: - description: Returns the output msg and whether the function executed successfully. - type: dict - contains: - ret: - description: Return True/False based on whether the operation was performed successfully. - type: bool - msg: - description: Status of the operation performed on the iLO. - type: str - returned: always -''' + description: Returns the status of the operation performed on the iLO. + type: dict + contains: + WaitforiLORebootCompletion: + description: Returns the output msg and whether the function executed successfully. + type: dict + contains: + ret: + description: Return V(true)/V(false) based on whether the operation was performed successfully. + type: bool + msg: + description: Status of the operation performed on the iLO. + type: str + returned: always +""" # More will be added as module features are expanded CATEGORY_COMMANDS_ALL = { diff --git a/plugins/modules/ilo_redfish_config.py b/plugins/modules/ilo_redfish_config.py index 1f021895dc..fdda339ab3 100644 --- a/plugins/modules/ilo_redfish_config.py +++ b/plugins/modules/ilo_redfish_config.py @@ -6,14 +6,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ilo_redfish_config short_description: Sets or updates configuration attributes on HPE iLO with Redfish OEM extensions version_added: 4.2.0 description: - - Builds Redfish URIs locally and sends them to iLO to - set or update a configuration attribute. + - Builds Redfish URIs locally and sends them to iLO to set or update a configuration attribute. - For use with HPE iLO operations that require Redfish OEM extensions. extends_documentation_fragment: - community.general.attributes @@ -68,48 +66,47 @@ options: - Value of the attribute to be configured. type: str author: - - "Bhavya B (@bhavya06)" -''' + - "Bhavya B (@bhavya06)" +""" -EXAMPLES = ''' - - name: Disable WINS Registration - community.general.ilo_redfish_config: - category: Manager - command: SetWINSReg - baseuri: 15.X.X.X - username: Admin - password: Testpass123 - attribute_name: WINSRegistration +EXAMPLES = r""" +- name: Disable WINS Registration + community.general.ilo_redfish_config: + category: Manager + command: SetWINSReg + baseuri: 15.X.X.X + username: Admin + password: Testpass123 + attribute_name: WINSRegistration - - name: Set Time Zone - community.general.ilo_redfish_config: - category: Manager - command: SetTimeZone - baseuri: 15.X.X.X - username: Admin - password: Testpass123 - attribute_name: TimeZone - attribute_value: Chennai +- name: Set Time Zone + community.general.ilo_redfish_config: + category: Manager + command: SetTimeZone + baseuri: 15.X.X.X + username: Admin + password: Testpass123 + attribute_name: TimeZone + attribute_value: Chennai - - name: Set NTP Servers - community.general.ilo_redfish_config: - category: Manager - command: SetNTPServers - baseuri: 15.X.X.X - username: Admin - password: Testpass123 - attribute_name: StaticNTPServers - attribute_value: X.X.X.X +- name: Set NTP Servers + community.general.ilo_redfish_config: + category: Manager + command: SetNTPServers + baseuri: 15.X.X.X + username: Admin + password: Testpass123 + attribute_name: StaticNTPServers + attribute_value: X.X.X.X +""" -''' - -RETURN = ''' +RETURN = r""" msg: - description: Message with action result or error description - returned: always - type: str - sample: "Action was successful" -''' + description: Message with action result or error description. + returned: always + type: str + sample: "Action was successful" +""" CATEGORY_COMMANDS_ALL = { "Manager": ["SetTimeZone", "SetDNSserver", "SetDomainName", "SetNTPServers", "SetWINSReg"] diff --git a/plugins/modules/ilo_redfish_info.py b/plugins/modules/ilo_redfish_info.py index 90cafb8ec6..3bd379e80a 100644 --- a/plugins/modules/ilo_redfish_info.py +++ b/plugins/modules/ilo_redfish_info.py @@ -6,14 +6,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ilo_redfish_info short_description: Gathers server information through iLO using Redfish APIs version_added: 4.2.0 description: - - Builds Redfish URIs locally and sends them to iLO to - get information back. + - Builds Redfish URIs locally and sends them to iLO to get information back. - For use with HPE iLO operations that require Redfish OEM extensions. extends_documentation_fragment: - community.general.attributes @@ -54,51 +52,51 @@ options: default: 10 type: int author: - - "Bhavya B (@bhavya06)" -''' + - "Bhavya B (@bhavya06)" +""" -EXAMPLES = ''' - - name: Get iLO Sessions - community.general.ilo_redfish_info: - category: Sessions - command: GetiLOSessions - baseuri: "{{ baseuri }}" - username: "{{ username }}" - password: "{{ password }}" - register: result_sessions -''' +EXAMPLES = r""" +- name: Get iLO Sessions + community.general.ilo_redfish_info: + category: Sessions + command: GetiLOSessions + baseuri: "{{ baseuri }}" + username: "{{ username }}" + password: "{{ password }}" + register: result_sessions +""" -RETURN = ''' +RETURN = r""" ilo_redfish_info: - description: Returns iLO sessions. - type: dict - contains: - GetiLOSessions: - description: Returns the iLO session msg and whether the function executed successfully. - type: dict - contains: - ret: - description: Check variable to see if the information was successfully retrieved. - type: bool - msg: - description: Information of all active iLO sessions. - type: list - elements: dict - contains: - Description: - description: Provides a description of the resource. - type: str - Id: - description: The sessionId. - type: str - Name: - description: The name of the resource. - type: str - UserName: - description: Name to use to log in to the management processor. - type: str - returned: always -''' + description: Returns iLO sessions. + type: dict + contains: + GetiLOSessions: + description: Returns the iLO session msg and whether the function executed successfully. + type: dict + contains: + ret: + description: Check variable to see if the information was successfully retrieved. + type: bool + msg: + description: Information of all active iLO sessions. + type: list + elements: dict + contains: + Description: + description: Provides a description of the resource. + type: str + Id: + description: The sessionId. + type: str + Name: + description: The name of the resource. + type: str + UserName: + description: Name to use to log in to the management processor. + type: str + returned: always +""" CATEGORY_COMMANDS_ALL = { "Sessions": ["GetiLOSessions"] diff --git a/plugins/modules/imc_rest.py b/plugins/modules/imc_rest.py index 113d341e89..8a0b63cd78 100644 --- a/plugins/modules/imc_rest.py +++ b/plugins/modules/imc_rest.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: imc_rest short_description: Manage Cisco IMC hardware through its REST API description: @@ -32,75 +31,74 @@ attributes: options: hostname: description: - - IP Address or hostname of Cisco IMC, resolvable by Ansible control host. + - IP Address or hostname of Cisco IMC, resolvable by Ansible control host. required: true - aliases: [ host, ip ] + aliases: [host, ip] type: str username: description: - - Username used to login to the switch. + - Username used to login to the switch. default: admin - aliases: [ user ] + aliases: [user] type: str password: description: - - The password to use for authentication. + - The password to use for authentication. default: password type: str path: description: - - Name of the absolute path of the filename that includes the body - of the http request being sent to the Cisco IMC REST API. - - Parameter O(path) is mutual exclusive with parameter O(content). - aliases: [ 'src', 'config_file' ] + - Name of the absolute path of the filename that includes the body of the http request being sent to the Cisco IMC REST + API. + - Parameter O(path) is mutual exclusive with parameter O(content). + aliases: ['src', 'config_file'] type: path content: description: - - When used instead of O(path), sets the content of the API requests directly. - - This may be convenient to template simple requests, for anything complex use the M(ansible.builtin.template) module. - - You can collate multiple IMC XML fragments and they will be processed sequentially in a single stream, - the Cisco IMC output is subsequently merged. - - Parameter O(content) is mutual exclusive with parameter O(path). + - When used instead of O(path), sets the content of the API requests directly. + - This may be convenient to template simple requests, for anything complex use the M(ansible.builtin.template) module. + - You can collate multiple IMC XML fragments and they will be processed sequentially in a single stream, the Cisco IMC + output is subsequently merged. + - Parameter O(content) is mutual exclusive with parameter O(path). type: str protocol: description: - - Connection protocol to use. + - Connection protocol to use. default: https - choices: [ http, https ] + choices: [http, https] type: str timeout: description: - - The socket level timeout in seconds. - - This is the time that every single connection (every fragment) can spend. - If this O(timeout) is reached, the module will fail with a - C(Connection failure) indicating that C(The read operation timed out). + - The socket level timeout in seconds. + - This is the time that every single connection (every fragment) can spend. If this O(timeout) is reached, the module + will fail with a C(Connection failure) indicating that C(The read operation timed out). default: 60 type: int validate_certs: description: - - If V(false), SSL certificates will not be validated. - - This should only set to V(false) used on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. + - This should only set to V(false) used on personally controlled sites using self-signed certificates. type: bool default: true notes: -- The XML fragments don't need an authentication cookie, this is injected by the module automatically. -- The Cisco IMC XML output is being translated to JSON using the Cobra convention. -- Any configConfMo change requested has a return status of 'modified', even if there was no actual change - from the previous configuration. As a result, this module will always report a change on subsequent runs. - In case this behaviour is fixed in a future update to Cisco IMC, this module will automatically adapt. -- If you get a C(Connection failure) related to C(The read operation timed out) increase the O(timeout) - parameter. Some XML fragments can take longer than the default timeout. -- More information about the IMC REST API is available from - U(http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/api/3_0/b_Cisco_IMC_api_301.html) -''' + - The XML fragments do not need an authentication cookie, this is injected by the module automatically. + - The Cisco IMC XML output is being translated to JSON using the Cobra convention. + - Any configConfMo change requested has a return status of C(modified), even if there was no actual change from the previous + configuration. As a result, this module will always report a change on subsequent runs. In case this behaviour is fixed + in a future update to Cisco IMC, this module will automatically adapt. + - If you get a C(Connection failure) related to C(The read operation timed out) increase the O(timeout) parameter. Some + XML fragments can take longer than the default timeout. + - More information about the IMC REST API is available from + U(http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/api/3_0/b_Cisco_IMC_api_301.html). +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Power down server community.general.imc_rest: hostname: '{{ imc_hostname }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! content: | @@ -112,7 +110,7 @@ EXAMPLES = r''' hostname: '{{ imc_hostname }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! timeout: 120 content: | @@ -137,7 +135,7 @@ EXAMPLES = r''' hostname: '{{ imc_hostname }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! content: | @@ -155,7 +153,7 @@ EXAMPLES = r''' hostname: '{{ imc_host }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! content: | @@ -167,11 +165,11 @@ EXAMPLES = r''' hostname: '{{ imc_host }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! content: | - - - + + + delegate_to: localhost - name: Disable HTTP and increase session timeout to max value 10800 secs @@ -179,22 +177,22 @@ EXAMPLES = r''' hostname: '{{ imc_host }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! timeout: 120 content: | - - - + + + - - - + + + delegate_to: localhost -''' +""" -RETURN = r''' +RETURN = r""" aaLogin: - description: Cisco IMC XML output for the login, translated to JSON using Cobra convention + description: Cisco IMC XML output for the login, translated to JSON using Cobra convention. returned: success type: dict sample: | @@ -208,27 +206,27 @@ aaLogin: "response": "yes" } configConfMo: - description: Cisco IMC XML output for any configConfMo XML fragments, translated to JSON using Cobra convention + description: Cisco IMC XML output for any configConfMo XML fragments, translated to JSON using Cobra convention. returned: success type: dict sample: | elapsed: - description: Elapsed time in seconds + description: Elapsed time in seconds. returned: always type: int sample: 31 response: - description: HTTP response message, including content length + description: HTTP response message, including content length. returned: always type: str sample: OK (729 bytes) status: - description: The HTTP response status code + description: The HTTP response status code. returned: always type: dict sample: 200 error: - description: Cisco IMC XML error output for last request, translated to JSON using Cobra convention + description: Cisco IMC XML error output for last request, translated to JSON using Cobra convention. returned: failed type: dict sample: | @@ -240,24 +238,24 @@ error: "response": "yes" } error_code: - description: Cisco IMC error code + description: Cisco IMC error code. returned: failed type: str sample: ERR-xml-parse-error error_text: - description: Cisco IMC error message + description: Cisco IMC error message. returned: failed type: str sample: | XML PARSING ERROR: Element 'computeRackUnit', attribute 'admin_Power': The attribute 'admin_Power' is not allowed. input: - description: RAW XML input sent to the Cisco IMC, causing the error + description: RAW XML input sent to the Cisco IMC, causing the error. returned: failed type: str sample: | output: - description: RAW XML output received from the Cisco IMC, with error details + description: RAW XML output received from the Cisco IMC, with error details. returned: failed type: str sample: > @@ -265,10 +263,9 @@ output: response="yes" errorCode="ERR-xml-parse-error" invocationResult="594" - errorDescr="XML PARSING ERROR: Element 'computeRackUnit', attribute 'admin_Power': The attribute 'admin_Power' is not allowed.\n"/> -''' + errorDescr="XML PARSING ERROR: Element 'computeRackUnit', attribute 'admin_Power': The attribute 'admin_Power' is not allowed.\n" /> +""" -import datetime import os import traceback @@ -292,6 +289,10 @@ from ansible.module_utils.basic import AnsibleModule, missing_required_lib from ansible.module_utils.six.moves import zip_longest from ansible.module_utils.urls import fetch_url +from ansible_collections.community.general.plugins.module_utils.datetime import ( + now, +) + def imc_response(module, rawoutput, rawinput=''): ''' Handle IMC returned data ''' @@ -320,8 +321,7 @@ def merge(one, two): ''' Merge two complex nested datastructures into one''' if isinstance(one, dict) and isinstance(two, dict): copy = dict(one) - # copy.update({key: merge(one.get(key, None), two[key]) for key in two}) - copy.update(dict((key, merge(one.get(key, None), two[key])) for key in two)) + copy.update({key: merge(one.get(key, None), two[key]) for key in two}) return copy elif isinstance(one, list) and isinstance(two, list): @@ -375,14 +375,14 @@ def main(): else: module.fail_json(msg='Cannot find/access path:\n%s' % path) - start = datetime.datetime.utcnow() + start = now() # Perform login first url = '%s://%s/nuova' % (protocol, hostname) data = '' % (username, password) resp, auth = fetch_url(module, url, data=data, method='POST', timeout=timeout) if resp is None or auth['status'] != 200: - result['elapsed'] = (datetime.datetime.utcnow() - start).seconds + result['elapsed'] = (now() - start).seconds module.fail_json(msg='Task failed with error %(status)s: %(msg)s' % auth, **result) result.update(imc_response(module, resp.read())) @@ -415,7 +415,7 @@ def main(): # Perform actual request resp, info = fetch_url(module, url, data=data, method='POST', timeout=timeout) if resp is None or info['status'] != 200: - result['elapsed'] = (datetime.datetime.utcnow() - start).seconds + result['elapsed'] = (now() - start).seconds module.fail_json(msg='Task failed with error %(status)s: %(msg)s' % info, **result) # Merge results with previous results @@ -431,7 +431,7 @@ def main(): result['changed'] = ('modified' in results) # Report success - result['elapsed'] = (datetime.datetime.utcnow() - start).seconds + result['elapsed'] = (now() - start).seconds module.exit_json(**result) finally: logout(module, url, cookie, timeout) diff --git a/plugins/modules/imgadm.py b/plugins/modules/imgadm.py index a247547fc7..344bf9cc56 100644 --- a/plugins/modules/imgadm.py +++ b/plugins/modules/imgadm.py @@ -9,62 +9,60 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: imgadm short_description: Manage SmartOS images description: - - Manage SmartOS virtual machine images through imgadm(1M) + - Manage SmartOS virtual machine images through imgadm(1M). author: Jasper Lievisse Adriaanse (@jasperla) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - force: - required: false - type: bool - description: - - Force a given operation (where supported by imgadm(1M)). - pool: - required: false - default: zones - description: - - zpool to import to or delete images from. - type: str - source: - required: false - description: - - URI for the image source. - type: str - state: - required: true - choices: [ present, absent, deleted, imported, updated, vacuumed ] - description: - - State the object operated on should be in. V(imported) is an alias for - for V(present) and V(deleted) for V(absent). When set to V(vacuumed) - and O(uuid=*), it will remove all unused images. - type: str + force: + required: false + type: bool + description: + - Force a given operation (where supported by imgadm(1M)). + pool: + required: false + default: zones + description: + - The zpool to import to or delete images from. + type: str + source: + required: false + description: + - URI for the image source. + type: str + state: + required: true + choices: [present, absent, deleted, imported, updated, vacuumed] + description: + - State the object operated on should be in. V(imported) is an alias for for V(present) and V(deleted) for V(absent). + When set to V(vacuumed) and O(uuid=*), it will remove all unused images. + type: str - type: - required: false - choices: [ imgapi, docker, dsapi ] - default: imgapi - description: - - Type for image sources. - type: str + type: + required: false + choices: [imgapi, docker, dsapi] + default: imgapi + description: + - Type for image sources. + type: str - uuid: - required: false - description: - - Image UUID. Can either be a full UUID or V(*) for all images. - type: str -''' + uuid: + required: false + description: + - Image UUID. Can either be a full UUID or V(*) for all images. + type: str +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Import an image community.general.imgadm: uuid: '70e3ae72-96b6-11e6-9056-9737fd4d0764' @@ -100,25 +98,25 @@ EXAMPLES = ''' community.general.imgadm: source: 'https://docker.io' state: absent -''' +""" -RETURN = ''' +RETURN = r""" source: - description: Source that is managed. - returned: When not managing an image. - type: str - sample: https://datasets.project-fifo.net + description: Source that is managed. + returned: When not managing an image. + type: str + sample: https://datasets.project-fifo.net uuid: - description: UUID for an image operated on. - returned: When not managing an image source. - type: str - sample: 70e3ae72-96b6-11e6-9056-9737fd4d0764 + description: UUID for an image operated on. + returned: When not managing an image source. + type: str + sample: 70e3ae72-96b6-11e6-9056-9737fd4d0764 state: - description: State of the target, after execution. - returned: success - type: str - sample: 'present' -''' + description: State of the target, after execution. + returned: success + type: str + sample: 'present' +""" import re diff --git a/plugins/modules/infinity.py b/plugins/modules/infinity.py index 65aa591f4c..3bcb5aceda 100644 --- a/plugins/modules/infinity.py +++ b/plugins/modules/infinity.py @@ -8,7 +8,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: infinity short_description: Manage Infinity IPAM using Rest API description: @@ -41,10 +41,10 @@ options: required: true action: description: - - Action to perform + - Action to perform. type: str required: true - choices: [add_network, delete_network, get_network, get_network_id, release_ip, release_network, reserve_network, reserve_next_available_ip ] + choices: [add_network, delete_network, get_network, get_network_id, release_ip, release_network, reserve_network, reserve_next_available_ip] network_id: description: - Network ID. @@ -55,11 +55,11 @@ options: type: str network_address: description: - - Network address with CIDR format (e.g., 192.168.310.0). + - Network address with CIDR format (for example V(192.168.310.0)). type: str network_size: description: - - Network bitmask (e.g. 255.255.255.220) or CIDR format (e.g., /26). + - Network bitmask (for example V(255.255.255.220) or CIDR format V(/26)). type: str network_name: description: @@ -67,25 +67,24 @@ options: type: str network_location: description: - - The parent network id for a given network. + - The parent network ID for a given network. type: int default: -1 network_type: description: - - Network type defined by Infinity + - Network type defined by Infinity. type: str - choices: [ lan, shared_lan, supernet ] + choices: [lan, shared_lan, supernet] default: lan network_family: description: - - Network family defined by Infinity, e.g. IPv4, IPv6 and Dual stack + - Network family defined by Infinity, for example V(IPv4), V(IPv6) and V(Dual stack). type: str - choices: [ '4', '6', dual ] + choices: ['4', '6', dual] default: '4' -''' +""" -EXAMPLES = r''' ---- +EXAMPLES = r""" - hosts: localhost connection: local strategy: debug @@ -102,35 +101,36 @@ EXAMPLES = r''' network_id: 1201 network_size: /28 register: infinity -''' +""" -RETURN = r''' +RETURN = r""" network_id: - description: id for a given network - returned: success - type: str - sample: '1501' + description: ID for a given network. + returned: success + type: str + sample: '1501' ip_info: - description: when reserve next available ip address from a network, the ip address info ) is returned. - returned: success - type: str - sample: '{"address": "192.168.10.3", "hostname": "", "FQDN": "", "domainname": "", "id": 3229}' + description: When reserve next available IP address from a network, the IP address info is returned. + returned: success + type: str + sample: '{"address": "192.168.10.3", "hostname": "", "FQDN": "", "domainname": "", "id": 3229}' network_info: - description: when reserving a LAN network from a Infinity supernet by providing network_size, the information about the reserved network is returned. - returned: success - type: str - sample: { - "network_address": "192.168.10.32/28", - "network_family": "4", - "network_id": 3102, - "network_size": null, - "description": null, - "network_location": "3085", - "ranges": { "id": 0, "name": null,"first_ip": null,"type": null,"last_ip": null}, - "network_type": "lan", - "network_name": "'reserve_new_ansible_network'" - } -''' + description: When reserving a LAN network from a Infinity supernet by providing network_size, the information about the + reserved network is returned. + returned: success + type: str + sample: { + "network_address": "192.168.10.32/28", + "network_family": "4", + "network_id": 3102, + "network_size": null, + "description": null, + "network_location": "3085", + "ranges": { "id": 0, "name": null,"first_ip": null,"type": null,"last_ip": null}, + "network_type": "lan", + "network_name": "'reserve_new_ansible_network'" + } +""" from ansible.module_utils.basic import AnsibleModule, json diff --git a/plugins/modules/influxdb_database.py b/plugins/modules/influxdb_database.py index a12326da52..e5246ebfe6 100644 --- a/plugins/modules/influxdb_database.py +++ b/plugins/modules/influxdb_database.py @@ -9,65 +9,63 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: influxdb_database short_description: Manage InfluxDB databases description: - - Manage InfluxDB databases. + - Manage InfluxDB databases. author: "Kamil Szczygiel (@kamsz)" requirements: - - "influxdb >= 0.9" - - requests + - "influxdb >= 0.9" + - requests attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - database_name: - description: - - Name of the database. - required: true - type: str - state: - description: - - Determines if the database should be created or destroyed. - choices: [ absent, present ] - default: present - type: str + database_name: + description: + - Name of the database. + required: true + type: str + state: + description: + - Determines if the database should be created or destroyed. + choices: [absent, present] + default: present + type: str extends_documentation_fragment: - community.general.influxdb - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" # Example influxdb_database command from Ansible Playbooks - name: Create database community.general.influxdb_database: - hostname: "{{influxdb_ip_address}}" - database_name: "{{influxdb_database_name}}" + hostname: "{{influxdb_ip_address}}" + database_name: "{{influxdb_database_name}}" - name: Destroy database community.general.influxdb_database: - hostname: "{{influxdb_ip_address}}" - database_name: "{{influxdb_database_name}}" - state: absent + hostname: "{{influxdb_ip_address}}" + database_name: "{{influxdb_database_name}}" + state: absent - name: Create database using custom credentials community.general.influxdb_database: - hostname: "{{influxdb_ip_address}}" - username: "{{influxdb_username}}" - password: "{{influxdb_password}}" - database_name: "{{influxdb_database_name}}" - ssl: true - validate_certs: true -''' + hostname: "{{influxdb_ip_address}}" + username: "{{influxdb_username}}" + password: "{{influxdb_password}}" + database_name: "{{influxdb_database_name}}" + ssl: true + validate_certs: true +""" -RETURN = r''' +RETURN = r""" # only defaults -''' +""" try: import requests.exceptions diff --git a/plugins/modules/influxdb_query.py b/plugins/modules/influxdb_query.py index fda98d1843..98b8066b67 100644 --- a/plugins/modules/influxdb_query.py +++ b/plugins/modules/influxdb_query.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: influxdb_query short_description: Query data points from InfluxDB description: @@ -36,10 +35,9 @@ options: extends_documentation_fragment: - community.general.influxdb - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Query connections community.general.influxdb_query: hostname: "{{ influxdb_ip_address }}" @@ -57,17 +55,17 @@ EXAMPLES = r''' - name: Print results from the query ansible.builtin.debug: var: connection.query_results -''' +""" -RETURN = r''' +RETURN = r""" query_results: - description: Result from the query + description: Result from the query. returned: success type: list sample: - mean: 1245.5333333333333 time: "1970-01-01T00:00:00Z" -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.text.converters import to_native diff --git a/plugins/modules/influxdb_retention_policy.py b/plugins/modules/influxdb_retention_policy.py index f1c13a8111..824c34bb7d 100644 --- a/plugins/modules/influxdb_retention_policy.py +++ b/plugins/modules/influxdb_retention_policy.py @@ -9,136 +9,132 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: influxdb_retention_policy short_description: Manage InfluxDB retention policies description: - - Manage InfluxDB retention policies. + - Manage InfluxDB retention policies. author: "Kamil Szczygiel (@kamsz)" requirements: - - "influxdb >= 0.9" - - requests + - "influxdb >= 0.9" + - requests attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - database_name: - description: - - Name of the database. - required: true - type: str - policy_name: - description: - - Name of the retention policy. - required: true - type: str - state: - description: - - State of the retention policy. - choices: [ absent, present ] - default: present - type: str - version_added: 3.1.0 - duration: - description: - - Determines how long InfluxDB should keep the data. If specified, it - should be V(INF) or at least one hour. If not specified, V(INF) is - assumed. Supports complex duration expressions with multiple units. - - Required only if O(state) is set to V(present). - type: str - replication: - description: - - Determines how many independent copies of each point are stored in the cluster. - - Required only if O(state) is set to V(present). - type: int - default: - description: - - Sets the retention policy as default retention policy. - type: bool - default: false - shard_group_duration: - description: - - Determines the time range covered by a shard group. If specified it - must be at least one hour. If none, it's determined by InfluxDB by - the rentention policy's duration. Supports complex duration expressions - with multiple units. - type: str - version_added: '2.0.0' + database_name: + description: + - Name of the database. + required: true + type: str + policy_name: + description: + - Name of the retention policy. + required: true + type: str + state: + description: + - State of the retention policy. + choices: [absent, present] + default: present + type: str + version_added: 3.1.0 + duration: + description: + - Determines how long InfluxDB should keep the data. If specified, it should be V(INF) or at least one hour. If not + specified, V(INF) is assumed. Supports complex duration expressions with multiple units. + - Required only if O(state) is set to V(present). + type: str + replication: + description: + - Determines how many independent copies of each point are stored in the cluster. + - Required only if O(state) is set to V(present). + type: int + default: + description: + - Sets the retention policy as default retention policy. + type: bool + default: false + shard_group_duration: + description: + - Determines the time range covered by a shard group. If specified it must be at least one hour. If not provided, it + is determined by InfluxDB by the rentention policy's duration. Supports complex duration expressions with multiple + units. + type: str + version_added: '2.0.0' extends_documentation_fragment: - community.general.influxdb - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" # Example influxdb_retention_policy command from Ansible Playbooks - name: Create 1 hour retention policy community.general.influxdb_retention_policy: - hostname: "{{ influxdb_ip_address }}" - database_name: "{{ influxdb_database_name }}" - policy_name: test - duration: 1h - replication: 1 - ssl: true - validate_certs: true - state: present + hostname: "{{ influxdb_ip_address }}" + database_name: "{{ influxdb_database_name }}" + policy_name: test + duration: 1h + replication: 1 + ssl: true + validate_certs: true + state: present - name: Create 1 day retention policy with 1 hour shard group duration community.general.influxdb_retention_policy: - hostname: "{{ influxdb_ip_address }}" - database_name: "{{ influxdb_database_name }}" - policy_name: test - duration: 1d - replication: 1 - shard_group_duration: 1h - state: present + hostname: "{{ influxdb_ip_address }}" + database_name: "{{ influxdb_database_name }}" + policy_name: test + duration: 1d + replication: 1 + shard_group_duration: 1h + state: present - name: Create 1 week retention policy with 1 day shard group duration community.general.influxdb_retention_policy: - hostname: "{{ influxdb_ip_address }}" - database_name: "{{ influxdb_database_name }}" - policy_name: test - duration: 1w - replication: 1 - shard_group_duration: 1d - state: present + hostname: "{{ influxdb_ip_address }}" + database_name: "{{ influxdb_database_name }}" + policy_name: test + duration: 1w + replication: 1 + shard_group_duration: 1d + state: present - name: Create infinite retention policy with 1 week of shard group duration community.general.influxdb_retention_policy: - hostname: "{{ influxdb_ip_address }}" - database_name: "{{ influxdb_database_name }}" - policy_name: test - duration: INF - replication: 1 - ssl: false - shard_group_duration: 1w - state: present + hostname: "{{ influxdb_ip_address }}" + database_name: "{{ influxdb_database_name }}" + policy_name: test + duration: INF + replication: 1 + ssl: false + shard_group_duration: 1w + state: present - name: Create retention policy with complex durations community.general.influxdb_retention_policy: - hostname: "{{ influxdb_ip_address }}" - database_name: "{{ influxdb_database_name }}" - policy_name: test - duration: 5d1h30m - replication: 1 - ssl: false - shard_group_duration: 1d10h30m - state: present + hostname: "{{ influxdb_ip_address }}" + database_name: "{{ influxdb_database_name }}" + policy_name: test + duration: 5d1h30m + replication: 1 + ssl: false + shard_group_duration: 1d10h30m + state: present - name: Drop retention policy community.general.influxdb_retention_policy: - hostname: "{{ influxdb_ip_address }}" - database_name: "{{ influxdb_database_name }}" - policy_name: test - state: absent -''' + hostname: "{{ influxdb_ip_address }}" + database_name: "{{ influxdb_database_name }}" + policy_name: test + state: absent +""" -RETURN = r''' +RETURN = r""" # only defaults -''' +""" import re diff --git a/plugins/modules/influxdb_user.py b/plugins/modules/influxdb_user.py index ca4201db1b..bc66ff693d 100644 --- a/plugins/modules/influxdb_user.py +++ b/plugins/modules/influxdb_user.py @@ -10,8 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: influxdb_user short_description: Manage InfluxDB users description: @@ -44,7 +43,7 @@ options: state: description: - State of the user. - choices: [ absent, present ] + choices: [absent, present] default: present type: str grants: @@ -58,10 +57,9 @@ options: extends_documentation_fragment: - community.general.influxdb - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a user on localhost using default login credentials community.general.influxdb_user: user_name: john @@ -101,11 +99,11 @@ EXAMPLES = r''' login_username: "{{ influxdb_username }}" login_password: "{{ influxdb_password }}" state: absent -''' +""" -RETURN = r''' +RETURN = r""" #only defaults -''' +""" import json diff --git a/plugins/modules/influxdb_write.py b/plugins/modules/influxdb_write.py index 76e6449bb0..c67e57699b 100644 --- a/plugins/modules/influxdb_write.py +++ b/plugins/modules/influxdb_write.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: influxdb_write short_description: Write data points into InfluxDB description: @@ -37,34 +36,33 @@ options: extends_documentation_fragment: - community.general.influxdb - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Write points into database community.general.influxdb_write: - hostname: "{{influxdb_ip_address}}" - database_name: "{{influxdb_database_name}}" - data_points: - - measurement: connections - tags: - host: server01 - region: us-west - time: "{{ ansible_date_time.iso8601 }}" - fields: - value: 2000 - - measurement: connections - tags: - host: server02 - region: us-east - time: "{{ ansible_date_time.iso8601 }}" - fields: - value: 3000 -''' + hostname: "{{influxdb_ip_address}}" + database_name: "{{influxdb_database_name}}" + data_points: + - measurement: connections + tags: + host: server01 + region: us-west + time: "{{ ansible_date_time.iso8601 }}" + fields: + value: 2000 + - measurement: connections + tags: + host: server02 + region: us-east + time: "{{ ansible_date_time.iso8601 }}" + fields: + value: 3000 +""" -RETURN = r''' +RETURN = r""" # only defaults -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.text.converters import to_native diff --git a/plugins/modules/ini_file.py b/plugins/modules/ini_file.py index 764c73cd95..61e6662d95 100644 --- a/plugins/modules/ini_file.py +++ b/plugins/modules/ini_file.py @@ -12,19 +12,18 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ini_file short_description: Tweak settings in INI files extends_documentation_fragment: - files - community.general.attributes description: - - Manage (add, remove, change) individual settings in an INI-style file without having - to manage the file as a whole with, say, M(ansible.builtin.template) or M(ansible.builtin.assemble). - - Adds missing sections if they don't exist. - - This module adds missing ending newlines to files to keep in line with the POSIX standard, even when - no other modifications need to be applied. + - Manage (add, remove, change) individual settings in an INI-style file without having to manage the file as a whole with, + say, M(ansible.builtin.template) or M(ansible.builtin.assemble). + - Adds missing sections if they do not exist. + - This module adds missing ending newlines to files to keep in line with the POSIX standard, even when no other modifications + need to be applied. attributes: check_mode: support: full @@ -36,14 +35,37 @@ options: - Path to the INI-style file; this file is created if required. type: path required: true - aliases: [ dest ] + aliases: [dest] section: description: - - Section name in INI file. This is added if O(state=present) automatically when - a single value is being set. + - Section name in INI file. This is added if O(state=present) automatically when a single value is being set. - If being omitted, the O(option) will be placed before the first O(section). - Omitting O(section) is also required if the config format does not support sections. type: str + section_has_values: + type: list + elements: dict + required: false + suboptions: + option: + type: str + description: Matching O(section) must contain this option. + required: true + value: + type: str + description: Matching O(section_has_values[].option) must have this specific value. + values: + description: + - The string value to be associated with an O(section_has_values[].option). + - Mutually exclusive with O(section_has_values[].value). + - O(section_has_values[].value=v) is equivalent to O(section_has_values[].values=[v]). + type: list + elements: str + description: + - Among possibly multiple sections of the same name, select the first one that contains matching options and values. + - With O(state=present), if a suitable section is not found, a new section will be added, including the required options. + - With O(state=absent), at most one O(section) is removed if it contains the values. + version_added: 8.6.0 option: description: - If set (required for changing a O(value)), this is the name of the option. @@ -67,28 +89,27 @@ options: version_added: 3.6.0 backup: description: - - Create a backup file including the timestamp information so you can get - the original file back if you somehow clobbered it incorrectly. + - Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered + it incorrectly. type: bool default: false state: description: - If set to V(absent) and O(exclusive) set to V(true) all matching O(option) lines are removed. - - If set to V(absent) and O(exclusive) set to V(false) the specified O(option=value) lines are removed, - but the other O(option)s with the same name are not touched. - - If set to V(present) and O(exclusive) set to V(false) the specified O(option=values) lines are added, - but the other O(option)s with the same name are not touched. - - If set to V(present) and O(exclusive) set to V(true) all given O(option=values) lines will be - added and the other O(option)s with the same name are removed. + - If set to V(absent) and O(exclusive) set to V(false) the specified O(option=value) lines are removed, but the other + O(option)s with the same name are not touched. + - If set to V(present) and O(exclusive) set to V(false) the specified O(option=values) lines are added, but the other + O(option)s with the same name are not touched. + - If set to V(present) and O(exclusive) set to V(true) all given O(option=values) lines will be added and the other + O(option)s with the same name are removed. type: str - choices: [ absent, present ] + choices: [absent, present] default: present exclusive: description: - - If set to V(true) (default), all matching O(option) lines are removed when O(state=absent), - or replaced when O(state=present). - - If set to V(false), only the specified O(value)/O(values) are added when O(state=present), - or removed when O(state=absent), and existing ones are not modified. + - If set to V(true) (default), all matching O(option) lines are removed when O(state=absent), or replaced when O(state=present). + - If set to V(false), only the specified O(value)/O(values) are added when O(state=present), or removed when O(state=absent), + and existing ones are not modified. type: bool default: true version_added: 3.6.0 @@ -117,27 +138,27 @@ options: modify_inactive_option: description: - By default the module replaces a commented line that matches the given option. - - Set this option to V(false) to avoid this. This is useful when you want to keep commented example - C(key=value) pairs for documentation purposes. + - Set this option to V(false) to avoid this. This is useful when you want to keep commented example C(key=value) pairs + for documentation purposes. type: bool default: true version_added: 8.0.0 follow: description: - - This flag indicates that filesystem links, if they exist, should be followed. - - O(follow=true) can modify O(path) when combined with parameters such as O(mode). + - This flag indicates that filesystem links, if they exist, should be followed. + - O(follow=true) can modify O(path) when combined with parameters such as O(mode). type: bool default: false version_added: 7.1.0 notes: - - While it is possible to add an O(option) without specifying a O(value), this makes no sense. - - As of community.general 3.2.0, UTF-8 BOM markers are discarded when reading files. + - While it is possible to add an O(option) without specifying a O(value), this makes no sense. + - As of community.general 3.2.0, UTF-8 BOM markers are discarded when reading files. author: - - Jan-Piet Mens (@jpmens) - - Ales Nosek (@noseka1) -''' + - Jan-Piet Mens (@jpmens) + - Ales Nosek (@noseka1) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure "fav=lemonade is in section "[drinks]" in specified file community.general.ini_file: path: /etc/conf @@ -182,7 +203,58 @@ EXAMPLES = r''' option: beverage value: lemon juice state: present -''' + +- name: Remove the peer configuration for 10.128.0.11/32 + community.general.ini_file: + path: /etc/wireguard/wg0.conf + section: Peer + section_has_values: + - option: AllowedIps + value: 10.128.0.11/32 + mode: '0600' + state: absent + +- name: Add "beverage=lemon juice" outside a section in specified file + community.general.ini_file: + path: /etc/conf + option: beverage + value: lemon juice + state: present + +- name: Update the public key for peer 10.128.0.12/32 + community.general.ini_file: + path: /etc/wireguard/wg0.conf + section: Peer + section_has_values: + - option: AllowedIps + value: 10.128.0.12/32 + option: PublicKey + value: xxxxxxxxxxxxxxxxxxxx + mode: '0600' + state: present + +- name: Remove the peer configuration for 10.128.0.11/32 + community.general.ini_file: + path: /etc/wireguard/wg0.conf + section: Peer + section_has_values: + - option: AllowedIps + value: 10.4.0.11/32 + mode: '0600' + state: absent + +- name: Update the public key for peer 10.128.0.12/32 + community.general.ini_file: + path: /etc/wireguard/wg0.conf + section: Peer + section_has_values: + - option: AllowedIps + value: 10.4.0.12/32 + option: PublicKey + value: xxxxxxxxxxxxxxxxxxxx + mode: '0600' + state: present +""" import io import os @@ -222,7 +294,19 @@ def update_section_line(option, changed, section_lines, index, changed_lines, ig return (changed, msg) -def do_ini(module, filename, section=None, option=None, values=None, +def check_section_has_values(section_has_values, section_lines): + if section_has_values is not None: + for condition in section_has_values: + for line in section_lines: + match = match_opt(condition["option"], line) + if match and (len(condition["values"]) == 0 or match.group(7) in condition["values"]): + break + else: + return False + return True + + +def do_ini(module, filename, section=None, section_has_values=None, option=None, values=None, state='present', exclusive=True, backup=False, no_extra_spaces=False, ignore_spaces=False, create=True, allow_no_value=False, modify_inactive_option=True, follow=False): @@ -304,15 +388,25 @@ def do_ini(module, filename, section=None, option=None, values=None, before = after = [] section_lines = [] + section_pattern = re.compile(to_text(r'^\[\s*%s\s*]' % re.escape(section.strip()))) + for index, line in enumerate(ini_lines): - # find start and end of section - if line.startswith(u'[%s]' % section): - within_section = True - section_start = index - elif line.startswith(u'['): - if within_section: + # end of section: + if within_section and line.startswith(u'['): + if check_section_has_values( + section_has_values, ini_lines[section_start:index] + ): section_end = index break + else: + # look for another section + within_section = False + section_start = section_end = 0 + + # find start and end of section + if section_pattern.match(line): + within_section = True + section_start = index before = ini_lines[0:section_start] section_lines = ini_lines[section_start:section_end] @@ -433,6 +527,18 @@ def do_ini(module, filename, section=None, option=None, values=None, if not within_section and state == 'present': ini_lines.append(u'[%s]\n' % section) msg = 'section and option added' + if section_has_values: + for condition in section_has_values: + if condition['option'] != option: + if len(condition['values']) > 0: + for value in condition['values']: + ini_lines.append(assignment_format % (condition['option'], value)) + elif allow_no_value: + ini_lines.append(u'%s\n' % condition['option']) + elif not exclusive: + for value in condition['values']: + if value not in values: + values.append(value) if option and values: for value in values: ini_lines.append(assignment_format % (option, value)) @@ -460,7 +566,7 @@ def do_ini(module, filename, section=None, option=None, values=None, module.fail_json(msg="Unable to create temporary file %s", traceback=traceback.format_exc()) try: - module.atomic_move(tmpfile, target_filename) + module.atomic_move(tmpfile, os.path.abspath(target_filename)) except IOError: module.ansible.fail_json(msg='Unable to move temporary \ file %s to %s, IOError' % (tmpfile, target_filename), traceback=traceback.format_exc()) @@ -474,6 +580,11 @@ def main(): argument_spec=dict( path=dict(type='path', required=True, aliases=['dest']), section=dict(type='str'), + section_has_values=dict(type='list', elements='dict', options=dict( + option=dict(type='str', required=True), + value=dict(type='str'), + values=dict(type='list', elements='str') + ), default=None, mutually_exclusive=[['value', 'values']]), option=dict(type='str'), value=dict(type='str'), values=dict(type='list', elements='str'), @@ -496,6 +607,7 @@ def main(): path = module.params['path'] section = module.params['section'] + section_has_values = module.params['section_has_values'] option = module.params['option'] value = module.params['value'] values = module.params['values'] @@ -517,8 +629,16 @@ def main(): elif values is None: values = [] + if section_has_values: + for condition in section_has_values: + if condition['value'] is not None: + condition['values'] = [condition['value']] + elif condition['values'] is None: + condition['values'] = [] +# raise Exception("section_has_values: {}".format(section_has_values)) + (changed, backup_file, diff, msg) = do_ini( - module, path, section, option, values, state, exclusive, backup, + module, path, section, section_has_values, option, values, state, exclusive, backup, no_extra_spaces, ignore_spaces, create, allow_no_value, modify_inactive_option, follow) if not module.check_mode and os.path.exists(path): diff --git a/plugins/modules/installp.py b/plugins/modules/installp.py index 4b5a6949c6..e54a56949f 100644 --- a/plugins/modules/installp.py +++ b/plugins/modules/installp.py @@ -8,14 +8,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: installp author: - Kairo Araujo (@kairoaraujo) short_description: Manage packages on AIX description: - - Manage packages using 'installp' on AIX + - Manage packages using 'installp' on AIX. extends_documentation_fragment: - community.general.attributes attributes: @@ -26,32 +25,32 @@ attributes: options: accept_license: description: - - Whether to accept the license for the package(s). + - Whether to accept the license for the package(s). type: bool default: false name: description: - - One or more packages to install or remove. - - Use V(all) to install all packages available on informed O(repository_path). + - One or more packages to install or remove. + - Use V(all) to install all packages available on informed O(repository_path). type: list elements: str required: true - aliases: [ pkg ] + aliases: [pkg] repository_path: description: - - Path with AIX packages (required to install). + - Path with AIX packages (required to install). type: path state: description: - - Whether the package needs to be present on or absent from the system. + - Whether the package needs to be present on or absent from the system. type: str - choices: [ absent, present ] + choices: [absent, present] default: present notes: -- If the package is already installed, even the package/fileset is new, the module will not install it. -''' + - If the package is already installed, even the package/fileset is new, the module will not install it. +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Install package foo community.general.installp: name: foo @@ -84,9 +83,9 @@ EXAMPLES = r''' community.general.installp: name: bos.sysmgt.nim.master state: absent -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ import os import re @@ -106,7 +105,7 @@ def _check_new_pkg(module, package, repository_path): if os.path.isdir(repository_path): installp_cmd = module.get_bin_path('installp', True) - rc, package_result, err = module.run_command("%s -l -MR -d %s" % (installp_cmd, repository_path)) + rc, package_result, err = module.run_command([installp_cmd, "-l", "-MR", "-d", repository_path]) if rc != 0: module.fail_json(msg="Failed to run installp.", rc=rc, err=err) @@ -142,7 +141,7 @@ def _check_installed_pkg(module, package, repository_path): """ lslpp_cmd = module.get_bin_path('lslpp', True) - rc, lslpp_result, err = module.run_command("%s -lcq %s*" % (lslpp_cmd, package)) + rc, lslpp_result, err = module.run_command([lslpp_cmd, "-lcq", "%s*" % (package, )]) if rc == 1: package_state = ' '.join(err.split()[-2:]) @@ -173,7 +172,7 @@ def remove(module, installp_cmd, packages): if pkg_check: if not module.check_mode: - rc, remove_out, err = module.run_command("%s -u %s" % (installp_cmd, package)) + rc, remove_out, err = module.run_command([installp_cmd, "-u", package]) if rc != 0: module.fail_json(msg="Failed to run installp.", rc=rc, err=err) remove_count += 1 @@ -202,8 +201,8 @@ def install(module, installp_cmd, packages, repository_path, accept_license): already_installed_pkgs = {} accept_license_param = { - True: '-Y', - False: '', + True: ['-Y'], + False: [], } # Validate if package exists on repository path. @@ -230,7 +229,8 @@ def install(module, installp_cmd, packages, repository_path, accept_license): else: if not module.check_mode: - rc, out, err = module.run_command("%s -a %s -X -d %s %s" % (installp_cmd, accept_license_param[accept_license], repository_path, package)) + rc, out, err = module.run_command( + [installp_cmd, "-a"] + accept_license_param[accept_license] + ["-X", "-d", repository_path, package]) if rc != 0: module.fail_json(msg="Failed to run installp", rc=rc, err=err) installed_pkgs.append(package) diff --git a/plugins/modules/interfaces_file.py b/plugins/modules/interfaces_file.py index 98103082ec..23bfd78790 100644 --- a/plugins/modules/interfaces_file.py +++ b/plugins/modules/interfaces_file.py @@ -9,16 +9,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: interfaces_file short_description: Tweak settings in C(/etc/network/interfaces) files extends_documentation_fragment: - ansible.builtin.files - community.general.attributes description: - - Manage (add, remove, change) individual interface options in an interfaces-style file without having - to manage the file as a whole with, say, M(ansible.builtin.template) or M(ansible.builtin.assemble). Interface has to be presented in a file. + - Manage (add, remove, change) individual interface options in an interfaces-style file without having to manage the file + as a whole with, say, M(ansible.builtin.template) or M(ansible.builtin.assemble). Interface has to be presented in a file. - Read information about interfaces from interfaces-styled files. attributes: check_mode: @@ -46,14 +45,14 @@ options: value: type: str description: - - If O(option) is not presented for the O(iface) and O(state) is V(present) option will be added. - If O(option) already exists and is not V(pre-up), V(up), V(post-up) or V(down), it's value will be updated. - V(pre-up), V(up), V(post-up) and V(down) options cannot be updated, only adding new options, removing existing - ones or cleaning the whole option set are supported. + - If O(option) is not presented for the O(iface) and O(state) is V(present) option will be added. If O(option) already + exists and is not V(pre-up), V(up), V(post-up) or V(down), its value will be updated. V(pre-up), V(up), V(post-up) + and V(down) options cannot be updated, only adding new options, removing existing ones or cleaning the whole option + set are supported. backup: description: - - Create a backup file including the timestamp information so you can get - the original file back if you somehow clobbered it incorrectly. + - Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered + it incorrectly. type: bool default: false state: @@ -61,86 +60,85 @@ options: description: - If set to V(absent) the option or section will be removed if present instead of created. default: "present" - choices: [ "present", "absent" ] + choices: ["present", "absent"] notes: - - If option is defined multiple times last one will be updated but all will be deleted in case of an absent state. + - If option is defined multiple times last one will be updated but all will be deleted in case of an absent state. requirements: [] author: "Roman Belyakovsky (@hryamzik)" -''' +""" -RETURN = ''' +RETURN = r""" dest: - description: Destination file/path. - returned: success - type: str - sample: "/etc/network/interfaces" + description: Destination file/path. + returned: success + type: str + sample: "/etc/network/interfaces" ifaces: - description: Interfaces dictionary. - returned: success - type: dict - contains: - ifaces: - description: Interface dictionary. - returned: success - type: dict - contains: - eth0: - description: Name of the interface. - returned: success - type: dict - contains: - address_family: - description: Interface address family. - returned: success - type: str - sample: "inet" - method: - description: Interface method. - returned: success - type: str - sample: "manual" - mtu: - description: Other options, all values returned as strings. - returned: success - type: str - sample: "1500" - pre-up: - description: List of C(pre-up) scripts. - returned: success - type: list - elements: str - sample: - - "route add -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" - - "route add -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" - up: - description: List of C(up) scripts. - returned: success - type: list - elements: str - sample: - - "route add -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" - - "route add -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" - post-up: - description: List of C(post-up) scripts. - returned: success - type: list - elements: str - sample: - - "route add -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" - - "route add -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" - down: - description: List of C(down) scripts. - returned: success - type: list - elements: str - sample: - - "route del -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" - - "route del -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" -... -''' + description: Interfaces dictionary. + returned: success + type: dict + contains: + ifaces: + description: Interface dictionary. + returned: success + type: dict + contains: + eth0: + description: Name of the interface. + returned: success + type: dict + contains: + address_family: + description: Interface address family. + returned: success + type: str + sample: "inet" + method: + description: Interface method. + returned: success + type: str + sample: "manual" + mtu: + description: Other options, all values returned as strings. + returned: success + type: str + sample: "1500" + pre-up: + description: List of C(pre-up) scripts. + returned: success + type: list + elements: str + sample: + - "route add -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" + - "route add -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" + up: + description: List of C(up) scripts. + returned: success + type: list + elements: str + sample: + - "route add -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" + - "route add -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" + post-up: + description: List of C(post-up) scripts. + returned: success + type: list + elements: str + sample: + - "route add -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" + - "route add -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" + down: + description: List of C(down) scripts. + returned: success + type: list + elements: str + sample: + - "route del -net 10.10.10.0/24 gw 10.10.10.1 dev eth1" + - "route del -net 10.10.11.0/24 gw 10.10.11.1 dev eth2" +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Set eth1 mtu configuration value to 8000 community.general.interfaces_file: dest: /etc/network/interfaces.d/eth1.cfg @@ -150,7 +148,7 @@ EXAMPLES = ''' backup: true state: present register: eth1_cfg -''' +""" import os import re diff --git a/plugins/modules/ip_netns.py b/plugins/modules/ip_netns.py index 69534c810d..6bcae8e5f2 100644 --- a/plugins/modules/ip_netns.py +++ b/plugins/modules/ip_netns.py @@ -7,37 +7,36 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ip_netns author: "Arie Bregman (@bregman-arie)" short_description: Manage network namespaces -requirements: [ ip ] +requirements: [ip] description: - - Create or delete network namespaces using the ip command. + - Create or delete network namespaces using the C(ip) command. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - required: false - description: - - Name of the namespace - type: str - state: - required: false - default: "present" - choices: [ present, absent ] - description: - - Whether the namespace should exist - type: str -''' + name: + required: false + description: + - Name of the namespace. + type: str + state: + required: false + default: "present" + choices: [present, absent] + description: + - Whether the namespace should exist. + type: str +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a namespace named mario community.general.ip_netns: name: mario @@ -47,11 +46,11 @@ EXAMPLES = ''' community.general.ip_netns: name: luigi state: absent -''' +""" -RETURN = ''' +RETURN = r""" # Default return values -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.text.converters import to_text diff --git a/plugins/modules/ipa_config.py b/plugins/modules/ipa_config.py index 871643fd7b..ea08f8f8ba 100644 --- a/plugins/modules/ipa_config.py +++ b/plugins/modules/ipa_config.py @@ -7,8 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_config author: Fran Fitzpatrick (@fxfitz) short_description: Manage Global FreeIPA Configuration Settings @@ -115,10 +114,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure password plugin features DC:Disable Last Success and KDC:Disable Lockout are enabled community.general.ipa_config: ipaconfigstring: ["KDC:Disable Last Success", "KDC:Disable Lockout"] @@ -221,14 +219,14 @@ EXAMPLES = r''' ipa_host: localhost ipa_user: admin ipa_pass: supersecret -''' +""" -RETURN = r''' +RETURN = r""" config: description: Configuration as returned by IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipa_dnsrecord.py b/plugins/modules/ipa_dnsrecord.py index cb4ce03ddd..d92e2c4f66 100644 --- a/plugins/modules/ipa_dnsrecord.py +++ b/plugins/modules/ipa_dnsrecord.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_dnsrecord author: Abhijeet Kasurde (@Akasurde) short_description: Manage FreeIPA DNS records @@ -23,64 +22,66 @@ attributes: options: zone_name: description: - - The DNS zone name to which DNS record needs to be managed. + - The DNS zone name to which DNS record needs to be managed. required: true type: str record_name: description: - - The DNS record name to manage. + - The DNS record name to manage. required: true aliases: ["name"] type: str record_type: description: - - The type of DNS record name. - - Currently, 'A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV' and 'MX' are supported. - - "'A6', 'CNAME', 'DNAME' and 'TXT' are added in version 2.5." - - "'SRV' and 'MX' are added in version 2.8." - - "'NS' are added in comunity.general 8.2.0." + - The type of DNS record name. + - Support for V(NS) was added in comunity.general 8.2.0. + - Support for V(SSHFP) was added in community.general 9.1.0. required: false default: 'A' - choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'MX', 'NS', 'PTR', 'SRV', 'TXT'] + choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'MX', 'NS', 'PTR', 'SRV', 'TXT', 'SSHFP'] type: str record_value: description: - - Manage DNS record name with this value. - - Mutually exclusive with O(record_values), and exactly one of O(record_value) and O(record_values) has to be specified. - - Use O(record_values) if you need to specify multiple values. - - In the case of 'A' or 'AAAA' record types, this will be the IP address. - - In the case of 'A6' record type, this will be the A6 Record data. - - In the case of 'CNAME' record type, this will be the hostname. - - In the case of 'DNAME' record type, this will be the DNAME target. - - In the case of 'NS' record type, this will be the name server hostname. Hostname must already have a valid A or AAAA record. - - In the case of 'PTR' record type, this will be the hostname. - - In the case of 'TXT' record type, this will be a text. - - In the case of 'SRV' record type, this will be a service record. - - In the case of 'MX' record type, this will be a mail exchanger record. + - Manage DNS record name with this value. + - Mutually exclusive with O(record_values), and exactly one of O(record_value) and O(record_values) has to be specified. + - Use O(record_values) if you need to specify multiple values. + - In the case of V(A) or V(AAAA) record types, this will be the IP address. + - In the case of V(A6) record type, this will be the A6 Record data. + - In the case of V(CNAME) record type, this will be the hostname. + - In the case of V(DNAME) record type, this will be the DNAME target. + - In the case of V(NS) record type, this will be the name server hostname. Hostname must already have a valid A or AAAA + record. + - In the case of V(PTR) record type, this will be the hostname. + - In the case of V(TXT) record type, this will be a text. + - In the case of V(SRV) record type, this will be a service record. + - In the case of V(MX) record type, this will be a mail exchanger record. + - In the case of V(SSHFP) record type, this will be an SSH fingerprint record. type: str record_values: description: - - Manage DNS record name with this value. - - Mutually exclusive with O(record_value), and exactly one of O(record_value) and O(record_values) has to be specified. - - In the case of 'A' or 'AAAA' record types, this will be the IP address. - - In the case of 'A6' record type, this will be the A6 Record data. - - In the case of 'CNAME' record type, this will be the hostname. - - In the case of 'DNAME' record type, this will be the DNAME target. - - In the case of 'NS' record type, this will be the name server hostname. Hostname must already have a valid A or AAAA record. - - In the case of 'PTR' record type, this will be the hostname. - - In the case of 'TXT' record type, this will be a text. - - In the case of 'SRV' record type, this will be a service record. - - In the case of 'MX' record type, this will be a mail exchanger record. + - Manage DNS record name with this value. + - Mutually exclusive with O(record_value), and exactly one of O(record_value) and O(record_values) has to be specified. + - In the case of V(A) or V(AAAA) record types, this will be the IP address. + - In the case of V(A6) record type, this will be the A6 Record data. + - In the case of V(CNAME) record type, this will be the hostname. + - In the case of V(DNAME) record type, this will be the DNAME target. + - In the case of V(NS) record type, this will be the name server hostname. Hostname must already have a valid A or AAAA + record. + - In the case of V(PTR) record type, this will be the hostname. + - In the case of V(TXT) record type, this will be a text. + - In the case of V(SRV) record type, this will be a service record. + - In the case of V(MX) record type, this will be a mail exchanger record. + - In the case of V(SSHFP) record type, this will be an SSH fingerprint record. type: list elements: str record_ttl: description: - - Set the TTL for the record. - - Applies only when adding a new or changing the value of O(record_value) or O(record_values). + - Set the TTL for the record. + - Applies only when adding a new or changing the value of O(record_value) or O(record_values). required: false type: int state: - description: State to ensure + description: State to ensure. required: false default: present choices: ["absent", "present"] @@ -88,10 +89,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure dns record is present community.general.ipa_dnsrecord: ipa_host: spider.example.com @@ -175,14 +175,28 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: ChangeMe! -''' -RETURN = r''' +- name: Retrieve the current sshfp fingerprints + ansible.builtin.command: ssh-keyscan -D localhost + register: ssh_hostkeys + +- name: Update the SSHFP records in DNS + community.general.ipa_dnsrecord: + name: "{{ inventory_hostname}}" + zone_name: example.com + record_type: 'SSHFP' + record_values: "{{ ssh_hostkeys.stdout.split('\n') | map('split', 'SSHFP ') | map('last') | list }}" + ipa_host: ipa.example.com + ipa_user: admin + ipa_pass: ChangeMe! +""" + +RETURN = r""" dnsrecord: description: DNS record as returned by IPA API. returned: always type: dict -''' +""" import traceback @@ -228,6 +242,8 @@ class DNSRecordIPAClient(IPAClient): item.update(srvrecord=value) elif details['record_type'] == 'MX': item.update(mxrecord=value) + elif details['record_type'] == 'SSHFP': + item.update(sshfprecord=value) self._post_json(method='dnsrecord_add', name=zone_name, item=item) @@ -266,6 +282,8 @@ def get_dnsrecord_dict(details=None): module_dnsrecord.update(srvrecord=details['record_values']) elif details['record_type'] == 'MX' and details['record_values']: module_dnsrecord.update(mxrecord=details['record_values']) + elif details['record_type'] == 'SSHFP' and details['record_values']: + module_dnsrecord.update(sshfprecord=details['record_values']) if details.get('record_ttl'): module_dnsrecord.update(dnsttl=details['record_ttl']) @@ -328,7 +346,7 @@ def ensure(module, client): def main(): - record_types = ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV', 'MX'] + record_types = ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV', 'MX', 'SSHFP'] argument_spec = ipa_argument_spec() argument_spec.update( zone_name=dict(type='str', required=True), diff --git a/plugins/modules/ipa_dnszone.py b/plugins/modules/ipa_dnszone.py index 6699b0525b..b536c258d2 100644 --- a/plugins/modules/ipa_dnszone.py +++ b/plugins/modules/ipa_dnszone.py @@ -8,13 +8,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_dnszone author: Fran Fitzpatrick (@fxfitz) short_description: Manage FreeIPA DNS Zones description: - - Add and delete an IPA DNS Zones using IPA API + - Add and delete an IPA DNS Zones using IPA API. attributes: check_mode: support: full @@ -23,11 +22,11 @@ attributes: options: zone_name: description: - - The DNS zone name to which needs to be managed. + - The DNS zone name to which needs to be managed. required: true type: str state: - description: State to ensure + description: State to ensure. required: false default: present choices: ["absent", "present"] @@ -44,10 +43,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure dns zone is present community.general.ipa_dnszone: ipa_host: spider.example.com @@ -78,14 +76,14 @@ EXAMPLES = r''' state: present zone_name: example.com allowsyncptr: true -''' +""" -RETURN = r''' +RETURN = r""" zone: description: DNS zone as returned by IPA API. returned: always type: dict -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec diff --git a/plugins/modules/ipa_getkeytab.py b/plugins/modules/ipa_getkeytab.py new file mode 100644 index 0000000000..dfd612564b --- /dev/null +++ b/plugins/modules/ipa_getkeytab.py @@ -0,0 +1,245 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright (c) 2024 Alexander Bakanovskii +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r""" +module: ipa_getkeytab +short_description: Manage keytab file in FreeIPA +version_added: 9.5.0 +description: + - Manage keytab file with C(ipa-getkeytab) utility. + - See U(https://manpages.ubuntu.com/manpages/jammy/man1/ipa-getkeytab.1.html) for reference. +author: "Alexander Bakanovskii (@abakanovskii)" +attributes: + check_mode: + support: full + diff_mode: + support: none +options: + path: + description: + - The base path where to put generated keytab file. + type: path + aliases: ["keytab"] + required: true + principal: + description: + - The non-realm part of the full principal name. + type: str + required: true + ipa_host: + description: + - The IPA server to retrieve the keytab from (FQDN). + type: str + ldap_uri: + description: + - LDAP URI. If V(ldap://) is specified, STARTTLS is initiated by default. + - Can not be used with the O(ipa_host) option. + type: str + bind_dn: + description: + - The LDAP DN to bind as when retrieving a keytab without Kerberos credentials. + - Generally used with the O(bind_pw) option. + type: str + bind_pw: + description: + - The LDAP password to use when not binding with Kerberos. + type: str + password: + description: + - Use this password for the key instead of one randomly generated. + type: str + ca_cert: + description: + - The path to the IPA CA certificate used to validate LDAPS/STARTTLS connections. + type: path + sasl_mech: + description: + - SASL mechanism to use if O(bind_dn) and O(bind_pw) are not specified. + choices: ["GSSAPI", "EXTERNAL"] + type: str + retrieve_mode: + description: + - Retrieve an existing key from the server instead of generating a new one. + - This is incompatible with the O(password), and will work only against a IPA server more recent than version 3.3. + - The user requesting the keytab must have access to the keys for this operation to succeed. + - Be aware that if set V(true), a new keytab will be generated. + - This invalidates all previously retrieved keytabs for this service principal. + type: bool + encryption_types: + description: + - The list of encryption types to use to generate keys. + - It will use local client defaults if not provided. + - Valid values depend on the Kerberos library version and configuration. + type: str + state: + description: + - The state of the keytab file. + - V(present) only check for existence of a file, if you want to recreate keytab with other parameters you should set + O(force=true). + type: str + default: present + choices: ["present", "absent"] + force: + description: + - Force recreation if exists already. + type: bool +requirements: + - freeipa-client + - Managed host is FreeIPA client +extends_documentation_fragment: + - community.general.attributes +""" + +EXAMPLES = r""" +- name: Get Kerberos ticket using default principal + community.general.krb_ticket: + password: "{{ aldpro_admin_password }}" + +- name: Create keytab + community.general.ipa_getkeytab: + path: /etc/ipa/test.keytab + principal: HTTP/freeipa-dc02.ipa.test + ipa_host: freeipa-dc01.ipa.test + +- name: Retrieve already existing keytab + community.general.ipa_getkeytab: + path: /etc/ipa/test.keytab + principal: HTTP/freeipa-dc02.ipa.test + ipa_host: freeipa-dc01.ipa.test + retrieve_mode: true + +- name: Force keytab recreation + community.general.ipa_getkeytab: + path: /etc/ipa/test.keytab + principal: HTTP/freeipa-dc02.ipa.test + ipa_host: freeipa-dc01.ipa.test + force: true +""" + +import os + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt + + +class IPAKeytab(object): + def __init__(self, module, **kwargs): + self.module = module + self.path = kwargs['path'] + self.state = kwargs['state'] + self.principal = kwargs['principal'] + self.ipa_host = kwargs['ipa_host'] + self.ldap_uri = kwargs['ldap_uri'] + self.bind_dn = kwargs['bind_dn'] + self.bind_pw = kwargs['bind_pw'] + self.password = kwargs['password'] + self.ca_cert = kwargs['ca_cert'] + self.sasl_mech = kwargs['sasl_mech'] + self.retrieve_mode = kwargs['retrieve_mode'] + self.encryption_types = kwargs['encryption_types'] + + self.runner = CmdRunner( + module, + command='ipa-getkeytab', + arg_formats=dict( + retrieve_mode=cmd_runner_fmt.as_bool('--retrieve'), + path=cmd_runner_fmt.as_opt_val('--keytab'), + ipa_host=cmd_runner_fmt.as_opt_val('--server'), + principal=cmd_runner_fmt.as_opt_val('--principal'), + ldap_uri=cmd_runner_fmt.as_opt_val('--ldapuri'), + bind_dn=cmd_runner_fmt.as_opt_val('--binddn'), + bind_pw=cmd_runner_fmt.as_opt_val('--bindpw'), + password=cmd_runner_fmt.as_opt_val('--password'), + ca_cert=cmd_runner_fmt.as_opt_val('--cacert'), + sasl_mech=cmd_runner_fmt.as_opt_val('--mech'), + encryption_types=cmd_runner_fmt.as_opt_val('--enctypes'), + ) + ) + + def _exec(self, check_rc=True): + with self.runner( + "retrieve_mode path ipa_host principal ldap_uri bind_dn bind_pw password ca_cert sasl_mech encryption_types", + check_rc=check_rc + ) as ctx: + rc, out, err = ctx.run() + return out + + +def main(): + arg_spec = dict( + path=dict(type='path', required=True, aliases=["keytab"]), + state=dict(default='present', choices=['present', 'absent']), + principal=dict(type='str', required=True), + ipa_host=dict(type='str'), + ldap_uri=dict(type='str'), + bind_dn=dict(type='str'), + bind_pw=dict(type='str'), + password=dict(type='str', no_log=True), + ca_cert=dict(type='path'), + sasl_mech=dict(type='str', choices=["GSSAPI", "EXTERNAL"]), + retrieve_mode=dict(type='bool'), + encryption_types=dict(type='str'), + force=dict(type='bool'), + ) + module = AnsibleModule( + argument_spec=arg_spec, + mutually_exclusive=[('ipa_host', 'ldap_uri'), ('retrieve_mode', 'password')], + supports_check_mode=True, + ) + + path = module.params['path'] + state = module.params['state'] + force = module.params['force'] + + keytab = IPAKeytab(module, + path=path, + state=state, + principal=module.params['principal'], + ipa_host=module.params['ipa_host'], + ldap_uri=module.params['ldap_uri'], + bind_dn=module.params['bind_dn'], + bind_pw=module.params['bind_pw'], + password=module.params['password'], + ca_cert=module.params['ca_cert'], + sasl_mech=module.params['sasl_mech'], + retrieve_mode=module.params['retrieve_mode'], + encryption_types=module.params['encryption_types'], + ) + + changed = False + if state == 'present': + if os.path.exists(path): + if force and not module.check_mode: + try: + os.remove(path) + except OSError as e: + module.fail_json(msg="Error deleting: %s - %s." % (e.filename, e.strerror)) + keytab._exec() + changed = True + if force and module.check_mode: + changed = True + else: + changed = True + keytab._exec() + + if state == 'absent': + if os.path.exists(path): + changed = True + if not module.check_mode: + try: + os.remove(path) + except OSError as e: + module.fail_json(msg="Error deleting: %s - %s." % (e.filename, e.strerror)) + + module.exit_json(changed=changed) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/ipa_group.py b/plugins/modules/ipa_group.py index 92470606fc..60077a2c6a 100644 --- a/plugins/modules/ipa_group.py +++ b/plugins/modules/ipa_group.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_group author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA group description: - - Add, modify and delete group within IPA server + - Add, modify and delete group within IPA server. attributes: check_mode: support: full @@ -22,77 +21,76 @@ attributes: options: append: description: - - If V(true), add the listed O(user) and O(group) to the group members. - - If V(false), only the listed O(user) and O(group) will be group members, removing any other members. + - If V(true), add the listed O(user) and O(group) to the group members. + - If V(false), only the listed O(user) and O(group) will be group members, removing any other members. default: false type: bool version_added: 4.0.0 cn: description: - - Canonical name. - - Can not be changed as it is the unique identifier. + - Canonical name. + - Can not be changed as it is the unique identifier. required: true aliases: ['name'] type: str description: description: - - Description of the group. + - Description of the group. type: str external: description: - - Allow adding external non-IPA members from trusted domains. + - Allow adding external non-IPA members from trusted domains. type: bool gidnumber: description: - - GID (use this option to set it manually). + - GID (use this option to set it manually). aliases: ['gid'] type: str group: description: - - List of group names assigned to this group. - - If O(append=false) and an empty list is passed all groups will be removed from this group. - - Groups that are already assigned but not passed will be removed. - - If O(append=true) the listed groups will be assigned without removing other groups. - - If option is omitted assigned groups will not be checked or changed. + - List of group names assigned to this group. + - If O(append=false) and an empty list is passed all groups will be removed from this group. + - Groups that are already assigned but not passed will be removed. + - If O(append=true) the listed groups will be assigned without removing other groups. + - If option is omitted assigned groups will not be checked or changed. type: list elements: str nonposix: description: - - Create as a non-POSIX group. + - Create as a non-POSIX group. type: bool user: description: - - List of user names assigned to this group. - - If O(append=false) and an empty list is passed all users will be removed from this group. - - Users that are already assigned but not passed will be removed. - - If O(append=true) the listed users will be assigned without removing other users. - - If option is omitted assigned users will not be checked or changed. + - List of user names assigned to this group. + - If O(append=false) and an empty list is passed all users will be removed from this group. + - Users that are already assigned but not passed will be removed. + - If O(append=true) the listed users will be assigned without removing other users. + - If option is omitted assigned users will not be checked or changed. type: list elements: str external_user: description: - - List of external users assigned to this group. - - Behaves identically to O(user) with respect to O(append) attribute. - - List entries can be in V(DOMAIN\\\\username) or SID format. - - Unless SIDs are provided, the module will always attempt to make changes even if the group already has all the users. - This is because only SIDs are returned by IPA query. - - O(external=true) is needed for this option to work. + - List of external users assigned to this group. + - Behaves identically to O(user) with respect to O(append) attribute. + - List entries can be in V(DOMAIN\\\\username) or SID format. + - Unless SIDs are provided, the module will always attempt to make changes even if the group already has all the users. + This is because only SIDs are returned by IPA query. + - O(external=true) is needed for this option to work. type: list elements: str version_added: 6.3.0 state: description: - - State to ensure + - State to ensure. default: "present" choices: ["absent", "present"] type: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure group is present community.general.ipa_group: name: oinstall @@ -106,8 +104,8 @@ EXAMPLES = r''' community.general.ipa_group: name: ops group: - - sysops - - appops + - sysops + - appops ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret @@ -116,8 +114,8 @@ EXAMPLES = r''' community.general.ipa_group: name: sysops user: - - linus - - larry + - linus + - larry ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret @@ -126,7 +124,7 @@ EXAMPLES = r''' community.general.ipa_group: name: developers user: - - john + - john append: true state: present ipa_host: ipa.example.com @@ -135,25 +133,25 @@ EXAMPLES = r''' - name: Add external user to a group community.general.ipa_group: - name: developers - external: true - append: true - external_user: - - S-1-5-21-123-1234-12345-63421 - ipa_host: ipa.example.com - ipa_user: admin - ipa_pass: topsecret + name: developers + external: true + append: true + external_user: + - S-1-5-21-123-1234-12345-63421 + ipa_host: ipa.example.com + ipa_user: admin + ipa_pass: topsecret - name: Add a user from MYDOMAIN community.general.ipa_group: - name: developers - external: true - append: true - external_user: - - MYDOMAIN\\john - ipa_host: ipa.example.com - ipa_user: admin - ipa_pass: topsecret + name: developers + external: true + append: true + external_user: + - MYDOMAIN\\john + ipa_host: ipa.example.com + ipa_user: admin + ipa_pass: topsecret - name: Ensure group is absent community.general.ipa_group: @@ -162,14 +160,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" group: - description: Group as returned by IPA API + description: Group as returned by IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipa_hbacrule.py b/plugins/modules/ipa_hbacrule.py index b7633262b6..d168a3a7e0 100644 --- a/plugins/modules/ipa_hbacrule.py +++ b/plugins/modules/ipa_hbacrule.py @@ -7,8 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_hbacrule author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA HBAC rule @@ -22,99 +21,98 @@ attributes: options: cn: description: - - Canonical name. - - Can not be changed as it is the unique identifier. + - Canonical name. + - Can not be changed as it is the unique identifier. required: true aliases: ["name"] type: str description: - description: Description + description: Description. type: str host: description: - - List of host names to assign. - - If an empty list is passed all hosts will be removed from the rule. - - If option is omitted hosts will not be checked or changed. + - List of host names to assign. + - If an empty list is passed all hosts will be removed from the rule. + - If option is omitted hosts will not be checked or changed. required: false type: list elements: str hostcategory: - description: Host category + description: Host category. choices: ['all'] type: str hostgroup: description: - - List of hostgroup names to assign. - - If an empty list is passed all hostgroups will be removed. from the rule - - If option is omitted hostgroups will not be checked or changed. + - List of hostgroup names to assign. + - If an empty list is passed all hostgroups will be removed from the rule. + - If option is omitted hostgroups will not be checked or changed. type: list elements: str service: description: - - List of service names to assign. - - If an empty list is passed all services will be removed from the rule. - - If option is omitted services will not be checked or changed. + - List of service names to assign. + - If an empty list is passed all services will be removed from the rule. + - If option is omitted services will not be checked or changed. type: list elements: str servicecategory: - description: Service category + description: Service category. choices: ['all'] type: str servicegroup: description: - - List of service group names to assign. - - If an empty list is passed all assigned service groups will be removed from the rule. - - If option is omitted service groups will not be checked or changed. + - List of service group names to assign. + - If an empty list is passed all assigned service groups will be removed from the rule. + - If option is omitted service groups will not be checked or changed. type: list elements: str sourcehost: description: - - List of source host names to assign. - - If an empty list if passed all assigned source hosts will be removed from the rule. - - If option is omitted source hosts will not be checked or changed. + - List of source host names to assign. + - If an empty list if passed all assigned source hosts will be removed from the rule. + - If option is omitted source hosts will not be checked or changed. type: list elements: str sourcehostcategory: - description: Source host category + description: Source host category. choices: ['all'] type: str sourcehostgroup: description: - - List of source host group names to assign. - - If an empty list if passed all assigned source host groups will be removed from the rule. - - If option is omitted source host groups will not be checked or changed. + - List of source host group names to assign. + - If an empty list if passed all assigned source host groups will be removed from the rule. + - If option is omitted source host groups will not be checked or changed. type: list elements: str state: - description: State to ensure + description: State to ensure. default: "present" - choices: ["absent", "disabled", "enabled","present"] + choices: ["absent", "disabled", "enabled", "present"] type: str user: description: - - List of user names to assign. - - If an empty list if passed all assigned users will be removed from the rule. - - If option is omitted users will not be checked or changed. + - List of user names to assign. + - If an empty list if passed all assigned users will be removed from the rule. + - If option is omitted users will not be checked or changed. type: list elements: str usercategory: - description: User category + description: User category. choices: ['all'] type: str usergroup: description: - - List of user group names to assign. - - If an empty list if passed all assigned user groups will be removed from the rule. - - If option is omitted user groups will not be checked or changed. + - List of user group names to assign. + - If an empty list if passed all assigned user groups will be removed from the rule. + - If option is omitted user groups will not be checked or changed. type: list elements: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure rule to allow all users to access any host from any host community.general.ipa_hbacrule: name: allow_all @@ -132,9 +130,9 @@ EXAMPLES = r''' name: allow_all_developers_access_to_db description: Allow all developers to access any database from any host hostgroup: - - db-server + - db-server usergroup: - - developers + - developers state: present ipa_host: ipa.example.com ipa_user: admin @@ -147,20 +145,21 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" hbacrule: description: HBAC rule as returned by IPA API. returned: always type: dict -''' +""" import traceback from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils.common.text.converters import to_native +from ansible_collections.community.general.plugins.module_utils.version import LooseVersion class HBACRuleIPAClient(IPAClient): @@ -231,10 +230,17 @@ def ensure(module, client): name = module.params['cn'] state = module.params['state'] + ipa_version = client.get_ipa_version() if state in ['present', 'enabled']: - ipaenabledflag = 'TRUE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'TRUE' + else: + ipaenabledflag = True else: - ipaenabledflag = 'FALSE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'FALSE' + else: + ipaenabledflag = False host = module.params['host'] hostcategory = module.params['hostcategory'] diff --git a/plugins/modules/ipa_host.py b/plugins/modules/ipa_host.py index b37a606d75..b2f76ac8f3 100644 --- a/plugins/modules/ipa_host.py +++ b/plugins/modules/ipa_host.py @@ -7,8 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_host author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA host @@ -22,66 +21,73 @@ attributes: options: fqdn: description: - - Full qualified domain name. - - Can not be changed as it is the unique identifier. + - Full qualified domain name. + - Can not be changed as it is the unique identifier. required: true aliases: ["name"] type: str description: description: - - A description of this host. + - A description of this host. type: str force: description: - - Force host name even if not in DNS. + - Force host name even if not in DNS. required: false type: bool ip_address: description: - - Add the host to DNS with this IP address. + - Add the host to DNS with this IP address. type: str mac_address: description: - - List of Hardware MAC address(es) off this host. - - If option is omitted MAC addresses will not be checked or changed. - - If an empty list is passed all assigned MAC addresses will be removed. - - MAC addresses that are already assigned but not passed will be removed. + - List of Hardware MAC address(es) off this host. + - If option is omitted MAC addresses will not be checked or changed. + - If an empty list is passed all assigned MAC addresses will be removed. + - MAC addresses that are already assigned but not passed will be removed. aliases: ["macaddress"] type: list elements: str ns_host_location: description: - - Host location (e.g. "Lab 2") + - Host location (for example V(Lab 2)). aliases: ["nshostlocation"] type: str ns_hardware_platform: description: - - Host hardware platform (e.g. "Lenovo T61") + - Host hardware platform (for example V(Lenovo T61")). aliases: ["nshardwareplatform"] type: str ns_os_version: description: - - Host operating system and version (e.g. "Fedora 9") + - Host operating system and version (for example V(Fedora 9)). aliases: ["nsosversion"] type: str user_certificate: description: - - List of Base-64 encoded server certificates. - - If option is omitted certificates will not be checked or changed. - - If an empty list is passed all assigned certificates will be removed. - - Certificates already assigned but not passed will be removed. + - List of Base-64 encoded server certificates. + - If option is omitted certificates will not be checked or changed. + - If an empty list is passed all assigned certificates will be removed. + - Certificates already assigned but not passed will be removed. aliases: ["usercertificate"] type: list elements: str state: - description: State to ensure. + description: + - State to ensure. default: present choices: ["absent", "disabled", "enabled", "present"] type: str + force_creation: + description: + - Create host if O(state=disabled) or O(state=enabled) but not present. + default: true + type: bool + version_added: 9.5.0 update_dns: description: - - If set V(true) with O(state=absent), then removes DNS records of the host managed by FreeIPA DNS. - - This option has no effect for states other than "absent". + - If set V(true) with O(state=absent), then removes DNS records of the host managed by FreeIPA DNS. + - This option has no effect for states other than V(absent). type: bool random_password: description: Generate a random password to be used in bulk enrollment. @@ -89,10 +95,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure host is present community.general.ipa_host: name: host01.example.com @@ -102,8 +107,8 @@ EXAMPLES = r''' ns_os_version: CentOS 7 ns_hardware_platform: Lenovo T61 mac_address: - - "08:00:27:E3:B1:2D" - - "52:54:00:BD:97:1E" + - "08:00:27:E3:B1:2D" + - "52:54:00:BD:97:1E" state: present ipa_host: ipa.example.com ipa_user: admin @@ -152,18 +157,18 @@ EXAMPLES = r''' ipa_user: admin ipa_pass: topsecret update_dns: true -''' +""" -RETURN = r''' +RETURN = r""" host: description: Host as returned by IPA API. returned: always type: dict host_diff: - description: List of options that differ and would be changed + description: List of options that differ and would be changed. returned: if check mode and a difference is found type: list -''' +""" import traceback @@ -233,26 +238,31 @@ def get_host_diff(client, ipa_host, module_host): def ensure(module, client): name = module.params['fqdn'] state = module.params['state'] + force_creation = module.params['force_creation'] ipa_host = client.host_find(name=name) module_host = get_host_dict(description=module.params['description'], - force=module.params['force'], ip_address=module.params['ip_address'], + force=module.params['force'], + ip_address=module.params['ip_address'], ns_host_location=module.params['ns_host_location'], ns_hardware_platform=module.params['ns_hardware_platform'], ns_os_version=module.params['ns_os_version'], user_certificate=module.params['user_certificate'], mac_address=module.params['mac_address'], - random_password=module.params.get('random_password'), + random_password=module.params['random_password'], ) changed = False if state in ['present', 'enabled', 'disabled']: - if not ipa_host: + if not ipa_host and (force_creation or state == 'present'): changed = True if not module.check_mode: # OTP password generated by FreeIPA is visible only for host_add command # so, return directly from here. return changed, client.host_add(name=name, host=module_host) else: + if state in ['disabled', 'enabled']: + module.fail_json(msg="No host with name " + ipa_host + " found") + diff = get_host_diff(client, ipa_host, module_host) if len(diff) > 0: changed = True @@ -261,11 +271,10 @@ def ensure(module, client): for key in diff: data[key] = module_host.get(key) ipa_host_show = client.host_show(name=name) - if ipa_host_show.get('has_keytab', False) and module.params.get('random_password'): + if ipa_host_show.get('has_keytab', True) and (state == 'disabled' or module.params.get('random_password')): client.host_disable(name=name) return changed, client.host_mod(name=name, host=data) - - else: + elif state == 'absent': if ipa_host: changed = True update_dns = module.params.get('update_dns', False) @@ -288,7 +297,8 @@ def main(): mac_address=dict(type='list', aliases=['macaddress'], elements='str'), update_dns=dict(type='bool'), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), - random_password=dict(type='bool', no_log=False),) + random_password=dict(type='bool', no_log=False), + force_creation=dict(type='bool', default=True),) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) diff --git a/plugins/modules/ipa_hostgroup.py b/plugins/modules/ipa_hostgroup.py index 70749c35b3..c1e7d3ad56 100644 --- a/plugins/modules/ipa_hostgroup.py +++ b/plugins/modules/ipa_hostgroup.py @@ -7,8 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_hostgroup author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA host-group @@ -22,60 +21,61 @@ attributes: options: append: description: - - If V(true), add the listed O(host) to the O(hostgroup). - - If V(false), only the listed O(host) will be in O(hostgroup), removing any other hosts. + - If V(true), add the listed O(host) to the O(hostgroup). + - If V(false), only the listed O(host) will be in O(hostgroup), removing any other hosts. default: false type: bool version_added: 6.6.0 cn: description: - - Name of host-group. - - Can not be changed as it is the unique identifier. + - Name of host-group. + - Can not be changed as it is the unique identifier. required: true aliases: ["name"] type: str description: description: - - Description. + - Description. type: str host: description: - - List of hosts that belong to the host-group. - - If an empty list is passed all hosts will be removed from the group. - - If option is omitted hosts will not be checked or changed. - - If option is passed all assigned hosts that are not passed will be unassigned from the group. + - List of hosts that belong to the host-group. + - If an empty list is passed all hosts will be removed from the group. + - If option is omitted hosts will not be checked or changed. + - If option is passed all assigned hosts that are not passed will be unassigned from the group. type: list elements: str hostgroup: description: - - List of host-groups than belong to that host-group. - - If an empty list is passed all host-groups will be removed from the group. - - If option is omitted host-groups will not be checked or changed. - - If option is passed all assigned hostgroups that are not passed will be unassigned from the group. + - List of host-groups than belong to that host-group. + - If an empty list is passed all host-groups will be removed from the group. + - If option is omitted host-groups will not be checked or changed. + - If option is passed all assigned hostgroups that are not passed will be unassigned from the group. type: list elements: str state: description: - - State to ensure. + - State to ensure. + - V("absent") and V("disabled") give the same results. + - V("present") and V("enabled") give the same results. default: "present" choices: ["absent", "disabled", "enabled", "present"] type: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure host-group databases is present community.general.ipa_hostgroup: name: databases state: present host: - - db.example.com + - db.example.com hostgroup: - - mysql-server - - oracle-server + - mysql-server + - oracle-server ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret @@ -87,14 +87,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" hostgroup: description: Hostgroup as returned by IPA API. returned: always type: dict -''' +""" import traceback @@ -160,7 +160,7 @@ def ensure(module, client): module_hostgroup = get_hostgroup_dict(description=module.params['description']) changed = False - if state == 'present': + if state in ['present', 'enabled']: if not ipa_hostgroup: changed = True if not module.check_mode: diff --git a/plugins/modules/ipa_otpconfig.py b/plugins/modules/ipa_otpconfig.py index e2d8f0cd52..3c07c7eda3 100644 --- a/plugins/modules/ipa_otpconfig.py +++ b/plugins/modules/ipa_otpconfig.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_otpconfig author: justchris1 (@justchris1) short_description: Manage FreeIPA OTP Configuration Settings @@ -41,10 +40,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure the TOTP authentication window is set to 300 seconds community.general.ipa_otpconfig: ipatokentotpauthwindow: '300' @@ -72,14 +70,14 @@ EXAMPLES = r''' ipa_host: localhost ipa_user: admin ipa_pass: supersecret -''' +""" -RETURN = r''' +RETURN = r""" otpconfig: description: OTP configuration as returned by IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipa_otptoken.py b/plugins/modules/ipa_otptoken.py index 567674f935..5f5c8dd612 100644 --- a/plugins/modules/ipa_otptoken.py +++ b/plugins/modules/ipa_otptoken.py @@ -7,8 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_otptoken author: justchris1 (@justchris1) short_description: Manage FreeIPA OTPs @@ -27,25 +26,25 @@ options: aliases: ["name"] type: str newuniqueid: - description: If specified, the unique id specified will be changed to this. + description: If specified, the unique ID specified will be changed to this. type: str otptype: description: - - Type of OTP. - - "B(Note:) Cannot be modified after OTP is created." + - Type of OTP. + - B(Note:) Cannot be modified after OTP is created. type: str - choices: [ totp, hotp ] + choices: [totp, hotp] secretkey: description: - - Token secret (Base64). - - If OTP is created and this is not specified, a random secret will be generated by IPA. - - "B(Note:) Cannot be modified after OTP is created." + - Token secret (Base64). + - If OTP is created and this is not specified, a random secret will be generated by IPA. + - B(Note:) Cannot be modified after OTP is created. type: str description: description: Description of the token (informational only). type: str owner: - description: Assigned user of the token. + description: Assigned user of the token. type: str enabled: description: Mark the token as enabled (default V(true)). @@ -53,15 +52,15 @@ options: type: bool notbefore: description: - - First date/time the token can be used. - - In the format C(YYYYMMddHHmmss). - - For example, C(20180121182022) will allow the token to be used starting on 21 January 2018 at 18:20:22. + - First date/time the token can be used. + - In the format C(YYYYMMddHHmmss). + - For example, V(20180121182022) will allow the token to be used starting on 21 January 2018 at 18:20:22. type: str notafter: description: - - Last date/time the token can be used. - - In the format C(YYYYMMddHHmmss). - - For example, C(20200121182022) will allow the token to be used until 21 January 2020 at 18:20:22. + - Last date/time the token can be used. + - In the format C(YYYYMMddHHmmss). + - For example, V(20200121182022) will allow the token to be used until 21 January 2020 at 18:20:22. type: str vendor: description: Token vendor name (informational only). @@ -79,37 +78,37 @@ options: type: str algorithm: description: - - Token hash algorithm. - - "B(Note:) Cannot be modified after OTP is created." + - Token hash algorithm. + - B(Note:) Cannot be modified after OTP is created. choices: ['sha1', 'sha256', 'sha384', 'sha512'] type: str digits: description: - - Number of digits each token code will have. - - "B(Note:) Cannot be modified after OTP is created." - choices: [ 6, 8 ] + - Number of digits each token code will have. + - B(Note:) Cannot be modified after OTP is created. + choices: [6, 8] type: int offset: description: - - TOTP token / IPA server time difference. - - "B(Note:) Cannot be modified after OTP is created." + - TOTP token / IPA server time difference. + - B(Note:) Cannot be modified after OTP is created. type: int interval: description: - - Length of TOTP token code validity in seconds. - - "B(Note:) Cannot be modified after OTP is created." + - Length of TOTP token code validity in seconds. + - B(Note:) Cannot be modified after OTP is created. type: int counter: description: - - Initial counter for the HOTP token. - - "B(Note:) Cannot be modified after OTP is created." + - Initial counter for the HOTP token. + - B(Note:) Cannot be modified after OTP is created. type: int extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a totp for pinky, allowing the IPA server to generate using defaults community.general.ipa_otptoken: uniqueid: Token123 @@ -161,14 +160,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" otptoken: - description: OTP Token as returned by IPA API + description: OTP Token as returned by IPA API. returned: always type: dict -''' +""" import base64 import traceback @@ -392,9 +391,7 @@ def ensure(module, client): 'counter': 'ipatokenhotpcounter'} # Create inverse dictionary for mapping return values - ipa_to_ansible = {} - for (k, v) in ansible_to_ipa.items(): - ipa_to_ansible[v] = k + ipa_to_ansible = {v: k for k, v in ansible_to_ipa.items()} unmodifiable_after_creation = ['otptype', 'secretkey', 'algorithm', 'digits', 'offset', 'interval', 'counter'] diff --git a/plugins/modules/ipa_pwpolicy.py b/plugins/modules/ipa_pwpolicy.py index ba7d702916..5b41651e09 100644 --- a/plugins/modules/ipa_pwpolicy.py +++ b/plugins/modules/ipa_pwpolicy.py @@ -7,152 +7,153 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_pwpolicy author: Adralioh (@adralioh) short_description: Manage FreeIPA password policies description: -- Add, modify, or delete a password policy using the IPA API. + - Add, modify, or delete a password policy using the IPA API. version_added: 2.0.0 attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - group: - description: - - Name of the group that the policy applies to. - - If omitted, the global policy is used. - aliases: ["name"] - type: str - state: - description: State to ensure. - default: "present" - choices: ["absent", "present"] - type: str - maxpwdlife: - description: Maximum password lifetime (in days). - type: str - minpwdlife: - description: Minimum password lifetime (in hours). - type: str - historylength: - description: - - Number of previous passwords that are remembered. - - Users cannot reuse remembered passwords. - type: str - minclasses: - description: Minimum number of character classes. - type: str - minlength: - description: Minimum password length. - type: str - priority: - description: - - Priority of the policy. - - High number means lower priority. - - Required when C(cn) is not the global policy. - type: str - maxfailcount: - description: Maximum number of consecutive failures before lockout. - type: str - failinterval: - description: Period (in seconds) after which the number of failed login attempts is reset. - type: str - lockouttime: - description: Period (in seconds) for which users are locked out. - type: str - gracelimit: - description: Maximum number of LDAP logins after password expiration. - type: int - version_added: 8.2.0 - maxrepeat: - description: Maximum number of allowed same consecutive characters in the new password. - type: int - version_added: 8.2.0 - maxsequence: - description: Maximum length of monotonic character sequences in the new password. An example of a monotonic sequence of length 5 is V(12345). - type: int - version_added: 8.2.0 - dictcheck: - description: Check whether the password (with possible modifications) matches a word in a dictionary (using cracklib). - type: bool - version_added: 8.2.0 - usercheck: - description: Check whether the password (with possible modifications) contains the user name in some form (if the name has > 3 characters). - type: bool - version_added: 8.2.0 + group: + description: + - Name of the group that the policy applies to. + - If omitted, the global policy is used. + aliases: ["name"] + type: str + state: + description: State to ensure. + default: "present" + choices: ["absent", "present"] + type: str + maxpwdlife: + description: Maximum password lifetime (in days). + type: str + minpwdlife: + description: Minimum password lifetime (in hours). + type: str + historylength: + description: + - Number of previous passwords that are remembered. + - Users cannot reuse remembered passwords. + type: str + minclasses: + description: Minimum number of character classes. + type: str + minlength: + description: Minimum password length. + type: str + priority: + description: + - Priority of the policy. + - High number means lower priority. + - Required when C(cn) is not the global policy. + type: str + maxfailcount: + description: Maximum number of consecutive failures before lockout. + type: str + failinterval: + description: Period (in seconds) after which the number of failed login attempts is reset. + type: str + lockouttime: + description: Period (in seconds) for which users are locked out. + type: str + gracelimit: + description: Maximum number of LDAP logins after password expiration. + type: int + version_added: 8.2.0 + maxrepeat: + description: Maximum number of allowed same consecutive characters in the new password. + type: int + version_added: 8.2.0 + maxsequence: + description: Maximum length of monotonic character sequences in the new password. An example of a monotonic sequence of + length 5 is V(12345). + type: int + version_added: 8.2.0 + dictcheck: + description: Check whether the password (with possible modifications) matches a word in a dictionary (using cracklib). + type: bool + version_added: 8.2.0 + usercheck: + description: Check whether the password (with possible modifications) contains the user name in some form (if the name + has > 3 characters). + type: bool + version_added: 8.2.0 extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Modify the global password policy community.general.ipa_pwpolicy: - maxpwdlife: '90' - minpwdlife: '1' - historylength: '8' - minclasses: '3' - minlength: '16' - maxfailcount: '6' - failinterval: '60' - lockouttime: '600' - ipa_host: ipa.example.com - ipa_user: admin - ipa_pass: topsecret + maxpwdlife: '90' + minpwdlife: '1' + historylength: '8' + minclasses: '3' + minlength: '16' + maxfailcount: '6' + failinterval: '60' + lockouttime: '600' + ipa_host: ipa.example.com + ipa_user: admin + ipa_pass: topsecret - name: Ensure the password policy for the group admins is present community.general.ipa_pwpolicy: - group: admins - state: present - maxpwdlife: '60' - minpwdlife: '24' - historylength: '16' - minclasses: '4' - priority: '10' - minlength: '6' - maxfailcount: '4' - failinterval: '600' - lockouttime: '1200' - gracelimit: 3 - maxrepeat: 3 - maxsequence: 3 - dictcheck: true - usercheck: true - ipa_host: ipa.example.com - ipa_user: admin - ipa_pass: topsecret + group: admins + state: present + maxpwdlife: '60' + minpwdlife: '24' + historylength: '16' + minclasses: '4' + priority: '10' + minlength: '6' + maxfailcount: '4' + failinterval: '600' + lockouttime: '1200' + gracelimit: 3 + maxrepeat: 3 + maxsequence: 3 + dictcheck: true + usercheck: true + ipa_host: ipa.example.com + ipa_user: admin + ipa_pass: topsecret - name: Ensure that the group sysops does not have a unique password policy community.general.ipa_pwpolicy: - group: sysops - state: absent - ipa_host: ipa.example.com - ipa_user: admin - ipa_pass: topsecret -''' + group: sysops + state: absent + ipa_host: ipa.example.com + ipa_user: admin + ipa_pass: topsecret +""" -RETURN = r''' +RETURN = r""" pwpolicy: - description: Password policy as returned by IPA API. - returned: always - type: dict - sample: - cn: ['admins'] - cospriority: ['10'] - dn: 'cn=admins,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com' - krbmaxpwdlife: ['60'] - krbminpwdlife: ['24'] - krbpwdfailurecountinterval: ['600'] - krbpwdhistorylength: ['16'] - krbpwdlockoutduration: ['1200'] - krbpwdmaxfailure: ['4'] - krbpwdmindiffchars: ['4'] - objectclass: ['top', 'nscontainer', 'krbpwdpolicy'] -''' + description: Password policy as returned by IPA API. + returned: always + type: dict + sample: + cn: ['admins'] + cospriority: ['10'] + dn: 'cn=admins,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com' + krbmaxpwdlife: ['60'] + krbminpwdlife: ['24'] + krbpwdfailurecountinterval: ['600'] + krbpwdhistorylength: ['16'] + krbpwdlockoutduration: ['1200'] + krbpwdmaxfailure: ['4'] + krbpwdmindiffchars: ['4'] + objectclass: ['top', 'nscontainer', 'krbpwdpolicy'] +""" import traceback diff --git a/plugins/modules/ipa_role.py b/plugins/modules/ipa_role.py index fce315b662..e77b732cb2 100644 --- a/plugins/modules/ipa_role.py +++ b/plugins/modules/ipa_role.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_role author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA role description: -- Add, modify and delete a role within FreeIPA server using FreeIPA API. + - Add, modify and delete a role within FreeIPA server using FreeIPA API. attributes: check_mode: support: full @@ -22,53 +21,53 @@ attributes: options: cn: description: - - Role name. - - Can not be changed as it is the unique identifier. + - Role name. + - Can not be changed as it is the unique identifier. required: true aliases: ['name'] type: str description: description: - - A description of this role-group. + - A description of this role-group. type: str group: description: - - List of group names assign to this role. - - If an empty list is passed all assigned groups will be unassigned from the role. - - If option is omitted groups will not be checked or changed. - - If option is passed all assigned groups that are not passed will be unassigned from the role. + - List of group names assign to this role. + - If an empty list is passed all assigned groups will be unassigned from the role. + - If option is omitted groups will not be checked or changed. + - If option is passed all assigned groups that are not passed will be unassigned from the role. type: list elements: str host: description: - - List of host names to assign. - - If an empty list is passed all assigned hosts will be unassigned from the role. - - If option is omitted hosts will not be checked or changed. - - If option is passed all assigned hosts that are not passed will be unassigned from the role. + - List of host names to assign. + - If an empty list is passed all assigned hosts will be unassigned from the role. + - If option is omitted hosts will not be checked or changed. + - If option is passed all assigned hosts that are not passed will be unassigned from the role. type: list elements: str hostgroup: description: - - List of host group names to assign. - - If an empty list is passed all assigned host groups will be removed from the role. - - If option is omitted host groups will not be checked or changed. - - If option is passed all assigned hostgroups that are not passed will be unassigned from the role. + - List of host group names to assign. + - If an empty list is passed all assigned host groups will be removed from the role. + - If option is omitted host groups will not be checked or changed. + - If option is passed all assigned hostgroups that are not passed will be unassigned from the role. type: list elements: str privilege: description: - - List of privileges granted to the role. - - If an empty list is passed all assigned privileges will be removed. - - If option is omitted privileges will not be checked or changed. - - If option is passed all assigned privileges that are not passed will be removed. + - List of privileges granted to the role. + - If an empty list is passed all assigned privileges will be removed. + - If option is omitted privileges will not be checked or changed. + - If option is passed all assigned privileges that are not passed will be removed. type: list elements: str service: description: - - List of service names to assign. - - If an empty list is passed all assigned services will be removed from the role. - - If option is omitted services will not be checked or changed. - - If option is passed all assigned services that are not passed will be removed from the role. + - List of service names to assign. + - If an empty list is passed all assigned services will be removed from the role. + - If option is omitted services will not be checked or changed. + - If option is passed all assigned services that are not passed will be removed from the role. type: list elements: str state: @@ -78,26 +77,25 @@ options: type: str user: description: - - List of user names to assign. - - If an empty list is passed all assigned users will be removed from the role. - - If option is omitted users will not be checked or changed. + - List of user names to assign. + - If an empty list is passed all assigned users will be removed from the role. + - If option is omitted users will not be checked or changed. type: list elements: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure role is present community.general.ipa_role: name: dba description: Database Administrators state: present user: - - pinky - - brain + - pinky + - brain ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret @@ -107,16 +105,16 @@ EXAMPLES = r''' name: another-role description: Just another role group: - - editors + - editors host: - - host01.example.com + - host01.example.com hostgroup: - - hostgroup01 + - hostgroup01 privilege: - - Group Administrators - - User Administrators + - Group Administrators + - User Administrators service: - - service01 + - service01 - name: Ensure role is absent community.general.ipa_role: @@ -125,14 +123,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" role: description: Role as returned by IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipa_service.py b/plugins/modules/ipa_service.py index d9541674f2..54c5575950 100644 --- a/plugins/modules/ipa_service.py +++ b/plugins/modules/ipa_service.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_service author: Cédric Parent (@cprh) short_description: Manage FreeIPA service description: -- Add and delete an IPA service using IPA API. + - Add and delete an IPA service using IPA API. attributes: check_mode: support: full @@ -22,26 +21,26 @@ attributes: options: krbcanonicalname: description: - - Principal of the service. - - Can not be changed as it is the unique identifier. + - Principal of the service. + - Can not be changed as it is the unique identifier. required: true aliases: ["name"] type: str hosts: description: - - Defines the list of 'ManagedBy' hosts. + - Defines the list of C(ManagedBy) hosts. required: false type: list elements: str force: description: - - Force principal name even if host is not in DNS. + - Force principal name even if host is not in DNS. required: false type: bool skip_host_check: description: - - Force service to be created even when host object does not exist to manage it. - - This is only used on creation, not for updating existing services. + - Force service to be created even when host object does not exist to manage it. + - This is only used on creation, not for updating existing services. required: false type: bool default: false @@ -55,10 +54,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure service is present community.general.ipa_service: name: http/host01.example.com @@ -79,19 +77,19 @@ EXAMPLES = r''' community.general.ipa_service: name: http/host01.example.com hosts: - - host01.example.com - - host02.example.com + - host01.example.com + - host02.example.com ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" service: description: Service as returned by IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipa_subca.py b/plugins/modules/ipa_subca.py index 882b1ac396..ddb551689d 100644 --- a/plugins/modules/ipa_subca.py +++ b/plugins/modules/ipa_subca.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_subca author: Abhijeet Kasurde (@Akasurde) short_description: Manage FreeIPA Lightweight Sub Certificate Authorities description: -- Add, modify, enable, disable and delete an IPA Lightweight Sub Certificate Authorities using IPA API. + - Add, modify, enable, disable and delete an IPA Lightweight Sub Certificate Authorities using IPA API. attributes: check_mode: support: full @@ -22,23 +21,23 @@ attributes: options: subca_name: description: - - The Sub Certificate Authority name which needs to be managed. + - The Sub Certificate Authority name which needs to be managed. required: true aliases: ["name"] type: str subca_subject: description: - - The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test'. + - The Sub Certificate Authority's Subject, for example V(CN=SampleSubCA1,O=testrelm.test). required: true type: str subca_desc: description: - - The Sub Certificate Authority's description. + - The Sub Certificate Authority's description. type: str state: description: - - State to ensure. - - State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards. + - State to ensure. + - States V(disable) and V(enable) are available for FreeIPA 4.4.2 version and onwards. required: false default: present choices: ["absent", "disabled", "enabled", "present"] @@ -46,10 +45,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Ensure IPA Sub CA is present community.general.ipa_subca: ipa_host: spider.example.com @@ -72,14 +70,14 @@ EXAMPLES = ''' ipa_pass: Passw0rd! state: disable subca_name: AnsibleSubCA1 -''' +""" -RETURN = r''' +RETURN = r""" subca: description: IPA Sub CA record as returned by IPA API. returned: always type: dict -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec diff --git a/plugins/modules/ipa_sudocmd.py b/plugins/modules/ipa_sudocmd.py index d3139ba1c3..f52d3e9e6d 100644 --- a/plugins/modules/ipa_sudocmd.py +++ b/plugins/modules/ipa_sudocmd.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_sudocmd author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA sudo command description: -- Add, modify or delete sudo command within FreeIPA server using FreeIPA API. + - Add, modify or delete sudo command within FreeIPA server using FreeIPA API. attributes: check_mode: support: full @@ -22,13 +21,13 @@ attributes: options: sudocmd: description: - - Sudo command. + - Sudo command. aliases: ['name'] required: true type: str description: description: - - A description of this command. + - A description of this command. type: str state: description: State to ensure. @@ -38,10 +37,9 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure sudo command exists community.general.ipa_sudocmd: name: su @@ -57,14 +55,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" sudocmd: - description: Sudo command as return from IPA API + description: Sudo command as return from IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipa_sudocmdgroup.py b/plugins/modules/ipa_sudocmdgroup.py index a768e74a1a..c7ab798f4c 100644 --- a/plugins/modules/ipa_sudocmdgroup.py +++ b/plugins/modules/ipa_sudocmdgroup.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_sudocmdgroup author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA sudo command group description: -- Add, modify or delete sudo command group within IPA server using IPA API. + - Add, modify or delete sudo command group within IPA server using IPA API. attributes: check_mode: support: full @@ -22,13 +21,13 @@ attributes: options: cn: description: - - Sudo Command Group. + - Sudo Command Group. aliases: ['name'] required: true type: str description: description: - - Group description. + - Group description. type: str state: description: State to ensure. @@ -37,24 +36,23 @@ options: type: str sudocmd: description: - - List of sudo commands to assign to the group. - - If an empty list is passed all assigned commands will be removed from the group. - - If option is omitted sudo commands will not be checked or changed. + - List of sudo commands to assign to the group. + - If an empty list is passed all assigned commands will be removed from the group. + - If option is omitted sudo commands will not be checked or changed. type: list elements: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure sudo command group exists community.general.ipa_sudocmdgroup: name: group01 description: Group of important commands sudocmd: - - su + - su ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret @@ -66,14 +64,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" sudocmdgroup: - description: Sudo command group as returned by IPA API + description: Sudo command group as returned by IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipa_sudorule.py b/plugins/modules/ipa_sudorule.py index 4f00e88059..1670a52035 100644 --- a/plugins/modules/ipa_sudorule.py +++ b/plugins/modules/ipa_sudorule.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_sudorule author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA sudo rule description: -- Add, modify or delete sudo rule within IPA server using IPA API. + - Add, modify or delete sudo rule within IPA server using IPA API. attributes: check_mode: support: full @@ -22,83 +21,83 @@ attributes: options: cn: description: - - Canonical name. - - Can not be changed as it is the unique identifier. + - Canonical name. + - Can not be changed as it is the unique identifier. required: true aliases: ['name'] type: str cmdcategory: description: - - Command category the rule applies to. + - Command category the rule applies to. choices: ['all'] type: str cmd: description: - - List of commands assigned to the rule. - - If an empty list is passed all commands will be removed from the rule. - - If option is omitted commands will not be checked or changed. + - List of commands assigned to the rule. + - If an empty list is passed all commands will be removed from the rule. + - If option is omitted commands will not be checked or changed. type: list elements: str cmdgroup: description: - - List of command groups assigned to the rule. - - If an empty list is passed all command groups will be removed from the rule. - - If option is omitted command groups will not be checked or changed. + - List of command groups assigned to the rule. + - If an empty list is passed all command groups will be removed from the rule. + - If option is omitted command groups will not be checked or changed. type: list elements: str version_added: 2.0.0 deny_cmd: description: - - List of denied commands assigned to the rule. - - If an empty list is passed all commands will be removed from the rule. - - If option is omitted commands will not be checked or changed. + - List of denied commands assigned to the rule. + - If an empty list is passed all commands will be removed from the rule. + - If option is omitted commands will not be checked or changed. type: list elements: str version_added: 8.1.0 deny_cmdgroup: description: - - List of denied command groups assigned to the rule. - - If an empty list is passed all command groups will be removed from the rule. - - If option is omitted command groups will not be checked or changed. + - List of denied command groups assigned to the rule. + - If an empty list is passed all command groups will be removed from the rule. + - If option is omitted command groups will not be checked or changed. type: list elements: str version_added: 8.1.0 description: description: - - Description of the sudo rule. + - Description of the sudo rule. type: str host: description: - - List of hosts assigned to the rule. - - If an empty list is passed all hosts will be removed from the rule. - - If option is omitted hosts will not be checked or changed. - - Option O(hostcategory) must be omitted to assign hosts. + - List of hosts assigned to the rule. + - If an empty list is passed all hosts will be removed from the rule. + - If option is omitted hosts will not be checked or changed. + - Option O(hostcategory) must be omitted to assign hosts. type: list elements: str hostcategory: description: - - Host category the rule applies to. - - If V(all) is passed one must omit O(host) and O(hostgroup). - - Option O(host) and O(hostgroup) must be omitted to assign V(all). + - Host category the rule applies to. + - If V(all) is passed one must omit O(host) and O(hostgroup). + - Option O(host) and O(hostgroup) must be omitted to assign V(all). choices: ['all'] type: str hostgroup: description: - - List of host groups assigned to the rule. - - If an empty list is passed all host groups will be removed from the rule. - - If option is omitted host groups will not be checked or changed. - - Option O(hostcategory) must be omitted to assign host groups. + - List of host groups assigned to the rule. + - If an empty list is passed all host groups will be removed from the rule. + - If option is omitted host groups will not be checked or changed. + - Option O(hostcategory) must be omitted to assign host groups. type: list elements: str runasextusers: description: - - List of external RunAs users + - List of external RunAs users. type: list elements: str version_added: 2.3.0 runasusercategory: description: - - RunAs User category the rule applies to. + - RunAs User category the rule applies to. choices: ['all'] type: str runasgroupcategory: @@ -113,21 +112,21 @@ options: elements: str user: description: - - List of users assigned to the rule. - - If an empty list is passed all users will be removed from the rule. - - If option is omitted users will not be checked or changed. + - List of users assigned to the rule. + - If an empty list is passed all users will be removed from the rule. + - If option is omitted users will not be checked or changed. type: list elements: str usercategory: description: - - User category the rule applies to. + - User category the rule applies to. choices: ['all'] type: str usergroup: description: - - List of user groups assigned to the rule. - - If an empty list is passed all user groups will be removed from the rule. - - If option is omitted user groups will not be checked or changed. + - List of user groups assigned to the rule. + - If an empty list is passed all user groups will be removed from the rule. + - If option is omitted user groups will not be checked or changed. type: list elements: str state: @@ -138,18 +137,18 @@ options: extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' -- name: Ensure sudo rule is present that's allows all every body to execute any command on any host without being asked for a password. +EXAMPLES = r""" +- name: Ensure sudo rule is present that's allows all every body to execute any command on any host without being asked + for a password. community.general.ipa_sudorule: name: sudo_all_nopasswd cmdcategory: all description: Allow to run every command with sudo without password hostcategory: all sudoopt: - - '!authenticate' + - '!authenticate' usercategory: all ipa_host: ipa.example.com ipa_user: admin @@ -161,13 +160,13 @@ EXAMPLES = r''' description: Allow developers to run every command with sudo on all database server cmdcategory: all host: - - db01.example.com + - db01.example.com hostgroup: - - db-server + - db-server sudoopt: - - '!authenticate' + - '!authenticate' usergroup: - - developers + - developers ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret @@ -177,31 +176,32 @@ EXAMPLES = r''' name: sudo_operations_all description: Allow operators to run any commands that is part of operations-cmdgroup on any host as user root. cmdgroup: - - operations-cmdgroup + - operations-cmdgroup hostcategory: all runasextusers: - - root + - root sudoopt: - - '!authenticate' + - '!authenticate' usergroup: - - operators + - operators ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" sudorule: - description: Sudorule as returned by IPA + description: Sudorule as returned by IPA. returned: always type: dict -''' +""" import traceback from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils.common.text.converters import to_native +from ansible_collections.community.general.plugins.module_utils.version import LooseVersion class SudoRuleIPAClient(IPAClient): @@ -334,10 +334,17 @@ def ensure(module, client): runasgroupcategory = module.params['runasgroupcategory'] runasextusers = module.params['runasextusers'] + ipa_version = client.get_ipa_version() if state in ['present', 'enabled']: - ipaenabledflag = 'TRUE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'TRUE' + else: + ipaenabledflag = True else: - ipaenabledflag = 'FALSE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'FALSE' + else: + ipaenabledflag = False sudoopt = module.params['sudoopt'] user = module.params['user'] diff --git a/plugins/modules/ipa_user.py b/plugins/modules/ipa_user.py index e8a1858d0b..47d50972bd 100644 --- a/plugins/modules/ipa_user.py +++ b/plugins/modules/ipa_user.py @@ -7,13 +7,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_user author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA users description: -- Add, modify and delete user within IPA server. + - Add, modify and delete user within IPA server. attributes: check_mode: support: full @@ -25,46 +24,46 @@ options: type: str update_password: description: - - Set password for a user. + - Set password for a user. type: str default: 'always' - choices: [ always, on_create ] + choices: [always, on_create] givenname: description: - - First name. - - If user does not exist and O(state=present), the usage of O(givenname) is required. + - First name. + - If user does not exist and O(state=present), the usage of O(givenname) is required. type: str krbpasswordexpiration: description: - - Date at which the user password will expire. - - In the format YYYYMMddHHmmss. - - e.g. 20180121182022 will expire on 21 January 2018 at 18:20:22. + - Date at which the user password will expire. + - In the format YYYYMMddHHmmss. + - For example V(20180121182022) will expire on 21 January 2018 at 18:20:22. type: str loginshell: description: Login shell. type: str mail: description: - - List of mail addresses assigned to the user. - - If an empty list is passed all assigned email addresses will be deleted. - - If None is passed email addresses will not be checked or changed. + - List of mail addresses assigned to the user. + - If an empty list is passed all assigned email addresses will be deleted. + - If None is passed email addresses will not be checked or changed. type: list elements: str password: description: - - Password for a user. - - Will not be set for an existing user unless O(update_password=always), which is the default. + - Password for a user. + - Will not be set for an existing user unless O(update_password=always), which is the default. type: str sn: description: - - Surname. - - If user does not exist and O(state=present), the usage of O(sn) is required. + - Surname. + - If user does not exist and O(state=present), the usage of O(sn) is required. type: str sshpubkey: description: - - List of public SSH key. - - If an empty list is passed all assigned public keys will be deleted. - - If None is passed SSH public keys will not be checked or changed. + - List of public SSH key. + - If an empty list is passed all assigned public keys will be deleted. + - If None is passed SSH public keys will not be checked or changed. type: list elements: str state: @@ -74,37 +73,37 @@ options: type: str telephonenumber: description: - - List of telephone numbers assigned to the user. - - If an empty list is passed all assigned telephone numbers will be deleted. - - If None is passed telephone numbers will not be checked or changed. + - List of telephone numbers assigned to the user. + - If an empty list is passed all assigned telephone numbers will be deleted. + - If None is passed telephone numbers will not be checked or changed. type: list elements: str title: description: Title. type: str uid: - description: uid of the user. + description: Uid of the user. required: true aliases: ["name"] type: str uidnumber: description: - - Account Settings UID/Posix User ID number. + - Account Settings UID/Posix User ID number. type: str gidnumber: description: - - Posix Group ID. + - Posix Group ID. type: str homedirectory: description: - - Default home directory of the user. + - Default home directory of the user. type: str version_added: '0.2.0' userauthtype: description: - - The authentication type to use for the user. - - To remove all authentication types from the user, use an empty list V([]). - - The choice V(idp) and V(passkey) has been added in community.general 8.1.0. + - The authentication type to use for the user. + - To remove all authentication types from the user, use an empty list V([]). + - The choice V(idp) and V(passkey) has been added in community.general 8.1.0. choices: ["password", "radius", "otp", "pkinit", "hardened", "idp", "passkey"] type: list elements: str @@ -114,11 +113,11 @@ extends_documentation_fragment: - community.general.attributes requirements: -- base64 -- hashlib -''' + - base64 + - hashlib +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure pinky is present and always reset password community.general.ipa_user: name: pinky @@ -127,12 +126,12 @@ EXAMPLES = r''' givenname: Pinky sn: Acme mail: - - pinky@acme.com + - pinky@acme.com telephonenumber: - - '+555123456' + - '+555123456' sshpubkey: - - ssh-rsa .... - - ssh-dsa .... + - ssh-rsa .... + - ssh-dsa .... uidnumber: '1001' gidnumber: '100' homedirectory: /home/pinky @@ -170,14 +169,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" user: - description: User as returned by IPA API + description: User as returned by IPA API. returned: always type: dict -''' +""" import base64 import hashlib @@ -269,7 +268,7 @@ def get_user_diff(client, ipa_user, module_user): if 'sshpubkeyfp' in ipa_user and ipa_user['sshpubkeyfp'][0][:7].upper() == 'SHA256:': hash_algo = 'sha256' module_user['sshpubkeyfp'] = [get_ssh_key_fingerprint(pubkey, hash_algo) for pubkey in module_user['ipasshpubkey']] - # Remove the ipasshpubkey element as it is not returned from IPA but save it's value to be used later on + # Remove the ipasshpubkey element as it is not returned from IPA but save its value to be used later on sshpubkey = module_user['ipasshpubkey'] del module_user['ipasshpubkey'] diff --git a/plugins/modules/ipa_vault.py b/plugins/modules/ipa_vault.py index 88947e470e..23002b7ce0 100644 --- a/plugins/modules/ipa_vault.py +++ b/plugins/modules/ipa_vault.py @@ -7,84 +7,82 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipa_vault author: Juan Manuel Parrilla (@jparrill) short_description: Manage FreeIPA vaults description: -- Add, modify and delete vaults and secret vaults. -- KRA service should be enabled to use this module. + - Add, modify and delete vaults and secret vaults. + - KRA service should be enabled to use this module. attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - cn: - description: - - Vault name. - - Can not be changed as it is the unique identifier. - required: true - aliases: ["name"] - type: str + cn: description: - description: - - Description. - type: str - ipavaulttype: - description: - - Vault types are based on security level. - default: "symmetric" - choices: ["asymmetric", "standard", "symmetric"] - aliases: ["vault_type"] - type: str - ipavaultpublickey: - description: - - Public key. - aliases: ["vault_public_key"] - type: str - ipavaultsalt: - description: - - Vault Salt. - aliases: ["vault_salt"] - type: str - username: - description: - - Any user can own one or more user vaults. - - Mutually exclusive with service. - aliases: ["user"] - type: list - elements: str - service: - description: - - Any service can own one or more service vaults. - - Mutually exclusive with user. - type: str - state: - description: - - State to ensure. - default: "present" - choices: ["absent", "present"] - type: str - replace: - description: - - Force replace the existent vault on IPA server. - type: bool - default: false - choices: ["True", "False"] - validate_certs: - description: - - Validate IPA server certificates. - type: bool - default: true + - Vault name. + - Can not be changed as it is the unique identifier. + required: true + aliases: ["name"] + type: str + description: + description: + - Description. + type: str + ipavaulttype: + description: + - Vault types are based on security level. + default: "symmetric" + choices: ["asymmetric", "standard", "symmetric"] + aliases: ["vault_type"] + type: str + ipavaultpublickey: + description: + - Public key. + aliases: ["vault_public_key"] + type: str + ipavaultsalt: + description: + - Vault Salt. + aliases: ["vault_salt"] + type: str + username: + description: + - Any user can own one or more user vaults. + - Mutually exclusive with O(service). + aliases: ["user"] + type: list + elements: str + service: + description: + - Any service can own one or more service vaults. + - Mutually exclusive with O(user). + type: str + state: + description: + - State to ensure. + default: "present" + choices: ["absent", "present"] + type: str + replace: + description: + - Force replace the existent vault on IPA server. + type: bool + default: false + choices: ["True", "False"] + validate_certs: + description: + - Validate IPA server certificates. + type: bool + default: true extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes +""" -''' - -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure vault is present community.general.ipa_vault: name: vault01 @@ -128,14 +126,14 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -''' +""" -RETURN = r''' +RETURN = r""" vault: - description: Vault as returned by IPA API + description: Vault as returned by IPA API. returned: always type: dict -''' +""" import traceback diff --git a/plugins/modules/ipbase_info.py b/plugins/modules/ipbase_info.py index c6a5511b73..3c7d3d26c1 100644 --- a/plugins/modules/ipbase_info.py +++ b/plugins/modules/ipbase_info.py @@ -8,13 +8,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: "ipbase_info" version_added: "7.0.0" short_description: "Retrieve IP geolocation and other facts of a host's IP address using the ipbase.com API" description: - - "Retrieve IP geolocation and other facts of a host's IP address using the ipbase.com API" + - Retrieve IP geolocation and other facts of a host's IP address using the ipbase.com API. author: "Dominik Kukacka (@dominikkukacka)" extends_documentation_fragment: - "community.general.attributes" @@ -22,31 +21,31 @@ extends_documentation_fragment: options: ip: description: - - "The IP you want to get the info for. If not specified the API will detect the IP automatically." + - The IP you want to get the info for. If not specified the API will detect the IP automatically. required: false type: str apikey: description: - - "The API key for the request if you need more requests." + - The API key for the request if you need more requests. required: false type: str hostname: description: - - "If the O(hostname) parameter is set to V(true), the API response will contain the hostname of the IP." + - If the O(hostname) parameter is set to V(true), the API response will contain the hostname of the IP. required: false type: bool default: false language: description: - - "An ISO Alpha 2 Language Code for localizing the IP data" + - An ISO Alpha 2 Language Code for localizing the IP data. required: false type: str default: "en" notes: - - "Check U(https://ipbase.com/) for more information." -''' + - Check U(https://ipbase.com/) for more information. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: "Get IP geolocation information of the primary outgoing IP" community.general.ipbase_info: register: my_ip_info @@ -64,12 +63,12 @@ EXAMPLES = ''' hostname: true language: "de" register: my_ip_info +""" -''' - -RETURN = ''' +RETURN = r""" data: - description: "JSON parsed response from ipbase.com. Please refer to U(https://ipbase.com/docs/info) for the detailed structure of the response." + description: "JSON parsed response from ipbase.com. Please refer to U(https://ipbase.com/docs/info) for the detailed structure + of the response." returned: success type: dict sample: { @@ -213,7 +212,7 @@ data: ] } } -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/ipify_facts.py b/plugins/modules/ipify_facts.py index ff17d7e543..7767c8d0ff 100644 --- a/plugins/modules/ipify_facts.py +++ b/plugins/modules/ipify_facts.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ipify_facts short_description: Retrieve the public IP of your internet gateway description: - If behind NAT and need to know the public IP of your internet gateway. author: -- René Moser (@resmo) + - René Moser (@resmo) extends_documentation_fragment: - community.general.attributes - community.general.attributes.facts @@ -40,9 +39,9 @@ options: default: true notes: - Visit https://www.ipify.org to get more information. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" # Gather IP facts from ipify.org - name: Get my public IP community.general.ipify_facts: @@ -52,16 +51,15 @@ EXAMPLES = r''' community.general.ipify_facts: api_url: http://api.example.com/ipify timeout: 20 -''' +""" -RETURN = r''' ---- +RETURN = r""" ipify_public_ip: description: Public IP of the internet gateway. returned: success type: str sample: 1.2.3.4 -''' +""" import json diff --git a/plugins/modules/ipinfoio_facts.py b/plugins/modules/ipinfoio_facts.py index f29b3cbf4c..5db21dc8f8 100644 --- a/plugins/modules/ipinfoio_facts.py +++ b/plugins/modules/ipinfoio_facts.py @@ -9,12 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ipinfoio_facts short_description: Retrieve IP geolocation facts of a host's IP address description: - - "Gather IP geolocation facts of a host's IP address using ipinfo.io API" + - Gather IP geolocation facts of a host's IP address using ipinfo.io API. author: "Aleksei Kostiuk (@akostyuk)" extends_documentation_fragment: - community.general.attributes @@ -23,65 +22,65 @@ extends_documentation_fragment: options: timeout: description: - - HTTP connection timeout in seconds + - HTTP connection timeout in seconds. required: false default: 10 type: int http_agent: description: - - Set http user agent + - Set http user agent. required: false default: "ansible-ipinfoio-module/0.0.1" type: str notes: - - "Check http://ipinfo.io/ for more information" -''' + - Check U(http://ipinfo.io/) for more information. +""" -EXAMPLES = ''' +EXAMPLES = r""" # Retrieve geolocation data of a host's IP address - name: Get IP geolocation data community.general.ipinfoio_facts: -''' +""" -RETURN = ''' +RETURN = r""" ansible_facts: - description: "Dictionary of ip geolocation facts for a host's IP address" + description: "Dictionary of IP geolocation facts for a host's IP address." returned: changed type: complex contains: ip: - description: "Public IP address of a host" + description: "Public IP address of a host." type: str sample: "8.8.8.8" hostname: - description: Domain name + description: Domain name. type: str sample: "google-public-dns-a.google.com" country: - description: ISO 3166-1 alpha-2 country code + description: ISO 3166-1 alpha-2 country code. type: str sample: "US" region: - description: State or province name + description: State or province name. type: str sample: "California" city: - description: City name + description: City name. type: str sample: "Mountain View" loc: - description: Latitude and Longitude of the location + description: Latitude and Longitude of the location. type: str sample: "37.3860,-122.0838" org: - description: "organization's name" + description: "Organization's name." type: str sample: "AS3356 Level 3 Communications, Inc." postal: - description: Postal code + description: Postal code. type: str sample: "94035" -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url diff --git a/plugins/modules/ipmi_boot.py b/plugins/modules/ipmi_boot.py index 9f0016560e..bd96b35a51 100644 --- a/plugins/modules/ipmi_boot.py +++ b/plugins/modules/ipmi_boot.py @@ -9,12 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ipmi_boot short_description: Management of order of boot devices description: - - Use this module to manage order of boot devices + - Use this module to manage order of boot devices. extends_documentation_fragment: - community.general.attributes attributes: @@ -25,7 +24,7 @@ attributes: options: name: description: - - Hostname or ip address of the BMC. + - Hostname or IP address of the BMC. required: true type: str port: @@ -51,15 +50,15 @@ options: version_added: 4.1.0 bootdev: description: - - Set boot device to use on next reboot - - "The choices for the device are: - - network -- Request network boot - - floppy -- Boot from floppy - - hd -- Boot from hard drive - - safe -- Boot from hard drive, requesting 'safe mode' - - optical -- boot from CD/DVD/BD drive - - setup -- Boot into setup utility - - default -- remove any IPMI directed boot device request" + - Set boot device to use on next reboot. + - 'The choices for the device are:' + - V(network) -- Request network boot. + - V(floppy) -- Boot from floppy. + - V(hd) -- Boot from hard drive. + - V(safe) -- Boot from hard drive, requesting 'safe mode'. + - V(optical) -- boot from CD/DVD/BD drive. + - V(setup) -- Boot into setup utility. + - V(default) -- remove any IPMI directed boot device request. required: true choices: - network @@ -73,49 +72,46 @@ options: state: description: - Whether to ensure that boot devices is desired. - - "The choices for the state are: - - present -- Request system turn on - - absent -- Request system turn on" + - 'The choices for the state are: - present -- Request system turn on - absent -- Request system turn on.' default: present - choices: [ present, absent ] + choices: [present, absent] type: str persistent: description: - - If set, ask that system firmware uses this device beyond next boot. - Be aware many systems do not honor this. + - If set, ask that system firmware uses this device beyond next boot. Be aware many systems do not honor this. type: bool default: false uefiboot: description: - - If set, request UEFI boot explicitly. - Strictly speaking, the spec suggests that if not set, the system should BIOS boot and offers no "don't care" option. - In practice, this flag not being set does not preclude UEFI boot on any system I've encountered. + - If set, request UEFI boot explicitly. Strictly speaking, the spec suggests that if not set, the system should BIOS + boot and offers no "do not care" option. In practice, this flag not being set does not preclude UEFI boot on any system + I have encountered. type: bool default: false requirements: - pyghmi author: "Bulat Gaifullin (@bgaifullin) " -''' +""" -RETURN = ''' +RETURN = r""" bootdev: - description: The boot device name which will be used beyond next boot. - returned: success - type: str - sample: default + description: The boot device name which will be used beyond next boot. + returned: success + type: str + sample: default persistent: - description: If True, system firmware will use this device beyond next boot. - returned: success - type: bool - sample: false + description: If True, system firmware will use this device beyond next boot. + returned: success + type: bool + sample: false uefimode: - description: If True, system firmware will use UEFI boot explicitly beyond next boot. - returned: success - type: bool - sample: false -''' + description: If True, system firmware will use UEFI boot explicitly beyond next boot. + returned: success + type: bool + sample: false +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Ensure bootdevice is HD community.general.ipmi_boot: name: test.testdomain.com @@ -131,7 +127,7 @@ EXAMPLES = ''' key: 1234567890AABBCCDEFF000000EEEE12 bootdev: network state: absent -''' +""" import traceback import binascii diff --git a/plugins/modules/ipmi_power.py b/plugins/modules/ipmi_power.py index 587cee06f3..e230fe4060 100644 --- a/plugins/modules/ipmi_power.py +++ b/plugins/modules/ipmi_power.py @@ -9,12 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ipmi_power short_description: Power management for machine description: - - Use this module for power management + - Use this module for power management. extends_documentation_fragment: - community.general.attributes attributes: @@ -25,7 +24,7 @@ attributes: options: name: description: - - Hostname or ip address of the BMC. + - Hostname or IP address of the BMC. required: true type: str port: @@ -52,12 +51,12 @@ options: state: description: - Whether to ensure that the machine in desired state. - - "The choices for state are: - - on -- Request system turn on - - off -- Request system turn off without waiting for OS to shutdown - - shutdown -- Have system request OS proper shutdown - - reset -- Request system reset without waiting for OS - - boot -- If system is off, then 'on', else 'reset'" + - 'The choices for state are:' + - V(on) -- Request system turn on. + - V(off) -- Request system turn off without waiting for OS to shutdown. + - V(shutdown) -- Have system request OS proper shutdown. + - V(reset) -- Request system reset without waiting for OS. + - V(boot) -- If system is off, then V(on), else V(reset). - Either this option or O(machine) is required. choices: ['on', 'off', shutdown, reset, boot] type: str @@ -68,8 +67,7 @@ options: type: int machine: description: - - Provide a list of the remote target address for the bridge IPMI request, - and the power status. + - Provide a list of the remote target address for the bridge IPMI request, and the power status. - Either this option or O(state) is required. required: false type: list @@ -92,40 +90,31 @@ options: requirements: - pyghmi author: "Bulat Gaifullin (@bgaifullin) " -''' +""" -RETURN = ''' +RETURN = r""" powerstate: - description: The current power state of the machine. - returned: success and O(machine) is not provided - type: str - sample: 'on' + description: The current power state of the machine. + returned: success and O(machine) is not provided + type: str + sample: 'on' status: - description: The current power state of the machine when the machine option is set. - returned: success and O(machine) is provided - type: list - elements: dict - version_added: 4.3.0 - contains: - powerstate: - description: The current power state of the machine specified by RV(status[].targetAddress). - type: str - targetAddress: - description: The remote target address. - type: int - sample: [ - { - "powerstate": "on", - "targetAddress": 48, - }, - { - "powerstate": "on", - "targetAddress": 50, - }, - ] -''' + description: The current power state of the machine when the machine option is set. + returned: success and O(machine) is provided + type: list + elements: dict + version_added: 4.3.0 + contains: + powerstate: + description: The current power state of the machine specified by RV(status[].targetAddress). + type: str + targetAddress: + description: The remote target address. + type: int + sample: [{"powerstate": "on", "targetAddress": 48}, {"powerstate": "on", "targetAddress": 50}] +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Ensure machine is powered on community.general.ipmi_power: name: test.testdomain.com @@ -153,7 +142,7 @@ EXAMPLES = ''' state: 'on' - targetAddress: 50 state: 'off' -''' +""" import traceback import binascii diff --git a/plugins/modules/iptables_state.py b/plugins/modules/iptables_state.py index 79c0e26c48..6f3fa19042 100644 --- a/plugins/modules/iptables_state.py +++ b/plugins/modules/iptables_state.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: iptables_state short_description: Save iptables state into a file or restore it from a file version_added: '1.1.0' @@ -19,26 +18,17 @@ extends_documentation_fragment: - community.general.attributes - community.general.attributes.flow description: - - C(iptables) is used to set up, maintain, and inspect the tables of IP - packet filter rules in the Linux kernel. - - This module handles the saving and/or loading of rules. This is the same - as the behaviour of the C(iptables-save) and C(iptables-restore) (or - C(ip6tables-save) and C(ip6tables-restore) for IPv6) commands which this - module uses internally. - - Modifying the state of the firewall remotely may lead to loose access to - the host in case of mistake in new ruleset. This module embeds a rollback - feature to avoid this, by telling the host to restore previous rules if a - cookie is still there after a given delay, and all this time telling the - controller to try to remove this cookie on the host through a new - connection. + - C(iptables) is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. + - This module handles the saving and/or loading of rules. This is the same as the behaviour of the C(iptables-save) and + C(iptables-restore) (or C(ip6tables-save) and C(ip6tables-restore) for IPv6) commands which this module uses internally. + - Modifying the state of the firewall remotely may lead to loose access to the host in case of mistake in new ruleset. This + module embeds a rollback feature to avoid this, by telling the host to restore previous rules if a cookie is still there + after a given delay, and all this time telling the controller to try to remove this cookie on the host through a new connection. notes: - - The rollback feature is not a module option and depends on task's - attributes. To enable it, the module must be played asynchronously, i.e. - by setting task attributes C(poll) to V(0), and C(async) to a value less - or equal to C(ANSIBLE_TIMEOUT). If C(async) is greater, the rollback will - still happen if it shall happen, but you will experience a connection - timeout instead of more relevant info returned by the module after its - failure. + - The rollback feature is not a module option and depends on task's attributes. To enable it, the module must be played + asynchronously, in other words by setting task attributes C(poll) to V(0), and C(async) to a value less or equal to C(ANSIBLE_TIMEOUT). + If C(async) is greater, the rollback will still happen if it shall happen, but you will experience a connection timeout + instead of more relevant info returned by the module after its failure. attributes: check_mode: support: full @@ -59,22 +49,18 @@ options: description: - Which version of the IP protocol this module should apply to. type: str - choices: [ ipv4, ipv6 ] + choices: [ipv4, ipv6] default: ipv4 modprobe: description: - - Specify the path to the C(modprobe) program internally used by iptables - related commands to load kernel modules. - - By default, V(/proc/sys/kernel/modprobe) is inspected to determine the - executable's path. + - Specify the path to the C(modprobe) program internally used by iptables related commands to load kernel modules. + - By default, V(/proc/sys/kernel/modprobe) is inspected to determine the executable's path. type: path noflush: description: - For O(state=restored), ignored otherwise. - - If V(false), restoring iptables rules from a file flushes (deletes) - all previous contents of the respective table(s). If V(true), the - previous rules are left untouched (but policies are updated anyway, - for all built-in chains). + - If V(false), restoring iptables rules from a file flushes (deletes) all previous contents of the respective table(s). + If V(true), the previous rules are left untouched (but policies are updated anyway, for all built-in chains). type: bool default: false path: @@ -85,29 +71,26 @@ options: required: true state: description: - - Whether the firewall state should be saved (into a file) or restored - (from a file). + - Whether the firewall state should be saved (into a file) or restored (from a file). type: str - choices: [ saved, restored ] + choices: [saved, restored] required: true table: description: - - When O(state=restored), restore only the named table even if the input - file contains other tables. Fail if the named table is not declared in - the file. - - When O(state=saved), restrict output to the specified table. If not - specified, output includes all active tables. + - When O(state=restored), restore only the named table even if the input file contains other tables. Fail if the named + table is not declared in the file. + - When O(state=saved), restrict output to the specified table. If not specified, output includes all active tables. type: str - choices: [ filter, nat, mangle, raw, security ] + choices: [filter, nat, mangle, raw, security] wait: description: - - Wait N seconds for the xtables lock to prevent instant failure in case - multiple instances of the program are running concurrently. + - Wait N seconds for the xtables lock to prevent instant failure in case multiple instances of the program are running + concurrently. type: int requirements: [iptables, ip6tables] -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" # This will apply to all loaded/active IPv4 tables. - name: Save current state of the firewall in system file community.general.iptables_state: @@ -151,9 +134,9 @@ EXAMPLES = r''' - name: show current state of the firewall ansible.builtin.debug: var: iptables_state.initial_state -''' +""" -RETURN = r''' +RETURN = r""" applied: description: Whether or not the wanted state has been successfully restored. type: bool @@ -207,7 +190,9 @@ saved: "# Completed" ] tables: - description: The iptables we have interest for when module starts. + description: + - The iptables on the system before the module has run, separated by table. + - If the option O(table) is used, only this table is included. type: dict contains: table: @@ -233,7 +218,7 @@ tables: ] } returned: always -''' +""" import re @@ -346,20 +331,27 @@ def filter_and_format_state(string): return lines -def per_table_state(command, state): +def parse_per_table_state(all_states_dump): ''' Convert raw iptables-save output into usable datastructure, for reliable comparisons between initial and final states. ''' + lines = filter_and_format_state(all_states_dump) tables = dict() - for t in TABLES: - COMMAND = list(command) - if '*%s' % t in state.splitlines(): - COMMAND.extend(['--table', t]) - dummy, out, dummy = module.run_command(COMMAND, check_rc=True) - out = re.sub(r'(^|\n)(# Generated|# Completed|[*]%s|COMMIT)[^\n]*' % t, r'', out) - out = re.sub(r' *\[[0-9]+:[0-9]+\] *', r'', out) - tables[t] = [tt for tt in out.splitlines() if tt != ''] + current_table = '' + current_list = list() + for line in lines: + if re.match(r'^[*](filter|mangle|nat|raw|security)$', line): + current_table = line[1:] + continue + if line == 'COMMIT': + tables[current_table] = current_list + current_table = '' + current_list = list() + continue + if line.startswith('# '): + continue + current_list.append(line) return tables @@ -450,6 +442,7 @@ def main(): if not os.access(b_path, os.R_OK): module.fail_json(msg="Source %s not readable" % path) state_to_restore = read_state(b_path) + cmd = None else: cmd = ' '.join(SAVECOMMAND) @@ -486,7 +479,7 @@ def main(): # Depending on the value of 'table', initref_state may differ from # initial_state. (rc, stdout, stderr) = module.run_command(SAVECOMMAND, check_rc=True) - tables_before = per_table_state(SAVECOMMAND, stdout) + tables_before = parse_per_table_state(stdout) initref_state = filter_and_format_state(stdout) if state == 'saved': @@ -583,14 +576,17 @@ def main(): (rc, stdout, stderr) = module.run_command(SAVECOMMAND, check_rc=True) restored_state = filter_and_format_state(stdout) - + tables_after = parse_per_table_state('\n'.join(restored_state)) if restored_state not in (initref_state, initial_state): - if module.check_mode: - changed = True - else: - tables_after = per_table_state(SAVECOMMAND, stdout) - if tables_after != tables_before: + for table_name, table_content in tables_after.items(): + if table_name not in tables_before: + # Would initialize a table, which doesn't exist yet changed = True + break + if tables_before[table_name] != table_content: + # Content of some table changes + changed = True + break if _back is None or module.check_mode: module.exit_json( @@ -633,7 +629,7 @@ def main(): os.remove(b_back) (rc, stdout, stderr) = module.run_command(SAVECOMMAND, check_rc=True) - tables_rollback = per_table_state(SAVECOMMAND, stdout) + tables_rollback = parse_per_table_state(stdout) msg = ( "Failed to confirm state restored from %s after %ss. " diff --git a/plugins/modules/ipwcli_dns.py b/plugins/modules/ipwcli_dns.py index 3ffad79fb6..118f59e8d9 100644 --- a/plugins/modules/ipwcli_dns.py +++ b/plugins/modules/ipwcli_dns.py @@ -8,127 +8,124 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ipwcli_dns -short_description: Manage DNS Records for Ericsson IPWorks via ipwcli +short_description: Manage DNS Records for Ericsson IPWorks using C(ipwcli) version_added: '0.2.0' description: - - "Manage DNS records for the Ericsson IPWorks DNS server. The module will use the ipwcli to deploy the DNS records." - + - Manage DNS records for the Ericsson IPWorks DNS server. The module will use the C(ipwcli) to deploy the DNS records. requirements: - - ipwcli (installed on Ericsson IPWorks) + - ipwcli (installed on Ericsson IPWorks) notes: - - To make the DNS record changes effective, you need to run C(update dnsserver) on the ipwcli. - + - To make the DNS record changes effective, you need to run C(update dnsserver) on the ipwcli. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - dnsname: - description: - - Name of the record. - required: true - type: str - type: - description: - - Type of the record. - required: true - type: str - choices: [ NAPTR, SRV, A, AAAA ] - container: - description: - - Sets the container zone for the record. - required: true - type: str - address: - description: - - The IP address for the A or AAAA record. - - Required for O(type=A) or O(type=AAAA). - type: str - ttl: - description: - - Sets the TTL of the record. - type: int - default: 3600 - state: - description: - - Whether the record should exist or not. - type: str - choices: [ absent, present ] - default: present - priority: - description: - - Sets the priority of the SRV record. - type: int - default: 10 - weight: - description: - - Sets the weight of the SRV record. - type: int - default: 10 - port: - description: - - Sets the port of the SRV record. - - Required for O(type=SRV). - type: int - target: - description: - - Sets the target of the SRV record. - - Required for O(type=SRV). - type: str - order: - description: - - Sets the order of the NAPTR record. - - Required for O(type=NAPTR). - type: int - preference: - description: - - Sets the preference of the NAPTR record. - - Required for O(type=NAPTR). - type: int - flags: - description: - - Sets one of the possible flags of NAPTR record. - - Required for O(type=NAPTR). - type: str - choices: ['S', 'A', 'U', 'P'] - service: - description: - - Sets the service of the NAPTR record. - - Required for O(type=NAPTR). - type: str - replacement: - description: - - Sets the replacement of the NAPTR record. - - Required for O(type=NAPTR). - type: str - username: - description: - - Username to login on ipwcli. - type: str - required: true - password: - description: - - Password to login on ipwcli. - type: str - required: true + dnsname: + description: + - Name of the record. + required: true + type: str + type: + description: + - Type of the record. + required: true + type: str + choices: [NAPTR, SRV, A, AAAA] + container: + description: + - Sets the container zone for the record. + required: true + type: str + address: + description: + - The IP address for the A or AAAA record. + - Required for O(type=A) or O(type=AAAA). + type: str + ttl: + description: + - Sets the TTL of the record. + type: int + default: 3600 + state: + description: + - Whether the record should exist or not. + type: str + choices: [absent, present] + default: present + priority: + description: + - Sets the priority of the SRV record. + type: int + default: 10 + weight: + description: + - Sets the weight of the SRV record. + type: int + default: 10 + port: + description: + - Sets the port of the SRV record. + - Required for O(type=SRV). + type: int + target: + description: + - Sets the target of the SRV record. + - Required for O(type=SRV). + type: str + order: + description: + - Sets the order of the NAPTR record. + - Required for O(type=NAPTR). + type: int + preference: + description: + - Sets the preference of the NAPTR record. + - Required for O(type=NAPTR). + type: int + flags: + description: + - Sets one of the possible flags of NAPTR record. + - Required for O(type=NAPTR). + type: str + choices: ['S', 'A', 'U', 'P'] + service: + description: + - Sets the service of the NAPTR record. + - Required for O(type=NAPTR). + type: str + replacement: + description: + - Sets the replacement of the NAPTR record. + - Required for O(type=NAPTR). + type: str + username: + description: + - Username to login on ipwcli. + type: str + required: true + password: + description: + - Password to login on ipwcli. + type: str + required: true author: - - Christian Wollinger (@cwollinger) -''' + - Christian Wollinger (@cwollinger) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create A record community.general.ipwcli_dns: dnsname: example.com @@ -157,14 +154,14 @@ EXAMPLES = ''' service: 'SIP+D2T' replacement: '_sip._tcp.test.example.com.' flags: S -''' +""" -RETURN = ''' +RETURN = r""" record: - description: The created record from the input params - type: str - returned: always -''' + description: The created record from the input params. + type: str + returned: always +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/irc.py b/plugins/modules/irc.py index e40ba2d0ba..cbeb3fafa0 100644 --- a/plugins/modules/irc.py +++ b/plugins/modules/irc.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: irc short_description: Send a message to an IRC channel or a nick description: @@ -26,12 +25,12 @@ options: server: type: str description: - - IRC server name/address + - IRC server name/address. default: localhost port: type: int description: - - IRC server port number + - IRC server port number. default: 6667 nick: type: str @@ -46,84 +45,80 @@ options: topic: type: str description: - - Set the channel topic + - Set the channel topic. color: type: str description: - Text color for the message. default: "none" - choices: [ "none", "white", "black", "blue", "green", "red", "brown", "purple", "orange", "yellow", "light_green", "teal", "light_cyan", - "light_blue", "pink", "gray", "light_gray"] + choices: ["none", "white", "black", "blue", "green", "red", "brown", "purple", "orange", "yellow", "light_green", "teal", + "light_cyan", "light_blue", "pink", "gray", "light_gray"] aliases: [colour] channel: type: str description: - - Channel name. One of nick_to or channel needs to be set. When both are set, the message will be sent to both of them. + - Channel name. One of nick_to or channel needs to be set. When both are set, the message will be sent to both of them. nick_to: type: list elements: str description: - - A list of nicknames to send the message to. One of nick_to or channel needs to be set. When both are defined, the message will be sent to both of them. + - A list of nicknames to send the message to. One of nick_to or channel needs to be set. When both are defined, the + message will be sent to both of them. key: type: str description: - - Channel key + - Channel key. passwd: type: str description: - - Server password + - Server password. timeout: type: int description: - - Timeout to use while waiting for successful registration and join - messages, this is to prevent an endless loop + - Timeout to use while waiting for successful registration and join messages, this is to prevent an endless loop. default: 30 use_tls: description: - - Designates whether TLS/SSL should be used when connecting to the IRC server - - O(use_tls) is available since community.general 8.1.0, before the option - was exlusively called O(use_ssl). The latter is now an alias of O(use_tls). - - B(Note:) for security reasons, you should always set O(use_tls=true) and - O(validate_certs=true) whenever possible. - - The option currently defaults to V(false). The default has been B(deprecated) and will - change to V(true) in community.general 10.0.0. To avoid deprecation warnings, explicitly - set this option to a value (preferably V(true)). + - Designates whether TLS/SSL should be used when connecting to the IRC server. + - O(use_tls) is available since community.general 8.1.0, before the option was exlusively called O(use_ssl). The latter + is now an alias of O(use_tls). + - B(Note:) for security reasons, you should always set O(use_tls=true) and O(validate_certs=true) whenever possible. + - The default of this option changed to V(true) in community.general 10.0.0. type: bool + default: true aliases: - use_ssl part: description: - - Designates whether user should part from channel after sending message or not. - Useful for when using a faux bot and not wanting join/parts between messages. + - Designates whether user should part from channel after sending message or not. Useful for when using a mock bot and + not wanting join/parts between messages. type: bool default: true style: type: str description: - - Text style for the message. Note italic does not work on some clients - choices: [ "bold", "underline", "reverse", "italic", "none" ] + - Text style for the message. Note italic does not work on some clients. + choices: ["bold", "underline", "reverse", "italic", "none"] default: none validate_certs: description: - If set to V(false), the SSL certificates will not be validated. - - This should always be set to V(true). Using V(false) is unsafe and should only be done - if the network between between Ansible and the IRC server is known to be safe. - - B(Note:) for security reasons, you should always set O(use_tls=true) and - O(validate_certs=true) whenever possible. - - The option currently defaults to V(false). The default has been B(deprecated) and will - change to V(true) in community.general 10.0.0. To avoid deprecation warnings, explicitly - set this option to a value (preferably V(true)). + - This should always be set to V(true). Using V(false) is unsafe and should only be done if the network between between + Ansible and the IRC server is known to be safe. + - B(Note:) for security reasons, you should always set O(use_tls=true) and O(validate_certs=true) whenever possible. + - The default of this option changed to V(true) in community.general 10.0.0. type: bool + default: true version_added: 8.1.0 # informational: requirements for nodes -requirements: [ socket ] +requirements: [socket] author: - - "Jan-Piet Mens (@jpmens)" - - "Matt Martz (@sivel)" -''' + - "Jan-Piet Mens (@jpmens)" + - "Matt Martz (@sivel)" +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Send a message to an IRC channel from nick ansible community.general.irc: server: irc.example.net @@ -158,7 +153,7 @@ EXAMPLES = ''' msg: 'All finished at {{ ansible_date_time.iso8601 }}' color: red nick: ansibleIRC -''' +""" # =========================================== # IRC module support methods. @@ -313,8 +308,8 @@ def main(): passwd=dict(no_log=True), timeout=dict(type='int', default=30), part=dict(type='bool', default=True), - use_tls=dict(type='bool', aliases=['use_ssl']), - validate_certs=dict(type='bool'), + use_tls=dict(type='bool', default=True, aliases=['use_ssl']), + validate_certs=dict(type='bool', default=True), ), supports_check_mode=True, required_one_of=[['channel', 'nick_to']] @@ -338,25 +333,6 @@ def main(): style = module.params["style"] validate_certs = module.params["validate_certs"] - if use_tls is None: - module.deprecate( - 'The default of use_tls will change to true in community.general 10.0.0.' - ' Set a value now (preferably true, if possible) to avoid the deprecation warning.', - version='10.0.0', - collection_name='community.general', - ) - use_tls = False - - if validate_certs is None: - if use_tls: - module.deprecate( - 'The default of validate_certs will change to true in community.general 10.0.0.' - ' Set a value now (prefarably true, if possible) to avoid the deprecation warning.', - version='10.0.0', - collection_name='community.general', - ) - validate_certs = False - try: send_msg(msg, server, port, channel, nick_to, key, topic, nick, color, passwd, timeout, use_tls, validate_certs, part, style) except Exception as e: diff --git a/plugins/modules/iso_create.py b/plugins/modules/iso_create.py index c39c710d53..008cb271bb 100644 --- a/plugins/modules/iso_create.py +++ b/plugins/modules/iso_create.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: iso_create short_description: Generate ISO file with specified files or folders description: @@ -31,60 +30,60 @@ attributes: support: none options: - src_files: - description: - - This is a list of absolute paths of source files or folders which will be contained in the new generated ISO file. - - Will fail if specified file or folder in O(src_files) does not exist on local machine. - - 'Note: With all ISO9660 levels from 1 to 3, all file names are restricted to uppercase letters, numbers and - underscores (_). File names are limited to 31 characters, directory nesting is limited to 8 levels, and path - names are limited to 255 characters.' - type: list - required: true - elements: path - dest_iso: - description: - - The absolute path with file name of the new generated ISO file on local machine. - - Will create intermediate folders when they does not exist. - type: path - required: true - interchange_level: - description: - - The ISO9660 interchange level to use, it dictates the rules on the names of files. - - Levels and valid values V(1), V(2), V(3), V(4) are supported. - - The default value is level V(1), which is the most conservative, level V(3) is recommended. - - ISO9660 file names at interchange level V(1) cannot have more than 8 characters or 3 characters in the extension. - type: int - default: 1 - choices: [1, 2, 3, 4] - vol_ident: - description: - - The volume identification string to use on the new generated ISO image. - type: str - rock_ridge: - description: - - Whether to make this ISO have the Rock Ridge extensions or not. - - Valid values are V(1.09), V(1.10) or V(1.12), means adding the specified Rock Ridge version to the ISO. - - If unsure, set V(1.09) to ensure maximum compatibility. - - If not specified, then not add Rock Ridge extension to the ISO. - type: str - choices: ['1.09', '1.10', '1.12'] - joliet: - description: - - Support levels and valid values are V(1), V(2), or V(3). - - Level V(3) is by far the most common. - - If not specified, then no Joliet support is added. - type: int - choices: [1, 2, 3] - udf: - description: - - Whether to add UDF support to this ISO. - - If set to V(true), then version 2.60 of the UDF spec is used. - - If not specified or set to V(false), then no UDF support is added. - type: bool - default: false -''' + src_files: + description: + - This is a list of absolute paths of source files or folders which will be contained in the new generated ISO file. + - Will fail if specified file or folder in O(src_files) does not exist on local machine. + - 'Note: With all ISO9660 levels from 1 to 3, all file names are restricted to uppercase letters, numbers and underscores + (_). File names are limited to 31 characters, directory nesting is limited to 8 levels, and path names are limited + to 255 characters.' + type: list + required: true + elements: path + dest_iso: + description: + - The absolute path with file name of the new generated ISO file on local machine. + - Will create intermediate folders when they does not exist. + type: path + required: true + interchange_level: + description: + - The ISO9660 interchange level to use, it dictates the rules on the names of files. + - Levels and valid values V(1), V(2), V(3), V(4) are supported. + - The default value is level V(1), which is the most conservative, level V(3) is recommended. + - ISO9660 file names at interchange level V(1) cannot have more than 8 characters or 3 characters in the extension. + type: int + default: 1 + choices: [1, 2, 3, 4] + vol_ident: + description: + - The volume identification string to use on the new generated ISO image. + type: str + rock_ridge: + description: + - Whether to make this ISO have the Rock Ridge extensions or not. + - Valid values are V(1.09), V(1.10) or V(1.12), means adding the specified Rock Ridge version to the ISO. + - If unsure, set V(1.09) to ensure maximum compatibility. + - If not specified, then not add Rock Ridge extension to the ISO. + type: str + choices: ['1.09', '1.10', '1.12'] + joliet: + description: + - Support levels and valid values are V(1), V(2), or V(3). + - Level V(3) is by far the most common. + - If not specified, then no Joliet support is added. + type: int + choices: [1, 2, 3] + udf: + description: + - Whether to add UDF support to this ISO. + - If set to V(true), then version 2.60 of the UDF spec is used. + - If not specified or set to V(false), then no UDF support is added. + type: bool + default: false +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create an ISO file community.general.iso_create: src_files: @@ -109,46 +108,46 @@ EXAMPLES = r''' interchange_level: 3 joliet: 3 vol_ident: WIN_AUTOINSTALL -''' +""" -RETURN = r''' +RETURN = r""" source_file: - description: Configured source files or directories list. - returned: on success - type: list - elements: path - sample: ["/path/to/file.txt", "/path/to/folder"] + description: Configured source files or directories list. + returned: on success + type: list + elements: path + sample: ["/path/to/file.txt", "/path/to/folder"] created_iso: - description: Created iso file path. - returned: on success - type: str - sample: "/path/to/test.iso" + description: Created iso file path. + returned: on success + type: str + sample: "/path/to/test.iso" interchange_level: - description: Configured interchange level. - returned: on success - type: int - sample: 3 + description: Configured interchange level. + returned: on success + type: int + sample: 3 vol_ident: - description: Configured volume identification string. - returned: on success - type: str - sample: "OEMDRV" + description: Configured volume identification string. + returned: on success + type: str + sample: "OEMDRV" joliet: - description: Configured Joliet support level. - returned: on success - type: int - sample: 3 + description: Configured Joliet support level. + returned: on success + type: int + sample: 3 rock_ridge: - description: Configured Rock Ridge version. - returned: on success - type: str - sample: "1.09" + description: Configured Rock Ridge version. + returned: on success + type: str + sample: "1.09" udf: - description: Configured UDF support. - returned: on success - type: bool - sample: false -''' + description: Configured UDF support. + returned: on success + type: bool + sample: false +""" import os import traceback diff --git a/plugins/modules/iso_customize.py b/plugins/modules/iso_customize.py index 543faaa5ef..feac8417b8 100644 --- a/plugins/modules/iso_customize.py +++ b/plugins/modules/iso_customize.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: iso_customize short_description: Add/remove/change files in ISO file description: @@ -34,25 +33,25 @@ attributes: options: src_iso: description: - - This is the path of source ISO file. + - This is the path of source ISO file. type: path required: true dest_iso: description: - - The path of the customized ISO file. + - The path of the customized ISO file. type: path required: true delete_files: description: - - Absolute paths for files inside the ISO file that should be removed. + - Absolute paths for files inside the ISO file that should be removed. type: list required: false elements: str default: [] add_files: description: - - Allows to add and replace files in the ISO file. - - Will create intermediate folders inside the ISO file when they do not exist. + - Allows to add and replace files in the ISO file. + - Will create intermediate folders inside the ISO file when they do not exist. type: list required: false elements: dict @@ -60,23 +59,22 @@ options: suboptions: src_file: description: - - The path with file name on the machine the module is executed on. + - The path with file name on the machine the module is executed on. type: path required: true dest_file: description: - - The absolute path of the file inside the ISO file. + - The absolute path of the file inside the ISO file. type: str required: true notes: -- The C(pycdlib) library states it supports Python 2.7 and 3.4+. -- > - The function C(add_file) in pycdlib will overwrite the existing file in ISO with type ISO9660 / Rock Ridge 1.12 / Joliet / UDF. - But it will not overwrite the existing file in ISO with Rock Ridge 1.09 / 1.10. - So we take workaround "delete the existing file and then add file for ISO with Rock Ridge". -''' + - The C(pycdlib) library states it supports Python 2.7 and 3.4+. + - The function C(add_file) in pycdlib will overwrite the existing file in ISO with type ISO9660 / Rock Ridge 1.12 / Joliet + / UDF. But it will not overwrite the existing file in ISO with Rock Ridge 1.09 / 1.10. So we take workaround "delete the + existing file and then add file for ISO with Rock Ridge". +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: "Customize ISO file" community.general.iso_customize: src_iso: "/path/to/ubuntu-22.04-desktop-amd64.iso" @@ -89,9 +87,9 @@ EXAMPLES = r''' - src_file: "/path/to/ubuntu.seed" dest_file: "/preseed/ubuntu.seed" register: customize_iso_result -''' +""" -RETURN = r''' +RETURN = r""" src_iso: description: Path of source ISO file. returned: on success @@ -102,7 +100,7 @@ dest_iso: returned: on success type: str sample: "/path/to/customized.iso" -''' +""" import os diff --git a/plugins/modules/iso_extract.py b/plugins/modules/iso_extract.py index 087ef2843f..8cda967b64 100644 --- a/plugins/modules/iso_extract.py +++ b/plugins/modules/iso_extract.py @@ -11,8 +11,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: - Jeroen Hoekx (@jhoekx) - Matt Robinson (@ribbons) @@ -21,12 +20,10 @@ module: iso_extract short_description: Extract files from an ISO image description: - This module has two possible ways of operation. - - If 7zip is installed on the system, this module extracts files from an ISO - into a temporary directory and copies files to a given destination, - if needed. - - If the user has mount-capabilities (CAP_SYS_ADMIN on Linux) this module - mounts the ISO image to a temporary location, and copies files to a given - destination, if needed. + - If 7zip is installed on the system, this module extracts files from an ISO into a temporary directory and copies files + to a given destination, if needed. + - If the user has mount-capabilities (CAP_SYS_ADMIN on Linux) this module mounts the ISO image to a temporary location, + and copies files to a given destination, if needed. requirements: - Either 7z (from C(7zip) or C(p7zip) package) - Or mount capabilities (root-access, or CAP_SYS_ADMIN capability on Linux) @@ -40,51 +37,59 @@ attributes: options: image: description: - - The ISO image to extract files from. + - The ISO image to extract files from. type: path required: true - aliases: [ path, src ] + aliases: [path, src] dest: description: - - The destination directory to extract files to. + - The destination directory to extract files to. type: path required: true files: description: - - A list of files to extract from the image. - - Extracting directories does not work. + - A list of files to extract from the image. + - Extracting directories does not work. type: list elements: str required: true force: description: - - If V(true), which will replace the remote file when contents are different than the source. - - If V(false), the file will only be extracted and copied if the destination does not already exist. + - If V(true), which will replace the remote file when contents are different than the source. + - If V(false), the file will only be extracted and copied if the destination does not already exist. type: bool default: true executable: description: - - The path to the C(7z) executable to use for extracting files from the ISO. - - If not provided, it will assume the value V(7z). + - The path to the C(7z) executable to use for extracting files from the ISO. + - If not provided, it will assume the value V(7z). type: path + password: + description: + - Password used to decrypt files from the ISO. + - Will only be used if 7z is used. + - The password is used as a command line argument to 7z. This is a B(potential security risk) that allows passwords + to be revealed if someone else can list running processes on the same machine in the right moment. + type: str + version_added: 10.1.0 notes: -- Only the file checksum (content) is taken into account when extracting files - from the ISO image. If O(force=false), only checks the presence of the file. -''' + - Only the file checksum (content) is taken into account when extracting files from the ISO image. If O(force=false), only + checks the presence of the file. +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Extract kernel and ramdisk from a LiveCD community.general.iso_extract: image: /tmp/rear-test.iso dest: /tmp/virt-rear/ files: - - isolinux/kernel - - isolinux/initrd.cgz -''' + - isolinux/kernel + - isolinux/initrd.cgz +""" -RETURN = r''' +RETURN = r""" # -''' +""" import os.path import shutil @@ -100,6 +105,7 @@ def main(): dest=dict(type='path', required=True), files=dict(type='list', elements='str', required=True), force=dict(type='bool', default=True), + password=dict(type='str', no_log=True), executable=dict(type='path'), # No default on purpose ), supports_check_mode=True, @@ -108,6 +114,7 @@ def main(): dest = module.params['dest'] files = module.params['files'] force = module.params['force'] + password = module.params['password'] executable = module.params['executable'] result = dict( @@ -154,7 +161,10 @@ def main(): # Use 7zip when we have a binary, otherwise try to mount if binary: - cmd = [binary, 'x', image, '-o%s' % tmp_dir] + extract_files + cmd = [binary, 'x', image, '-o%s' % tmp_dir] + if password: + cmd += ["-p%s" % password] + cmd += extract_files else: cmd = [module.get_bin_path('mount'), '-o', 'loop,ro', image, tmp_dir] diff --git a/plugins/modules/jabber.py b/plugins/modules/jabber.py index 650b29957d..01a34ff9f5 100644 --- a/plugins/modules/jabber.py +++ b/plugins/modules/jabber.py @@ -9,12 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: jabber short_description: Send a message to jabber user or chat room description: - - Send a message to jabber + - Send a message to jabber. extends_documentation_fragment: - community.general.attributes attributes: @@ -26,17 +25,17 @@ options: user: type: str description: - - User as which to connect + - User as which to connect. required: true password: type: str description: - - password for user to connect + - Password for user to connect. required: true to: type: str description: - - user ID or name of the room, when using room use a slash to indicate your nick. + - User ID or name of the room, when using room use a slash to indicate your nick. required: true msg: type: str @@ -46,24 +45,22 @@ options: host: type: str description: - - host to connect, overrides user info + - Host to connect, overrides user info. port: type: int description: - - port to connect to, overrides default + - Port to connect to, overrides default. default: 5222 encoding: type: str description: - - message encoding - -# informational: requirements for nodes + - Message encoding. requirements: - - python xmpp (xmpppy) + - python xmpp (xmpppy) author: "Brian Coca (@bcoca)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Send a message to a user community.general.jabber: user: mybot@example.net @@ -86,7 +83,7 @@ EXAMPLES = ''' password: secret to: mychaps@example.net msg: Ansible task finished -''' +""" import time import traceback diff --git a/plugins/modules/java_cert.py b/plugins/modules/java_cert.py index 3f3e5aa014..8746c2d617 100644 --- a/plugins/modules/java_cert.py +++ b/plugins/modules/java_cert.py @@ -8,16 +8,16 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: java_cert short_description: Uses keytool to import/remove certificate to/from java keystore (cacerts) description: - - This is a wrapper module around keytool, which can be used to import certificates - and optionally private keys to a given java keystore, or remove them from it. + - This is a wrapper module around keytool, which can be used to import certificates and optionally private keys to a given + java keystore, or remove them from it. extends_documentation_fragment: - community.general.attributes + - ansible.builtin.files attributes: check_mode: support: full @@ -27,7 +27,7 @@ options: cert_url: description: - Basic URL to fetch SSL certificate from. - - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate. + - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate. type: str cert_port: description: @@ -38,8 +38,14 @@ options: cert_path: description: - Local path to load certificate from. - - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate. + - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate. type: path + cert_content: + description: + - Content of the certificate used to create the keystore. + - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate. + type: str + version_added: 8.6.0 cert_alias: description: - Imported certificate alias. @@ -54,10 +60,9 @@ options: pkcs12_path: description: - Local path to load PKCS12 keystore from. - - Unlike O(cert_url) and O(cert_path), the PKCS12 keystore embeds the private key matching - the certificate, and is used to import both the certificate and its private key into the - java keystore. - - Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate. + - Unlike O(cert_url), O(cert_path) and O(cert_content), the PKCS12 keystore embeds the private key matching the certificate, + and is used to import both the certificate and its private key into the java keystore. + - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate. type: path pkcs12_password: description: @@ -93,17 +98,35 @@ options: state: description: - Defines action which can be either certificate import or removal. - - When state is present, the certificate will always idempotently be inserted - into the keystore, even if there already exists a cert alias that is different. + - When state is present, the certificate will always idempotently be inserted into the keystore, even if there already + exists a cert alias that is different. type: str - choices: [ absent, present ] + choices: [absent, present] default: present + mode: + version_added: 8.5.0 + owner: + version_added: 8.5.0 + group: + version_added: 8.5.0 + seuser: + version_added: 8.5.0 + serole: + version_added: 8.5.0 + setype: + version_added: 8.5.0 + selevel: + version_added: 8.5.0 + unsafe_writes: + version_added: 8.5.0 + attributes: + version_added: 8.5.0 requirements: [openssl, keytool] author: -- Adam Hamsik (@haad) -''' + - Adam Hamsik (@haad) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Import SSL certificate from google.com to a given cacerts keystore community.general.java_cert: cert_url: google.com @@ -130,6 +153,19 @@ EXAMPLES = r''' cert_alias: LE_RootCA trust_cacert: true +- name: Import trusted CA from the SSL certificate stored in the cert_content variable + community.general.java_cert: + cert_content: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + keystore_path: /tmp/cacerts + keystore_pass: changeit + keystore_create: true + state: present + cert_alias: LE_RootCA + trust_cacert: true + - name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist community.general.java_cert: cert_url: google.com @@ -158,9 +194,9 @@ EXAMPLES = r''' keystore_pass: changeit keystore_create: true state: present -''' +""" -RETURN = r''' +RETURN = r""" msg: description: Output from stdout of keytool command after execution of given command. returned: success @@ -178,7 +214,7 @@ cmd: returned: success type: str sample: "keytool -importcert -noprompt -keystore" -''' +""" import os import tempfile @@ -242,7 +278,7 @@ def _get_first_certificate_from_x509_file(module, pem_certificate_file, pem_cert (extract_rc, dummy, extract_stderr) = module.run_command(extract_cmd, check_rc=False) if extract_rc != 0: - # this time it's a real failure + # this time it is a real failure module.fail_json(msg="Internal module failure, cannot extract certificate, error: %s" % extract_stderr, rc=extract_rc, cmd=extract_cmd) @@ -331,6 +367,12 @@ def build_proxy_options(): return proxy_opts +def _update_permissions(module, keystore_path): + """ Updates keystore file attributes as necessary """ + file_args = module.load_file_common_arguments(module.params, path=keystore_path) + return module.set_fs_attributes_if_different(file_args, False) + + def _download_cert_url(module, executable, url, port): """ Fetches the certificate from the remote URL using `keytool -printcert...` The PEM formatted string is returned """ @@ -375,15 +417,15 @@ def import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alia # Use local certificate from local path and import it to a java keystore (import_rc, import_out, import_err) = module.run_command(import_cmd, data=secret_data, check_rc=False) - diff = {'before': '\n', 'after': '%s\n' % keystore_alias} - if import_rc == 0 and os.path.exists(keystore_path): - module.exit_json(changed=True, msg=import_out, - rc=import_rc, cmd=import_cmd, stdout=import_out, - error=import_err, diff=diff) - else: + + if import_rc != 0 or not os.path.exists(keystore_path): module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err) + return dict(changed=True, msg=import_out, + rc=import_rc, cmd=import_cmd, stdout=import_out, + error=import_err, diff=diff) + def import_cert_path(module, executable, path, keystore_path, keystore_pass, alias, keystore_type, trust_cacert): ''' Import certificate from path into keystore located on @@ -408,17 +450,17 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali (import_rc, import_out, import_err) = module.run_command(import_cmd, data="%s\n%s" % (keystore_pass, keystore_pass), check_rc=False) - diff = {'before': '\n', 'after': '%s\n' % alias} - if import_rc == 0: - module.exit_json(changed=True, msg=import_out, - rc=import_rc, cmd=import_cmd, stdout=import_out, - error=import_err, diff=diff) - else: - module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd) + + if import_rc != 0: + module.fail_json(msg=import_out, rc=import_rc, cmd=import_cmd, error=import_err) + + return dict(changed=True, msg=import_out, + rc=import_rc, cmd=import_cmd, stdout=import_out, + error=import_err, diff=diff) -def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type, exit_after=True): +def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystore_type): ''' Delete certificate identified with alias from keystore on keystore_path ''' del_cmd = [ executable, @@ -434,13 +476,13 @@ def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystor # Delete SSL certificate from keystore (del_rc, del_out, del_err) = module.run_command(del_cmd, data=keystore_pass, check_rc=True) + diff = {'before': '%s\n' % alias, 'after': None} - if exit_after: - diff = {'before': '%s\n' % alias, 'after': None} + if del_rc != 0: + module.fail_json(msg=del_out, rc=del_rc, cmd=del_cmd, error=del_err) - module.exit_json(changed=True, msg=del_out, - rc=del_rc, cmd=del_cmd, stdout=del_out, - error=del_err, diff=diff) + return dict(changed=True, msg=del_out, rc=del_rc, cmd=del_cmd, + stdout=del_out, error=del_err, diff=diff) def test_keytool(module, executable): @@ -462,6 +504,7 @@ def main(): argument_spec = dict( cert_url=dict(type='str'), cert_path=dict(type='path'), + cert_content=dict(type='str'), pkcs12_path=dict(type='path'), pkcs12_password=dict(type='str', no_log=True), pkcs12_alias=dict(type='str'), @@ -478,17 +521,19 @@ def main(): module = AnsibleModule( argument_spec=argument_spec, - required_if=[['state', 'present', ('cert_path', 'cert_url', 'pkcs12_path'), True], + required_if=[['state', 'present', ('cert_path', 'cert_url', 'cert_content', 'pkcs12_path'), True], ['state', 'absent', ('cert_url', 'cert_alias'), True]], required_together=[['keystore_path', 'keystore_pass']], mutually_exclusive=[ - ['cert_url', 'cert_path', 'pkcs12_path'] + ['cert_url', 'cert_path', 'cert_content', 'pkcs12_path'] ], supports_check_mode=True, + add_file_common_args=True, ) url = module.params.get('cert_url') path = module.params.get('cert_path') + content = module.params.get('cert_content') port = module.params.get('cert_port') pkcs12_path = module.params.get('pkcs12_path') @@ -526,12 +571,14 @@ def main(): module.add_cleanup_file(new_certificate) module.add_cleanup_file(old_certificate) + result = dict() + if state == 'absent' and alias_exists: if module.check_mode: module.exit_json(changed=True) - # delete and exit - delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) + # delete + result = delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) # dump certificate to enroll in the keystore on disk and compute digest if state == 'present': @@ -554,6 +601,10 @@ def main(): # certificate to stdout so we don't need to do any transformations. new_certificate = path + elif content: + with open(new_certificate, "w") as f: + f.write(content) + elif url: # Getting the X509 digest from a URL is the same as from a path, we just have # to download the cert first @@ -569,16 +620,20 @@ def main(): if alias_exists: # The certificate in the keystore does not match with the one we want to be present # The existing certificate must first be deleted before we insert the correct one - delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type, exit_after=False) + delete_cert(module, executable, keystore_path, keystore_pass, cert_alias, keystore_type) if pkcs12_path: - import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alias, - keystore_path, keystore_pass, cert_alias, keystore_type) + result = import_pkcs12_path(module, executable, pkcs12_path, pkcs12_pass, pkcs12_alias, + keystore_path, keystore_pass, cert_alias, keystore_type) else: - import_cert_path(module, executable, new_certificate, keystore_path, - keystore_pass, cert_alias, keystore_type, trust_cacert) + result = import_cert_path(module, executable, new_certificate, keystore_path, + keystore_pass, cert_alias, keystore_type, trust_cacert) - module.exit_json(changed=False) + if os.path.exists(keystore_path): + changed_permissions = _update_permissions(module, keystore_path) + result['changed'] = result.get('changed', False) or changed_permissions + + module.exit_json(**result) if __name__ == "__main__": diff --git a/plugins/modules/java_keystore.py b/plugins/modules/java_keystore.py index 2aeab75c06..df7e71abbe 100644 --- a/plugins/modules/java_keystore.py +++ b/plugins/modules/java_keystore.py @@ -10,8 +10,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: java_keystore short_description: Create a Java keystore in JKS format description: @@ -25,25 +24,22 @@ options: name: description: - Name of the certificate in the keystore. - - If the provided name does not exist in the keystore, the module - will re-create the keystore. This behavior changed in community.general 3.0.0, - before that the module would fail when the name did not match. + - If the provided name does not exist in the keystore, the module will re-create the keystore. This behavior changed + in community.general 3.0.0, before that the module would fail when the name did not match. type: str required: true certificate: description: - Content of the certificate used to create the keystore. - - If the fingerprint of the provided certificate does not match the - fingerprint of the certificate bundled in the keystore, the keystore - is regenerated with the provided certificate. + - If the fingerprint of the provided certificate does not match the fingerprint of the certificate bundled in the keystore, + the keystore is regenerated with the provided certificate. - Exactly one of O(certificate) or O(certificate_path) is required. type: str certificate_path: description: - Location of the certificate used to create the keystore. - - If the fingerprint of the provided certificate does not match the - fingerprint of the certificate bundled in the keystore, the keystore - is regenerated with the provided certificate. + - If the fingerprint of the provided certificate does not match the fingerprint of the certificate bundled in the keystore, + the keystore is regenerated with the provided certificate. - Exactly one of O(certificate) or O(certificate_path) is required. type: path version_added: '3.0.0' @@ -66,10 +62,8 @@ options: password: description: - Password that should be used to secure the keystore. - - If the provided password fails to unlock the keystore, the module - will re-create the keystore with the new passphrase. This behavior - changed in community.general 3.0.0, before that the module would fail - when the password did not match. + - If the provided password fails to unlock the keystore, the module will re-create the keystore with the new passphrase. + This behavior changed in community.general 3.0.0, before that the module would fail when the password did not match. type: str required: true dest: @@ -106,16 +100,13 @@ options: keystore_type: description: - Type of the Java keystore. - - When this option is omitted and the keystore doesn't already exist, the - behavior follows C(keytool)'s default store type which depends on - Java version; V(pkcs12) since Java 9 and V(jks) prior (may also - be V(pkcs12) if new default has been backported to this version). - - When this option is omitted and the keystore already exists, the current - type is left untouched, unless another option leads to overwrite the - keystore (in that case, this option behaves like for keystore creation). - - When O(keystore_type) is set, the keystore is created with this type if - it does not already exist, or is overwritten to match the given type in - case of mismatch. + - When this option is omitted and the keystore does not already exist, the behavior follows C(keytool)'s default store + type which depends on Java version; V(pkcs12) since Java 9 and V(jks) prior (may also be V(pkcs12) if new default + has been backported to this version). + - When this option is omitted and the keystore already exists, the current type is left untouched, unless another option + leads to overwrite the keystore (in that case, this option behaves like for keystore creation). + - When O(keystore_type) is set, the keystore is created with this type if it does not already exist, or is overwritten + to match the given type in case of mismatch. type: str choices: - jks @@ -135,28 +126,24 @@ seealso: - module: community.crypto.openssl_pkcs12 - module: community.general.java_cert notes: - - O(certificate) and O(private_key) require that their contents are available - on the controller (either inline in a playbook, or with the P(ansible.builtin.file#lookup) lookup), - while O(certificate_path) and O(private_key_path) require that the files are - available on the target host. - - By design, any change of a value of options O(keystore_type), O(name) or - O(password), as well as changes of key or certificate materials will cause - the existing O(dest) to be overwritten. -''' + - O(certificate) and O(private_key) require that their contents are available on the controller (either inline in a playbook, + or with the P(ansible.builtin.file#lookup) lookup), while O(certificate_path) and O(private_key_path) require that the + files are available on the target host. + - By design, any change of a value of options O(keystore_type), O(name) or O(password), as well as changes of key or certificate + materials will cause the existing O(dest) to be overwritten. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a keystore for the given certificate/private key pair (inline) community.general.java_keystore: name: example certificate: | -----BEGIN CERTIFICATE----- - h19dUZ2co2fI/ibYiwxWk4aeNE6KWvCaTQOMQ8t6Uo2XKhpL/xnjoAgh1uCQN/69 - MG+34+RhUWzCfdZH7T8/qDxJw2kEPKluaYh7KnMsba+5jHjmtzix5QIDAQABo4IB + h19dUZ2co2f... -----END CERTIFICATE----- private_key: | -----BEGIN RSA PRIVATE KEY----- - DBVFTEVDVFJJQ0lURSBERSBGUkFOQ0UxFzAVBgNVBAsMDjAwMDIgNTUyMDgxMzE3 - GLlDNMw/uHyME7gHFsqJA7O11VY6O5WQ4IDP3m/s5ZV6s+Nn6Lerz17VZ99 + DBVFTEVDVFJ... -----END RSA PRIVATE KEY----- password: changeit dest: /etc/security/keystore.jks @@ -176,9 +163,9 @@ EXAMPLES = ''' private_key_path: /etc/ssl/private/ssl-cert-snakeoil.key password: changeit dest: /etc/security/keystore.jks -''' +""" -RETURN = ''' +RETURN = r""" msg: description: Output from stdout of keytool/openssl command after execution of given command or an error. returned: changed and failure @@ -192,17 +179,17 @@ err: sample: "Keystore password is too short - must be at least 6 characters\n" rc: - description: keytool/openssl command execution return value + description: Keytool/openssl command execution return value. returned: changed and failure type: int sample: "0" cmd: - description: Executed command to get action done + description: Executed command to get action done. returned: changed and failure type: str sample: "/usr/bin/openssl x509 -noout -in /tmp/user/1000/tmp8jd_lh23 -fingerprint -sha256" -''' +""" import os @@ -472,7 +459,7 @@ class JavaKeystore: if self.keystore_type == 'pkcs12': # Preserve properties of the destination file, if any. - self.module.atomic_move(keystore_p12_path, self.keystore_path) + self.module.atomic_move(os.path.abspath(keystore_p12_path), os.path.abspath(self.keystore_path)) self.update_permissions() self.result['changed'] = True return self.result diff --git a/plugins/modules/jboss.py b/plugins/modules/jboss.py index 3d07a38d63..2d4f4b9bad 100644 --- a/plugins/modules/jboss.py +++ b/plugins/modules/jboss.py @@ -9,7 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' +DOCUMENTATION = r""" module: jboss short_description: Deploy applications to JBoss description: @@ -39,23 +39,23 @@ options: - The location in the filesystem where the deployment scanner listens. type: path state: - choices: [ present, absent ] + choices: [present, absent] default: "present" description: - Whether the application should be deployed or undeployed. type: str notes: - - The JBoss standalone deployment-scanner has to be enabled in standalone.xml - - The module can wait until O(deployment) file is deployed/undeployed by deployment-scanner. - Duration of waiting time depends on scan-interval parameter from standalone.xml. - - Ensure no identically named application is deployed through the JBoss CLI + - The JBoss standalone deployment-scanner has to be enabled in C(standalone.xml). + - The module can wait until O(deployment) file is deployed/undeployed by deployment-scanner. Duration of waiting time depends + on scan-interval parameter from C(standalone.xml). + - Ensure no identically named application is deployed through the JBoss CLI. seealso: -- name: WildFly reference - description: Complete reference of the WildFly documentation. - link: https://docs.wildfly.org + - name: WildFly reference + description: Complete reference of the WildFly documentation. + link: https://docs.wildfly.org author: - Jeroen Hoekx (@jhoekx) -''' +""" EXAMPLES = r""" - name: Deploy a hello world application to the default deploy_path diff --git a/plugins/modules/jenkins_build.py b/plugins/modules/jenkins_build.py index 6d830849e7..cec8fcc490 100644 --- a/plugins/modules/jenkins_build.py +++ b/plugins/modules/jenkins_build.py @@ -8,13 +8,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: jenkins_build short_description: Manage jenkins builds version_added: 2.2.0 description: - - Manage Jenkins builds with Jenkins REST API. + - Manage Jenkins builds with Jenkins REST API. requirements: - "python-jenkins >= 0.4.12" author: @@ -64,7 +63,7 @@ options: type: str user: description: - - User to authenticate with the Jenkins server. + - User to authenticate with the Jenkins server. type: str detach: description: @@ -79,9 +78,9 @@ options: default: 10 type: int version_added: 7.4.0 -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a jenkins build using basic authentication community.general.jenkins_build: name: "test-check" @@ -108,10 +107,9 @@ EXAMPLES = ''' user: Jenkins token: abcdefghijklmnopqrstuvwxyz123456 url: http://localhost:8080 -''' +""" -RETURN = ''' ---- +RETURN = r""" name: description: Name of the jenkins job. returned: success @@ -128,7 +126,7 @@ user: type: str sample: admin url: - description: Url to connect to the Jenkins server. + description: URL to connect to the Jenkins server. returned: success type: str sample: https://jenkins.mydomain.com @@ -136,7 +134,7 @@ build_info: description: Build info of the jenkins job. returned: success type: dict -''' +""" import traceback from time import sleep diff --git a/plugins/modules/jenkins_build_info.py b/plugins/modules/jenkins_build_info.py index eae6eb9374..f252eb504a 100644 --- a/plugins/modules/jenkins_build_info.py +++ b/plugins/modules/jenkins_build_info.py @@ -8,13 +8,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: jenkins_build_info short_description: Get information about Jenkins builds version_added: 7.4.0 description: - - Get information about Jenkins builds with Jenkins REST API. + - Get information about Jenkins builds with Jenkins REST API. requirements: - "python-jenkins >= 0.4.12" author: @@ -48,11 +47,11 @@ options: type: str user: description: - - User to authenticate with the Jenkins server. + - User to authenticate with the Jenkins server. type: str -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Get information about a jenkins build using basic authentication community.general.jenkins_build_info: name: "test-check" @@ -74,10 +73,9 @@ EXAMPLES = ''' user: Jenkins token: abcdefghijklmnopqrstuvwxyz123456 url: http://localhost:8080 -''' +""" -RETURN = ''' ---- +RETURN = r""" name: description: Name of the jenkins job. returned: success @@ -102,7 +100,7 @@ build_info: description: Build info of the jenkins job. returned: success type: dict -''' +""" import traceback diff --git a/plugins/modules/jenkins_job.py b/plugins/modules/jenkins_job.py index e8301041f2..93d922ed22 100644 --- a/plugins/modules/jenkins_job.py +++ b/plugins/modules/jenkins_job.py @@ -8,12 +8,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: jenkins_job short_description: Manage jenkins jobs description: - - Manage Jenkins jobs by using Jenkins REST API. + - Manage Jenkins jobs by using Jenkins REST API. requirements: - "python-jenkins >= 0.4.12" author: "Sergio Millan Rodriguez (@sermilrod)" @@ -28,7 +27,7 @@ options: config: type: str description: - - config in XML format. + - Config in XML format. - Required if job does not yet exist. - Mutually exclusive with O(enabled). - Considered if O(state=present). @@ -71,20 +70,19 @@ options: user: type: str description: - - User to authenticate with the Jenkins server. + - User to authenticate with the Jenkins server. required: false validate_certs: type: bool default: true description: - - If set to V(false), the SSL certificates will not be validated. - This should only set to V(false) used on personally controlled sites - using self-signed certificates as it avoids verifying the source site. + - If set to V(false), the SSL certificates will not be validated. This should only set to V(false) used on personally + controlled sites using self-signed certificates as it avoids verifying the source site. - The C(python-jenkins) library only handles this by using the environment variable E(PYTHONHTTPSVERIFY). version_added: 2.3.0 -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a jenkins job using basic authentication community.general.jenkins_job: config: "{{ lookup('file', 'templates/test.xml') }}" @@ -132,10 +130,9 @@ EXAMPLES = ''' enabled: false url: http://localhost:8080 user: admin -''' +""" -RETURN = ''' ---- +RETURN = r""" name: description: Name of the jenkins job. returned: success @@ -157,11 +154,11 @@ user: type: str sample: admin url: - description: Url to connect to the Jenkins server. + description: URL to connect to the Jenkins server. returned: success type: str sample: https://jenkins.mydomain.com -''' +""" import os import traceback diff --git a/plugins/modules/jenkins_job_info.py b/plugins/modules/jenkins_job_info.py index 40e1d7aea3..f406ec3b4b 100644 --- a/plugins/modules/jenkins_job_info.py +++ b/plugins/modules/jenkins_job_info.py @@ -9,8 +9,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: jenkins_job_info short_description: Get information about Jenkins jobs description: @@ -51,18 +50,18 @@ options: user: type: str description: - - User to authenticate with the Jenkins server. + - User to authenticate with the Jenkins server. validate_certs: description: - - If set to V(false), the SSL certificates will not be validated. - - This should only set to V(false) used on personally controlled sites using self-signed certificates. + - If set to V(false), the SSL certificates will not be validated. + - This should only set to V(false) used on personally controlled sites using self-signed certificates. default: true type: bool author: - "Chris St. Pierre (@stpierre)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Get all Jenkins jobs anonymously - community.general.jenkins_job_info: user: admin @@ -122,24 +121,23 @@ EXAMPLES = ''' token: 126df5c60d66c66e3b75b11104a16a8a url: https://jenkins.example.com register: my_jenkins_job_info -''' +""" -RETURN = ''' ---- +RETURN = r""" jobs: - description: All jobs found matching the specified criteria + description: All jobs found matching the specified criteria. returned: success type: list sample: [ - { - "name": "test-job", - "fullname": "test-folder/test-job", - "url": "http://localhost:8080/job/test-job/", - "color": "blue" - }, + { + "name": "test-job", + "fullname": "test-folder/test-job", + "url": "http://localhost:8080/job/test-job/", + "color": "blue" + }, ] -''' +""" import ssl import fnmatch @@ -212,8 +210,8 @@ def get_jobs(module): jobs = all_jobs # python-jenkins includes the internal Jenkins class used for each job # in its return value; we strip that out because the leading underscore - # (and the fact that it's not documented in the python-jenkins docs) - # indicates that it's not part of the dependable public interface. + # (and the fact that it is not documented in the python-jenkins docs) + # indicates that it is not part of the dependable public interface. for job in jobs: if "_class" in job: del job["_class"] diff --git a/plugins/modules/jenkins_node.py b/plugins/modules/jenkins_node.py new file mode 100644 index 0000000000..affd462659 --- /dev/null +++ b/plugins/modules/jenkins_node.py @@ -0,0 +1,486 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r""" +module: jenkins_node +short_description: Manage Jenkins nodes +version_added: 10.0.0 +description: + - Manage Jenkins nodes with Jenkins REST API. +requirements: + - "python-jenkins >= 0.4.12" +author: + - Connor Newton (@phyrwork) +extends_documentation_fragment: + - community.general.attributes +attributes: + check_mode: + support: partial + details: + - Check mode is unable to show configuration changes for a node that is not yet present. + diff_mode: + support: none +options: + url: + description: + - URL of the Jenkins server. + default: http://localhost:8080 + type: str + name: + description: + - Name of the Jenkins node to manage. + required: true + type: str + user: + description: + - User to authenticate with the Jenkins server. + type: str + token: + description: + - API token to authenticate with the Jenkins server. + type: str + state: + description: + - Specifies whether the Jenkins node should be V(present) (created), V(absent) (deleted), V(enabled) (online) or V(disabled) + (offline). + default: present + choices: ['enabled', 'disabled', 'present', 'absent'] + type: str + num_executors: + description: + - When specified, sets the Jenkins node executor count. + type: int + labels: + description: + - When specified, sets the Jenkins node labels. + type: list + elements: str + offline_message: + description: + - Specifies the offline reason message to be set when configuring the Jenkins node state. + - If O(offline_message) is given and requested O(state) is not V(disabled), an error will be raised. + - Internally O(offline_message) is set using the V(toggleOffline) API, so updating the message when the node is already + offline (current state V(disabled)) is not possible. In this case, a warning will be issued. + type: str + version_added: 10.0.0 +""" + +EXAMPLES = r""" +- name: Create a Jenkins node using token authentication + community.general.jenkins_node: + url: http://localhost:8080 + user: jenkins + token: 11eb751baabb66c4d1cb8dc4e0fb142cde + name: my-node + state: present + +- name: Set number of executors on Jenkins node + community.general.jenkins_node: + name: my-node + state: present + num_executors: 4 + +- name: Set labels on Jenkins node + community.general.jenkins_node: + name: my-node + state: present + labels: + - label-1 + - label-2 + - label-3 + +- name: Set Jenkins node offline with offline message. + community.general.jenkins_node: + name: my-node + state: disabled + offline_message: >- + This node is offline for some reason. +""" + +RETURN = r""" +url: + description: URL used to connect to the Jenkins server. + returned: success + type: str + sample: https://jenkins.mydomain.com +user: + description: User used for authentication. + returned: success + type: str + sample: jenkins +name: + description: Name of the Jenkins node. + returned: success + type: str + sample: my-node +state: + description: State of the Jenkins node. + returned: success + type: str + sample: present +created: + description: Whether or not the Jenkins node was created by the task. + returned: success + type: bool +deleted: + description: Whether or not the Jenkins node was deleted by the task. + returned: success + type: bool +disabled: + description: Whether or not the Jenkins node was disabled by the task. + returned: success + type: bool +enabled: + description: Whether or not the Jenkins node was enabled by the task. + returned: success + type: bool +configured: + description: Whether or not the Jenkins node was configured by the task. + returned: success + type: bool +""" + +import sys +import traceback +from xml.etree import ElementTree as et + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.common.text.converters import to_native +from ansible_collections.community.general.plugins.module_utils import deps + +with deps.declare( + "python-jenkins", + reason="python-jenkins is required to interact with Jenkins", + url="https://opendev.org/jjb/python-jenkins", +): + import jenkins + + +IS_PYTHON_2 = sys.version_info[0] <= 2 + + +class JenkinsNode: + def __init__(self, module): + self.module = module + + self.name = module.params['name'] + self.state = module.params['state'] + self.token = module.params['token'] + self.user = module.params['user'] + self.url = module.params['url'] + self.num_executors = module.params['num_executors'] + self.labels = module.params['labels'] + self.offline_message = module.params['offline_message'] # type: str | None + + if self.offline_message is not None: + self.offline_message = self.offline_message.strip() + + if self.state != "disabled": + self.module.fail_json("can not set offline message when state is not disabled") + + if self.labels is not None: + for label in self.labels: + if " " in label: + self.module.fail_json("labels must not contain spaces: got invalid label {}".format(label)) + + self.instance = self.get_jenkins_instance() + self.result = { + 'changed': False, + 'url': self.url, + 'user': self.user, + 'name': self.name, + 'state': self.state, + 'created': False, + 'deleted': False, + 'disabled': False, + 'enabled': False, + 'configured': False, + 'warnings': [], + } + + def get_jenkins_instance(self): + try: + if self.user and self.token: + return jenkins.Jenkins(self.url, self.user, self.token) + elif self.user and not self.token: + return jenkins.Jenkins(self.url, self.user) + else: + return jenkins.Jenkins(self.url) + except Exception as e: + self.module.fail_json(msg='Unable to connect to Jenkins server, %s' % to_native(e)) + + def configure_node(self, present): + if not present: + # Node would only not be present if in check mode and if not present there + # is no way to know what would and would not be changed. + if not self.module.check_mode: + raise Exception("configure_node present is False outside of check mode") + return + + configured = False + + data = self.instance.get_node_config(self.name) + root = et.fromstring(data) + + if self.num_executors is not None: + elem = root.find('numExecutors') + if elem is None: + elem = et.SubElement(root, 'numExecutors') + if elem.text is None or int(elem.text) != self.num_executors: + elem.text = str(self.num_executors) + configured = True + + if self.labels is not None: + elem = root.find('label') + if elem is None: + elem = et.SubElement(root, 'label') + labels = [] + if elem.text: + labels = elem.text.split() + if labels != self.labels: + elem.text = " ".join(self.labels) + configured = True + + if configured: + if IS_PYTHON_2: + data = et.tostring(root) + else: + data = et.tostring(root, encoding="unicode") + + self.instance.reconfig_node(self.name, data) + + self.result['configured'] = configured + if configured: + self.result['changed'] = True + + def present_node(self, configure=True): # type: (bool) -> bool + """Assert node present. + + Args: + configure: If True, run node configuration after asserting node present. + + Returns: + True if the node is present, False otherwise (i.e. is check mode). + """ + def create_node(): + try: + self.instance.create_node(self.name, launcher=jenkins.LAUNCHER_SSH) + except jenkins.JenkinsException as e: + # Some versions of python-jenkins < 1.8.3 has an authorization bug when + # handling redirects returned when posting to resources. If the node is + # created OK then can ignore the error. + if not self.instance.node_exists(self.name): + self.module.fail_json(msg="Create node failed: %s" % to_native(e), exception=traceback.format_exc()) + + # TODO: Remove authorization workaround. + self.result['warnings'].append( + "suppressed 401 Not Authorized on redirect after node created: see https://review.opendev.org/c/jjb/python-jenkins/+/931707" + ) + + present = self.instance.node_exists(self.name) + created = False + if not present: + if not self.module.check_mode: + create_node() + present = True + + created = True + + if configure: + self.configure_node(present) + + self.result['created'] = created + if created: + self.result['changed'] = True + + return present # Used to gate downstream queries when in check mode. + + def absent_node(self): + def delete_node(): + try: + self.instance.delete_node(self.name) + except jenkins.JenkinsException as e: + # Some versions of python-jenkins < 1.8.3 has an authorization bug when + # handling redirects returned when posting to resources. If the node is + # deleted OK then can ignore the error. + if self.instance.node_exists(self.name): + self.module.fail_json(msg="Delete node failed: %s" % to_native(e), exception=traceback.format_exc()) + + # TODO: Remove authorization workaround. + self.result['warnings'].append( + "suppressed 401 Not Authorized on redirect after node deleted: see https://review.opendev.org/c/jjb/python-jenkins/+/931707" + ) + + present = self.instance.node_exists(self.name) + deleted = False + if present: + if not self.module.check_mode: + delete_node() + + deleted = True + + self.result['deleted'] = deleted + if deleted: + self.result['changed'] = True + + def enabled_node(self): + def get_offline(): # type: () -> bool + return self.instance.get_node_info(self.name)["offline"] + + present = self.present_node() + + enabled = False + + if present: + def enable_node(): + try: + self.instance.enable_node(self.name) + except jenkins.JenkinsException as e: + # Some versions of python-jenkins < 1.8.3 has an authorization bug when + # handling redirects returned when posting to resources. If the node is + # disabled OK then can ignore the error. + offline = get_offline() + + if offline: + self.module.fail_json(msg="Enable node failed: %s" % to_native(e), exception=traceback.format_exc()) + + # TODO: Remove authorization workaround. + self.result['warnings'].append( + "suppressed 401 Not Authorized on redirect after node enabled: see https://review.opendev.org/c/jjb/python-jenkins/+/931707" + ) + + offline = get_offline() + + if offline: + if not self.module.check_mode: + enable_node() + + enabled = True + else: + # Would have created node with initial state enabled therefore would not have + # needed to enable therefore not enabled. + if not self.module.check_mode: + raise Exception("enabled_node present is False outside of check mode") + enabled = False + + self.result['enabled'] = enabled + if enabled: + self.result['changed'] = True + + def disabled_node(self): + def get_offline_info(): + info = self.instance.get_node_info(self.name) + + offline = info["offline"] + offline_message = info["offlineCauseReason"] + + return offline, offline_message + + # Don't configure until after disabled, in case the change in configuration + # causes the node to pick up a job. + present = self.present_node(False) + + disabled = False + changed = False + + if present: + offline, offline_message = get_offline_info() + + if self.offline_message is not None and self.offline_message != offline_message: + if offline: + # n.b. Internally disable_node uses toggleOffline gated by a not + # offline condition. This means that disable_node can not be used to + # update an offline message if the node is already offline. + # + # Toggling the node online to set the message when toggling offline + # again is not an option as during this transient online time jobs + # may be scheduled on the node which is not acceptable. + self.result["warnings"].append( + "unable to change offline message when already offline" + ) + else: + offline_message = self.offline_message + changed = True + + def disable_node(): + try: + self.instance.disable_node(self.name, offline_message) + except jenkins.JenkinsException as e: + # Some versions of python-jenkins < 1.8.3 has an authorization bug when + # handling redirects returned when posting to resources. If the node is + # disabled OK then can ignore the error. + offline, _offline_message = get_offline_info() + + if not offline: + self.module.fail_json(msg="Disable node failed: %s" % to_native(e), exception=traceback.format_exc()) + + # TODO: Remove authorization workaround. + self.result['warnings'].append( + "suppressed 401 Not Authorized on redirect after node disabled: see https://review.opendev.org/c/jjb/python-jenkins/+/931707" + ) + + if not offline: + if not self.module.check_mode: + disable_node() + + disabled = True + + else: + # Would have created node with initial state enabled therefore would have + # needed to disable therefore disabled. + if not self.module.check_mode: + raise Exception("disabled_node present is False outside of check mode") + disabled = True + + if disabled: + changed = True + + self.result['disabled'] = disabled + + if changed: + self.result['changed'] = True + + self.configure_node(present) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + name=dict(required=True, type='str'), + url=dict(default='http://localhost:8080'), + user=dict(), + token=dict(no_log=True), + state=dict(choices=['enabled', 'disabled', 'present', 'absent'], default='present'), + num_executors=dict(type='int'), + labels=dict(type='list', elements='str'), + offline_message=dict(type='str'), + ), + supports_check_mode=True, + ) + + deps.validate(module) + + jenkins_node = JenkinsNode(module) + + state = module.params.get('state') + if state == 'enabled': + jenkins_node.enabled_node() + elif state == 'disabled': + jenkins_node.disabled_node() + elif state == 'present': + jenkins_node.present_node() + else: + jenkins_node.absent_node() + + module.exit_json(**jenkins_node.result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/jenkins_plugin.py b/plugins/modules/jenkins_plugin.py index 13a804a508..73ff40c725 100644 --- a/plugins/modules/jenkins_plugin.py +++ b/plugins/modules/jenkins_plugin.py @@ -9,14 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: jenkins_plugin author: Jiri Tyr (@jtyr) short_description: Add or remove Jenkins plugin description: - Ansible module which helps to manage Jenkins plugins. - attributes: check_mode: support: full @@ -53,8 +51,7 @@ options: type: str description: - Desired plugin state. - - If set to V(latest), the check for new version will be performed - every time. This is suitable to keep the plugin up-to-date. + - If set to V(latest), the check for new version will be performed every time. This is suitable to keep the plugin up-to-date. choices: [absent, present, pinned, unpinned, enabled, disabled, latest] default: present timeout: @@ -65,12 +62,10 @@ options: updates_expiration: type: int description: - - Number of seconds after which a new copy of the C(update-center.json) - file is downloaded. This is used to avoid the need to download the - plugin to calculate its checksum when O(state=latest) is specified. - - Set it to V(0) if no cache file should be used. In that case, the - plugin file will always be downloaded to calculate its checksum when - O(state=latest) is specified. + - Number of seconds after which a new copy of the C(update-center.json) file is downloaded. This is used to avoid the + need to download the plugin to calculate its checksum when O(state=latest) is specified. + - Set it to V(0) if no cache file should be used. In that case, the plugin file will always be downloaded to calculate + its checksum when O(state=latest) is specified. default: 86400 updates_url: type: list @@ -83,7 +78,7 @@ options: type: list elements: str description: - - A list of URL segment(s) to retrieve the update center json file from. + - A list of URL segment(s) to retrieve the update center JSON file from. default: ['update-center.json', 'updates/update-center.json'] version_added: 3.3.0 latest_plugins_url_segments: @@ -109,12 +104,11 @@ options: type: str description: - Plugin version number. - - If this option is specified, all plugin dependencies must be installed - manually. - - It might take longer to verify that the correct version is installed. - This is especially true if a specific version number is specified. - - Quote the version to prevent the value to be interpreted as float. For - example if V(1.20) would be unquoted, it would become V(1.2). + - If this option is specified, all plugin dependencies must be installed manually. + - It might take longer to verify that the correct version is installed. This is especially true if a specific version + number is specified. + - Quote the version to prevent the value to be interpreted as float. For example if V(1.20) would be unquoted, it would + become V(1.2). with_dependencies: description: - Defines whether to install plugin dependencies. @@ -123,24 +117,20 @@ options: default: true notes: - - Plugin installation should be run under root or the same user which owns - the plugin files on the disk. Only if the plugin is not installed yet and - no version is specified, the API installation is performed which requires - only the Web UI credentials. - - It is necessary to notify the handler or call the M(ansible.builtin.service) module to - restart the Jenkins service after a new plugin was installed. - - Pinning works only if the plugin is installed and Jenkins service was - successfully restarted after the plugin installation. - - It is not possible to run the module remotely by changing the O(url) - parameter to point to the Jenkins server. The module must be used on the - host where Jenkins runs as it needs direct access to the plugin files. + - Plugin installation should be run under root or the same user which owns the plugin files on the disk. Only if the plugin + is not installed yet and no version is specified, the API installation is performed which requires only the Web UI credentials. + - It is necessary to notify the handler or call the M(ansible.builtin.service) module to restart the Jenkins service after + a new plugin was installed. + - Pinning works only if the plugin is installed and Jenkins service was successfully restarted after the plugin installation. + - It is not possible to run the module remotely by changing the O(url) parameter to point to the Jenkins server. The module + must be used on the host where Jenkins runs as it needs direct access to the plugin files. extends_documentation_fragment: - ansible.builtin.url - ansible.builtin.files - community.general.attributes -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install plugin community.general.jenkins_plugin: name: build-pipeline-plugin @@ -281,8 +271,8 @@ EXAMPLES = ''' retries: 60 delay: 5 until: > - 'status' in jenkins_service_status and - jenkins_service_status['status'] == 200 + 'status' in jenkins_service_status and + jenkins_service_status['status'] == 200 when: jenkins_restart_required - name: Reset the fact @@ -305,20 +295,20 @@ EXAMPLES = ''' when: > 'enabled' in item.value with_dict: "{{ my_jenkins_plugins }}" -''' +""" -RETURN = ''' +RETURN = r""" plugin: - description: plugin name - returned: success - type: str - sample: build-pipeline-plugin + description: Plugin name. + returned: success + type: str + sample: build-pipeline-plugin state: - description: state of the target, after execution - returned: success - type: str - sample: "present" -''' + description: State of the target, after execution. + returned: success + type: str + sample: "present" +""" import hashlib import io @@ -685,7 +675,7 @@ class JenkinsPlugin(object): # Move the updates file to the right place if we could read it if tmp_updates_file != updates_file: - self.module.atomic_move(tmp_updates_file, updates_file) + self.module.atomic_move(os.path.abspath(tmp_updates_file), os.path.abspath(updates_file)) # Check if we have the plugin data available if not data.get('plugins', {}).get(self.params['name']): @@ -718,7 +708,7 @@ class JenkinsPlugin(object): details=to_native(e)) # Move the file onto the right place - self.module.atomic_move(tmp_f, f) + self.module.atomic_move(os.path.abspath(tmp_f), os.path.abspath(f)) def uninstall(self): changed = False diff --git a/plugins/modules/jenkins_script.py b/plugins/modules/jenkins_script.py index 030c8e6fa3..bd30f9daa7 100644 --- a/plugins/modules/jenkins_script.py +++ b/plugins/modules/jenkins_script.py @@ -9,17 +9,15 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" author: James Hogarth (@hogarthj) module: jenkins_script short_description: Executes a groovy script in the jenkins instance description: - - The C(jenkins_script) module takes a script plus a dict of values - to use within the script and returns the result of the script being run. - + - The C(jenkins_script) module takes a script plus a dict of values to use within the script and returns the result of the + script being run. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: @@ -31,20 +29,18 @@ options: script: type: str description: - - The groovy script to be executed. - This gets passed as a string Template if args is defined. + - The groovy script to be executed. This gets passed as a string Template if args is defined. required: true url: type: str description: - - The jenkins server to execute the script against. The default is a local - jenkins instance that is not being proxied through a webserver. + - The jenkins server to execute the script against. The default is a local jenkins instance that is not being proxied + through a webserver. default: http://localhost:8080 validate_certs: description: - - If set to V(false), the SSL certificates will not be validated. - This should only set to V(false) used on personally controlled sites - using self-signed certificates as it avoids verifying the source site. + - If set to V(false), the SSL certificates will not be validated. This should only set to V(false) used on personally + controlled sites using self-signed certificates as it avoids verifying the source site. type: bool default: true user: @@ -58,21 +54,18 @@ options: timeout: type: int description: - - The request timeout in seconds + - The request timeout in seconds. default: 10 args: type: dict description: - A dict of key-value pairs used in formatting the script using string.Template (see https://docs.python.org/2/library/string.html#template-strings). - notes: - - Since the script can do anything this does not report on changes. - Knowing the script is being run it's important to set changed_when - for the ansible output to be clear on any alterations made. + - Since the script can do anything this does not report on changes. Knowing the script is being run it is important to set + C(changed_when) for the ansible output to be clear on any alterations made. +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Obtaining a list of plugins community.general.jenkins_script: script: 'println(Jenkins.instance.pluginManager.plugins)' @@ -82,10 +75,10 @@ EXAMPLES = ''' - name: Setting master using a variable to hold a more complicate script ansible.builtin.set_fact: setmaster_mode: | - import jenkins.model.* - instance = Jenkins.getInstance() - instance.setMode(${jenkins_mode}) - instance.save() + import jenkins.model.* + instance = Jenkins.getInstance() + instance.setMode(${jenkins_mode}) + instance.save() - name: Use the variable as the script community.general.jenkins_script: @@ -99,16 +92,16 @@ EXAMPLES = ''' user: admin password: admin url: https://localhost - validate_certs: false # only do this when you trust the network! -''' + validate_certs: false # only do this when you trust the network! +""" -RETURN = ''' +RETURN = r""" output: - description: Result of script - returned: success - type: str - sample: 'Result: true' -''' + description: Result of script. + returned: success + type: str + sample: 'Result: true' +""" import json diff --git a/plugins/modules/jira.py b/plugins/modules/jira.py index c36cf99375..cc3136c3bf 100644 --- a/plugins/modules/jira.py +++ b/plugins/modules/jira.py @@ -20,7 +20,6 @@ module: jira short_description: Create and modify issues in a JIRA instance description: - Create and modify issues in a JIRA instance. - extends_documentation_fragment: - community.general.attributes @@ -36,28 +35,24 @@ options: required: true description: - Base URI for the JIRA instance. - operation: type: str required: true - aliases: [ command ] - choices: [ attach, comment, create, edit, fetch, link, search, transition, update, worklog ] + aliases: [command] + choices: [attach, comment, create, edit, fetch, link, search, transition, update, worklog] description: - The operation to perform. - V(worklog) was added in community.general 6.5.0. - username: type: str description: - The username to log-in with. - Must be used with O(password). Mutually exclusive with O(token). - password: type: str description: - The password to log-in with. - - Must be used with O(username). Mutually exclusive with O(token). - + - Must be used with O(username). Mutually exclusive with O(token). token: type: str description: @@ -70,56 +65,54 @@ options: required: false description: - The project for this operation. Required for issue creation. - summary: type: str required: false description: - - The issue summary, where appropriate. - - Note that JIRA may not allow changing field values on specific transitions or states. - + - The issue summary, where appropriate. + - Note that JIRA may not allow changing field values on specific transitions or states. description: type: str required: false description: - - The issue description, where appropriate. - - Note that JIRA may not allow changing field values on specific transitions or states. - + - The issue description, where appropriate. + - Note that JIRA may not allow changing field values on specific transitions or states. issuetype: type: str required: false description: - - The issue type, for issue creation. - + - The issue type, for issue creation. issue: type: str required: false description: - - An existing issue key to operate on. + - An existing issue key to operate on. aliases: ['ticket'] comment: type: str required: false description: - - The comment text to add. - - Note that JIRA may not allow changing field values on specific transitions or states. - + - The comment text to add. + - Note that JIRA may not allow changing field values on specific transitions or states. comment_visibility: type: dict description: - - Used to specify comment comment visibility. - - See U(https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issue-comments/#api-rest-api-2-issue-issueidorkey-comment-post) for details. + - Used to specify comment comment visibility. + - See + U(https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issue-comments/#api-rest-api-2-issue-issueidorkey-comment-post) + for details. suboptions: type: description: - - Use type to specify which of the JIRA visibility restriction types will be used. + - Use type to specify which of the JIRA visibility restriction types will be used. type: str required: true choices: [group, role] value: description: - - Use value to specify value corresponding to the type of visibility restriction. For example name of the group or role. + - Use value to specify value corresponding to the type of visibility restriction. For example name of the group + or role. type: str required: true version_added: '3.2.0' @@ -128,63 +121,59 @@ options: type: str required: false description: - - Only used when O(operation) is V(transition), and a bit of a misnomer, it actually refers to the transition name. - + - Only used when O(operation) is V(transition), and a bit of a misnomer, it actually refers to the transition name. assignee: type: str required: false description: - - Sets the the assignee when O(operation) is V(create), V(transition), or V(edit). - - Recent versions of JIRA no longer accept a user name as a user identifier. In that case, use O(account_id) instead. - - Note that JIRA may not allow changing field values on specific transitions or states. - + - Sets the the assignee when O(operation) is V(create), V(transition), or V(edit). + - Recent versions of JIRA no longer accept a user name as a user identifier. In that case, use O(account_id) instead. + - Note that JIRA may not allow changing field values on specific transitions or states. account_id: type: str description: - - Sets the account identifier for the assignee when O(operation) is V(create), V(transition), or V(edit). - - Note that JIRA may not allow changing field values on specific transitions or states. + - Sets the account identifier for the assignee when O(operation) is V(create), V(transition), or V(edit). + - Note that JIRA may not allow changing field values on specific transitions or states. version_added: 2.5.0 linktype: type: str required: false description: - - Set type of link, when action 'link' selected. - + - Set type of link, when action 'link' selected. inwardissue: type: str required: false description: - - Set issue from which link will be created. - + - Set issue from which link will be created. outwardissue: type: str required: false description: - - Set issue to which link will be created. - + - Set issue to which link will be created. fields: type: dict required: false description: - - This is a free-form data structure that can contain arbitrary data. This is passed directly to the JIRA REST API - (possibly after merging with other required data, as when passed to create). See examples for more information, - and the JIRA REST API for the structure required for various fields. - - When passed to comment, the data structure is merged at the first level since community.general 4.6.0. Useful to add JIRA properties for example. - - Note that JIRA may not allow changing field values on specific transitions or states. + - This is a free-form data structure that can contain arbitrary data. This is passed directly to the JIRA REST API (possibly + after merging with other required data, as when passed to create). See examples for more information, and the JIRA + REST API for the structure required for various fields. + - When passed to comment, the data structure is merged at the first level since community.general 4.6.0. Useful to add + JIRA properties for example. + - Note that JIRA may not allow changing field values on specific transitions or states. default: {} jql: required: false description: - - Query JIRA in JQL Syntax, e.g. 'CMDB Hostname'='test.example.com'. + - Query JIRA in JQL Syntax, for example V("CMDB Hostname" = test.example.com). type: str version_added: '0.2.0' maxresults: required: false description: - - Limit the result of O(operation=search). If no value is specified, the default jira limit will be used. - - Used when O(operation=search) only, ignored otherwise. + - Limit the result of O(operation=search). If no value is specified, the default jira limit will be used. + - Used when O(operation=search) only, ignored otherwise. type: int version_added: '0.2.0' @@ -198,7 +187,7 @@ options: validate_certs: required: false description: - - Require valid SSL certificates (set to V(false) if you would like to use self-signed certificates) + - Require valid SSL certificates (set to V(false) if you would like to use self-signed certificates). default: true type: bool @@ -212,27 +201,24 @@ options: required: true type: path description: - - The path to the file to upload (from the remote node) or, if O(attachment.content) is specified, - the filename to use for the attachment. + - The path to the file to upload (from the remote node) or, if O(attachment.content) is specified, the filename + to use for the attachment. content: type: str description: - - The Base64 encoded contents of the file to attach. If not specified, the contents of O(attachment.filename) will be - used instead. + - The Base64 encoded contents of the file to attach. If not specified, the contents of O(attachment.filename) will + be used instead. mimetype: type: str description: - - The MIME type to supply for the upload. If not specified, best-effort detection will be - done. - + - The MIME type to supply for the upload. If not specified, best-effort detection will be done. notes: - - "Currently this only works with basic-auth, or tokens." - - "To use with JIRA Cloud, pass the login e-mail as the O(username) and the API token as O(password)." - + - Currently this only works with basic-auth, or tokens. + - To use with JIRA Cloud, pass the login e-mail as the O(username) and the API token as O(password). author: -- "Steve Smith (@tarka)" -- "Per Abildgaard Toft (@pertoft)" -- "Brandon McNama (@DWSR)" + - "Steve Smith (@tarka)" + - "Per Abildgaard Toft (@pertoft)" + - "Brandon McNama (@DWSR)" """ EXAMPLES = r""" @@ -249,8 +235,8 @@ EXAMPLES = r""" issuetype: Task args: fields: - customfield_13225: "test" - customfield_12931: {"value": "Test"} + customfield_13225: "test" + customfield_12931: {"value": "Test"} register: issue - name: Comment on issue @@ -362,9 +348,9 @@ EXAMPLES = r""" operation: edit args: fields: - labels: - - autocreated - - ansible + labels: + - autocreated + - ansible # Updating a field using operations: add, set & remove - name: Change the value of a Select dropdown @@ -376,8 +362,8 @@ EXAMPLES = r""" operation: update args: fields: - customfield_12931: [ {'set': {'value': 'Virtual'}} ] - customfield_13820: [ {'set': {'value':'Manually'}} ] + customfield_12931: ['set': {'value': 'Virtual'}] + customfield_13820: ['set': {'value': 'Manually'}] register: cmdb_issue delegate_to: localhost @@ -406,7 +392,7 @@ EXAMPLES = r""" jql: project=cmdb AND cf[13225]="test" args: fields: - lastViewed: null + lastViewed: register: issue - name: Create a unix account for the reporter @@ -531,7 +517,7 @@ class JIRA(StateModuleHelper): ), supports_check_mode=False ) - + use_old_vardict = False state_param = 'operation' def __init_module__(self): @@ -544,7 +530,7 @@ class JIRA(StateModuleHelper): self.vars.uri = self.vars.uri.strip('/') self.vars.set('restbase', self.vars.uri + '/rest/api/2') - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_create(self): createfields = { 'project': {'key': self.vars.project}, @@ -562,7 +548,7 @@ class JIRA(StateModuleHelper): url = self.vars.restbase + '/issue/' self.vars.meta = self.post(url, data) - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_comment(self): data = { 'body': self.vars.comment @@ -578,7 +564,7 @@ class JIRA(StateModuleHelper): url = self.vars.restbase + '/issue/' + self.vars.issue + '/comment' self.vars.meta = self.post(url, data) - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_worklog(self): data = { 'comment': self.vars.comment @@ -594,7 +580,7 @@ class JIRA(StateModuleHelper): url = self.vars.restbase + '/issue/' + self.vars.issue + '/worklog' self.vars.meta = self.post(url, data) - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_edit(self): data = { 'fields': self.vars.fields @@ -602,7 +588,7 @@ class JIRA(StateModuleHelper): url = self.vars.restbase + '/issue/' + self.vars.issue self.vars.meta = self.put(url, data) - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_update(self): data = { "update": self.vars.fields, @@ -624,7 +610,7 @@ class JIRA(StateModuleHelper): self.vars.meta = self.get(url) - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_transition(self): # Find the transition id turl = self.vars.restbase + '/issue/' + self.vars.issue + "/transitions" @@ -657,7 +643,7 @@ class JIRA(StateModuleHelper): url = self.vars.restbase + '/issue/' + self.vars.issue + "/transitions" self.vars.meta = self.post(url, data) - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_link(self): data = { 'type': {'name': self.vars.linktype}, @@ -667,7 +653,7 @@ class JIRA(StateModuleHelper): url = self.vars.restbase + '/issueLink/' self.vars.meta = self.post(url, data) - @cause_changes(on_success=True) + @cause_changes(when="success") def operation_attach(self): v = self.vars filename = v.attachment.get('filename') diff --git a/plugins/modules/kdeconfig.py b/plugins/modules/kdeconfig.py index 4e8d395215..334db3aee4 100644 --- a/plugins/modules/kdeconfig.py +++ b/plugins/modules/kdeconfig.py @@ -7,15 +7,13 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: kdeconfig short_description: Manage KDE configuration files version_added: "6.5.0" description: - Add or change individual settings in KDE configuration files. - It uses B(kwriteconfig) under the hood. - options: path: description: @@ -24,8 +22,7 @@ options: required: true kwriteconfig_path: description: - - Path to the kwriteconfig executable. If not specified, Ansible will try - to discover it. + - Path to the kwriteconfig executable. If not specified, Ansible will try to discover it. type: path values: description: @@ -74,9 +71,9 @@ requirements: - kwriteconfig author: - Salvatore Mesoraca (@smeso) -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Ensure "Homepage=https://www.ansible.com/" in group "Branding" community.general.kdeconfig: path: /etc/xdg/kickoffrc @@ -97,9 +94,9 @@ EXAMPLES = r''' key: KEY value: VALUE backup: true -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ import os import shutil @@ -214,7 +211,7 @@ def run_module(module, tmpdir, kwriteconfig): if module.params['backup'] and os.path.exists(b_path): result['backup_file'] = module.backup_local(result['path']) try: - module.atomic_move(b_tmpfile, b_path) + module.atomic_move(b_tmpfile, os.path.abspath(b_path)) except IOError: module.ansible.fail_json(msg='Unable to move temporary file %s to %s, IOError' % (tmpfile, result['path']), traceback=traceback.format_exc()) diff --git a/plugins/modules/kernel_blacklist.py b/plugins/modules/kernel_blacklist.py index b5bd904036..1dbf94f629 100644 --- a/plugins/modules/kernel_blacklist.py +++ b/plugins/modules/kernel_blacklist.py @@ -9,47 +9,45 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: kernel_blacklist author: - - Matthias Vogelgesang (@matze) + - Matthias Vogelgesang (@matze) short_description: Blacklist kernel modules description: - - Add or remove kernel modules from blacklist. + - Add or remove kernel modules from blacklist. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full options: - name: - type: str - description: - - Name of kernel module to black- or whitelist. - required: true - state: - type: str - description: - - Whether the module should be present in the blacklist or absent. - choices: [ absent, present ] - default: present - blacklist_file: - type: str - description: - - If specified, use this blacklist file instead of - C(/etc/modprobe.d/blacklist-ansible.conf). - default: /etc/modprobe.d/blacklist-ansible.conf -''' + name: + type: str + description: + - Name of kernel module to black- or whitelist. + required: true + state: + type: str + description: + - Whether the module should be present in the blacklist or absent. + choices: [absent, present] + default: present + blacklist_file: + type: str + description: + - If specified, use this blacklist file instead of C(/etc/modprobe.d/blacklist-ansible.conf). + default: /etc/modprobe.d/blacklist-ansible.conf +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Blacklist the nouveau driver module community.general.kernel_blacklist: name: nouveau state: present -''' +""" import os import re @@ -67,6 +65,7 @@ class Blacklist(StateModuleHelper): ), supports_check_mode=True, ) + use_old_vardict = False def __init_module__(self): self.pattern = re.compile(r'^blacklist\s+{0}$'.format(re.escape(self.vars.name))) diff --git a/plugins/modules/keycloak_authentication.py b/plugins/modules/keycloak_authentication.py index bc2898d9be..58878c069d 100644 --- a/plugins/modules/keycloak_authentication.py +++ b/plugins/modules/keycloak_authentication.py @@ -7,109 +7,109 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_authentication short_description: Configure authentication in Keycloak description: - - This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it. - - It can also delete the flow. - + - This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it. + - It can also delete the flow. version_added: "3.3.0" attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - realm: - description: - - The name of the realm in which is the authentication. - required: true - type: str - alias: - description: - - Alias for the authentication flow. - required: true - type: str + realm: description: + - The name of the realm in which is the authentication. + required: true + type: str + alias: + description: + - Alias for the authentication flow. + required: true + type: str + description: + description: + - Description of the flow. + type: str + providerId: + description: + - C(providerId) for the new flow when not copied from an existing flow. + choices: ["basic-flow", "client-flow"] + type: str + copyFrom: + description: + - C(flowAlias) of the authentication flow to use for the copy. + type: str + authenticationExecutions: + description: + - Configuration structure for the executions. + type: list + elements: dict + suboptions: + providerId: description: - - Description of the flow. + - C(providerID) for the new flow when not copied from an existing flow. type: str - providerId: + displayName: description: - - C(providerId) for the new flow when not copied from an existing flow. - choices: [ "basic-flow", "client-flow" ] + - Name of the execution or subflow to create or update. type: str - copyFrom: + requirement: description: - - C(flowAlias) of the authentication flow to use for the copy. + - Control status of the subflow or execution. + choices: ["REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL"] type: str - authenticationExecutions: + flowAlias: description: - - Configuration structure for the executions. - type: list - elements: dict - suboptions: - providerId: - description: - - C(providerID) for the new flow when not copied from an existing flow. - type: str - displayName: - description: - - Name of the execution or subflow to create or update. - type: str - requirement: - description: - - Control status of the subflow or execution. - choices: [ "REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL" ] - type: str - flowAlias: - description: - - Alias of parent flow. - type: str - authenticationConfig: - description: - - Describe the config of the authentication. - type: dict - index: - description: - - Priority order of the execution. - type: int - subFlowType: - description: - - For new subflows, optionally specify the type. - - Is only used at creation. - choices: ["basic-flow", "form-flow"] - default: "basic-flow" - type: str - version_added: 6.6.0 - state: - description: - - Control if the authentication flow must exists or not. - choices: [ "present", "absent" ] - default: present + - Alias of parent flow. type: str - force: - type: bool - default: false + authenticationConfig: description: - - If V(true), allows to remove the authentication flow and recreate it. - + - Describe the config of the authentication. + type: dict + index: + description: + - Priority order of the execution. + type: int + subFlowType: + description: + - For new subflows, optionally specify the type. + - Is only used at creation. + choices: ["basic-flow", "form-flow"] + default: "basic-flow" + type: str + version_added: 6.6.0 + state: + description: + - Control if the authentication flow must exists or not. + choices: ["present", "absent"] + default: present + type: str + force: + type: bool + default: false + description: + - If V(true), allows to remove the authentication flow and recreate it. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Philippe Gauthier (@elfelip) - - Gaëtan Daubresse (@Gaetan2907) -''' + - Philippe Gauthier (@elfelip) + - Gaëtan Daubresse (@Gaetan2907) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create an authentication flow from first broker login and add an execution to it. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth @@ -123,15 +123,15 @@ EXAMPLES = ''' - providerId: "test-execution1" requirement: "REQUIRED" authenticationConfig: - alias: "test.execution1.property" - config: - test1.property: "value" + alias: "test.execution1.property" + config: + test1.property: "value" - providerId: "test-execution2" requirement: "REQUIRED" authenticationConfig: - alias: "test.execution2.property" - config: - test2.property: "value" + alias: "test.execution2.property" + config: + test2.property: "value" state: present - name: Re-create the authentication flow @@ -147,9 +147,9 @@ EXAMPLES = ''' - providerId: "test-provisioning" requirement: "REQUIRED" authenticationConfig: - alias: "test.provisioning.property" - config: - test.provisioning.property: "value" + alias: "test.provisioning.property" + config: + test.provisioning.property: "value" state: present force: true @@ -181,13 +181,13 @@ EXAMPLES = ''' realm: master alias: "Copy of first broker login" state: absent -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str end_state: description: Representation of the authentication after module execution. @@ -219,7 +219,7 @@ end_state: "providerId": "basic-flow", "topLevel": true } -''' +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak \ import KeycloakAPI, keycloak_argument_spec, get_token, KeycloakError, is_struct_included @@ -246,7 +246,7 @@ def create_or_update_executions(kc, config, realm='master'): """ Create or update executions for an authentication flow. :param kc: Keycloak API access. - :param config: Representation of the authentication flow including it's executions. + :param config: Representation of the authentication flow including its executions. :param realm: Realm :return: tuple (changed, dict(before, after) WHERE @@ -257,6 +257,7 @@ def create_or_update_executions(kc, config, realm='master'): changed = False after = "" before = "" + execution = None if "authenticationExecutions" in config: # Get existing executions on the Keycloak server for this alias existing_executions = kc.get_executions_representation(config, realm=realm) @@ -283,27 +284,27 @@ def create_or_update_executions(kc, config, realm='master'): if new_exec['index'] is None: new_exec_index = exec_index before += str(existing_executions[exec_index]) + '\n' - id_to_update = existing_executions[exec_index]["id"] + execution = existing_executions[exec_index].copy() # Remove exec from list in case 2 exec with same name existing_executions[exec_index].clear() elif new_exec["providerId"] is not None: kc.create_execution(new_exec, flowAlias=flow_alias_parent, realm=realm) + execution = kc.get_executions_representation(config, realm=realm)[exec_index] exec_found = True exec_index = new_exec_index - id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] after += str(new_exec) + '\n' elif new_exec["displayName"] is not None: kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm, flowType=new_exec["subFlowType"]) + execution = kc.get_executions_representation(config, realm=realm)[exec_index] exec_found = True exec_index = new_exec_index - id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] after += str(new_exec) + '\n' if exec_found: changed = True if exec_index != -1: # Update the existing execution updated_exec = { - "id": id_to_update + "id": execution["id"] } # add the execution configuration if new_exec["authenticationConfig"] is not None: @@ -313,6 +314,8 @@ def create_or_update_executions(kc, config, realm='master'): if key not in ("flowAlias", "authenticationConfig", "subFlowType"): updated_exec[key] = new_exec[key] if new_exec["requirement"] is not None: + if "priority" in execution: + updated_exec["priority"] = execution["priority"] kc.update_authentication_executions(flow_alias_parent, updated_exec, realm=realm) diff = exec_index - new_exec_index kc.change_execution_priority(updated_exec["id"], diff, realm=realm) diff --git a/plugins/modules/keycloak_authentication_required_actions.py b/plugins/modules/keycloak_authentication_required_actions.py index 5ffbd2033c..60b47d7a6a 100644 --- a/plugins/modules/keycloak_authentication_required_actions.py +++ b/plugins/modules/keycloak_authentication_required_actions.py @@ -9,81 +9,82 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_authentication_required_actions short_description: Allows administration of Keycloak authentication required actions description: - - This module can register, update and delete required actions. - - It also filters out any duplicate required actions by their alias. The first occurrence is preserved. - + - This module can register, update and delete required actions. + - It also filters out any duplicate required actions by their alias. The first occurrence is preserved. version_added: 7.1.0 attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - realm: + realm: + description: + - The name of the realm in which are the authentication required actions. + required: true + type: str + required_actions: + elements: dict + description: + - Authentication required action. + suboptions: + alias: description: - - The name of the realm in which are the authentication required actions. + - Unique name of the required action. required: true type: str - required_actions: - elements: dict + config: description: - - Authentication required action. - suboptions: - alias: - description: - - Unique name of the required action. - required: true - type: str - config: - description: - - Configuration for the required action. - type: dict - defaultAction: - description: - - Indicates, if any new user will have the required action assigned to it. - type: bool - enabled: - description: - - Indicates, if the required action is enabled or not. - type: bool - name: - description: - - Displayed name of the required action. Required for registration. - type: str - priority: - description: - - Priority of the required action. - type: int - providerId: - description: - - Provider ID of the required action. Required for registration. - type: str - type: list - state: - choices: [ "absent", "present" ] + - Configuration for the required action. + type: dict + defaultAction: description: - - Control if the realm authentication required actions are going to be registered/updated (V(present)) or deleted (V(absent)). - required: true + - Indicates, if any new user will have the required action assigned to it. + type: bool + enabled: + description: + - Indicates, if the required action is enabled or not. + type: bool + name: + description: + - Displayed name of the required action. Required for registration. type: str + priority: + description: + - Priority of the required action. + type: int + providerId: + description: + - Provider ID of the required action. Required for registration. + type: str + type: list + state: + choices: ["absent", "present"] + description: + - Control if the realm authentication required actions are going to be registered/updated (V(present)) or deleted (V(absent)). + required: true + type: str extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Skrekulko (@Skrekulko) -''' + - Skrekulko (@Skrekulko) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Register a new required action. community.general.keycloak_authentication_required_actions: auth_client_id: "admin-cli" @@ -123,56 +124,55 @@ EXAMPLES = ''' required_action: - alias: "TERMS_AND_CONDITIONS" state: "absent" -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str end_state: - description: Representation of the authentication required actions after module execution. - returned: on success - type: complex - contains: - alias: - description: - - Unique name of the required action. - sample: test-provider-id - type: str - config: - description: - - Configuration for the required action. - sample: {} - type: dict - defaultAction: - description: - - Indicates, if any new user will have the required action assigned to it. - sample: false - type: bool - enabled: - description: - - Indicates, if the required action is enabled or not. - sample: false - type: bool - name: - description: - - Displayed name of the required action. Required for registration. - sample: Test provider ID - type: str - priority: - description: - - Priority of the required action. - sample: 90 - type: int - providerId: - description: - - Provider ID of the required action. Required for registration. - sample: test-provider-id - type: str - -''' + description: Representation of the authentication required actions after module execution. + returned: on success + type: complex + contains: + alias: + description: + - Unique name of the required action. + sample: test-provider-id + type: str + config: + description: + - Configuration for the required action. + sample: {} + type: dict + defaultAction: + description: + - Indicates, if any new user will have the required action assigned to it. + sample: false + type: bool + enabled: + description: + - Indicates, if the required action is enabled or not. + sample: false + type: bool + name: + description: + - Displayed name of the required action. Required for registration. + sample: Test provider ID + type: str + priority: + description: + - Priority of the required action. + sample: 90 + type: int + providerId: + description: + - Provider ID of the required action. Required for registration. + sample: test-provider-id + type: str +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ keycloak_argument_spec, get_token, KeycloakError diff --git a/plugins/modules/keycloak_authz_authorization_scope.py b/plugins/modules/keycloak_authz_authorization_scope.py index 5eef9ac765..16f4149d68 100644 --- a/plugins/modules/keycloak_authz_authorization_scope.py +++ b/plugins/modules/keycloak_authz_authorization_scope.py @@ -9,78 +9,76 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_authz_authorization_scope -short_description: Allows administration of Keycloak client authorization scopes via Keycloak API +short_description: Allows administration of Keycloak client authorization scopes using Keycloak API version_added: 6.6.0 description: - - This module allows the administration of Keycloak client Authorization Scopes via the Keycloak REST - API. Authorization Scopes are only available if a client has Authorization enabled. - - - This module requires access to the REST API via OpenID Connect; the user connecting and the realm - being used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate realm definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase options used by Keycloak. - The Authorization Services paths and payloads have not officially been documented by the Keycloak project. - U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/) - + - This module allows the administration of Keycloak client Authorization Scopes using the Keycloak REST API. Authorization + Scopes are only available if a client has Authorization enabled. + - This module requires access to the REST API using OpenID Connect; the user connecting and the realm being used must have + the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate + realm definition with the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services + paths and payloads have not officially been documented by the Keycloak project. + U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/). attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the authorization scope. - - On V(present), the authorization scope will be created (or updated if it exists already). - - On V(absent), the authorization scope will be removed if it exists. - choices: ['present', 'absent'] - default: 'present' - type: str - name: - description: - - Name of the authorization scope to create. - type: str - required: true - display_name: - description: - - The display name of the authorization scope. - type: str - required: false - icon_uri: - description: - - The icon URI for the authorization scope. - type: str - required: false - client_id: - description: - - The C(clientId) of the Keycloak client that should have the authorization scope. - - This is usually a human-readable name of the Keycloak client. - type: str - required: true - realm: - description: - - The name of the Keycloak realm the Keycloak client is in. - type: str - required: true + state: + description: + - State of the authorization scope. + - On V(present), the authorization scope will be created (or updated if it exists already). + - On V(absent), the authorization scope will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str + name: + description: + - Name of the authorization scope to create. + type: str + required: true + display_name: + description: + - The display name of the authorization scope. + type: str + required: false + icon_uri: + description: + - The icon URI for the authorization scope. + type: str + required: false + client_id: + description: + - The C(clientId) of the Keycloak client that should have the authorization scope. + - This is usually a human-readable name of the Keycloak client. + type: str + required: true + realm: + description: + - The name of the Keycloak realm the Keycloak client is in. + type: str + required: true extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Samuli Seppänen (@mattock) -''' + - Samuli Seppänen (@mattock) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Manage Keycloak file:delete authorization scope keycloak_authz_authorization_scope: name: file:delete @@ -92,41 +90,40 @@ EXAMPLES = ''' auth_username: keycloak auth_password: keycloak auth_realm: master -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str end_state: - description: Representation of the authorization scope after module execution. - returned: on success - type: complex - contains: - id: - description: ID of the authorization scope. - type: str - returned: when O(state=present) - sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41 - name: - description: Name of the authorization scope. - type: str - returned: when O(state=present) - sample: file:delete - display_name: - description: Display name of the authorization scope. - type: str - returned: when O(state=present) - sample: File delete - icon_uri: - description: Icon URI for the authorization scope. - type: str - returned: when O(state=present) - sample: http://localhost/icon.png - -''' + description: Representation of the authorization scope after module execution. + returned: on success + type: complex + contains: + id: + description: ID of the authorization scope. + type: str + returned: when O(state=present) + sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41 + name: + description: Name of the authorization scope. + type: str + returned: when O(state=present) + sample: file:delete + display_name: + description: Display name of the authorization scope. + type: str + returned: when O(state=present) + sample: File delete + icon_uri: + description: Icon URI for the authorization scope. + type: str + returned: when O(state=present) + sample: http://localhost/icon.png +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ keycloak_argument_spec, get_token, KeycloakError diff --git a/plugins/modules/keycloak_authz_custom_policy.py b/plugins/modules/keycloak_authz_custom_policy.py index 8363c252e2..c20adbc03f 100644 --- a/plugins/modules/keycloak_authz_custom_policy.py +++ b/plugins/modules/keycloak_authz_custom_policy.py @@ -9,75 +9,73 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_authz_custom_policy -short_description: Allows administration of Keycloak client custom Javascript policies via Keycloak API +short_description: Allows administration of Keycloak client custom Javascript policies using Keycloak API version_added: 7.5.0 description: - - This module allows the administration of Keycloak client custom Javascript via the Keycloak REST - API. Custom Javascript policies are only available if a client has Authorization enabled and if - they have been deployed to the Keycloak server as JAR files. - - - This module requires access to the REST API via OpenID Connect; the user connecting and the realm - being used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate realm definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase options used by Keycloak. - The Authorization Services paths and payloads have not officially been documented by the Keycloak project. - U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/) - + - This module allows the administration of Keycloak client custom Javascript using the Keycloak REST API. Custom Javascript + policies are only available if a client has Authorization enabled and if they have been deployed to the Keycloak server + as JAR files. + - This module requires access to the REST API using OpenID Connect; the user connecting and the realm being used must have + the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate + realm definition with the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services + paths and payloads have not officially been documented by the Keycloak project. + U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/). attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the custom policy. - - On V(present), the custom policy will be created (or updated if it exists already). - - On V(absent), the custom policy will be removed if it exists. - choices: ['present', 'absent'] - default: 'present' - type: str - name: - description: - - Name of the custom policy to create. - type: str - required: true - policy_type: - description: - - The type of the policy. This must match the name of the custom policy deployed to the server. - - Multiple policies pointing to the same policy type can be created, but their names have to differ. - type: str - required: true - client_id: - description: - - The V(clientId) of the Keycloak client that should have the custom policy attached to it. - - This is usually a human-readable name of the Keycloak client. - type: str - required: true - realm: - description: - - The name of the Keycloak realm the Keycloak client is in. - type: str - required: true + state: + description: + - State of the custom policy. + - On V(present), the custom policy will be created (or updated if it exists already). + - On V(absent), the custom policy will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str + name: + description: + - Name of the custom policy to create. + type: str + required: true + policy_type: + description: + - The type of the policy. This must match the name of the custom policy deployed to the server. + - Multiple policies pointing to the same policy type can be created, but their names have to differ. + type: str + required: true + client_id: + description: + - The V(clientId) of the Keycloak client that should have the custom policy attached to it. + - This is usually a human-readable name of the Keycloak client. + type: str + required: true + realm: + description: + - The name of the Keycloak realm the Keycloak client is in. + type: str + required: true extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Samuli Seppänen (@mattock) -''' + - Samuli Seppänen (@mattock) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Manage Keycloak custom authorization policy community.general.keycloak_authz_custom_policy: name: OnlyOwner @@ -89,31 +87,30 @@ EXAMPLES = ''' auth_username: keycloak auth_password: keycloak auth_realm: master -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str end_state: - description: Representation of the custom policy after module execution. - returned: on success - type: dict - contains: - name: - description: Name of the custom policy. - type: str - returned: when I(state=present) - sample: file:delete - policy_type: - description: Type of custom policy. - type: str - returned: when I(state=present) - sample: File delete - -''' + description: Representation of the custom policy after module execution. + returned: on success + type: dict + contains: + name: + description: Name of the custom policy. + type: str + returned: when I(state=present) + sample: file:delete + policy_type: + description: Type of custom policy. + type: str + returned: when I(state=present) + sample: File delete +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ keycloak_argument_spec, get_token, KeycloakError diff --git a/plugins/modules/keycloak_authz_permission.py b/plugins/modules/keycloak_authz_permission.py index ef81fb8c31..aee1b1a50f 100644 --- a/plugins/modules/keycloak_authz_permission.py +++ b/plugins/modules/keycloak_authz_permission.py @@ -9,125 +9,121 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_authz_permission version_added: 7.2.0 -short_description: Allows administration of Keycloak client authorization permissions via Keycloak API +short_description: Allows administration of Keycloak client authorization permissions using Keycloak API description: - - This module allows the administration of Keycloak client authorization permissions via the Keycloak REST - API. Authorization permissions are only available if a client has Authorization enabled. - - - There are some peculiarities in JSON paths and payloads for authorization permissions. In particular - POST and PUT operations are targeted at permission endpoints, whereas GET requests go to policies - endpoint. To make matters more interesting the JSON responses from GET requests return data in a - different format than what is expected for POST and PUT. The end result is that it is not possible to - detect changes to things like policies, scopes or resources - at least not without a large number of - additional API calls. Therefore this module always updates authorization permissions instead of - attempting to determine if changes are truly needed. - - - This module requires access to the REST API via OpenID Connect; the user connecting and the realm - being used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate realm definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase options used by Keycloak. - The Authorization Services paths and payloads have not officially been documented by the Keycloak project. - U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/) - + - This module allows the administration of Keycloak client authorization permissions using the Keycloak REST API. Authorization + permissions are only available if a client has Authorization enabled. + - There are some peculiarities in JSON paths and payloads for authorization permissions. In particular POST and PUT operations + are targeted at permission endpoints, whereas GET requests go to policies endpoint. To make matters more interesting the + JSON responses from GET requests return data in a different format than what is expected for POST and PUT. The end result + is that it is not possible to detect changes to things like policies, scopes or resources - at least not without a large + number of additional API calls. Therefore this module always updates authorization permissions instead of attempting to + determine if changes are truly needed. + - This module requires access to the REST API using OpenID Connect; the user connecting and the realm being used must have + the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate + realm definition with the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services + paths and payloads have not officially been documented by the Keycloak project. + U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/). attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the authorization permission. - - On V(present), the authorization permission will be created (or updated if it exists already). - - On V(absent), the authorization permission will be removed if it exists. - choices: ['present', 'absent'] - default: 'present' - type: str - name: - description: - - Name of the authorization permission to create. - type: str - required: true + state: description: - description: - - The description of the authorization permission. - type: str - required: false - permission_type: - description: - - The type of authorization permission. - - On V(scope) create a scope-based permission. - - On V(resource) create a resource-based permission. - type: str - required: true - choices: - - resource - - scope - decision_strategy: - description: - - The decision strategy to use with this permission. - type: str - default: UNANIMOUS - required: false - choices: - - UNANIMOUS - - AFFIRMATIVE - - CONSENSUS - resources: - description: - - Resource names to attach to this permission. - - Scope-based permissions can only include one resource. - - Resource-based permissions can include multiple resources. - type: list - elements: str - default: [] - required: false - scopes: - description: - - Scope names to attach to this permission. - - Resource-based permissions cannot have scopes attached to them. - type: list - elements: str - default: [] - required: false - policies: - description: - - Policy names to attach to this permission. - type: list - elements: str - default: [] - required: false - client_id: - description: - - The clientId of the keycloak client that should have the authorization scope. - - This is usually a human-readable name of the Keycloak client. - type: str - required: true - realm: - description: - - The name of the Keycloak realm the Keycloak client is in. - type: str - required: true + - State of the authorization permission. + - On V(present), the authorization permission will be created (or updated if it exists already). + - On V(absent), the authorization permission will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str + name: + description: + - Name of the authorization permission to create. + type: str + required: true + description: + description: + - The description of the authorization permission. + type: str + required: false + permission_type: + description: + - The type of authorization permission. + - On V(scope) create a scope-based permission. + - On V(resource) create a resource-based permission. + type: str + required: true + choices: + - resource + - scope + decision_strategy: + description: + - The decision strategy to use with this permission. + type: str + default: UNANIMOUS + required: false + choices: + - UNANIMOUS + - AFFIRMATIVE + - CONSENSUS + resources: + description: + - Resource names to attach to this permission. + - Scope-based permissions can only include one resource. + - Resource-based permissions can include multiple resources. + type: list + elements: str + default: [] + required: false + scopes: + description: + - Scope names to attach to this permission. + - Resource-based permissions cannot have scopes attached to them. + type: list + elements: str + default: [] + required: false + policies: + description: + - Policy names to attach to this permission. + type: list + elements: str + default: [] + required: false + client_id: + description: + - The clientId of the keycloak client that should have the authorization scope. + - This is usually a human-readable name of the Keycloak client. + type: str + required: true + realm: + description: + - The name of the Keycloak realm the Keycloak client is in. + type: str + required: true extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Samuli Seppänen (@mattock) -''' + - Samuli Seppänen (@mattock) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Manage scope-based Keycloak authorization permission community.general.keycloak_authz_permission: name: ScopePermission @@ -161,68 +157,68 @@ EXAMPLES = ''' auth_username: keycloak auth_password: keycloak auth_realm: master -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str end_state: - description: Representation of the authorization permission after module execution. - returned: on success - type: complex - contains: - id: - description: ID of the authorization permission. - type: str - returned: when O(state=present) - sample: 9da05cd2-b273-4354-bbd8-0c133918a454 - name: - description: Name of the authorization permission. - type: str - returned: when O(state=present) - sample: ResourcePermission - description: - description: Description of the authorization permission. - type: str - returned: when O(state=present) - sample: Resource Permission - type: - description: Type of the authorization permission. - type: str - returned: when O(state=present) - sample: resource - decisionStrategy: - description: The decision strategy to use. - type: str - returned: when O(state=present) - sample: UNANIMOUS - logic: - description: The logic used for the permission (part of the payload, but has a fixed value). - type: str - returned: when O(state=present) - sample: POSITIVE - resources: - description: IDs of resources attached to this permission. - type: list - returned: when O(state=present) - sample: - - 49e052ff-100d-4b79-a9dd-52669ed3c11d - scopes: - description: IDs of scopes attached to this permission. - type: list - returned: when O(state=present) - sample: - - 9da05cd2-b273-4354-bbd8-0c133918a454 - policies: - description: IDs of policies attached to this permission. - type: list - returned: when O(state=present) - sample: - - 9da05cd2-b273-4354-bbd8-0c133918a454 -''' + description: Representation of the authorization permission after module execution. + returned: on success + type: complex + contains: + id: + description: ID of the authorization permission. + type: str + returned: when O(state=present) + sample: 9da05cd2-b273-4354-bbd8-0c133918a454 + name: + description: Name of the authorization permission. + type: str + returned: when O(state=present) + sample: ResourcePermission + description: + description: Description of the authorization permission. + type: str + returned: when O(state=present) + sample: Resource Permission + type: + description: Type of the authorization permission. + type: str + returned: when O(state=present) + sample: resource + decisionStrategy: + description: The decision strategy to use. + type: str + returned: when O(state=present) + sample: UNANIMOUS + logic: + description: The logic used for the permission (part of the payload, but has a fixed value). + type: str + returned: when O(state=present) + sample: POSITIVE + resources: + description: IDs of resources attached to this permission. + type: list + returned: when O(state=present) + sample: + - 49e052ff-100d-4b79-a9dd-52669ed3c11d + scopes: + description: IDs of scopes attached to this permission. + type: list + returned: when O(state=present) + sample: + - 9da05cd2-b273-4354-bbd8-0c133918a454 + policies: + description: IDs of policies attached to this permission. + type: list + returned: when O(state=present) + sample: + - 9da05cd2-b273-4354-bbd8-0c133918a454 +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ keycloak_argument_spec, get_token, KeycloakError diff --git a/plugins/modules/keycloak_authz_permission_info.py b/plugins/modules/keycloak_authz_permission_info.py index 8b4e96b416..b57b7675a0 100644 --- a/plugins/modules/keycloak_authz_permission_info.py +++ b/plugins/modules/keycloak_authz_permission_info.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_authz_permission_info version_added: 7.2.0 @@ -18,47 +17,47 @@ version_added: 7.2.0 short_description: Query Keycloak client authorization permissions information description: - - This module allows querying information about Keycloak client authorization permissions from the - resources endpoint via the Keycloak REST API. Authorization permissions are only available if a - client has Authorization enabled. - - - This module requires access to the REST API via OpenID Connect; the user connecting and the realm - being used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate realm definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase options used by Keycloak. - The Authorization Services paths and payloads have not officially been documented by the Keycloak project. - U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/) + - This module allows querying information about Keycloak client authorization permissions from the resources endpoint using + the Keycloak REST API. Authorization permissions are only available if a client has Authorization enabled. + - This module requires access to the REST API using OpenID Connect; the user connecting and the realm being used must have + the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate + realm definition with the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services + paths and payloads have not officially been documented by the Keycloak project. + U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/). +attributes: + action_group: + version_added: 10.2.0 options: - name: - description: - - Name of the authorization permission to create. - type: str - required: true - client_id: - description: - - The clientId of the keycloak client that should have the authorization scope. - - This is usually a human-readable name of the Keycloak client. - type: str - required: true - realm: - description: - - The name of the Keycloak realm the Keycloak client is in. - type: str - required: true + name: + description: + - Name of the authorization permission to create. + type: str + required: true + client_id: + description: + - The clientId of the keycloak client that should have the authorization scope. + - This is usually a human-readable name of the Keycloak client. + type: str + required: true + realm: + description: + - The name of the Keycloak realm the Keycloak client is in. + type: str + required: true extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes - - community.general.attributes.info_module + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes + - community.general.attributes.info_module author: - - Samuli Seppänen (@mattock) -''' + - Samuli Seppänen (@mattock) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Query Keycloak authorization permission community.general.keycloak_authz_permission_info: name: ScopePermission @@ -68,48 +67,48 @@ EXAMPLES = ''' auth_username: keycloak auth_password: keycloak auth_realm: master -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str queried_state: - description: State of the resource (a policy) as seen by Keycloak. - returned: on success - type: complex - contains: - id: - description: ID of the authorization permission. - type: str - sample: 9da05cd2-b273-4354-bbd8-0c133918a454 - name: - description: Name of the authorization permission. - type: str - sample: ResourcePermission - description: - description: Description of the authorization permission. - type: str - sample: Resource Permission - type: - description: Type of the authorization permission. - type: str - sample: resource - decisionStrategy: - description: The decision strategy. - type: str - sample: UNANIMOUS - logic: - description: The logic used for the permission (part of the payload, but has a fixed value). - type: str - sample: POSITIVE - config: - description: Configuration of the permission (empty in all observed cases). - type: dict - sample: {} -''' + description: State of the resource (a policy) as seen by Keycloak. + returned: on success + type: complex + contains: + id: + description: ID of the authorization permission. + type: str + sample: 9da05cd2-b273-4354-bbd8-0c133918a454 + name: + description: Name of the authorization permission. + type: str + sample: ResourcePermission + description: + description: Description of the authorization permission. + type: str + sample: Resource Permission + type: + description: Type of the authorization permission. + type: str + sample: resource + decisionStrategy: + description: The decision strategy. + type: str + sample: UNANIMOUS + logic: + description: The logic used for the permission (part of the payload, but has a fixed value). + type: str + sample: POSITIVE + config: + description: Configuration of the permission (empty in all observed cases). + type: dict + sample: {} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ keycloak_argument_spec, get_token, KeycloakError diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py index b151e4541f..68696fd404 100644 --- a/plugins/modules/keycloak_client.py +++ b/plugins/modules/keycloak_client.py @@ -8,551 +8,550 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_client -short_description: Allows administration of Keycloak clients via Keycloak API +short_description: Allows administration of Keycloak clients using Keycloak API description: - - This module allows the administration of Keycloak clients via the Keycloak REST API. It - requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - Aliases are provided so camelCased versions can be used as well. - - - The Keycloak API does not always sanity check inputs e.g. you can set - SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. - If you do not specify a setting, usually a sensible default is chosen. - + - This module allows the administration of Keycloak clients using the Keycloak REST API. It requires access to the REST + API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default + Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored + to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used + as well. + - The Keycloak API does not always sanity check inputs, for example you can set SAML-specific settings on an OpenID Connect + client for instance and the other way around. Be careful. If you do not specify a setting, usually a sensible default + is chosen. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the client - - On V(present), the client will be created (or updated if it exists already). - - On V(absent), the client will be removed if it exists - choices: ['present', 'absent'] - default: 'present' - type: str - - realm: - description: - - The realm to create the client in. - type: str - default: master - - client_id: - description: - - Client id of client to be worked on. This is usually an alphanumeric name chosen by - you. Either this or O(id) is required. If you specify both, O(id) takes precedence. - This is 'clientId' in the Keycloak REST API. - aliases: - - clientId - type: str - - id: - description: - - Id of client to be worked on. This is usually an UUID. Either this or O(client_id) - is required. If you specify both, this takes precedence. - type: str - - name: - description: - - Name of the client (this is not the same as O(client_id)). - type: str - + state: description: + - State of the client. + - On V(present), the client will be created (or updated if it exists already). + - On V(absent), the client will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str + + realm: + description: + - The realm to create the client in. + type: str + default: master + + client_id: + description: + - Client ID of client to be worked on. This is usually an alphanumeric name chosen by you. Either this or O(id) is required. + If you specify both, O(id) takes precedence. This is C(clientId) in the Keycloak REST API. + aliases: + - clientId + type: str + + id: + description: + - ID of client to be worked on. This is usually an UUID. Either this or O(client_id) is required. If you specify both, + this takes precedence. + type: str + + name: + description: + - Name of the client (this is not the same as O(client_id)). + type: str + + description: + description: + - Description of the client in Keycloak. + type: str + + root_url: + description: + - Root URL appended to relative URLs for this client. This is C(rootUrl) in the Keycloak REST API. + aliases: + - rootUrl + type: str + + admin_url: + description: + - URL to the admin interface of the client. This is C(adminUrl) in the Keycloak REST API. + aliases: + - adminUrl + type: str + + base_url: + description: + - Default URL to use when the auth server needs to redirect or link back to the client This is C(baseUrl) in the Keycloak + REST API. + aliases: + - baseUrl + type: str + + enabled: + description: + - Is this client enabled or not? + type: bool + + client_authenticator_type: + description: + - How do clients authenticate with the auth server? Either V(client-secret), V(client-jwt), or V(client-x509) can be + chosen. When using V(client-secret), the module parameter O(secret) can set it, for V(client-jwt), you can use the + keys C(use.jwks.url), C(jwks.url), and C(jwt.credential.certificate) in the O(attributes) module parameter to configure + its behavior. For V(client-x509) you can use the keys C(x509.allow.regex.pattern.comparison) and C(x509.subjectdn) + in the O(attributes) module parameter to configure which certificate(s) to accept. + - This is C(clientAuthenticatorType) in the Keycloak REST API. + choices: ['client-secret', 'client-jwt', 'client-x509'] + aliases: + - clientAuthenticatorType + type: str + + secret: + description: + - When using O(client_authenticator_type=client-secret) (the default), you can specify a secret here (otherwise one + will be generated if it does not exit). If changing this secret, the module will not register a change currently (but + the changed secret will be saved). + type: str + + registration_access_token: + description: + - The registration access token provides access for clients to the client registration service. This is C(registrationAccessToken) + in the Keycloak REST API. + aliases: + - registrationAccessToken + type: str + + default_roles: + description: + - List of default roles for this client. If the client roles referenced do not exist yet, they will be created. This + is C(defaultRoles) in the Keycloak REST API. + aliases: + - defaultRoles + type: list + elements: str + + redirect_uris: + description: + - Acceptable redirect URIs for this client. This is C(redirectUris) in the Keycloak REST API. + aliases: + - redirectUris + type: list + elements: str + + web_origins: + description: + - List of allowed CORS origins. This is C(webOrigins) in the Keycloak REST API. + aliases: + - webOrigins + type: list + elements: str + + not_before: + description: + - Revoke any tokens issued before this date for this client (this is a UNIX timestamp). This is C(notBefore) in the + Keycloak REST API. + type: int + aliases: + - notBefore + + bearer_only: + description: + - The access type of this client is bearer-only. This is C(bearerOnly) in the Keycloak REST API. + aliases: + - bearerOnly + type: bool + + consent_required: + description: + - If enabled, users have to consent to client access. This is C(consentRequired) in the Keycloak REST API. + aliases: + - consentRequired + type: bool + + standard_flow_enabled: + description: + - Enable standard flow for this client or not (OpenID connect). This is C(standardFlowEnabled) in the Keycloak REST + API. + aliases: + - standardFlowEnabled + type: bool + + implicit_flow_enabled: + description: + - Enable implicit flow for this client or not (OpenID connect). This is C(implicitFlowEnabled) in the Keycloak REST + API. + aliases: + - implicitFlowEnabled + type: bool + + direct_access_grants_enabled: + description: + - Are direct access grants enabled for this client or not (OpenID connect). This is C(directAccessGrantsEnabled) in + the Keycloak REST API. + aliases: + - directAccessGrantsEnabled + type: bool + + service_accounts_enabled: + description: + - Are service accounts enabled for this client or not (OpenID connect). This is C(serviceAccountsEnabled) in the Keycloak + REST API. + aliases: + - serviceAccountsEnabled + type: bool + + authorization_services_enabled: + description: + - Are authorization services enabled for this client or not (OpenID connect). This is C(authorizationServicesEnabled) + in the Keycloak REST API. + aliases: + - authorizationServicesEnabled + type: bool + + public_client: + description: + - Is the access type for this client public or not. This is C(publicClient) in the Keycloak REST API. + aliases: + - publicClient + type: bool + + frontchannel_logout: + description: + - Is frontchannel logout enabled for this client or not. This is C(frontchannelLogout) in the Keycloak REST API. + aliases: + - frontchannelLogout + type: bool + + protocol: + description: + - Type of client. + - At creation only, default value will be V(openid-connect) if O(protocol) is omitted. + - The V(docker-v2) value was added in community.general 8.6.0. + type: str + choices: ['openid-connect', 'saml', 'docker-v2'] + + full_scope_allowed: + description: + - Is the "Full Scope Allowed" feature set for this client or not. This is C(fullScopeAllowed) in the Keycloak REST API. + aliases: + - fullScopeAllowed + type: bool + + node_re_registration_timeout: + description: + - Cluster node re-registration timeout for this client. This is C(nodeReRegistrationTimeout) in the Keycloak REST API. + type: int + aliases: + - nodeReRegistrationTimeout + + registered_nodes: + description: + - Dict of registered cluster nodes (with C(nodename) as the key and last registration time as the value). This is C(registeredNodes) + in the Keycloak REST API. + type: dict + aliases: + - registeredNodes + + client_template: + description: + - Client template to use for this client. If it does not exist this field will silently be dropped. This is C(clientTemplate) + in the Keycloak REST API. + type: str + aliases: + - clientTemplate + + use_template_config: + description: + - Whether or not to use configuration from the O(client_template). This is C(useTemplateConfig) in the Keycloak REST + API. + aliases: + - useTemplateConfig + type: bool + + use_template_scope: + description: + - Whether or not to use scope configuration from the O(client_template). This is C(useTemplateScope) in the Keycloak + REST API. + aliases: + - useTemplateScope + type: bool + + use_template_mappers: + description: + - Whether or not to use mapper configuration from the O(client_template). This is C(useTemplateMappers) in the Keycloak + REST API. + aliases: + - useTemplateMappers + type: bool + + always_display_in_console: + description: + - Whether or not to display this client in account console, even if the user does not have an active session. + aliases: + - alwaysDisplayInConsole + type: bool + version_added: 4.7.0 + + surrogate_auth_required: + description: + - Whether or not surrogate auth is required. This is C(surrogateAuthRequired) in the Keycloak REST API. + aliases: + - surrogateAuthRequired + type: bool + + authorization_settings: + description: + - A data structure defining the authorization settings for this client. For reference, please see the Keycloak API docs + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_resourceserverrepresentation). This is C(authorizationSettings) + in the Keycloak REST API. + type: dict + aliases: + - authorizationSettings + + authentication_flow_binding_overrides: + description: + - Override realm authentication flow bindings. + type: dict + suboptions: + browser: description: - - Description of the client in Keycloak. + - Flow ID of the browser authentication flow. + - O(authentication_flow_binding_overrides.browser) and O(authentication_flow_binding_overrides.browser_name) are + mutually exclusive. type: str - root_url: + browser_name: description: - - Root URL appended to relative URLs for this client. - This is 'rootUrl' in the Keycloak REST API. + - Flow name of the browser authentication flow. + - O(authentication_flow_binding_overrides.browser) and O(authentication_flow_binding_overrides.browser_name) are + mutually exclusive. aliases: - - rootUrl + - browserName + type: str + version_added: 9.1.0 + + direct_grant: + description: + - Flow ID of the direct grant authentication flow. + - O(authentication_flow_binding_overrides.direct_grant) and O(authentication_flow_binding_overrides.direct_grant_name) + are mutually exclusive. + aliases: + - directGrant type: str - admin_url: + direct_grant_name: description: - - URL to the admin interface of the client. - This is 'adminUrl' in the Keycloak REST API. + - Flow name of the direct grant authentication flow. + - O(authentication_flow_binding_overrides.direct_grant) and O(authentication_flow_binding_overrides.direct_grant_name) + are mutually exclusive. aliases: - - adminUrl + - directGrantName + type: str + version_added: 9.1.0 + aliases: + - authenticationFlowBindingOverrides + version_added: 3.4.0 + + default_client_scopes: + description: + - List of default client scopes. + aliases: + - defaultClientScopes + type: list + elements: str + version_added: 4.7.0 + + optional_client_scopes: + description: + - List of optional client scopes. + aliases: + - optionalClientScopes + type: list + elements: str + version_added: 4.7.0 + + protocol_mappers: + description: + - A list of dicts defining protocol mappers for this client. This is C(protocolMappers) in the Keycloak REST API. + aliases: + - protocolMappers + type: list + elements: dict + suboptions: + consentRequired: + description: + - Specifies whether a user needs to provide consent to a client for this mapper to be active. + type: bool + + consentText: + description: + - The human-readable name of the consent the user is presented to accept. type: str - base_url: + id: description: - - Default URL to use when the auth server needs to redirect or link back to the client - This is 'baseUrl' in the Keycloak REST API. - aliases: - - baseUrl + - Usually a UUID specifying the internal ID of this protocol mapper instance. type: str - enabled: + name: description: - - Is this client enabled or not? - type: bool - - client_authenticator_type: - description: - - How do clients authenticate with the auth server? Either V(client-secret) or - V(client-jwt) can be chosen. When using V(client-secret), the module parameter - O(secret) can set it, while for V(client-jwt), you can use the keys C(use.jwks.url), - C(jwks.url), and C(jwt.credential.certificate) in the O(attributes) module parameter - to configure its behavior. - - This is 'clientAuthenticatorType' in the Keycloak REST API. - choices: ['client-secret', 'client-jwt'] - aliases: - - clientAuthenticatorType + - The name of this protocol mapper. type: str - secret: + protocol: description: - - When using O(client_authenticator_type=client-secret) (the default), you can - specify a secret here (otherwise one will be generated if it does not exit). If - changing this secret, the module will not register a change currently (but the - changed secret will be saved). + - This specifies for which protocol this protocol mapper is active. + choices: ['openid-connect', 'saml', 'docker-v2'] type: str - registration_access_token: + protocolMapper: description: - - The registration access token provides access for clients to the client registration - service. - This is 'registrationAccessToken' in the Keycloak REST API. - aliases: - - registrationAccessToken + - 'The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is impossible to provide + since this may be extended through SPIs by the user of Keycloak, by default Keycloak as of 3.4 ships with at least:' + - V(docker-v2-allow-all-mapper). + - V(oidc-address-mapper). + - V(oidc-full-name-mapper). + - V(oidc-group-membership-mapper). + - V(oidc-hardcoded-claim-mapper). + - V(oidc-hardcoded-role-mapper). + - V(oidc-role-name-mapper). + - V(oidc-script-based-protocol-mapper). + - V(oidc-sha256-pairwise-sub-mapper). + - V(oidc-usermodel-attribute-mapper). + - V(oidc-usermodel-client-role-mapper). + - V(oidc-usermodel-property-mapper). + - V(oidc-usermodel-realm-role-mapper). + - V(oidc-usersessionmodel-note-mapper). + - V(saml-group-membership-mapper). + - V(saml-hardcode-attribute-mapper). + - V(saml-hardcode-role-mapper). + - V(saml-role-list-mapper). + - V(saml-role-name-mapper). + - V(saml-user-attribute-mapper). + - V(saml-user-property-mapper). + - V(saml-user-session-note-mapper). + - An exhaustive list of available mappers on your installation can be obtained on the admin console by going to + Server Info -> Providers and looking under 'protocol-mapper'. type: str - default_roles: + config: description: - - list of default roles for this client. If the client roles referenced do not exist - yet, they will be created. - This is 'defaultRoles' in the Keycloak REST API. - aliases: - - defaultRoles - type: list - elements: str - - redirect_uris: - description: - - Acceptable redirect URIs for this client. - This is 'redirectUris' in the Keycloak REST API. - aliases: - - redirectUris - type: list - elements: str - - web_origins: - description: - - List of allowed CORS origins. - This is 'webOrigins' in the Keycloak REST API. - aliases: - - webOrigins - type: list - elements: str - - not_before: - description: - - Revoke any tokens issued before this date for this client (this is a UNIX timestamp). - This is 'notBefore' in the Keycloak REST API. - type: int - aliases: - - notBefore - - bearer_only: - description: - - The access type of this client is bearer-only. - This is 'bearerOnly' in the Keycloak REST API. - aliases: - - bearerOnly - type: bool - - consent_required: - description: - - If enabled, users have to consent to client access. - This is 'consentRequired' in the Keycloak REST API. - aliases: - - consentRequired - type: bool - - standard_flow_enabled: - description: - - Enable standard flow for this client or not (OpenID connect). - This is 'standardFlowEnabled' in the Keycloak REST API. - aliases: - - standardFlowEnabled - type: bool - - implicit_flow_enabled: - description: - - Enable implicit flow for this client or not (OpenID connect). - This is 'implicitFlowEnabled' in the Keycloak REST API. - aliases: - - implicitFlowEnabled - type: bool - - direct_access_grants_enabled: - description: - - Are direct access grants enabled for this client or not (OpenID connect). - This is 'directAccessGrantsEnabled' in the Keycloak REST API. - aliases: - - directAccessGrantsEnabled - type: bool - - service_accounts_enabled: - description: - - Are service accounts enabled for this client or not (OpenID connect). - This is 'serviceAccountsEnabled' in the Keycloak REST API. - aliases: - - serviceAccountsEnabled - type: bool - - authorization_services_enabled: - description: - - Are authorization services enabled for this client or not (OpenID connect). - This is 'authorizationServicesEnabled' in the Keycloak REST API. - aliases: - - authorizationServicesEnabled - type: bool - - public_client: - description: - - Is the access type for this client public or not. - This is 'publicClient' in the Keycloak REST API. - aliases: - - publicClient - type: bool - - frontchannel_logout: - description: - - Is frontchannel logout enabled for this client or not. - This is 'frontchannelLogout' in the Keycloak REST API. - aliases: - - frontchannelLogout - type: bool - - protocol: - description: - - Type of client. - - At creation only, default value will be V(openid-connect) if O(protocol) is omitted. - type: str - choices: ['openid-connect', 'saml'] - - full_scope_allowed: - description: - - Is the "Full Scope Allowed" feature set for this client or not. - This is 'fullScopeAllowed' in the Keycloak REST API. - aliases: - - fullScopeAllowed - type: bool - - node_re_registration_timeout: - description: - - Cluster node re-registration timeout for this client. - This is 'nodeReRegistrationTimeout' in the Keycloak REST API. - type: int - aliases: - - nodeReRegistrationTimeout - - registered_nodes: - description: - - dict of registered cluster nodes (with C(nodename) as the key and last registration - time as the value). - This is 'registeredNodes' in the Keycloak REST API. + - Dict specifying the configuration options for the protocol mapper; the contents differ depending on the value + of O(protocol_mappers[].protocolMapper) and are not documented other than by the source of the mappers and its + parent class(es). An example is given below. It is easiest to obtain valid config values by dumping an already-existing + protocol mapper configuration through check-mode in the RV(existing) field. type: dict - aliases: - - registeredNodes - client_template: + attributes: + description: + - A dict of further attributes for this client. This can contain various configuration settings; an example is given + in the examples section. While an exhaustive list of permissible options is not available; possible options as of + Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol + used; if specified anyway, Keycloak will simply not use it. + type: dict + suboptions: + saml.authnstatement: description: - - Client template to use for this client. If it does not exist this field will silently - be dropped. - This is 'clientTemplate' in the Keycloak REST API. + - For SAML clients, boolean specifying whether or not a statement containing method and timestamp should be included + in the login response. + saml.client.signature: + description: + - For SAML clients, boolean specifying whether a client signature is required and validated. + saml.encrypt: + description: + - Boolean specifying whether SAML assertions should be encrypted with the client's public key. + saml.force.post.binding: + description: + - For SAML clients, boolean specifying whether always to use POST binding for responses. + saml.onetimeuse.condition: + description: + - For SAML clients, boolean specifying whether a OneTimeUse condition should be included in login responses. + saml.server.signature: + description: + - Boolean specifying whether SAML documents should be signed by the realm. + saml.server.signature.keyinfo.ext: + description: + - For SAML clients, boolean specifying whether REDIRECT signing key lookup should be optimized through inclusion + of the signing key ID in the SAML Extensions element. + saml.signature.algorithm: + description: + - Signature algorithm used to sign SAML documents. One of V(RSA_SHA256), V(RSA_SHA1), V(RSA_SHA512), or V(DSA_SHA1). + saml.signing.certificate: + description: + - SAML signing key certificate, base64-encoded. + saml.signing.private.key: + description: + - SAML signing key private key, base64-encoded. + saml_assertion_consumer_url_post: + description: + - SAML POST Binding URL for the client's assertion consumer service (login responses). + saml_assertion_consumer_url_redirect: + description: + - SAML Redirect Binding URL for the client's assertion consumer service (login responses). + saml_force_name_id_format: + description: + - For SAML clients, Boolean specifying whether to ignore requested NameID subject format and using the configured + one instead. + saml_name_id_format: + description: + - For SAML clients, the NameID format to use (one of V(username), V(email), V(transient), or V(persistent)). + saml_signature_canonicalization_method: + description: + - SAML signature canonicalization method. This is one of four values, namely V(http://www.w3.org/2001/10/xml-exc-c14n#) + for EXCLUSIVE, V(http://www.w3.org/2001/10/xml-exc-c14n#WithComments) for EXCLUSIVE_WITH_COMMENTS, + V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315) + for INCLUSIVE, and V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) for INCLUSIVE_WITH_COMMENTS. + saml_single_logout_service_url_post: + description: + - SAML POST binding URL for the client's single logout service. + saml_single_logout_service_url_redirect: + description: + - SAML redirect binding URL for the client's single logout service. + user.info.response.signature.alg: + description: + - For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of V(RS256) or V(unsigned). + request.object.signature.alg: + description: + - For OpenID-Connect clients, JWA algorithm which the client needs to use when sending OIDC request object. One + of V(any), V(none), V(RS256). + use.jwks.url: + description: + - For OpenID-Connect clients, boolean specifying whether to use a JWKS URL to obtain client public keys. + jwks.url: + description: + - For OpenID-Connect clients, URL where client keys in JWK are stored. + jwt.credential.certificate: + description: + - For OpenID-Connect clients, client certificate for validating JWT issued by client and signed by its key, base64-encoded. + x509.subjectdn: + description: + - For OpenID-Connect clients, subject which will be used to authenticate the client. type: str - aliases: - - clientTemplate + version_added: 9.5.0 - use_template_config: + x509.allow.regex.pattern.comparison: description: - - Whether or not to use configuration from the O(client_template). - This is 'useTemplateConfig' in the Keycloak REST API. - aliases: - - useTemplateConfig + - For OpenID-Connect clients, boolean specifying whether to allow C(x509.subjectdn) as regular expression. type: bool - - use_template_scope: - description: - - Whether or not to use scope configuration from the O(client_template). - This is 'useTemplateScope' in the Keycloak REST API. - aliases: - - useTemplateScope - type: bool - - use_template_mappers: - description: - - Whether or not to use mapper configuration from the O(client_template). - This is 'useTemplateMappers' in the Keycloak REST API. - aliases: - - useTemplateMappers - type: bool - - always_display_in_console: - description: - - Whether or not to display this client in account console, even if the - user does not have an active session. - aliases: - - alwaysDisplayInConsole - type: bool - version_added: 4.7.0 - - surrogate_auth_required: - description: - - Whether or not surrogate auth is required. - This is 'surrogateAuthRequired' in the Keycloak REST API. - aliases: - - surrogateAuthRequired - type: bool - - authorization_settings: - description: - - a data structure defining the authorization settings for this client. For reference, - please see the Keycloak API docs at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_resourceserverrepresentation). - This is 'authorizationSettings' in the Keycloak REST API. - type: dict - aliases: - - authorizationSettings - - authentication_flow_binding_overrides: - description: - - Override realm authentication flow bindings. - type: dict - aliases: - - authenticationFlowBindingOverrides - version_added: 3.4.0 - - default_client_scopes: - description: - - List of default client scopes. - aliases: - - defaultClientScopes - type: list - elements: str - version_added: 4.7.0 - - optional_client_scopes: - description: - - List of optional client scopes. - aliases: - - optionalClientScopes - type: list - elements: str - version_added: 4.7.0 - - protocol_mappers: - description: - - a list of dicts defining protocol mappers for this client. - This is 'protocolMappers' in the Keycloak REST API. - aliases: - - protocolMappers - type: list - elements: dict - suboptions: - consentRequired: - description: - - Specifies whether a user needs to provide consent to a client for this mapper to be active. - type: bool - - consentText: - description: - - The human-readable name of the consent the user is presented to accept. - type: str - - id: - description: - - Usually a UUID specifying the internal ID of this protocol mapper instance. - type: str - - name: - description: - - The name of this protocol mapper. - type: str - - protocol: - description: - - This specifies for which protocol this protocol mapper is active. - choices: ['openid-connect', 'saml'] - type: str - - protocolMapper: - description: - - "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is - impossible to provide since this may be extended through SPIs by the user of Keycloak, - by default Keycloak as of 3.4 ships with at least:" - - V(docker-v2-allow-all-mapper) - - V(oidc-address-mapper) - - V(oidc-full-name-mapper) - - V(oidc-group-membership-mapper) - - V(oidc-hardcoded-claim-mapper) - - V(oidc-hardcoded-role-mapper) - - V(oidc-role-name-mapper) - - V(oidc-script-based-protocol-mapper) - - V(oidc-sha256-pairwise-sub-mapper) - - V(oidc-usermodel-attribute-mapper) - - V(oidc-usermodel-client-role-mapper) - - V(oidc-usermodel-property-mapper) - - V(oidc-usermodel-realm-role-mapper) - - V(oidc-usersessionmodel-note-mapper) - - V(saml-group-membership-mapper) - - V(saml-hardcode-attribute-mapper) - - V(saml-hardcode-role-mapper) - - V(saml-role-list-mapper) - - V(saml-role-name-mapper) - - V(saml-user-attribute-mapper) - - V(saml-user-property-mapper) - - V(saml-user-session-note-mapper) - - An exhaustive list of available mappers on your installation can be obtained on - the admin console by going to Server Info -> Providers and looking under - 'protocol-mapper'. - type: str - - config: - description: - - Dict specifying the configuration options for the protocol mapper; the - contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented - other than by the source of the mappers and its parent class(es). An example is given - below. It is easiest to obtain valid config values by dumping an already-existing - protocol mapper configuration through check-mode in the RV(existing) field. - type: dict - - attributes: - description: - - A dict of further attributes for this client. This can contain various configuration - settings; an example is given in the examples section. While an exhaustive list of - permissible options is not available; possible options as of Keycloak 3.4 are listed below. The Keycloak - API does not validate whether a given option is appropriate for the protocol used; if specified - anyway, Keycloak will simply not use it. - type: dict - suboptions: - saml.authnstatement: - description: - - For SAML clients, boolean specifying whether or not a statement containing method and timestamp - should be included in the login response. - - saml.client.signature: - description: - - For SAML clients, boolean specifying whether a client signature is required and validated. - - saml.encrypt: - description: - - Boolean specifying whether SAML assertions should be encrypted with the client's public key. - - saml.force.post.binding: - description: - - For SAML clients, boolean specifying whether always to use POST binding for responses. - - saml.onetimeuse.condition: - description: - - For SAML clients, boolean specifying whether a OneTimeUse condition should be included in login responses. - - saml.server.signature: - description: - - Boolean specifying whether SAML documents should be signed by the realm. - - saml.server.signature.keyinfo.ext: - description: - - For SAML clients, boolean specifying whether REDIRECT signing key lookup should be optimized through inclusion - of the signing key id in the SAML Extensions element. - - saml.signature.algorithm: - description: - - Signature algorithm used to sign SAML documents. One of V(RSA_SHA256), V(RSA_SHA1), V(RSA_SHA512), or V(DSA_SHA1). - - saml.signing.certificate: - description: - - SAML signing key certificate, base64-encoded. - - saml.signing.private.key: - description: - - SAML signing key private key, base64-encoded. - - saml_assertion_consumer_url_post: - description: - - SAML POST Binding URL for the client's assertion consumer service (login responses). - - saml_assertion_consumer_url_redirect: - description: - - SAML Redirect Binding URL for the client's assertion consumer service (login responses). - - - saml_force_name_id_format: - description: - - For SAML clients, Boolean specifying whether to ignore requested NameID subject format and using the configured one instead. - - saml_name_id_format: - description: - - For SAML clients, the NameID format to use (one of V(username), V(email), V(transient), or V(persistent)) - - saml_signature_canonicalization_method: - description: - - SAML signature canonicalization method. This is one of four values, namely - V(http://www.w3.org/2001/10/xml-exc-c14n#) for EXCLUSIVE, - V(http://www.w3.org/2001/10/xml-exc-c14n#WithComments) for EXCLUSIVE_WITH_COMMENTS, - V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315) for INCLUSIVE, and - V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) for INCLUSIVE_WITH_COMMENTS. - - saml_single_logout_service_url_post: - description: - - SAML POST binding url for the client's single logout service. - - saml_single_logout_service_url_redirect: - description: - - SAML redirect binding url for the client's single logout service. - - user.info.response.signature.alg: - description: - - For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of V(RS256) or V(unsigned). - - request.object.signature.alg: - description: - - For OpenID-Connect clients, JWA algorithm which the client needs to use when sending - OIDC request object. One of V(any), V(none), V(RS256). - - use.jwks.url: - description: - - For OpenID-Connect clients, boolean specifying whether to use a JWKS URL to obtain client - public keys. - - jwks.url: - description: - - For OpenID-Connect clients, URL where client keys in JWK are stored. - - jwt.credential.certificate: - description: - - For OpenID-Connect clients, client certificate for validating JWT issued by - client and signed by its key, base64-encoded. + version_added: 9.5.0 extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Eike Frost (@eikef) -''' + - Eike Frost (@eikef) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create or update Keycloak client (minimal example), authentication with credentials community.general.keycloak_client: auth_keycloak_url: https://auth.example.com/auth @@ -587,6 +586,22 @@ EXAMPLES = ''' delegate_to: localhost +- name: Create or update a Keycloak client (minimal example), with x509 authentication + community.general.keycloak_client: + auth_client_id: admin-cli + auth_keycloak_url: https://auth.example.com/auth + auth_realm: master + auth_username: USERNAME + auth_password: PASSWORD + realm: master + state: present + client_id: test + client_authenticator_type: client-x509 + attributes: + x509.subjectdn: "CN=client" + x509.allow.regex.pattern.comparison: false + + - name: Create or update a Keycloak client (with all the bells and whistles) community.general.keycloak_client: auth_client_id: admin-cli @@ -637,7 +652,7 @@ EXAMPLES = ''' - test01 - test02 authentication_flow_binding_overrides: - browser: 4c90336b-bf1d-4b87-916d-3677ba4e5fbb + browser: 4c90336b-bf1d-4b87-916d-3677ba4e5fbb protocol_mappers: - config: access.token.claim: true @@ -676,45 +691,33 @@ EXAMPLES = ''' jwks.url: JWKS_URL_FOR_CLIENT_AUTH_JWT jwt.credential.certificate: JWT_CREDENTIAL_CERTIFICATE_FOR_CLIENT_AUTH delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Client testclient has been updated" + description: Message as to what action was taken. + returned: always + type: str + sample: "Client testclient has been updated" proposed: - description: Representation of proposed client. - returned: always - type: dict - sample: { - clientId: "test" - } + description: Representation of proposed client. + returned: always + type: dict + sample: {clientId: "test"} existing: - description: Representation of existing client (sample is truncated). - returned: always - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } + description: Representation of existing client (sample is truncated). + returned: always + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} end_state: - description: Representation of client after module execution (sample is truncated). - returned: on success - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } -''' + description: Representation of client after module execution (sample is truncated). + returned: on success + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError, is_struct_included @@ -724,6 +727,7 @@ import copy PROTOCOL_OPENID_CONNECT = 'openid-connect' PROTOCOL_SAML = 'saml' +PROTOCOL_DOCKER_V2 = 'docker-v2' CLIENT_META_DATA = ['authorizationServicesEnabled'] @@ -739,8 +743,11 @@ def normalise_cr(clientrep, remove_ids=False): # Avoid the dict passed in to be modified clientrep = clientrep.copy() - if 'attributes' in clientrep: - clientrep['attributes'] = list(sorted(clientrep['attributes'])) + if 'defaultClientScopes' in clientrep: + clientrep['defaultClientScopes'] = list(sorted(clientrep['defaultClientScopes'])) + + if 'optionalClientScopes' in clientrep: + clientrep['optionalClientScopes'] = list(sorted(clientrep['optionalClientScopes'])) if 'redirectUris' in clientrep: clientrep['redirectUris'] = list(sorted(clientrep['redirectUris'])) @@ -767,11 +774,70 @@ def sanitize_cr(clientrep): if 'secret' in result: result['secret'] = 'no_log' if 'attributes' in result: - if 'saml.signing.private.key' in result['attributes']: - result['attributes']['saml.signing.private.key'] = 'no_log' + attributes = result['attributes'] + if isinstance(attributes, dict) and 'saml.signing.private.key' in attributes: + attributes['saml.signing.private.key'] = 'no_log' return normalise_cr(result) +def get_authentication_flow_id(flow_name, realm, kc): + """ Get the authentication flow ID based on the flow name, realm, and Keycloak client. + + Args: + flow_name (str): The name of the authentication flow. + realm (str): The name of the realm. + kc (KeycloakClient): The Keycloak client instance. + + Returns: + str: The ID of the authentication flow. + + Raises: + KeycloakAPIException: If the authentication flow with the given name is not found in the realm. + """ + flow = kc.get_authentication_flow_by_alias(flow_name, realm) + if flow: + return flow["id"] + kc.module.fail_json(msg='Authentification flow %s not found in realm %s' % (flow_name, realm)) + + +def flow_binding_from_dict_to_model(newClientFlowBinding, realm, kc): + """ Convert a dictionary representing client flow bindings to a model representation. + + Args: + newClientFlowBinding (dict): A dictionary containing client flow bindings. + realm (str): The name of the realm. + kc (KeycloakClient): An instance of the KeycloakClient class. + + Returns: + dict: A dictionary representing the model flow bindings. The dictionary has two keys: + - "browser" (str or None): The ID of the browser authentication flow binding, or None if not provided. + - "direct_grant" (str or None): The ID of the direct grant authentication flow binding, or None if not provided. + + Raises: + KeycloakAPIException: If the authentication flow with the given name is not found in the realm. + + """ + + modelFlow = { + "browser": None, + "direct_grant": None + } + + for k, v in newClientFlowBinding.items(): + if not v: + continue + if k == "browser": + modelFlow["browser"] = v + elif k == "browser_name": + modelFlow["browser"] = get_authentication_flow_id(v, realm, kc) + elif k == "direct_grant": + modelFlow["direct_grant"] = v + elif k == "direct_grant_name": + modelFlow["direct_grant"] = get_authentication_flow_id(v, realm, kc) + + return modelFlow + + def main(): """ Module execution @@ -785,11 +851,18 @@ def main(): consentText=dict(type='str'), id=dict(type='str'), name=dict(type='str'), - protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML]), + protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML, PROTOCOL_DOCKER_V2]), protocolMapper=dict(type='str'), config=dict(type='dict'), ) + authentication_flow_spec = dict( + browser=dict(type='str'), + browser_name=dict(type='str', aliases=['browserName']), + direct_grant=dict(type='str', aliases=['directGrant']), + direct_grant_name=dict(type='str', aliases=['directGrantName']), + ) + meta_args = dict( state=dict(default='present', choices=['present', 'absent']), realm=dict(type='str', default='master'), @@ -803,7 +876,7 @@ def main(): base_url=dict(type='str', aliases=['baseUrl']), surrogate_auth_required=dict(type='bool', aliases=['surrogateAuthRequired']), enabled=dict(type='bool'), - client_authenticator_type=dict(type='str', choices=['client-secret', 'client-jwt'], aliases=['clientAuthenticatorType']), + client_authenticator_type=dict(type='str', choices=['client-secret', 'client-jwt', 'client-x509'], aliases=['clientAuthenticatorType']), secret=dict(type='str', no_log=True), registration_access_token=dict(type='str', aliases=['registrationAccessToken'], no_log=True), default_roles=dict(type='list', elements='str', aliases=['defaultRoles']), @@ -819,7 +892,7 @@ def main(): authorization_services_enabled=dict(type='bool', aliases=['authorizationServicesEnabled']), public_client=dict(type='bool', aliases=['publicClient']), frontchannel_logout=dict(type='bool', aliases=['frontchannelLogout']), - protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML]), + protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML, PROTOCOL_DOCKER_V2]), attributes=dict(type='dict'), full_scope_allowed=dict(type='bool', aliases=['fullScopeAllowed']), node_re_registration_timeout=dict(type='int', aliases=['nodeReRegistrationTimeout']), @@ -829,7 +902,13 @@ def main(): use_template_scope=dict(type='bool', aliases=['useTemplateScope']), use_template_mappers=dict(type='bool', aliases=['useTemplateMappers']), always_display_in_console=dict(type='bool', aliases=['alwaysDisplayInConsole']), - authentication_flow_binding_overrides=dict(type='dict', aliases=['authenticationFlowBindingOverrides']), + authentication_flow_binding_overrides=dict( + type='dict', + aliases=['authenticationFlowBindingOverrides'], + options=authentication_flow_spec, + required_one_of=[['browser', 'direct_grant', 'browser_name', 'direct_grant_name']], + mutually_exclusive=[['browser', 'browser_name'], ['direct_grant', 'direct_grant_name']], + ), protocol_mappers=dict(type='list', elements='dict', options=protmapper_spec, aliases=['protocolMappers']), authorization_settings=dict(type='dict', aliases=['authorizationSettings']), default_client_scopes=dict(type='list', elements='str', aliases=['defaultClientScopes']), @@ -880,17 +959,12 @@ def main(): for client_param in client_params: new_param_value = module.params.get(client_param) - # some lists in the Keycloak API are sorted, some are not. - if isinstance(new_param_value, list): - if client_param in ['attributes']: - try: - new_param_value = sorted(new_param_value) - except TypeError: - pass # Unfortunately, the ansible argument spec checker introduces variables with null values when # they are not specified if client_param == 'protocol_mappers': - new_param_value = [dict((k, v) for k, v in x.items() if x[k] is not None) for x in new_param_value] + new_param_value = [{k: v for k, v in x.items() if v is not None} for x in new_param_value] + elif client_param == 'authentication_flow_binding_overrides': + new_param_value = flow_binding_from_dict_to_model(new_param_value, realm, kc) changeset[camel(client_param)] = new_param_value diff --git a/plugins/modules/keycloak_client_rolemapping.py b/plugins/modules/keycloak_client_rolemapping.py index be419904a7..dff8c633b6 100644 --- a/plugins/modules/keycloak_client_rolemapping.py +++ b/plugins/modules/keycloak_client_rolemapping.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_client_rolemapping short_description: Allows administration of Keycloak client_rolemapping with the Keycloak API @@ -17,126 +16,117 @@ short_description: Allows administration of Keycloak client_rolemapping with the version_added: 3.5.0 description: - - This module allows you to add, remove or modify Keycloak client_rolemapping with the Keycloak REST API. - It requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will - be returned that way by this module. You may pass single values for attributes when calling the module, - and this will be translated into a list suitable for the API. - - - When updating a client_rolemapping, where possible provide the role ID to the module. This removes a lookup - to the API to translate the name into the role ID. - + - This module allows you to add, remove or modify Keycloak client_rolemapping with the Keycloak REST API. It requires access + to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. + - When updating a client_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API + to translate the name into the role ID. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the client_rolemapping. - - On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the client_rolemapping will be removed if it exists. - default: 'present' - type: str - choices: - - present - - absent + state: + description: + - State of the client_rolemapping. + - On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you + provide. + - On V(absent), the client_rolemapping will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent - realm: + realm: + type: str + description: + - They Keycloak realm under which this role_representation resides. + default: 'master' + + group_name: + type: str + description: + - Name of the group to be mapped. + - This parameter is required (can be replaced by gid for less API call). + parents: + version_added: "7.1.0" + type: list + description: + - List of parent groups for the group to handle sorted top to bottom. + - Set this if your group is a subgroup and you do not provide the GID in O(gid). + elements: dict + suboptions: + id: type: str description: - - They Keycloak realm under which this role_representation resides. - default: 'master' - - group_name: + - Identify parent by ID. + - Needs less API calls than using O(parents[].name). + - A deep parent chain can be started at any point when first given parent is given as ID. + - Note that in principle both ID and name can be specified at the same time but current implementation only always + use just one of them, with ID being preferred. + name: type: str description: - - Name of the group to be mapped. - - This parameter is required (can be replaced by gid for less API call). - - parents: - version_added: "7.1.0" - type: list - description: - - List of parent groups for the group to handle sorted top to bottom. - - >- - Set this if your group is a subgroup and you do not provide the GID in O(gid). - elements: dict - suboptions: - id: - type: str - description: - - Identify parent by ID. - - Needs less API calls than using O(parents[].name). - - A deep parent chain can be started at any point when first given parent is given as ID. - - Note that in principle both ID and name can be specified at the same time - but current implementation only always use just one of them, with ID - being preferred. - name: - type: str - description: - - Identify parent by name. - - Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood. - - When giving a parent chain with only names it must be complete up to the top. - - Note that in principle both ID and name can be specified at the same time - but current implementation only always use just one of them, with ID - being preferred. - gid: + - Identify parent by name. + - Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood. + - When giving a parent chain with only names it must be complete up to the top. + - Note that in principle both ID and name can be specified at the same time but current implementation only always + use just one of them, with ID being preferred. + gid: + type: str + description: + - ID of the group to be mapped. + - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of + API calls required. + client_id: + type: str + description: + - Name of the client to be mapped (different than O(cid)). + - This parameter is required (can be replaced by cid for less API call). + cid: + type: str + description: + - ID of the client to be mapped. + - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of + API calls required. + roles: + description: + - Roles to be mapped to the group. + type: list + elements: dict + suboptions: + name: type: str description: - - Id of the group to be mapped. - - This parameter is not required for updating or deleting the rolemapping but - providing it will reduce the number of API calls required. - - client_id: + - Name of the role_representation. + - This parameter is required only when creating or updating the role_representation. + id: type: str description: - - Name of the client to be mapped (different than O(cid)). - - This parameter is required (can be replaced by cid for less API call). - - cid: - type: str - description: - - Id of the client to be mapped. - - This parameter is not required for updating or deleting the rolemapping but - providing it will reduce the number of API calls required. - - roles: - description: - - Roles to be mapped to the group. - type: list - elements: dict - suboptions: - name: - type: str - description: - - Name of the role_representation. - - This parameter is required only when creating or updating the role_representation. - id: - type: str - description: - - The unique identifier for this role_representation. - - This parameter is not required for updating or deleting a role_representation but - providing it will reduce the number of API calls required. - + - The unique identifier for this role_representation. + - This parameter is not required for updating or deleting a role_representation but providing it will reduce the + number of API calls required. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Gaëtan Daubresse (@Gaetan2907) -''' + - Gaëtan Daubresse (@Gaetan2907) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Map a client role to a group, authentication with credentials community.general.keycloak_client_rolemapping: realm: MyCustomRealm @@ -206,50 +196,37 @@ EXAMPLES = ''' - name: role_name2 id: role_id2 delegate_to: localhost +""" -''' - -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Role role1 assigned to group group1." + description: Message as to what action was taken. + returned: always + type: str + sample: "Role role1 assigned to group group1." proposed: - description: Representation of proposed client role mapping. - returned: always - type: dict - sample: { - clientId: "test" - } + description: Representation of proposed client role mapping. + returned: always + type: dict + sample: {clientId: "test"} existing: - description: - - Representation of existing client role mapping. - - The sample is truncated. - returned: always - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } + description: + - Representation of existing client role mapping. + - The sample is truncated. + returned: always + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} end_state: - description: - - Representation of client role mapping after module execution. - - The sample is truncated. - returned: on success - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } -''' + description: + - Representation of client role mapping after module execution. + - The sample is truncated. + returned: on success + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import ( KeycloakAPI, keycloak_argument_spec, get_token, KeycloakError, diff --git a/plugins/modules/keycloak_client_rolescope.py b/plugins/modules/keycloak_client_rolescope.py new file mode 100644 index 0000000000..7c87c0664c --- /dev/null +++ b/plugins/modules/keycloak_client_rolescope.py @@ -0,0 +1,276 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) Ansible project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r""" +module: keycloak_client_rolescope + +short_description: Allows administration of Keycloak client roles scope to restrict the usage of certain roles to a other + specific client applications + +version_added: 8.6.0 + +description: + - This module allows you to add or remove Keycloak roles from clients scope using the Keycloak REST API. It requires access + to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. + - Client O(client_id) must have O(community.general.keycloak_client#module:full_scope_allowed) set to V(false). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. +attributes: + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 + +options: + state: + description: + - State of the role mapping. + - On V(present), all roles in O(role_names) will be mapped if not exists yet. + - On V(absent), all roles mapping in O(role_names) will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent + + realm: + type: str + description: + - The Keycloak realm under which clients resides. + default: 'master' + + client_id: + type: str + required: true + description: + - Roles provided in O(role_names) while be added to this client scope. + client_scope_id: + type: str + description: + - If the O(role_names) are client role, the client ID under which it resides. + - If this parameter is absent, the roles are considered a realm role. + role_names: + required: true + type: list + elements: str + description: + - Names of roles to manipulate. + - If O(client_scope_id) is present, all roles must be under this client. + - If O(client_scope_id) is absent, all roles must be under the realm. +extends_documentation_fragment: + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes + +author: + - Andre Desrosiers (@desand01) +""" + +EXAMPLES = r""" +- name: Add roles to public client scope + community.general.keycloak_client_rolescope: + auth_keycloak_url: https://auth.example.com/auth + auth_realm: master + auth_username: USERNAME + auth_password: PASSWORD + realm: MyCustomRealm + client_id: frontend-client-public + client_scope_id: backend-client-private + role_names: + - backend-role-admin + - backend-role-user + +- name: Remove roles from public client scope + community.general.keycloak_client_rolescope: + auth_keycloak_url: https://auth.example.com/auth + auth_realm: master + auth_username: USERNAME + auth_password: PASSWORD + realm: MyCustomRealm + client_id: frontend-client-public + client_scope_id: backend-client-private + role_names: + - backend-role-admin + state: absent + +- name: Add realm roles to public client scope + community.general.keycloak_client_rolescope: + auth_keycloak_url: https://auth.example.com/auth + auth_realm: master + auth_username: USERNAME + auth_password: PASSWORD + realm: MyCustomRealm + client_id: frontend-client-public + role_names: + - realm-role-admin + - realm-role-user +""" + +RETURN = r""" +msg: + description: Message as to what action was taken. + returned: always + type: str + sample: "Client role scope for frontend-client-public has been updated" + +end_state: + description: Representation of role role scope after module execution. + returned: on success + type: list + elements: dict + sample: [ + { + "clientRole": false, + "composite": false, + "containerId": "MyCustomRealm", + "id": "47293104-59a6-46f0-b460-2e9e3c9c424c", + "name": "backend-role-admin" + }, + { + "clientRole": false, + "composite": false, + "containerId": "MyCustomRealm", + "id": "39c62a6d-542c-4715-92d2-41021eb33967", + "name": "backend-role-user" + } + ] +""" + +from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ + keycloak_argument_spec, get_token, KeycloakError +from ansible.module_utils.basic import AnsibleModule + + +def main(): + """ + Module execution + + :return: + """ + argument_spec = keycloak_argument_spec() + + meta_args = dict( + client_id=dict(type='str', required=True), + client_scope_id=dict(type='str'), + realm=dict(type='str', default='master'), + role_names=dict(type='list', elements='str', required=True), + state=dict(type='str', default='present', choices=['present', 'absent']), + ) + + argument_spec.update(meta_args) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) + + result = dict(changed=False, msg='', diff={}, end_state={}) + + # Obtain access token, initialize API + try: + connection_header = get_token(module.params) + except KeycloakError as e: + module.fail_json(msg=str(e)) + + kc = KeycloakAPI(module, connection_header) + + realm = module.params.get('realm') + clientid = module.params.get('client_id') + client_scope_id = module.params.get('client_scope_id') + role_names = module.params.get('role_names') + state = module.params.get('state') + + objRealm = kc.get_realm_by_id(realm) + if not objRealm: + module.fail_json(msg="Failed to retrive realm '{realm}'".format(realm=realm)) + + objClient = kc.get_client_by_clientid(clientid, realm) + if not objClient: + module.fail_json(msg="Failed to retrive client '{realm}.{clientid}'".format(realm=realm, clientid=clientid)) + if objClient["fullScopeAllowed"] and state == "present": + module.fail_json(msg="FullScopeAllowed is active for Client '{realm}.{clientid}'".format(realm=realm, clientid=clientid)) + + if client_scope_id: + objClientScope = kc.get_client_by_clientid(client_scope_id, realm) + if not objClientScope: + module.fail_json(msg="Failed to retrive client '{realm}.{client_scope_id}'".format(realm=realm, client_scope_id=client_scope_id)) + before_role_mapping = kc.get_client_role_scope_from_client(objClient["id"], objClientScope["id"], realm) + else: + before_role_mapping = kc.get_client_role_scope_from_realm(objClient["id"], realm) + + if client_scope_id: + # retrive all role from client_scope + client_scope_roles_by_name = kc.get_client_roles_by_id(objClientScope["id"], realm) + else: + # retrive all role from realm + client_scope_roles_by_name = kc.get_realm_roles(realm) + + # convert to indexed Dict by name + client_scope_roles_by_name = {role["name"]: role for role in client_scope_roles_by_name} + role_mapping_by_name = {role["name"]: role for role in before_role_mapping} + role_mapping_to_manipulate = [] + + if state == "present": + # update desired + for role_name in role_names: + if role_name not in client_scope_roles_by_name: + if client_scope_id: + module.fail_json(msg="Failed to retrive role '{realm}.{client_scope_id}.{role_name}'" + .format(realm=realm, client_scope_id=client_scope_id, role_name=role_name)) + else: + module.fail_json(msg="Failed to retrive role '{realm}.{role_name}'".format(realm=realm, role_name=role_name)) + if role_name not in role_mapping_by_name: + role_mapping_to_manipulate.append(client_scope_roles_by_name[role_name]) + role_mapping_by_name[role_name] = client_scope_roles_by_name[role_name] + else: + # remove role if present + for role_name in role_names: + if role_name in role_mapping_by_name: + role_mapping_to_manipulate.append(role_mapping_by_name[role_name]) + del role_mapping_by_name[role_name] + + before_role_mapping = sorted(before_role_mapping, key=lambda d: d['name']) + desired_role_mapping = sorted(role_mapping_by_name.values(), key=lambda d: d['name']) + + result['changed'] = len(role_mapping_to_manipulate) > 0 + + if result['changed']: + result['diff'] = dict(before=before_role_mapping, after=desired_role_mapping) + + if not result['changed']: + # no changes + result['end_state'] = before_role_mapping + result['msg'] = "No changes required for client role scope {name}.".format(name=clientid) + elif state == "present": + # doing update + if module.check_mode: + result['end_state'] = desired_role_mapping + elif client_scope_id: + result['end_state'] = kc.update_client_role_scope_from_client(role_mapping_to_manipulate, objClient["id"], objClientScope["id"], realm) + else: + result['end_state'] = kc.update_client_role_scope_from_realm(role_mapping_to_manipulate, objClient["id"], realm) + result['msg'] = "Client role scope for {name} has been updated".format(name=clientid) + else: + # doing delete + if module.check_mode: + result['end_state'] = desired_role_mapping + elif client_scope_id: + result['end_state'] = kc.delete_client_role_scope_from_client(role_mapping_to_manipulate, objClient["id"], objClientScope["id"], realm) + else: + result['end_state'] = kc.delete_client_role_scope_from_realm(role_mapping_to_manipulate, objClient["id"], realm) + result['msg'] = "Client role scope for {name} has been deleted".format(name=clientid) + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/keycloak_clientscope.py b/plugins/modules/keycloak_clientscope.py index d37af5f0cf..b36c390ae1 100644 --- a/plugins/modules/keycloak_clientscope.py +++ b/plugins/modules/keycloak_clientscope.py @@ -8,162 +8,153 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_clientscope -short_description: Allows administration of Keycloak client_scopes via Keycloak API +short_description: Allows administration of Keycloak client_scopes using Keycloak API version_added: 3.4.0 description: - - This module allows you to add, remove or modify Keycloak client_scopes via the Keycloak REST API. - It requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will - be returned that way by this module. You may pass single values for attributes when calling the module, - and this will be translated into a list suitable for the API. - - - When updating a client_scope, where possible provide the client_scope ID to the module. This removes a lookup - to the API to translate the name into the client_scope ID. - + - This module allows you to add, remove or modify Keycloak client_scopes using the Keycloak REST API. It requires access + to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. + - When updating a client_scope, where possible provide the client_scope ID to the module. This removes a lookup to the API + to translate the name into the client_scope ID. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the client_scope. - - On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the client_scope will be removed if it exists. - default: 'present' - type: str - choices: - - present - - absent - - name: - type: str - description: - - Name of the client_scope. - - This parameter is required only when creating or updating the client_scope. - - realm: - type: str - description: - - They Keycloak realm under which this client_scope resides. - default: 'master' - - id: - type: str - description: - - The unique identifier for this client_scope. - - This parameter is not required for updating or deleting a client_scope but - providing it will reduce the number of API calls required. - + state: description: - type: str - description: - - Description for this client_scope. - - This parameter is not required for updating or deleting a client_scope. + - State of the client_scope. + - On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the client_scope will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent - protocol: + name: + type: str + description: + - Name of the client_scope. + - This parameter is required only when creating or updating the client_scope. + realm: + type: str + description: + - They Keycloak realm under which this client_scope resides. + default: 'master' + + id: + type: str + description: + - The unique identifier for this client_scope. + - This parameter is not required for updating or deleting a client_scope but providing it will reduce the number of + API calls required. + description: + type: str + description: + - Description for this client_scope. + - This parameter is not required for updating or deleting a client_scope. + protocol: + description: + - Type of client. + - The V(docker-v2) value was added in community.general 8.6.0. + choices: ['openid-connect', 'saml', 'wsfed', 'docker-v2'] + type: str + + protocol_mappers: + description: + - A list of dicts defining protocol mappers for this client. + - This is C(protocolMappers) in the Keycloak REST API. + aliases: + - protocolMappers + type: list + elements: dict + suboptions: + protocol: description: - - Type of client. - choices: ['openid-connect', 'saml', 'wsfed'] + - This specifies for which protocol this protocol mapper. + - Is active. + choices: ['openid-connect', 'saml', 'wsfed', 'docker-v2'] type: str - protocol_mappers: + protocolMapper: description: - - A list of dicts defining protocol mappers for this client. - - This is 'protocolMappers' in the Keycloak REST API. - aliases: - - protocolMappers - type: list - elements: dict - suboptions: - protocol: - description: - - This specifies for which protocol this protocol mapper. - - is active. - choices: ['openid-connect', 'saml', 'wsfed'] - type: str + - 'The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is impossible to provide + since this may be extended through SPIs by the user of Keycloak, by default Keycloak as of 3.4 ships with at least:' + - V(docker-v2-allow-all-mapper). + - V(oidc-address-mapper). + - V(oidc-full-name-mapper). + - V(oidc-group-membership-mapper). + - V(oidc-hardcoded-claim-mapper). + - V(oidc-hardcoded-role-mapper). + - V(oidc-role-name-mapper). + - V(oidc-script-based-protocol-mapper). + - V(oidc-sha256-pairwise-sub-mapper). + - V(oidc-usermodel-attribute-mapper). + - V(oidc-usermodel-client-role-mapper). + - V(oidc-usermodel-property-mapper). + - V(oidc-usermodel-realm-role-mapper). + - V(oidc-usersessionmodel-note-mapper). + - V(saml-group-membership-mapper). + - V(saml-hardcode-attribute-mapper). + - V(saml-hardcode-role-mapper). + - V(saml-role-list-mapper). + - V(saml-role-name-mapper). + - V(saml-user-attribute-mapper). + - V(saml-user-property-mapper). + - V(saml-user-session-note-mapper). + - An exhaustive list of available mappers on your installation can be obtained on the admin console by going to + Server Info -> Providers and looking under 'protocol-mapper'. + type: str - protocolMapper: - description: - - "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is - impossible to provide since this may be extended through SPIs by the user of Keycloak, - by default Keycloak as of 3.4 ships with at least:" - - V(docker-v2-allow-all-mapper) - - V(oidc-address-mapper) - - V(oidc-full-name-mapper) - - V(oidc-group-membership-mapper) - - V(oidc-hardcoded-claim-mapper) - - V(oidc-hardcoded-role-mapper) - - V(oidc-role-name-mapper) - - V(oidc-script-based-protocol-mapper) - - V(oidc-sha256-pairwise-sub-mapper) - - V(oidc-usermodel-attribute-mapper) - - V(oidc-usermodel-client-role-mapper) - - V(oidc-usermodel-property-mapper) - - V(oidc-usermodel-realm-role-mapper) - - V(oidc-usersessionmodel-note-mapper) - - V(saml-group-membership-mapper) - - V(saml-hardcode-attribute-mapper) - - V(saml-hardcode-role-mapper) - - V(saml-role-list-mapper) - - V(saml-role-name-mapper) - - V(saml-user-attribute-mapper) - - V(saml-user-property-mapper) - - V(saml-user-session-note-mapper) - - An exhaustive list of available mappers on your installation can be obtained on - the admin console by going to Server Info -> Providers and looking under - 'protocol-mapper'. - type: str + name: + description: + - The name of this protocol mapper. + type: str - name: - description: - - The name of this protocol mapper. - type: str + id: + description: + - Usually a UUID specifying the internal ID of this protocol mapper instance. + type: str - id: - description: - - Usually a UUID specifying the internal ID of this protocol mapper instance. - type: str - - config: - description: - - Dict specifying the configuration options for the protocol mapper; the - contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented - other than by the source of the mappers and its parent class(es). An example is given - below. It is easiest to obtain valid config values by dumping an already-existing - protocol mapper configuration through check-mode in the RV(existing) return value. - type: dict - - attributes: + config: + description: + - Dict specifying the configuration options for the protocol mapper; the contents differ depending on the value + of O(protocol_mappers[].protocolMapper) and are not documented other than by the source of the mappers and its + parent class(es). An example is given below. It is easiest to obtain valid config values by dumping an already-existing + protocol mapper configuration through check-mode in the RV(existing) return value. type: dict - description: - - A dict of key/value pairs to set as custom attributes for the client_scope. - - Values may be single values (for example a string) or a list of strings. + attributes: + type: dict + description: + - A dict of key/value pairs to set as custom attributes for the client_scope. + - Values may be single values (for example a string) or a list of strings. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Gaëtan Daubresse (@Gaetan2907) -''' + - Gaëtan Daubresse (@Gaetan2907) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a Keycloak client_scopes, authentication with credentials community.general.keycloak_clientscope: name: my-new-kc-clientscope @@ -250,60 +241,72 @@ EXAMPLES = ''' protocol: saml protocolMapper: saml-role-list-mapper attributes: - attrib1: value1 - attrib2: value2 - attrib3: - - with - - numerous - - individual - - list - - items + attrib1: value1 + attrib2: value2 + attrib3: + - with + - numerous + - individual + - list + - items delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Client_scope testclientscope has been updated" + description: Message as to what action was taken. + returned: always + type: str + sample: "Client_scope testclientscope has been updated" proposed: - description: Representation of proposed client scope. - returned: always - type: dict - sample: { - clientId: "test" - } + description: Representation of proposed client scope. + returned: always + type: dict + sample: {clientId: "test"} existing: - description: Representation of existing client scope (sample is truncated). - returned: always - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } + description: Representation of existing client scope (sample is truncated). + returned: always + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} end_state: - description: Representation of client scope after module execution (sample is truncated). - returned: on success - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } -''' + description: Representation of client scope after module execution (sample is truncated). + returned: on success + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ - keycloak_argument_spec, get_token, KeycloakError + keycloak_argument_spec, get_token, KeycloakError, is_struct_included from ansible.module_utils.basic import AnsibleModule +def normalise_cr(clientscoperep, remove_ids=False): + """ Re-sorts any properties where the order so that diff's is minimised, and adds default values where appropriate so that the + the change detection is more effective. + + :param clientscoperep: the clientscoperep dict to be sanitized + :param remove_ids: If set to true, then the unique ID's of objects is removed to make the diff and checks for changed + not alert when the ID's of objects are not usually known, (e.g. for protocol_mappers) + :return: normalised clientscoperep dict + """ + # Avoid the dict passed in to be modified + clientscoperep = clientscoperep.copy() + + if 'protocolMappers' in clientscoperep: + clientscoperep['protocolMappers'] = sorted(clientscoperep['protocolMappers'], key=lambda x: (x.get('name'), x.get('protocol'), x.get('protocolMapper'))) + for mapper in clientscoperep['protocolMappers']: + if remove_ids: + mapper.pop('id', None) + + # Set to a default value. + mapper['consentRequired'] = mapper.get('consentRequired', False) + + return clientscoperep + + def sanitize_cr(clientscoperep): """ Removes probably sensitive details from a clientscoperep representation. @@ -316,7 +319,7 @@ def sanitize_cr(clientscoperep): if 'attributes' in result: if 'saml.signing.private.key' in result['attributes']: result['attributes']['saml.signing.private.key'] = 'no_log' - return result + return normalise_cr(result) def main(): @@ -330,7 +333,7 @@ def main(): protmapper_spec = dict( id=dict(type='str'), name=dict(type='str'), - protocol=dict(type='str', choices=['openid-connect', 'saml', 'wsfed']), + protocol=dict(type='str', choices=['openid-connect', 'saml', 'wsfed', 'docker-v2']), protocolMapper=dict(type='str'), config=dict(type='dict'), ) @@ -341,7 +344,7 @@ def main(): id=dict(type='str'), name=dict(type='str'), description=dict(type='str'), - protocol=dict(type='str', choices=['openid-connect', 'saml', 'wsfed']), + protocol=dict(type='str', choices=['openid-connect', 'saml', 'wsfed', 'docker-v2']), attributes=dict(type='dict'), protocol_mappers=dict(type='list', elements='dict', options=protmapper_spec, aliases=['protocolMappers']), ) @@ -390,17 +393,10 @@ def main(): for clientscope_param in clientscope_params: new_param_value = module.params.get(clientscope_param) - # some lists in the Keycloak API are sorted, some are not. - if isinstance(new_param_value, list): - if clientscope_param in ['attributes']: - try: - new_param_value = sorted(new_param_value) - except TypeError: - pass # Unfortunately, the ansible argument spec checker introduces variables with null values when # they are not specified if clientscope_param == 'protocol_mappers': - new_param_value = [dict((k, v) for k, v in x.items() if x[k] is not None) for x in new_param_value] + new_param_value = [{k: v for k, v in x.items() if v is not None} for x in new_param_value] changeset[camel(clientscope_param)] = new_param_value # Prepare the desired values using the existing values (non-existence results in a dict that is save to use as a basis) @@ -444,7 +440,9 @@ def main(): # Process an update # no changes - if desired_clientscope == before_clientscope: + # remove ids for compare, problematic if desired has no ids set (not required), + # normalize for consentRequired in protocolMappers + if normalise_cr(desired_clientscope, remove_ids=True) == normalise_cr(before_clientscope, remove_ids=True): result['changed'] = False result['end_state'] = sanitize_cr(desired_clientscope) result['msg'] = "No changes required to clientscope {name}.".format(name=before_clientscope['name']) @@ -457,6 +455,13 @@ def main(): result['diff'] = dict(before=sanitize_cr(before_clientscope), after=sanitize_cr(desired_clientscope)) if module.check_mode: + # We can only compare the current clientscope with the proposed updates we have + before_norm = normalise_cr(before_clientscope, remove_ids=True) + desired_norm = normalise_cr(desired_clientscope, remove_ids=True) + if module._diff: + result['diff'] = dict(before=sanitize_cr(before_norm), + after=sanitize_cr(desired_norm)) + result['changed'] = not is_struct_included(desired_norm, before_norm) module.exit_json(**result) # do the update diff --git a/plugins/modules/keycloak_clientscope_type.py b/plugins/modules/keycloak_clientscope_type.py index 37a5d3be94..3923d5fb43 100644 --- a/plugins/modules/keycloak_clientscope_type.py +++ b/plugins/modules/keycloak_clientscope_type.py @@ -9,27 +9,25 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_clientscope_type -short_description: Set the type of aclientscope in realm or client via Keycloak API +short_description: Set the type of aclientscope in realm or client using Keycloak API version_added: 6.6.0 description: - - This module allows you to set the type (optional, default) of clientscopes - via the Keycloak REST API. It requires access to the REST API via OpenID - Connect; the user connecting and the client being used must have the - requisite access rights. In a default Keycloak installation, admin-cli and - an admin user would work, as would a separate client definition with the - scope tailored to your needs and a user having the expected roles. - + - This module allows you to set the type (optional, default) of clientscopes using the Keycloak REST API. It requires access + to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: realm: @@ -40,7 +38,7 @@ options: client_id: description: - - The O(client_id) of the client. If not set the clientscop types are set as a default for the realm. + - The O(client_id) of the client. If not set the clientscope types are set as a default for the realm. aliases: - clientId type: str @@ -59,13 +57,14 @@ options: extends_documentation_fragment: - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak - community.general.attributes author: - Simon Pahl (@simonpahl) -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Set default client scopes on realm level community.general.keycloak_clientscope_type: auth_client_id: admin-cli @@ -88,42 +87,33 @@ EXAMPLES = ''' default_clientscopes: ['profile', 'roles'] optional_clientscopes: ['phone'] delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "" + description: Message as to what action was taken. + returned: always + type: str + sample: "" proposed: - description: Representation of proposed client-scope types mapping. - returned: always - type: dict - sample: { - default_clientscopes: ["profile", "role"], - optional_clientscopes: [] - } + description: Representation of proposed client-scope types mapping. + returned: always + type: dict + sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []} existing: - description: - - Representation of client scopes before module execution. - returned: always - type: dict - sample: { - default_clientscopes: ["profile", "role"], - optional_clientscopes: ["phone"] - } + description: + - Representation of client scopes before module execution. + returned: always + type: dict + sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: ["phone"]} end_state: - description: - - Representation of client scopes after module execution. - - The sample is truncated. - returned: on success - type: dict - sample: { - default_clientscopes: ["profile", "role"], - optional_clientscopes: [] - } -''' + description: + - Representation of client scopes after module execution. + - The sample is truncated. + returned: on success + type: dict + sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []} +""" from ansible.module_utils.basic import AnsibleModule @@ -190,6 +180,15 @@ def extract_field(dictionary, field='name'): return [cs[field] for cs in dictionary] +def normalize_scopes(scopes): + scopes_copy = scopes.copy() + if isinstance(scopes_copy.get('default_clientscopes'), list): + scopes_copy['default_clientscopes'] = sorted(scopes_copy['default_clientscopes']) + if isinstance(scopes_copy.get('optional_clientscopes'), list): + scopes_copy['optional_clientscopes'] = sorted(scopes_copy['optional_clientscopes']) + return scopes_copy + + def main(): """ Module keycloak_clientscope_type @@ -244,10 +243,7 @@ def main(): }) if module._diff: - result['diff'] = dict(before=result['existing'], after=result['proposed']) - - if module.check_mode: - module.exit_json(**result) + result['diff'] = dict(before=normalize_scopes(result['existing']), after=normalize_scopes(result['proposed'])) default_clientscopes_add = clientscopes_to_add(default_clientscopes_existing, default_clientscopes_real) optional_clientscopes_add = clientscopes_to_add(optional_clientscopes_existing, optional_clientscopes_real) @@ -255,6 +251,13 @@ def main(): default_clientscopes_delete = clientscopes_to_delete(default_clientscopes_existing, default_clientscopes_real) optional_clientscopes_delete = clientscopes_to_delete(optional_clientscopes_existing, optional_clientscopes_real) + result["changed"] = any(len(x) > 0 for x in [ + default_clientscopes_add, optional_clientscopes_add, default_clientscopes_delete, optional_clientscopes_delete + ]) + + if module.check_mode: + module.exit_json(**result) + # first delete so clientscopes can change type for clientscope in default_clientscopes_delete: kc.delete_default_clientscope(clientscope['id'], realm, client_id) @@ -266,13 +269,6 @@ def main(): for clientscope in optional_clientscopes_add: kc.add_optional_clientscope(clientscope['id'], realm, client_id) - result["changed"] = ( - len(default_clientscopes_add) > 0 - or len(optional_clientscopes_add) > 0 - or len(default_clientscopes_delete) > 0 - or len(optional_clientscopes_delete) > 0 - ) - result['end_state'].update({ 'default_clientscopes': extract_field(kc.get_default_clientscopes(realm, client_id)), 'optional_clientscopes': extract_field(kc.get_optional_clientscopes(realm, client_id)) diff --git a/plugins/modules/keycloak_clientsecret_info.py b/plugins/modules/keycloak_clientsecret_info.py index c772620351..da07d03248 100644 --- a/plugins/modules/keycloak_clientsecret_info.py +++ b/plugins/modules/keycloak_clientsecret_info.py @@ -9,28 +9,25 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_clientsecret_info -short_description: Retrieve client secret via Keycloak API +short_description: Retrieve client secret using Keycloak API version_added: 6.1.0 description: - - This module allows you to get a Keycloak client secret via the Keycloak - REST API. It requires access to the REST API via OpenID Connect; the user - connecting and the client being used must have the requisite access rights. - In a default Keycloak installation, admin-cli and an admin user would work, - as would a separate client definition with the scope tailored to your needs - and a user having the expected roles. - - - When retrieving a new client secret, where possible provide the client's - O(id) (not O(client_id)) to the module. This removes a lookup to the API to - translate the O(client_id) into the client ID. - - - "Note that this module returns the client secret. To avoid this showing up in the logs, - please add C(no_log: true) to the task." + - This module allows you to get a Keycloak client secret using the Keycloak REST API. It requires access to the REST API + using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default + Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored + to your needs and a user having the expected roles. + - When retrieving a new client secret, where possible provide the client's O(id) (not O(client_id)) to the module. This + removes a lookup to the API to translate the O(client_id) into the client ID. + - 'Note that this module returns the client secret. To avoid this showing up in the logs, please add C(no_log: true) to + the task.' +attributes: + action_group: + version_added: 10.2.0 options: realm: @@ -42,14 +39,13 @@ options: id: description: - The unique identifier for this client. - - This parameter is not required for getting or generating a client secret but - providing it will reduce the number of API calls required. + - This parameter is not required for getting or generating a client secret but providing it will reduce the number of + API calls required. type: str client_id: description: - - The O(client_id) of the client. Passing this instead of O(id) results in an - extra API call. + - The O(client_id) of the client. Passing this instead of O(id) results in an extra API call. aliases: - clientId type: str @@ -57,15 +53,16 @@ options: extends_documentation_fragment: - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak - community.general.attributes - community.general.attributes.info_module author: - Fynn Chen (@fynncfchen) - John Cant (@johncant) -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Get a Keycloak client secret, authentication with credentials community.general.keycloak_clientsecret_info: id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' @@ -97,16 +94,16 @@ EXAMPLES = ''' token: TOKEN delegate_to: localhost no_log: true -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Textual description of whether we succeeded or failed + description: Textual description of whether we succeeded or failed. returned: always type: str clientsecret_info: - description: Representation of the client secret + description: Representation of the client secret. returned: on success type: complex contains: @@ -120,7 +117,7 @@ clientsecret_info: type: str returned: always sample: cUGnX1EIeTtPPAkcyGMv0ncyqDPu68P1 -''' +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import ( KeycloakAPI, KeycloakError, get_token) diff --git a/plugins/modules/keycloak_clientsecret_regenerate.py b/plugins/modules/keycloak_clientsecret_regenerate.py index 7e8b295433..bb449abc10 100644 --- a/plugins/modules/keycloak_clientsecret_regenerate.py +++ b/plugins/modules/keycloak_clientsecret_regenerate.py @@ -9,34 +9,29 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_clientsecret_regenerate -short_description: Regenerate Keycloak client secret via Keycloak API +short_description: Regenerate Keycloak client secret using Keycloak API version_added: 6.1.0 description: - - This module allows you to regenerate a Keycloak client secret via the - Keycloak REST API. It requires access to the REST API via OpenID Connect; - the user connecting and the client being used must have the requisite access - rights. In a default Keycloak installation, admin-cli and an admin user - would work, as would a separate client definition with the scope tailored to - your needs and a user having the expected roles. - - - When regenerating a client secret, where possible provide the client's id - (not client_id) to the module. This removes a lookup to the API to - translate the client_id into the client ID. - - - "Note that this module returns the client secret. To avoid this showing up in the logs, - please add C(no_log: true) to the task." - + - This module allows you to regenerate a Keycloak client secret using the Keycloak REST API. It requires access to the REST + API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default + Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored + to your needs and a user having the expected roles. + - When regenerating a client secret, where possible provide the client's ID (not client_id) to the module. This removes + a lookup to the API to translate the client_id into the client ID. + - 'Note that this module returns the client secret. To avoid this showing up in the logs, please add C(no_log: true) to + the task.' attributes: check_mode: support: full diff_mode: support: none + action_group: + version_added: 10.2.0 options: realm: @@ -48,14 +43,13 @@ options: id: description: - The unique identifier for this client. - - This parameter is not required for getting or generating a client secret but - providing it will reduce the number of API calls required. + - This parameter is not required for getting or generating a client secret but providing it will reduce the number of + API calls required. type: str client_id: description: - - The client_id of the client. Passing this instead of id results in an - extra API call. + - The client_id of the client. Passing this instead of ID results in an extra API call. aliases: - clientId type: str @@ -63,14 +57,15 @@ options: extends_documentation_fragment: - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak - community.general.attributes author: - Fynn Chen (@fynncfchen) - John Cant (@johncant) -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Regenerate a Keycloak client secret, authentication with credentials community.general.keycloak_clientsecret_regenerate: id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' @@ -102,16 +97,16 @@ EXAMPLES = ''' token: TOKEN delegate_to: localhost no_log: true -''' +""" -RETURN = ''' +RETURN = r""" msg: description: Message as to what action was taken. returned: always type: str end_state: - description: Representation of the client credential after module execution + description: Representation of the client credential after module execution. returned: on success type: complex contains: @@ -125,8 +120,7 @@ end_state: type: str returned: always sample: cUGnX1EIeTtPPAkcyGMv0ncyqDPu68P1 - -''' +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import ( KeycloakAPI, KeycloakError, get_token) diff --git a/plugins/modules/keycloak_clienttemplate.py b/plugins/modules/keycloak_clienttemplate.py index cd7f6c09b7..66e96f5a50 100644 --- a/plugins/modules/keycloak_clienttemplate.py +++ b/plugins/modules/keycloak_clienttemplate.py @@ -8,172 +8,165 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_clienttemplate -short_description: Allows administration of Keycloak client templates via Keycloak API +short_description: Allows administration of Keycloak client templates using Keycloak API description: - - This module allows the administration of Keycloak client templates via the Keycloak REST API. It - requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html) - - - The Keycloak API does not always enforce for only sensible settings to be used -- you can set - SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. - If you do not specify a setting, usually a sensible default is chosen. - + - This module allows the administration of Keycloak client templates using the Keycloak REST API. It requires access to + the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). + - The Keycloak API does not always enforce for only sensible settings to be used -- you can set SAML-specific settings on + an OpenID Connect client for instance and the other way around. Be careful. If you do not specify a setting, usually a + sensible default is chosen. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the client template. - - On V(present), the client template will be created (or updated if it exists already). - - On V(absent), the client template will be removed if it exists - choices: ['present', 'absent'] - default: 'present' - type: str - - id: - description: - - Id of client template to be worked on. This is usually a UUID. - type: str - - realm: - description: - - Realm this client template is found in. - type: str - default: master - - name: - description: - - Name of the client template. - type: str - + state: description: - description: - - Description of the client template in Keycloak. - type: str + - State of the client template. + - On V(present), the client template will be created (or updated if it exists already). + - On V(absent), the client template will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str - protocol: - description: - - Type of client template. - choices: ['openid-connect', 'saml'] - type: str + id: + description: + - ID of client template to be worked on. This is usually a UUID. + type: str - full_scope_allowed: + realm: + description: + - Realm this client template is found in. + type: str + default: master + + name: + description: + - Name of the client template. + type: str + + description: + description: + - Description of the client template in Keycloak. + type: str + + protocol: + description: + - Type of client template. + - The V(docker-v2) value was added in community.general 8.6.0. + choices: ['openid-connect', 'saml', 'docker-v2'] + type: str + + full_scope_allowed: + description: + - Is the "Full Scope Allowed" feature set for this client template or not. This is C(fullScopeAllowed) in the Keycloak + REST API. + type: bool + + protocol_mappers: + description: + - A list of dicts defining protocol mappers for this client template. This is C(protocolMappers) in the Keycloak REST + API. + type: list + elements: dict + suboptions: + consentRequired: description: - - Is the "Full Scope Allowed" feature set for this client template or not. - This is 'fullScopeAllowed' in the Keycloak REST API. + - Specifies whether a user needs to provide consent to a client for this mapper to be active. type: bool - protocol_mappers: + consentText: description: - - a list of dicts defining protocol mappers for this client template. - This is 'protocolMappers' in the Keycloak REST API. - type: list - elements: dict - suboptions: - consentRequired: - description: - - Specifies whether a user needs to provide consent to a client for this mapper to be active. - type: bool + - The human-readable name of the consent the user is presented to accept. + type: str - consentText: - description: - - The human-readable name of the consent the user is presented to accept. - type: str - - id: - description: - - Usually a UUID specifying the internal ID of this protocol mapper instance. - type: str - - name: - description: - - The name of this protocol mapper. - type: str - - protocol: - description: - - This specifies for which protocol this protocol mapper is active. - choices: ['openid-connect', 'saml'] - type: str - - protocolMapper: - description: - - "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is - impossible to provide since this may be extended through SPIs by the user of Keycloak, - by default Keycloak as of 3.4 ships with at least:" - - V(docker-v2-allow-all-mapper) - - V(oidc-address-mapper) - - V(oidc-full-name-mapper) - - V(oidc-group-membership-mapper) - - V(oidc-hardcoded-claim-mapper) - - V(oidc-hardcoded-role-mapper) - - V(oidc-role-name-mapper) - - V(oidc-script-based-protocol-mapper) - - V(oidc-sha256-pairwise-sub-mapper) - - V(oidc-usermodel-attribute-mapper) - - V(oidc-usermodel-client-role-mapper) - - V(oidc-usermodel-property-mapper) - - V(oidc-usermodel-realm-role-mapper) - - V(oidc-usersessionmodel-note-mapper) - - V(saml-group-membership-mapper) - - V(saml-hardcode-attribute-mapper) - - V(saml-hardcode-role-mapper) - - V(saml-role-list-mapper) - - V(saml-role-name-mapper) - - V(saml-user-attribute-mapper) - - V(saml-user-property-mapper) - - V(saml-user-session-note-mapper) - - An exhaustive list of available mappers on your installation can be obtained on - the admin console by going to Server Info -> Providers and looking under - 'protocol-mapper'. - type: str - - config: - description: - - Dict specifying the configuration options for the protocol mapper; the - contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented - other than by the source of the mappers and its parent class(es). An example is given - below. It is easiest to obtain valid config values by dumping an already-existing - protocol mapper configuration through check-mode in the RV(existing) field. - type: dict - - attributes: + id: description: - - A dict of further attributes for this client template. This can contain various - configuration settings, though in the default installation of Keycloak as of 3.4, none - are documented or known, so this is usually empty. + - Usually a UUID specifying the internal ID of this protocol mapper instance. + type: str + + name: + description: + - The name of this protocol mapper. + type: str + + protocol: + description: + - This specifies for which protocol this protocol mapper is active. + choices: ['openid-connect', 'saml', 'docker-v2'] + type: str + + protocolMapper: + description: + - 'The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is impossible to provide + since this may be extended through SPIs by the user of Keycloak, by default Keycloak as of 3.4 ships with at least:' + - V(docker-v2-allow-all-mapper). + - V(oidc-address-mapper). + - V(oidc-full-name-mapper). + - V(oidc-group-membership-mapper). + - V(oidc-hardcoded-claim-mapper). + - V(oidc-hardcoded-role-mapper). + - V(oidc-role-name-mapper). + - V(oidc-script-based-protocol-mapper). + - V(oidc-sha256-pairwise-sub-mapper). + - V(oidc-usermodel-attribute-mapper). + - V(oidc-usermodel-client-role-mapper). + - V(oidc-usermodel-property-mapper). + - V(oidc-usermodel-realm-role-mapper). + - V(oidc-usersessionmodel-note-mapper). + - V(saml-group-membership-mapper). + - V(saml-hardcode-attribute-mapper). + - V(saml-hardcode-role-mapper). + - V(saml-role-list-mapper). + - V(saml-role-name-mapper). + - V(saml-user-attribute-mapper). + - V(saml-user-property-mapper). + - V(saml-user-session-note-mapper). + - An exhaustive list of available mappers on your installation can be obtained on the admin console by going to + Server Info -> Providers and looking under 'protocol-mapper'. + type: str + + config: + description: + - Dict specifying the configuration options for the protocol mapper; the contents differ depending on the value + of O(protocol_mappers[].protocolMapper) and are not documented other than by the source of the mappers and its + parent class(es). An example is given below. It is easiest to obtain valid config values by dumping an already-existing + protocol mapper configuration through check-mode in the RV(existing) field. type: dict -notes: - - The Keycloak REST API defines further fields (namely C(bearerOnly), C(consentRequired), C(standardFlowEnabled), - C(implicitFlowEnabled), C(directAccessGrantsEnabled), C(serviceAccountsEnabled), C(publicClient), and - C(frontchannelLogout)) which, while available with keycloak_client, do not have any effect on - Keycloak client-templates and are discarded if supplied with an API request changing client-templates. As such, - they are not available through this module. + attributes: + description: + - A dict of further attributes for this client template. This can contain various configuration settings, though in + the default installation of Keycloak as of 3.4, none are documented or known, so this is usually empty. + type: dict +notes: + - The Keycloak REST API defines further fields (namely C(bearerOnly), C(consentRequired), C(standardFlowEnabled), C(implicitFlowEnabled), + C(directAccessGrantsEnabled), C(serviceAccountsEnabled), C(publicClient), and C(frontchannelLogout)) which, while available + with keycloak_client, do not have any effect on Keycloak client-templates and are discarded if supplied with an API request + changing client-templates. As such, they are not available through this module. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Eike Frost (@eikef) -''' + - Eike Frost (@eikef) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create or update Keycloak client template (minimal), authentication with credentials community.general.keycloak_client: auth_client_id: admin-cli @@ -232,47 +225,35 @@ EXAMPLES = ''' full_scope_allowed: false id: bce6f5e9-d7d3-4955-817e-c5b7f8d65b3f delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Client template testclient has been updated" + description: Message as to what action was taken. + returned: always + type: str + sample: "Client template testclient has been updated" proposed: - description: Representation of proposed client template. - returned: always - type: dict - sample: { - name: "test01" - } + description: Representation of proposed client template. + returned: always + type: dict + sample: {name: "test01"} existing: - description: Representation of existing client template (sample is truncated). - returned: always - type: dict - sample: { - "description": "test01", - "fullScopeAllowed": false, - "id": "9c3712ab-decd-481e-954f-76da7b006e5f", - "name": "test01", - "protocol": "saml" - } + description: Representation of existing client template (sample is truncated). + returned: always + type: dict + sample: {"description": "test01", "fullScopeAllowed": false, "id": "9c3712ab-decd-481e-954f-76da7b006e5f", "name": "test01", + "protocol": "saml"} end_state: - description: Representation of client template after module execution (sample is truncated). - returned: on success - type: dict - sample: { - "description": "test01", - "fullScopeAllowed": false, - "id": "9c3712ab-decd-481e-954f-76da7b006e5f", - "name": "test01", - "protocol": "saml" - } -''' + description: Representation of client template after module execution (sample is truncated). + returned: on success + type: dict + sample: {"description": "test01", "fullScopeAllowed": false, "id": "9c3712ab-decd-481e-954f-76da7b006e5f", "name": "test01", + "protocol": "saml"} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError @@ -292,7 +273,7 @@ def main(): consentText=dict(type='str'), id=dict(type='str'), name=dict(type='str'), - protocol=dict(type='str', choices=['openid-connect', 'saml']), + protocol=dict(type='str', choices=['openid-connect', 'saml', 'docker-v2']), protocolMapper=dict(type='str'), config=dict(type='dict'), ) @@ -304,7 +285,7 @@ def main(): id=dict(type='str'), name=dict(type='str'), description=dict(type='str'), - protocol=dict(type='str', choices=['openid-connect', 'saml']), + protocol=dict(type='str', choices=['openid-connect', 'saml', 'docker-v2']), attributes=dict(type='dict'), full_scope_allowed=dict(type='bool'), protocol_mappers=dict(type='list', elements='dict', options=protmapper_spec), diff --git a/plugins/modules/keycloak_component.py b/plugins/modules/keycloak_component.py new file mode 100644 index 0000000000..5c7e3cd56b --- /dev/null +++ b/plugins/modules/keycloak_component.py @@ -0,0 +1,322 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Björn Bösel +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or +# https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r""" +module: keycloak_component + +short_description: Allows administration of Keycloak components using Keycloak API + +version_added: 10.0.0 + +description: + - This module allows the administration of Keycloak components using the Keycloak REST API. It requires access to the REST + API using OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default + Keycloak installation, C(admin-cli) and an C(admin) user would work, as would a separate realm definition with the scope + tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/latest/rest-api/index.html). Aliases are provided so camelCased versions can be + used as well. +attributes: + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 + +options: + state: + description: + - State of the Keycloak component. + - On V(present), the component will be created (or updated if it exists already). + - On V(absent), the component will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str + name: + description: + - Name of the component to create. + type: str + required: true + parent_id: + description: + - The parent_id of the component. In practice the ID (name) of the realm. + type: str + required: true + provider_id: + description: + - The name of the "provider ID" for the key. + type: str + required: true + provider_type: + description: + - The name of the "provider type" for the key. That is, V(org.keycloak.storage.UserStorageProvider), V(org.keycloak.userprofile.UserProfileProvider), + ... + - See U(https://www.keycloak.org/docs/latest/server_development/index.html#_providers). + type: str + required: true + config: + description: + - Configuration properties for the provider. + - Contents vary depending on the provider type. + type: dict + +extends_documentation_fragment: + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes + +author: + - Björn Bösel (@fivetide) +""" + +EXAMPLES = r""" +- name: Manage Keycloak User Storage Provider + community.general.keycloak_component: + auth_keycloak_url: http://localhost:8080/auth + auth_username: keycloak + auth_password: keycloak + auth_realm: master + name: my storage provider + state: present + parent_id: some_realm + provider_id: my storage + provider_type: "org.keycloak.storage.UserStorageProvider" + config: + myCustomKey: "my_custom_key" + cachePolicy: "NO_CACHE" + enabled: true +""" + +RETURN = r""" +end_state: + description: Representation of the keycloak_component after module execution. + returned: on success + type: dict + contains: + id: + description: ID of the component. + type: str + returned: when O(state=present) + sample: 5b7ec13f-99da-46ad-8326-ab4c73cf4ce4 + name: + description: Name of the component. + type: str + returned: when O(state=present) + sample: mykey + parentId: + description: ID of the realm this key belongs to. + type: str + returned: when O(state=present) + sample: myrealm + providerId: + description: The ID of the key provider. + type: str + returned: when O(state=present) + sample: rsa + providerType: + description: The type of provider. + type: str + returned: when O(state=present) + config: + description: Component configuration. + type: dict +""" + +from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ + keycloak_argument_spec, get_token, KeycloakError +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six.moves.urllib.parse import urlencode +from copy import deepcopy + + +def main(): + argument_spec = keycloak_argument_spec() + + meta_args = dict( + state=dict(type='str', default='present', choices=['present', 'absent']), + name=dict(type='str', required=True), + parent_id=dict(type='str', required=True), + provider_id=dict(type='str', required=True), + provider_type=dict(type='str', required=True), + config=dict( + type='dict', + ) + ) + + argument_spec.update(meta_args) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True, + required_one_of=([['token', 'auth_realm', 'auth_username', 'auth_password']]), + required_together=([['auth_realm', 'auth_username', 'auth_password']])) + + result = dict(changed=False, msg='', end_state={}, diff=dict(before={}, after={})) + + # This will include the current state of the component if it is already + # present. This is only used for diff-mode. + before_component = {} + before_component['config'] = {} + + # Obtain access token, initialize API + try: + connection_header = get_token(module.params) + except KeycloakError as e: + module.fail_json(msg=str(e)) + + kc = KeycloakAPI(module, connection_header) + + params_to_ignore = list(keycloak_argument_spec().keys()) + ["state", "parent_id"] + + # Filter and map the parameters names that apply to the role + component_params = [x for x in module.params + if x not in params_to_ignore and + module.params.get(x) is not None] + + provider_type = module.params.get("provider_type") + + # Build a proposed changeset from parameters given to this module + changeset = {} + changeset['config'] = {} + + # Generate a JSON payload for Keycloak Admin API from the module + # parameters. Parameters that do not belong to the JSON payload (e.g. + # "state" or "auth_keycloal_url") have been filtered away earlier (see + # above). + # + # This loop converts Ansible module parameters (snake-case) into + # Keycloak-compatible format (camel-case). For example private_key + # becomes privateKey. + # + # It also converts bool, str and int parameters into lists with a single + # entry of 'str' type. Bool values are also lowercased. This is required + # by Keycloak. + # + for component_param in component_params: + if component_param == 'config': + for config_param in module.params.get('config'): + changeset['config'][camel(config_param)] = [] + raw_value = module.params.get('config')[config_param] + if isinstance(raw_value, bool): + value = str(raw_value).lower() + else: + value = str(raw_value) + + changeset['config'][camel(config_param)].append(value) + else: + # No need for camelcase in here as these are one word parameters + new_param_value = module.params.get(component_param) + changeset[camel(component_param)] = new_param_value + + # Make a deep copy of the changeset. This is use when determining + # changes to the current state. + changeset_copy = deepcopy(changeset) + + # Make it easier to refer to current module parameters + name = module.params.get('name') + force = module.params.get('force') + state = module.params.get('state') + enabled = module.params.get('enabled') + provider_id = module.params.get('provider_id') + provider_type = module.params.get('provider_type') + parent_id = module.params.get('parent_id') + + # Get a list of all Keycloak components that are of keyprovider type. + current_components = kc.get_components(urlencode(dict(type=provider_type)), parent_id) + + # If this component is present get its key ID. Confusingly the key ID is + # also known as the Provider ID. + component_id = None + + # Track individual parameter changes + changes = "" + + # This tells Ansible whether the key was changed (added, removed, modified) + result['changed'] = False + + # Loop through the list of components. If we encounter a component whose + # name matches the value of the name parameter then assume the key is + # already present. + for component in current_components: + if component['name'] == name: + component_id = component['id'] + changeset['id'] = component_id + changeset_copy['id'] = component_id + + # Compare top-level parameters + for param, value in changeset.items(): + before_component[param] = component[param] + + if changeset_copy[param] != component[param] and param != 'config': + changes += "%s: %s -> %s, " % (param, component[param], changeset_copy[param]) + result['changed'] = True + # Compare parameters under the "config" key + for p, v in changeset_copy['config'].items(): + try: + before_component['config'][p] = component['config'][p] or [] + except KeyError: + before_component['config'][p] = [] + if changeset_copy['config'][p] != component['config'][p]: + changes += "config.%s: %s -> %s, " % (p, component['config'][p], changeset_copy['config'][p]) + result['changed'] = True + + # Check all the possible states of the resource and do what is needed to + # converge current state with desired state (create, update or delete + # the key). + if component_id and state == 'present': + if result['changed']: + if module._diff: + result['diff'] = dict(before=before_component, after=changeset_copy) + + if module.check_mode: + result['msg'] = "Component %s would be changed: %s" % (name, changes.strip(", ")) + else: + kc.update_component(changeset, parent_id) + result['msg'] = "Component %s changed: %s" % (name, changes.strip(", ")) + else: + result['msg'] = "Component %s was in sync" % (name) + + result['end_state'] = changeset_copy + elif component_id and state == 'absent': + if module._diff: + result['diff'] = dict(before=before_component, after={}) + + if module.check_mode: + result['changed'] = True + result['msg'] = "Component %s would be deleted" % (name) + else: + kc.delete_component(component_id, parent_id) + result['changed'] = True + result['msg'] = "Component %s deleted" % (name) + + result['end_state'] = {} + elif not component_id and state == 'present': + if module._diff: + result['diff'] = dict(before={}, after=changeset_copy) + + if module.check_mode: + result['changed'] = True + result['msg'] = "Component %s would be created" % (name) + else: + kc.create_component(changeset, parent_id) + result['changed'] = True + result['msg'] = "Component %s created" % (name) + + result['end_state'] = changeset_copy + elif not component_id and state == 'absent': + result['changed'] = False + result['msg'] = "Component %s not present" % (name) + result['end_state'] = {} + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/keycloak_component_info.py b/plugins/modules/keycloak_component_info.py index a788735d98..79a6d58720 100644 --- a/plugins/modules/keycloak_component_info.py +++ b/plugins/modules/keycloak_component_info.py @@ -8,100 +8,98 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_component_info -short_description: Retrive component info in Keycloak +short_description: Retrieve component info in Keycloak version_added: 8.2.0 description: - - This module retrive information on component from Keycloak. + - This module retrieve information on component from Keycloak. +attributes: + action_group: + version_added: 10.2.0 + options: - realm: - description: - - The name of the realm. - required: true - type: str - name: - description: - - Name of the Component. - type: str - provider_type: - description: - - Provider type of components. - - "Example: - V(org.keycloak.storage.UserStorageProvider), - V(org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy), - V(org.keycloak.keys.KeyProvider), - V(org.keycloak.userprofile.UserProfileProvider), - V(org.keycloak.storage.ldap.mappers.LDAPStorageMapper)." - type: str - parent_id: - description: - - Container ID of the components. - type: str + realm: + description: + - The name of the realm. + required: true + type: str + name: + description: + - Name of the Component. + type: str + provider_type: + description: + - Provider type of components. + - 'Examples: V(org.keycloak.storage.UserStorageProvider), V(org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy), + V(org.keycloak.keys.KeyProvider), V(org.keycloak.userprofile.UserProfileProvider), V(org.keycloak.storage.ldap.mappers.LDAPStorageMapper).' + type: str + parent_id: + description: + - Container ID of the components. + type: str extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes - - community.general.attributes.info_module + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes + - community.general.attributes.info_module author: - - Andre Desrosiers (@desand01) -''' + - Andre Desrosiers (@desand01) +""" -EXAMPLES = ''' - - name: Retrive info of a UserStorageProvider named myldap - community.general.keycloak_component_info: - auth_keycloak_url: http://localhost:8080/auth - auth_sername: admin - auth_password: password - auth_realm: master - realm: myrealm - name: myldap - provider_type: org.keycloak.storage.UserStorageProvider +EXAMPLES = r""" +- name: Retrive info of a UserStorageProvider named myldap + community.general.keycloak_component_info: + auth_keycloak_url: http://localhost:8080/auth + auth_sername: admin + auth_password: password + auth_realm: master + realm: myrealm + name: myldap + provider_type: org.keycloak.storage.UserStorageProvider - - name: Retrive key info component - community.general.keycloak_component_info: - auth_keycloak_url: http://localhost:8080/auth - auth_sername: admin - auth_password: password - auth_realm: master - realm: myrealm - name: rsa-enc-generated - provider_type: org.keycloak.keys.KeyProvider +- name: Retrive key info component + community.general.keycloak_component_info: + auth_keycloak_url: http://localhost:8080/auth + auth_sername: admin + auth_password: password + auth_realm: master + realm: myrealm + name: rsa-enc-generated + provider_type: org.keycloak.keys.KeyProvider - - name: Retrive all component from realm master - community.general.keycloak_component_info: - auth_keycloak_url: http://localhost:8080/auth - auth_sername: admin - auth_password: password - auth_realm: master - realm: myrealm +- name: Retrive all component from realm master + community.general.keycloak_component_info: + auth_keycloak_url: http://localhost:8080/auth + auth_sername: admin + auth_password: password + auth_realm: master + realm: myrealm - - name: Retrive all sub components of parent component filter by type - community.general.keycloak_component_info: - auth_keycloak_url: http://localhost:8080/auth - auth_sername: admin - auth_password: password - auth_realm: master - realm: myrealm - parent_id: "075ef2fa-19fc-4a6d-bf4c-249f57365fd2" - provider_type: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" +- name: Retrive all sub components of parent component filter by type + community.general.keycloak_component_info: + auth_keycloak_url: http://localhost:8080/auth + auth_sername: admin + auth_password: password + auth_realm: master + realm: myrealm + parent_id: "075ef2fa-19fc-4a6d-bf4c-249f57365fd2" + provider_type: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" +""" - -''' - -RETURN = ''' +RETURN = r""" components: description: JSON representation of components. returned: always type: list elements: dict -''' +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ keycloak_argument_spec, get_token, KeycloakError diff --git a/plugins/modules/keycloak_group.py b/plugins/modules/keycloak_group.py index 5398a4b5d0..b6b267e906 100644 --- a/plugins/modules/keycloak_group.py +++ b/plugins/modules/keycloak_group.py @@ -8,119 +8,106 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_group -short_description: Allows administration of Keycloak groups via Keycloak API +short_description: Allows administration of Keycloak groups using Keycloak API description: - - This module allows you to add, remove or modify Keycloak groups via the Keycloak REST API. - It requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html). - - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will - be returned that way by this module. You may pass single values for attributes when calling the module, - and this will be translated into a list suitable for the API. - - - When updating a group, where possible provide the group ID to the module. This removes a lookup - to the API to translate the name into the group ID. - + - This module allows you to add, remove or modify Keycloak groups using the Keycloak REST API. It requires access to the + REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In + a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the + scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. + - When updating a group, where possible provide the group ID to the module. This removes a lookup to the API to translate + the name into the group ID. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the group. - - On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide. - - >- - On V(absent), the group will be removed if it exists. Be aware that absenting - a group with subgroups will automatically delete all its subgroups too. - default: 'present' - type: str - choices: - - present - - absent + state: + description: + - State of the group. + - On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the group will be removed if it exists. Be aware that absenting a group with subgroups will automatically + delete all its subgroups too. + default: 'present' + type: str + choices: + - present + - absent - name: + name: + type: str + description: + - Name of the group. + - This parameter is required only when creating or updating the group. + realm: + type: str + description: + - They Keycloak realm under which this group resides. + default: 'master' + + id: + type: str + description: + - The unique identifier for this group. + - This parameter is not required for updating or deleting a group but providing it will reduce the number of API calls + required. + attributes: + type: dict + description: + - A dict of key/value pairs to set as custom attributes for the group. + - Values may be single values (for example a string) or a list of strings. + parents: + version_added: "6.4.0" + type: list + description: + - List of parent groups for the group to handle sorted top to bottom. + - Set this to create a group as a subgroup of another group or groups (parents) or when accessing an existing subgroup + by name. + - Not necessary to set when accessing an existing subgroup by its C(ID) because in that case the group can be directly + queried without necessarily knowing its parent(s). + elements: dict + suboptions: + id: type: str description: - - Name of the group. - - This parameter is required only when creating or updating the group. - - realm: + - Identify parent by ID. + - Needs less API calls than using O(parents[].name). + - A deep parent chain can be started at any point when first given parent is given as ID. + - Note that in principle both ID and name can be specified at the same time but current implementation only always + use just one of them, with ID being preferred. + name: type: str description: - - They Keycloak realm under which this group resides. - default: 'master' - - id: - type: str - description: - - The unique identifier for this group. - - This parameter is not required for updating or deleting a group but - providing it will reduce the number of API calls required. - - attributes: - type: dict - description: - - A dict of key/value pairs to set as custom attributes for the group. - - Values may be single values (e.g. a string) or a list of strings. - - parents: - version_added: "6.4.0" - type: list - description: - - List of parent groups for the group to handle sorted top to bottom. - - >- - Set this to create a group as a subgroup of another group or groups (parents) or - when accessing an existing subgroup by name. - - >- - Not necessary to set when accessing an existing subgroup by its C(ID) because in - that case the group can be directly queried without necessarily knowing its parent(s). - elements: dict - suboptions: - id: - type: str - description: - - Identify parent by ID. - - Needs less API calls than using O(parents[].name). - - A deep parent chain can be started at any point when first given parent is given as ID. - - Note that in principle both ID and name can be specified at the same time - but current implementation only always use just one of them, with ID - being preferred. - name: - type: str - description: - - Identify parent by name. - - Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood. - - When giving a parent chain with only names it must be complete up to the top. - - Note that in principle both ID and name can be specified at the same time - but current implementation only always use just one of them, with ID - being preferred. - + - Identify parent by name. + - Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood. + - When giving a parent chain with only names it must be complete up to the top. + - Note that in principle both ID and name can be specified at the same time but current implementation only always + use just one of them, with ID being preferred. notes: - - Presently, the RV(end_state.realmRoles), RV(end_state.clientRoles), and RV(end_state.access) attributes returned by the Keycloak API - are read-only for groups. This limitation will be removed in a later version of this module. - + - Presently, the RV(end_state.realmRoles), RV(end_state.clientRoles), and RV(end_state.access) attributes returned by the + Keycloak API are read-only for groups. This limitation will be removed in a later version of this module. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Adam Goossens (@adamgoossens) -''' + - Adam Goossens (@adamgoossens) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a Keycloak group, authentication with credentials community.general.keycloak_group: name: my-new-kc-group @@ -188,14 +175,14 @@ EXAMPLES = ''' auth_password: PASSWORD name: my-new_group attributes: - attrib1: value1 - attrib2: value2 - attrib3: - - with - - numerous - - individual - - list - - items + attrib1: value1 + attrib2: value2 + attrib3: + - with + - numerous + - individual + - list + - items delegate_to: localhost - name: Create a Keycloak subgroup of a base group (using parent name) @@ -255,64 +242,64 @@ EXAMPLES = ''' parents: - id: "{{ result_new_kcgrp_sub.end_state.id }}" delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str end_state: - description: Representation of the group after module execution (sample is truncated). - returned: on success - type: complex - contains: - id: - description: GUID that identifies the group. - type: str - returned: always - sample: 23f38145-3195-462c-97e7-97041ccea73e - name: - description: Name of the group. - type: str - returned: always - sample: grp-test-123 - attributes: - description: Attributes applied to this group. - type: dict - returned: always - sample: - attr1: ["val1", "val2", "val3"] - path: - description: URI path to the group. - type: str - returned: always - sample: /grp-test-123 - realmRoles: - description: An array of the realm-level roles granted to this group. - type: list - returned: always - sample: [] - subGroups: - description: A list of groups that are children of this group. These groups will have the same parameters as - documented here. - type: list - returned: always - clientRoles: - description: A list of client-level roles granted to this group. - type: list - returned: always - sample: [] - access: - description: A dict describing the accesses you have to this group based on the credentials used. - type: dict - returned: always - sample: - manage: true - manageMembership: true - view: true -''' + description: Representation of the group after module execution (sample is truncated). + returned: on success + type: complex + contains: + id: + description: GUID that identifies the group. + type: str + returned: always + sample: 23f38145-3195-462c-97e7-97041ccea73e + name: + description: Name of the group. + type: str + returned: always + sample: grp-test-123 + attributes: + description: Attributes applied to this group. + type: dict + returned: always + sample: + attr1: ["val1", "val2", "val3"] + path: + description: URI path to the group. + type: str + returned: always + sample: /grp-test-123 + realmRoles: + description: An array of the realm-level roles granted to this group. + type: list + returned: always + sample: [] + subGroups: + description: A list of groups that are children of this group. These groups will have the same parameters as documented + here. + type: list + returned: always + clientRoles: + description: A list of client-level roles granted to this group. + type: list + returned: always + sample: [] + access: + description: A dict describing the accesses you have to this group based on the credentials used. + type: dict + returned: always + sample: + manage: true + manageMembership: true + view: true +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError @@ -369,7 +356,7 @@ def main(): parents = module.params.get('parents') # attributes in Keycloak have their values returned as lists - # via the API. attributes is a dict, so we'll transparently convert + # using the API. attributes is a dict, so we'll transparently convert # the values to lists. if attributes is not None: for key, val in module.params['attributes'].items(): diff --git a/plugins/modules/keycloak_identity_provider.py b/plugins/modules/keycloak_identity_provider.py index 588f553e8d..e2c61a4a7a 100644 --- a/plugins/modules/keycloak_identity_provider.py +++ b/plugins/modules/keycloak_identity_provider.py @@ -8,282 +8,282 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_identity_provider -short_description: Allows administration of Keycloak identity providers via Keycloak API +short_description: Allows administration of Keycloak identity providers using Keycloak API version_added: 3.6.0 description: - - This module allows you to add, remove or modify Keycloak identity providers via the Keycloak REST API. - It requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/15.0/rest-api/index.html). - + - This module allows you to add, remove or modify Keycloak identity providers using the Keycloak REST API. It requires access + to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/15.0/rest-api/index.html). attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the identity provider. - - On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the identity provider will be removed if it exists. - default: 'present' - type: str - choices: - - present - - absent + state: + description: + - State of the identity provider. + - On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you + provide. + - On V(absent), the identity provider will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent - realm: - description: - - The Keycloak realm under which this identity provider resides. - default: 'master' - type: str + realm: + description: + - The Keycloak realm under which this identity provider resides. + default: 'master' + type: str - alias: - description: - - The alias uniquely identifies an identity provider and it is also used to build the redirect URI. - required: true - type: str + alias: + description: + - The alias uniquely identifies an identity provider and it is also used to build the redirect URI. + required: true + type: str - display_name: + display_name: + description: + - Friendly name for identity provider. + aliases: + - displayName + type: str + + enabled: + description: + - Enable/disable this identity provider. + type: bool + + store_token: + description: + - Enable/disable whether tokens must be stored after authenticating users. + aliases: + - storeToken + type: bool + + add_read_token_role_on_create: + description: + - Enable/disable whether new users can read any stored tokens. This assigns the C(broker.read-token) role. + aliases: + - addReadTokenRoleOnCreate + type: bool + + trust_email: + description: + - If enabled, email provided by this provider is not verified even if verification is enabled for the realm. + aliases: + - trustEmail + type: bool + + link_only: + description: + - If true, users cannot log in through this provider. They can only link to this provider. This is useful if you do + not want to allow login from the provider, but want to integrate with a provider. + aliases: + - linkOnly + type: bool + + first_broker_login_flow_alias: + description: + - Alias of authentication flow, which is triggered after first login with this identity provider. + aliases: + - firstBrokerLoginFlowAlias + type: str + + post_broker_login_flow_alias: + description: + - Alias of authentication flow, which is triggered after each login with this identity provider. + aliases: + - postBrokerLoginFlowAlias + type: str + + authenticate_by_default: + description: + - Specifies if this identity provider should be used by default for authentication even before displaying login screen. + aliases: + - authenticateByDefault + type: bool + + provider_id: + description: + - Protocol used by this provider (supported values are V(oidc) or V(saml)). + aliases: + - providerId + type: str + + config: + description: + - Dict specifying the configuration options for the provider; the contents differ depending on the value of O(provider_id). + Examples are given below for V(oidc) and V(saml). It is easiest to obtain valid config values by dumping an already-existing + identity provider configuration through check-mode in the RV(existing) field. + type: dict + suboptions: + hide_on_login_page: description: - - Friendly name for identity provider. + - If hidden, login with this provider is possible only if requested explicitly, for example using the C(kc_idp_hint) + parameter. aliases: - - displayName - type: str - - enabled: - description: - - Enable/disable this identity provider. + - hideOnLoginPage type: bool - store_token: + gui_order: description: - - Enable/disable whether tokens must be stored after authenticating users. + - Number defining order of the provider in GUI (for example, on Login page). aliases: - - storeToken - type: bool + - guiOrder + type: int - add_read_token_role_on_create: + sync_mode: description: - - Enable/disable whether new users can read any stored tokens. This assigns the C(broker.read-token) role. + - Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. aliases: - - addReadTokenRoleOnCreate - type: bool - - trust_email: - description: - - If enabled, email provided by this provider is not verified even if verification is enabled for the realm. - aliases: - - trustEmail - type: bool - - link_only: - description: - - If true, users cannot log in through this provider. They can only link to this provider. - This is useful if you don't want to allow login from the provider, but want to integrate with a provider. - aliases: - - linkOnly - type: bool - - first_broker_login_flow_alias: - description: - - Alias of authentication flow, which is triggered after first login with this identity provider. - aliases: - - firstBrokerLoginFlowAlias + - syncMode type: str - post_broker_login_flow_alias: + issuer: description: - - Alias of authentication flow, which is triggered after each login with this identity provider. - aliases: - - postBrokerLoginFlowAlias + - The issuer identifier for the issuer of the response. If not provided, no validation will be performed. type: str - authenticate_by_default: + authorizationUrl: description: - - Specifies if this identity provider should be used by default for authentication even before displaying login screen. - aliases: - - authenticateByDefault + - The Authorization URL. + type: str + + tokenUrl: + description: + - The Token URL. + type: str + + logoutUrl: + description: + - End session endpoint to use to logout user from external IDP. + type: str + + userInfoUrl: + description: + - The User Info URL. + type: str + + clientAuthMethod: + description: + - The client authentication method. + type: str + + clientId: + description: + - The client or client identifier registered within the identity provider. + type: str + + clientSecret: + description: + - The client or client secret registered within the identity provider. + type: str + + defaultScope: + description: + - The scopes to be sent when asking for authorization. + type: str + + validateSignature: + description: + - Enable/disable signature validation of external IDP signatures. type: bool - provider_id: + useJwksUrl: description: - - Protocol used by this provider (supported values are V(oidc) or V(saml)). - aliases: - - providerId + - If the switch is on, identity provider public keys will be downloaded from given JWKS URL. + type: bool + + jwksUrl: + description: + - URL where identity provider keys in JWK format are stored. See JWK specification for more details. type: str - config: + entityId: description: - - Dict specifying the configuration options for the provider; the contents differ depending on the value of O(provider_id). - Examples are given below for V(oidc) and V(saml). It is easiest to obtain valid config values by dumping an already-existing - identity provider configuration through check-mode in the RV(existing) field. + - The Entity ID that will be used to uniquely identify this SAML Service Provider. + type: str + + singleSignOnServiceUrl: + description: + - The URL that must be used to send authentication requests (SAML AuthnRequest). + type: str + + singleLogoutServiceUrl: + description: + - The URL that must be used to send logout requests. + type: str + + backchannelSupported: + description: + - Does the external IDP support backchannel logout? + type: str + + nameIDPolicyFormat: + description: + - Specifies the URI reference corresponding to a name identifier format. + type: str + + principalType: + description: + - Way to identify and track external users from the assertion. + type: str + + mappers: + description: + - A list of dicts defining mappers associated with this Identity Provider. + type: list + elements: dict + suboptions: + id: + description: + - Unique ID of this mapper. + type: str + + name: + description: + - Name of the mapper. + type: str + + identityProviderAlias: + description: + - Alias of the identity provider for this mapper. + type: str + + identityProviderMapper: + description: + - Type of mapper. + type: str + + config: + description: + - Dict specifying the configuration options for the mapper; the contents differ depending on the value of O(mappers[].identityProviderMapper). type: dict - suboptions: - hide_on_login_page: - description: - - If hidden, login with this provider is possible only if requested explicitly, for example using the C(kc_idp_hint) parameter. - aliases: - - hideOnLoginPage - type: bool - - gui_order: - description: - - Number defining order of the provider in GUI (for example, on Login page). - aliases: - - guiOrder - type: int - - sync_mode: - description: - - Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. - aliases: - - syncMode - type: str - - issuer: - description: - - The issuer identifier for the issuer of the response. If not provided, no validation will be performed. - type: str - - authorizationUrl: - description: - - The Authorization URL. - type: str - - tokenUrl: - description: - - The Token URL. - type: str - - logoutUrl: - description: - - End session endpoint to use to logout user from external IDP. - type: str - - userInfoUrl: - description: - - The User Info URL. - type: str - - clientAuthMethod: - description: - - The client authentication method. - type: str - - clientId: - description: - - The client or client identifier registered within the identity provider. - type: str - - clientSecret: - description: - - The client or client secret registered within the identity provider. - type: str - - defaultScope: - description: - - The scopes to be sent when asking for authorization. - type: str - - validateSignature: - description: - - Enable/disable signature validation of external IDP signatures. - type: bool - - useJwksUrl: - description: - - If the switch is on, identity provider public keys will be downloaded from given JWKS URL. - type: bool - - jwksUrl: - description: - - URL where identity provider keys in JWK format are stored. See JWK specification for more details. - type: str - - entityId: - description: - - The Entity ID that will be used to uniquely identify this SAML Service Provider. - type: str - - singleSignOnServiceUrl: - description: - - The URL that must be used to send authentication requests (SAML AuthnRequest). - type: str - - singleLogoutServiceUrl: - description: - - The URL that must be used to send logout requests. - type: str - - backchannelSupported: - description: - - Does the external IDP support backchannel logout? - type: str - - nameIDPolicyFormat: - description: - - Specifies the URI reference corresponding to a name identifier format. - type: str - - principalType: - description: - - Way to identify and track external users from the assertion. - type: str - - mappers: - description: - - A list of dicts defining mappers associated with this Identity Provider. - type: list - elements: dict - suboptions: - id: - description: - - Unique ID of this mapper. - type: str - - name: - description: - - Name of the mapper. - type: str - - identityProviderAlias: - description: - - Alias of the identity provider for this mapper. - type: str - - identityProviderMapper: - description: - - Type of mapper. - type: str - - config: - description: - - Dict specifying the configuration options for the mapper; the contents differ depending on the value of - O(mappers[].identityProviderMapper). - type: dict extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Laurent Paumier (@laurpaum) -''' + - Laurent Paumier (@laurpaum) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create OIDC identity provider, authentication with credentials community.general.keycloak_identity_provider: state: present @@ -344,14 +344,14 @@ EXAMPLES = ''' attribute.friendly.name: User Roles attribute.name: roles syncMode: INHERIT -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Identity provider my-idp has been created" + description: Message as to what action was taken. + returned: always + type: str + sample: "Identity provider my-idp has been created" proposed: description: Representation of proposed identity provider. @@ -425,7 +425,7 @@ end_state: "storeToken": false, "trustEmail": false, } -''' +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError @@ -437,7 +437,7 @@ def sanitize(idp): idpcopy = deepcopy(idp) if 'config' in idpcopy: if 'clientSecret' in idpcopy['config']: - idpcopy['clientSecret'] = '**********' + idpcopy['config']['clientSecret'] = '**********' return idpcopy @@ -445,6 +445,15 @@ def get_identity_provider_with_mappers(kc, alias, realm): idp = kc.get_identity_provider(alias, realm) if idp is not None: idp['mappers'] = sorted(kc.get_identity_provider_mappers(alias, realm), key=lambda x: x.get('name')) + # clientSecret returned by API when using `get_identity_provider(alias, realm)` is always ********** + # to detect changes to the secret, we get the actual cleartext secret from the full realm info + if 'config' in idp: + if 'clientSecret' in idp['config']: + for idp_from_realm in kc.get_realm_by_id(realm).get('identityProviders', []): + if idp_from_realm['internalId'] == idp['internalId']: + cleartext_secret = idp_from_realm.get('config', {}).get('clientSecret') + if cleartext_secret: + idp['config']['clientSecret'] = cleartext_secret if idp is None: idp = {} return idp @@ -525,7 +534,7 @@ def main(): # special handling of mappers list to allow change detection if module.params.get('mappers') is not None: for change in module.params['mappers']: - change = dict((k, v) for k, v in change.items() if change[k] is not None) + change = {k: v for k, v in change.items() if v is not None} if change.get('id') is None and change.get('name') is None: module.fail_json(msg='Either `name` or `id` has to be specified on each mapper.') if before_idp == dict(): diff --git a/plugins/modules/keycloak_realm.py b/plugins/modules/keycloak_realm.py index 9f2e72b525..7c505d8d37 100644 --- a/plugins/modules/keycloak_realm.py +++ b/plugins/modules/keycloak_realm.py @@ -9,513 +9,518 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_realm -short_description: Allows administration of Keycloak realm via Keycloak API +short_description: Allows administration of Keycloak realm using Keycloak API version_added: 3.0.0 description: - - This module allows the administration of Keycloak realm via the Keycloak REST API. It - requires access to the REST API via OpenID Connect; the user connecting and the realm being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate realm definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - Aliases are provided so camelCased versions can be used as well. - - - The Keycloak API does not always sanity check inputs e.g. you can set - SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. - If you do not specify a setting, usually a sensible default is chosen. - + - This module allows the administration of Keycloak realm using the Keycloak REST API. It requires access to the REST API + using OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default + Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored + to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used + as well. + - The Keycloak API does not always sanity check inputs, for example you can set SAML-specific settings on an OpenID Connect + client for instance and also the other way around. B(Be careful). If you do not specify a setting, usually a sensible + default is chosen. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the realm. - - On V(present), the realm will be created (or updated if it exists already). - - On V(absent), the realm will be removed if it exists. - choices: ['present', 'absent'] - default: 'present' - type: str + state: + description: + - State of the realm. + - On V(present), the realm will be created (or updated if it exists already). + - On V(absent), the realm will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str - id: - description: - - The realm to create. - type: str - realm: - description: - - The realm name. - type: str - access_code_lifespan: - description: - - The realm access code lifespan. - aliases: - - accessCodeLifespan - type: int - access_code_lifespan_login: - description: - - The realm access code lifespan login. - aliases: - - accessCodeLifespanLogin - type: int - access_code_lifespan_user_action: - description: - - The realm access code lifespan user action. - aliases: - - accessCodeLifespanUserAction - type: int - access_token_lifespan: - description: - - The realm access token lifespan. - aliases: - - accessTokenLifespan - type: int - access_token_lifespan_for_implicit_flow: - description: - - The realm access token lifespan for implicit flow. - aliases: - - accessTokenLifespanForImplicitFlow - type: int - account_theme: - description: - - The realm account theme. - aliases: - - accountTheme - type: str - action_token_generated_by_admin_lifespan: - description: - - The realm action token generated by admin lifespan. - aliases: - - actionTokenGeneratedByAdminLifespan - type: int - action_token_generated_by_user_lifespan: - description: - - The realm action token generated by user lifespan. - aliases: - - actionTokenGeneratedByUserLifespan - type: int - admin_events_details_enabled: - description: - - The realm admin events details enabled. - aliases: - - adminEventsDetailsEnabled - type: bool - admin_events_enabled: - description: - - The realm admin events enabled. - aliases: - - adminEventsEnabled - type: bool - admin_theme: - description: - - The realm admin theme. - aliases: - - adminTheme - type: str - attributes: - description: - - The realm attributes. - type: dict - browser_flow: - description: - - The realm browser flow. - aliases: - - browserFlow - type: str - browser_security_headers: - description: - - The realm browser security headers. - aliases: - - browserSecurityHeaders - type: dict - brute_force_protected: - description: - - The realm brute force protected. - aliases: - - bruteForceProtected - type: bool - client_authentication_flow: - description: - - The realm client authentication flow. - aliases: - - clientAuthenticationFlow - type: str - client_scope_mappings: - description: - - The realm client scope mappings. - aliases: - - clientScopeMappings - type: dict - default_default_client_scopes: - description: - - The realm default default client scopes. - aliases: - - defaultDefaultClientScopes - type: list - elements: str - default_groups: - description: - - The realm default groups. - aliases: - - defaultGroups - type: list - elements: str - default_locale: - description: - - The realm default locale. - aliases: - - defaultLocale - type: str - default_optional_client_scopes: - description: - - The realm default optional client scopes. - aliases: - - defaultOptionalClientScopes - type: list - elements: str - default_roles: - description: - - The realm default roles. - aliases: - - defaultRoles - type: list - elements: str - default_signature_algorithm: - description: - - The realm default signature algorithm. - aliases: - - defaultSignatureAlgorithm - type: str - direct_grant_flow: - description: - - The realm direct grant flow. - aliases: - - directGrantFlow - type: str - display_name: - description: - - The realm display name. - aliases: - - displayName - type: str - display_name_html: - description: - - The realm display name HTML. - aliases: - - displayNameHtml - type: str - docker_authentication_flow: - description: - - The realm docker authentication flow. - aliases: - - dockerAuthenticationFlow - type: str - duplicate_emails_allowed: - description: - - The realm duplicate emails allowed option. - aliases: - - duplicateEmailsAllowed - type: bool - edit_username_allowed: - description: - - The realm edit username allowed option. - aliases: - - editUsernameAllowed - type: bool - email_theme: - description: - - The realm email theme. - aliases: - - emailTheme - type: str - enabled: - description: - - The realm enabled option. - type: bool - enabled_event_types: - description: - - The realm enabled event types. - aliases: - - enabledEventTypes - type: list - elements: str - events_enabled: - description: - - Enables or disables login events for this realm. - aliases: - - eventsEnabled - type: bool - version_added: 3.6.0 - events_expiration: - description: - - The realm events expiration. - aliases: - - eventsExpiration - type: int - events_listeners: - description: - - The realm events listeners. - aliases: - - eventsListeners - type: list - elements: str - failure_factor: - description: - - The realm failure factor. - aliases: - - failureFactor - type: int - internationalization_enabled: - description: - - The realm internationalization enabled option. - aliases: - - internationalizationEnabled - type: bool - login_theme: - description: - - The realm login theme. - aliases: - - loginTheme - type: str - login_with_email_allowed: - description: - - The realm login with email allowed option. - aliases: - - loginWithEmailAllowed - type: bool - max_delta_time_seconds: - description: - - The realm max delta time in seconds. - aliases: - - maxDeltaTimeSeconds - type: int - max_failure_wait_seconds: - description: - - The realm max failure wait in seconds. - aliases: - - maxFailureWaitSeconds - type: int - minimum_quick_login_wait_seconds: - description: - - The realm minimum quick login wait in seconds. - aliases: - - minimumQuickLoginWaitSeconds - type: int - not_before: - description: - - The realm not before. - aliases: - - notBefore - type: int - offline_session_idle_timeout: - description: - - The realm offline session idle timeout. - aliases: - - offlineSessionIdleTimeout - type: int - offline_session_max_lifespan: - description: - - The realm offline session max lifespan. - aliases: - - offlineSessionMaxLifespan - type: int - offline_session_max_lifespan_enabled: - description: - - The realm offline session max lifespan enabled option. - aliases: - - offlineSessionMaxLifespanEnabled - type: bool - otp_policy_algorithm: - description: - - The realm otp policy algorithm. - aliases: - - otpPolicyAlgorithm - type: str - otp_policy_digits: - description: - - The realm otp policy digits. - aliases: - - otpPolicyDigits - type: int - otp_policy_initial_counter: - description: - - The realm otp policy initial counter. - aliases: - - otpPolicyInitialCounter - type: int - otp_policy_look_ahead_window: - description: - - The realm otp policy look ahead window. - aliases: - - otpPolicyLookAheadWindow - type: int - otp_policy_period: - description: - - The realm otp policy period. - aliases: - - otpPolicyPeriod - type: int - otp_policy_type: - description: - - The realm otp policy type. - aliases: - - otpPolicyType - type: str - otp_supported_applications: - description: - - The realm otp supported applications. - aliases: - - otpSupportedApplications - type: list - elements: str - password_policy: - description: - - The realm password policy. - aliases: - - passwordPolicy - type: str - permanent_lockout: - description: - - The realm permanent lockout. - aliases: - - permanentLockout - type: bool - quick_login_check_milli_seconds: - description: - - The realm quick login check in milliseconds. - aliases: - - quickLoginCheckMilliSeconds - type: int - refresh_token_max_reuse: - description: - - The realm refresh token max reuse. - aliases: - - refreshTokenMaxReuse - type: int - registration_allowed: - description: - - The realm registration allowed option. - aliases: - - registrationAllowed - type: bool - registration_email_as_username: - description: - - The realm registration email as username option. - aliases: - - registrationEmailAsUsername - type: bool - registration_flow: - description: - - The realm registration flow. - aliases: - - registrationFlow - type: str - remember_me: - description: - - The realm remember me option. - aliases: - - rememberMe - type: bool - reset_credentials_flow: - description: - - The realm reset credentials flow. - aliases: - - resetCredentialsFlow - type: str - reset_password_allowed: - description: - - The realm reset password allowed option. - aliases: - - resetPasswordAllowed - type: bool - revoke_refresh_token: - description: - - The realm revoke refresh token option. - aliases: - - revokeRefreshToken - type: bool - smtp_server: - description: - - The realm smtp server. - aliases: - - smtpServer - type: dict - ssl_required: - description: - - The realm ssl required option. - choices: ['all', 'external', 'none'] - aliases: - - sslRequired - type: str - sso_session_idle_timeout: - description: - - The realm sso session idle timeout. - aliases: - - ssoSessionIdleTimeout - type: int - sso_session_idle_timeout_remember_me: - description: - - The realm sso session idle timeout remember me. - aliases: - - ssoSessionIdleTimeoutRememberMe - type: int - sso_session_max_lifespan: - description: - - The realm sso session max lifespan. - aliases: - - ssoSessionMaxLifespan - type: int - sso_session_max_lifespan_remember_me: - description: - - The realm sso session max lifespan remember me. - aliases: - - ssoSessionMaxLifespanRememberMe - type: int - supported_locales: - description: - - The realm supported locales. - aliases: - - supportedLocales - type: list - elements: str - user_managed_access_allowed: - description: - - The realm user managed access allowed option. - aliases: - - userManagedAccessAllowed - type: bool - verify_email: - description: - - The realm verify email option. - aliases: - - verifyEmail - type: bool - wait_increment_seconds: - description: - - The realm wait increment in seconds. - aliases: - - waitIncrementSeconds - type: int + id: + description: + - The realm to create. + type: str + realm: + description: + - The realm name. + type: str + access_code_lifespan: + description: + - The realm access code lifespan. + aliases: + - accessCodeLifespan + type: int + access_code_lifespan_login: + description: + - The realm access code lifespan login. + aliases: + - accessCodeLifespanLogin + type: int + access_code_lifespan_user_action: + description: + - The realm access code lifespan user action. + aliases: + - accessCodeLifespanUserAction + type: int + access_token_lifespan: + description: + - The realm access token lifespan. + aliases: + - accessTokenLifespan + type: int + access_token_lifespan_for_implicit_flow: + description: + - The realm access token lifespan for implicit flow. + aliases: + - accessTokenLifespanForImplicitFlow + type: int + account_theme: + description: + - The realm account theme. + aliases: + - accountTheme + type: str + action_token_generated_by_admin_lifespan: + description: + - The realm action token generated by admin lifespan. + aliases: + - actionTokenGeneratedByAdminLifespan + type: int + action_token_generated_by_user_lifespan: + description: + - The realm action token generated by user lifespan. + aliases: + - actionTokenGeneratedByUserLifespan + type: int + admin_events_details_enabled: + description: + - The realm admin events details enabled. + aliases: + - adminEventsDetailsEnabled + type: bool + admin_events_enabled: + description: + - The realm admin events enabled. + aliases: + - adminEventsEnabled + type: bool + admin_theme: + description: + - The realm admin theme. + aliases: + - adminTheme + type: str + attributes: + description: + - The realm attributes. + type: dict + browser_flow: + description: + - The realm browser flow. + aliases: + - browserFlow + type: str + browser_security_headers: + description: + - The realm browser security headers. + aliases: + - browserSecurityHeaders + type: dict + brute_force_protected: + description: + - The realm brute force protected. + aliases: + - bruteForceProtected + type: bool + client_authentication_flow: + description: + - The realm client authentication flow. + aliases: + - clientAuthenticationFlow + type: str + client_scope_mappings: + description: + - The realm client scope mappings. + aliases: + - clientScopeMappings + type: dict + default_default_client_scopes: + description: + - The realm default default client scopes. + aliases: + - defaultDefaultClientScopes + type: list + elements: str + default_groups: + description: + - The realm default groups. + aliases: + - defaultGroups + type: list + elements: str + default_locale: + description: + - The realm default locale. + aliases: + - defaultLocale + type: str + default_optional_client_scopes: + description: + - The realm default optional client scopes. + aliases: + - defaultOptionalClientScopes + type: list + elements: str + default_roles: + description: + - The realm default roles. + aliases: + - defaultRoles + type: list + elements: str + default_signature_algorithm: + description: + - The realm default signature algorithm. + aliases: + - defaultSignatureAlgorithm + type: str + direct_grant_flow: + description: + - The realm direct grant flow. + aliases: + - directGrantFlow + type: str + display_name: + description: + - The realm display name. + aliases: + - displayName + type: str + display_name_html: + description: + - The realm display name HTML. + aliases: + - displayNameHtml + type: str + docker_authentication_flow: + description: + - The realm docker authentication flow. + aliases: + - dockerAuthenticationFlow + type: str + duplicate_emails_allowed: + description: + - The realm duplicate emails allowed option. + aliases: + - duplicateEmailsAllowed + type: bool + edit_username_allowed: + description: + - The realm edit username allowed option. + aliases: + - editUsernameAllowed + type: bool + email_theme: + description: + - The realm email theme. + aliases: + - emailTheme + type: str + enabled: + description: + - The realm enabled option. + type: bool + enabled_event_types: + description: + - The realm enabled event types. + aliases: + - enabledEventTypes + type: list + elements: str + events_enabled: + description: + - Enables or disables login events for this realm. + aliases: + - eventsEnabled + type: bool + version_added: 3.6.0 + events_expiration: + description: + - The realm events expiration. + aliases: + - eventsExpiration + type: int + events_listeners: + description: + - The realm events listeners. + aliases: + - eventsListeners + type: list + elements: str + failure_factor: + description: + - The realm failure factor. + aliases: + - failureFactor + type: int + internationalization_enabled: + description: + - The realm internationalization enabled option. + aliases: + - internationalizationEnabled + type: bool + login_theme: + description: + - The realm login theme. + aliases: + - loginTheme + type: str + login_with_email_allowed: + description: + - The realm login with email allowed option. + aliases: + - loginWithEmailAllowed + type: bool + max_delta_time_seconds: + description: + - The realm max delta time in seconds. + aliases: + - maxDeltaTimeSeconds + type: int + max_failure_wait_seconds: + description: + - The realm max failure wait in seconds. + aliases: + - maxFailureWaitSeconds + type: int + minimum_quick_login_wait_seconds: + description: + - The realm minimum quick login wait in seconds. + aliases: + - minimumQuickLoginWaitSeconds + type: int + not_before: + description: + - The realm not before. + aliases: + - notBefore + type: int + offline_session_idle_timeout: + description: + - The realm offline session idle timeout. + aliases: + - offlineSessionIdleTimeout + type: int + offline_session_max_lifespan: + description: + - The realm offline session max lifespan. + aliases: + - offlineSessionMaxLifespan + type: int + offline_session_max_lifespan_enabled: + description: + - The realm offline session max lifespan enabled option. + aliases: + - offlineSessionMaxLifespanEnabled + type: bool + otp_policy_algorithm: + description: + - The realm otp policy algorithm. + aliases: + - otpPolicyAlgorithm + type: str + otp_policy_digits: + description: + - The realm otp policy digits. + aliases: + - otpPolicyDigits + type: int + otp_policy_initial_counter: + description: + - The realm otp policy initial counter. + aliases: + - otpPolicyInitialCounter + type: int + otp_policy_look_ahead_window: + description: + - The realm otp policy look ahead window. + aliases: + - otpPolicyLookAheadWindow + type: int + otp_policy_period: + description: + - The realm otp policy period. + aliases: + - otpPolicyPeriod + type: int + otp_policy_type: + description: + - The realm otp policy type. + aliases: + - otpPolicyType + type: str + otp_supported_applications: + description: + - The realm otp supported applications. + aliases: + - otpSupportedApplications + type: list + elements: str + password_policy: + description: + - The realm password policy. + aliases: + - passwordPolicy + type: str + organizations_enabled: + description: + - Enables support for experimental organization feature. + aliases: + - organizationsEnabled + type: bool + version_added: 10.0.0 + permanent_lockout: + description: + - The realm permanent lockout. + aliases: + - permanentLockout + type: bool + quick_login_check_milli_seconds: + description: + - The realm quick login check in milliseconds. + aliases: + - quickLoginCheckMilliSeconds + type: int + refresh_token_max_reuse: + description: + - The realm refresh token max reuse. + aliases: + - refreshTokenMaxReuse + type: int + registration_allowed: + description: + - The realm registration allowed option. + aliases: + - registrationAllowed + type: bool + registration_email_as_username: + description: + - The realm registration email as username option. + aliases: + - registrationEmailAsUsername + type: bool + registration_flow: + description: + - The realm registration flow. + aliases: + - registrationFlow + type: str + remember_me: + description: + - The realm remember me option. + aliases: + - rememberMe + type: bool + reset_credentials_flow: + description: + - The realm reset credentials flow. + aliases: + - resetCredentialsFlow + type: str + reset_password_allowed: + description: + - The realm reset password allowed option. + aliases: + - resetPasswordAllowed + type: bool + revoke_refresh_token: + description: + - The realm revoke refresh token option. + aliases: + - revokeRefreshToken + type: bool + smtp_server: + description: + - The realm smtp server. + aliases: + - smtpServer + type: dict + ssl_required: + description: + - The realm ssl required option. + choices: ['all', 'external', 'none'] + aliases: + - sslRequired + type: str + sso_session_idle_timeout: + description: + - The realm sso session idle timeout. + aliases: + - ssoSessionIdleTimeout + type: int + sso_session_idle_timeout_remember_me: + description: + - The realm sso session idle timeout remember me. + aliases: + - ssoSessionIdleTimeoutRememberMe + type: int + sso_session_max_lifespan: + description: + - The realm sso session max lifespan. + aliases: + - ssoSessionMaxLifespan + type: int + sso_session_max_lifespan_remember_me: + description: + - The realm sso session max lifespan remember me. + aliases: + - ssoSessionMaxLifespanRememberMe + type: int + supported_locales: + description: + - The realm supported locales. + aliases: + - supportedLocales + type: list + elements: str + user_managed_access_allowed: + description: + - The realm user managed access allowed option. + aliases: + - userManagedAccessAllowed + type: bool + verify_email: + description: + - The realm verify email option. + aliases: + - verifyEmail + type: bool + wait_increment_seconds: + description: + - The realm wait increment in seconds. + aliases: + - waitIncrementSeconds + type: int extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Christophe Gilles (@kris2kris) -''' + - Christophe Gilles (@kris2kris) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create or update Keycloak realm (minimal example) community.general.keycloak_realm: auth_client_id: admin-cli @@ -536,52 +541,60 @@ EXAMPLES = ''' auth_password: PASSWORD id: test state: absent +""" -''' - -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Realm testrealm has been updated" + description: Message as to what action was taken. + returned: always + type: str + sample: "Realm testrealm has been updated" proposed: - description: Representation of proposed realm. - returned: always - type: dict - sample: { - id: "test" - } + description: Representation of proposed realm. + returned: always + type: dict + sample: {id: "test"} existing: - description: Representation of existing realm (sample is truncated). - returned: always - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } + description: Representation of existing realm (sample is truncated). + returned: always + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} end_state: - description: Representation of realm after module execution (sample is truncated). - returned: on success - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } -''' + description: Representation of realm after module execution (sample is truncated). + returned: on success + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError from ansible.module_utils.basic import AnsibleModule +def normalise_cr(realmrep): + """ Re-sorts any properties where the order is important so that diff's is minimised and the change detection is more effective. + + :param realmrep: the realmrep dict to be sanitized + :return: normalised realmrep dict + """ + # Avoid the dict passed in to be modified + realmrep = realmrep.copy() + + if 'enabledEventTypes' in realmrep: + realmrep['enabledEventTypes'] = list(sorted(realmrep['enabledEventTypes'])) + + if 'otpSupportedApplications' in realmrep: + realmrep['otpSupportedApplications'] = list(sorted(realmrep['otpSupportedApplications'])) + + if 'supportedLocales' in realmrep: + realmrep['supportedLocales'] = list(sorted(realmrep['supportedLocales'])) + + return realmrep + + def sanitize_cr(realmrep): """ Removes probably sensitive details from a realm representation. @@ -595,7 +608,7 @@ def sanitize_cr(realmrep): if 'saml.signing.private.key' in result['attributes']: result['attributes'] = result['attributes'].copy() result['attributes']['saml.signing.private.key'] = '********' - return result + return normalise_cr(result) def main(): @@ -665,6 +678,7 @@ def main(): otp_policy_type=dict(type='str', aliases=['otpPolicyType']), otp_supported_applications=dict(type='list', elements='str', aliases=['otpSupportedApplications']), password_policy=dict(type='str', aliases=['passwordPolicy'], no_log=False), + organizations_enabled=dict(type='bool', aliases=['organizationsEnabled']), permanent_lockout=dict(type='bool', aliases=['permanentLockout']), quick_login_check_milli_seconds=dict(type='int', aliases=['quickLoginCheckMilliSeconds']), refresh_token_max_reuse=dict(type='int', aliases=['refreshTokenMaxReuse'], no_log=False), @@ -777,10 +791,12 @@ def main(): result['changed'] = True if module.check_mode: # We can only compare the current realm with the proposed updates we have + before_norm = normalise_cr(before_realm) + desired_norm = normalise_cr(desired_realm) if module._diff: - result['diff'] = dict(before=before_realm_sanitized, - after=sanitize_cr(desired_realm)) - result['changed'] = (before_realm != desired_realm) + result['diff'] = dict(before=sanitize_cr(before_norm), + after=sanitize_cr(desired_norm)) + result['changed'] = (before_norm != desired_norm) module.exit_json(**result) diff --git a/plugins/modules/keycloak_realm_info.py b/plugins/modules/keycloak_realm_info.py index 5c2ebb4c9e..838b19513d 100644 --- a/plugins/modules/keycloak_realm_info.py +++ b/plugins/modules/keycloak_realm_info.py @@ -8,98 +8,94 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_realm_info -short_description: Allows obtaining Keycloak realm public information via Keycloak API +short_description: Allows obtaining Keycloak realm public information using Keycloak API version_added: 4.3.0 description: - - This module allows you to get Keycloak realm public information via the Keycloak REST API. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will - be returned that way by this module. You may pass single values for attributes when calling the module, - and this will be translated into a list suitable for the API. - + - This module allows you to get Keycloak realm public information using the Keycloak REST API. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. extends_documentation_fragment: - - community.general.attributes - - community.general.attributes.info_module + - community.general.attributes + - community.general.attributes.info_module options: - auth_keycloak_url: - description: - - URL to the Keycloak instance. - type: str - required: true - aliases: - - url - validate_certs: - description: - - Verify TLS certificates (do not disable this in production). - type: bool - default: true + auth_keycloak_url: + description: + - URL to the Keycloak instance. + type: str + required: true + aliases: + - url + validate_certs: + description: + - Verify TLS certificates (do not disable this in production). + type: bool + default: true - realm: - type: str - description: - - They Keycloak realm ID. - default: 'master' + realm: + type: str + description: + - They Keycloak realm ID. + default: 'master' author: - - Fynn Chen (@fynncfchen) -''' + - Fynn Chen (@fynncfchen) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Get a Keycloak public key community.general.keycloak_realm_info: realm: MyCustomRealm auth_keycloak_url: https://auth.example.com/auth delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str realm_info: - description: - - Representation of the realm public information. - returned: always - type: dict - contains: - realm: - description: Realm ID. - type: str - returned: always - sample: MyRealm - public_key: - description: Public key of the realm. - type: str - returned: always - sample: MIIBIjANBgkqhkiG9w0BAQEFAAO... - token-service: - description: Token endpoint URL. - type: str - returned: always - sample: https://auth.example.com/auth/realms/MyRealm/protocol/openid-connect - account-service: - description: Account console URL. - type: str - returned: always - sample: https://auth.example.com/auth/realms/MyRealm/account - tokens-not-before: - description: The token not before. - type: int - returned: always - sample: 0 -''' + description: + - Representation of the realm public information. + returned: always + type: dict + contains: + realm: + description: Realm ID. + type: str + returned: always + sample: MyRealm + public_key: + description: Public key of the realm. + type: str + returned: always + sample: MIIBIjANBgkqhkiG9w0BAQEFAAO... + token-service: + description: Token endpoint URL. + type: str + returned: always + sample: https://auth.example.com/auth/realms/MyRealm/protocol/openid-connect + account-service: + description: Account console URL. + type: str + returned: always + sample: https://auth.example.com/auth/realms/MyRealm/account + tokens-not-before: + description: The token not before. + type: int + returned: always + sample: 0 +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/keycloak_realm_key.py b/plugins/modules/keycloak_realm_key.py index 6e762fba9d..425206bf98 100644 --- a/plugins/modules/keycloak_realm_key.py +++ b/plugins/modules/keycloak_realm_key.py @@ -9,142 +9,130 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_realm_key -short_description: Allows administration of Keycloak realm keys via Keycloak API +short_description: Allows administration of Keycloak realm keys using Keycloak API version_added: 7.5.0 description: - - This module allows the administration of Keycloak realm keys via the Keycloak REST API. It - requires access to the REST API via OpenID Connect; the user connecting and the realm being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate realm definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - Aliases are provided so camelCased versions can be used as well. - - - This module is unable to detect changes to the actual cryptographic key after importing it. - However, if some other property is changed alongside the cryptographic key, then the key - will also get changed as a side-effect, as the JSON payload needs to include the private key. - This can be considered either a bug or a feature, as the alternative would be to always - update the realm key whether it has changed or not. - - - If certificate is not explicitly provided it will be dynamically created by Keycloak. - Therefore comparing the current state of the certificate to the desired state (which may be - empty) is not possible. - + - This module allows the administration of Keycloak realm keys using the Keycloak REST API. It requires access to the REST + API using OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default + Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored + to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used + as well. + - This module is unable to detect changes to the actual cryptographic key after importing it. However, if some other property + is changed alongside the cryptographic key, then the key will also get changed as a side-effect, as the JSON payload needs + to include the private key. This can be considered either a bug or a feature, as the alternative would be to always update + the realm key whether it has changed or not. + - If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current + state of the certificate to the desired state (which may be empty) is not possible. attributes: - check_mode: - support: full - diff_mode: - support: partial + check_mode: + support: full + diff_mode: + support: partial + action_group: + version_added: 10.2.0 options: - state: + state: + description: + - State of the keycloak realm key. + - On V(present), the realm key will be created (or updated if it exists already). + - On V(absent), the realm key will be removed if it exists. + choices: ['present', 'absent'] + default: 'present' + type: str + name: + description: + - Name of the realm key to create. + type: str + required: true + force: + description: + - Enforce the state of the private key and certificate. This is not automatically the case as this module is unable + to determine the current state of the private key and thus cannot trigger an update based on an actual divergence. + That said, a private key update may happen even if force is false as a side-effect of other changes. + default: false + type: bool + parent_id: + description: + - The parent_id of the realm key. In practice the name of the realm. + type: str + required: true + provider_id: + description: + - The name of the "provider ID" for the key. + - The value V(rsa-enc) has been added in community.general 8.2.0. + choices: ['rsa', 'rsa-enc'] + default: 'rsa' + type: str + config: + description: + - Dict specifying the key and its properties. + type: dict + suboptions: + active: description: - - State of the keycloak realm key. - - On V(present), the realm key will be created (or updated if it exists already). - - On V(absent), the realm key will be removed if it exists. - choices: ['present', 'absent'] - default: 'present' - type: str - name: - description: - - Name of the realm key to create. - type: str - required: true - force: - description: - - Enforce the state of the private key and certificate. This is not automatically the - case as this module is unable to determine the current state of the private key and - thus cannot trigger an update based on an actual divergence. That said, a private key - update may happen even if force is false as a side-effect of other changes. - default: false + - Whether they key is active or inactive. Not to be confused with the state of the Ansible resource managed by the + O(state) parameter. + default: true type: bool - parent_id: + enabled: description: - - The parent_id of the realm key. In practice the ID (name) of the realm. - type: str + - Whether the key is enabled or disabled. Not to be confused with the state of the Ansible resource managed by the + O(state) parameter. + default: true + type: bool + priority: + description: + - The priority of the key. + type: int required: true - provider_id: + algorithm: description: - - The name of the "provider ID" for the key. - - The value V(rsa-enc) has been added in community.general 8.2.0. - choices: ['rsa', 'rsa-enc'] - default: 'rsa' + - Key algorithm. + - The values V(RS384), V(RS512), V(PS256), V(PS384), V(PS512), V(RSA1_5), V(RSA-OAEP), V(RSA-OAEP-256) have been + added in community.general 8.2.0. + default: RS256 + choices: ['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'RSA1_5', 'RSA-OAEP', 'RSA-OAEP-256'] type: str - config: + private_key: description: - - Dict specifying the key and its properties. - type: dict - suboptions: - active: - description: - - Whether they key is active or inactive. Not to be confused with the state - of the Ansible resource managed by the O(state) parameter. - default: true - type: bool - enabled: - description: - - Whether the key is enabled or disabled. Not to be confused with the state - of the Ansible resource managed by the O(state) parameter. - default: true - type: bool - priority: - description: - - The priority of the key. - type: int - required: true - algorithm: - description: - - Key algorithm. - - The values V(RS384), V(RS512), V(PS256), V(PS384), V(PS512), V(RSA1_5), - V(RSA-OAEP), V(RSA-OAEP-256) have been added in community.general 8.2.0. - default: RS256 - choices: ['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'RSA1_5', 'RSA-OAEP', 'RSA-OAEP-256'] - type: str - private_key: - description: - - The private key as an ASCII string. Contents of the key must match O(config.algorithm) - and O(provider_id). - - Please note that the module cannot detect whether the private key specified differs from the - current state's private key. Use O(force=true) to force the module to update the private key - if you expect it to be updated. - required: true - type: str - certificate: - description: - - A certificate signed with the private key as an ASCII string. Contents of the - key must match O(config.algorithm) and O(provider_id). - - If you want Keycloak to automatically generate a certificate using your private key - then set this to an empty string. - required: true - type: str + - The private key as an ASCII string. Contents of the key must match O(config.algorithm) and O(provider_id). + - Please note that the module cannot detect whether the private key specified differs from the current state's private + key. Use O(force=true) to force the module to update the private key if you expect it to be updated. + required: true + type: str + certificate: + description: + - A certificate signed with the private key as an ASCII string. Contents of the key must match O(config.algorithm) + and O(provider_id). + - If you want Keycloak to automatically generate a certificate using your private key then set this to an empty + string. + required: true + type: str notes: - - Current value of the private key cannot be fetched from Keycloak. - Therefore comparing its desired state to the current state is not - possible. - - If certificate is not explicitly provided it will be dynamically created - by Keycloak. Therefore comparing the current state of the certificate to - the desired state (which may be empty) is not possible. - - Due to the private key and certificate options the module is - B(not fully idempotent). You can use O(force=true) to force the module - to always update if you know that the private key might have changed. - + - Current value of the private key cannot be fetched from Keycloak. Therefore comparing its desired state to the current + state is not possible. + - If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current + state of the certificate to the desired state (which may be empty) is not possible. + - Due to the private key and certificate options the module is B(not fully idempotent). You can use O(force=true) to force + the module to always update if you know that the private key might have changed. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Samuli Seppänen (@mattock) -''' + - Samuli Seppänen (@mattock) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Manage Keycloak realm key (certificate autogenerated by Keycloak) community.general.keycloak_realm_key: name: custom @@ -179,54 +167,49 @@ EXAMPLES = ''' active: true priority: 120 algorithm: RS256 -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str + description: Message as to what action was taken. + returned: always + type: str end_state: - description: Representation of the keycloak_realm_key after module execution. - returned: on success - type: dict - contains: - id: - description: ID of the realm key. - type: str - returned: when O(state=present) - sample: 5b7ec13f-99da-46ad-8326-ab4c73cf4ce4 - name: - description: Name of the realm key. - type: str - returned: when O(state=present) - sample: mykey - parentId: - description: ID of the realm this key belongs to. - type: str - returned: when O(state=present) - sample: myrealm - providerId: - description: The ID of the key provider. - type: str - returned: when O(state=present) - sample: rsa - providerType: - description: The type of provider. - type: str - returned: when O(state=present) - config: - description: Realm key configuration. - type: dict - returned: when O(state=present) - sample: { - "active": ["true"], - "algorithm": ["RS256"], - "enabled": ["true"], - "priority": ["140"] - } -''' + description: Representation of the keycloak_realm_key after module execution. + returned: on success + type: dict + contains: + id: + description: ID of the realm key. + type: str + returned: when O(state=present) + sample: 5b7ec13f-99da-46ad-8326-ab4c73cf4ce4 + name: + description: Name of the realm key. + type: str + returned: when O(state=present) + sample: mykey + parentId: + description: ID of the realm this key belongs to. + type: str + returned: when O(state=present) + sample: myrealm + providerId: + description: The ID of the key provider. + type: str + returned: when O(state=present) + sample: rsa + providerType: + description: The type of provider. + type: str + returned: when O(state=present) + config: + description: Realm key configuration. + type: dict + returned: when O(state=present) + sample: {"active": ["true"], "algorithm": ["RS256"], "enabled": ["true"], "priority": ["140"]} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError @@ -300,7 +283,7 @@ def main(): kc = KeycloakAPI(module, connection_header) - params_to_ignore = list(keycloak_argument_spec().keys()) + ["state", "force"] + params_to_ignore = list(keycloak_argument_spec().keys()) + ["state", "force", "parent_id"] # Filter and map the parameters names that apply to the role component_params = [x for x in module.params @@ -371,7 +354,7 @@ def main(): parent_id = module.params.get('parent_id') # Get a list of all Keycloak components that are of keyprovider type. - realm_keys = kc.get_components(urlencode(dict(type=provider_type, parent=parent_id)), parent_id) + realm_keys = kc.get_components(urlencode(dict(type=provider_type)), parent_id) # If this component is present get its key ID. Confusingly the key ID is # also known as the Provider ID. diff --git a/plugins/modules/keycloak_realm_keys_metadata_info.py b/plugins/modules/keycloak_realm_keys_metadata_info.py new file mode 100644 index 0000000000..f76cabfd36 --- /dev/null +++ b/plugins/modules/keycloak_realm_keys_metadata_info.py @@ -0,0 +1,133 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) Ansible project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = r""" +module: keycloak_realm_keys_metadata_info + +short_description: Allows obtaining Keycloak realm keys metadata using Keycloak API + +version_added: 9.3.0 + +description: + - This module allows you to get Keycloak realm keys metadata using the Keycloak REST API. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/latest/rest-api/index.html). +attributes: + action_group: + version_added: 10.2.0 + +options: + realm: + type: str + description: + - They Keycloak realm to fetch keys metadata. + default: 'master' + +extends_documentation_fragment: + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes + - community.general.attributes.info_module + +author: + - Thomas Bach (@thomasbach-dev) +""" + +EXAMPLES = r""" +- name: Fetch Keys metadata + community.general.keycloak_realm_keys_metadata_info: + auth_keycloak_url: https://auth.example.com/auth + auth_realm: master + auth_username: USERNAME + auth_password: PASSWORD + realm: MyCustomRealm + delegate_to: localhost + register: keycloak_keys_metadata + +- name: Write the Keycloak keys certificate into a file + ansible.builtin.copy: + dest: /tmp/keycloak.cert + content: | + {{ keys_metadata['keycloak_keys_metadata']['keys'] + | selectattr('algorithm', 'equalto', 'RS256') + | map(attribute='certificate') + | first + }} + delegate_to: localhost +""" + +RETURN = r""" +msg: + description: Message as to what action was taken. + returned: always + type: str + +keys_metadata: + description: + + - Representation of the realm keys metadata (see U(https://www.keycloak.org/docs-api/latest/rest-api/index.html#KeysMetadataRepresentation)). + returned: always + type: dict + contains: + active: + description: A mapping (that is, a dict) from key algorithms to UUIDs. + type: dict + returned: always + keys: + description: A list of dicts providing detailed information on the keys. + type: list + elements: dict + returned: always +""" + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import ( + KeycloakAPI, KeycloakError, get_token, keycloak_argument_spec) + + +def main(): + argument_spec = keycloak_argument_spec() + + meta_args = dict( + realm=dict(default="master"), + ) + argument_spec.update(meta_args) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True, + required_one_of=([["token", "auth_realm", "auth_username", "auth_password"]]), + required_together=([["auth_realm", "auth_username", "auth_password"]]), + ) + + result = dict(changed=False, msg="", keys_metadata="") + + # Obtain access token, initialize API + try: + connection_header = get_token(module.params) + except KeycloakError as e: + module.fail_json(msg=str(e)) + + kc = KeycloakAPI(module, connection_header) + + realm = module.params.get("realm") + + keys_metadata = kc.get_realm_keys_metadata_by_id(realm=realm) + + result["keys_metadata"] = keys_metadata + result["msg"] = "Get realm keys metadata successful for ID {realm}".format( + realm=realm + ) + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/keycloak_realm_rolemapping.py b/plugins/modules/keycloak_realm_rolemapping.py index 693cf9894a..4217e7e581 100644 --- a/plugins/modules/keycloak_realm_rolemapping.py +++ b/plugins/modules/keycloak_realm_rolemapping.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_realm_rolemapping short_description: Allows administration of Keycloak realm role mappings into groups with the Keycloak API @@ -17,116 +16,107 @@ short_description: Allows administration of Keycloak realm role mappings into gr version_added: 8.2.0 description: - - This module allows you to add, remove or modify Keycloak realm role - mappings into groups with the Keycloak REST API. It requires access to the - REST API via OpenID Connect; the user connecting and the client being used - must have the requisite access rights. In a default Keycloak installation, - admin-cli and an admin user would work, as would a separate client - definition with the scope tailored to your needs and a user having the - expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/18.0/rest-api/index.html). - - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will - be returned that way by this module. You may pass single values for attributes when calling the module, - and this will be translated into a list suitable for the API. - - - When updating a group_rolemapping, where possible provide the role ID to the module. This removes a lookup - to the API to translate the name into the role ID. - + - This module allows you to add, remove or modify Keycloak realm role mappings into groups with the Keycloak REST API. It + requires access to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite + access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client + definition with the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/18.0/rest-api/index.html). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. + - When updating a group_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API + to translate the name into the role ID. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the realm_rolemapping. - - On C(present), the realm_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. - - On C(absent), the realm_rolemapping will be removed if it exists. - default: 'present' - type: str - choices: - - present - - absent + state: + description: + - State of the realm_rolemapping. + - On C(present), the realm_rolemapping will be created if it does not yet exist, or updated with the parameters you + provide. + - On C(absent), the realm_rolemapping will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent - realm: + realm: + type: str + description: + - They Keycloak realm under which this role_representation resides. + default: 'master' + + group_name: + type: str + description: + - Name of the group to be mapped. + - This parameter is required (can be replaced by gid for less API call). + parents: + type: list + description: + - List of parent groups for the group to handle sorted top to bottom. + - Set this if your group is a subgroup and you do not provide the GID in O(gid). + elements: dict + suboptions: + id: type: str description: - - They Keycloak realm under which this role_representation resides. - default: 'master' - - group_name: + - Identify parent by ID. + - Needs less API calls than using O(parents[].name). + - A deep parent chain can be started at any point when first given parent is given as ID. + - Note that in principle both ID and name can be specified at the same time but current implementation only always + use just one of them, with ID being preferred. + name: type: str description: - - Name of the group to be mapped. - - This parameter is required (can be replaced by gid for less API call). - - parents: - type: list - description: - - List of parent groups for the group to handle sorted top to bottom. - - >- - Set this if your group is a subgroup and you do not provide the GID in O(gid). - elements: dict - suboptions: - id: - type: str - description: - - Identify parent by ID. - - Needs less API calls than using O(parents[].name). - - A deep parent chain can be started at any point when first given parent is given as ID. - - Note that in principle both ID and name can be specified at the same time - but current implementation only always use just one of them, with ID - being preferred. - name: - type: str - description: - - Identify parent by name. - - Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood. - - When giving a parent chain with only names it must be complete up to the top. - - Note that in principle both ID and name can be specified at the same time - but current implementation only always use just one of them, with ID - being preferred. - gid: + - Identify parent by name. + - Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood. + - When giving a parent chain with only names it must be complete up to the top. + - Note that in principle both ID and name can be specified at the same time but current implementation only always + use just one of them, with ID being preferred. + gid: + type: str + description: + - ID of the group to be mapped. + - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of + API calls required. + roles: + description: + - Roles to be mapped to the group. + type: list + elements: dict + suboptions: + name: type: str description: - - ID of the group to be mapped. - - This parameter is not required for updating or deleting the rolemapping but - providing it will reduce the number of API calls required. - - roles: + - Name of the role_representation. + - This parameter is required only when creating or updating the role_representation. + id: + type: str description: - - Roles to be mapped to the group. - type: list - elements: dict - suboptions: - name: - type: str - description: - - Name of the role_representation. - - This parameter is required only when creating or updating the role_representation. - id: - type: str - description: - - The unique identifier for this role_representation. - - This parameter is not required for updating or deleting a role_representation but - providing it will reduce the number of API calls required. - + - The unique identifier for this role_representation. + - This parameter is not required for updating or deleting a role_representation but providing it will reduce the + number of API calls required. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Gaëtan Daubresse (@Gaetan2907) - - Marius Huysamen (@mhuysamen) - - Alexander Groß (@agross) -''' + - Gaëtan Daubresse (@Gaetan2907) + - Marius Huysamen (@mhuysamen) + - Alexander Groß (@agross) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Map a client role to a group, authentication with credentials community.general.keycloak_realm_rolemapping: realm: MyCustomRealm @@ -192,49 +182,37 @@ EXAMPLES = ''' - name: role_name2 id: role_id2 delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Role role1 assigned to group group1." + description: Message as to what action was taken. + returned: always + type: str + sample: "Role role1 assigned to group group1." proposed: - description: Representation of proposed client role mapping. - returned: always - type: dict - sample: { - clientId: "test" - } + description: Representation of proposed client role mapping. + returned: always + type: dict + sample: {clientId: "test"} existing: - description: - - Representation of existing client role mapping. - - The sample is truncated. - returned: always - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } + description: + - Representation of existing client role mapping. + - The sample is truncated. + returned: always + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} end_state: - description: - - Representation of client role mapping after module execution. - - The sample is truncated. - returned: on success - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } -''' + description: + - Representation of client role mapping after module execution. + - The sample is truncated. + returned: on success + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import ( KeycloakAPI, keycloak_argument_spec, get_token, KeycloakError, diff --git a/plugins/modules/keycloak_role.py b/plugins/modules/keycloak_role.py index f3e01483f8..267682d31c 100644 --- a/plugins/modules/keycloak_role.py +++ b/plugins/modules/keycloak_role.py @@ -8,121 +8,116 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_role -short_description: Allows administration of Keycloak roles via Keycloak API +short_description: Allows administration of Keycloak roles using Keycloak API version_added: 3.4.0 description: - - This module allows you to add, remove or modify Keycloak roles via the Keycloak REST API. - It requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will - be returned that way by this module. You may pass single values for attributes when calling the module, - and this will be translated into a list suitable for the API. - + - This module allows you to add, remove or modify Keycloak roles using the Keycloak REST API. It requires access to the + REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In + a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the + scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the role. - - On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the role will be removed if it exists. - default: 'present' - type: str - choices: - - present - - absent + state: + description: + - State of the role. + - On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the role will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent - name: + name: + type: str + required: true + description: + - Name of the role. + - This parameter is required. + description: + type: str + description: + - The role description. + realm: + type: str + description: + - The Keycloak realm under which this role resides. + default: 'master' + + client_id: + type: str + description: + - If the role is a client role, the client ID under which it resides. + - If this parameter is absent, the role is considered a realm role. + attributes: + type: dict + description: + - A dict of key/value pairs to set as custom attributes for the role. + - Values may be single values (for example a string) or a list of strings. + composite: + description: + - If V(true), the role is a composition of other realm and/or client role. + default: false + type: bool + version_added: 7.1.0 + composites: + description: + - List of roles to include to the composite realm role. + - If the composite role is a client role, the C(clientId) (not ID of the client) must be specified. + default: [] + type: list + elements: dict + version_added: 7.1.0 + suboptions: + name: + description: + - Name of the role. This can be the name of a REALM role or a client role. type: str required: true + client_id: description: - - Name of the role. - - This parameter is required. - - description: + - Client ID if the role is a client role. Do not include this option for a REALM role. + - Use the client ID you can see in the Keycloak console, not the technical ID of the client. type: str + required: false + aliases: + - clientId + state: description: - - The role description. - - realm: + - Create the composite if present, remove it if absent. type: str - description: - - The Keycloak realm under which this role resides. - default: 'master' - - client_id: - type: str - description: - - If the role is a client role, the client id under which it resides. - - If this parameter is absent, the role is considered a realm role. - - attributes: - type: dict - description: - - A dict of key/value pairs to set as custom attributes for the role. - - Values may be single values (e.g. a string) or a list of strings. - composite: - description: - - If V(true), the role is a composition of other realm and/or client role. - default: false - type: bool - version_added: 7.1.0 - composites: - description: - - List of roles to include to the composite realm role. - - If the composite role is a client role, the C(clientId) (not ID of the client) must be specified. - default: [] - type: list - elements: dict - version_added: 7.1.0 - suboptions: - name: - description: - - Name of the role. This can be the name of a REALM role or a client role. - type: str - required: true - client_id: - description: - - Client ID if the role is a client role. Do not include this option for a REALM role. - - Use the client ID you can see in the Keycloak console, not the technical ID of the client. - type: str - required: false - aliases: - - clientId - state: - description: - - Create the composite if present, remove it if absent. - type: str - choices: - - present - - absent - default: present + choices: + - present + - absent + default: present extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Laurent Paumier (@laurpaum) -''' + - Laurent Paumier (@laurpaum) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a Keycloak realm role, authentication with credentials community.general.keycloak_role: name: my-new-kc-role @@ -178,60 +173,44 @@ EXAMPLES = ''' auth_password: PASSWORD name: my-new-role attributes: - attrib1: value1 - attrib2: value2 - attrib3: - - with - - numerous - - individual - - list - - items + attrib1: value1 + attrib2: value2 + attrib3: + - with + - numerous + - individual + - list + - items delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Role myrole has been updated" + description: Message as to what action was taken. + returned: always + type: str + sample: "Role myrole has been updated" proposed: - description: Representation of proposed role. - returned: always - type: dict - sample: { - "description": "My updated test description" - } + description: Representation of proposed role. + returned: always + type: dict + sample: {"description": "My updated test description"} existing: - description: Representation of existing role. - returned: always - type: dict - sample: { - "attributes": {}, - "clientRole": true, - "composite": false, - "containerId": "9f03eb61-a826-4771-a9fd-930e06d2d36a", - "description": "My client test role", - "id": "561703dd-0f38-45ff-9a5a-0c978f794547", - "name": "myrole" - } + description: Representation of existing role. + returned: always + type: dict + sample: {"attributes": {}, "clientRole": true, "composite": false, "containerId": "9f03eb61-a826-4771-a9fd-930e06d2d36a", + "description": "My client test role", "id": "561703dd-0f38-45ff-9a5a-0c978f794547", "name": "myrole"} end_state: - description: Representation of role after module execution (sample is truncated). - returned: on success - type: dict - sample: { - "attributes": {}, - "clientRole": true, - "composite": false, - "containerId": "9f03eb61-a826-4771-a9fd-930e06d2d36a", - "description": "My updated client test role", - "id": "561703dd-0f38-45ff-9a5a-0c978f794547", - "name": "myrole" - } -''' + description: Representation of role after module execution (sample is truncated). + returned: on success + type: dict + sample: {"attributes": {}, "clientRole": true, "composite": false, "containerId": "9f03eb61-a826-4771-a9fd-930e06d2d36a", + "description": "My updated client test role", "id": "561703dd-0f38-45ff-9a5a-0c978f794547", "name": "myrole"} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError, is_struct_included @@ -287,7 +266,7 @@ def main(): state = module.params.get('state') # attributes in Keycloak have their values returned as lists - # via the API. attributes is a dict, so we'll transparently convert + # using the API. attributes is a dict, so we'll transparently convert # the values to lists. if module.params.get('attributes') is not None: for key, val in module.params['attributes'].items(): diff --git a/plugins/modules/keycloak_user.py b/plugins/modules/keycloak_user.py index 1aeff0da5f..65880548ab 100644 --- a/plugins/modules/keycloak_user.py +++ b/plugins/modules/keycloak_user.py @@ -9,222 +9,224 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_user short_description: Create and configure a user in Keycloak description: - - This module creates, removes, or updates Keycloak users. + - This module creates, removes, or updates Keycloak users. version_added: 7.1.0 options: - auth_username: - aliases: [] - realm: + auth_username: + aliases: [] + realm: + description: + - The name of the realm in which is the client. + default: master + type: str + username: + description: + - Username for the user. + required: true + type: str + id: + description: + - ID of the user on the Keycloak server if known. + type: str + enabled: + description: + - Enabled user. + type: bool + email_verified: + description: + - Check the validity of user email. + default: false + type: bool + aliases: + - emailVerified + first_name: + description: + - The user's first name. + required: false + type: str + aliases: + - firstName + last_name: + description: + - The user's last name. + required: false + type: str + aliases: + - lastName + email: + description: + - User email. + required: false + type: str + federation_link: + description: + - Federation Link. + required: false + type: str + aliases: + - federationLink + service_account_client_id: + description: + - Description of the client Application. + required: false + type: str + aliases: + - serviceAccountClientId + client_consents: + description: + - Client Authenticator Type. + type: list + elements: dict + default: [] + aliases: + - clientConsents + suboptions: + client_id: description: - - The name of the realm in which is the client. - default: master + - Client ID of the client role. Not the technical ID of the client. type: str - username: - description: - - Username for the user. required: true - type: str - id: - description: - - ID of the user on the Keycloak server if known. - type: str - enabled: - description: - - Enabled user. - type: bool - email_verified: - description: - - Check the validity of user email. - default: false - type: bool aliases: - - emailVerified - first_name: + - clientId + roles: description: - - The user's first name. - required: false - type: str - aliases: - - firstName - last_name: - description: - - The user's last name. - required: false - type: str - aliases: - - lastName - email: - description: - - User email. - required: false - type: str - federation_link: - description: - - Federation Link. - required: false - type: str - aliases: - - federationLink - service_account_client_id: - description: - - Description of the client Application. - required: false - type: str - aliases: - - serviceAccountClientId - client_consents: - description: - - Client Authenticator Type. - type: list - elements: dict - default: [] - aliases: - - clientConsents - suboptions: - client_id: - description: - - Client ID of the client role. Not the technical ID of the client. - type: str - required: true - aliases: - - clientId - roles: - description: - - List of client roles to assign to the user. - type: list - required: true - elements: str - groups: - description: - - List of groups for the user. - type: list - elements: dict - default: [] - suboptions: - name: - description: - - Name of the group. - type: str - state: - description: - - Control whether the user must be member of this group or not. - choices: [ "present", "absent" ] - default: present - type: str - credentials: - description: - - User credentials. - default: [] - type: list - elements: dict - suboptions: - type: - description: - - Credential type. - type: str - required: true - value: - description: - - Value of the credential. - type: str - required: true - temporary: - description: - - If V(true), the users are required to reset their credentials at next login. - type: bool - default: false - required_actions: - description: - - RequiredActions user Auth. - default: [] + - List of client roles to assign to the user. type: list + required: true elements: str - aliases: - - requiredActions - federated_identities: + groups: + description: + - List of groups for the user. + type: list + elements: dict + default: [] + suboptions: + name: description: - - List of IDPs of user. - default: [] - type: list - elements: str - aliases: - - federatedIdentities - attributes: - description: - - List of user attributes. - required: false - type: list - elements: dict - suboptions: - name: - description: - - Name of the attribute. - type: str - values: - description: - - Values for the attribute as list. - type: list - elements: str - state: - description: - - Control whether the attribute must exists or not. - choices: [ "present", "absent" ] - default: present - type: str - access: - description: - - list user access. - required: false - type: dict - disableable_credential_types: - description: - - list user Credential Type. - default: [] - type: list - elements: str - aliases: - - disableableCredentialTypes - origin: - description: - - user origin. - required: false + - Name of the group. type: str - self: + state: description: - - user self administration. - required: false - type: str - state: - description: - - Control whether the user should exists or not. - choices: [ "present", "absent" ] + - Control whether the user must be member of this group or not. + choices: ["present", "absent"] default: present type: str - force: + credentials: + description: + - User credentials. + default: [] + type: list + elements: dict + suboptions: + type: description: - - If V(true), allows to remove user and recreate it. + - Credential type. + type: str + required: true + value: + description: + - Value of the credential. + type: str + required: true + temporary: + description: + - If V(true), the users are required to reset their credentials at next login. type: bool default: false + required_actions: + description: + - RequiredActions user Auth. + default: [] + type: list + elements: str + aliases: + - requiredActions + federated_identities: + description: + - List of IDPs of user. + default: [] + type: list + elements: str + aliases: + - federatedIdentities + attributes: + description: + - List of user attributes. + required: false + type: list + elements: dict + suboptions: + name: + description: + - Name of the attribute. + type: str + values: + description: + - Values for the attribute as list. + type: list + elements: str + state: + description: + - Control whether the attribute must exists or not. + choices: ["present", "absent"] + default: present + type: str + access: + description: + - List user access. + required: false + type: dict + disableable_credential_types: + description: + - List user Credential Type. + default: [] + type: list + elements: str + aliases: + - disableableCredentialTypes + origin: + description: + - User origin. + required: false + type: str + self: + description: + - User self administration. + required: false + type: str + state: + description: + - Control whether the user should exists or not. + choices: ["present", "absent"] + default: present + type: str + force: + description: + - If V(true), allows to remove user and recreate it. + type: bool + default: false extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 notes: - - The module does not modify the user ID of an existing user. + - The module does not modify the user ID of an existing user. author: - - Philippe Gauthier (@elfelip) -''' + - Philippe Gauthier (@elfelip) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a user user1 community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth @@ -238,21 +240,21 @@ EXAMPLES = ''' enabled: true emailVerified: false credentials: - - type: password - value: password - temporary: false + - type: password + value: password + temporary: false attributes: - - name: attr1 - values: - - value1 - state: present - - name: attr2 - values: - - value2 - state: absent + - name: attr1 + values: + - value1 + state: present + - name: attr2 + values: + - value2 + state: absent groups: - - name: group1 - state: present + - name: group1 + state: present state: present - name: Re-create a User @@ -268,21 +270,21 @@ EXAMPLES = ''' enabled: true emailVerified: false credentials: - - type: password - value: password - temporary: false + - type: password + value: password + temporary: false attributes: - - name: attr1 - values: - - value1 - state: present - - name: attr2 - values: - - value2 - state: absent + - name: attr1 + values: + - value1 + state: present + - name: attr2 + values: + - value2 + state: absent groups: - - name: group1 - state: present + - name: group1 + state: present state: present - name: Re-create a User @@ -298,21 +300,21 @@ EXAMPLES = ''' enabled: true emailVerified: false credentials: - - type: password - value: password - temporary: false + - type: password + value: password + temporary: false attributes: - - name: attr1 - values: - - value1 - state: present - - name: attr2 - values: - - value2 - state: absent + - name: attr1 + values: + - value1 + state: present + - name: attr2 + values: + - value2 + state: absent groups: - - name: group1 - state: present + - name: group1 + state: present state: present force: true @@ -324,9 +326,9 @@ EXAMPLES = ''' realm: master username: user1 state: absent -''' +""" -RETURN = ''' +RETURN = r""" msg: description: Message as to what action was taken. returned: always @@ -341,14 +343,15 @@ existing: returned: on success type: dict end_state: - description: Representation of the user after module execution + description: Representation of the user after module execution. returned: on success type: dict changed: description: Return V(true) if the operation changed the user on the keycloak server, V(false) otherwise. returned: always type: bool -''' +""" + from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError, is_struct_included from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/keycloak_user_federation.py b/plugins/modules/keycloak_user_federation.py index fee0d1265c..a631145600 100644 --- a/plugins/modules/keycloak_user_federation.py +++ b/plugins/modules/keycloak_user_federation.py @@ -8,583 +8,594 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_user_federation -short_description: Allows administration of Keycloak user federations via Keycloak API +short_description: Allows administration of Keycloak user federations using Keycloak API version_added: 3.7.0 description: - - This module allows you to add, remove or modify Keycloak user federations via the Keycloak REST API. - It requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html). - + - This module allows you to add, remove or modify Keycloak user federations using the Keycloak REST API. It requires access + to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html). attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: + state: + description: + - State of the user federation. + - On V(present), the user federation will be created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the user federation will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent + + realm: + description: + - The Keycloak realm under which this user federation resides. + default: 'master' + type: str + + id: + description: + - The unique ID for this user federation. If left empty, the user federation will be searched by its O(name). + type: str + + name: + description: + - Display name of provider when linked in admin console. + type: str + + provider_id: + description: + - Provider for this user federation. Built-in providers are V(ldap), V(kerberos), and V(sssd). Custom user storage providers + can also be used. + aliases: + - providerId + type: str + + provider_type: + description: + - Component type for user federation (only supported value is V(org.keycloak.storage.UserStorageProvider)). + aliases: + - providerType + default: org.keycloak.storage.UserStorageProvider + type: str + + parent_id: + description: + - Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank. + aliases: + - parentId + type: str + + remove_unspecified_mappers: + description: + - Remove mappers that are not specified in the configuration for this federation. + - Set to V(false) to keep mappers that are not listed in O(mappers). + type: bool + default: true + version_added: 9.4.0 + + bind_credential_update_mode: + description: + - The value of the config parameter O(config.bindCredential) is redacted in the Keycloak responses. Comparing the redacted + value with the desired value always evaluates to not equal. This means the before and desired states are never equal + if the parameter is set. + - Set to V(always) to include O(config.bindCredential) in the comparison of before and desired state. Because of the + redacted value returned by Keycloak the module will always detect a change and make an update if a O(config.bindCredential) + value is set. + - Set to V(only_indirect) to exclude O(config.bindCredential) when comparing the before state with the desired state. + The value of O(config.bindCredential) will only be updated if there are other changes to the user federation that + require an update. + type: str + default: always + choices: + - always + - only_indirect + version_added: 9.5.0 + + config: + description: + - Dict specifying the configuration options for the provider; the contents differ depending on the value of O(provider_id). + Examples are given below for V(ldap), V(kerberos) and V(sssd). It is easiest to obtain valid config values by dumping + an already-existing user federation configuration through check-mode in the RV(existing) field. + - The value V(sssd) has been supported since community.general 4.2.0. + type: dict + suboptions: + enabled: description: - - State of the user federation. - - On V(present), the user federation will be created if it does not yet exist, or updated with - the parameters you provide. - - On V(absent), the user federation will be removed if it exists. - default: 'present' + - Enable/disable this user federation. + default: true + type: bool + + priority: + description: + - Priority of provider when doing a user lookup. Lowest first. + default: 0 + type: int + + importEnabled: + description: + - If V(true), LDAP users will be imported into Keycloak DB and synced by the configured sync policies. + default: true + type: bool + + editMode: + description: + - V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP on demand. V(UNSYNCED) + means user data will be imported, but not synced back to LDAP. type: str choices: - - present - - absent + - READ_ONLY + - WRITABLE + - UNSYNCED - realm: + syncRegistrations: description: - - The Keycloak realm under which this user federation resides. - default: 'master' + - Should newly created users be created within LDAP store? Priority effects which provider is chosen to sync the + new user. + default: false + type: bool + + vendor: + description: + - LDAP vendor (provider). + - Use short name. For instance, write V(rhds) for "Red Hat Directory Server". type: str - id: + usernameLDAPAttribute: description: - - The unique ID for this user federation. If left empty, the user federation will be searched - by its O(name). + - Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server vendors it can be V(uid). For + Active directory it can be V(sAMAccountName) or V(cn). The attribute should be filled for all LDAP user records + you want to import from LDAP to Keycloak. type: str - name: + rdnLDAPAttribute: description: - - Display name of provider when linked in admin console. + - Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. Usually it is the same as Username + LDAP attribute, however it is not required. For example for Active directory, it is common to use V(cn) as RDN + attribute when username attribute might be V(sAMAccountName). type: str - provider_id: + uuidLDAPAttribute: description: - - Provider for this user federation. Built-in providers are V(ldap), V(kerberos), and V(sssd). - Custom user storage providers can also be used. - aliases: - - providerId + - Name of LDAP attribute, which is used as unique object identifier (UUID) for objects in LDAP. For many LDAP server + vendors, it is V(entryUUID); however some are different. For example for Active directory it should be V(objectGUID). + If your LDAP server does not support the notion of UUID, you can use any other attribute that is supposed to be + unique among LDAP users in tree. type: str - provider_type: + userObjectClasses: description: - - Component type for user federation (only supported value is V(org.keycloak.storage.UserStorageProvider)). - aliases: - - providerType - default: org.keycloak.storage.UserStorageProvider + - All values of LDAP objectClass attribute for users in LDAP divided by comma. For example V(inetOrgPerson, organizationalPerson). + Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records + are found just if they contain all those object classes. type: str - parent_id: + connectionUrl: description: - - Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank. - aliases: - - parentId + - Connection URL to your LDAP server. type: str - config: + usersDn: description: - - Dict specifying the configuration options for the provider; the contents differ depending on - the value of O(provider_id). Examples are given below for V(ldap), V(kerberos) and V(sssd). - It is easiest to obtain valid config values by dumping an already-existing user federation - configuration through check-mode in the RV(existing) field. - - The value V(sssd) has been supported since community.general 4.2.0. + - Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. + type: str + + customUserSearchFilter: + description: + - Additional LDAP Filter for filtering searched users. Leave this empty if you do not need additional filter. + type: str + + searchScope: + description: + - For one level, the search applies only for users in the DNs specified by User DNs. For subtree, the search applies + to the whole subtree. See LDAP documentation for more details. + default: '1' + type: str + choices: + - '1' + - '2' + + authType: + description: + - Type of the Authentication method used during LDAP Bind operation. It is used in most of the requests sent to + the LDAP server. + default: 'none' + type: str + choices: + - none + - simple + + bindDn: + description: + - DN of LDAP user which will be used by Keycloak to access LDAP server. + type: str + + bindCredential: + description: + - Password of LDAP admin. + type: str + + startTls: + description: + - Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling. + default: false + type: bool + + usePasswordModifyExtendedOp: + description: + - Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires + that LDAP user already has password in the LDAP server. So when this is used with 'Sync Registrations', it can + be good to add also 'Hardcoded LDAP attribute mapper' with randomly generated initial password. + default: false + type: bool + + validatePasswordPolicy: + description: + - Determines if Keycloak should validate the password with the realm password policy before updating it. + default: false + type: bool + + trustEmail: + description: + - If enabled, email provided by this provider is not verified even if verification is enabled for the realm. + default: false + type: bool + + useTruststoreSpi: + description: + - Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. + V(always) means that it will always use it. V(never) means that it will not use it. V(ldapsOnly) means that it + will use if your connection URL use ldaps. + - Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by + C(javax.net.ssl.trustStore) property will be used. + default: ldapsOnly + type: str + choices: + - always + - ldapsOnly + - never + + connectionTimeout: + description: + - LDAP Connection Timeout in milliseconds. + type: int + + readTimeout: + description: + - LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations. + type: int + + pagination: + description: + - Does the LDAP server support pagination. + default: true + type: bool + + connectionPooling: + description: + - Determines if Keycloak should use connection pooling for accessing LDAP server. + default: true + type: bool + + connectionPoolingAuthentication: + description: + - A list of space-separated authentication types of connections that may be pooled. + type: str + choices: + - none + - simple + - DIGEST-MD5 + + connectionPoolingDebug: + description: + - A string that indicates the level of debug output to produce. Example valid values are V(fine) (trace connection + creation and removal) and V(all) (all debugging information). + type: str + + connectionPoolingInitSize: + description: + - The number of connections per connection identity to create when initially creating a connection for the identity. + type: int + + connectionPoolingMaxSize: + description: + - The maximum number of connections per connection identity that can be maintained concurrently. + type: int + + connectionPoolingPrefSize: + description: + - The preferred number of connections per connection identity that should be maintained concurrently. + type: int + + connectionPoolingProtocol: + description: + - A list of space-separated protocol types of connections that may be pooled. Valid types are V(plain) and V(ssl). + type: str + + connectionPoolingTimeout: + description: + - The number of milliseconds that an idle connection may remain in the pool without being closed and removed from + the pool. + type: int + + allowKerberosAuthentication: + description: + - Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will + be provisioned from this LDAP server. + default: false + type: bool + + kerberosRealm: + description: + - Name of kerberos realm. + type: str + + krbPrincipalAttribute: + description: + - Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after + successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based + on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG), + it will assume that LDAP username is V(john). + type: str + version_added: 8.1.0 + + serverPrincipal: + description: + - Full name of server principal for HTTP service including server and domain name. For example V(HTTP/host.foo.org@FOO.ORG). + Use V(*) to accept any service principal in the KeyTab file. + type: str + + keyTab: + description: + - Location of Kerberos KeyTab file containing the credentials of server principal. For example V(/etc/krb5.keytab). + type: str + + debug: + description: + - Enable/disable debug logging to standard output for Krb5LoginModule. + type: bool + + useKerberosForPasswordAuthentication: + description: + - Use Kerberos login module for authenticate username/password against Kerberos server instead of authenticating + against LDAP server with Directory Service API. + default: false + type: bool + + allowPasswordAuthentication: + description: + - Enable/disable possibility of username/password authentication against Kerberos database. + type: bool + + batchSizeForSync: + description: + - Count of LDAP users to be imported from LDAP to Keycloak within a single transaction. + default: 1000 + type: int + + fullSyncPeriod: + description: + - Period for full synchronization in seconds. + default: -1 + type: int + + changedSyncPeriod: + description: + - Period for synchronization of changed or newly created LDAP users in seconds. + default: -1 + type: int + + updateProfileFirstLogin: + description: + - Update profile on first login. + type: bool + + cachePolicy: + description: + - Cache Policy for this storage provider. + type: str + default: 'DEFAULT' + choices: + - DEFAULT + - EVICT_DAILY + - EVICT_WEEKLY + - MAX_LIFESPAN + - NO_CACHE + + evictionDay: + description: + - Day of the week the entry will become invalid on. + type: str + + evictionHour: + description: + - Hour of day the entry will become invalid on. + type: str + + evictionMinute: + description: + - Minute of day the entry will become invalid on. + type: str + + maxLifespan: + description: + - Max lifespan of cache entry in milliseconds. + type: int + + referral: + description: + - Specifies if LDAP referrals should be followed or ignored. Please note that enabling referrals can slow down authentication + as it allows the LDAP server to decide which other LDAP servers to use. This could potentially include untrusted + servers. + type: str + choices: + - ignore + - follow + version_added: 9.5.0 + + mappers: + description: + - A list of dicts defining mappers associated with this Identity Provider. + type: list + elements: dict + suboptions: + id: + description: + - Unique ID of this mapper. + type: str + + name: + description: + - Name of the mapper. If no ID is given, the mapper will be searched by name. + type: str + + parentId: + description: + - Unique ID for the parent of this mapper. ID of the user federation will automatically be used if left blank. + type: str + + providerId: + description: + - The mapper type for this mapper (for instance V(user-attribute-ldap-mapper)). + type: str + + providerType: + description: + - Component type for this mapper. + type: str + default: org.keycloak.storage.ldap.mappers.LDAPStorageMapper + + config: + description: + - Dict specifying the configuration options for the mapper; the contents differ depending on the value of I(identityProviderMapper). type: dict - suboptions: - enabled: - description: - - Enable/disable this user federation. - default: true - type: bool - - priority: - description: - - Priority of provider when doing a user lookup. Lowest first. - default: 0 - type: int - - importEnabled: - description: - - If V(true), LDAP users will be imported into Keycloak DB and synced by the configured - sync policies. - default: true - type: bool - - editMode: - description: - - V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP - on demand. V(UNSYNCED) means user data will be imported, but not synced back to LDAP. - type: str - choices: - - READ_ONLY - - WRITABLE - - UNSYNCED - - syncRegistrations: - description: - - Should newly created users be created within LDAP store? Priority effects which - provider is chosen to sync the new user. - default: false - type: bool - - vendor: - description: - - LDAP vendor (provider). - - Use short name. For instance, write V(rhds) for "Red Hat Directory Server". - type: str - - usernameLDAPAttribute: - description: - - Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server - vendors it can be V(uid). For Active directory it can be V(sAMAccountName) or V(cn). - The attribute should be filled for all LDAP user records you want to import from - LDAP to Keycloak. - type: str - - rdnLDAPAttribute: - description: - - Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. - Usually it's the same as Username LDAP attribute, however it is not required. For - example for Active directory, it is common to use V(cn) as RDN attribute when - username attribute might be V(sAMAccountName). - type: str - - uuidLDAPAttribute: - description: - - Name of LDAP attribute, which is used as unique object identifier (UUID) for objects - in LDAP. For many LDAP server vendors, it is V(entryUUID); however some are different. - For example for Active directory it should be V(objectGUID). If your LDAP server does - not support the notion of UUID, you can use any other attribute that is supposed to - be unique among LDAP users in tree. - type: str - - userObjectClasses: - description: - - All values of LDAP objectClass attribute for users in LDAP divided by comma. - For example V(inetOrgPerson, organizationalPerson). Newly created Keycloak users - will be written to LDAP with all those object classes and existing LDAP user records - are found just if they contain all those object classes. - type: str - - connectionUrl: - description: - - Connection URL to your LDAP server. - type: str - - usersDn: - description: - - Full DN of LDAP tree where your users are. This DN is the parent of LDAP users. - type: str - - customUserSearchFilter: - description: - - Additional LDAP Filter for filtering searched users. Leave this empty if you don't - need additional filter. - type: str - - searchScope: - description: - - For one level, the search applies only for users in the DNs specified by User DNs. - For subtree, the search applies to the whole subtree. See LDAP documentation for - more details. - default: '1' - type: str - choices: - - '1' - - '2' - - authType: - description: - - Type of the Authentication method used during LDAP Bind operation. It is used in - most of the requests sent to the LDAP server. - default: 'none' - type: str - choices: - - none - - simple - - bindDn: - description: - - DN of LDAP user which will be used by Keycloak to access LDAP server. - type: str - - bindCredential: - description: - - Password of LDAP admin. - type: str - - startTls: - description: - - Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling. - default: false - type: bool - - usePasswordModifyExtendedOp: - description: - - Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify - extended operation usually requires that LDAP user already has password in the LDAP - server. So when this is used with 'Sync Registrations', it can be good to add also - 'Hardcoded LDAP attribute mapper' with randomly generated initial password. - default: false - type: bool - - validatePasswordPolicy: - description: - - Determines if Keycloak should validate the password with the realm password policy - before updating it. - default: false - type: bool - - trustEmail: - description: - - If enabled, email provided by this provider is not verified even if verification is - enabled for the realm. - default: false - type: bool - - useTruststoreSpi: - description: - - Specifies whether LDAP connection will use the truststore SPI with the truststore - configured in standalone.xml/domain.xml. V(always) means that it will always use it. - V(never) means that it will not use it. V(ldapsOnly) means that it will use if - your connection URL use ldaps. Note even if standalone.xml/domain.xml is not - configured, the default Java cacerts or certificate specified by - C(javax.net.ssl.trustStore) property will be used. - default: ldapsOnly - type: str - choices: - - always - - ldapsOnly - - never - - connectionTimeout: - description: - - LDAP Connection Timeout in milliseconds. - type: int - - readTimeout: - description: - - LDAP Read Timeout in milliseconds. This timeout applies for LDAP read operations. - type: int - - pagination: - description: - - Does the LDAP server support pagination. - default: true - type: bool - - connectionPooling: - description: - - Determines if Keycloak should use connection pooling for accessing LDAP server. - default: true - type: bool - - connectionPoolingAuthentication: - description: - - A list of space-separated authentication types of connections that may be pooled. - type: str - choices: - - none - - simple - - DIGEST-MD5 - - connectionPoolingDebug: - description: - - A string that indicates the level of debug output to produce. Example valid values are - V(fine) (trace connection creation and removal) and V(all) (all debugging information). - type: str - - connectionPoolingInitSize: - description: - - The number of connections per connection identity to create when initially creating a - connection for the identity. - type: int - - connectionPoolingMaxSize: - description: - - The maximum number of connections per connection identity that can be maintained - concurrently. - type: int - - connectionPoolingPrefSize: - description: - - The preferred number of connections per connection identity that should be maintained - concurrently. - type: int - - connectionPoolingProtocol: - description: - - A list of space-separated protocol types of connections that may be pooled. - Valid types are V(plain) and V(ssl). - type: str - - connectionPoolingTimeout: - description: - - The number of milliseconds that an idle connection may remain in the pool without - being closed and removed from the pool. - type: int - - allowKerberosAuthentication: - description: - - Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data - about authenticated users will be provisioned from this LDAP server. - default: false - type: bool - - kerberosRealm: - description: - - Name of kerberos realm. - type: str - - krbPrincipalAttribute: - description: - - Name of the LDAP attribute, which refers to Kerberos principal. - This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. - When this is empty, the LDAP user will be looked based on LDAP username corresponding - to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG), - it will assume that LDAP username is V(john). - type: str - version_added: 8.1.0 - - serverPrincipal: - description: - - Full name of server principal for HTTP service including server and domain name. For - example V(HTTP/host.foo.org@FOO.ORG). Use V(*) to accept any service principal in the - KeyTab file. - type: str - - keyTab: - description: - - Location of Kerberos KeyTab file containing the credentials of server principal. For - example V(/etc/krb5.keytab). - type: str - - debug: - description: - - Enable/disable debug logging to standard output for Krb5LoginModule. - type: bool - - useKerberosForPasswordAuthentication: - description: - - Use Kerberos login module for authenticate username/password against Kerberos server - instead of authenticating against LDAP server with Directory Service API. - default: false - type: bool - - allowPasswordAuthentication: - description: - - Enable/disable possibility of username/password authentication against Kerberos database. - type: bool - - batchSizeForSync: - description: - - Count of LDAP users to be imported from LDAP to Keycloak within a single transaction. - default: 1000 - type: int - - fullSyncPeriod: - description: - - Period for full synchronization in seconds. - default: -1 - type: int - - changedSyncPeriod: - description: - - Period for synchronization of changed or newly created LDAP users in seconds. - default: -1 - type: int - - updateProfileFirstLogin: - description: - - Update profile on first login. - type: bool - - cachePolicy: - description: - - Cache Policy for this storage provider. - type: str - default: 'DEFAULT' - choices: - - DEFAULT - - EVICT_DAILY - - EVICT_WEEKLY - - MAX_LIFESPAN - - NO_CACHE - - evictionDay: - description: - - Day of the week the entry will become invalid on. - type: str - - evictionHour: - description: - - Hour of day the entry will become invalid on. - type: str - - evictionMinute: - description: - - Minute of day the entry will become invalid on. - type: str - - maxLifespan: - description: - - Max lifespan of cache entry in milliseconds. - type: int - - mappers: - description: - - A list of dicts defining mappers associated with this Identity Provider. - type: list - elements: dict - suboptions: - id: - description: - - Unique ID of this mapper. - type: str - - name: - description: - - Name of the mapper. If no ID is given, the mapper will be searched by name. - type: str - - parentId: - description: - - Unique ID for the parent of this mapper. ID of the user federation will automatically - be used if left blank. - type: str - - providerId: - description: - - The mapper type for this mapper (for instance V(user-attribute-ldap-mapper)). - type: str - - providerType: - description: - - Component type for this mapper. - type: str - default: org.keycloak.storage.ldap.mappers.LDAPStorageMapper - - config: - description: - - Dict specifying the configuration options for the mapper; the contents differ - depending on the value of I(identityProviderMapper). - # TODO: what is identityProviderMapper above??? - type: dict extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Laurent Paumier (@laurpaum) -''' + - Laurent Paumier (@laurpaum) +""" -EXAMPLES = ''' - - name: Create LDAP user federation - community.general.keycloak_user_federation: - auth_keycloak_url: https://keycloak.example.com/auth - auth_realm: master - auth_username: admin - auth_password: password - realm: my-realm - name: my-ldap - state: present - provider_id: ldap - provider_type: org.keycloak.storage.UserStorageProvider - config: - priority: 0 - enabled: true - cachePolicy: DEFAULT - batchSizeForSync: 1000 - editMode: READ_ONLY - importEnabled: true - syncRegistrations: false - vendor: other - usernameLDAPAttribute: uid - rdnLDAPAttribute: uid - uuidLDAPAttribute: entryUUID - userObjectClasses: inetOrgPerson, organizationalPerson - connectionUrl: ldaps://ldap.example.com:636 - usersDn: ou=Users,dc=example,dc=com - authType: simple - bindDn: cn=directory reader - bindCredential: password - searchScope: 1 - validatePasswordPolicy: false - trustEmail: false - useTruststoreSpi: ldapsOnly - connectionPooling: true - pagination: true - allowKerberosAuthentication: false - debug: false - useKerberosForPasswordAuthentication: false - mappers: - - name: "full name" - providerId: "full-name-ldap-mapper" - providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" - config: - ldap.full.name.attribute: cn - read.only: true - write.only: false +EXAMPLES = r""" +- name: Create LDAP user federation + community.general.keycloak_user_federation: + auth_keycloak_url: https://keycloak.example.com/auth + auth_realm: master + auth_username: admin + auth_password: password + realm: my-realm + name: my-ldap + state: present + provider_id: ldap + provider_type: org.keycloak.storage.UserStorageProvider + config: + priority: 0 + enabled: true + cachePolicy: DEFAULT + batchSizeForSync: 1000 + editMode: READ_ONLY + importEnabled: true + syncRegistrations: false + vendor: other + usernameLDAPAttribute: uid + rdnLDAPAttribute: uid + uuidLDAPAttribute: entryUUID + userObjectClasses: inetOrgPerson, organizationalPerson + connectionUrl: ldaps://ldap.example.com:636 + usersDn: ou=Users,dc=example,dc=com + authType: simple + bindDn: cn=directory reader + bindCredential: password + searchScope: 1 + validatePasswordPolicy: false + trustEmail: false + useTruststoreSpi: ldapsOnly + connectionPooling: true + pagination: true + allowKerberosAuthentication: false + debug: false + useKerberosForPasswordAuthentication: false + mappers: + - name: "full name" + providerId: "full-name-ldap-mapper" + providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" + config: + ldap.full.name.attribute: cn + read.only: true + write.only: false - - name: Create Kerberos user federation - community.general.keycloak_user_federation: - auth_keycloak_url: https://keycloak.example.com/auth - auth_realm: master - auth_username: admin - auth_password: password - realm: my-realm - name: my-kerberos - state: present - provider_id: kerberos - provider_type: org.keycloak.storage.UserStorageProvider - config: - priority: 0 - enabled: true - cachePolicy: DEFAULT - kerberosRealm: EXAMPLE.COM - serverPrincipal: HTTP/host.example.com@EXAMPLE.COM - keyTab: keytab - allowPasswordAuthentication: false - updateProfileFirstLogin: false +- name: Create Kerberos user federation + community.general.keycloak_user_federation: + auth_keycloak_url: https://keycloak.example.com/auth + auth_realm: master + auth_username: admin + auth_password: password + realm: my-realm + name: my-kerberos + state: present + provider_id: kerberos + provider_type: org.keycloak.storage.UserStorageProvider + config: + priority: 0 + enabled: true + cachePolicy: DEFAULT + kerberosRealm: EXAMPLE.COM + serverPrincipal: HTTP/host.example.com@EXAMPLE.COM + keyTab: keytab + allowPasswordAuthentication: false + updateProfileFirstLogin: false - - name: Create sssd user federation - community.general.keycloak_user_federation: - auth_keycloak_url: https://keycloak.example.com/auth - auth_realm: master - auth_username: admin - auth_password: password - realm: my-realm - name: my-sssd - state: present - provider_id: sssd - provider_type: org.keycloak.storage.UserStorageProvider - config: - priority: 0 - enabled: true - cachePolicy: DEFAULT +- name: Create sssd user federation + community.general.keycloak_user_federation: + auth_keycloak_url: https://keycloak.example.com/auth + auth_realm: master + auth_username: admin + auth_password: password + realm: my-realm + name: my-sssd + state: present + provider_id: sssd + provider_type: org.keycloak.storage.UserStorageProvider + config: + priority: 0 + enabled: true + cachePolicy: DEFAULT - - name: Delete user federation - community.general.keycloak_user_federation: - auth_keycloak_url: https://keycloak.example.com/auth - auth_realm: master - auth_username: admin - auth_password: password - realm: my-realm - name: my-federation - state: absent +- name: Delete user federation + community.general.keycloak_user_federation: + auth_keycloak_url: https://keycloak.example.com/auth + auth_realm: master + auth_username: admin + auth_password: password + realm: my-realm + name: my-federation + state: absent +""" -''' - -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "No changes required to user federation 164bb483-c613-482e-80fe-7f1431308799." + description: Message as to what action was taken. + returned: always + type: str + sample: "No changes required to user federation 164bb483-c613-482e-80fe-7f1431308799." proposed: description: Representation of proposed user federation. @@ -704,7 +715,7 @@ end_state: "providerId": "kerberos", "providerType": "org.keycloak.storage.UserStorageProvider" } -''' +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError @@ -713,16 +724,27 @@ from ansible.module_utils.six.moves.urllib.parse import urlencode from copy import deepcopy +def normalize_kc_comp(comp): + if 'config' in comp: + # kc completely removes the parameter `krbPrincipalAttribute` if it is set to `''`; the unset kc parameter is equivalent to `''`; + # to make change detection and diff more accurate we set it again in the kc responses + if 'krbPrincipalAttribute' not in comp['config']: + comp['config']['krbPrincipalAttribute'] = [''] + + # kc stores a timestamp of the last sync in `lastSync` to time the periodic sync, it is removed to minimize diff/changes + comp['config'].pop('lastSync', None) + + def sanitize(comp): compcopy = deepcopy(comp) if 'config' in compcopy: - compcopy['config'] = dict((k, v[0]) for k, v in compcopy['config'].items()) + compcopy['config'] = {k: v[0] for k, v in compcopy['config'].items()} if 'bindCredential' in compcopy['config']: compcopy['config']['bindCredential'] = '**********' if 'mappers' in compcopy: for mapper in compcopy['mappers']: if 'config' in mapper: - mapper['config'] = dict((k, v[0]) for k, v in mapper['config'].items()) + mapper['config'] = {k: v[0] for k, v in mapper['config'].items()} return compcopy @@ -769,6 +791,7 @@ def main(): priority=dict(type='int', default=0), rdnLDAPAttribute=dict(type='str'), readTimeout=dict(type='int'), + referral=dict(type='str', choices=['ignore', 'follow']), searchScope=dict(type='str', choices=['1', '2'], default='1'), serverPrincipal=dict(type='str'), krbPrincipalAttribute=dict(type='str'), @@ -805,6 +828,8 @@ def main(): provider_id=dict(type='str', aliases=['providerId']), provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'), parent_id=dict(type='str', aliases=['parentId']), + remove_unspecified_mappers=dict(type='bool', default=True), + bind_credential_update_mode=dict(type='str', default='always', choices=['always', 'only_indirect']), mappers=dict(type='list', elements='dict', options=mapper_spec), ) @@ -835,19 +860,26 @@ def main(): # Keycloak API expects config parameters to be arrays containing a single string element if config is not None: - module.params['config'] = dict((k, [str(v).lower() if not isinstance(v, str) else v]) - for k, v in config.items() if config[k] is not None) + module.params['config'] = { + k: [str(v).lower() if not isinstance(v, str) else v] + for k, v in config.items() + if config[k] is not None + } if mappers is not None: for mapper in mappers: if mapper.get('config') is not None: - mapper['config'] = dict((k, [str(v).lower() if not isinstance(v, str) else v]) - for k, v in mapper['config'].items() if mapper['config'][k] is not None) + mapper['config'] = { + k: [str(v).lower() if not isinstance(v, str) else v] + for k, v in mapper['config'].items() + if mapper['config'][k] is not None + } # Filter and map the parameters names that apply comp_params = [x for x in module.params - if x not in list(keycloak_argument_spec().keys()) + ['state', 'realm', 'mappers'] and - module.params.get(x) is not None] + if x not in list(keycloak_argument_spec().keys()) + + ['state', 'realm', 'mappers', 'remove_unspecified_mappers', 'bind_credential_update_mode'] + and module.params.get(x) is not None] # See if it already exists in Keycloak if cid is None: @@ -865,7 +897,9 @@ def main(): # if user federation exists, get associated mappers if cid is not None and before_comp: - before_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name')) + before_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '') + + normalize_kc_comp(before_comp) # Build a proposed changeset from parameters given to this module changeset = {} @@ -874,7 +908,7 @@ def main(): new_param_value = module.params.get(param) old_value = before_comp[camel(param)] if camel(param) in before_comp else None if param == 'mappers': - new_param_value = [dict((k, v) for k, v in x.items() if x[k] is not None) for x in new_param_value] + new_param_value = [{k: v for k, v in x.items() if v is not None} for x in new_param_value] if new_param_value != old_value: changeset[camel(param)] = new_param_value @@ -883,17 +917,17 @@ def main(): if module.params['provider_id'] in ['kerberos', 'sssd']: module.fail_json(msg='Cannot configure mappers for {type} provider.'.format(type=module.params['provider_id'])) for change in module.params['mappers']: - change = dict((k, v) for k, v in change.items() if change[k] is not None) + change = {k: v for k, v in change.items() if v is not None} if change.get('id') is None and change.get('name') is None: module.fail_json(msg='Either `name` or `id` has to be specified on each mapper.') if cid is None: old_mapper = {} elif change.get('id') is not None: - old_mapper = kc.get_component(change['id'], realm) + old_mapper = next((before_mapper for before_mapper in before_comp.get('mappers', []) if before_mapper["id"] == change['id']), None) if old_mapper is None: old_mapper = {} else: - found = kc.get_components(urlencode(dict(parent=cid, name=change['name'])), realm) + found = [before_mapper for before_mapper in before_comp.get('mappers', []) if before_mapper['name'] == change['name']] if len(found) > 1: module.fail_json(msg='Found multiple mappers with name `{name}`. Cannot continue.'.format(name=change['name'])) if len(found) == 1: @@ -902,10 +936,16 @@ def main(): old_mapper = {} new_mapper = old_mapper.copy() new_mapper.update(change) - if new_mapper != old_mapper: - if changeset.get('mappers') is None: - changeset['mappers'] = list() - changeset['mappers'].append(new_mapper) + # changeset contains all desired mappers: those existing, to update or to create + if changeset.get('mappers') is None: + changeset['mappers'] = list() + changeset['mappers'].append(new_mapper) + changeset['mappers'] = sorted(changeset['mappers'], key=lambda x: x.get('name') or '') + + # to keep unspecified existing mappers we add them to the desired mappers list, unless they're already present + if not module.params['remove_unspecified_mappers'] and 'mappers' in before_comp: + changeset_mapper_ids = [mapper['id'] for mapper in changeset['mappers'] if 'id' in mapper] + changeset['mappers'].extend([mapper for mapper in before_comp['mappers'] if mapper['id'] not in changeset_mapper_ids]) # Prepare the desired values using the existing values (non-existence results in a dict that is save to use as a basis) desired_comp = before_comp.copy() @@ -928,50 +968,68 @@ def main(): # Process a creation result['changed'] = True - if module._diff: - result['diff'] = dict(before='', after=sanitize(desired_comp)) - if module.check_mode: + if module._diff: + result['diff'] = dict(before='', after=sanitize(desired_comp)) module.exit_json(**result) # create it - desired_comp = desired_comp.copy() - updated_mappers = desired_comp.pop('mappers', []) + desired_mappers = desired_comp.pop('mappers', []) after_comp = kc.create_component(desired_comp, realm) - cid = after_comp['id'] + updated_mappers = [] + # when creating a user federation, keycloak automatically creates default mappers + default_mappers = kc.get_components(urlencode(dict(parent=cid)), realm) - for mapper in updated_mappers: - found = kc.get_components(urlencode(dict(parent=cid, name=mapper['name'])), realm) + # create new mappers or update existing default mappers + for desired_mapper in desired_mappers: + found = [default_mapper for default_mapper in default_mappers if default_mapper['name'] == desired_mapper['name']] if len(found) > 1: - module.fail_json(msg='Found multiple mappers with name `{name}`. Cannot continue.'.format(name=mapper['name'])) + module.fail_json(msg='Found multiple mappers with name `{name}`. Cannot continue.'.format(name=desired_mapper['name'])) if len(found) == 1: old_mapper = found[0] else: old_mapper = {} new_mapper = old_mapper.copy() - new_mapper.update(mapper) + new_mapper.update(desired_mapper) if new_mapper.get('id') is not None: kc.update_component(new_mapper, realm) + updated_mappers.append(new_mapper) else: if new_mapper.get('parentId') is None: - new_mapper['parentId'] = after_comp['id'] - mapper = kc.create_component(new_mapper, realm) + new_mapper['parentId'] = cid + updated_mappers.append(kc.create_component(new_mapper, realm)) - after_comp['mappers'] = updated_mappers + if module.params['remove_unspecified_mappers']: + # we remove all unwanted default mappers + # we use ids so we dont accidently remove one of the previously updated default mapper + for default_mapper in default_mappers: + if not default_mapper['id'] in [x['id'] for x in updated_mappers]: + kc.delete_component(default_mapper['id'], realm) + + after_comp['mappers'] = kc.get_components(urlencode(dict(parent=cid)), realm) + normalize_kc_comp(after_comp) + if module._diff: + result['diff'] = dict(before='', after=sanitize(after_comp)) result['end_state'] = sanitize(after_comp) - - result['msg'] = "User federation {id} has been created".format(id=after_comp['id']) + result['msg'] = "User federation {id} has been created".format(id=cid) module.exit_json(**result) else: if state == 'present': # Process an update + desired_copy = deepcopy(desired_comp) + before_copy = deepcopy(before_comp) + # exclude bindCredential when checking wether an update is required, therefore + # updating it only if there are other changes + if module.params['bind_credential_update_mode'] == 'only_indirect': + desired_copy.get('config', []).pop('bindCredential', None) + before_copy.get('config', []).pop('bindCredential', None) # no changes - if desired_comp == before_comp: + if desired_copy == before_copy: result['changed'] = False result['end_state'] = sanitize(desired_comp) result['msg'] = "No changes required to user federation {id}.".format(id=cid) @@ -987,22 +1045,33 @@ def main(): module.exit_json(**result) # do the update - desired_comp = desired_comp.copy() - updated_mappers = desired_comp.pop('mappers', []) + desired_mappers = desired_comp.pop('mappers', []) kc.update_component(desired_comp, realm) - after_comp = kc.get_component(cid, realm) - for mapper in updated_mappers: + for before_mapper in before_comp.get('mappers', []): + # remove unwanted existing mappers that will not be updated + if not before_mapper['id'] in [x['id'] for x in desired_mappers if 'id' in x]: + kc.delete_component(before_mapper['id'], realm) + + for mapper in desired_mappers: + if mapper in before_comp.get('mappers', []): + continue if mapper.get('id') is not None: kc.update_component(mapper, realm) else: if mapper.get('parentId') is None: mapper['parentId'] = desired_comp['id'] - mapper = kc.create_component(mapper, realm) - - after_comp['mappers'] = updated_mappers - result['end_state'] = sanitize(after_comp) + kc.create_component(mapper, realm) + after_comp = kc.get_component(cid, realm) + after_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '') + normalize_kc_comp(after_comp) + after_comp_sanitized = sanitize(after_comp) + before_comp_sanitized = sanitize(before_comp) + result['end_state'] = after_comp_sanitized + if module._diff: + result['diff'] = dict(before=before_comp_sanitized, after=after_comp_sanitized) + result['changed'] = before_comp_sanitized != after_comp_sanitized result['msg'] = "User federation {id} has been updated".format(id=cid) module.exit_json(**result) diff --git a/plugins/modules/keycloak_user_rolemapping.py b/plugins/modules/keycloak_user_rolemapping.py index 59727a346e..f8690d70c9 100644 --- a/plugins/modules/keycloak_user_rolemapping.py +++ b/plugins/modules/keycloak_user_rolemapping.py @@ -7,8 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: keycloak_user_rolemapping short_description: Allows administration of Keycloak user_rolemapping with the Keycloak API @@ -16,107 +15,99 @@ short_description: Allows administration of Keycloak user_rolemapping with the K version_added: 5.7.0 description: - - This module allows you to add, remove or modify Keycloak user_rolemapping with the Keycloak REST API. - It requires access to the REST API via OpenID Connect; the user connecting and the client being - used must have the requisite access rights. In a default Keycloak installation, admin-cli - and an admin user would work, as would a separate client definition with the scope tailored - to your needs and a user having the expected roles. - - - The names of module options are snake_cased versions of the camelCase ones found in the - Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will - be returned that way by this module. You may pass single values for attributes when calling the module, - and this will be translated into a list suitable for the API. - - - When updating a user_rolemapping, where possible provide the role ID to the module. This removes a lookup - to the API to translate the name into the role ID. - + - This module allows you to add, remove or modify Keycloak user_rolemapping with the Keycloak REST API. It requires access + to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. + In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with + the scope tailored to your needs and a user having the expected roles. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that + way by this module. You may pass single values for attributes when calling the module, and this will be translated into + a list suitable for the API. + - When updating a user_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API to + translate the name into the role ID. attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 options: - state: - description: - - State of the user_rolemapping. - - On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the user_rolemapping will be removed if it exists. - default: 'present' - type: str - choices: - - present - - absent + state: + description: + - State of the user_rolemapping. + - On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the user_rolemapping will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent - realm: + realm: + type: str + description: + - They Keycloak realm under which this role_representation resides. + default: 'master' + + target_username: + type: str + description: + - Username of the user roles are mapped to. + - This parameter is not required (can be replaced by uid for less API call). + uid: + type: str + description: + - ID of the user to be mapped. + - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of + API calls required. + service_account_user_client_id: + type: str + description: + - Client ID of the service-account-user to be mapped. + - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of + API calls required. + client_id: + type: str + description: + - Name of the client to be mapped (different than O(cid)). + - This parameter is required if O(cid) is not provided (can be replaced by O(cid) to reduce the number of API calls + that must be made). + cid: + type: str + description: + - ID of the client to be mapped. + - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of + API calls required. + roles: + description: + - Roles to be mapped to the user. + type: list + elements: dict + suboptions: + name: type: str description: - - They Keycloak realm under which this role_representation resides. - default: 'master' - - target_username: + - Name of the role representation. + - This parameter is required only when creating or updating the role_representation. + id: type: str description: - - Username of the user roles are mapped to. - - This parameter is not required (can be replaced by uid for less API call). - - uid: - type: str - description: - - ID of the user to be mapped. - - This parameter is not required for updating or deleting the rolemapping but - providing it will reduce the number of API calls required. - - service_account_user_client_id: - type: str - description: - - Client ID of the service-account-user to be mapped. - - This parameter is not required for updating or deleting the rolemapping but - providing it will reduce the number of API calls required. - - client_id: - type: str - description: - - Name of the client to be mapped (different than O(cid)). - - This parameter is required if O(cid) is not provided (can be replaced by O(cid) - to reduce the number of API calls that must be made). - - cid: - type: str - description: - - ID of the client to be mapped. - - This parameter is not required for updating or deleting the rolemapping but - providing it will reduce the number of API calls required. - - roles: - description: - - Roles to be mapped to the user. - type: list - elements: dict - suboptions: - name: - type: str - description: - - Name of the role representation. - - This parameter is required only when creating or updating the role_representation. - id: - type: str - description: - - The unique identifier for this role_representation. - - This parameter is not required for updating or deleting a role_representation but - providing it will reduce the number of API calls required. - + - The unique identifier for this role_representation. + - This parameter is not required for updating or deleting a role_representation but providing it will reduce the + number of API calls required. extends_documentation_fragment: - - community.general.keycloak - - community.general.attributes + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes author: - - Dušan Marković (@bratwurzt) -''' + - Dušan Marković (@bratwurzt) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Map a client role to a user, authentication with credentials community.general.keycloak_user_rolemapping: realm: MyCustomRealm @@ -186,49 +177,37 @@ EXAMPLES = ''' - name: role_name2 id: role_id2 delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" msg: - description: Message as to what action was taken. - returned: always - type: str - sample: "Role role1 assigned to user user1." + description: Message as to what action was taken. + returned: always + type: str + sample: "Role role1 assigned to user user1." proposed: - description: Representation of proposed client role mapping. - returned: always - type: dict - sample: { - clientId: "test" - } + description: Representation of proposed client role mapping. + returned: always + type: dict + sample: {clientId: "test"} existing: - description: - - Representation of existing client role mapping. - - The sample is truncated. - returned: always - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } + description: + - Representation of existing client role mapping. + - The sample is truncated. + returned: always + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} end_state: - description: - - Representation of client role mapping after module execution. - - The sample is truncated. - returned: on success - type: dict - sample: { - "adminUrl": "http://www.example.com/admin_url", - "attributes": { - "request.object.signature.alg": "RS256", - } - } -''' + description: + - Representation of client role mapping after module execution. + - The sample is truncated. + returned: on success + type: dict + sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} +""" from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ keycloak_argument_spec, get_token, KeycloakError diff --git a/plugins/modules/keycloak_userprofile.py b/plugins/modules/keycloak_userprofile.py new file mode 100644 index 0000000000..f54cd7183a --- /dev/null +++ b/plugins/modules/keycloak_userprofile.py @@ -0,0 +1,738 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) Ansible project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +DOCUMENTATION = r""" +module: keycloak_userprofile + +short_description: Allows managing Keycloak User Profiles + +description: + - This module allows you to create, update, or delete Keycloak User Profiles using the Keycloak API. You can also customize + the "Unmanaged Attributes" with it. + - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation + at U(https://www.keycloak.org/docs-api/24.0.5/rest-api/index.html). For compatibility reasons, the module also accepts + the camelCase versions of the options. +version_added: "9.4.0" + +attributes: + check_mode: + support: full + diff_mode: + support: full + action_group: + version_added: 10.2.0 + +options: + state: + description: + - State of the User Profile provider. + - On V(present), the User Profile provider will be created if it does not yet exist, or updated with the parameters + you provide. + - On V(absent), the User Profile provider will be removed if it exists. + default: 'present' + type: str + choices: + - present + - absent + + parent_id: + description: + - The parent ID of the realm key. In practice the ID (name) of the realm. + aliases: + - parentId + - realm + type: str + required: true + + provider_id: + description: + - The name of the provider ID for the key (supported value is V(declarative-user-profile)). + aliases: + - providerId + choices: ['declarative-user-profile'] + default: 'declarative-user-profile' + type: str + + provider_type: + description: + - Component type for User Profile (only supported value is V(org.keycloak.userprofile.UserProfileProvider)). + aliases: + - providerType + choices: ['org.keycloak.userprofile.UserProfileProvider'] + default: org.keycloak.userprofile.UserProfileProvider + type: str + + config: + description: + - The configuration of the User Profile Provider. + type: dict + required: false + suboptions: + kc_user_profile_config: + description: + - Define a declarative User Profile. See EXAMPLES for more context. + aliases: + - kcUserProfileConfig + type: list + elements: dict + suboptions: + attributes: + description: + - A list of attributes to be included in the User Profile. + type: list + elements: dict + suboptions: + name: + description: + - The name of the attribute. + type: str + required: true + + display_name: + description: + - The display name of the attribute. + aliases: + - displayName + type: str + required: true + + validations: + description: + - The validations to be applied to the attribute. + type: dict + suboptions: + length: + description: + - The length validation for the attribute. + type: dict + suboptions: + min: + description: + - The minimum length of the attribute. + type: int + max: + description: + - The maximum length of the attribute. + type: int + required: true + + email: + description: + - The email validation for the attribute. + type: dict + + username_prohibited_characters: + description: + - The prohibited characters validation for the username attribute. + type: dict + aliases: + - usernameProhibitedCharacters + + up_username_not_idn_homograph: + description: + - The validation to prevent IDN homograph attacks in usernames. + type: dict + aliases: + - upUsernameNotIdnHomograph + + person_name_prohibited_characters: + description: + - The prohibited characters validation for person name attributes. + type: dict + aliases: + - personNameProhibitedCharacters + + uri: + description: + - The URI validation for the attribute. + type: dict + + pattern: + description: + - The pattern validation for the attribute using regular expressions. + type: dict + + options: + description: + - Validation to ensure the attribute matches one of the provided options. + type: dict + + annotations: + description: + - Annotations for the attribute. + type: dict + + group: + description: + - Specifies the User Profile group where this attribute will be added. + type: str + + permissions: + description: + - The permissions for viewing and editing the attribute. + type: dict + suboptions: + view: + description: + - The roles that can view the attribute. + - Supported values are V(admin) and V(user). + type: list + elements: str + default: + - admin + - user + + edit: + description: + - The roles that can edit the attribute. + - Supported values are V(admin) and V(user). + type: list + elements: str + default: + - admin + - user + + multivalued: + description: + - Whether the attribute can have multiple values. + type: bool + default: false + + required: + description: + - The roles that require this attribute. + type: dict + suboptions: + roles: + description: + - The roles for which this attribute is required. + - Supported values are V(admin) and V(user). + type: list + elements: str + default: + - user + + groups: + description: + - A list of attribute groups to be included in the User Profile. + type: list + elements: dict + suboptions: + name: + description: + - The name of the group. + type: str + required: true + + display_header: + description: + - The display header for the group. + aliases: + - displayHeader + type: str + required: true + + display_description: + description: + - The display description for the group. + aliases: + - displayDescription + type: str + required: false + + annotations: + description: + - The annotations included in the group. + type: dict + required: false + + unmanaged_attribute_policy: + description: + - Policy for unmanaged attributes. + aliases: + - unmanagedAttributePolicy + type: str + choices: + - ENABLED + - ADMIN_EDIT + - ADMIN_VIEW + +notes: + - Currently, only a single V(declarative-user-profile) entry is supported for O(provider_id) (design of the Keyckoak API). + However, there can be multiple O(config.kc_user_profile_config[].attributes[]) entries. +extends_documentation_fragment: + - community.general.keycloak + - community.general.keycloak.actiongroup_keycloak + - community.general.attributes + +author: + - Eike Waldt (@yeoldegrove) +""" + +EXAMPLES = r""" +- name: Create a Declarative User Profile with default settings + community.general.keycloak_userprofile: + state: present + parent_id: master + config: + kc_user_profile_config: + - attributes: + - name: username + displayName: ${username} + validations: + length: + min: 3 + max: 255 + username_prohibited_characters: {} + up_username_not_idn_homograph: {} + annotations: {} + permissions: + view: + - admin + - user + edit: [] + multivalued: false + - name: email + displayName: ${email} + validations: + email: {} + length: + max: 255 + annotations: {} + required: + roles: + - user + permissions: + view: + - admin + - user + edit: [] + multivalued: false + - name: firstName + displayName: ${firstName} + validations: + length: + max: 255 + person_name_prohibited_characters: {} + annotations: {} + required: + roles: + - user + permissions: + view: + - admin + - user + edit: [] + multivalued: false + - name: lastName + displayName: ${lastName} + validations: + length: + max: 255 + person_name_prohibited_characters: {} + annotations: {} + required: + roles: + - user + permissions: + view: + - admin + - user + edit: [] + multivalued: false + groups: + - name: user-metadata + displayHeader: User metadata + displayDescription: Attributes, which refer to user metadata + annotations: {} + +- name: Delete a Keycloak User Profile Provider + keycloak_userprofile: + state: absent + parent_id: master + +# Unmanaged attributes are user attributes not explicitly defined in the User Profile +# configuration. By default, unmanaged attributes are "Disabled" and are not +# available from any context such as registration, account, and the +# administration console. By setting "Enabled", unmanaged attributes are fully +# recognized by the server and accessible through all contexts, useful if you are +# starting migrating an existing realm to the declarative User Profile +# and you don't have yet all user attributes defined in the User Profile configuration. +- name: Enable Unmanaged Attributes + community.general.keycloak_userprofile: + state: present + parent_id: master + config: + kc_user_profile_config: + - unmanagedAttributePolicy: ENABLED + +# By setting "Only administrators can write", unmanaged attributes can be managed +# only through the administration console and API, useful if you have already +# defined any custom attribute that can be managed by users but you are unsure +# about adding other attributes that should only be managed by administrators. +- name: Enable ADMIN_EDIT on Unmanaged Attributes + community.general.keycloak_userprofile: + state: present + parent_id: master + config: + kc_user_profile_config: + - unmanagedAttributePolicy: ADMIN_EDIT + +# By setting `Only administrators can view`, unmanaged attributes are read-only +# and only available through the administration console and API. +- name: Enable ADMIN_VIEW on Unmanaged Attributes + community.general.keycloak_userprofile: + state: present + parent_id: master + config: + kc_user_profile_config: + - unmanagedAttributePolicy: ADMIN_VIEW +""" + +RETURN = r""" +msg: + description: The output message generated by the module. + returned: always + type: str + sample: UserProfileProvider created successfully +data: + description: The data returned by the Keycloak API. + returned: when state is present + type: dict + sample: {'...': '...'} +""" + +from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ + keycloak_argument_spec, get_token, KeycloakError +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.six.moves.urllib.parse import urlencode +from copy import deepcopy +import json + + +def remove_null_values(data): + if isinstance(data, dict): + # Recursively remove null values from dictionaries + return {k: remove_null_values(v) for k, v in data.items() if v is not None} + elif isinstance(data, list): + # Recursively remove null values from lists + return [remove_null_values(item) for item in data if item is not None] + else: + # Return the data if it is neither a dictionary nor a list + return data + + +def camel_recursive(data): + if isinstance(data, dict): + # Convert keys to camelCase and apply recursively + return {camel(k): camel_recursive(v) for k, v in data.items()} + elif isinstance(data, list): + # Apply camelCase conversion to each item in the list + return [camel_recursive(item) for item in data] + else: + # Return the data as-is if it is not a dict or list + return data + + +def main(): + argument_spec = keycloak_argument_spec() + + meta_args = dict( + state=dict(type='str', choices=['present', 'absent'], default='present'), + parent_id=dict(type='str', aliases=['parentId', 'realm'], required=True), + provider_id=dict(type='str', aliases=['providerId'], default='declarative-user-profile', choices=['declarative-user-profile']), + provider_type=dict( + type='str', + aliases=['providerType'], + default='org.keycloak.userprofile.UserProfileProvider', + choices=['org.keycloak.userprofile.UserProfileProvider'] + ), + config=dict( + type='dict', + required=False, + options={ + 'kc_user_profile_config': dict( + type='list', + aliases=['kcUserProfileConfig'], + elements='dict', + options={ + 'attributes': dict( + type='list', + elements='dict', + required=False, + options={ + 'name': dict(type='str', required=True), + 'display_name': dict(type='str', aliases=['displayName'], required=True), + 'validations': dict( + type='dict', + options={ + 'length': dict( + type='dict', + options={ + 'min': dict(type='int', required=False), + 'max': dict(type='int', required=True) + } + ), + 'email': dict(type='dict', required=False), + 'username_prohibited_characters': dict(type='dict', aliases=['usernameProhibitedCharacters'], required=False), + 'up_username_not_idn_homograph': dict(type='dict', aliases=['upUsernameNotIdnHomograph'], required=False), + 'person_name_prohibited_characters': dict(type='dict', aliases=['personNameProhibitedCharacters'], required=False), + 'uri': dict(type='dict', required=False), + 'pattern': dict(type='dict', required=False), + 'options': dict(type='dict', required=False) + } + ), + 'annotations': dict(type='dict'), + 'group': dict(type='str'), + 'permissions': dict( + type='dict', + options={ + 'view': dict(type='list', elements='str', default=['admin', 'user']), + 'edit': dict(type='list', elements='str', default=['admin', 'user']) + } + ), + 'multivalued': dict(type='bool', default=False), + 'required': dict( + type='dict', + options={ + 'roles': dict(type='list', elements='str', default=['user']) + } + ) + } + ), + 'groups': dict( + type='list', + elements='dict', + options={ + 'name': dict(type='str', required=True), + 'display_header': dict(type='str', aliases=['displayHeader'], required=True), + 'display_description': dict(type='str', aliases=['displayDescription'], required=False), + 'annotations': dict(type='dict', required=False) + } + ), + 'unmanaged_attribute_policy': dict( + type='str', + aliases=['unmanagedAttributePolicy'], + choices=['ENABLED', 'ADMIN_EDIT', 'ADMIN_VIEW'], + required=False + ) + } + ) + } + ) + ) + + argument_spec.update(meta_args) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True, + required_one_of=([['token', 'auth_realm', 'auth_username', 'auth_password']]), + required_together=([['auth_realm', 'auth_username', 'auth_password']])) + + # Initialize the result object. Only "changed" seems to have special + # meaning for Ansible. + result = dict(changed=False, msg='', end_state={}, diff=dict(before={}, after={})) + + # This will include the current state of the realm userprofile if it is already + # present. This is only used for diff-mode. + before_realm_userprofile = {} + before_realm_userprofile['config'] = {} + + # Obtain access token, initialize API + try: + connection_header = get_token(module.params) + except KeycloakError as e: + module.fail_json(msg=str(e)) + + kc = KeycloakAPI(module, connection_header) + + params_to_ignore = list(keycloak_argument_spec().keys()) + ["state"] + + # Filter and map the parameters names that apply to the role + component_params = [ + x + for x in module.params + if x not in params_to_ignore and module.params.get(x) is not None + ] + + # Build a proposed changeset from parameters given to this module + changeset = {} + + # Build the changeset with proper JSON serialization for kc_user_profile_config + config = module.params.get('config') + changeset['config'] = {} + + # Generate a JSON payload for Keycloak Admin API from the module + # parameters. Parameters that do not belong to the JSON payload (e.g. + # "state" or "auth_keycloal_url") have been filtered away earlier (see + # above). + # + # This loop converts Ansible module parameters (snake-case) into + # Keycloak-compatible format (camel-case). For example proider_id + # becomes providerId. It also handles some special cases, e.g. aliases. + for component_param in component_params: + # realm/parent_id parameter + if component_param == 'realm' or component_param == 'parent_id': + changeset['parent_id'] = module.params.get(component_param) + changeset.pop(component_param, None) + # complex parameters in config suboptions + elif component_param == 'config': + for config_param in config: + # special parameter kc_user_profile_config + if config_param in ('kcUserProfileConfig', 'kc_user_profile_config'): + config_param_org = config_param + # rename parameter to be accepted by Keycloak API + config_param = 'kc.user.profile.config' + # make sure no null values are passed to Keycloak API + kc_user_profile_config = remove_null_values(config[config_param_org]) + changeset[camel(component_param)][config_param] = [] + if len(kc_user_profile_config) > 0: + # convert aliases to camelCase + kc_user_profile_config = camel_recursive(kc_user_profile_config) + # rename validations to be accepted by Keycloak API + if 'attributes' in kc_user_profile_config[0]: + for attribute in kc_user_profile_config[0]['attributes']: + if 'validations' in attribute: + if 'usernameProhibitedCharacters' in attribute['validations']: + attribute['validations']['username-prohibited-characters'] = ( + attribute['validations'].pop('usernameProhibitedCharacters') + ) + if 'upUsernameNotIdnHomograph' in attribute['validations']: + attribute['validations']['up-username-not-idn-homograph'] = ( + attribute['validations'].pop('upUsernameNotIdnHomograph') + ) + if 'personNameProhibitedCharacters' in attribute['validations']: + attribute['validations']['person-name-prohibited-characters'] = ( + attribute['validations'].pop('personNameProhibitedCharacters') + ) + changeset[camel(component_param)][config_param].append(kc_user_profile_config[0]) + # usual camelCase parameters + else: + changeset[camel(component_param)][camel(config_param)] = [] + raw_value = module.params.get(component_param)[config_param] + if isinstance(raw_value, bool): + value = str(raw_value).lower() + else: + value = raw_value # Directly use the raw value + changeset[camel(component_param)][camel(config_param)].append(value) + # usual parameters + else: + new_param_value = module.params.get(component_param) + changeset[camel(component_param)] = new_param_value + + # Make it easier to refer to current module parameters + state = module.params.get('state') + enabled = module.params.get('enabled') + parent_id = module.params.get('parent_id') + provider_type = module.params.get('provider_type') + provider_id = module.params.get('provider_id') + + # Make a deep copy of the changeset. This is use when determining + # changes to the current state. + changeset_copy = deepcopy(changeset) + + # Get a list of all Keycloak components that are of userprofile provider type. + realm_userprofiles = kc.get_components(urlencode(dict(type=provider_type)), parent_id) + + # If this component is present get its userprofile ID. Confusingly the userprofile ID is + # also known as the Provider ID. + userprofile_id = None + + # Track individual parameter changes + changes = "" + + # This tells Ansible whether the userprofile was changed (added, removed, modified) + result['changed'] = False + + # Loop through the list of components. If we encounter a component whose + # name matches the value of the name parameter then assume the userprofile is + # already present. + for userprofile in realm_userprofiles: + if provider_id == "declarative-user-profile": + userprofile_id = userprofile['id'] + changeset['id'] = userprofile_id + changeset_copy['id'] = userprofile_id + + # keycloak returns kc.user.profile.config as a single JSON formatted string, so we have to deserialize it + if 'config' in userprofile and 'kc.user.profile.config' in userprofile['config']: + userprofile['config']['kc.user.profile.config'][0] = json.loads(userprofile['config']['kc.user.profile.config'][0]) + + # Compare top-level parameters + for param, value in changeset.items(): + before_realm_userprofile[param] = userprofile[param] + + if changeset_copy[param] != userprofile[param] and param != 'config': + changes += "%s: %s -> %s, " % (param, userprofile[param], changeset_copy[param]) + result['changed'] = True + + # Compare parameters under the "config" userprofile + for p, v in changeset_copy['config'].items(): + before_realm_userprofile['config'][p] = userprofile['config'][p] + if changeset_copy['config'][p] != userprofile['config'][p]: + changes += "config.%s: %s -> %s, " % (p, userprofile['config'][p], changeset_copy['config'][p]) + result['changed'] = True + + # Check all the possible states of the resource and do what is needed to + # converge current state with desired state (create, update or delete + # the userprofile). + + # keycloak expects kc.user.profile.config as a single JSON formatted string, so we have to serialize it + if 'config' in changeset and 'kc.user.profile.config' in changeset['config']: + changeset['config']['kc.user.profile.config'][0] = json.dumps(changeset['config']['kc.user.profile.config'][0]) + if userprofile_id and state == 'present': + if result['changed']: + if module._diff: + result['diff'] = dict(before=before_realm_userprofile, after=changeset_copy) + + if module.check_mode: + result['msg'] = "Userprofile %s would be changed: %s" % (provider_id, changes.strip(", ")) + else: + kc.update_component(changeset, parent_id) + result['msg'] = "Userprofile %s changed: %s" % (provider_id, changes.strip(", ")) + else: + result['msg'] = "Userprofile %s was in sync" % (provider_id) + + result['end_state'] = changeset_copy + elif userprofile_id and state == 'absent': + if module._diff: + result['diff'] = dict(before=before_realm_userprofile, after={}) + + if module.check_mode: + result['changed'] = True + result['msg'] = "Userprofile %s would be deleted" % (provider_id) + else: + kc.delete_component(userprofile_id, parent_id) + result['changed'] = True + result['msg'] = "Userprofile %s deleted" % (provider_id) + + result['end_state'] = {} + elif not userprofile_id and state == 'present': + if module._diff: + result['diff'] = dict(before={}, after=changeset_copy) + + if module.check_mode: + result['changed'] = True + result['msg'] = "Userprofile %s would be created" % (provider_id) + else: + kc.create_component(changeset, parent_id) + result['changed'] = True + result['msg'] = "Userprofile %s created" % (provider_id) + + result['end_state'] = changeset_copy + elif not userprofile_id and state == 'absent': + result['changed'] = False + result['msg'] = "Userprofile %s not present" % (provider_id) + result['end_state'] = {} + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/keyring.py b/plugins/modules/keyring.py index 8329b727bd..3a8cbcae02 100644 --- a/plugins/modules/keyring.py +++ b/plugins/modules/keyring.py @@ -13,15 +13,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r""" ---- module: keyring version_added: 5.2.0 author: - Alexander Hussey (@ahussey-redhat) short_description: Set or delete a passphrase using the Operating System's native keyring description: >- - This module uses the L(keyring Python library, https://pypi.org/project/keyring/) - to set or delete passphrases for a given service and username from the OS' native keyring. + This module uses the L(keyring Python library, https://pypi.org/project/keyring/) to set or delete passphrases for a given + service and username from the OS' native keyring. requirements: - keyring (Python library) - gnome-keyring (application - required for headless Gnome keyring access) diff --git a/plugins/modules/keyring_info.py b/plugins/modules/keyring_info.py index 5c41ecc4d0..836ecafdde 100644 --- a/plugins/modules/keyring_info.py +++ b/plugins/modules/keyring_info.py @@ -13,15 +13,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r""" ---- module: keyring_info version_added: 5.2.0 author: - Alexander Hussey (@ahussey-redhat) short_description: Get a passphrase using the Operating System's native keyring description: >- - This module uses the L(keyring Python library, https://pypi.org/project/keyring/) - to retrieve passphrases for a given service and username from the OS' native keyring. + This module uses the L(keyring Python library, https://pypi.org/project/keyring/) to retrieve passphrases for a given service + and username from the OS' native keyring. requirements: - keyring (Python library) - gnome-keyring (application - required for headless Linux keyring access) @@ -45,24 +44,24 @@ options: """ EXAMPLES = r""" - - name: Retrieve password for service_name/user_name - community.general.keyring_info: - service: test - username: test1 - keyring_password: "{{ keyring_password }}" - register: test_password +- name: Retrieve password for service_name/user_name + community.general.keyring_info: + service: test + username: test1 + keyring_password: "{{ keyring_password }}" + register: test_password - - name: Display password - ansible.builtin.debug: - msg: "{{ test_password.passphrase }}" +- name: Display password + ansible.builtin.debug: + msg: "{{ test_password.passphrase }}" """ RETURN = r""" - passphrase: - description: A string containing the password. - returned: success and the password exists - type: str - sample: Password123 +passphrase: + description: A string containing the password. + returned: success and the password exists + type: str + sample: Password123 """ try: diff --git a/plugins/modules/kibana_plugin.py b/plugins/modules/kibana_plugin.py index f6744b3960..09703b504c 100644 --- a/plugins/modules/kibana_plugin.py +++ b/plugins/modules/kibana_plugin.py @@ -11,71 +11,70 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: kibana_plugin short_description: Manage Kibana plugins description: - - This module can be used to manage Kibana plugins. + - This module can be used to manage Kibana plugins. author: Thierno IB. BARRY (@barryib) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: + name: + description: - Name of the plugin to install. - required: true - type: str - state: - description: + required: true + type: str + state: + description: - Desired state of a plugin. - choices: ["present", "absent"] - default: present - type: str - url: - description: + choices: ["present", "absent"] + default: present + type: str + url: + description: - Set exact URL to download the plugin from. - - For local file, prefix its absolute path with file:// - type: str - timeout: - description: - - "Timeout setting: 30s, 1m, 1h etc." - default: 1m - type: str - plugin_bin: - description: + - For local file, prefix its absolute path with C(file://). + type: str + timeout: + description: + - 'Timeout setting: V(30s), V(1m), V(1h) and so on.' + default: 1m + type: str + plugin_bin: + description: - Location of the Kibana binary. - default: /opt/kibana/bin/kibana - type: path - plugin_dir: - description: + default: /opt/kibana/bin/kibana + type: path + plugin_dir: + description: - Your configured plugin directory specified in Kibana. - default: /opt/kibana/installedPlugins/ - type: path - version: - description: + default: /opt/kibana/installedPlugins/ + type: path + version: + description: - Version of the plugin to be installed. - If plugin exists with previous version, plugin will B(not) be updated unless O(force) is set to V(true). - type: str - force: - description: + type: str + force: + description: - Delete and re-install the plugin. Can be useful for plugins update. - type: bool - default: false - allow_root: - description: + type: bool + default: false + allow_root: + description: - Whether to allow C(kibana) and C(kibana-plugin) to be run as root. Passes the C(--allow-root) flag to these commands. - type: bool - default: false - version_added: 2.3.0 -''' + type: bool + default: false + version_added: 2.3.0 +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install Elasticsearch head plugin community.general.kibana_plugin: state: present @@ -91,38 +90,38 @@ EXAMPLES = ''' community.general.kibana_plugin: state: absent name: elasticsearch/marvel -''' +""" -RETURN = ''' +RETURN = r""" cmd: - description: the launched command during plugin management (install / remove) - returned: success - type: str + description: The launched command during plugin management (install / remove). + returned: success + type: str name: - description: the plugin name to install or remove - returned: success - type: str + description: The plugin name to install or remove. + returned: success + type: str url: - description: the url from where the plugin is installed from - returned: success - type: str + description: The URL from where the plugin is installed from. + returned: success + type: str timeout: - description: the timeout for plugin download - returned: success - type: str + description: The timeout for plugin download. + returned: success + type: str stdout: - description: the command stdout - returned: success - type: str + description: The command stdout. + returned: success + type: str stderr: - description: the command stderr - returned: success - type: str + description: The command stderr. + returned: success + type: str state: - description: the state for the managed plugin - returned: success - type: str -''' + description: The state for the managed plugin. + returned: success + type: str +""" import os from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/krb_ticket.py b/plugins/modules/krb_ticket.py new file mode 100644 index 0000000000..e021050c22 --- /dev/null +++ b/plugins/modules/krb_ticket.py @@ -0,0 +1,383 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright (c) 2024 Alexander Bakanovskii +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r""" +module: krb_ticket +short_description: Kerberos utils for managing tickets +version_added: 10.0.0 +description: + - Manage Kerberos tickets with C(kinit), C(klist) and C(kdestroy) base utilities. + - See U(https://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/index.html) for reference. +author: "Alexander Bakanovskii (@abakanovskii)" +attributes: + check_mode: + support: full + diff_mode: + support: none +options: + password: + description: + - Principal password. + - It is required to specify O(password) or O(keytab_path). + type: str + principal: + description: + - The principal name. + - If not set, the user running this module will be used. + type: str + state: + description: + - The state of the Kerberos ticket. + - V(present) is equivalent of C(kinit) command. + - V(absent) is equivalent of C(kdestroy) command. + type: str + default: present + choices: ["present", "absent"] + kdestroy_all: + description: + - When O(state=absent) destroys all credential caches in collection. + - Equivalent of running C(kdestroy -A). + type: bool + cache_name: + description: + - Use O(cache_name) as the ticket cache name and location. + - If this option is not used, the default cache name and location are used. + - The default credentials cache may vary between systems. + - If not set the the value of E(KRB5CCNAME) environment variable will be used instead, its value is used to name the + default ticket cache. + type: str + lifetime: + description: + - Requests a ticket with the lifetime, if the O(lifetime) is not specified, the default ticket lifetime is used. + - Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) will not override the + configured maximum ticket lifetime. + - 'The value for O(lifetime) must be followed by one of the following suffixes: V(s) - seconds, V(m) - minutes, V(h) + - hours, V(d) - days.' + - You cannot mix units; a value of V(3h30m) will result in an error. + - See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference. + type: str + start_time: + description: + - Requests a postdated ticket. + - Postdated tickets are issued with the invalid flag set, and need to be resubmitted to the KDC for validation before + use. + - O(start_time) specifies the duration of the delay before the ticket can become valid. + - You can use absolute time formats, for example V(July 27, 2012 at 20:30) you would neet to set O(start_time=20120727203000). + - You can also use time duration format similar to O(lifetime) or O(renewable). + - See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference. + type: str + renewable: + description: + - Requests renewable tickets, with a total lifetime equal to O(renewable). + - 'The value for O(renewable) must be followed by one of the following delimiters: V(s) - seconds, V(m) - minutes, V(h) + - hours, V(d) - days.' + - You cannot mix units; a value of V(3h30m) will result in an error. + - See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference. + type: str + forwardable: + description: + - Request forwardable or non-forwardable tickets. + type: bool + proxiable: + description: + - Request proxiable or non-proxiable tickets. + type: bool + address_restricted: + description: + - Request tickets restricted to the host's local address or non-restricted. + type: bool + anonymous: + description: + - Requests anonymous processing. + type: bool + canonicalization: + description: + - Requests canonicalization of the principal name, and allows the KDC to reply with a different client principal from + the one requested. + type: bool + enterprise: + description: + - Treats the principal name as an enterprise name (implies the O(canonicalization) option). + type: bool + renewal: + description: + - Requests renewal of the ticket-granting ticket. + - Note that an expired ticket cannot be renewed, even if the ticket is still within its renewable life. + type: bool + validate: + description: + - Requests that the ticket-granting ticket in the cache (with the invalid flag set) be passed to the KDC for validation. + - If the ticket is within its requested time range, the cache is replaced with the validated ticket. + type: bool + keytab: + description: + - Requests a ticket, obtained from a key in the local host's keytab. + - If O(keytab_path) is not specified will try to use default client keytab path (C(-i) option). + type: bool + keytab_path: + description: + - Use when O(keytab=true) to specify path to a keytab file. + - It is required to specify O(password) or O(keytab_path). + type: path +requirements: + - krb5-user and krb5-config packages +extends_documentation_fragment: + - community.general.attributes +""" + +EXAMPLES = r""" +- name: Get Kerberos ticket using default principal + community.general.krb_ticket: + password: some_password + +- name: Get Kerberos ticket using keytab + community.general.krb_ticket: + keytab: true + keytab_path: /etc/ipa/file.keytab + +- name: Get Kerberos ticket with a lifetime of 7 days + community.general.krb_ticket: + password: some_password + lifetime: 7d + +- name: Get Kerberos ticket with a starting time of July 2, 2024, 1:35:30 p.m. + community.general.krb_ticket: + password: some_password + start_time: "240702133530" + +- name: Get Kerberos ticket using principal name + community.general.krb_ticket: + password: some_password + principal: admin + +- name: Get Kerberos ticket using principal with realm + community.general.krb_ticket: + password: some_password + principal: admin@IPA.TEST + +- name: Check for existence by ticket cache + community.general.krb_ticket: + cache_name: KEYRING:persistent:0:0 + +- name: Make sure default ticket is destroyed + community.general.krb_ticket: + state: absent + +- name: Make sure specific ticket destroyed by principal + community.general.krb_ticket: + state: absent + principal: admin@IPA.TEST + +- name: Make sure specific ticket destroyed by cache_name + community.general.krb_ticket: + state: absent + cache_name: KEYRING:persistent:0:0 + +- name: Make sure all tickets are destroyed + community.general.krb_ticket: + state: absent + kdestroy_all: true +""" + +from ansible.module_utils.basic import AnsibleModule, env_fallback +from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt + + +class IPAKeytab(object): + def __init__(self, module, **kwargs): + self.module = module + self.password = kwargs['password'] + self.principal = kwargs['principal'] + self.state = kwargs['state'] + self.kdestroy_all = kwargs['kdestroy_all'] + self.cache_name = kwargs['cache_name'] + self.start_time = kwargs['start_time'] + self.renewable = kwargs['renewable'] + self.forwardable = kwargs['forwardable'] + self.proxiable = kwargs['proxiable'] + self.address_restricted = kwargs['address_restricted'] + self.canonicalization = kwargs['canonicalization'] + self.enterprise = kwargs['enterprise'] + self.renewal = kwargs['renewal'] + self.validate = kwargs['validate'] + self.keytab = kwargs['keytab'] + self.keytab_path = kwargs['keytab_path'] + + self.kinit = CmdRunner( + module, + command='kinit', + arg_formats=dict( + lifetime=cmd_runner_fmt.as_opt_val('-l'), + start_time=cmd_runner_fmt.as_opt_val('-s'), + renewable=cmd_runner_fmt.as_opt_val('-r'), + forwardable=cmd_runner_fmt.as_bool('-f', '-F', ignore_none=True), + proxiable=cmd_runner_fmt.as_bool('-p', '-P', ignore_none=True), + address_restricted=cmd_runner_fmt.as_bool('-a', '-A', ignore_none=True), + anonymous=cmd_runner_fmt.as_bool('-n'), + canonicalization=cmd_runner_fmt.as_bool('-C'), + enterprise=cmd_runner_fmt.as_bool('-E'), + renewal=cmd_runner_fmt.as_bool('-R'), + validate=cmd_runner_fmt.as_bool('-v'), + keytab=cmd_runner_fmt.as_bool('-k'), + keytab_path=cmd_runner_fmt.as_func(lambda v: ['-t', v] if v else ['-i']), + cache_name=cmd_runner_fmt.as_opt_val('-c'), + principal=cmd_runner_fmt.as_list(), + ) + ) + + self.kdestroy = CmdRunner( + module, + command='kdestroy', + arg_formats=dict( + kdestroy_all=cmd_runner_fmt.as_bool('-A'), + cache_name=cmd_runner_fmt.as_opt_val('-c'), + principal=cmd_runner_fmt.as_opt_val('-p'), + ) + ) + + self.klist = CmdRunner( + module, + command='klist', + arg_formats=dict( + show_list=cmd_runner_fmt.as_bool('-l'), + ) + ) + + def exec_kinit(self): + params = dict(self.module.params) + with self.kinit( + "lifetime start_time renewable forwardable proxiable address_restricted anonymous " + "canonicalization enterprise renewal validate keytab keytab_path cache_name principal", + check_rc=True, + data=self.password, + ) as ctx: + rc, out, err = ctx.run(**params) + return out + + def exec_kdestroy(self): + params = dict(self.module.params) + with self.kdestroy( + "kdestroy_all cache_name principal", + check_rc=True + ) as ctx: + rc, out, err = ctx.run(**params) + return out + + def exec_klist(self, show_list): + # Use chech_rc = False because + # If no tickets present, klist command will always return rc = 1 + params = dict(show_list=show_list) + with self.klist( + "show_list", + check_rc=False + ) as ctx: + rc, out, err = ctx.run(**params) + return rc, out, err + + def check_ticket_present(self): + ticket_present = True + show_list = False + + if not self.principal and not self.cache_name: + rc, out, err = self.exec_klist(show_list) + if rc != 0: + ticket_present = False + else: + show_list = True + rc, out, err = self.exec_klist(show_list) + if self.principal and self.principal not in str(out): + ticket_present = False + if self.cache_name and self.cache_name not in str(out): + ticket_present = False + + return ticket_present + + +def main(): + arg_spec = dict( + principal=dict(type='str'), + password=dict(type='str', no_log=True), + state=dict(default='present', choices=['present', 'absent']), + kdestroy_all=dict(type='bool'), + cache_name=dict(type='str', fallback=(env_fallback, ['KRB5CCNAME'])), + lifetime=dict(type='str'), + start_time=dict(type='str'), + renewable=dict(type='str'), + forwardable=dict(type='bool'), + proxiable=dict(type='bool'), + address_restricted=dict(type='bool'), + anonymous=dict(type='bool'), + canonicalization=dict(type='bool'), + enterprise=dict(type='bool'), + renewal=dict(type='bool'), + validate=dict(type='bool'), + keytab=dict(type='bool'), + keytab_path=dict(type='path'), + ) + module = AnsibleModule( + argument_spec=arg_spec, + supports_check_mode=True, + required_by={ + 'keytab_path': 'keytab' + }, + required_if=[ + ('state', 'present', ('password', 'keytab_path'), True), + ], + ) + + state = module.params['state'] + kdestroy_all = module.params['kdestroy_all'] + + keytab = IPAKeytab(module, + state=state, + kdestroy_all=kdestroy_all, + principal=module.params['principal'], + password=module.params['password'], + cache_name=module.params['cache_name'], + lifetime=module.params['lifetime'], + start_time=module.params['start_time'], + renewable=module.params['renewable'], + forwardable=module.params['forwardable'], + proxiable=module.params['proxiable'], + address_restricted=module.params['address_restricted'], + anonymous=module.params['anonymous'], + canonicalization=module.params['canonicalization'], + enterprise=module.params['enterprise'], + renewal=module.params['renewal'], + validate=module.params['validate'], + keytab=module.params['keytab'], + keytab_path=module.params['keytab_path'], + ) + + if module.params['keytab_path'] is not None and module.params['keytab'] is not True: + module.fail_json(msg="If keytab_path is specified then keytab parameter must be True") + + changed = False + if state == 'present': + if not keytab.check_ticket_present(): + changed = True + if not module.check_mode: + keytab.exec_kinit() + + if state == 'absent': + if kdestroy_all: + changed = True + if not module.check_mode: + keytab.exec_kdestroy() + elif keytab.check_ticket_present(): + changed = True + if not module.check_mode: + keytab.exec_kdestroy() + + module.exit_json(changed=changed) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/launchd.py b/plugins/modules/launchd.py index e5942ea7cf..03dc3a5928 100644 --- a/plugins/modules/launchd.py +++ b/plugins/modules/launchd.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: launchd author: - Martin Migasiewicz (@martinm82) @@ -20,51 +19,53 @@ description: extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - description: + name: + description: - Name of the service. - type: str - required: true - state: - description: - - V(started)/V(stopped) are idempotent actions that will not run - commands unless necessary. - - Launchd does not support V(restarted) nor V(reloaded) natively. - These will trigger a stop/start (restarted) or an unload/load - (reloaded). - - V(restarted) unloads and loads the service before start to ensure - that the latest job definition (plist) is used. - - V(reloaded) unloads and loads the service to ensure that the latest - job definition (plist) is used. Whether a service is started or - stopped depends on the content of the definition file. - type: str - choices: [ reloaded, restarted, started, stopped, unloaded ] - enabled: - description: + type: str + required: true + plist: + description: + - Name of the V(.plist) file for the service. + - Defaults to V({name}.plist). + type: str + version_added: 10.1.0 + state: + description: + - V(started)/V(stopped) are idempotent actions that will not run commands unless necessary. + - Launchd does not support V(restarted) nor V(reloaded) natively. These will trigger a stop/start (restarted) or an + unload/load (reloaded). + - V(restarted) unloads and loads the service before start to ensure that the latest job definition (plist) is used. + - V(reloaded) unloads and loads the service to ensure that the latest job definition (plist) is used. Whether a service + is started or stopped depends on the content of the definition file. + type: str + choices: [reloaded, restarted, started, stopped, unloaded] + enabled: + description: - Whether the service should start on boot. - - B(At least one of state and enabled are required.) - type: bool - force_stop: - description: + - B(At least one of state and enabled are required). + type: bool + force_stop: + description: - Whether the service should not be restarted automatically by launchd. - - Services might have the 'KeepAlive' attribute set to true in a launchd configuration. - In case this is set to true, stopping a service will cause that launchd starts the service again. - - Set this option to V(true) to let this module change the 'KeepAlive' attribute to V(false). - type: bool - default: false + - Services might have the 'KeepAlive' attribute set to true in a launchd configuration. In case this is set to true, + stopping a service will cause that launchd starts the service again. + - Set this option to V(true) to let this module change the C(KeepAlive) attribute to V(false). + type: bool + default: false notes: -- A user must privileged to manage services using this module. + - A user must privileged to manage services using this module. requirements: -- A system managed by launchd -- The plistlib python library -''' + - A system managed by launchd + - The plistlib Python library +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Make sure spotify webhelper is started community.general.launchd: name: com.spotify.webhelper @@ -100,11 +101,17 @@ EXAMPLES = r''' community.general.launchd: name: org.memcached state: unloaded -''' -RETURN = r''' +- name: restart sshd + community.general.launchd: + name: com.openssh.sshd + plist: ssh.plist + state: restarted +""" + +RETURN = r""" status: - description: Metadata about service status + description: Metadata about service status. returned: always type: dict sample: @@ -114,7 +121,7 @@ status: "previous_pid": "82636", "previous_state": "running" } -''' +""" import os import plistlib @@ -145,25 +152,31 @@ class ServiceState: class Plist: - def __init__(self, module, service): + def __init__(self, module, service, filename=None): self.__changed = False self.__service = service + if filename is not None: + self.__filename = filename + else: + self.__filename = '%s.plist' % service state, pid, dummy, dummy = LaunchCtlList(module, self.__service).run() # Check if readPlist is available or not self.old_plistlib = hasattr(plistlib, 'readPlist') - self.__file = self.__find_service_plist(self.__service) + self.__file = self.__find_service_plist(self.__filename) if self.__file is None: - msg = 'Unable to infer the path of %s service plist file' % self.__service + msg = 'Unable to find the plist file %s for service %s' % ( + self.__filename, self.__service, + ) if pid is None and state == ServiceState.UNLOADED: msg += ' and it was not found among active services' module.fail_json(msg=msg) self.__update(module) @staticmethod - def __find_service_plist(service_name): + def __find_service_plist(filename): """Finds the plist file associated with a service""" launchd_paths = [ @@ -180,7 +193,6 @@ class Plist: except OSError: continue - filename = '%s.plist' % service_name if filename in files: return os.path.join(path, filename) return None @@ -461,6 +473,7 @@ def main(): module = AnsibleModule( argument_spec=dict( name=dict(type='str', required=True), + plist=dict(type='str'), state=dict(type='str', choices=['reloaded', 'restarted', 'started', 'stopped', 'unloaded']), enabled=dict(type='bool'), force_stop=dict(type='bool', default=False), @@ -472,6 +485,7 @@ def main(): ) service = module.params['name'] + plist_filename = module.params['plist'] action = module.params['state'] rc = 0 out = err = '' @@ -483,7 +497,7 @@ def main(): # We will tailor the plist file in case one of the options # (enabled, force_stop) was specified. - plist = Plist(module, service) + plist = Plist(module, service, plist_filename) result['changed'] = plist.is_changed() # Gather information about the service to be controlled. @@ -514,7 +528,8 @@ def main(): result['status']['current_pid'] != result['status']['previous_pid']): result['changed'] = True if module.check_mode: - result['changed'] = True + if result['status']['current_state'] != action: + result['changed'] = True module.exit_json(**result) diff --git a/plugins/modules/layman.py b/plugins/modules/layman.py index 13d514274b..b0fab39233 100644 --- a/plugins/modules/layman.py +++ b/plugins/modules/layman.py @@ -10,14 +10,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: layman author: "Jakub Jirutka (@jirutka)" short_description: Manage Gentoo overlays description: - - Uses Layman to manage an additional repositories for the Portage package manager on Gentoo Linux. - Please note that Layman must be installed on a managed node prior using this module. + - Uses Layman to manage an additional repositories for the Portage package manager on Gentoo Linux. Please note that Layman + must be installed on a managed node prior using this module. requirements: - layman python module extends_documentation_fragment: @@ -30,15 +29,14 @@ attributes: options: name: description: - - The overlay id to install, synchronize, or uninstall. - Use 'ALL' to sync all of the installed overlays (can be used only when O(state=updated)). + - The overlay ID to install, synchronize, or uninstall. Use V(ALL) to sync all of the installed overlays (can be used + only when O(state=updated)). required: true type: str list_url: description: - - An URL of the alternative overlays list that defines the overlay to install. - This list will be fetched and saved under C(${overlay_defs}/${name}.xml), where - C(overlay_defs) is read from the Layman's configuration. + - An URL of the alternative overlays list that defines the overlay to install. This list will be fetched and saved under + C(${overlay_defs}/${name}.xml), where C(overlay_defs) is read from the Layman's configuration. aliases: [url] type: str state: @@ -49,14 +47,12 @@ options: type: str validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be - set to V(false) when no other option exists. Prior to 1.9.3 the code - defaulted to V(false). + - If V(false), SSL certificates will not be validated. This should only be set to V(false) when no other option exists. type: bool default: true -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install the overlay mozilla which is on the central overlays list community.general.layman: name: mozilla @@ -81,7 +77,7 @@ EXAMPLES = ''' community.general.layman: name: cvut state: absent -''' +""" import shutil import traceback diff --git a/plugins/modules/lbu.py b/plugins/modules/lbu.py index c961b6060d..e91fd5e01a 100644 --- a/plugins/modules/lbu.py +++ b/plugins/modules/lbu.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: lbu short_description: Local Backup Utility for Alpine Linux @@ -17,8 +16,7 @@ short_description: Local Backup Utility for Alpine Linux version_added: '0.2.0' description: - - Manage Local Backup Utility of Alpine Linux in run-from-RAM mode - + - Manage Local Backup Utility of Alpine Linux in run-from-RAM mode. extends_documentation_fragment: - community.general.attributes @@ -31,24 +29,24 @@ attributes: options: commit: description: - - Control whether to commit changed files. + - Control whether to commit changed files. type: bool exclude: description: - - List of paths to exclude. + - List of paths to exclude. type: list elements: str include: description: - - List of paths to include. + - List of paths to include. type: list elements: str author: - Kaarle Ritvanen (@kunkku) -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" # Commit changed files (if any) - name: Commit community.general.lbu: @@ -59,22 +57,22 @@ EXAMPLES = ''' community.general.lbu: commit: true exclude: - - /etc/opt + - /etc/opt # Include paths without committing - name: Include file and directory community.general.lbu: include: - - /root/.ssh/authorized_keys - - /var/lib/misc -''' + - /root/.ssh/authorized_keys + - /var/lib/misc +""" -RETURN = ''' +RETURN = r""" msg: - description: Error message + description: Error message. type: str returned: on failure -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/ldap_attrs.py b/plugins/modules/ldap_attrs.py index 7986833a6e..c7ccd42154 100644 --- a/plugins/modules/ldap_attrs.py +++ b/plugins/modules/ldap_attrs.py @@ -12,27 +12,17 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: ldap_attrs short_description: Add or remove multiple LDAP attribute values description: - Add or remove multiple LDAP attribute values. notes: - - This only deals with attributes on existing entries. To add or remove - whole entries, see M(community.general.ldap_entry). - - The default authentication settings will attempt to use a SASL EXTERNAL - bind over a UNIX domain socket. This works well with the default Ubuntu - install for example, which includes a cn=peercred,cn=external,cn=auth ACL - rule allowing root to modify the server configuration. If you need to use - a simple bind to access your server, pass the credentials in O(bind_dn) - and O(bind_pw). - - For O(state=present) and O(state=absent), all value comparisons are - performed on the server for maximum accuracy. For O(state=exact), values - have to be compared in Python, which obviously ignores LDAP matching - rules. This should work out in most cases, but it is theoretically - possible to see spurious changes when target and actual values are - semantically identical but lexically distinct. + - This only deals with attributes on existing entries. To add or remove whole entries, see M(community.general.ldap_entry). + - For O(state=present) and O(state=absent), all value comparisons are performed on the server for maximum accuracy. For + O(state=exact), values have to be compared in Python, which obviously ignores LDAP matching rules. This should work out + in most cases, but it is theoretically possible to see spurious changes when target and actual values are semantically + identical but lexically distinct. version_added: '0.2.0' author: - Jiri Tyr (@jtyr) @@ -53,46 +43,39 @@ options: choices: [present, absent, exact] default: present description: - - The state of the attribute values. If V(present), all given attribute - values will be added if they're missing. If V(absent), all given - attribute values will be removed if present. If V(exact), the set of - attribute values will be forced to exactly those provided and no others. - If O(state=exact) and the attribute value is empty, all values for + - The state of the attribute values. If V(present), all given attribute values will be added if they are missing. If + V(absent), all given attribute values will be removed if present. If V(exact), the set of attribute values will be + forced to exactly those provided and no others. If O(state=exact) and the attribute value is empty, all values for this attribute will be removed. attributes: required: true type: dict description: - The attribute(s) and value(s) to add or remove. - - Each attribute value can be a string for single-valued attributes or - a list of strings for multi-valued attributes. - - If you specify values for this option in YAML, please note that you can improve - readability for long string values by using YAML block modifiers as seen in the - examples for this module. - - Note that when using values that YAML/ansible-core interprets as other types, - like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if - these are meant to be strings. Otherwise the wrong values may be sent to LDAP. + - Each attribute value can be a string for single-valued attributes or a list of strings for multi-valued attributes. + - If you specify values for this option in YAML, please note that you can improve readability for long string values + by using YAML block modifiers as seen in the examples for this module. + - Note that when using values that YAML/ansible-core interprets as other types, like V(yes), V(no) (booleans), or V(2.10) + (float), make sure to quote them if these are meant to be strings. Otherwise the wrong values may be sent to LDAP. ordered: required: false type: bool default: false description: - - If V(true), prepend list values with X-ORDERED index numbers in all - attributes specified in the current task. This is useful mostly with - C(olcAccess) attribute to easily manage LDAP Access Control Lists. + - If V(true), prepend list values with X-ORDERED index numbers in all attributes specified in the current task. This + is useful mostly with C(olcAccess) attribute to easily manage LDAP Access Control Lists. extends_documentation_fragment: - community.general.ldap.documentation - community.general.attributes - -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Configure directory number 1 for example.com community.general.ldap_attrs: dn: olcDatabase={1}hdb,cn=config attributes: - olcSuffix: dc=example,dc=com + olcSuffix: dc=example,dc=com state: exact # The complex argument format is required here to pass a list of ACL strings. @@ -100,17 +83,17 @@ EXAMPLES = r''' community.general.ldap_attrs: dn: olcDatabase={1}hdb,cn=config attributes: - olcAccess: - - >- - {0}to attrs=userPassword,shadowLastChange - by self write - by anonymous auth - by dn="cn=admin,dc=example,dc=com" write - by * none' - - >- - {1}to dn.base="dc=example,dc=com" - by dn="cn=admin,dc=example,dc=com" write - by * read + olcAccess: + - >- + {0}to attrs=userPassword,shadowLastChange + by self write + by anonymous auth + by dn="cn=admin,dc=example,dc=com" write + by * none' + - >- + {1}to dn.base="dc=example,dc=com" + by dn="cn=admin,dc=example,dc=com" write + by * read state: exact # An alternative approach with automatic X-ORDERED numbering @@ -118,17 +101,17 @@ EXAMPLES = r''' community.general.ldap_attrs: dn: olcDatabase={1}hdb,cn=config attributes: - olcAccess: - - >- - to attrs=userPassword,shadowLastChange - by self write - by anonymous auth - by dn="cn=admin,dc=example,dc=com" write - by * none' - - >- - to dn.base="dc=example,dc=com" - by dn="cn=admin,dc=example,dc=com" write - by * read + olcAccess: + - >- + to attrs=userPassword,shadowLastChange + by self write + by anonymous auth + by dn="cn=admin,dc=example,dc=com" write + by * none' + - >- + to dn.base="dc=example,dc=com" + by dn="cn=admin,dc=example,dc=com" write + by * read ordered: true state: exact @@ -136,23 +119,23 @@ EXAMPLES = r''' community.general.ldap_attrs: dn: olcDatabase={1}hdb,cn=config attributes: - olcDbIndex: - - objectClass eq - - uid eq + olcDbIndex: + - objectClass eq + - uid eq - name: Set up a root user, which we can use later to bootstrap the directory community.general.ldap_attrs: dn: olcDatabase={1}hdb,cn=config attributes: - olcRootDN: cn=root,dc=example,dc=com - olcRootPW: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND" + olcRootDN: cn=root,dc=example,dc=com + olcRootPW: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND" state: exact - name: Remove an attribute with a specific value community.general.ldap_attrs: dn: uid=jdoe,ou=people,dc=example,dc=com attributes: - description: "An example user account" + description: "An example user account" state: absent server_uri: ldap://localhost/ bind_dn: cn=admin,dc=example,dc=com @@ -162,22 +145,22 @@ EXAMPLES = r''' community.general.ldap_attrs: dn: uid=jdoe,ou=people,dc=example,dc=com attributes: - description: [] + description: [] state: exact server_uri: ldap://localhost/ bind_dn: cn=admin,dc=example,dc=com bind_pw: password -''' +""" -RETURN = r''' +RETURN = r""" modlist: - description: list of modified parameters + description: List of modified parameters. returned: success type: list sample: - [2, "olcRootDN", ["cn=root,dc=example,dc=com"]] -''' +""" import traceback diff --git a/plugins/modules/ldap_entry.py b/plugins/modules/ldap_entry.py index 5deaf7c4c4..230f6337ab 100644 --- a/plugins/modules/ldap_entry.py +++ b/plugins/modules/ldap_entry.py @@ -11,21 +11,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ldap_entry short_description: Add or remove LDAP entries description: - - Add or remove LDAP entries. This module only asserts the existence or - non-existence of an LDAP entry, not its attributes. To assert the - attribute values of an entry, see M(community.general.ldap_attrs). -notes: - - The default authentication settings will attempt to use a SASL EXTERNAL - bind over a UNIX domain socket. This works well with the default Ubuntu - install for example, which includes a cn=peercred,cn=external,cn=auth ACL - rule allowing root to modify the server configuration. If you need to use - a simple bind to access your server, pass the credentials in O(bind_dn) - and O(bind_pw). + - Add or remove LDAP entries. This module only asserts the existence or non-existence of an LDAP entry, not its attributes. + To assert the attribute values of an entry, see M(community.general.ldap_attrs). author: - Jiri Tyr (@jtyr) requirements: @@ -38,24 +29,19 @@ attributes: options: attributes: description: - - If O(state=present), attributes necessary to create an entry. Existing - entries are never modified. To assert specific attribute values on an - existing entry, use M(community.general.ldap_attrs) module instead. - - Each attribute value can be a string for single-valued attributes or - a list of strings for multi-valued attributes. - - If you specify values for this option in YAML, please note that you can improve - readability for long string values by using YAML block modifiers as seen in the - examples for this module. - - Note that when using values that YAML/ansible-core interprets as other types, - like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if - these are meant to be strings. Otherwise the wrong values may be sent to LDAP. + - If O(state=present), attributes necessary to create an entry. Existing entries are never modified. To assert specific + attribute values on an existing entry, use M(community.general.ldap_attrs) module instead. + - Each attribute value can be a string for single-valued attributes or a list of strings for multi-valued attributes. + - If you specify values for this option in YAML, please note that you can improve readability for long string values + by using YAML block modifiers as seen in the examples for this module. + - Note that when using values that YAML/ansible-core interprets as other types, like V(yes), V(no) (booleans), or V(2.10) + (float), make sure to quote them if these are meant to be strings. Otherwise the wrong values may be sent to LDAP. type: dict default: {} objectClass: description: - - If O(state=present), value or list of values to use when creating - the entry. It can either be a string or an actual list of - strings. + - If O(state=present), value or list of values to use when creating the entry. It can either be a string or an actual + list of strings. type: list elements: str state: @@ -66,19 +52,17 @@ options: type: str recursive: description: - - If O(state=delete), a flag indicating whether a single entry or the - whole branch must be deleted. + - If O(state=delete), a flag indicating whether a single entry or the whole branch must be deleted. type: bool default: false version_added: 4.6.0 extends_documentation_fragment: - community.general.ldap.documentation - community.general.attributes - -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Make sure we have a parent entry for users community.general.ldap_entry: dn: ou=users,dc=example,dc=com @@ -103,19 +87,19 @@ EXAMPLES = """ attributes: description: An LDAP Administrator roleOccupant: - - cn=Chocs Puddington,ou=Information Technology,dc=example,dc=com - - cn=Alice Stronginthebrain,ou=Information Technology,dc=example,dc=com + - cn=Chocs Puddington,ou=Information Technology,dc=example,dc=com + - cn=Alice Stronginthebrain,ou=Information Technology,dc=example,dc=com olcAccess: - - >- - {0}to attrs=userPassword,shadowLastChange - by self write - by anonymous auth - by dn="cn=admin,dc=example,dc=com" write - by * none' - - >- - {1}to dn.base="dc=example,dc=com" - by dn="cn=admin,dc=example,dc=com" write - by * read + - >- + {0}to attrs=userPassword,shadowLastChange + by self write + by anonymous auth + by dn="cn=admin,dc=example,dc=com" write + by * none' + - >- + {1}to dn.base="dc=example,dc=com" + by dn="cn=admin,dc=example,dc=com" write + by * read - name: Get rid of an old entry community.general.ldap_entry: @@ -143,7 +127,7 @@ EXAMPLES = """ """ -RETURN = """ +RETURN = r""" # Default return values """ diff --git a/plugins/modules/ldap_inc.py b/plugins/modules/ldap_inc.py new file mode 100644 index 0000000000..ea6788de66 --- /dev/null +++ b/plugins/modules/ldap_inc.py @@ -0,0 +1,243 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2024, Philippe Duveau +# Copyright (c) 2019, Maciej Delmanowski (ldap_attrs.py) +# Copyright (c) 2017, Alexander Korinek (ldap_attrs.py) +# Copyright (c) 2016, Peter Sagerson (ldap_attrs.py) +# Copyright (c) 2016, Jiri Tyr (ldap_attrs.py) +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +# The code of this module is derived from that of ldap_attrs.py + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +DOCUMENTATION = r""" +module: ldap_inc +short_description: Use the Modify-Increment LDAP V3 feature to increment an attribute value +version_added: 10.2.0 +description: + - Atomically increments the value of an attribute and return its new value. +notes: + - When implemented by the directory server, the module uses the ModifyIncrement extension defined in L(RFC4525, https://www.rfc-editor.org/rfc/rfc4525.html) + and the control PostRead. This extension and the control are implemented in OpenLdap but not all directory servers implement + them. In this case, the module automatically uses a more classic method based on two phases, first the current value is + read then the modify operation remove the old value and add the new one in a single request. If the value has changed + by a concurrent call then the remove action will fail. Then the sequence is retried 3 times before raising an error to + the playbook. In an heavy modification environment, the module does not guarante to be systematically successful. + - This only deals with integer attribute of an existing entry. To modify attributes of an entry, see M(community.general.ldap_attrs) + or to add or remove whole entries, see M(community.general.ldap_entry). +author: + - Philippe Duveau (@pduveau) +requirements: + - python-ldap +attributes: + check_mode: + support: full + diff_mode: + support: none +options: + dn: + required: true + type: str + description: + - The DN entry containing the attribute to increment. + attribute: + required: true + type: str + description: + - The attribute to increment. + increment: + required: false + type: int + default: 1 + description: + - The value of the increment to apply. + method: + required: false + type: str + default: auto + choices: [auto, rfc4525, legacy] + description: + - If V(auto), the module determines automatically the method to use. + - If V(rfc4525) or V(legacy) force to use the corresponding method. +extends_documentation_fragment: + - community.general.ldap.documentation + - community.general.attributes +""" + + +EXAMPLES = r""" +- name: Increments uidNumber 1 Number for example.com + community.general.ldap_inc: + dn: "cn=uidNext,ou=unix-management,dc=example,dc=com" + attribute: "uidNumber" + increment: "1" + register: ldap_uidNumber_sequence + +- name: Modifies the user to define its identification number (uidNumber) when incrementation is successful + community.general.ldap_attrs: + dn: "cn=john,ou=posix-users,dc=example,dc=com" + state: present + attributes: + - uidNumber: "{{ ldap_uidNumber_sequence.value }}" + when: ldap_uidNumber_sequence.incremented +""" + + +RETURN = r""" +incremented: + description: + - It is set to V(true) if the attribute value has changed. + returned: success + type: bool + sample: true + +attribute: + description: + - The name of the attribute that was incremented. + returned: success + type: str + sample: uidNumber + +value: + description: + - The new value after incrementing. + returned: success + type: str + sample: "2" + +rfc4525: + description: + - Is V(true) if the method used to increment is based on RFC4525, V(false) if legacy. + returned: success + type: bool + sample: true +""" + +from ansible.module_utils.basic import AnsibleModule, missing_required_lib +from ansible.module_utils.common.text.converters import to_native, to_bytes +from ansible_collections.community.general.plugins.module_utils import deps +from ansible_collections.community.general.plugins.module_utils.ldap import LdapGeneric, gen_specs, ldap_required_together + +with deps.declare("ldap", reason=missing_required_lib('python-ldap')): + import ldap + import ldap.controls.readentry + + +class LdapInc(LdapGeneric): + def __init__(self, module): + LdapGeneric.__init__(self, module) + # Shortcuts + self.attr = self.module.params['attribute'] + self.increment = self.module.params['increment'] + self.method = self.module.params['method'] + + def inc_rfc4525(self): + return [(ldap.MOD_INCREMENT, self.attr, [to_bytes(str(self.increment))])] + + def inc_legacy(self, curr_val, new_val): + return [(ldap.MOD_DELETE, self.attr, [to_bytes(curr_val)]), + (ldap.MOD_ADD, self.attr, [to_bytes(new_val)])] + + def serverControls(self): + return [ldap.controls.readentry.PostReadControl(attrList=[self.attr])] + + LDAP_MOD_INCREMENT = to_bytes("1.3.6.1.1.14") + + +def main(): + module = AnsibleModule( + argument_spec=gen_specs( + attribute=dict(type='str', required=True), + increment=dict(type='int', default=1, required=False), + method=dict(type='str', default='auto', choices=['auto', 'rfc4525', 'legacy']), + ), + supports_check_mode=True, + required_together=ldap_required_together(), + ) + + deps.validate(module) + + # Instantiate the LdapAttr object + mod = LdapInc(module) + + changed = False + ret = "" + rfc4525 = False + + try: + if mod.increment != 0 and not module.check_mode: + changed = True + + if mod.method != "auto": + rfc4525 = mod.method == "rfc425" + else: + rootDSE = mod.connection.search_ext_s( + base="", + scope=ldap.SCOPE_BASE, + attrlist=["*", "+"]) + if len(rootDSE) == 1: + if to_bytes(ldap.CONTROL_POST_READ) in rootDSE[0][1]["supportedControl"] and ( + mod.LDAP_MOD_INCREMENT in rootDSE[0][1]["supportedFeatures"] or + mod.LDAP_MOD_INCREMENT in rootDSE[0][1]["supportedExtension"] + ): + rfc4525 = True + + if rfc4525: + dummy, dummy, dummy, resp_ctrls = mod.connection.modify_ext_s( + dn=mod.dn, + modlist=mod.inc_rfc4525(), + serverctrls=mod.serverControls(), + clientctrls=None) + if len(resp_ctrls) == 1: + ret = resp_ctrls[0].entry[mod.attr][0] + + else: + tries = 0 + max_tries = 3 + while tries < max_tries: + tries = tries + 1 + result = mod.connection.search_ext_s( + base=mod.dn, + scope=ldap.SCOPE_BASE, + filterstr="(%s=*)" % mod.attr, + attrlist=[mod.attr]) + if len(result) != 1: + module.fail_json(msg="The entry does not exist or does not contain the specified attribute.") + return + try: + ret = str(int(result[0][1][mod.attr][0]) + mod.increment) + # if the current value first arg in inc_legacy has changed then the modify will fail + mod.connection.modify_s( + dn=mod.dn, + modlist=mod.inc_legacy(result[0][1][mod.attr][0], ret)) + break + except ldap.NO_SUCH_ATTRIBUTE: + if tries == max_tries: + module.fail_json(msg="The increment could not be applied after " + str(max_tries) + " tries.") + return + + else: + result = mod.connection.search_ext_s( + base=mod.dn, + scope=ldap.SCOPE_BASE, + filterstr="(%s=*)" % mod.attr, + attrlist=[mod.attr]) + if len(result) == 1: + ret = str(int(result[0][1][mod.attr][0]) + mod.increment) + changed = mod.increment != 0 + else: + module.fail_json(msg="The entry does not exist or does not contain the specified attribute.") + + except Exception as e: + module.fail_json(msg="Attribute action failed.", details=to_native(e)) + + module.exit_json(changed=changed, incremented=changed, attribute=mod.attr, value=ret, rfc4525=rfc4525) + + +if __name__ == '__main__': + main() diff --git a/plugins/modules/ldap_passwd.py b/plugins/modules/ldap_passwd.py index 5044586b0f..b29254f8c6 100644 --- a/plugins/modules/ldap_passwd.py +++ b/plugins/modules/ldap_passwd.py @@ -9,21 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: ldap_passwd short_description: Set passwords in LDAP description: - - Set a password for an LDAP entry. This module only asserts that - a given password is valid for a given entry. To assert the - existence of an entry, see M(community.general.ldap_entry). -notes: - - The default authentication settings will attempt to use a SASL EXTERNAL - bind over a UNIX domain socket. This works well with the default Ubuntu - install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL - rule allowing root to modify the server configuration. If you need to use - a simple bind to access your server, pass the credentials in O(bind_dn) - and O(bind_pw). + - Set a password for an LDAP entry. This module only asserts that a given password is valid for a given entry. To assert + the existence of an entry, see M(community.general.ldap_entry). author: - Keller Fuchs (@KellerFuchs) requirements: @@ -41,10 +32,9 @@ options: extends_documentation_fragment: - community.general.ldap.documentation - community.general.attributes +""" -''' - -EXAMPLES = """ +EXAMPLES = r""" - name: Set a password for the admin user community.general.ldap_passwd: dn: cn=admin,dc=example,dc=com @@ -56,13 +46,13 @@ EXAMPLES = """ passwd: "{{ item.value }}" with_dict: alice: alice123123 - bob: "|30b!" + bob: "|30b!" admin: "{{ vault_secret }}" """ -RETURN = """ +RETURN = r""" modlist: - description: list of modified parameters + description: List of modified parameters. returned: success type: list sample: diff --git a/plugins/modules/ldap_search.py b/plugins/modules/ldap_search.py index 45744e634a..155e9859d5 100644 --- a/plugins/modules/ldap_search.py +++ b/plugins/modules/ldap_search.py @@ -10,19 +10,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r""" ---- module: ldap_search version_added: '0.2.0' short_description: Search for entries in a LDAP server description: - Return the results of an LDAP search. -notes: - - The default authentication settings will attempt to use a SASL EXTERNAL - bind over a UNIX domain socket. This works well with the default Ubuntu - install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL - rule allowing root to modify the server configuration. If you need to use - a simple bind to access your server, pass the credentials in O(bind_dn) - and O(bind_pw). author: - Sebastian Pfahl (@eryx12o45) requirements: @@ -44,6 +36,8 @@ options: type: str description: - The LDAP scope to use. + - V(subordinate) requires the LDAPv3 subordinate feature extension. + - V(children) is equivalent to a "subtree" scope. filter: default: '(objectClass=*)' type: str @@ -53,30 +47,27 @@ options: type: list elements: str description: - - A list of attributes for limiting the result. Use an - actual list or a comma-separated string. + - A list of attributes for limiting the result. Use an actual list or a comma-separated string. schema: default: false type: bool description: - - Set to V(true) to return the full attribute schema of entries, not - their attribute values. Overrides O(attrs) when provided. + - Set to V(true) to return the full attribute schema of entries, not their attribute values. Overrides O(attrs) when + provided. page_size: default: 0 type: int description: - - The page size when performing a simple paged result search (RFC 2696). - This setting can be tuned to reduce issues with timeouts and server limits. + - The page size when performing a simple paged result search (RFC 2696). This setting can be tuned to reduce issues + with timeouts and server limits. - Setting the page size to V(0) (default) disables paged searching. version_added: 7.1.0 base64_attributes: description: - - If provided, all attribute values returned that are listed in this option - will be Base64 encoded. - - If the special value V(*) appears in this list, all attributes will be - Base64 encoded. - - All other attribute values will be converted to UTF-8 strings. If they - contain binary data, please note that invalid UTF-8 bytes will be omitted. + - If provided, all attribute values returned that are listed in this option will be Base64 encoded. + - If the special value V(*) appears in this list, all attributes will be Base64 encoded. + - All other attribute values will be converted to UTF-8 strings. If they contain binary data, please note that invalid + UTF-8 bytes will be omitted. type: list elements: str version_added: 7.0.0 @@ -100,17 +91,15 @@ EXAMPLES = r""" register: ldap_group_gids """ -RESULTS = """ +RESULTS = r""" results: description: - For every entry found, one dictionary will be returned. - Every dictionary contains a key C(dn) with the entry's DN as a value. - - Every attribute of the entry found is added to the dictionary. If the key - has precisely one value, that value is taken directly, otherwise the key's - value is a list. - - Note that all values (for single-element lists) and list elements (for multi-valued - lists) will be UTF-8 strings. Some might contain Base64-encoded binary data; which - ones is determined by the O(base64_attributes) option. + - Every attribute of the entry found is added to the dictionary. If the key has precisely one value, that value is taken + directly, otherwise the key's value is a list. + - Note that all values (for single-element lists) and list elements (for multi-valued lists) will be UTF-8 strings. Some + might contain Base64-encoded binary data; which ones is determined by the O(base64_attributes) option. type: list elements: dict """ diff --git a/plugins/modules/librato_annotation.py b/plugins/modules/librato_annotation.py index ebfb751546..35fc810c65 100644 --- a/plugins/modules/librato_annotation.py +++ b/plugins/modules/librato_annotation.py @@ -9,74 +9,76 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: librato_annotation -short_description: Create an annotation in librato +short_description: Create an annotation in Librato description: - - Create an annotation event on the given annotation stream :name. If the annotation stream does not exist, it will be created automatically + - Create an annotation event on the given annotation stream :name. If the annotation stream does not exist, it will be created + automatically. author: "Seth Edwards (@Sedward)" requirements: [] extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - user: - type: str - description: - - Librato account username - required: true - api_key: - type: str - description: - - Librato account api key - required: true - name: - type: str - description: - - The annotation stream name - - If the annotation stream does not exist, it will be created automatically - required: false - title: - type: str - description: - - The title of an annotation is a string and may contain spaces - - The title should be a short, high-level summary of the annotation e.g. v45 Deployment - required: true - source: - type: str - description: - - A string which describes the originating source of an annotation when that annotation is tracked across multiple members of a population - required: false + user: + type: str description: - type: str - description: - - The description contains extra metadata about a particular annotation - - The description should contain specifics on the individual annotation e.g. Deployed 9b562b2 shipped new feature foo! - required: false - start_time: - type: int - description: - - The unix timestamp indicating the time at which the event referenced by this annotation started - required: false - end_time: - type: int - description: - - The unix timestamp indicating the time at which the event referenced by this annotation ended - - For events that have a duration, this is a useful way to annotate the duration of the event - required: false - links: - type: list - elements: dict - description: - - See examples -''' + - Librato account username. + required: true + api_key: + type: str + description: + - Librato account API key. + required: true + name: + type: str + description: + - The annotation stream name. + - If the annotation stream does not exist, it will be created automatically. + required: false + title: + type: str + description: + - The title of an annotation is a string and may contain spaces. + - The title should be a short, high-level summary of the annotation for example V(v45 Deployment). + required: true + source: + type: str + description: + - A string which describes the originating source of an annotation when that annotation is tracked across multiple members + of a population. + required: false + description: + type: str + description: + - The description contains extra metadata about a particular annotation. + - The description should contain specifics on the individual annotation for example V(Deployed 9b562b2 shipped new feature + foo!). + required: false + start_time: + type: int + description: + - The unix timestamp indicating the time at which the event referenced by this annotation started. + required: false + end_time: + type: int + description: + - The unix timestamp indicating the time at which the event referenced by this annotation ended. + - For events that have a duration, this is a useful way to annotate the duration of the event. + required: false + links: + type: list + elements: dict + description: + - See examples. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a simple annotation event with a source community.general.librato_annotation: user: user@example.com @@ -105,7 +107,7 @@ EXAMPLES = ''' description: This is a detailed description of maintenance start_time: 1395940006 end_time: 1395954406 -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url diff --git a/plugins/modules/linode.py b/plugins/modules/linode.py index 9e04ac63da..fcfcce4d0a 100644 --- a/plugins/modules/linode.py +++ b/plugins/modules/linode.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: linode short_description: Manage instances on the Linode Public Cloud description: @@ -24,34 +23,33 @@ attributes: options: state: description: - - Indicate desired state of the resource - choices: [ absent, active, deleted, present, restarted, started, stopped ] + - Indicate desired state of the resource. + choices: [absent, active, deleted, present, restarted, started, stopped] default: present type: str api_key: description: - - Linode API key. - - E(LINODE_API_KEY) environment variable can be used instead. + - Linode API key. + - E(LINODE_API_KEY) environment variable can be used instead. type: str required: true name: description: - - Name to give the instance (alphanumeric, dashes, underscore). - - To keep sanity on the Linode Web Console, name is prepended with C(LinodeID-). + - Name to give the instance (alphanumeric, dashes, underscore). + - To keep sanity on the Linode Web Console, name is prepended with C(LinodeID-). required: true type: str displaygroup: description: - - Add the instance to a Display Group in Linode Manager. + - Add the instance to a Display Group in Linode Manager. type: str default: '' linode_id: description: - - Unique ID of a linode server. This value is read-only in the sense that - if you specify it on creation of a Linode it will not be used. The - Linode API generates these IDs and we can those generated value here to - reference a Linode more specifically. This is useful for idempotence. - aliases: [ lid ] + - Unique ID of a Linode server. This value is read-only in the sense that if you specify it on creation of a Linode + it will not be used. The Linode API generates these IDs and we can those generated value here to reference a Linode + more specifically. This is useful for idempotence. + aliases: [lid] type: int additional_disks: description: @@ -61,119 +59,118 @@ options: elements: dict alert_bwin_enabled: description: - - Set status of bandwidth in alerts. + - Set status of bandwidth in alerts. type: bool alert_bwin_threshold: description: - - Set threshold in MB of bandwidth in alerts. + - Set threshold in MB of bandwidth in alerts. type: int alert_bwout_enabled: description: - - Set status of bandwidth out alerts. + - Set status of bandwidth out alerts. type: bool alert_bwout_threshold: description: - - Set threshold in MB of bandwidth out alerts. + - Set threshold in MB of bandwidth out alerts. type: int alert_bwquota_enabled: description: - - Set status of bandwidth quota alerts as percentage of network transfer quota. + - Set status of bandwidth quota alerts as percentage of network transfer quota. type: bool alert_bwquota_threshold: description: - - Set threshold in MB of bandwidth quota alerts. + - Set threshold in MB of bandwidth quota alerts. type: int alert_cpu_enabled: description: - - Set status of receiving CPU usage alerts. + - Set status of receiving CPU usage alerts. type: bool alert_cpu_threshold: description: - - Set percentage threshold for receiving CPU usage alerts. Each CPU core adds 100% to total. + - Set percentage threshold for receiving CPU usage alerts. Each CPU core adds 100% to total. type: int alert_diskio_enabled: description: - - Set status of receiving disk IO alerts. + - Set status of receiving disk IO alerts. type: bool alert_diskio_threshold: description: - - Set threshold for average IO ops/sec over 2 hour period. + - Set threshold for average IO ops/sec over 2 hour period. type: int backupweeklyday: description: - - Day of the week to take backups. + - Day of the week to take backups. type: int backupwindow: description: - - The time window in which backups will be taken. + - The time window in which backups will be taken. type: int plan: description: - - plan to use for the instance (Linode plan) + - Plan to use for the instance (Linode plan). type: int payment_term: description: - - payment term to use for the instance (payment term in months) + - Payment term to use for the instance (payment term in months). default: 1 - choices: [ 1, 12, 24 ] + choices: [1, 12, 24] type: int password: description: - - root password to apply to a new server (auto generated if missing) + - Root password to apply to a new server (auto generated if missing). type: str private_ip: description: - - Add private IPv4 address when Linode is created. - - Default is V(false). + - Add private IPv4 address when Linode is created. + - Default is V(false). type: bool ssh_pub_key: description: - - SSH public key applied to root user + - SSH public key applied to root user. type: str swap: description: - - swap size in MB + - Swap size in MB. default: 512 type: int distribution: description: - - distribution to use for the instance (Linode Distribution) + - Distribution to use for the instance (Linode Distribution). type: int datacenter: description: - - datacenter to create an instance in (Linode Datacenter) + - Datacenter to create an instance in (Linode Datacenter). type: int kernel_id: description: - - kernel to use for the instance (Linode Kernel) + - Kernel to use for the instance (Linode Kernel). type: int wait: description: - - wait for the instance to be in state V(running) before returning + - Wait for the instance to be in state V(running) before returning. type: bool default: true wait_timeout: description: - - how long before wait gives up, in seconds + - How long before wait gives up, in seconds. default: 300 type: int watchdog: description: - - Set status of Lassie watchdog. + - Set status of Lassie watchdog. type: bool default: true requirements: - - linode-python + - linode-python author: -- Vincent Viallet (@zbal) + - Vincent Viallet (@zbal) notes: - Please note, linode-python does not have python 3 support. - This module uses the now deprecated v3 of the Linode API. - Please review U(https://www.linode.com/api/linode) for determining the required parameters. -''' - -EXAMPLES = ''' +""" +EXAMPLES = r""" - name: Create a new Linode community.general.linode: name: linode-test1 @@ -185,97 +182,97 @@ EXAMPLES = ''' - name: Create a server with a private IP Address community.general.linode: - module: linode - api_key: 'longStringFromLinodeApi' - name: linode-test1 - plan: 1 - datacenter: 2 - distribution: 99 - password: 'superSecureRootPassword' - private_ip: true - ssh_pub_key: 'ssh-rsa qwerty' - swap: 768 - wait: true - wait_timeout: 600 - state: present + module: linode + api_key: 'longStringFromLinodeApi' + name: linode-test1 + plan: 1 + datacenter: 2 + distribution: 99 + password: 'superSecureRootPassword' + private_ip: true + ssh_pub_key: 'ssh-rsa qwerty' + swap: 768 + wait: true + wait_timeout: 600 + state: present delegate_to: localhost register: linode_creation - name: Fully configure new server community.general.linode: - api_key: 'longStringFromLinodeApi' - name: linode-test1 - plan: 4 - datacenter: 2 - distribution: 99 - kernel_id: 138 - password: 'superSecureRootPassword' - private_ip: true - ssh_pub_key: 'ssh-rsa qwerty' - swap: 768 - wait: true - wait_timeout: 600 - state: present - alert_bwquota_enabled: true - alert_bwquota_threshold: 80 - alert_bwin_enabled: true - alert_bwin_threshold: 10 - alert_cpu_enabled: true - alert_cpu_threshold: 210 - alert_bwout_enabled: true - alert_bwout_threshold: 10 - alert_diskio_enabled: true - alert_diskio_threshold: 10000 - backupweeklyday: 1 - backupwindow: 2 - displaygroup: 'test' - additional_disks: + api_key: 'longStringFromLinodeApi' + name: linode-test1 + plan: 4 + datacenter: 2 + distribution: 99 + kernel_id: 138 + password: 'superSecureRootPassword' + private_ip: true + ssh_pub_key: 'ssh-rsa qwerty' + swap: 768 + wait: true + wait_timeout: 600 + state: present + alert_bwquota_enabled: true + alert_bwquota_threshold: 80 + alert_bwin_enabled: true + alert_bwin_threshold: 10 + alert_cpu_enabled: true + alert_cpu_threshold: 210 + alert_bwout_enabled: true + alert_bwout_threshold: 10 + alert_diskio_enabled: true + alert_diskio_threshold: 10000 + backupweeklyday: 1 + backupwindow: 2 + displaygroup: 'test' + additional_disks: - {Label: 'disk1', Size: 2500, Type: 'raw'} - {Label: 'newdisk', Size: 2000} - watchdog: true + watchdog: true delegate_to: localhost register: linode_creation - name: Ensure a running server (create if missing) community.general.linode: - api_key: 'longStringFromLinodeApi' - name: linode-test1 - plan: 1 - datacenter: 2 - distribution: 99 - password: 'superSecureRootPassword' - ssh_pub_key: 'ssh-rsa qwerty' - swap: 768 - wait: true - wait_timeout: 600 - state: present + api_key: 'longStringFromLinodeApi' + name: linode-test1 + plan: 1 + datacenter: 2 + distribution: 99 + password: 'superSecureRootPassword' + ssh_pub_key: 'ssh-rsa qwerty' + swap: 768 + wait: true + wait_timeout: 600 + state: present delegate_to: localhost register: linode_creation - name: Delete a server community.general.linode: - api_key: 'longStringFromLinodeApi' - name: linode-test1 - linode_id: "{{ linode_creation.instance.id }}" - state: absent + api_key: 'longStringFromLinodeApi' + name: linode-test1 + linode_id: "{{ linode_creation.instance.id }}" + state: absent delegate_to: localhost - name: Stop a server community.general.linode: - api_key: 'longStringFromLinodeApi' - name: linode-test1 - linode_id: "{{ linode_creation.instance.id }}" - state: stopped + api_key: 'longStringFromLinodeApi' + name: linode-test1 + linode_id: "{{ linode_creation.instance.id }}" + state: stopped delegate_to: localhost - name: Reboot a server community.general.linode: - api_key: 'longStringFromLinodeApi' - name: linode-test1 - linode_id: "{{ linode_creation.instance.id }}" - state: restarted + api_key: 'longStringFromLinodeApi' + name: linode-test1 + linode_id: "{{ linode_creation.instance.id }}" + state: restarted delegate_to: localhost -''' +""" import time import traceback @@ -670,7 +667,7 @@ def main(): backupwindow=backupwindow, ) - kwargs = dict((k, v) for k, v in check_items.items() if v is not None) + kwargs = {k: v for k, v in check_items.items() if v is not None} # setup the auth try: diff --git a/plugins/modules/linode_v4.py b/plugins/modules/linode_v4.py index da885f3a5f..b650f7f104 100644 --- a/plugins/modules/linode_v4.py +++ b/plugins/modules/linode_v4.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: linode_v4 short_description: Manage instances on the Linode cloud description: Manage instances on the Linode cloud. @@ -18,9 +17,8 @@ requirements: author: - Luke Murphy (@decentral1se) notes: - - No Linode resizing is currently implemented. This module will, in time, - replace the current Linode module which uses deprecated API bindings on the - Linode side. + - No Linode resizing is currently implemented. This module will, in time, replace the current Linode module which uses deprecated + API bindings on the Linode side. extends_documentation_fragment: - community.general.attributes attributes: @@ -31,52 +29,44 @@ attributes: options: region: description: - - The region of the instance. This is a required parameter only when - creating Linode instances. See - U(https://www.linode.com/docs/api/regions/). + - The region of the instance. This is a required parameter only when creating Linode instances. See U(https://www.linode.com/docs/api/regions/). type: str image: description: - - The image of the instance. This is a required parameter only when - creating Linode instances. See - U(https://www.linode.com/docs/api/images/). + - The image of the instance. This is a required parameter only when creating Linode instances. + - See U(https://www.linode.com/docs/api/images/). type: str type: description: - - The type of the instance. This is a required parameter only when - creating Linode instances. See - U(https://www.linode.com/docs/api/linode-types/). + - The type of the instance. This is a required parameter only when creating Linode instances. + - See U(https://www.linode.com/docs/api/linode-types/). type: str label: description: - - The instance label. This label is used as the main determiner for - idempotence for the module and is therefore mandatory. + - The instance label. This label is used as the main determiner for idempotence for the module and is therefore mandatory. type: str required: true group: description: - - The group that the instance should be marked under. Please note, that - group labelling is deprecated but still supported. The encouraged - method for marking instances is to use tags. + - The group that the instance should be marked under. Please note, that group labelling is deprecated but still supported. + The encouraged method for marking instances is to use tags. type: str private_ip: description: - - If V(true), the created Linode will have private networking enabled and - assigned a private IPv4 address. + - If V(true), the created Linode will have private networking enabled and assigned a private IPv4 address. type: bool default: false version_added: 3.0.0 tags: description: - - The tags that the instance should be marked under. See - U(https://www.linode.com/docs/api/tags/). + - The tags that the instance should be marked under. + - See U(https://www.linode.com/docs/api/tags/). type: list elements: str root_pass: description: - - The password for the root user. If not specified, one will be - generated. This generated password will be available in the task - success JSON. + - The password for the root user. If not specified, one will be generated. This generated password will be available + in the task success JSON. type: str authorized_keys: description: @@ -88,33 +78,31 @@ options: - The desired instance state. type: str choices: - - present - - absent + - present + - absent required: true access_token: description: - - The Linode API v4 access token. It may also be specified by exposing - the E(LINODE_ACCESS_TOKEN) environment variable. See - U(https://www.linode.com/docs/api#access-and-authentication). + - The Linode API v4 access token. It may also be specified by exposing the E(LINODE_ACCESS_TOKEN) environment variable. + - See U(https://www.linode.com/docs/api#access-and-authentication). required: true type: str stackscript_id: description: - The numeric ID of the StackScript to use when creating the instance. - See U(https://www.linode.com/docs/api/stackscripts/). + - See U(https://www.linode.com/docs/api/stackscripts/). type: int version_added: 1.3.0 stackscript_data: description: - - An object containing arguments to any User Defined Fields present in - the StackScript used when creating the instance. - Only valid when a stackscript_id is provided. - See U(https://www.linode.com/docs/api/stackscripts/). + - An object containing arguments to any User Defined Fields present in the StackScript used when creating the instance. + Only valid when a O(stackscript_id) is provided. + - See U(https://www.linode.com/docs/api/stackscripts/). type: dict version_added: 1.3.0 -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Create a new Linode. community.general.linode_v4: label: new-linode @@ -135,7 +123,7 @@ EXAMPLES = """ state: absent """ -RETURN = """ +RETURN = r""" instance: description: The instance description in JSON serialized form. returned: Always. diff --git a/plugins/modules/listen_ports_facts.py b/plugins/modules/listen_ports_facts.py index 08030a8b37..9f9eb66481 100644 --- a/plugins/modules/listen_ports_facts.py +++ b/plugins/modules/listen_ports_facts.py @@ -8,21 +8,19 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: listen_ports_facts author: - - Nathan Davison (@ndavison) + - Nathan Davison (@ndavison) description: - - Gather facts on processes listening on TCP and UDP ports using the C(netstat) or C(ss) commands. - - This module currently supports Linux only. + - Gather facts on processes listening on TCP and UDP ports using the C(netstat) or C(ss) commands. + - This module currently supports Linux only. requirements: - netstat or ss short_description: Gather facts on processes listening on TCP and UDP ports notes: - - | - C(ss) returns all processes for each listen address and port. - This plugin will return each of them, so multiple entries for the same listen address and port are likely in results. + - C(ss) returns all processes for each listen address and port. + - This plugin will return each of them, so multiple entries for the same listen address and port are likely in results. extends_documentation_fragment: - community.general.attributes - community.general.attributes.facts @@ -31,7 +29,7 @@ options: command: description: - Override which command to use for fetching listen ports. - - 'By default module will use first found supported command on the system (in alphanumerical order).' + - By default module will use first found supported command on the system (in alphanumerical order). type: str choices: - netstat @@ -39,15 +37,15 @@ options: version_added: 4.1.0 include_non_listening: description: - - Show both listening and non-listening sockets (for TCP this means established connections). - - Adds the return values RV(ansible_facts.tcp_listen[].state), RV(ansible_facts.udp_listen[].state), - RV(ansible_facts.tcp_listen[].foreign_address), and RV(ansible_facts.udp_listen[].foreign_address) to the returned facts. + - Show both listening and non-listening sockets (for TCP this means established connections). + - Adds the return values RV(ansible_facts.tcp_listen[].state), RV(ansible_facts.udp_listen[].state), RV(ansible_facts.tcp_listen[].foreign_address), + and RV(ansible_facts.udp_listen[].foreign_address) to the returned facts. type: bool default: false version_added: 5.4.0 -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Gather facts on listening ports community.general.listen_ports_facts: @@ -77,11 +75,11 @@ EXAMPLES = r''' community.general.listen_ports_facts: command: 'netstat' include_non_listening: true -''' +""" -RETURN = r''' +RETURN = r""" ansible_facts: - description: Dictionary containing details of TCP and UDP ports with listening servers + description: Dictionary containing details of TCP and UDP ports with listening servers. returned: always type: complex contains: @@ -189,7 +187,7 @@ ansible_facts: returned: always type: str sample: "root" -''' +""" import re import platform diff --git a/plugins/modules/lldp.py b/plugins/modules/lldp.py index fb608ff138..baefb09d91 100644 --- a/plugins/modules/lldp.py +++ b/plugins/modules/lldp.py @@ -9,13 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: lldp -requirements: [ lldpctl ] -short_description: Get details reported by lldp +requirements: [lldpctl] +short_description: Get details reported by LLDP description: - - Reads data out of lldpctl + - Reads data out of C(lldpctl). extends_documentation_fragment: - community.general.attributes attributes: @@ -26,25 +25,24 @@ attributes: options: {} author: "Andy Hill (@andyhky)" notes: - - Requires lldpd running and lldp enabled on switches -''' + - Requires C(lldpd) running and LLDP enabled on switches. +""" -EXAMPLES = ''' +EXAMPLES = r""" # Retrieve switch/port information - - name: Gather information from lldp - community.general.lldp: +- name: Gather information from LLDP + community.general.lldp: - - name: Print each switch/port - ansible.builtin.debug: +- name: Print each switch/port + ansible.builtin.debug: msg: "{{ lldp[item]['chassis']['name'] }} / {{ lldp[item]['port']['ifname'] }}" - with_items: "{{ lldp.keys() }}" + with_items: "{{ lldp.keys() }}" # TASK: [Print each switch/port] *********************************************************** # ok: [10.13.0.22] => (item=eth2) => {"item": "eth2", "msg": "switch1.example.com / Gi0/24"} # ok: [10.13.0.22] => (item=eth1) => {"item": "eth1", "msg": "switch2.example.com / Gi0/3"} # ok: [10.13.0.22] => (item=eth0) => {"item": "eth0", "msg": "switch3.example.com / Gi0/3"} - -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/locale_gen.py b/plugins/modules/locale_gen.py index 0dd76c9ab4..db9ea191e8 100644 --- a/plugins/modules/locale_gen.py +++ b/plugins/modules/locale_gen.py @@ -8,43 +8,72 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: locale_gen short_description: Creates or removes locales description: - - Manages locales by editing /etc/locale.gen and invoking locale-gen. + - Manages locales in Debian and Ubuntu systems. author: - - Augustus Kling (@AugustusKling) + - Augustus Kling (@AugustusKling) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - type: str - description: - - Name and encoding of the locale, such as "en_GB.UTF-8". - required: true - state: - type: str - description: - - Whether the locale shall be present. - choices: [ absent, present ] - default: present + name: + type: list + elements: str + description: + - Name and encoding of the locales, such as V(en_GB.UTF-8). + - Before community.general 9.3.0, this was a string. Using a string still works. + required: true + state: + type: str + description: + - Whether the locales shall be present. + choices: [absent, present] + default: present notes: - - This module does not support RHEL-based systems. -''' + - If C(/etc/locale.gen) exists, the module will assume to be using the B(glibc) mechanism, else if C(/var/lib/locales/supported.d/) + exists it will assume to be using the B(ubuntu_legacy) mechanism, else it will raise an error. + - When using glibc mechanism, it will manage locales by editing C(/etc/locale.gen) and running C(locale-gen). + - When using ubuntu_legacy mechanism, it will manage locales by editing C(/var/lib/locales/supported.d/local) and then running + C(locale-gen). + - Please note that the code path that uses ubuntu_legacy mechanism has not been tested for a while, because Ubuntu is already + using the glibc mechanism. There is no support for that, given our inability to test it. Therefore, that mechanism is + B(deprecated) and will be removed in community.general 13.0.0. + - Currently the module is B(only supported for Debian and Ubuntu) systems. + - This module requires the package C(locales) installed in Debian and Ubuntu systems. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Ensure a locale exists community.general.locale_gen: name: de_CH.UTF-8 state: present -''' + +- name: Ensure multiple locales exist + community.general.locale_gen: + name: + - en_GB.UTF-8 + - nl_NL.UTF-8 + state: present +""" + +RETURN = r""" +mechanism: + description: Mechanism used to deploy the locales. + type: str + choices: + - glibc + - ubuntu_legacy + returned: success + sample: glibc + version_added: 10.2.0 +""" import os import re @@ -55,44 +84,67 @@ from ansible_collections.community.general.plugins.module_utils.mh.deco import c from ansible_collections.community.general.plugins.module_utils.locale_gen import locale_runner, locale_gen_runner -class LocaleGen(StateModuleHelper): - LOCALE_NORMALIZATION = { - ".utf8": ".UTF-8", - ".eucjp": ".EUC-JP", - ".iso885915": ".ISO-8859-15", - ".cp1251": ".CP1251", - ".koi8r": ".KOI8-R", - ".armscii8": ".ARMSCII-8", - ".euckr": ".EUC-KR", - ".gbk": ".GBK", - ".gb18030": ".GB18030", - ".euctw": ".EUC-TW", - } - LOCALE_GEN = "/etc/locale.gen" - LOCALE_SUPPORTED = "/var/lib/locales/supported.d/" +ETC_LOCALE_GEN = "/etc/locale.gen" +VAR_LIB_LOCALES = "/var/lib/locales/supported.d" +VAR_LIB_LOCALES_LOCAL = os.path.join(VAR_LIB_LOCALES, "local") +SUPPORTED_LOCALES = "/usr/share/i18n/SUPPORTED" +LOCALE_NORMALIZATION = { + ".utf8": ".UTF-8", + ".eucjp": ".EUC-JP", + ".iso885915": ".ISO-8859-15", + ".cp1251": ".CP1251", + ".koi8r": ".KOI8-R", + ".armscii8": ".ARMSCII-8", + ".euckr": ".EUC-KR", + ".gbk": ".GBK", + ".gb18030": ".GB18030", + ".euctw": ".EUC-TW", +} + +class LocaleGen(StateModuleHelper): output_params = ["name"] module = dict( argument_spec=dict( - name=dict(type='str', required=True), + name=dict(type="list", elements="str", required=True), state=dict(type='str', default='present', choices=['absent', 'present']), ), supports_check_mode=True, ) + use_old_vardict = False def __init_module__(self): - self.vars.set("ubuntu_mode", False) - if os.path.exists(self.LOCALE_SUPPORTED): + self.MECHANISMS = dict( + ubuntu_legacy=dict( + available=SUPPORTED_LOCALES, + apply_change=self.apply_change_ubuntu_legacy, + ), + glibc=dict( + available=SUPPORTED_LOCALES, + apply_change=self.apply_change_glibc, + ), + ) + + if os.path.exists(ETC_LOCALE_GEN): + self.vars.ubuntu_mode = False + self.vars.mechanism = "glibc" + elif os.path.exists(VAR_LIB_LOCALES): self.vars.ubuntu_mode = True + self.vars.mechanism = "ubuntu_legacy" + self.module.deprecate( + "On this machine mechanism=ubuntu_legacy is used. This mechanism is deprecated and will be removed from" + " in community.general 13.0.0. If you see this message on a modern Debian or Ubuntu version," + " please create an issue in the community.general repository", + version="13.0.0", collection_name="community.general" + ) else: - if not os.path.exists(self.LOCALE_GEN): - self.do_raise("{0} and {1} are missing. Is the package \"locales\" installed?".format( - self.LOCALE_SUPPORTED, self.LOCALE_GEN - )) + self.do_raise('{0} and {1} are missing. Is the package "locales" installed?'.format( + VAR_LIB_LOCALES, ETC_LOCALE_GEN + )) - if not self.is_available(): - self.do_raise("The locale you've entered is not available on your system.") + self.runner = locale_runner(self.module) + self.assert_available() self.vars.set("is_present", self.is_present(), output=False) self.vars.set("state_tracking", self._state_name(self.vars.is_present), output=False, change=True) @@ -103,76 +155,100 @@ class LocaleGen(StateModuleHelper): def _state_name(present): return "present" if present else "absent" - def is_available(self): - """Check if the given locale is available on the system. This is done by + def assert_available(self): + """Check if the given locales are available on the system. This is done by checking either : * if the locale is present in /etc/locales.gen * or if the locale is present in /usr/share/i18n/SUPPORTED""" - __regexp = r'^#?\s*(?P\S+[\._\S]+) (?P\S+)\s*$' - if self.vars.ubuntu_mode: - __locales_available = '/usr/share/i18n/SUPPORTED' - else: - __locales_available = '/etc/locale.gen' + regexp = r'^\s*#?\s*(?P\S+[\._\S]+) (?P\S+)\s*$' + locales_available = self.MECHANISMS[self.vars.mechanism]["available"] - re_compiled = re.compile(__regexp) - with open(__locales_available, 'r') as fd: + re_compiled = re.compile(regexp) + with open(locales_available, 'r') as fd: lines = fd.readlines() - res = [re_compiled.match(line) for line in lines] - if self.verbosity >= 4: - self.vars.available_lines = lines - if any(r.group("locale") == self.vars.name for r in res if r): - return True + res = [re_compiled.match(line) for line in lines] + self.vars.set("available_lines", lines, verbosity=4) + + locales_not_found = [] + for locale in self.vars.name: + # Check if the locale is not found in any of the matches + if not any(match and match.group("locale") == locale for match in res): + locales_not_found.append(locale) + # locale may be installed but not listed in the file, for example C.UTF-8 in some systems - return self.is_present() + locales_not_found = self.locale_get_not_present(locales_not_found) + + if locales_not_found: + self.do_raise("The following locales you have entered are not available on your system: {0}".format(', '.join(locales_not_found))) def is_present(self): + return not self.locale_get_not_present(self.vars.name) + + def locale_get_not_present(self, locales): runner = locale_runner(self.module) with runner() as ctx: rc, out, err = ctx.run() if self.verbosity >= 4: self.vars.locale_run_info = ctx.run_info - return any(self.fix_case(self.vars.name) == self.fix_case(line) for line in out.splitlines()) + + not_found = [] + for locale in locales: + if not any(self.fix_case(locale) == self.fix_case(line) for line in out.splitlines()): + not_found.append(locale) + + return not_found def fix_case(self, name): """locale -a might return the encoding in either lower or upper case. Passing through this function makes them uniform for comparisons.""" - for s, r in self.LOCALE_NORMALIZATION.items(): + for s, r in LOCALE_NORMALIZATION.items(): name = name.replace(s, r) return name - def set_locale(self, name, enabled=True): + def set_locale_glibc(self, names, enabled=True): """ Sets the state of the locale. Defaults to enabled. """ - search_string = r'#?\s*%s (?P.+)' % re.escape(name) - if enabled: - new_string = r'%s \g' % (name) - else: - new_string = r'# %s \g' % (name) - re_search = re.compile(search_string) - with open("/etc/locale.gen", "r") as fr: - lines = [re_search.sub(new_string, line) for line in fr] - with open("/etc/locale.gen", "w") as fw: - fw.write("".join(lines)) + with open(ETC_LOCALE_GEN, 'r') as fr: + lines = fr.readlines() - def apply_change(self, targetState, name): + locale_regexes = [] + + for name in names: + search_string = r'^#?\s*%s (?P.+)' % re.escape(name) + if enabled: + new_string = r'%s \g' % (name) + else: + new_string = r'# %s \g' % (name) + re_search = re.compile(search_string) + locale_regexes.append([re_search, new_string]) + + for i in range(len(lines)): + for [search, replace] in locale_regexes: + lines[i] = search.sub(replace, lines[i]) + + # Write the modified content back to the file + with open(ETC_LOCALE_GEN, 'w') as fw: + fw.writelines(lines) + + def apply_change_glibc(self, targetState, names): """Create or remove locale. Keyword arguments: targetState -- Desired state, either present or absent. - name -- Name including encoding such as de_CH.UTF-8. + names -- Names list including encoding such as de_CH.UTF-8. """ - self.set_locale(name, enabled=(targetState == "present")) + self.set_locale_glibc(names, enabled=(targetState == "present")) runner = locale_gen_runner(self.module) with runner() as ctx: ctx.run() - def apply_change_ubuntu(self, targetState, name): + def apply_change_ubuntu_legacy(self, targetState, names): """Create or remove locale. Keyword arguments: targetState -- Desired state, either present or absent. - name -- Name including encoding such as de_CH.UTF-8. + names -- Name list including encoding such as de_CH.UTF-8. """ runner = locale_gen_runner(self.module) @@ -183,12 +259,12 @@ class LocaleGen(StateModuleHelper): ctx.run() else: # Delete locale involves discarding the locale from /var/lib/locales/supported.d/local and regenerating all locales. - with open("/var/lib/locales/supported.d/local", "r") as fr: + with open(VAR_LIB_LOCALES_LOCAL, "r") as fr: content = fr.readlines() - with open("/var/lib/locales/supported.d/local", "w") as fw: + with open(VAR_LIB_LOCALES_LOCAL, "w") as fw: for line in content: locale, charset = line.split(' ') - if locale != name: + if locale not in names: fw.write(line) # Purge locales and regenerate. # Please provide a patch if you know how to avoid regenerating the locales to keep! @@ -199,10 +275,7 @@ class LocaleGen(StateModuleHelper): def __state_fallback__(self): if self.vars.state_tracking == self.vars.state: return - if self.vars.ubuntu_mode: - self.apply_change_ubuntu(self.vars.state, self.vars.name) - else: - self.apply_change(self.vars.state, self.vars.name) + self.MECHANISMS[self.vars.mechanism]["apply_change"](self.vars.state, self.vars.name) def main(): diff --git a/plugins/modules/logentries.py b/plugins/modules/logentries.py index f177cf4546..420f054fac 100644 --- a/plugins/modules/logentries.py +++ b/plugins/modules/logentries.py @@ -9,49 +9,49 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: logentries author: "Ivan Vanderbyl (@ivanvanderbyl)" -short_description: Module for tracking logs via logentries.com +short_description: Module for tracking logs using U(logentries.com) description: - - Sends logs to LogEntries in realtime + - Sends logs to LogEntries in realtime. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - path: - type: str - description: - - path to a log file - required: true - state: - type: str - description: - - following state of the log - choices: [ 'present', 'absent', 'followed', 'unfollowed' ] - required: false - default: present - name: - type: str - description: - - name of the log - required: false - logtype: - type: str - description: - - type of the log - required: false - aliases: [type] + path: + type: str + description: + - Path to a log file. + required: true + state: + type: str + description: + - Following state of the log. + choices: ['present', 'absent', 'followed', 'unfollowed'] + required: false + default: present + name: + type: str + description: + - Name of the log. + required: false + logtype: + type: str + description: + - Type of the log. + required: false + aliases: [type] notes: - - Requires the LogEntries agent which can be installed following the instructions at logentries.com -''' -EXAMPLES = ''' + - Requires the LogEntries agent which can be installed following the instructions at U(logentries.com). +""" + +EXAMPLES = r""" - name: Track nginx logs community.general.logentries: path: /var/log/nginx/access.log @@ -62,7 +62,7 @@ EXAMPLES = ''' community.general.logentries: path: /var/log/nginx/error.log state: absent -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/logentries_msg.py b/plugins/modules/logentries_msg.py index 03851ad1f4..dd3b88d624 100644 --- a/plugins/modules/logentries_msg.py +++ b/plugins/modules/logentries_msg.py @@ -9,12 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: logentries_msg short_description: Send a message to logentries description: - - Send a message to logentries + - Send a message to logentries. extends_documentation_fragment: - community.general.attributes attributes: @@ -36,24 +35,24 @@ options: api: type: str description: - - API endpoint + - API endpoint. default: data.logentries.com port: type: int description: - - API endpoint port + - API endpoint port. default: 80 author: "Jimmy Tang (@jcftang) " -''' +""" -RETURN = '''# ''' +RETURN = """# """ -EXAMPLES = ''' +EXAMPLES = r""" - name: Send a message to logentries community.general.logentries_msg: - token=00000000-0000-0000-0000-000000000000 - msg="{{ ansible_hostname }}" -''' + token: 00000000-0000-0000-0000-000000000000 + msg: "{{ ansible_hostname }}" +""" import socket diff --git a/plugins/modules/logstash_plugin.py b/plugins/modules/logstash_plugin.py index 7ee118ff28..ba7bdc2cc5 100644 --- a/plugins/modules/logstash_plugin.py +++ b/plugins/modules/logstash_plugin.py @@ -8,53 +8,51 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: logstash_plugin short_description: Manage Logstash plugins description: - - Manages Logstash plugins. + - Manages Logstash plugins. author: Loic Blot (@nerzhul) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - type: str - description: - - Install plugin with that name. - required: true - state: - type: str - description: - - Apply plugin state. - choices: ["present", "absent"] - default: present - plugin_bin: - type: path - description: - - Specify logstash-plugin to use for plugin management. - default: /usr/share/logstash/bin/logstash-plugin - proxy_host: - type: str - description: - - Proxy host to use during plugin installation. - proxy_port: - type: str - description: - - Proxy port to use during plugin installation. - version: - type: str - description: - - Specify plugin Version of the plugin to install. - If plugin exists with previous version, it will NOT be updated. -''' + name: + type: str + description: + - Install plugin with that name. + required: true + state: + type: str + description: + - Apply plugin state. + choices: ["present", "absent"] + default: present + plugin_bin: + type: path + description: + - Specify logstash-plugin to use for plugin management. + default: /usr/share/logstash/bin/logstash-plugin + proxy_host: + type: str + description: + - Proxy host to use during plugin installation. + proxy_port: + type: str + description: + - Proxy port to use during plugin installation. + version: + type: str + description: + - Specify plugin Version of the plugin to install. If plugin exists with previous version, it will NOT be updated. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install Logstash beats input plugin community.general.logstash_plugin: state: present @@ -77,7 +75,7 @@ EXAMPLES = ''' name: logstash-input-beats environment: LS_JAVA_OPTS: "-Xms256m -Xmx256m" -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/lvg.py b/plugins/modules/lvg.py index 8a6384369a..b4e758aca5 100644 --- a/plugins/modules/lvg.py +++ b/plugins/modules/lvg.py @@ -9,10 +9,9 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: -- Alexander Bulimov (@abulimov) + - Alexander Bulimov (@abulimov) module: lvg short_description: Configure LVM volume groups description: @@ -27,78 +26,77 @@ attributes: options: vg: description: - - The name of the volume group. + - The name of the volume group. type: str required: true pvs: description: - - List of comma-separated devices to use as physical devices in this volume group. - - Required when creating or resizing volume group. - - The module will take care of running pvcreate if needed. + - List of comma-separated devices to use as physical devices in this volume group. + - Required when creating or resizing volume group. + - The module will take care of running pvcreate if needed. type: list elements: str pesize: description: - - "The size of the physical extent. O(pesize) must be a power of 2 of at least 1 sector - (where the sector size is the largest sector size of the PVs currently used in the VG), - or at least 128KiB." - - O(pesize) can be optionally suffixed by a UNIT (k/K/m/M/g/G), default unit is megabyte. + - The size of the physical extent. O(pesize) must be a power of 2 of at least 1 sector (where the sector size is the + largest sector size of the PVs currently used in the VG), or at least 128KiB. + - O(pesize) can be optionally suffixed by a UNIT (k/K/m/M/g/G), default unit is megabyte. type: str default: "4" pv_options: description: - - Additional options to pass to C(pvcreate) when creating the volume group. + - Additional options to pass to C(pvcreate) when creating the volume group. type: str default: '' pvresize: description: - - If V(true), resize the physical volume to the maximum available size. + - If V(true), resize the physical volume to the maximum available size. type: bool default: false version_added: '0.2.0' vg_options: description: - - Additional options to pass to C(vgcreate) when creating the volume group. + - Additional options to pass to C(vgcreate) when creating the volume group. type: str default: '' state: description: - - Control if the volume group exists and it's state. - - The states V(active) and V(inactive) implies V(present) state. Added in 7.1.0 - - "If V(active) or V(inactive), the module manages the VG's logical volumes current state. - The module also handles the VG's autoactivation state if supported - unless when creating a volume group and the autoactivation option specified in O(vg_options)." + - Control if the volume group exists and its state. + - The states V(active) and V(inactive) implies V(present) state. Added in 7.1.0. + - If V(active) or V(inactive), the module manages the VG's logical volumes current state. The module also handles the + VG's autoactivation state if supported unless when creating a volume group and the autoactivation option specified + in O(vg_options). type: str - choices: [ absent, present, active, inactive ] + choices: [absent, present, active, inactive] default: present force: description: - - If V(true), allows to remove volume group with logical volumes. + - If V(true), allows to remove volume group with logical volumes. type: bool default: false reset_vg_uuid: description: - - Whether the volume group's UUID is regenerated. - - This is B(not idempotent). Specifying this parameter always results in a change. + - Whether the volume group's UUID is regenerated. + - This is B(not idempotent). Specifying this parameter always results in a change. type: bool default: false version_added: 7.1.0 reset_pv_uuid: description: - - Whether the volume group's physical volumes' UUIDs are regenerated. - - This is B(not idempotent). Specifying this parameter always results in a change. + - Whether the volume group's physical volumes' UUIDs are regenerated. + - This is B(not idempotent). Specifying this parameter always results in a change. type: bool default: false version_added: 7.1.0 seealso: -- module: community.general.filesystem -- module: community.general.lvol -- module: community.general.parted + - module: community.general.filesystem + - module: community.general.lvol + - module: community.general.parted notes: - This module does not modify PE size for already present volume group. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create a volume group on top of /dev/sda1 with physical extent size = 32MB community.general.lvg: vg: vg.services @@ -154,7 +152,7 @@ EXAMPLES = r''' pvs: /dev/sdb1,/dev/sdc5 reset_vg_uuid: true reset_pv_uuid: true -''' +""" import itertools import os @@ -179,7 +177,7 @@ def parse_vgs(data): def find_mapper_device_name(module, dm_device): dmsetup_cmd = module.get_bin_path('dmsetup', True) mapper_prefix = '/dev/mapper/' - rc, dm_name, err = module.run_command("%s info -C --noheadings -o name %s" % (dmsetup_cmd, dm_device)) + rc, dm_name, err = module.run_command([dmsetup_cmd, "info", "-C", "--noheadings", "-o", "name", dm_device]) if rc != 0: module.fail_json(msg="Failed executing dmsetup command.", rc=rc, err=err) mapper_device = mapper_prefix + dm_name.rstrip() @@ -204,7 +202,7 @@ def find_vg(module, vg): if not vg: return None vgs_cmd = module.get_bin_path('vgs', True) - dummy, current_vgs, dummy = module.run_command("%s --noheadings -o vg_name,pv_count,lv_count --separator ';'" % vgs_cmd, check_rc=True) + dummy, current_vgs, dummy = module.run_command([vgs_cmd, "--noheadings", "-o", "vg_name,pv_count,lv_count", "--separator", ";"], check_rc=True) vgs = parse_vgs(current_vgs) @@ -431,10 +429,10 @@ def main(): for x in itertools.chain(dev_list, module.params['pvs']) ) pvs_filter_vg_name = 'vg_name = {0}'.format(vg) - pvs_filter = "--select '{0} || {1}' ".format(pvs_filter_pv_name, pvs_filter_vg_name) + pvs_filter = ["--select", "{0} || {1}".format(pvs_filter_pv_name, pvs_filter_vg_name)] else: - pvs_filter = '' - rc, current_pvs, err = module.run_command("%s --noheadings -o pv_name,vg_name --separator ';' %s" % (pvs_cmd, pvs_filter)) + pvs_filter = [] + rc, current_pvs, err = module.run_command([pvs_cmd, "--noheadings", "-o", "pv_name,vg_name", "--separator", ";"] + pvs_filter) if rc != 0: module.fail_json(msg="Failed executing pvs command.", rc=rc, err=err) @@ -473,7 +471,7 @@ def main(): if this_vg['lv_count'] == 0 or force: # remove VG vgremove_cmd = module.get_bin_path('vgremove', True) - rc, dummy, err = module.run_command("%s --force %s" % (vgremove_cmd, vg)) + rc, dummy, err = module.run_command([vgremove_cmd, "--force", vg]) if rc == 0: module.exit_json(changed=True) else: @@ -509,7 +507,6 @@ def main(): changed = True else: if devs_to_add: - devs_to_add_string = ' '.join(devs_to_add) # create PV pvcreate_cmd = module.get_bin_path('pvcreate', True) for current_dev in devs_to_add: @@ -520,21 +517,20 @@ def main(): module.fail_json(msg="Creating physical volume '%s' failed" % current_dev, rc=rc, err=err) # add PV to our VG vgextend_cmd = module.get_bin_path('vgextend', True) - rc, dummy, err = module.run_command("%s %s %s" % (vgextend_cmd, vg, devs_to_add_string)) + rc, dummy, err = module.run_command([vgextend_cmd, vg] + devs_to_add) if rc == 0: changed = True else: - module.fail_json(msg="Unable to extend %s by %s." % (vg, devs_to_add_string), rc=rc, err=err) + module.fail_json(msg="Unable to extend %s by %s." % (vg, ' '.join(devs_to_add)), rc=rc, err=err) # remove some PV from our VG if devs_to_remove: - devs_to_remove_string = ' '.join(devs_to_remove) vgreduce_cmd = module.get_bin_path('vgreduce', True) - rc, dummy, err = module.run_command("%s --force %s %s" % (vgreduce_cmd, vg, devs_to_remove_string)) + rc, dummy, err = module.run_command([vgreduce_cmd, "--force", vg] + devs_to_remove) if rc == 0: changed = True else: - module.fail_json(msg="Unable to reduce %s by %s." % (vg, devs_to_remove_string), rc=rc, err=err) + module.fail_json(msg="Unable to reduce %s by %s." % (vg, ' '.join(devs_to_remove)), rc=rc, err=err) module.exit_json(changed=changed) diff --git a/plugins/modules/lvg_rename.py b/plugins/modules/lvg_rename.py index bd48ffa62f..37f513697e 100644 --- a/plugins/modules/lvg_rename.py +++ b/plugins/modules/lvg_rename.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: - Laszlo Szomor (@lszomor) module: lvg_rename @@ -27,23 +26,23 @@ version_added: 7.1.0 options: vg: description: - - The name or UUID of the source VG. - - See V(vgrename(8\)) for valid values. + - The name or UUID of the source VG. + - See V(vgrename(8\)) for valid values. type: str required: true vg_new: description: - - The new name of the VG. - - See V(lvm(8\)) for valid names. + - The new name of the VG. + - See V(lvm(8\)) for valid names. type: str required: true seealso: -- module: community.general.lvg + - module: community.general.lvg notes: - This module does not modify VG renaming-related configurations like C(fstab) entries or boot parameters. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Rename a VG by name community.general.lvg_rename: vg: vg_orig_name @@ -53,7 +52,7 @@ EXAMPLES = r''' community.general.lvg_rename: vg_uuid: SNgd0Q-rPYa-dPB8-U1g6-4WZI-qHID-N7y9Vj vg_new: vg_new_name -''' +""" from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/lvol.py b/plugins/modules/lvol.py index a2a870260a..c66098c354 100644 --- a/plugins/modules/lvol.py +++ b/plugins/modules/lvol.py @@ -8,13 +8,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" author: - - Jeroen Hoekx (@jhoekx) - - Alexander Bulimov (@abulimov) - - Raoul Baudach (@unkaputtbar112) - - Ziga Kern (@zigaSRC) + - Jeroen Hoekx (@jhoekx) + - Alexander Bulimov (@abulimov) + - Raoul Baudach (@unkaputtbar112) + - Ziga Kern (@zigaSRC) module: lvol short_description: Configure LVM logical volumes description: @@ -31,75 +30,75 @@ options: type: str required: true description: - - The volume group this logical volume is part of. + - The volume group this logical volume is part of. lv: type: str description: - - The name of the logical volume. + - The name of the logical volume. size: type: str description: - - The size of the logical volume, according to lvcreate(8) --size, by - default in megabytes or optionally with one of [bBsSkKmMgGtTpPeE] units; or - according to lvcreate(8) --extents as a percentage of [VG|PVS|FREE|ORIGIN]; - Float values must begin with a digit. - - When resizing, apart from specifying an absolute size you may, according to - lvextend(8)|lvreduce(8) C(--size), specify the amount to extend the logical volume with - the prefix V(+) or the amount to reduce the logical volume by with prefix V(-). - - Resizing using V(+) or V(-) was not supported prior to community.general 3.0.0. - - Please note that when using V(+), V(-), or percentage of FREE, the module is B(not idempotent). + - The size of the logical volume, according to lvcreate(8) C(--size), by default in megabytes or optionally with one + of [bBsSkKmMgGtTpPeE] units; or according to lvcreate(8) C(--extents) as a percentage of [VG|PVS|FREE|ORIGIN]; Float + values must begin with a digit. + - When resizing, apart from specifying an absolute size you may, according to lvextend(8)|lvreduce(8) C(--size), specify + the amount to extend the logical volume with the prefix V(+) or the amount to reduce the logical volume by with prefix + V(-). + - Resizing using V(+) or V(-) was not supported prior to community.general 3.0.0. + - Please note that when using V(+), V(-), or percentage of FREE, the module is B(not idempotent). state: type: str description: - - Control if the logical volume exists. If V(present) and the - volume does not already exist then the O(size) option is required. - choices: [ absent, present ] + - Control if the logical volume exists. If V(present) and the volume does not already exist then the O(size) option + is required. + choices: [absent, present] default: present active: description: - - Whether the volume is active and visible to the host. + - Whether the volume is active and visible to the host. type: bool default: true force: description: - - Shrink or remove operations of volumes requires this switch. Ensures that - that filesystems get never corrupted/destroyed by mistake. + - Shrink or remove operations of volumes requires this switch. Ensures that that filesystems get never corrupted/destroyed + by mistake. type: bool default: false opts: type: str description: - - Free-form options to be passed to the lvcreate command. + - Free-form options to be passed to the lvcreate command. snapshot: type: str description: - - The name of a snapshot volume to be configured. When creating a snapshot volume, the O(lv) parameter specifies the origin volume. + - The name of a snapshot volume to be configured. When creating a snapshot volume, the O(lv) parameter specifies the + origin volume. pvs: type: list elements: str description: - - List of physical volumes (for example V(/dev/sda, /dev/sdb)). + - List of physical volumes (for example V(/dev/sda, /dev/sdb)). thinpool: type: str description: - - The thin pool volume name. When you want to create a thin provisioned volume, specify a thin pool volume name. + - The thin pool volume name. When you want to create a thin provisioned volume, specify a thin pool volume name. shrink: description: - - Shrink if current size is higher than size requested. + - Shrink if current size is higher than size requested. type: bool default: true resizefs: description: - - Resize the underlying filesystem together with the logical volume. - - Supported for C(ext2), C(ext3), C(ext4), C(reiserfs) and C(XFS) filesystems. - Attempts to resize other filesystem types will fail. + - Resize the underlying filesystem together with the logical volume. + - Supported for C(ext2), C(ext3), C(ext4), C(reiserfs) and C(XFS) filesystems. Attempts to resize other filesystem types + result in failure. type: bool default: false notes: - You must specify lv (when managing the state of logical volumes) or thinpool (when managing a thin provisioned volume). -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a logical volume of 512m community.general.lvol: vg: firefly @@ -233,9 +232,10 @@ EXAMPLES = ''' lv: test thinpool: testpool size: 128g -''' +""" import re +import shlex from ansible.module_utils.basic import AnsibleModule @@ -281,7 +281,7 @@ def parse_vgs(data): def get_lvm_version(module): ver_cmd = module.get_bin_path("lvm", required=True) - rc, out, err = module.run_command("%s version" % (ver_cmd)) + rc, out, err = module.run_command([ver_cmd, "version"]) if rc != 0: return None m = re.search(r"LVM version:\s+(\d+)\.(\d+)\.(\d+).*(\d{4}-\d{2}-\d{2})", out) @@ -320,14 +320,14 @@ def main(): module.fail_json(msg="Failed to get LVM version number") version_yesopt = mkversion(2, 2, 99) # First LVM with the "--yes" option if version_found >= version_yesopt: - yesopt = "--yes" + yesopt = ["--yes"] else: - yesopt = "" + yesopt = [] vg = module.params['vg'] lv = module.params['lv'] size = module.params['size'] - opts = module.params['opts'] + opts = shlex.split(module.params['opts'] or '') state = module.params['state'] force = module.boolean(module.params['force']) shrink = module.boolean(module.params['shrink']) @@ -338,21 +338,13 @@ def main(): size_unit = 'm' size_operator = None snapshot = module.params['snapshot'] - pvs = module.params['pvs'] - - if pvs is None: - pvs = "" - else: - pvs = " ".join(pvs) - - if opts is None: - opts = "" + pvs = module.params['pvs'] or [] # Add --test option when running in check-mode if module.check_mode: - test_opt = ' --test' + test_opt = ['--test'] else: - test_opt = '' + test_opt = [] if size: # LVEXTEND(8)/LVREDUCE(8) -l, -L options: Check for relative value for resizing @@ -400,7 +392,7 @@ def main(): # Get information on volume group requested vgs_cmd = module.get_bin_path("vgs", required=True) rc, current_vgs, err = module.run_command( - "%s --noheadings --nosuffix -o vg_name,size,free,vg_extent_size --units %s --separator ';' %s" % (vgs_cmd, unit.lower(), vg)) + [vgs_cmd, "--noheadings", "--nosuffix", "-o", "vg_name,size,free,vg_extent_size", "--units", unit.lower(), "--separator", ";", vg]) if rc != 0: if state == 'absent': @@ -414,7 +406,7 @@ def main(): # Get information on logical volume requested lvs_cmd = module.get_bin_path("lvs", required=True) rc, current_lvs, err = module.run_command( - "%s -a --noheadings --nosuffix -o lv_name,size,lv_attr --units %s --separator ';' %s" % (lvs_cmd, unit.lower(), vg)) + [lvs_cmd, "-a", "--noheadings", "--nosuffix", "-o", "lv_name,size,lv_attr", "--units", unit.lower(), "--separator", ";", vg]) if rc != 0: if state == 'absent': @@ -474,20 +466,23 @@ def main(): # create LV lvcreate_cmd = module.get_bin_path("lvcreate", required=True) + cmd = [lvcreate_cmd] + test_opt + yesopt if snapshot is not None: if size: - cmd = "%s %s %s -%s %s%s -s -n %s %s %s/%s" % (lvcreate_cmd, test_opt, yesopt, size_opt, size, size_unit, snapshot, opts, vg, lv) - else: - cmd = "%s %s %s -s -n %s %s %s/%s" % (lvcreate_cmd, test_opt, yesopt, snapshot, opts, vg, lv) - elif thinpool and lv: - if size_opt == 'l': - module.fail_json(changed=False, msg="Thin volume sizing with percentage not supported.") - size_opt = 'V' - cmd = "%s %s %s -n %s -%s %s%s %s -T %s/%s" % (lvcreate_cmd, test_opt, yesopt, lv, size_opt, size, size_unit, opts, vg, thinpool) - elif thinpool and not lv: - cmd = "%s %s %s -%s %s%s %s -T %s/%s" % (lvcreate_cmd, test_opt, yesopt, size_opt, size, size_unit, opts, vg, thinpool) + cmd += ["-%s" % size_opt, "%s%s" % (size, size_unit)] + cmd += ["-s", "-n", snapshot] + opts + ["%s/%s" % (vg, lv)] + elif thinpool: + if lv: + if size_opt == 'l': + module.fail_json(changed=False, msg="Thin volume sizing with percentage not supported.") + size_opt = 'V' + cmd += ["-n", lv] + cmd += ["-%s" % size_opt, "%s%s" % (size, size_unit)] + cmd += opts + ["-T", "%s/%s" % (vg, thinpool)] else: - cmd = "%s %s %s -n %s -%s %s%s %s %s %s" % (lvcreate_cmd, test_opt, yesopt, lv, size_opt, size, size_unit, opts, vg, pvs) + cmd += ["-n", lv] + cmd += ["-%s" % size_opt, "%s%s" % (size, size_unit)] + cmd += opts + [vg] + pvs rc, dummy, err = module.run_command(cmd) if rc == 0: changed = True @@ -499,7 +494,7 @@ def main(): if not force: module.fail_json(msg="Sorry, no removal of logical volume %s without force=true." % (this_lv['name'])) lvremove_cmd = module.get_bin_path("lvremove", required=True) - rc, dummy, err = module.run_command("%s %s --force %s/%s" % (lvremove_cmd, test_opt, vg, this_lv['name'])) + rc, dummy, err = module.run_command([lvremove_cmd] + test_opt + ["--force", "%s/%s" % (vg, this_lv['name'])]) if rc == 0: module.exit_json(changed=True) else: @@ -527,7 +522,7 @@ def main(): if this_lv['size'] < size_requested: if (size_free > 0) and (size_free >= (size_requested - this_lv['size'])): - tool = module.get_bin_path("lvextend", required=True) + tool = [module.get_bin_path("lvextend", required=True)] else: module.fail_json( msg="Logical Volume %s could not be extended. Not enough free space left (%s%s required / %s%s available)" % @@ -539,16 +534,17 @@ def main(): elif not force: module.fail_json(msg="Sorry, no shrinking of %s without force=true" % (this_lv['name'])) else: - tool = module.get_bin_path("lvreduce", required=True) - tool = '%s %s' % (tool, '--force') + tool = [module.get_bin_path("lvreduce", required=True), '--force'] if tool: if resizefs: - tool = '%s %s' % (tool, '--resizefs') + tool += ['--resizefs'] + cmd = tool + test_opt if size_operator: - cmd = "%s %s -%s %s%s%s %s/%s %s" % (tool, test_opt, size_opt, size_operator, size, size_unit, vg, this_lv['name'], pvs) + cmd += ["-%s" % size_opt, "%s%s%s" % (size_operator, size, size_unit)] else: - cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs) + cmd += ["-%s" % size_opt, "%s%s" % (size, size_unit)] + cmd += ["%s/%s" % (vg, this_lv['name'])] + pvs rc, out, err = module.run_command(cmd) if "Reached maximum COW size" in out: module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out) @@ -566,23 +562,24 @@ def main(): # resize LV based on absolute values tool = None if float(size) > this_lv['size'] or size_operator == '+': - tool = module.get_bin_path("lvextend", required=True) + tool = [module.get_bin_path("lvextend", required=True)] elif shrink and float(size) < this_lv['size'] or size_operator == '-': if float(size) == 0: module.fail_json(msg="Sorry, no shrinking of %s to 0 permitted." % (this_lv['name'])) if not force: module.fail_json(msg="Sorry, no shrinking of %s without force=true." % (this_lv['name'])) else: - tool = module.get_bin_path("lvreduce", required=True) - tool = '%s %s' % (tool, '--force') + tool = [module.get_bin_path("lvreduce", required=True), '--force'] if tool: if resizefs: - tool = '%s %s' % (tool, '--resizefs') + tool += ['--resizefs'] + cmd = tool + test_opt if size_operator: - cmd = "%s %s -%s %s%s%s %s/%s %s" % (tool, test_opt, size_opt, size_operator, size, size_unit, vg, this_lv['name'], pvs) + cmd += ["-%s" % size_opt, "%s%s%s" % (size_operator, size, size_unit)] else: - cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs) + cmd += ["-%s" % size_opt, "%s%s" % (size, size_unit)] + cmd += ["%s/%s" % (vg, this_lv['name'])] + pvs rc, out, err = module.run_command(cmd) if "Reached maximum COW size" in out: module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out) @@ -598,14 +595,14 @@ def main(): if this_lv is not None: if active: lvchange_cmd = module.get_bin_path("lvchange", required=True) - rc, dummy, err = module.run_command("%s -ay %s/%s" % (lvchange_cmd, vg, this_lv['name'])) + rc, dummy, err = module.run_command([lvchange_cmd, "-ay", "%s/%s" % (vg, this_lv['name'])]) if rc == 0: module.exit_json(changed=((not this_lv['active']) or changed), vg=vg, lv=this_lv['name'], size=this_lv['size']) else: module.fail_json(msg="Failed to activate logical volume %s" % (lv), rc=rc, err=err) else: lvchange_cmd = module.get_bin_path("lvchange", required=True) - rc, dummy, err = module.run_command("%s -an %s/%s" % (lvchange_cmd, vg, this_lv['name'])) + rc, dummy, err = module.run_command([lvchange_cmd, "-an", "%s/%s" % (vg, this_lv['name'])]) if rc == 0: module.exit_json(changed=(this_lv['active'] or changed), vg=vg, lv=this_lv['name'], size=this_lv['size']) else: diff --git a/plugins/modules/lxc_container.py b/plugins/modules/lxc_container.py index 7ded041e93..8d5face301 100644 --- a/plugins/modules/lxc_container.py +++ b/plugins/modules/lxc_container.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: lxc_container short_description: Manage LXC Containers description: @@ -19,183 +18,172 @@ author: "Kevin Carter (@cloudnull)" extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - name: - description: - - Name of a container. - type: str - required: true - backing_store: - choices: - - dir - - lvm - - loop - - btrfs - - overlayfs - - zfs - description: - - Backend storage type for the container. - type: str - default: dir - template: - description: - - Name of the template to use within an LXC create. - type: str - default: ubuntu - template_options: - description: - - Template options when building the container. - type: str - config: - description: - - Path to the LXC configuration file. - type: path - lv_name: - description: - - Name of the logical volume, defaults to the container name. - - If not specified, it defaults to C($CONTAINER_NAME). - type: str - vg_name: - description: - - If backend store is lvm, specify the name of the volume group. - type: str - default: lxc - thinpool: - description: - - Use LVM thin pool called TP. - type: str - fs_type: - description: - - Create fstype TYPE. - type: str - default: ext4 - fs_size: - description: - - File system Size. - type: str - default: 5G - directory: - description: - - Place rootfs directory under DIR. - type: path - zfs_root: - description: - - Create zfs under given zfsroot. - type: str - container_command: - description: - - Run a command within a container. - type: str - lxc_path: - description: - - Place container under E(PATH). - type: path - container_log: - description: - - Enable a container log for host actions to the container. - type: bool - default: false - container_log_level: - choices: - - Info - - info - - INFO - - Error - - error - - ERROR - - Debug - - debug - - DEBUG - description: - - Set the log level for a container where O(container_log) was set. - type: str - required: false - default: INFO - clone_name: - description: - - Name of the new cloned server. - - This is only used when state is clone. - type: str - clone_snapshot: - description: - - Create a snapshot a container when cloning. - - This is not supported by all container storage backends. - - Enabling this may fail if the backing store does not support snapshots. - type: bool - default: false - archive: - description: - - Create an archive of a container. - - This will create a tarball of the running container. - type: bool - default: false - archive_path: - description: - - Path the save the archived container. - - If the path does not exist the archive method will attempt to create it. - type: path - archive_compression: - choices: - - gzip - - bzip2 - - none - description: - - Type of compression to use when creating an archive of a running - container. - type: str - default: gzip - state: - choices: - - started - - stopped - - restarted - - absent - - frozen - - clone - description: - - Define the state of a container. - - If you clone a container using O(clone_name) the newly cloned - container created in a stopped state. - - The running container will be stopped while the clone operation is - happening and upon completion of the clone the original container - state will be restored. - type: str - default: started - container_config: - description: - - A list of C(key=value) options to use when configuring a container. - type: list - elements: str + name: + description: + - Name of a container. + type: str + required: true + backing_store: + choices: + - dir + - lvm + - loop + - btrfs + - overlayfs + - zfs + description: + - Backend storage type for the container. + type: str + default: dir + template: + description: + - Name of the template to use within an LXC create. + type: str + default: ubuntu + template_options: + description: + - Template options when building the container. + type: str + config: + description: + - Path to the LXC configuration file. + type: path + lv_name: + description: + - Name of the logical volume, defaults to the container name. + - If not specified, it defaults to E(CONTAINER_NAME). + type: str + vg_name: + description: + - If backend store is lvm, specify the name of the volume group. + type: str + default: lxc + thinpool: + description: + - Use LVM thin pool called TP. + type: str + fs_type: + description: + - Create fstype TYPE. + type: str + default: ext4 + fs_size: + description: + - File system Size. + type: str + default: 5G + directory: + description: + - Place rootfs directory under DIR. + type: path + zfs_root: + description: + - Create zfs under given zfsroot. + type: str + container_command: + description: + - Run a command within a container. + type: str + lxc_path: + description: + - Place container under E(PATH). + type: path + container_log: + description: + - Enable a container log for host actions to the container. + type: bool + default: false + container_log_level: + choices: + - Info + - info + - INFO + - Error + - error + - ERROR + - Debug + - debug + - DEBUG + description: + - Set the log level for a container where O(container_log) was set. + type: str + required: false + default: INFO + clone_name: + description: + - Name of the new cloned server. + - This is only used when state is clone. + type: str + clone_snapshot: + description: + - Create a snapshot a container when cloning. + - This is not supported by all container storage backends. + - Enabling this may fail if the backing store does not support snapshots. + type: bool + default: false + archive: + description: + - Create an archive of a container. + - This will create a tarball of the running container. + type: bool + default: false + archive_path: + description: + - Path the save the archived container. + - If the path does not exist the archive method will attempt to create it. + type: path + archive_compression: + choices: + - gzip + - bzip2 + - none + description: + - Type of compression to use when creating an archive of a running container. + type: str + default: gzip + state: + choices: + - started + - stopped + - restarted + - absent + - frozen + - clone + description: + - Define the state of a container. + - If you clone a container using O(clone_name) the newly cloned container created in a stopped state. + - The running container will be stopped while the clone operation is happening and upon completion of the clone the + original container state will be restored. + type: str + default: started + container_config: + description: + - A list of C(key=value) options to use when configuring a container. + type: list + elements: str requirements: - 'lxc >= 2.0 # OS package' - 'python3 >= 3.5 # OS Package' - 'python3-lxc # OS Package' notes: - - Containers must have a unique name. If you attempt to create a container - with a name that already exists in the users namespace the module will - simply return as "unchanged". - - The O(container_command) can be used with any state except V(absent). If - used with state V(stopped) the container will be V(started), the command - executed, and then the container V(stopped) again. Likewise if O(state=stopped) - and the container does not exist it will be first created, - V(started), the command executed, and then V(stopped). If you use a "|" - in the variable you can use common script formatting within the variable - itself. The O(container_command) option will always execute as BASH. - When using O(container_command), a log file is created in the C(/tmp/) directory - which contains both C(stdout) and C(stderr) of any command executed. - - If O(archive=true) the system will attempt to create a compressed - tarball of the running container. The O(archive) option supports LVM backed - containers and will create a snapshot of the running container when - creating the archive. - - If your distro does not have a package for C(python3-lxc), which is a - requirement for this module, it can be installed from source at - U(https://github.com/lxc/python3-lxc) or installed via pip using the - package name C(lxc). -''' + - Containers must have a unique name. If you attempt to create a container with a name that already exists in the users + namespace the module will simply return as "unchanged". + - The O(container_command) can be used with any state except V(absent). If used with state V(stopped) the container will + be V(started), the command executed, and then the container V(stopped) again. Likewise if O(state=stopped) and the container + does not exist it will be first created, V(started), the command executed, and then V(stopped). If you use a C(|) in the + variable you can use common script formatting within the variable itself. The O(container_command) option will always + execute as C(bash). When using O(container_command), a log file is created in the C(/tmp/) directory which contains both + C(stdout) and C(stderr) of any command executed. + - If O(archive=true) the system will attempt to create a compressed tarball of the running container. The O(archive) option + supports LVM backed containers and will create a snapshot of the running container when creating the archive. + - If your distro does not have a package for C(python3-lxc), which is a requirement for this module, it can be installed + from source at U(https://github.com/lxc/python3-lxc) or installed using C(pip install lxc). +""" EXAMPLES = r""" - name: Create a started container @@ -268,14 +256,14 @@ EXAMPLES = r""" ansible.builtin.debug: var: lvm_container_info -- name: Run a command in a container and ensure its in a "stopped" state. +- name: Run a command in a container and ensure it is in a "stopped" state. community.general.lxc_container: name: test-container-started state: stopped container_command: | echo 'hello world.' | tee /opt/stopped -- name: Run a command in a container and ensure its it in a "frozen" state. +- name: Run a command in a container and ensure it is in a "frozen" state. community.general.lxc_container: name: test-container-stopped state: frozen @@ -382,45 +370,45 @@ EXAMPLES = r""" RETURN = r""" lxc_container: - description: container information - returned: success - type: complex - contains: - name: - description: name of the lxc container - returned: success - type: str - sample: test_host - init_pid: - description: pid of the lxc init process - returned: success - type: int - sample: 19786 - interfaces: - description: list of the container's network interfaces - returned: success - type: list - sample: [ "eth0", "lo" ] - ips: - description: list of ips - returned: success - type: list - sample: [ "10.0.3.3" ] - state: - description: resulting state of the container - returned: success - type: str - sample: "running" - archive: - description: resulting state of the container - returned: success, when archive is true - type: str - sample: "/tmp/test-container-config.tar" - clone: - description: if the container was cloned - returned: success, when clone_name is specified - type: bool - sample: true + description: Container information. + returned: success + type: complex + contains: + name: + description: Name of the LXC container. + returned: success + type: str + sample: test_host + init_pid: + description: Pid of the LXC init process. + returned: success + type: int + sample: 19786 + interfaces: + description: List of the container's network interfaces. + returned: success + type: list + sample: ["eth0", "lo"] + ips: + description: List of IPs. + returned: success + type: list + sample: ["10.0.3.3"] + state: + description: Resulting state of the container. + returned: success + type: str + sample: "running" + archive: + description: Resulting state of the container. + returned: success, when archive is true + type: str + sample: "/tmp/test-container-config.tar" + clone: + description: If the container was cloned. + returned: success, when clone_name is specified + type: bool + sample: true """ import os @@ -683,18 +671,18 @@ class LxcContainerManagement(object): variables.pop(v, None) false_values = BOOLEANS_FALSE.union([None, '']) - result = dict( - (v, self.module.params[k]) + result = { + v: self.module.params[k] for k, v in variables.items() if self.module.params[k] not in false_values - ) + } return result def _config(self): """Configure an LXC container. Write new configuration values to the lxc config file. This will - stop the container if it's running write the new options and then + stop the container if it is running write the new options and then restart the container upon completion. """ diff --git a/plugins/modules/lxca_cmms.py b/plugins/modules/lxca_cmms.py index 1f811a7efa..8ece67470b 100644 --- a/plugins/modules/lxca_cmms.py +++ b/plugins/modules/lxca_cmms.py @@ -8,16 +8,14 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" author: - Naval Patel (@navalkp) - Prashant Bhosale (@prabhosa) module: lxca_cmms short_description: Custom module for lxca cmms inventory utility description: - - This module returns/displays a inventory details of cmms - + - This module returns/displays a inventory details of cmms. attributes: check_mode: support: none @@ -26,32 +24,28 @@ attributes: options: uuid: - description: - uuid of device, this is string with length greater than 16. + description: UUID of device, this is string with length greater than 16. type: str command_options: - description: - options to filter nodes information + description: Options to filter nodes information. default: cmms choices: - - cmms - - cmms_by_uuid - - cmms_by_chassis_uuid + - cmms + - cmms_by_uuid + - cmms_by_chassis_uuid type: str chassis: - description: - uuid of chassis, this is string with length greater than 16. + description: UUID of chassis, this is string with length greater than 16. type: str extends_documentation_fragment: - community.general.lxca_common - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # get all cmms info - name: Get nodes data from LXCA community.general.lxca_cmms: @@ -76,28 +70,27 @@ EXAMPLES = ''' auth_url: "https://10.243.15.168" chassis: "3C737AA5E31640CE949B10C129A8B01F" command_options: cmms_by_chassis_uuid +""" -''' - -RETURN = r''' +RETURN = r""" result: - description: cmms detail from lxca - returned: success - type: dict - sample: - cmmList: - - machineType: '' - model: '' - type: 'CMM' - uuid: '118D2C88C8FD11E4947B6EAE8B4BDCDF' + description: Cmms detail from lxca. + returned: success + type: dict + sample: + cmmList: + - machineType: '' + model: '' + type: 'CMM' + uuid: '118D2C88C8FD11E4947B6EAE8B4BDCDF' # bunch of properties - - machineType: '' - model: '' - type: 'CMM' - uuid: '223D2C88C8FD11E4947B6EAE8B4BDCDF' + - machineType: '' + model: '' + type: 'CMM' + uuid: '223D2C88C8FD11E4947B6EAE8B4BDCDF' # bunch of properties # Multiple cmms details -''' +""" import traceback from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/lxca_nodes.py b/plugins/modules/lxca_nodes.py index 3b37322edb..f133671114 100644 --- a/plugins/modules/lxca_nodes.py +++ b/plugins/modules/lxca_nodes.py @@ -8,16 +8,14 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" author: - Naval Patel (@navalkp) - Prashant Bhosale (@prabhosa) module: lxca_nodes short_description: Custom module for lxca nodes inventory utility description: - - This module returns/displays a inventory details of nodes - + - This module returns/displays a inventory details of nodes. attributes: check_mode: support: none @@ -26,34 +24,30 @@ attributes: options: uuid: - description: - uuid of device, this is string with length greater than 16. + description: UUID of device, this is string with length greater than 16. type: str command_options: - description: - options to filter nodes information + description: Options to filter nodes information. default: nodes choices: - - nodes - - nodes_by_uuid - - nodes_by_chassis_uuid - - nodes_status_managed - - nodes_status_unmanaged + - nodes + - nodes_by_uuid + - nodes_by_chassis_uuid + - nodes_status_managed + - nodes_status_unmanaged type: str chassis: - description: - uuid of chassis, this is string with length greater than 16. + description: UUID of chassis, this is string with length greater than 16. type: str extends_documentation_fragment: - community.general.lxca_common - community.general.attributes +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" # get all nodes info - name: Get nodes data from LXCA community.general.lxca_nodes: @@ -95,28 +89,27 @@ EXAMPLES = ''' login_password: Password auth_url: "https://10.243.15.168" command_options: nodes_status_unmanaged +""" -''' - -RETURN = r''' +RETURN = r""" result: - description: nodes detail from lxca - returned: always - type: dict - sample: - nodeList: - - machineType: '6241' - model: 'AC1' - type: 'Rack-TowerServer' - uuid: '118D2C88C8FD11E4947B6EAE8B4BDCDF' + description: Nodes detail from lxca. + returned: always + type: dict + sample: + nodeList: + - machineType: '6241' + model: 'AC1' + type: 'Rack-TowerServer' + uuid: '118D2C88C8FD11E4947B6EAE8B4BDCDF' # bunch of properties - - machineType: '8871' - model: 'AC1' - type: 'Rack-TowerServer' - uuid: '223D2C88C8FD11E4947B6EAE8B4BDCDF' + - machineType: '8871' + model: 'AC1' + type: 'Rack-TowerServer' + uuid: '223D2C88C8FD11E4947B6EAE8B4BDCDF' # bunch of properties # Multiple nodes details -''' +""" import traceback from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/lxd_container.py b/plugins/modules/lxd_container.py index 9fd1b183be..4fc0e4293d 100644 --- a/plugins/modules/lxd_container.py +++ b/plugins/modules/lxd_container.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: lxd_container short_description: Manage LXD instances description: @@ -19,195 +18,182 @@ author: "Hiroaki Nakamura (@hnakamur)" extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: full - version_added: 6.4.0 - diff_mode: - support: full - version_added: 6.4.0 + check_mode: + support: full + version_added: 6.4.0 + diff_mode: + support: full + version_added: 6.4.0 options: - name: - description: - - Name of an instance. - type: str - required: true - project: - description: - - 'Project of an instance. - See U(https://documentation.ubuntu.com/lxd/en/latest/projects/).' - required: false - type: str - version_added: 4.8.0 - architecture: - description: - - 'The architecture for the instance (for example V(x86_64) or V(i686)). - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get).' - type: str - required: false - config: - description: - - 'The config for the instance (for example V({"limits.cpu": "2"})). - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get).' - - If the instance already exists and its "config" values in metadata - obtained from the LXD API U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get) - are different, then this module tries to apply the configurations - U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_put). - - The keys starting with C(volatile.) are ignored for this comparison when O(ignore_volatile_options=true). - type: dict - required: false - ignore_volatile_options: - description: - - If set to V(true), options starting with C(volatile.) are ignored. As a result, - they are reapplied for each execution. - - This default behavior can be changed by setting this option to V(false). - - The default value changed from V(true) to V(false) in community.general 6.0.0. - type: bool - required: false - default: false - version_added: 3.7.0 - profiles: - description: - - Profile to be used by the instance. - type: list - elements: str - devices: - description: - - 'The devices for the instance - (for example V({ "rootfs": { "path": "/dev/kvm", "type": "unix-char" }})). - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get).' - type: dict - required: false - ephemeral: - description: - - Whether or not the instance is ephemeral (for example V(true) or V(false)). - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get). - required: false - type: bool - source: - description: - - 'The source for the instance - (for example V({ "type": "image", "mode": "pull", "server": "https://images.linuxcontainers.org", - "protocol": "lxd", "alias": "ubuntu/xenial/amd64" })).' - - 'See U(https://documentation.ubuntu.com/lxd/en/latest/api/) for complete API documentation.' - - 'Note that C(protocol) accepts two choices: V(lxd) or V(simplestreams).' - required: false - type: dict - state: - choices: - - started - - stopped - - restarted - - absent - - frozen - description: - - Define the state of an instance. - required: false - default: started - type: str - target: - description: - - For cluster deployments. Will attempt to create an instance on a target node. - If the instance exists elsewhere in a cluster, then it will not be replaced or moved. - The name should respond to same name of the node you see in C(lxc cluster list). - type: str - required: false - version_added: 1.0.0 - timeout: - description: - - A timeout for changing the state of the instance. - - This is also used as a timeout for waiting until IPv4 addresses - are set to the all network interfaces in the instance after - starting or restarting. - required: false - default: 30 - type: int - type: - description: - - Instance type can be either V(virtual-machine) or V(container). - required: false - default: container - choices: - - container - - virtual-machine - type: str - version_added: 4.1.0 - wait_for_ipv4_addresses: - description: - - If this is V(true), the C(lxd_container) waits until IPv4 addresses - are set to the all network interfaces in the instance after - starting or restarting. - required: false - default: false - type: bool - wait_for_container: - description: - - If set to V(true), the tasks will wait till the task reports a - success status when performing container operations. - default: false - type: bool - version_added: 4.4.0 - force_stop: - description: - - If this is V(true), the C(lxd_container) forces to stop the instance - when it stops or restarts the instance. - required: false - default: false - type: bool - url: - description: - - The unix domain socket path or the https URL for the LXD server. - required: false - default: unix:/var/lib/lxd/unix.socket - type: str - snap_url: - description: - - The unix domain socket path when LXD is installed by snap package manager. - required: false - default: unix:/var/snap/lxd/common/lxd/unix.socket - type: str - client_key: - description: - - The client certificate key file path. - - If not specified, it defaults to C(${HOME}/.config/lxc/client.key). - required: false - aliases: [ key_file ] - type: path - client_cert: - description: - - The client certificate file path. - - If not specified, it defaults to C(${HOME}/.config/lxc/client.crt). - required: false - aliases: [ cert_file ] - type: path - trust_password: - description: - - The client trusted password. - - 'You need to set this password on the LXD server before - running this module using the following command: - C(lxc config set core.trust_password ). - See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).' - - If trust_password is set, this module send a request for - authentication before sending any requests. - required: false - type: str + name: + description: + - Name of an instance. + type: str + required: true + project: + description: + - Project of an instance. + - See U(https://documentation.ubuntu.com/lxd/en/latest/projects/). + required: false + type: str + version_added: 4.8.0 + architecture: + description: + - The architecture for the instance (for example V(x86_64) or V(i686)). + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get). + type: str + required: false + config: + description: + - 'The config for the instance (for example V({"limits.cpu": "2"})).' + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get). + - If the instance already exists and its "config" values in metadata obtained from the LXD API + U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get) + are different, then this module tries to apply the configurations U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_put). + - The keys starting with C(volatile.) are ignored for this comparison when O(ignore_volatile_options=true). + type: dict + required: false + ignore_volatile_options: + description: + - If set to V(true), options starting with C(volatile.) are ignored. As a result, they are reapplied for each execution. + - This default behavior can be changed by setting this option to V(false). + - The default value changed from V(true) to V(false) in community.general 6.0.0. + type: bool + required: false + default: false + version_added: 3.7.0 + profiles: + description: + - Profile to be used by the instance. + type: list + elements: str + devices: + description: + - 'The devices for the instance (for example V({ "rootfs": { "path": "/dev/kvm", "type": "unix-char" }})).' + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get). + type: dict + required: false + ephemeral: + description: + - Whether or not the instance is ephemeral (for example V(true) or V(false)). + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/instances/instance_get). + required: false + type: bool + source: + description: + - 'The source for the instance (for example V({ "type": "image", "mode": "pull", "server": "https://cloud-images.ubuntu.com/releases/", + "protocol": "simplestreams", "alias": "22.04" })).' + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/) for complete API documentation. + - 'Note that C(protocol) accepts two choices: V(lxd) or V(simplestreams).' + required: false + type: dict + state: + choices: + - started + - stopped + - restarted + - absent + - frozen + description: + - Define the state of an instance. + required: false + default: started + type: str + target: + description: + - For cluster deployments. Will attempt to create an instance on a target node. If the instance exists elsewhere in + a cluster, then it will not be replaced or moved. The name should respond to same name of the node you see in C(lxc + cluster list). + type: str + required: false + version_added: 1.0.0 + timeout: + description: + - A timeout for changing the state of the instance. + - This is also used as a timeout for waiting until IPv4 addresses are set to the all network interfaces in the instance + after starting or restarting. + required: false + default: 30 + type: int + type: + description: + - Instance type can be either V(virtual-machine) or V(container). + required: false + default: container + choices: + - container + - virtual-machine + type: str + version_added: 4.1.0 + wait_for_ipv4_addresses: + description: + - If this is V(true), the C(lxd_container) waits until IPv4 addresses are set to the all network interfaces in the instance + after starting or restarting. + required: false + default: false + type: bool + wait_for_container: + description: + - If set to V(true), the tasks will wait till the task reports a success status when performing container operations. + default: false + type: bool + version_added: 4.4.0 + force_stop: + description: + - If this is V(true), the C(lxd_container) forces to stop the instance when it stops or restarts the instance. + required: false + default: false + type: bool + url: + description: + - The unix domain socket path or the https URL for the LXD server. + required: false + default: unix:/var/lib/lxd/unix.socket + type: str + snap_url: + description: + - The unix domain socket path when LXD is installed by snap package manager. + required: false + default: unix:/var/snap/lxd/common/lxd/unix.socket + type: str + client_key: + description: + - The client certificate key file path. + - If not specified, it defaults to C(${HOME}/.config/lxc/client.key). + required: false + aliases: [key_file] + type: path + client_cert: + description: + - The client certificate file path. + - If not specified, it defaults to C(${HOME}/.config/lxc/client.crt). + required: false + aliases: [cert_file] + type: path + trust_password: + description: + - The client trusted password. + - 'You need to set this password on the LXD server before running this module using the following command: C(lxc config + set core.trust_password ). See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).' + - If trust_password is set, this module send a request for authentication before sending any requests. + required: false + type: str notes: - Instances can be a container or a virtual machine, both of them must have unique name. If you attempt to create an instance - with a name that already existed in the users namespace the module will - simply return as "unchanged". - - There are two ways to run commands inside a container or virtual machine, using the command - module or using the ansible lxd connection plugin bundled in Ansible >= - 2.1, the later requires python to be installed in the instance which can - be done with the command module. - - You can copy a file from the host to the instance - with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) module - and the P(community.general.lxd#connection) connection plugin. - See the example below. - - You can copy a file in the created instance to the localhost - with C(command=lxc file pull instance_name/dir/filename filename). + with a name that already existed in the users namespace the module will simply return as "unchanged". + - There are two ways to run commands inside a container or virtual machine, using the command module or using the ansible + lxd connection plugin bundled in Ansible >= 2.1, the later requires python to be installed in the instance which can be + done with the command module. + - You can copy a file from the host to the instance with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) + module and the P(community.general.lxd#connection) connection plugin. See the example below. + - You can copy a file in the created instance to the localhost with C(command=lxc file pull instance_name/dir/filename filename). See the first example below. -''' + - Linuxcontainers.org has phased out LXC/LXD support with March 2024 + (U(https://discuss.linuxcontainers.org/t/important-notice-for-lxd-users-image-server/18479)). + Currently only Ubuntu is still providing images. +""" -EXAMPLES = ''' +EXAMPLES = r""" # An example for creating a Ubuntu container and install python - hosts: localhost connection: local @@ -220,9 +206,9 @@ EXAMPLES = ''' source: type: image mode: pull - server: https://images.linuxcontainers.org - protocol: lxd # if you get a 404, try setting protocol: simplestreams - alias: ubuntu/xenial/amd64 + server: https://cloud-images.ubuntu.com/releases/ + protocol: simplestreams + alias: "22.04" profiles: ["default"] wait_for_ipv4_addresses: true timeout: 600 @@ -264,6 +250,26 @@ EXAMPLES = ''' wait_for_ipv4_addresses: true timeout: 600 +# An example of creating a ubuntu-minial container +- hosts: localhost + connection: local + tasks: + - name: Create a started container + community.general.lxd_container: + name: mycontainer + ignore_volatile_options: true + state: started + source: + type: image + mode: pull + # Provides Ubuntu minimal images + server: https://cloud-images.ubuntu.com/minimal/releases/ + protocol: simplestreams + alias: "22.04" + profiles: ["default"] + wait_for_ipv4_addresses: true + timeout: 600 + # An example for creating container in project other than default - hosts: localhost connection: local @@ -278,8 +284,8 @@ EXAMPLES = ''' protocol: simplestreams type: image mode: pull - server: https://images.linuxcontainers.org - alias: ubuntu/20.04/cloud + server: https://cloud-images.ubuntu.com/releases/ + alias: "22.04" profiles: ["default"] wait_for_ipv4_addresses: true timeout: 600 @@ -312,8 +318,8 @@ EXAMPLES = ''' community.general.lxd_container: url: https://127.0.0.1:8443 # These client_cert and client_key values are equal to the default values. - #client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt" - #client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key" + # client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt" + # client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key" trust_password: mypassword name: mycontainer state: restarted @@ -347,7 +353,7 @@ EXAMPLES = ''' source: type: image mode: pull - alias: ubuntu/xenial/amd64 + alias: "22.04" target: node01 - name: Create container on another node @@ -358,7 +364,7 @@ EXAMPLES = ''' source: type: image mode: pull - alias: ubuntu/xenial/amd64 + alias: "22.04" target: node02 # An example for creating a virtual machine @@ -377,12 +383,12 @@ EXAMPLES = ''' protocol: simplestreams type: image mode: pull - server: https://images.linuxcontainers.org + server: ['...'] # URL to the image server alias: debian/11 timeout: 600 -''' +""" -RETURN = ''' +RETURN = r""" addresses: description: Mapping from the network device name to a list of IPv4 addresses in the instance. returned: when state is started or restarted @@ -403,7 +409,8 @@ actions: returned: success type: list sample: ["create", "start"] -''' +""" + import copy import datetime import os @@ -593,8 +600,15 @@ class LXDContainerManagement(object): def _instance_ipv4_addresses(self, ignore_devices=None): ignore_devices = ['lo'] if ignore_devices is None else ignore_devices data = (self._get_instance_state_json() or {}).get('metadata', None) or {} - network = dict((k, v) for k, v in (data.get('network', None) or {}).items() if k not in ignore_devices) - addresses = dict((k, [a['address'] for a in v['addresses'] if a['family'] == 'inet']) for k, v in network.items()) + network = { + k: v + for k, v in (data.get('network') or {}).items() + if k not in ignore_devices + } + addresses = { + k: [a['address'] for a in v['addresses'] if a['family'] == 'inet'] + for k, v in network.items() + } return addresses @staticmethod @@ -725,19 +739,22 @@ class LXDContainerManagement(object): def run(self): """Run the main method.""" + def adjust_content(content): + return content if not isinstance(content, dict) else { + k: v for k, v in content.items() if not (self.ignore_volatile_options and k.startswith('volatile.')) + } + try: if self.trust_password is not None: self.client.authenticate(self.trust_password) self.ignore_volatile_options = self.module.params.get('ignore_volatile_options') self.old_instance_json = self._get_instance_json() - self.old_sections = dict( - (section, content) if not isinstance(content, dict) - else (section, dict((k, v) for k, v in content.items() - if not (self.ignore_volatile_options and k.startswith('volatile.')))) - for section, content in (self.old_instance_json.get('metadata', None) or {}).items() + self.old_sections = { + section: adjust_content(content) + for section, content in (self.old_instance_json.get('metadata') or {}).items() if section in set(CONFIG_PARAMS) - set(CONFIG_CREATION_PARAMS) - ) + } self.diff['before']['instance'] = self.old_sections # preliminary, will be overwritten in _apply_instance_configs() if called diff --git a/plugins/modules/lxd_profile.py b/plugins/modules/lxd_profile.py index 13660fd91d..efdf50ea90 100644 --- a/plugins/modules/lxd_profile.py +++ b/plugins/modules/lxd_profile.py @@ -9,126 +9,114 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: lxd_profile short_description: Manage LXD profiles description: - - Management of LXD profiles + - Management of LXD profiles. author: "Hiroaki Nakamura (@hnakamur)" extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - name: - description: - - Name of a profile. - required: true - type: str - project: - description: - - 'Project of a profile. - See U(https://documentation.ubuntu.com/lxd/en/latest/projects/).' - type: str - required: false - version_added: 4.8.0 + name: description: - description: - - Description of the profile. - type: str - config: - description: - - 'The config for the instance (e.g. {"limits.memory": "4GB"}). - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_get).' - - If the profile already exists and its "config" value in metadata - obtained from - GET /1.0/profiles/ - U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_get) - are different, then this module tries to apply the configurations - U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_put). - - Not all config values are supported to apply the existing profile. - Maybe you need to delete and recreate a profile. - required: false - type: dict - devices: - description: - - 'The devices for the profile - (e.g. {"rootfs": {"path": "/dev/kvm", "type": "unix-char"}). - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_get).' - required: false - type: dict - new_name: - description: - - A new name of a profile. - - If this parameter is specified a profile will be renamed to this name. - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_post). - required: false - type: str - merge_profile: - description: - - Merge the configuration of the present profile with the new desired configuration, - instead of replacing it. - required: false - default: false - type: bool - version_added: 2.1.0 - state: - choices: - - present - - absent - description: - - Define the state of a profile. - required: false - default: present - type: str - url: - description: - - The unix domain socket path or the https URL for the LXD server. - required: false - default: unix:/var/lib/lxd/unix.socket - type: str - snap_url: - description: - - The unix domain socket path when LXD is installed by snap package manager. - required: false - default: unix:/var/snap/lxd/common/lxd/unix.socket - type: str - client_key: - description: - - The client certificate key file path. - - If not specified, it defaults to C($HOME/.config/lxc/client.key). - required: false - aliases: [ key_file ] - type: path - client_cert: - description: - - The client certificate file path. - - If not specified, it defaults to C($HOME/.config/lxc/client.crt). - required: false - aliases: [ cert_file ] - type: path - trust_password: - description: - - The client trusted password. - - You need to set this password on the LXD server before - running this module using the following command. - lxc config set core.trust_password - See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/) - - If trust_password is set, this module send a request for - authentication before sending any requests. - required: false - type: str + - Name of a profile. + required: true + type: str + project: + description: + - Project of a profile. See U(https://documentation.ubuntu.com/lxd/en/latest/projects/). + type: str + required: false + version_added: 4.8.0 + description: + description: + - Description of the profile. + type: str + config: + description: + - 'The config for the instance (for example V({"limits.memory": "4GB"})).' + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_get). + - If the profile already exists and its C(config) value in metadata obtained from GET /1.0/profiles/ + U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_get) + are different, then this module tries to apply the configurations U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_put). + - Not all config values are supported to apply the existing profile. Maybe you need to delete and recreate a profile. + required: false + type: dict + devices: + description: + - 'The devices for the profile (for example V({"rootfs": {"path": "/dev/kvm", "type": "unix-char"})).' + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_get). + required: false + type: dict + new_name: + description: + - A new name of a profile. + - If this parameter is specified a profile will be renamed to this name. + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/profiles/profile_post). + required: false + type: str + merge_profile: + description: + - Merge the configuration of the present profile with the new desired configuration, instead of replacing it. + required: false + default: false + type: bool + version_added: 2.1.0 + state: + choices: + - present + - absent + description: + - Define the state of a profile. + required: false + default: present + type: str + url: + description: + - The unix domain socket path or the https URL for the LXD server. + required: false + default: unix:/var/lib/lxd/unix.socket + type: str + snap_url: + description: + - The unix domain socket path when LXD is installed by snap package manager. + required: false + default: unix:/var/snap/lxd/common/lxd/unix.socket + type: str + client_key: + description: + - The client certificate key file path. + - If not specified, it defaults to C($HOME/.config/lxc/client.key). + required: false + aliases: [key_file] + type: path + client_cert: + description: + - The client certificate file path. + - If not specified, it defaults to C($HOME/.config/lxc/client.crt). + required: false + aliases: [cert_file] + type: path + trust_password: + description: + - The client trusted password. + - 'You need to set this password on the LXD server before running this module using the following command: C(lxc config + set core.trust_password ). See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).' + - If O(trust_password) is set, this module send a request for authentication before sending any requests. + required: false + type: str notes: - - Profiles must have a unique name. If you attempt to create a profile - with a name that already existed in the users namespace the module will - simply return as "unchanged". -''' + - Profiles must have a unique name. If you attempt to create a profile with a name that already existed in the users namespace + the module will simply return as "unchanged". +""" -EXAMPLES = ''' +EXAMPLES = r""" # An example for creating a profile - hosts: localhost connection: local @@ -162,22 +150,22 @@ EXAMPLES = ''' - hosts: localhost connection: local tasks: - - name: Create macvlan profile - community.general.lxd_profile: - url: https://127.0.0.1:8443 - # These client_cert and client_key values are equal to the default values. - #client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt" - #client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key" - trust_password: mypassword - name: macvlan - state: present - config: {} - description: my macvlan profile - devices: - eth0: - nictype: macvlan - parent: br0 - type: nic + - name: Create macvlan profile + community.general.lxd_profile: + url: https://127.0.0.1:8443 + # These client_cert and client_key values are equal to the default values. + # client_cert: "{{ lookup('env', 'HOME') }}/.config/lxc/client.crt" + # client_key: "{{ lookup('env', 'HOME') }}/.config/lxc/client.key" + trust_password: mypassword + name: macvlan + state: present + config: {} + description: my macvlan profile + devices: + eth0: + nictype: macvlan + parent: br0 + type: nic # An example for modify/merge a profile - hosts: localhost @@ -214,11 +202,11 @@ EXAMPLES = ''' name: macvlan new_name: macvlan2 state: present -''' +""" -RETURN = ''' +RETURN = r""" old_state: - description: The old state of the profile + description: The old state of the profile. returned: success type: str sample: "absent" @@ -232,7 +220,7 @@ actions: returned: success type: list sample: ["create"] -''' +""" import os from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/lxd_project.py b/plugins/modules/lxd_project.py index 0d321808a2..98068175aa 100644 --- a/plugins/modules/lxd_project.py +++ b/plugins/modules/lxd_project.py @@ -7,8 +7,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: lxd_project short_description: Manage LXD projects version_added: 4.8.0 @@ -18,98 +17,91 @@ author: "Raymond Chang (@we10710aa)" extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - name: - description: - - Name of the project. - required: true - type: str + name: description: - description: - - Description of the project. - type: str - config: - description: - - 'The config for the project (for example V({"features.profiles": "true"})). - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_get).' - - If the project already exists and its "config" value in metadata - obtained from - C(GET /1.0/projects/) - U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_get) - are different, then this module tries to apply the configurations - U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_put). - type: dict - new_name: - description: - - A new name of a project. - - If this parameter is specified a project will be renamed to this name. - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_post). - required: false - type: str - merge_project: - description: - - Merge the configuration of the present project with the new desired configuration, - instead of replacing it. If configuration is the same after merged, no change will be made. - required: false - default: false - type: bool - state: - choices: - - present - - absent - description: - - Define the state of a project. - required: false - default: present - type: str - url: - description: - - The Unix domain socket path or the https URL for the LXD server. - required: false - default: unix:/var/lib/lxd/unix.socket - type: str - snap_url: - description: - - The Unix domain socket path when LXD is installed by snap package manager. - required: false - default: unix:/var/snap/lxd/common/lxd/unix.socket - type: str - client_key: - description: - - The client certificate key file path. - - If not specified, it defaults to C($HOME/.config/lxc/client.key). - required: false - aliases: [ key_file ] - type: path - client_cert: - description: - - The client certificate file path. - - If not specified, it defaults to C($HOME/.config/lxc/client.crt). - required: false - aliases: [ cert_file ] - type: path - trust_password: - description: - - The client trusted password. - - 'You need to set this password on the LXD server before - running this module using the following command: - C(lxc config set core.trust_password ) - See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).' - - If O(trust_password) is set, this module send a request for - authentication before sending any requests. - required: false - type: str + - Name of the project. + required: true + type: str + description: + description: + - Description of the project. + type: str + config: + description: + - 'The config for the project (for example V({"features.profiles": "true"})).' + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_get). + - If the project already exists and its "config" value in metadata obtained from C(GET /1.0/projects/) + U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_get) + are different, then this module tries to apply the configurations U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_put). + type: dict + new_name: + description: + - A new name of a project. + - If this parameter is specified a project will be renamed to this name. + - See U(https://documentation.ubuntu.com/lxd/en/latest/api/#/projects/project_post). + required: false + type: str + merge_project: + description: + - Merge the configuration of the present project with the new desired configuration, instead of replacing it. If configuration + is the same after merged, no change will be made. + required: false + default: false + type: bool + state: + choices: + - present + - absent + description: + - Define the state of a project. + required: false + default: present + type: str + url: + description: + - The Unix domain socket path or the https URL for the LXD server. + required: false + default: unix:/var/lib/lxd/unix.socket + type: str + snap_url: + description: + - The Unix domain socket path when LXD is installed by snap package manager. + required: false + default: unix:/var/snap/lxd/common/lxd/unix.socket + type: str + client_key: + description: + - The client certificate key file path. + - If not specified, it defaults to C($HOME/.config/lxc/client.key). + required: false + aliases: [key_file] + type: path + client_cert: + description: + - The client certificate file path. + - If not specified, it defaults to C($HOME/.config/lxc/client.crt). + required: false + aliases: [cert_file] + type: path + trust_password: + description: + - The client trusted password. + - 'You need to set this password on the LXD server before running this module using the following command: C(lxc config + set core.trust_password ) See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).' + - If O(trust_password) is set, this module send a request for authentication before sending any requests. + required: false + type: str notes: - - Projects must have a unique name. If you attempt to create a project - with a name that already existed in the users namespace the module will - simply return as "unchanged". -''' + - Projects must have a unique name. If you attempt to create a project with a name that already existed in the users namespace + the module will simply return as "unchanged". +""" -EXAMPLES = ''' +EXAMPLES = r""" # An example for creating a project - hosts: localhost connection: local @@ -132,9 +124,9 @@ EXAMPLES = ''' state: present config: {} description: my new project -''' +""" -RETURN = ''' +RETURN = r""" old_state: description: The old state of the project. returned: success @@ -184,7 +176,7 @@ actions: type: list elements: str sample: ["create"] -''' +""" from ansible_collections.community.general.plugins.module_utils.lxd import ( LXDClient, LXDClientException, default_key_file, default_cert_file diff --git a/plugins/modules/macports.py b/plugins/modules/macports.py index e81fb9142c..3f02eeb411 100644 --- a/plugins/modules/macports.py +++ b/plugins/modules/macports.py @@ -12,54 +12,54 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: macports author: "Jimmy Tang (@jcftang)" short_description: Package manager for MacPorts description: - - Manages MacPorts packages (ports) + - Manages MacPorts packages (ports). extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - name: - description: - - A list of port names. - aliases: ['port'] - type: list - elements: str - selfupdate: - description: - - Update Macports and the ports tree, either prior to installing ports or as a separate step. - - Equivalent to running C(port selfupdate). - aliases: ['update_cache', 'update_ports'] - default: false - type: bool - state: - description: - - Indicates the desired state of the port. - choices: [ 'present', 'absent', 'active', 'inactive', 'installed', 'removed'] - default: present - type: str - upgrade: - description: - - Upgrade all outdated ports, either prior to installing ports or as a separate step. - - Equivalent to running C(port upgrade outdated). - default: false - type: bool - variant: - description: - - A port variant specification. - - 'O(variant) is only supported with O(state=installed) and O(state=present).' - aliases: ['variants'] - type: str -''' -EXAMPLES = ''' + name: + description: + - A list of port names. + aliases: ['port'] + type: list + elements: str + selfupdate: + description: + - Update Macports and the ports tree, either prior to installing ports or as a separate step. + - Equivalent to running C(port selfupdate). + aliases: ['update_cache', 'update_ports'] + default: false + type: bool + state: + description: + - Indicates the desired state of the port. + choices: ['present', 'absent', 'active', 'inactive', 'installed', 'removed'] + default: present + type: str + upgrade: + description: + - Upgrade all outdated ports, either prior to installing ports or as a separate step. + - Equivalent to running C(port upgrade outdated). + default: false + type: bool + variant: + description: + - A port variant specification. + - O(variant) is only supported with O(state=installed) and O(state=present). + aliases: ['variants'] + type: str +""" + +EXAMPLES = r""" - name: Install the foo port community.general.macports: name: foo @@ -74,8 +74,8 @@ EXAMPLES = ''' name: "{{ ports }}" vars: ports: - - foo - - foo-tools + - foo + - foo-tools - name: Update Macports and the ports tree, then upgrade all outdated ports community.general.macports: @@ -101,7 +101,7 @@ EXAMPLES = ''' community.general.macports: name: foo state: inactive -''' +""" import re @@ -111,7 +111,7 @@ from ansible.module_utils.basic import AnsibleModule def selfupdate(module, port_path): """ Update Macports and the ports tree. """ - rc, out, err = module.run_command("%s -v selfupdate" % port_path) + rc, out, err = module.run_command([port_path, "-v", "selfupdate"]) if rc == 0: updated = any( @@ -135,7 +135,7 @@ def selfupdate(module, port_path): def upgrade(module, port_path): """ Upgrade outdated ports. """ - rc, out, err = module.run_command("%s upgrade outdated" % port_path) + rc, out, err = module.run_command([port_path, "upgrade", "outdated"]) # rc is 1 when nothing to upgrade so check stdout first. if out.strip() == "Nothing to upgrade.": @@ -182,7 +182,7 @@ def remove_ports(module, port_path, ports, stdout, stderr): if not query_port(module, port_path, port): continue - rc, out, err = module.run_command("%s uninstall %s" % (port_path, port)) + rc, out, err = module.run_command([port_path, "uninstall", port]) stdout += out stderr += err if query_port(module, port_path, port): @@ -206,7 +206,7 @@ def install_ports(module, port_path, ports, variant, stdout, stderr): if query_port(module, port_path, port): continue - rc, out, err = module.run_command("%s install %s %s" % (port_path, port, variant)) + rc, out, err = module.run_command([port_path, "install", port, variant]) stdout += out stderr += err if not query_port(module, port_path, port): @@ -221,7 +221,7 @@ def install_ports(module, port_path, ports, variant, stdout, stderr): def activate_ports(module, port_path, ports, stdout, stderr): - """ Activate a port if it's inactive. """ + """ Activate a port if it is inactive. """ activate_c = 0 @@ -232,7 +232,7 @@ def activate_ports(module, port_path, ports, stdout, stderr): if query_port(module, port_path, port, state="active"): continue - rc, out, err = module.run_command("%s activate %s" % (port_path, port)) + rc, out, err = module.run_command([port_path, "activate", port]) stdout += out stderr += err @@ -248,7 +248,7 @@ def activate_ports(module, port_path, ports, stdout, stderr): def deactivate_ports(module, port_path, ports, stdout, stderr): - """ Deactivate a port if it's active. """ + """ Deactivate a port if it is active. """ deactivated_c = 0 @@ -259,7 +259,7 @@ def deactivate_ports(module, port_path, ports, stdout, stderr): if not query_port(module, port_path, port, state="active"): continue - rc, out, err = module.run_command("%s deactivate %s" % (port_path, port)) + rc, out, err = module.run_command([port_path, "deactivate", port]) stdout += out stderr += err if query_port(module, port_path, port, state="active"): diff --git a/plugins/modules/mail.py b/plugins/modules/mail.py index 1916c140c3..03192e5bf8 100644 --- a/plugins/modules/mail.py +++ b/plugins/modules/mail.py @@ -9,27 +9,21 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" author: -- Dag Wieers (@dagwieers) + - Dag Wieers (@dagwieers) module: mail short_description: Send an email description: -- This module is useful for sending emails from playbooks. -- One may wonder why automate sending emails? In complex environments - there are from time to time processes that cannot be automated, either - because you lack the authority to make it so, or because not everyone - agrees to a common approach. -- If you cannot automate a specific step, but the step is non-blocking, - sending out an email to the responsible party to make them perform their - part of the bargain is an elegant way to put the responsibility in - someone else's lap. -- Of course sending out a mail can be equally useful as a way to notify - one or more people in a team that a specific action has been - (successfully) taken. + - This module is useful for sending emails from playbooks. + - One may wonder why automate sending emails? In complex environments there are from time to time processes that cannot + be automated, either because you lack the authority to make it so, or because not everyone agrees to a common approach. + - If you cannot automate a specific step, but the step is non-blocking, sending out an email to the responsible party to + make them perform their part of the bargain is an elegant way to put the responsibility in someone else's lap. + - Of course sending out a mail can be equally useful as a way to notify one or more people in a team that a specific action + has been (successfully) taken. extends_documentation_fragment: -- community.general.attributes + - community.general.attributes attributes: check_mode: support: none @@ -38,106 +32,106 @@ attributes: options: sender: description: - - The email-address the mail is sent from. May contain address and phrase. + - The email-address the mail is sent from. May contain address and phrase. type: str default: root - aliases: [ from ] + aliases: [from] to: description: - - The email-address(es) the mail is being sent to. - - This is a list, which may contain address and phrase portions. + - The email-address(es) the mail is being sent to. + - This is a list, which may contain address and phrase portions. type: list elements: str default: root - aliases: [ recipients ] + aliases: [recipients] cc: description: - - The email-address(es) the mail is being copied to. - - This is a list, which may contain address and phrase portions. + - The email-address(es) the mail is being copied to. + - This is a list, which may contain address and phrase portions. type: list elements: str default: [] bcc: description: - - The email-address(es) the mail is being 'blind' copied to. - - This is a list, which may contain address and phrase portions. + - The email-address(es) the mail is being 'blind' copied to. + - This is a list, which may contain address and phrase portions. type: list elements: str default: [] subject: description: - - The subject of the email being sent. + - The subject of the email being sent. required: true type: str - aliases: [ msg ] + aliases: [msg] body: description: - - The body of the email being sent. + - The body of the email being sent. type: str username: description: - - If SMTP requires username. + - If SMTP requires username. type: str password: description: - - If SMTP requires password. + - If SMTP requires password. type: str host: description: - - The mail server. + - The mail server. type: str default: localhost port: description: - - The mail server port. - - This must be a valid integer between 1 and 65534 + - The mail server port. + - This must be a valid integer between V(1) and V(65534). type: int default: 25 attach: description: - - A list of pathnames of files to attach to the message. - - Attached files will have their content-type set to C(application/octet-stream). + - A list of pathnames of files to attach to the message. + - Attached files will have their content-type set to C(application/octet-stream). type: list elements: path default: [] headers: description: - - A list of headers which should be added to the message. - - Each individual header is specified as C(header=value) (see example below). + - A list of headers which should be added to the message. + - Each individual header is specified as V(header=value) (see example below). type: list elements: str default: [] charset: description: - - The character set of email being sent. + - The character set of email being sent. type: str default: utf-8 subtype: description: - - The minor mime type, can be either V(plain) or V(html). - - The major type is always V(text). + - The minor mime type, can be either V(plain) or V(html). + - The major type is always V(text). type: str - choices: [ html, plain ] + choices: [html, plain] default: plain secure: description: - - If V(always), the connection will only send email if the connection is Encrypted. - If the server doesn't accept the encrypted connection it will fail. - - If V(try), the connection will attempt to setup a secure SSL/TLS session, before trying to send. - - If V(never), the connection will not attempt to setup a secure SSL/TLS session, before sending - - If V(starttls), the connection will try to upgrade to a secure SSL/TLS connection, before sending. - If it is unable to do so it will fail. + - If V(always), the connection will only send email if the connection is Encrypted. If the server does not accept the + encrypted connection it will fail. + - If V(try), the connection will attempt to setup a secure SSL/TLS session, before trying to send. + - If V(never), the connection will not attempt to setup a secure SSL/TLS session, before sending. + - If V(starttls), the connection will try to upgrade to a secure SSL/TLS connection, before sending. If it is unable + to do so it will fail. type: str - choices: [ always, never, starttls, try ] + choices: [always, never, starttls, try] default: try timeout: description: - - Sets the timeout in seconds for connection attempts. + - Sets the timeout in seconds for connection attempts. type: int default: 20 ehlohost: description: - - Allows for manual specification of host for EHLO. + - Allows for manual specification of host for EHLO. type: str version_added: 3.8.0 message_id_domain: @@ -147,9 +141,9 @@ options: type: str default: ansible version_added: 8.2.0 -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Example playbook sending mail to root community.general.mail: subject: System {{ ansible_hostname }} has been successfully provisioned. @@ -174,15 +168,15 @@ EXAMPLES = r''' body: Hello, this is an e-mail. I hope you like it ;-) from: jane@example.net (Jane Jolie) to: - - John Doe - - Suzie Something + - John Doe + - Suzie Something cc: Charlie Root attach: - - /etc/group - - /tmp/avatar2.png + - /etc/group + - /tmp/avatar2.png headers: - - Reply-To=john@example.com - - X-Special="Something or other" + - Reply-To=john@example.com + - X-Special="Something or other" charset: us-ascii delegate_to: localhost @@ -222,7 +216,7 @@ EXAMPLES = r''' subject: Ansible-report body: System {{ ansible_hostname }} has been successfully provisioned. secure: starttls -''' +""" import os import smtplib diff --git a/plugins/modules/make.py b/plugins/modules/make.py index 39392afca6..a574560f7f 100644 --- a/plugins/modules/make.py +++ b/plugins/modules/make.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: make short_description: Run targets in a Makefile requirements: @@ -65,9 +64,9 @@ options: type: list elements: str version_added: 7.2.0 -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Build the default target community.general.make: chdir: /home/ubuntu/cool-project @@ -103,9 +102,9 @@ EXAMPLES = r''' # The following adds TARGET=arm64 TARGET_ARCH=aarch64 to the command line: TARGET: arm64 TARGET_ARCH: aarch64 -''' +""" -RETURN = r''' +RETURN = r""" chdir: description: - The value of the module parameter O(chdir). @@ -143,7 +142,7 @@ targets: type: str returned: success version_added: 7.2.0 -''' +""" from ansible.module_utils.six import iteritems from ansible.module_utils.six.moves import shlex_quote diff --git a/plugins/modules/manageiq_alert_profiles.py b/plugins/modules/manageiq_alert_profiles.py index eb6424bcdd..fff9552a6c 100644 --- a/plugins/modules/manageiq_alert_profiles.py +++ b/plugins/modules/manageiq_alert_profiles.py @@ -8,8 +8,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_alert_profiles short_description: Configuration of alert profiles for ManageIQ @@ -20,7 +19,6 @@ extends_documentation_fragment: author: Elad Alfassa (@elad661) description: - The manageiq_alert_profiles module supports adding, updating and deleting alert profiles in ManageIQ. - attributes: check_mode: support: none @@ -31,35 +29,33 @@ options: state: type: str description: - - absent - alert profile should not exist, - - present - alert profile should exist, + - V(absent) - alert profile should not exist, + - V(present) - alert profile should exist. choices: ['absent', 'present'] default: 'present' name: type: str description: - The unique alert profile name in ManageIQ. - - Required when state is "absent" or "present". + required: true resource_type: type: str description: - - The resource type for the alert profile in ManageIQ. Required when state is "present". - choices: ['Vm', 'ContainerNode', 'MiqServer', 'Host', 'Storage', 'EmsCluster', - 'ExtManagementSystem', 'MiddlewareServer'] + - The resource type for the alert profile in ManageIQ. Required when O(state=present). + choices: ['Vm', 'ContainerNode', 'MiqServer', 'Host', 'Storage', 'EmsCluster', 'ExtManagementSystem', 'MiddlewareServer'] alerts: type: list elements: str description: - List of alert descriptions to assign to this profile. - - Required if state is "present" + - Required if O(state=present). notes: type: str description: - - Optional notes for this profile + - Optional notes for this profile. +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Add an alert profile to ManageIQ community.general.manageiq_alert_profiles: state: present @@ -72,7 +68,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Delete an alert profile from ManageIQ community.general.manageiq_alert_profiles: @@ -82,11 +78,11 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! -''' + validate_certs: false # only do this when you trust the network! +""" -RETURN = ''' -''' +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec @@ -118,8 +114,7 @@ class ManageIQAlertProfiles(object): """ alerts = [] for alert_description in alert_descriptions: - alert = self.manageiq.find_collection_resource_or_fail("alert_definitions", - description=alert_description) + alert = self.manageiq.find_collection_resource_or_fail("alert_definitions", description=alert_description) alerts.append(alert['href']) return alerts @@ -257,7 +252,7 @@ class ManageIQAlertProfiles(object): def main(): argument_spec = dict( - name=dict(type='str'), + name=dict(type='str', required=True), resource_type=dict(type='str', choices=['Vm', 'ContainerNode', 'MiqServer', @@ -274,8 +269,7 @@ def main(): argument_spec.update(manageiq_argument_spec()) module = AnsibleModule(argument_spec=argument_spec, - required_if=[('state', 'present', ['name', 'resource_type']), - ('state', 'absent', ['name'])]) + required_if=[('state', 'present', ['resource_type', 'alerts'])]) state = module.params['state'] name = module.params['name'] @@ -283,8 +277,7 @@ def main(): manageiq = ManageIQ(module) manageiq_alert_profiles = ManageIQAlertProfiles(manageiq) - existing_profile = manageiq.find_collection_resource_by("alert_definition_profiles", - name=name) + existing_profile = manageiq.find_collection_resource_by("alert_definition_profiles", name=name) # we need to add or update the alert profile if state == "present": diff --git a/plugins/modules/manageiq_alerts.py b/plugins/modules/manageiq_alerts.py index 53f40fb00c..87fafcf10b 100644 --- a/plugins/modules/manageiq_alerts.py +++ b/plugins/modules/manageiq_alerts.py @@ -8,8 +8,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_alerts short_description: Configuration of alerts in ManageIQ @@ -20,7 +19,6 @@ extends_documentation_fragment: author: Elad Alfassa (@elad661) description: - The manageiq_alerts module supports adding, updating and deleting alerts in ManageIQ. - attributes: check_mode: support: none @@ -31,8 +29,8 @@ options: state: type: str description: - - absent - alert should not exist, - - present - alert should exist, + - V(absent) - alert should not exist, + - V(present) - alert should exist. required: false choices: ['absent', 'present'] default: 'present' @@ -44,9 +42,8 @@ options: resource_type: type: str description: - - The entity type for the alert in ManageIQ. Required when state is "present". - choices: ['Vm', 'ContainerNode', 'MiqServer', 'Host', 'Storage', 'EmsCluster', - 'ExtManagementSystem', 'MiddlewareServer'] + - The entity type for the alert in ManageIQ. Required when O(state=present). + choices: ['Vm', 'ContainerNode', 'MiqServer', 'Host', 'Storage', 'EmsCluster', 'ExtManagementSystem', 'MiddlewareServer'] expression_type: type: str description: @@ -58,20 +55,18 @@ options: description: - The alert expression for ManageIQ. - Can either be in the "Miq Expression" format or the "Hash Expression format". - - Required if state is "present". + - Required if O(state=present). enabled: description: - - Enable or disable the alert. Required if state is "present". + - Enable or disable the alert. Required if O(state=present). type: bool options: type: dict description: - - Additional alert options, such as notification type and frequency + - Additional alert options, such as notification type and frequency. +""" - -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Add an alert with a "hash expression" to ManageIQ community.general.manageiq_alerts: state: present @@ -83,15 +78,15 @@ EXAMPLES = ''' from: "example@example.com" resource_type: ContainerNode expression: - eval_method: hostd_log_threshold - mode: internal - options: {} + eval_method: hostd_log_threshold + mode: internal + options: {} enabled: true manageiq_connection: url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Add an alert with a "miq expression" to ManageIQ community.general.manageiq_alerts: @@ -105,20 +100,20 @@ EXAMPLES = ''' resource_type: Vm expression_type: miq expression: - and: - - CONTAINS: - tag: Vm.managed-environment - value: prod - - not: - CONTAINS: - tag: Vm.host.managed-environment - value: prod + and: + - CONTAINS: + tag: Vm.managed-environment + value: prod + - not: + CONTAINS: + tag: Vm.host.managed-environment + value: prod enabled: true manageiq_connection: url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Delete an alert from ManageIQ community.general.manageiq_alerts: @@ -128,11 +123,11 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! -''' + validate_certs: false # only do this when you trust the network! +""" -RETURN = ''' -''' +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec @@ -156,7 +151,7 @@ class ManageIQAlert(object): self.miq_expression = alert['miq_expression'] if 'exp' in self.miq_expression: # miq_expression is a field that needs a special case, because - # it's returned surrounded by a dict named exp even though we don't + # it is returned surrounded by a dict named exp even though we don't # send it with that dict. self.miq_expression = self.miq_expression['exp'] diff --git a/plugins/modules/manageiq_group.py b/plugins/modules/manageiq_group.py index e060b9a01a..9781ebfc98 100644 --- a/plugins/modules/manageiq_group.py +++ b/plugins/modules/manageiq_group.py @@ -8,8 +8,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_group short_description: Management of groups in ManageIQ @@ -33,70 +32,69 @@ options: state: type: str description: - - absent - group should not exist, present - group should be. + - V(absent) - group should not exist, + - V(present) - group should exist. choices: ['absent', 'present'] default: 'present' description: type: str description: - - The group description. + - The group description. required: true - default: null role_id: type: int description: - - The the group role id + - The the group role ID. required: false - default: null role: type: str description: - - The the group role name - - The O(role_id) has precedence over the O(role) when supplied. + - The the group role name. + - The O(role_id) has precedence over the O(role) when supplied. required: false - default: null + default: tenant_id: type: int description: - - The tenant for the group identified by the tenant id. + - The tenant for the group identified by the tenant ID. required: false - default: null + default: tenant: type: str description: - - The tenant for the group identified by the tenant name. - - The O(tenant_id) has precedence over the O(tenant) when supplied. - - Tenant names are case sensitive. + - The tenant for the group identified by the tenant name. + - The O(tenant_id) has precedence over the O(tenant) when supplied. + - Tenant names are case sensitive. required: false - default: null + default: managed_filters: - description: The tag values per category + description: The tag values per category. type: dict required: false - default: null + default: managed_filters_merge_mode: type: str description: - - In merge mode existing categories are kept or updated, new categories are added. - - In replace mode all categories will be replaced with the supplied O(managed_filters). - choices: [ merge, replace ] + - In merge mode existing categories are kept or updated, new categories are added. + - In replace mode all categories will be replaced with the supplied O(managed_filters). + choices: [merge, replace] default: replace belongsto_filters: - description: A list of strings with a reference to the allowed host, cluster or folder + description: A list of strings with a reference to the allowed host, cluster or folder. type: list elements: str required: false - default: null + default: belongsto_filters_merge_mode: type: str description: - - In merge mode existing settings are merged with the supplied O(belongsto_filters). - - In replace mode current values are replaced with the supplied O(belongsto_filters). - choices: [ merge, replace ] + - In merge mode existing settings are merged with the supplied O(belongsto_filters). + - In replace mode current values are replaced with the supplied O(belongsto_filters). + choices: [merge, replace] default: replace -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a group in ManageIQ with the role EvmRole-user and tenant 'my_tenant' community.general.manageiq_group: description: 'MyGroup-user' @@ -106,7 +104,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Create a group in ManageIQ with the role EvmRole-user and tenant with tenant_id 4 community.general.manageiq_group: @@ -117,33 +115,33 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: - - Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant. - - Apply 3 prov_max_cpu and 2 department tags to the group. - - Limit access to a cluster for the group. + - Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant. + - Apply 3 prov_max_cpu and 2 department tags to the group. + - Limit access to a cluster for the group. community.general.manageiq_group: description: 'MyGroup-user' role: 'EvmRole-user' tenant: my_tenant managed_filters: prov_max_cpu: - - '1' - - '2' - - '4' + - '1' + - '2' + - '4' department: - - defense - - engineering + - defense + - engineering managed_filters_merge_mode: replace belongsto_filters: - - "/belongsto/ExtManagementSystem|ProviderName/EmsFolder|Datacenters/EmsFolder|dc_name/EmsFolder|host/EmsCluster|Cluster name" + - "/belongsto/ExtManagementSystem|ProviderName/EmsFolder|Datacenters/EmsFolder|dc_name/EmsFolder|host/EmsCluster|Cluster name" belongsto_filters_merge_mode: merge manageiq_connection: url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Delete a group in ManageIQ community.general.manageiq_group: @@ -161,53 +159,53 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' -''' +""" -RETURN = ''' +RETURN = r""" group: description: The group. returned: success type: complex contains: description: - description: The group description + description: The group description. returned: success type: str id: - description: The group id + description: The group ID. returned: success type: int group_type: - description: The group type, system or user + description: The group type, system or user. returned: success type: str role: - description: The group role name + description: The group role name. returned: success type: str tenant: - description: The group tenant name + description: The group tenant name. returned: success type: str managed_filters: - description: The tag values per category + description: The tag values per category. returned: success type: dict belongsto_filters: - description: A list of strings with a reference to the allowed host, cluster or folder + description: A list of strings with a reference to the allowed host, cluster or folder. returned: success type: list created_on: - description: Group creation date + description: Group creation date. returned: success type: str sample: "2018-08-12T08:37:55+00:00" updated_on: - description: Group update date + description: Group update date. returned: success type: int sample: "2018-08-12T08:37:55+00:00" -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec diff --git a/plugins/modules/manageiq_policies.py b/plugins/modules/manageiq_policies.py index f2101ad28b..6e2ac36a38 100644 --- a/plugins/modules/manageiq_policies.py +++ b/plugins/modules/manageiq_policies.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_policies short_description: Management of resource policy_profiles in ManageIQ @@ -21,7 +20,6 @@ extends_documentation_fragment: author: Daniel Korn (@dkorn) description: - The manageiq_policies module supports adding and deleting policy_profiles in ManageIQ. - attributes: check_mode: support: none @@ -33,7 +31,7 @@ options: type: str description: - V(absent) - policy_profiles should not exist, - - V(present) - policy_profiles should exist, + - V(present) - policy_profiles should exist. choices: ['absent', 'present'] default: 'present' policy_profiles: @@ -47,9 +45,8 @@ options: description: - The type of the resource to which the profile should be [un]assigned. required: true - choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', - 'data store', 'group', 'resource pool', 'service', 'service template', - 'template', 'tenant', 'user'] + choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', 'data store', 'group', 'resource pool', 'service', + 'service template', 'template', 'tenant', 'user'] resource_name: type: str description: @@ -61,9 +58,9 @@ options: - The ID of the resource to which the profile should be [un]assigned. - Must be specified if O(resource_name) is not set. Both options are mutually exclusive. version_added: 2.2.0 -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Assign new policy_profile for a provider in ManageIQ community.general.manageiq_policies: resource_name: 'EngLab' @@ -74,7 +71,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Unassign a policy_profile for a provider in ManageIQ community.general.manageiq_policies: @@ -87,16 +84,16 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! -''' + validate_certs: false # only do this when you trust the network! +""" -RETURN = ''' +RETURN = r""" manageiq_policies: description: - - List current policy_profile and policies for a provider in ManageIQ + - List current policy_profile and policies for a provider in ManageIQ. returned: always type: dict - sample: '{ + sample: { "changed": false, "profiles": [ { @@ -121,8 +118,8 @@ manageiq_policies: "profile_name": "openscap profile" } ] - }' -''' + } +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec, manageiq_entities diff --git a/plugins/modules/manageiq_policies_info.py b/plugins/modules/manageiq_policies_info.py index fda7dcadfe..4ef51515a6 100644 --- a/plugins/modules/manageiq_policies_info.py +++ b/plugins/modules/manageiq_policies_info.py @@ -10,8 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_policies_info version_added: 5.8.0 @@ -24,16 +23,14 @@ extends_documentation_fragment: author: Alexei Znamensky (@russoz) description: - The manageiq_policies module supports listing policy_profiles in ManageIQ. - options: resource_type: type: str description: - The type of the resource to obtain the profile for. required: true - choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', - 'data store', 'group', 'resource pool', 'service', 'service template', - 'template', 'tenant', 'user'] + choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', 'data store', 'group', 'resource pool', 'service', + 'service template', 'template', 'tenant', 'user'] resource_name: type: str description: @@ -44,9 +41,9 @@ options: description: - The ID of the resource to obtain the profile for. - Must be specified if O(resource_name) is not set. Both options are mutually exclusive. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: List current policy_profile and policies for a provider in ManageIQ community.general.manageiq_policies_info: resource_name: 'EngLab' @@ -56,9 +53,9 @@ EXAMPLES = ''' username: 'admin' password: 'smartvm' register: result -''' +""" -RETURN = ''' +RETURN = r""" profiles: description: - List current policy_profile and policies for a provider in ManageIQ. @@ -78,7 +75,7 @@ profiles: name: schedule compliance after smart state analysis profile_description: OpenSCAP profile profile_name: openscap profile -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec, manageiq_entities diff --git a/plugins/modules/manageiq_provider.py b/plugins/modules/manageiq_provider.py index e6ded9ea7a..98677c7beb 100644 --- a/plugins/modules/manageiq_provider.py +++ b/plugins/modules/manageiq_provider.py @@ -9,7 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: manageiq_provider short_description: Management of provider in ManageIQ extends_documentation_fragment: @@ -19,7 +19,6 @@ extends_documentation_fragment: author: Daniel Korn (@dkorn) description: - The manageiq_provider module supports adding, updating, and deleting provider in ManageIQ. - attributes: check_mode: support: none @@ -30,7 +29,9 @@ options: state: type: str description: - - absent - provider should not exist, present - provider should be present, refresh - provider will be refreshed + - V(absent) - provider should not exist, + - V(present) - provider should be present, + - V(refresh) - provider will be refreshed. choices: ['absent', 'present', 'refresh'] default: 'present' name: @@ -47,30 +48,30 @@ options: default: 'default' provider_region: type: str - description: The provider region name to connect to (e.g. AWS region for Amazon). + description: The provider region name to connect to (for example AWS region for Amazon). host_default_vnc_port_start: type: str - description: The first port in the host VNC range. defaults to None. + description: The first port in the host VNC range. host_default_vnc_port_end: type: str - description: The last port in the host VNC range. defaults to None. + description: The last port in the host VNC range. subscription: type: str - description: Microsoft Azure subscription ID. defaults to None. + description: Microsoft Azure subscription ID. project: type: str - description: Google Compute Engine Project ID. defaults to None. + description: Google Compute Engine Project ID. azure_tenant_id: type: str description: Tenant ID. defaults to None. - aliases: [ keystone_v3_domain_id ] + aliases: [keystone_v3_domain_id] tenant_mapping_enabled: type: bool default: false - description: Whether to enable mapping of existing tenants. defaults to False. + description: Whether to enable mapping of existing tenants. api_version: type: str - description: The OpenStack Keystone API version. defaults to None. + description: The OpenStack Keystone API version. choices: ['v2', 'v3'] provider: @@ -79,32 +80,32 @@ options: suboptions: hostname: type: str - description: The provider's api hostname. + description: The provider's API hostname. required: true port: type: int - description: The provider's api port. + description: The provider's API port. userid: type: str - description: Provider's api endpoint authentication userid. defaults to None. + description: Provider's API endpoint authentication userid. password: type: str - description: Provider's api endpoint authentication password. defaults to None. + description: Provider's API endpoint authentication password. auth_key: type: str - description: Provider's api endpoint authentication bearer token. defaults to None. + description: Provider's API endpoint authentication bearer token. validate_certs: - description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True. + description: Whether SSL certificates should be verified for HTTPS requests (deprecated). type: bool default: true - aliases: [ verify_ssl ] + aliases: [verify_ssl] security_protocol: type: str - description: How SSL certificates should be used for HTTPS requests. defaults to None. - choices: ['ssl-with-validation','ssl-with-validation-custom-ca','ssl-without-validation','non-ssl'] + description: How SSL certificates should be used for HTTPS requests. + choices: ['ssl-with-validation', 'ssl-with-validation-custom-ca', 'ssl-without-validation', 'non-ssl'] certificate_authority: type: str - description: The CA bundle string with custom certificates. defaults to None. + description: The CA bundle string with custom certificates. path: type: str description: @@ -125,39 +126,38 @@ options: type: str description: - TODO needs documentation. - metrics: description: Metrics endpoint connection information. type: dict suboptions: hostname: type: str - description: The provider's api hostname. + description: The provider's API hostname. required: true port: type: int - description: The provider's api port. + description: The provider's API port. userid: type: str - description: Provider's api endpoint authentication userid. defaults to None. + description: Provider's API endpoint authentication userid. password: type: str - description: Provider's api endpoint authentication password. defaults to None. + description: Provider's API endpoint authentication password. auth_key: type: str - description: Provider's api endpoint authentication bearer token. defaults to None. + description: Provider's API endpoint authentication bearer token. validate_certs: - description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True. + description: Whether SSL certificates should be verified for HTTPS requests (deprecated). type: bool default: true - aliases: [ verify_ssl ] + aliases: [verify_ssl] security_protocol: type: str - choices: ['ssl-with-validation','ssl-with-validation-custom-ca','ssl-without-validation','non-ssl'] - description: How SSL certificates should be used for HTTPS requests. defaults to None. + choices: ['ssl-with-validation', 'ssl-with-validation-custom-ca', 'ssl-without-validation', 'non-ssl'] + description: How SSL certificates should be used for HTTPS requests. certificate_authority: type: str - description: The CA bundle string with custom certificates. defaults to None. + description: The CA bundle string with custom certificates. path: type: str description: Database name for oVirt metrics. Defaults to V(ovirt_engine_history). @@ -177,35 +177,34 @@ options: type: str description: - TODO needs documentation. - alerts: description: Alerts endpoint connection information. type: dict suboptions: hostname: type: str - description: The provider's api hostname. + description: The provider's API hostname. required: true port: type: int - description: The provider's api port. + description: The provider's API port. userid: type: str - description: Provider's api endpoint authentication userid. defaults to None. + description: Provider's API endpoint authentication userid. defaults to None. password: type: str - description: Provider's api endpoint authentication password. defaults to None. + description: Provider's API endpoint authentication password. defaults to None. auth_key: type: str - description: Provider's api endpoint authentication bearer token. defaults to None. + description: Provider's API endpoint authentication bearer token. defaults to None. validate_certs: type: bool description: Whether SSL certificates should be verified for HTTPS requests (deprecated). defaults to True. default: true - aliases: [ verify_ssl ] + aliases: [verify_ssl] security_protocol: type: str - choices: ['ssl-with-validation','ssl-with-validation-custom-ca','ssl-without-validation', 'non-ssl'] + choices: ['ssl-with-validation', 'ssl-with-validation-custom-ca', 'ssl-without-validation', 'non-ssl'] description: How SSL certificates should be used for HTTPS requests. defaults to None. certificate_authority: type: str @@ -230,7 +229,6 @@ options: type: str description: - TODO needs documentation. - ssh_keypair: description: SSH key pair used for SSH connections to all hosts in this provider. type: dict @@ -250,10 +248,10 @@ options: - Whether certificates should be verified for connections. type: bool default: true - aliases: [ verify_ssl ] + aliases: [verify_ssl] security_protocol: type: str - choices: ['ssl-with-validation','ssl-with-validation-custom-ca','ssl-without-validation', 'non-ssl'] + choices: ['ssl-with-validation', 'ssl-with-validation-custom-ca', 'ssl-without-validation', 'non-ssl'] description: - TODO needs documentation. certificate_authority: @@ -288,9 +286,9 @@ options: type: int description: - TODO needs documentation. -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a new provider in ManageIQ ('Hawkular' metrics) community.general.manageiq_provider: name: 'EngLab' @@ -304,22 +302,7 @@ EXAMPLES = ''' security_protocol: 'ssl-with-validation-custom-ca' certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- metrics: auth_key: 'topSecret' @@ -330,22 +313,7 @@ EXAMPLES = ''' security_protocol: 'ssl-with-validation-custom-ca' certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- manageiq_connection: url: 'https://127.0.0.1:80' @@ -367,22 +335,7 @@ EXAMPLES = ''' security_protocol: 'ssl-with-validation-custom-ca' certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- metrics: auth_key: 'topSecret' @@ -392,22 +345,7 @@ EXAMPLES = ''' security_protocol: 'ssl-with-validation-custom-ca' certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- manageiq_connection: url: 'https://127.0.0.1' @@ -455,22 +393,7 @@ EXAMPLES = ''' validate_certs: true certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- metrics: hostname: 'metrics.example.com' @@ -480,22 +403,7 @@ EXAMPLES = ''' validate_certs: true certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- manageiq_connection: url: 'https://127.0.0.1' @@ -551,22 +459,7 @@ EXAMPLES = ''' validate_certs: 'true' certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- ssh_keypair: hostname: director.example.com @@ -590,22 +483,7 @@ EXAMPLES = ''' validate_certs: 'true' certificate_authority: | -----BEGIN CERTIFICATE----- - FAKECERTsdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu - c2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkwHhcNMTcwODIxMTI1NTE5WhcNMjIwODIw - MTI1NTIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDMzMjAxMTkw - ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUDnL2tQ2xf/zO7F7hmZ4S - ZuwKENdI4IYuWSxye4i3hPhKg6eKPzGzmDNWkIMDOrDAj1EgVSNPtPwsOL8OWvJm - AaTjr070D7ZGWWnrrDrWEClBx9Rx/6JAM38RT8Pu7c1hXBm0J81KufSLLYiZ/gOw - Znks5v5RUSGcAXvLkBJeATbsbh6fKX0RgQ3fFTvqQaE/r8LxcTN1uehPX1g5AaRa - z/SNDHaFtQlE3XcqAAukyMn4N5kdNcuwF3GlQ+tJnJv8SstPkfQcZbTMUQ7I2KpJ - ajXnMxmBhV5fCN4rb0QUNCrk2/B+EUMBY4MnxIakqNxnN1kvgI7FBbFgrHUe6QvJ - AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG - SIb3DQEBCwUAA4IBAQAYRV57LUsqznSLZHA77o9+0fQetIE115DYP7wea42PODJI - QJ+JETEfoCr0+YOMAbVmznP9GH5cMTKEWHExcIpbMBU7nMZp6A3htcJgF2fgPzOA - aTUtzkuVCSrV//mbbYVxoFOc6sR3Br0wBs5+5iz3dBSt7xmgpMzZvqsQl655i051 - gGSTIY3z5EJmBZBjwuTjal9mMoPGA4eoTPqlITJDHQ2bdCV2oDbc7zqupGrUfZFA - qzgieEyGzdCSRwjr1/PibA3bpwHyhD9CGD0PRVVTLhw6h6L5kuN1jA20OfzWxf/o - XUsdmRaWiF+l4s6Dcd56SuRp5SGNa2+vP9Of/FX5 + FAKECERTsdKgAwI... -----END CERTIFICATE----- metrics: role: amqp @@ -627,10 +505,10 @@ EXAMPLES = ''' hostname: 'gce.example.com' auth_key: 'google_json_key' validate_certs: 'false' -''' +""" -RETURN = ''' -''' +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec @@ -715,7 +593,7 @@ def delete_nulls(h): if isinstance(h, list): return [delete_nulls(i) for i in h] if isinstance(h, dict): - return dict((k, delete_nulls(v)) for k, v in h.items() if v is not None) + return {k: delete_nulls(v) for k, v in h.items() if v is not None} return h diff --git a/plugins/modules/manageiq_tags.py b/plugins/modules/manageiq_tags.py index 3ab5eca4f8..f4136d1732 100644 --- a/plugins/modules/manageiq_tags.py +++ b/plugins/modules/manageiq_tags.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_tags short_description: Management of resource tags in ManageIQ @@ -21,7 +20,6 @@ extends_documentation_fragment: author: Daniel Korn (@dkorn) description: - The manageiq_tags module supports adding, updating and deleting tags in ManageIQ. - attributes: check_mode: support: none @@ -32,7 +30,7 @@ options: state: type: str description: - - V(absent) - tags should not exist. + - V(absent) - tags should not exist, - V(present) - tags should exist. choices: ['absent', 'present'] default: 'present' @@ -47,9 +45,8 @@ options: description: - The relevant resource type in manageiq. required: true - choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', - 'data store', 'group', 'resource pool', 'service', 'service template', - 'template', 'tenant', 'user'] + choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', 'data store', 'group', 'resource pool', 'service', + 'service template', 'template', 'tenant', 'user'] resource_name: type: str description: @@ -61,38 +58,38 @@ options: - Must be specified if O(resource_name) is not set. Both options are mutually exclusive. type: int version_added: 2.2.0 -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create new tags for a provider in ManageIQ. community.general.manageiq_tags: resource_name: 'EngLab' resource_type: 'provider' tags: - - category: environment - name: prod - - category: owner - name: prod_ops + - category: environment + name: prod + - category: owner + name: prod_ops manageiq_connection: url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when connecting to localhost! + validate_certs: false # only do this when connecting to localhost! - name: Create new tags for a provider in ManageIQ. community.general.manageiq_tags: resource_id: 23000000790497 resource_type: 'provider' tags: - - category: environment - name: prod - - category: owner - name: prod_ops + - category: environment + name: prod + - category: owner + name: prod_ops manageiq_connection: url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when connecting to localhost! + validate_certs: false # only do this when connecting to localhost! - name: Remove tags for a provider in ManageIQ. community.general.manageiq_tags: @@ -100,19 +97,19 @@ EXAMPLES = ''' resource_name: 'EngLab' resource_type: 'provider' tags: - - category: environment - name: prod - - category: owner - name: prod_ops + - category: environment + name: prod + - category: owner + name: prod_ops manageiq_connection: url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when connecting to localhost! -''' + validate_certs: false # only do this when connecting to localhost! +""" -RETURN = ''' -''' +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ( diff --git a/plugins/modules/manageiq_tags_info.py b/plugins/modules/manageiq_tags_info.py index 75e111540b..a39f4b84d3 100644 --- a/plugins/modules/manageiq_tags_info.py +++ b/plugins/modules/manageiq_tags_info.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_tags_info version_added: 5.8.0 short_description: Retrieve resource tags in ManageIQ @@ -22,16 +21,14 @@ extends_documentation_fragment: author: Alexei Znamensky (@russoz) description: - This module supports retrieving resource tags from ManageIQ. - options: resource_type: type: str description: - The relevant resource type in ManageIQ. required: true - choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', - 'data store', 'group', 'resource pool', 'service', 'service template', - 'template', 'tenant', 'user'] + choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster', 'data store', 'group', 'resource pool', 'service', + 'service template', 'template', 'tenant', 'user'] resource_name: type: str description: @@ -42,9 +39,9 @@ options: - The ID of the resource at which tags will be controlled. - Must be specified if O(resource_name) is not set. Both options are mutually exclusive. type: int -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: List current tags for a provider in ManageIQ. community.general.manageiq_tags_info: resource_name: 'EngLab' @@ -54,15 +51,15 @@ EXAMPLES = ''' username: 'admin' password: 'smartvm' register: result -''' +""" -RETURN = ''' +RETURN = r""" tags: description: List of tags associated with the resource. returned: on success type: list elements: dict -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ( diff --git a/plugins/modules/manageiq_tenant.py b/plugins/modules/manageiq_tenant.py index a5a56191e7..deb2fc452d 100644 --- a/plugins/modules/manageiq_tenant.py +++ b/plugins/modules/manageiq_tenant.py @@ -8,8 +8,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_tenant short_description: Management of tenants in ManageIQ @@ -31,7 +30,8 @@ options: state: type: str description: - - absent - tenant should not exist, present - tenant should be. + - V(absent) - tenant should not exist, + - V(present) - tenant should be. choices: ['absent', 'present'] default: 'present' name: @@ -39,42 +39,42 @@ options: description: - The tenant name. required: true - default: null + default: description: type: str description: - - The tenant description. + - The tenant description. required: true - default: null + default: parent_id: type: int description: - - The id of the parent tenant. If not supplied the root tenant is used. - - The O(parent_id) takes president over O(parent) when supplied + - The ID of the parent tenant. If not supplied the root tenant is used. + - The O(parent_id) takes president over O(parent) when supplied. required: false - default: null + default: parent: type: str description: - - The name of the parent tenant. If not supplied and no O(parent_id) is supplied the root tenant is used. + - The name of the parent tenant. If not supplied and no O(parent_id) is supplied the root tenant is used. required: false - default: null + default: quotas: type: dict description: - - The tenant quotas. - - All parameters case sensitive. - - 'Valid attributes are:' - - ' - C(cpu_allocated) (int): use null to remove the quota.' - - ' - C(mem_allocated) (GB): use null to remove the quota.' - - ' - C(storage_allocated) (GB): use null to remove the quota.' - - ' - C(vms_allocated) (int): use null to remove the quota.' - - ' - C(templates_allocated) (int): use null to remove the quota.' + - The tenant quotas. + - All parameters case sensitive. + - 'Valid attributes are:' + - '- V(cpu_allocated) (int): use null to remove the quota.' + - '- V(mem_allocated) (GB): use null to remove the quota.' + - '- V(storage_allocated) (GB): use null to remove the quota.' + - '- V(vms_allocated) (int): use null to remove the quota.' + - '- V(templates_allocated) (int): use null to remove the quota.' required: false default: {} -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Update the root tenant in ManageIQ community.general.manageiq_tenant: name: 'My Company' @@ -83,7 +83,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Create a tenant in ManageIQ community.general.manageiq_tenant: @@ -94,7 +94,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Delete a tenant in ManageIQ community.general.manageiq_tenant: @@ -105,7 +105,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Set tenant quota for cpu_allocated, mem_allocated, remove quota for vms_allocated community.general.manageiq_tenant: @@ -114,12 +114,12 @@ EXAMPLES = ''' quotas: - cpu_allocated: 100 - mem_allocated: 50 - - vms_allocated: null + - vms_allocated: manageiq_connection: url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Delete a tenant in ManageIQ using a token @@ -130,39 +130,39 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false # only do this when you trust the network! -''' + validate_certs: false # only do this when you trust the network! +""" -RETURN = ''' +RETURN = r""" tenant: description: The tenant. returned: success type: complex contains: id: - description: The tenant id + description: The tenant ID. returned: success type: int name: - description: The tenant name + description: The tenant name. returned: success type: str description: - description: The tenant description + description: The tenant description. returned: success type: str parent_id: - description: The id of the parent tenant + description: The ID of the parent tenant. returned: success type: int quotas: - description: List of tenant quotas + description: List of tenant quotas. returned: success type: list sample: cpu_allocated: 100 mem_allocated: 50 -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec diff --git a/plugins/modules/manageiq_user.py b/plugins/modules/manageiq_user.py index 0d8a81984f..a4d5c21dfc 100644 --- a/plugins/modules/manageiq_user.py +++ b/plugins/modules/manageiq_user.py @@ -8,8 +8,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' - +DOCUMENTATION = r""" module: manageiq_user short_description: Management of users in ManageIQ @@ -20,7 +19,6 @@ extends_documentation_fragment: author: Daniel Korn (@dkorn) description: - The manageiq_user module supports adding, updating and deleting users in ManageIQ. - attributes: check_mode: support: none @@ -31,7 +29,8 @@ options: state: type: str description: - - absent - user should not exist, present - user should be. + - V(absent) - user should not exist, + - V(present) - user should be. choices: ['absent', 'present'] default: 'present' userid: @@ -60,10 +59,11 @@ options: default: always choices: ['always', 'on_create'] description: - - V(always) will update passwords unconditionally. V(on_create) will only set the password for a newly created user. -''' + - V(always) will update passwords unconditionally. + - V(on_create) will only set the password for a newly created user. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a new user in ManageIQ community.general.manageiq_user: userid: 'jdoe' @@ -75,7 +75,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Create a new user in ManageIQ using a token community.general.manageiq_user: @@ -87,7 +87,7 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Delete a user in ManageIQ community.general.manageiq_user: @@ -97,7 +97,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Delete a user in ManageIQ using a token community.general.manageiq_user: @@ -106,7 +106,7 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Update email of user in ManageIQ community.general.manageiq_user: @@ -116,7 +116,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false # only do this when you trust the network! + validate_certs: false # only do this when you trust the network! - name: Update email of user in ManageIQ using a token community.general.manageiq_user: @@ -125,11 +125,11 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false # only do this when you trust the network! -''' + validate_certs: false # only do this when you trust the network! +""" -RETURN = ''' -''' +RETURN = r""" +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec diff --git a/plugins/modules/mas.py b/plugins/modules/mas.py index 8bb80840ca..3659c97636 100644 --- a/plugins/modules/mas.py +++ b/plugins/modules/mas.py @@ -10,54 +10,54 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: mas short_description: Manage Mac App Store applications with mas-cli description: - - Installs, uninstalls and updates macOS applications from the Mac App Store using the C(mas-cli). + - Installs, uninstalls and updates macOS applications from the Mac App Store using the C(mas-cli). version_added: '0.2.0' author: - - Michael Heap (@mheap) - - Lukas Bestle (@lukasbestle) + - Michael Heap (@mheap) + - Lukas Bestle (@lukasbestle) extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - id: - description: - - The Mac App Store identifier of the app(s) you want to manage. - - This can be found by running C(mas search APP_NAME) on your machine. - type: list - elements: int - state: - description: - - Desired state of the app installation. - - The V(absent) value requires root permissions, also see the examples. - type: str - choices: - - absent - - latest - - present - default: present - upgrade_all: - description: - - Upgrade all installed Mac App Store apps. - type: bool - default: false - aliases: ["upgrade"] + id: + description: + - The Mac App Store identifier of the app(s) you want to manage. + - This can be found by running C(mas search APP_NAME) on your machine. + type: list + elements: int + state: + description: + - Desired state of the app installation. + - The V(absent) value requires root permissions, also see the examples. + type: str + choices: + - absent + - latest + - present + default: present + upgrade_all: + description: + - Upgrade all installed Mac App Store apps. + type: bool + default: false + aliases: ["upgrade"] requirements: - - macOS 10.11+ - - "mas-cli (U(https://github.com/mas-cli/mas)) 1.5.0+ available as C(mas) in the bin path" - - The Apple ID to use already needs to be signed in to the Mac App Store (check with C(mas account)). - - The feature of "checking if user is signed in" is disabled for anyone using macOS 12.0+. - - Users need to sign in via the Mac App Store GUI beforehand for anyone using macOS 12.0+ due to U(https://github.com/mas-cli/mas/issues/417). -''' + - macOS 10.11 or higher. + - "mas-cli (U(https://github.com/mas-cli/mas)) 1.5.0+ available as C(mas) in the bin path" + - The Apple ID to use already needs to be signed in to the Mac App Store (check with C(mas account)). + - The feature of "checking if user is signed in" is disabled for anyone using macOS 12.0+. + - Users need to sign in to the Mac App Store GUI beforehand for anyone using macOS 12.0+ due to U(https://github.com/mas-cli/mas/issues/417). +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Install Keynote community.general.mas: id: 409183694 @@ -99,9 +99,9 @@ EXAMPLES = ''' id: 413857545 state: absent become: true # Uninstallation requires root permissions -''' +""" -RETURN = r''' # ''' +RETURN = r""" # """ from ansible.module_utils.basic import AnsibleModule import os diff --git a/plugins/modules/matrix.py b/plugins/modules/matrix.py index 0b419c8d93..186c57dd31 100644 --- a/plugins/modules/matrix.py +++ b/plugins/modules/matrix.py @@ -8,58 +8,57 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" author: "Jan Christian Grünhage (@jcgruenhage)" module: matrix short_description: Send notifications to matrix description: - - This module sends html formatted notifications to matrix rooms. + - This module sends html formatted notifications to matrix rooms. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - msg_plain: - type: str - description: - - Plain text form of the message to send to matrix, usually markdown - required: true - msg_html: - type: str - description: - - HTML form of the message to send to matrix - required: true - room_id: - type: str - description: - - ID of the room to send the notification to - required: true - hs_url: - type: str - description: - - URL of the homeserver, where the CS-API is reachable - required: true - token: - type: str - description: - - Authentication token for the API call. If provided, user_id and password are not required - user_id: - type: str - description: - - The user id of the user - password: - type: str - description: - - The password to log in with + msg_plain: + type: str + description: + - Plain text form of the message to send to matrix, usually markdown. + required: true + msg_html: + type: str + description: + - HTML form of the message to send to matrix. + required: true + room_id: + type: str + description: + - ID of the room to send the notification to. + required: true + hs_url: + type: str + description: + - URL of the homeserver, where the CS-API is reachable. + required: true + token: + type: str + description: + - Authentication token for the API call. If provided, O(user_id) and O(password) are not required. + user_id: + type: str + description: + - The user ID of the user. + password: + type: str + description: + - The password to log in with. requirements: - - matrix-client (Python library) -''' + - matrix-client (Python library) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Send matrix notification with token community.general.matrix: msg_plain: "**hello world**" @@ -76,10 +75,10 @@ EXAMPLES = ''' hs_url: "https://matrix.org" user_id: "ansible_notification_bot" password: "{{ matrix_auth_password }}" -''' +""" -RETURN = ''' -''' +RETURN = r""" +""" import traceback from ansible.module_utils.basic import AnsibleModule, missing_required_lib diff --git a/plugins/modules/mattermost.py b/plugins/modules/mattermost.py index 154040a8fd..ed046e6481 100644 --- a/plugins/modules/mattermost.py +++ b/plugins/modules/mattermost.py @@ -15,14 +15,14 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: mattermost short_description: Send Mattermost notifications description: - - Sends notifications to U(http://your.mattermost.url) via the Incoming WebHook integration. + - Sends notifications to U(http://your.mattermost.url) using the Incoming WebHook integration. author: "Benjamin Jolivot (@bjolivot)" extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: full @@ -32,15 +32,13 @@ options: url: type: str description: - - Mattermost url (i.e. http://mattermost.yourcompany.com). + - Mattermost URL (for example V(http://mattermost.yourcompany.com)). required: true api_key: type: str description: - - Mattermost webhook api key. Log into your mattermost site, go to - Menu -> Integration -> Incoming Webhook -> Add Incoming Webhook. - This will give you full URL. O(api_key) is the last part. - http://mattermost.example.com/hooks/C(API_KEY) + - Mattermost webhook API key. Log into your Mattermost site, go to Menu -> Integration -> Incoming Webhook -> Add Incoming + Webhook. This will give you full URL. O(api_key) is the last part. U(http://mattermost.example.com/hooks/API_KEY). required: true text: type: str @@ -62,22 +60,28 @@ options: username: type: str description: - - This is the sender of the message (Username Override need to be enabled by mattermost admin, see mattermost doc. + - This is the sender of the message (Username Override need to be enabled by mattermost admin, see mattermost doc). default: Ansible icon_url: type: str description: - URL for the message sender's icon. default: https://docs.ansible.com/favicon.ico + priority: + type: str + description: + - Set a priority for the message. + choices: [important, urgent] + version_added: 10.0.0 validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. default: true type: bool -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Send notification message via Mattermost community.general.mattermost: url: http://mattermost.example.com @@ -92,6 +96,7 @@ EXAMPLES = """ channel: notifications username: 'Ansible on {{ inventory_hostname }}' icon_url: http://www.example.com/some-image-file.png + priority: important - name: Send attachments message via Mattermost community.general.mattermost: @@ -110,16 +115,16 @@ EXAMPLES = """ short: true """ -RETURN = ''' +RETURN = r""" payload: - description: Mattermost payload - returned: success - type: str + description: Mattermost payload. + returned: success + type: str webhook_url: - description: URL the webhook is sent to - returned: success - type: str -''' + description: URL the webhook is sent to. + returned: success + type: str +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url @@ -135,6 +140,7 @@ def main(): channel=dict(type='str', default=None), username=dict(type='str', default='Ansible'), icon_url=dict(type='str', default='https://docs.ansible.com/favicon.ico'), + priority=dict(type='str', default=None, choices=['important', 'urgent']), validate_certs=dict(default=True, type='bool'), attachments=dict(type='list', elements='dict'), ), @@ -154,6 +160,8 @@ def main(): for param in ['text', 'channel', 'username', 'icon_url', 'attachments']: if module.params[param] is not None: payload[param] = module.params[param] + if module.params['priority'] is not None: + payload['priority'] = {'priority': module.params['priority']} payload = module.jsonify(payload) result['payload'] = payload diff --git a/plugins/modules/maven_artifact.py b/plugins/modules/maven_artifact.py index 0dc020c37a..a165c5a32a 100644 --- a/plugins/modules/maven_artifact.py +++ b/plugins/modules/maven_artifact.py @@ -11,171 +11,169 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: maven_artifact short_description: Downloads an Artifact from a Maven Repository description: - - Downloads an artifact from a maven repository given the maven coordinates provided to the module. - - Can retrieve snapshots or release versions of the artifact and will resolve the latest available - version if one is not available. + - Downloads an artifact from a maven repository given the maven coordinates provided to the module. + - Can retrieve snapshots or release versions of the artifact and will resolve the latest available version if one is not + available. author: "Chris Schmidt (@chrisisbeef)" requirements: - - lxml - - boto if using a S3 repository (s3://...) + - lxml + - boto if using a S3 repository (V(s3://...)) attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - group_id: - type: str - description: - - The Maven groupId coordinate - required: true - artifact_id: - type: str - description: - - The maven artifactId coordinate - required: true - version: - type: str - description: - - The maven version coordinate - - Mutually exclusive with O(version_by_spec). - version_by_spec: - type: str - description: - - The maven dependency version ranges. - - See supported version ranges on U(https://cwiki.apache.org/confluence/display/MAVENOLD/Dependency+Mediation+and+Conflict+Resolution) - - The range type "(,1.0],[1.2,)" and "(,1.1),(1.1,)" is not supported. - - Mutually exclusive with O(version). - version_added: '0.2.0' - classifier: - type: str - description: - - The maven classifier coordinate - default: '' - extension: - type: str - description: - - The maven type/extension coordinate - default: jar - repository_url: - type: str - description: - - The URL of the Maven Repository to download from. - - Use s3://... if the repository is hosted on Amazon S3, added in version 2.2. - - Use file://... if the repository is local, added in version 2.6 - default: https://repo1.maven.org/maven2 - username: - type: str - description: - - The username to authenticate as to the Maven Repository. Use AWS secret key of the repository is hosted on S3 - aliases: [ "aws_secret_key" ] - password: - type: str - description: - - The password to authenticate with to the Maven Repository. Use AWS secret access key of the repository is hosted on S3 - aliases: [ "aws_secret_access_key" ] - headers: - description: - - Add custom HTTP headers to a request in hash/dict format. - type: dict - force_basic_auth: - description: - - httplib2, the library used by the uri module only sends authentication information when a webservice - responds to an initial request with a 401 status. Since some basic auth services do not properly - send a 401, logins will fail. This option forces the sending of the Basic authentication header - upon initial request. - default: false - type: bool - version_added: '0.2.0' - dest: - type: path - description: - - The path where the artifact should be written to - - If file mode or ownerships are specified and destination path already exists, they affect the downloaded file - required: true - state: - type: str - description: - - The desired state of the artifact - default: present - choices: [present,absent] - timeout: - type: int - description: - - Specifies a timeout in seconds for the connection attempt - default: 10 - validate_certs: - description: - - If V(false), SSL certificates will not be validated. This should only be set to V(false) when no other option exists. - type: bool - default: true - client_cert: - description: - - PEM formatted certificate chain file to be used for SSL client authentication. - - This file can also include the key as well, and if the key is included, O(client_key) is not required. - type: path - version_added: '1.3.0' - client_key: - description: - - PEM formatted file that contains your private key to be used for SSL client authentication. - - If O(client_cert) contains both the certificate and key, this option is not required. - type: path - version_added: '1.3.0' - keep_name: - description: - - If V(true), the downloaded artifact's name is preserved, i.e the version number remains part of it. - - This option only has effect when O(dest) is a directory and O(version) is set to V(latest) or O(version_by_spec) - is defined. - type: bool - default: false - verify_checksum: - type: str - description: - - If V(never), the MD5/SHA1 checksum will never be downloaded and verified. - - If V(download), the MD5/SHA1 checksum will be downloaded and verified only after artifact download. This is the default. - - If V(change), the MD5/SHA1 checksum will be downloaded and verified if the destination already exist, - to verify if they are identical. This was the behaviour before 2.6. Since it downloads the checksum before (maybe) - downloading the artifact, and since some repository software, when acting as a proxy/cache, return a 404 error - if the artifact has not been cached yet, it may fail unexpectedly. - If you still need it, you should consider using V(always) instead - if you deal with a checksum, it is better to - use it to verify integrity after download. - - V(always) combines V(download) and V(change). - required: false - default: 'download' - choices: ['never', 'download', 'change', 'always'] - checksum_alg: - type: str - description: - - If V(md5), checksums will use the MD5 algorithm. This is the default. - - If V(sha1), checksums will use the SHA1 algorithm. This can be used on systems configured to use - FIPS-compliant algorithms, since MD5 will be blocked on such systems. - default: 'md5' - choices: ['md5', 'sha1'] - version_added: 3.2.0 - unredirected_headers: - type: list - elements: str - version_added: 5.2.0 - description: - - A list of headers that should not be included in the redirection. This headers are sent to the C(fetch_url) function. - - On ansible-core version 2.12 or later, the default of this option is V([Authorization, Cookie]). - - Useful if the redirection URL does not need to have sensitive headers in the request. - - Requires ansible-core version 2.12 or later. - directory_mode: - type: str - description: - - Filesystem permission mode applied recursively to O(dest) when it is a directory. + group_id: + type: str + description: + - The Maven groupId coordinate. + required: true + artifact_id: + type: str + description: + - The maven artifactId coordinate. + required: true + version: + type: str + description: + - The maven version coordinate. + - Mutually exclusive with O(version_by_spec). + version_by_spec: + type: str + description: + - The maven dependency version ranges. + - See supported version ranges on U(https://cwiki.apache.org/confluence/display/MAVENOLD/Dependency+Mediation+and+Conflict+Resolution). + - The range type V((,1.0],[1.2,\)) and V((,1.1\),(1.1,\)) is not supported. + - Mutually exclusive with O(version). + version_added: '0.2.0' + classifier: + type: str + description: + - The maven classifier coordinate. + default: '' + extension: + type: str + description: + - The maven type/extension coordinate. + default: jar + repository_url: + type: str + description: + - The URL of the Maven Repository to download from. + - Use V(s3://...) if the repository is hosted on Amazon S3. + - Use V(file://...) if the repository is local. + default: https://repo1.maven.org/maven2 + username: + type: str + description: + - The username to authenticate as to the Maven Repository. Use AWS secret key of the repository is hosted on S3. + aliases: ["aws_secret_key"] + password: + type: str + description: + - The password to authenticate with to the Maven Repository. Use AWS secret access key of the repository is hosted on + S3. + aliases: ["aws_secret_access_key"] + headers: + description: + - Add custom HTTP headers to a request in hash/dict format. + type: dict + force_basic_auth: + description: + - C(httplib2), the library used by the URI module only sends authentication information when a webservice responds to an + initial request with a 401 status. Since some basic auth services do not properly send a 401, logins will fail. This + option forces the sending of the Basic authentication header upon initial request. + default: false + type: bool + version_added: '0.2.0' + dest: + type: path + description: + - The path where the artifact should be written to. + - If file mode or ownerships are specified and destination path already exists, they affect the downloaded file. + required: true + state: + type: str + description: + - The desired state of the artifact. + default: present + choices: [present, absent] + timeout: + type: int + description: + - Specifies a timeout in seconds for the connection attempt. + default: 10 + validate_certs: + description: + - If V(false), SSL certificates will not be validated. This should only be set to V(false) when no other option exists. + type: bool + default: true + client_cert: + description: + - PEM formatted certificate chain file to be used for SSL client authentication. + - This file can also include the key as well, and if the key is included, O(client_key) is not required. + type: path + version_added: '1.3.0' + client_key: + description: + - PEM formatted file that contains your private key to be used for SSL client authentication. + - If O(client_cert) contains both the certificate and key, this option is not required. + type: path + version_added: '1.3.0' + keep_name: + description: + - If V(true), the downloaded artifact's name is preserved, in other words the version number remains part of it. + - This option only has effect when O(dest) is a directory and O(version) is set to V(latest) or O(version_by_spec) is + defined. + type: bool + default: false + verify_checksum: + type: str + description: + - If V(never), the MD5/SHA1 checksum will never be downloaded and verified. + - If V(download), the MD5/SHA1 checksum will be downloaded and verified only after artifact download. This is the default. + - If V(change), the MD5/SHA1 checksum will be downloaded and verified if the destination already exist, to verify if + they are identical. This was the behaviour before 2.6. Since it downloads the checksum before (maybe) downloading + the artifact, and since some repository software, when acting as a proxy/cache, return a 404 error if the artifact + has not been cached yet, it may fail unexpectedly. If you still need it, you should consider using V(always) instead + - if you deal with a checksum, it is better to use it to verify integrity after download. + - V(always) combines V(download) and V(change). + required: false + default: 'download' + choices: ['never', 'download', 'change', 'always'] + checksum_alg: + type: str + description: + - If V(md5), checksums will use the MD5 algorithm. This is the default. + - If V(sha1), checksums will use the SHA1 algorithm. This can be used on systems configured to use FIPS-compliant algorithms, + since MD5 will be blocked on such systems. + default: 'md5' + choices: ['md5', 'sha1'] + version_added: 3.2.0 + unredirected_headers: + type: list + elements: str + version_added: 5.2.0 + description: + - A list of headers that should not be included in the redirection. This headers are sent to the C(fetch_url) function. + - On ansible-core version 2.12 or later, the default of this option is V([Authorization, Cookie]). + - Useful if the redirection URL does not need to have sensitive headers in the request. + - Requires ansible-core version 2.12 or later. + directory_mode: + type: str + description: + - Filesystem permission mode applied recursively to O(dest) when it is a directory. extends_documentation_fragment: - - ansible.builtin.files - - community.general.attributes -''' + - ansible.builtin.files + - community.general.attributes +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Download the latest version of the JUnit framework artifact from Maven Central community.general.maven_artifact: group_id: junit @@ -236,7 +234,7 @@ EXAMPLES = ''' artifact_id: junit version_by_spec: "[3.8,4.0)" dest: /tmp/ -''' +""" import hashlib import os diff --git a/plugins/modules/memset_dns_reload.py b/plugins/modules/memset_dns_reload.py index 668c8c0bf3..7781abbf76 100644 --- a/plugins/modules/memset_dns_reload.py +++ b/plugins/modules/memset_dns_reload.py @@ -8,53 +8,48 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: memset_dns_reload author: "Simon Weald (@glitchcrab)" short_description: Request reload of Memset's DNS infrastructure, notes: - - DNS reload requests are a best-effort service provided by Memset; these generally - happen every 15 minutes by default, however you can request an immediate reload if - later tasks rely on the records being created. An API key generated via the - Memset customer control panel is required with the following minimum scope - - C(dns.reload). If you wish to poll the job status to wait until the reload has - completed, then C(job.status) is also required. + - DNS reload requests are a best-effort service provided by Memset; these generally happen every 15 minutes by default, + however you can request an immediate reload if later tasks rely on the records being created. An API key generated using + the Memset customer control panel is required with the following minimum scope - C(dns.reload). If you wish to poll the + job status to wait until the reload has completed, then C(job.status) is also required. description: - Request a reload of Memset's DNS infrastructure, and optionally poll until it finishes. extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: none - diff_mode: - support: none + check_mode: + support: none + diff_mode: + support: none options: - api_key: - required: true - type: str - description: - - The API key obtained from the Memset control panel. - poll: - default: false - type: bool - description: - - Boolean value, if set will poll the reload job's status and return - when the job has completed (unless the 30 second timeout is reached first). - If the timeout is reached then the task will not be marked as failed, but - stderr will indicate that the polling failed. -''' + api_key: + required: true + type: str + description: + - The API key obtained from the Memset control panel. + poll: + default: false + type: bool + description: + - Boolean value, if set will poll the reload job's status and return when the job has completed (unless the 30 second + timeout is reached first). If the timeout is reached then the task will not be marked as failed, but stderr will indicate + that the polling failed. +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Submit DNS reload and poll community.general.memset_dns_reload: api_key: 5eb86c9196ab03919abcf03857163741 poll: true delegate_to: localhost -''' +""" -RETURN = ''' ---- +RETURN = r""" memset_api: description: Raw response from the Memset API. returned: always @@ -85,7 +80,7 @@ memset_api: returned: always type: str sample: "dns" -''' +""" from time import sleep @@ -178,9 +173,7 @@ def main(): ) # populate the dict with the user-provided vars. - args = dict() - for key, arg in module.params.items(): - args[key] = arg + args = dict(module.params) retvals = reload_dns(args) diff --git a/plugins/modules/memset_memstore_info.py b/plugins/modules/memset_memstore_info.py index c00ef15eb4..e9f2699812 100644 --- a/plugins/modules/memset_memstore_info.py +++ b/plugins/modules/memset_memstore_info.py @@ -8,107 +8,104 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: memset_memstore_info author: "Simon Weald (@glitchcrab)" short_description: Retrieve Memstore product usage information notes: - - An API key generated via the Memset customer control panel is needed with the - following minimum scope - C(memstore.usage). + - An API key generated using the Memset customer control panel is needed with the following minimum scope - C(memstore.usage). description: - - Retrieve Memstore product usage information. + - Retrieve Memstore product usage information. extends_documentation_fragment: - - community.general.attributes - - community.general.attributes.info_module + - community.general.attributes + - community.general.attributes.info_module attributes: - check_mode: - version_added: 3.3.0 - # This was backported to 2.5.4 and 1.3.11 as well, since this was a bugfix + check_mode: + version_added: 3.3.0 + # This was backported to 2.5.4 and 1.3.11 as well, since this was a bugfix options: - api_key: - required: true - type: str - description: - - The API key obtained from the Memset control panel. - name: - required: true - type: str - description: - - The Memstore product name (that is, C(mstestyaa1)). -''' + api_key: + required: true + type: str + description: + - The API key obtained from the Memset control panel. + name: + required: true + type: str + description: + - The Memstore product name (that is, V(mstestyaa1)). +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Get usage for mstestyaa1 community.general.memset_memstore_info: name: mstestyaa1 api_key: 5eb86c9896ab03919abcf03857163741 delegate_to: localhost -''' +""" -RETURN = ''' ---- +RETURN = r""" memset_api: - description: Info from the Memset API + description: Info from the Memset API. returned: always type: complex contains: cdn_bandwidth: - description: Dictionary of CDN bandwidth facts + description: Dictionary of CDN bandwidth facts. returned: always type: complex contains: bytes_out: - description: Outbound CDN bandwidth for the last 24 hours in bytes + description: Outbound CDN bandwidth for the last 24 hours in bytes. returned: always type: int sample: 1000 requests: - description: Number of requests in the last 24 hours + description: Number of requests in the last 24 hours. returned: always type: int sample: 10 bytes_in: - description: Inbound CDN bandwidth for the last 24 hours in bytes + description: Inbound CDN bandwidth for the last 24 hours in bytes. returned: always type: int sample: 1000 containers: - description: Number of containers + description: Number of containers. returned: always type: int sample: 10 bytes: - description: Space used in bytes + description: Space used in bytes. returned: always type: int sample: 3860997965 objs: - description: Number of objects + description: Number of objects. returned: always type: int sample: 1000 bandwidth: - description: Dictionary of CDN bandwidth facts + description: Dictionary of CDN bandwidth facts. returned: always type: complex contains: bytes_out: - description: Outbound bandwidth for the last 24 hours in bytes + description: Outbound bandwidth for the last 24 hours in bytes. returned: always type: int sample: 1000 requests: - description: Number of requests in the last 24 hours + description: Number of requests in the last 24 hours. returned: always type: int sample: 10 bytes_in: - description: Inbound bandwidth for the last 24 hours in bytes + description: Inbound bandwidth for the last 24 hours in bytes. returned: always type: int sample: 1000 -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.memset import memset_api_call @@ -163,9 +160,7 @@ def main(): ) # populate the dict with the user-provided vars. - args = dict() - for key, arg in module.params.items(): - args[key] = arg + args = dict(module.params) retvals = get_facts(args) diff --git a/plugins/modules/memset_server_info.py b/plugins/modules/memset_server_info.py index 78ea99df31..3c0829ce09 100644 --- a/plugins/modules/memset_server_info.py +++ b/plugins/modules/memset_server_info.py @@ -8,48 +8,45 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: memset_server_info author: "Simon Weald (@glitchcrab)" short_description: Retrieve server information notes: - - An API key generated via the Memset customer control panel is needed with the - following minimum scope - C(server.info). + - An API key generated using the Memset customer control panel is needed with the following minimum scope - C(server.info). description: - - Retrieve server information. + - Retrieve server information. extends_documentation_fragment: - - community.general.attributes - - community.general.attributes.info_module + - community.general.attributes + - community.general.attributes.info_module attributes: - check_mode: - version_added: 3.3.0 - # This was backported to 2.5.4 and 1.3.11 as well, since this was a bugfix + check_mode: + version_added: 3.3.0 + # This was backported to 2.5.4 and 1.3.11 as well, since this was a bugfix options: - api_key: - required: true - type: str - description: - - The API key obtained from the Memset control panel. - name: - required: true - type: str - description: - - The server product name (that is, C(testyaa1)). -''' + api_key: + required: true + type: str + description: + - The API key obtained from the Memset control panel. + name: + required: true + type: str + description: + - The server product name (that is, C(testyaa1)). +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Get details for testyaa1 community.general.memset_server_info: name: testyaa1 api_key: 5eb86c9896ab03919abcf03857163741 delegate_to: localhost -''' +""" -RETURN = ''' ---- +RETURN = r""" memset_api: - description: Info from the Memset API + description: Info from the Memset API. returned: always type: complex contains: @@ -59,7 +56,7 @@ memset_api: type: bool sample: true control_panel: - description: Whether the server has a control panel (i.e. cPanel). + description: Whether the server has a control panel (for example cPanel). returned: always type: str sample: 'cpanel' @@ -103,7 +100,7 @@ memset_api: } } firewall_type: - description: The type of firewall the server has (i.e. self-managed, managed). + description: The type of firewall the server has (for example self-managed, managed). returned: always type: str sample: 'managed' @@ -113,7 +110,7 @@ memset_api: type: str sample: 'testyaa1.miniserver.com' ignore_monitoring_off: - description: When true, Memset won't remind the customer that monitoring is disabled. + description: When true, Memset does not remind the customer that monitoring is disabled. returned: always type: bool sample: true @@ -136,7 +133,7 @@ memset_api: type: bool sample: true monitoring_level: - description: The server's monitoring level (i.e. basic). + description: The server's monitoring level (for example V(basic)). returned: always type: str sample: 'basic' @@ -149,7 +146,7 @@ memset_api: description: The network zone(s) the server is in. returned: always type: list - sample: [ 'reading' ] + sample: ['reading'] nickname: description: Customer-set nickname for the server. returned: always @@ -196,7 +193,7 @@ memset_api: type: str sample: 'GBP' renewal_price_vat: - description: VAT rate for renewal payments + description: VAT rate for renewal payments. returned: always type: str sample: '20' @@ -206,7 +203,7 @@ memset_api: type: str sample: '2013-04-10' status: - description: Current status of the server (i.e. live, onhold). + description: Current status of the server (for example live, onhold). returned: always type: str sample: 'LIVE' @@ -216,7 +213,7 @@ memset_api: type: str sample: 'managed' type: - description: What this server is (i.e. dedicated) + description: What this server is (for example V(dedicated)). returned: always type: str sample: 'miniserver' @@ -233,7 +230,7 @@ memset_api: returned: always type: str sample: 'basic' -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.memset import memset_api_call @@ -288,9 +285,7 @@ def main(): ) # populate the dict with the user-provided vars. - args = dict() - for key, arg in module.params.items(): - args[key] = arg + args = dict(module.params) retvals = get_facts(args) diff --git a/plugins/modules/memset_zone.py b/plugins/modules/memset_zone.py index f520d54460..2c80503bec 100644 --- a/plugins/modules/memset_zone.py +++ b/plugins/modules/memset_zone.py @@ -8,60 +8,56 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: memset_zone author: "Simon Weald (@glitchcrab)" short_description: Creates and deletes Memset DNS zones notes: - - Zones can be thought of as a logical group of domains, all of which share the - same DNS records (i.e. they point to the same IP). An API key generated via the - Memset customer control panel is needed with the following minimum scope - - C(dns.zone_create), C(dns.zone_delete), C(dns.zone_list). + - Zones can be thought of as a logical group of domains, all of which share the same DNS records (in other words they point + to the same IP). An API key generated using the Memset customer control panel is needed with the following minimum scope + - C(dns.zone_create), C(dns.zone_delete), C(dns.zone_list). description: - Manage DNS zones in a Memset account. extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - required: true - description: - - Indicates desired state of resource. - type: str - choices: [ absent, present ] - api_key: - required: true - description: - - The API key obtained from the Memset control panel. - type: str - name: - required: true - description: - - The zone nickname; usually the same as the main domain. Ensure this - value has at most 250 characters. - type: str - aliases: [ nickname ] - ttl: - description: - - The default TTL for all records created in the zone. This must be a - valid int from U(https://www.memset.com/apidocs/methods_dns.html#dns.zone_create). - type: int - default: 0 - choices: [ 0, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400 ] - force: - required: false - default: false - type: bool - description: - - Forces deletion of a zone and all zone domains/zone records it contains. -''' + state: + required: true + description: + - Indicates desired state of resource. + type: str + choices: [absent, present] + api_key: + required: true + description: + - The API key obtained from the Memset control panel. + type: str + name: + required: true + description: + - The zone nickname; usually the same as the main domain. Ensure this value has at most 250 characters. + type: str + aliases: [nickname] + ttl: + description: + - The default TTL for all records created in the zone. This must be a valid int from U(https://www.memset.com/apidocs/methods_dns.html#dns.zone_create). + type: int + default: 0 + choices: [0, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400] + force: + required: false + default: false + type: bool + description: + - Forces deletion of a zone and all zone domains/zone records it contains. +""" -EXAMPLES = ''' +EXAMPLES = r""" # Create the zone 'test' - name: Create zone community.general.memset_zone: @@ -79,40 +75,40 @@ EXAMPLES = ''' api_key: 5eb86c9196ab03919abcf03857163741 force: true delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" memset_api: - description: Zone info from the Memset API + description: Zone info from the Memset API. returned: when state == present type: complex contains: domains: - description: List of domains in this zone + description: List of domains in this zone. returned: always type: list sample: [] id: - description: Zone id + description: Zone ID. returned: always type: str sample: "b0bb1ce851aeea6feeb2dc32fe83bf9c" nickname: - description: Zone name + description: Zone name. returned: always type: str sample: "example.com" records: - description: List of DNS records for domains in this zone + description: List of DNS records for domains in this zone. returned: always type: list sample: [] ttl: - description: Default TTL for domains in this zone + description: Default TTL for domains in this zone. returned: always type: int sample: 300 -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.memset import check_zone @@ -300,9 +296,7 @@ def main(): ) # populate the dict with the user-provided vars. - args = dict() - for key, arg in module.params.items(): - args[key] = arg + args = dict(module.params) args['check_mode'] = module.check_mode # validate some API-specific limitations. diff --git a/plugins/modules/memset_zone_domain.py b/plugins/modules/memset_zone_domain.py index e07ac1ff02..6e4dd27320 100644 --- a/plugins/modules/memset_zone_domain.py +++ b/plugins/modules/memset_zone_domain.py @@ -8,53 +8,50 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: memset_zone_domain author: "Simon Weald (@glitchcrab)" short_description: Create and delete domains in Memset DNS zones notes: - - Zone domains can be thought of as a collection of domains, all of which share the - same DNS records (i.e. they point to the same IP). An API key generated via the - Memset customer control panel is needed with the following minimum scope - - C(dns.zone_domain_create), C(dns.zone_domain_delete), C(dns.zone_domain_list). - - Currently this module can only create one domain at a time. Multiple domains should - be created using C(loop). + - Zone domains can be thought of as a collection of domains, all of which share the same DNS records (in other words, they + point to the same IP). An API key generated using the Memset customer control panel is needed with the following minimum + scope - C(dns.zone_domain_create), C(dns.zone_domain_delete), C(dns.zone_domain_list). + - Currently this module can only create one domain at a time. Multiple domains should be created using C(loop). description: - Manage DNS zone domains in a Memset account. extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - default: present - description: - - Indicates desired state of resource. - type: str - choices: [ absent, present ] - api_key: - required: true - description: - - The API key obtained from the Memset control panel. - type: str - domain: - required: true - description: - - The zone domain name. Ensure this value has at most 250 characters. - type: str - aliases: ['name'] - zone: - required: true - description: - - The zone to add the domain to (this must already exist). - type: str -''' + state: + default: present + description: + - Indicates desired state of resource. + type: str + choices: [absent, present] + api_key: + required: true + description: + - The API key obtained from the Memset control panel. + type: str + domain: + required: true + description: + - The zone domain name. Ensure this value has at most 250 characters. + type: str + aliases: ['name'] + zone: + required: true + description: + - The zone to add the domain to (this must already exist). + type: str +""" -EXAMPLES = ''' +EXAMPLES = r""" # Create the zone domain 'test.com' - name: Create zone domain community.general.memset_zone_domain: @@ -63,25 +60,25 @@ EXAMPLES = ''' state: present api_key: 5eb86c9196ab03919abcf03857163741 delegate_to: localhost -''' +""" -RETURN = ''' +RETURN = r""" memset_api: - description: Domain info from the Memset API + description: Domain info from the Memset API. returned: when changed or state == present type: complex contains: domain: - description: Domain name + description: Domain name. returned: always type: str sample: "example.com" id: - description: Domain ID + description: Domain ID. returned: always type: str sample: "b0bb1ce851aeea6feeb2dc32fe83bf9c" -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.memset import get_zone_id @@ -244,9 +241,7 @@ def main(): ) # populate the dict with the user-provided vars. - args = dict() - for key, arg in module.params.items(): - args[key] = arg + args = dict(module.params) args['check_mode'] = module.check_mode # validate some API-specific limitations. @@ -258,7 +253,7 @@ def main(): retvals = create_or_delete_domain(args) # we would need to populate the return values with the API's response - # in several places so it's easier to do it at the end instead. + # in several places so it is easier to do it at the end instead. if not retvals['failed']: if args['state'] == 'present' and not module.check_mode: payload = dict() diff --git a/plugins/modules/memset_zone_record.py b/plugins/modules/memset_zone_record.py index 8406d93d21..7c16ee31eb 100644 --- a/plugins/modules/memset_zone_record.py +++ b/plugins/modules/memset_zone_record.py @@ -8,83 +8,79 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: memset_zone_record author: "Simon Weald (@glitchcrab)" short_description: Create and delete records in Memset DNS zones notes: - - Zones can be thought of as a logical group of domains, all of which share the - same DNS records (i.e. they point to the same IP). An API key generated via the - Memset customer control panel is needed with the following minimum scope - - C(dns.zone_create), C(dns.zone_delete), C(dns.zone_list). - - Currently this module can only create one DNS record at a time. Multiple records - should be created using C(loop). + - Zones can be thought of as a logical group of domains, all of which share the same DNS records (in other words they point + to the same IP). An API key generated using the Memset customer control panel is needed with the following minimum scope + - C(dns.zone_create), C(dns.zone_delete), C(dns.zone_list). + - Currently this module can only create one DNS record at a time. Multiple records should be created using C(loop). description: - Manage DNS records in a Memset account. extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - state: - default: present - description: - - Indicates desired state of resource. - type: str - choices: [ absent, present ] - api_key: - required: true - description: - - The API key obtained from the Memset control panel. - type: str - address: - required: true - description: - - The address for this record (can be IP or text string depending on record type). - type: str - aliases: [ ip, data ] - priority: - description: - - C(SRV) and C(TXT) record priority, in the range 0 > 999 (inclusive). - type: int - default: 0 - record: - required: false - description: - - The subdomain to create. - type: str - default: '' - type: - required: true - description: - - The type of DNS record to create. - choices: [ A, AAAA, CNAME, MX, NS, SRV, TXT ] - type: str - relative: - type: bool - default: false - description: - - If set then the current domain is added onto the address field for C(CNAME), C(MX), C(NS) - and C(SRV)record types. - ttl: - description: - - The record's TTL in seconds (will inherit zone's TTL if not explicitly set). This must be a - valid int from U(https://www.memset.com/apidocs/methods_dns.html#dns.zone_record_create). - default: 0 - choices: [ 0, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400 ] - type: int - zone: - required: true - description: - - The name of the zone to which to add the record to. - type: str -''' + state: + default: present + description: + - Indicates desired state of resource. + type: str + choices: [absent, present] + api_key: + required: true + description: + - The API key obtained from the Memset control panel. + type: str + address: + required: true + description: + - The address for this record (can be IP or text string depending on record type). + type: str + aliases: [ip, data] + priority: + description: + - C(SRV) and C(TXT) record priority, in the range 0 > 999 (inclusive). + type: int + default: 0 + record: + required: false + description: + - The subdomain to create. + type: str + default: '' + type: + required: true + description: + - The type of DNS record to create. + choices: [A, AAAA, CNAME, MX, NS, SRV, TXT] + type: str + relative: + type: bool + default: false + description: + - If set then the current domain is added onto the address field for C(CNAME), C(MX), C(NS) and C(SRV)record types. + ttl: + description: + - The record's TTL in seconds (will inherit zone's TTL if not explicitly set). This must be a valid int from + U(https://www.memset.com/apidocs/methods_dns.html#dns.zone_record_create). + default: 0 + choices: [0, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400] + type: int + zone: + required: true + description: + - The name of the zone to which to add the record to. + type: str +""" -EXAMPLES = ''' +EXAMPLES = r""" # Create DNS record for www.domain.com - name: Create DNS record community.general.memset_zone_record: @@ -118,11 +114,11 @@ EXAMPLES = ''' address: "{{ item.address }}" delegate_to: localhost with_items: - - { 'zone': 'domain1.com', 'type': 'A', 'record': 'www', 'address': '1.2.3.4' } - - { 'zone': 'domain2.com', 'type': 'A', 'record': 'mail', 'address': '4.3.2.1' } -''' + - {'zone': 'domain1.com', 'type': 'A', 'record': 'www', 'address': '1.2.3.4'} + - {'zone': 'domain2.com', 'type': 'A', 'record': 'mail', 'address': '4.3.2.1'} +""" -RETURN = ''' +RETURN = r""" memset_api: description: Record info from the Memset API. returned: when state == present @@ -168,7 +164,7 @@ memset_api: returned: always type: str sample: "b0bb1ce851aeea6feeb2dc32fe83bf9c" -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.memset import get_zone_id @@ -181,6 +177,7 @@ def api_validation(args=None): https://www.memset.com/apidocs/methods_dns.html#dns.zone_record_create) ''' failed_validation = False + error = None # priority can only be integer 0 > 999 if not 0 <= args['priority'] <= 999: @@ -373,9 +370,7 @@ def main(): ) # populate the dict with the user-provided vars. - args = dict() - for key, arg in module.params.items(): - args[key] = arg + args = dict(module.params) args['check_mode'] = module.check_mode # perform some Memset API-specific validation diff --git a/plugins/modules/mksysb.py b/plugins/modules/mksysb.py index 8272dbf7de..d3c9abeac0 100644 --- a/plugins/modules/mksysb.py +++ b/plugins/modules/mksysb.py @@ -10,13 +10,17 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" author: Kairo Araujo (@kairoaraujo) module: mksysb short_description: Generates AIX mksysb rootvg backups description: - This module manages a basic AIX mksysb (image) of rootvg. +seealso: + - name: C(mksysb) command manual page + description: Manual page for the command. + link: https://www.ibm.com/docs/en/aix/7.3?topic=m-mksysb-command + extends_documentation_fragment: - community.general.attributes attributes: @@ -58,7 +62,7 @@ options: name: type: str description: - - Backup name + - Backup name. required: true new_image_data: description: @@ -67,8 +71,7 @@ options: default: true software_packing: description: - - Exclude files from packing option listed in - C(/etc/exclude_packing.rootvg). + - Exclude files from packing option listed in C(/etc/exclude_packing.rootvg). type: bool default: false storage_path: @@ -81,18 +84,18 @@ options: - Creates backup using snapshots. type: bool default: false -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Running a backup image mksysb community.general.mksysb: name: myserver storage_path: /repository/images exclude_files: true exclude_wpar_files: true -''' +""" -RETURN = ''' +RETURN = r""" changed: description: Return changed for mksysb actions as true or false. returned: always @@ -101,7 +104,7 @@ msg: description: Return message regarding the action. returned: always type: str -''' +""" import os @@ -138,6 +141,7 @@ class MkSysB(ModuleHelper): backup_dmapi_fs=cmd_runner_fmt.as_bool("-A"), combined_path=cmd_runner_fmt.as_func(cmd_runner_fmt.unpack_args(lambda p, n: ["%s/%s" % (p, n)])), ) + use_old_vardict = False def __init_module__(self): if not os.path.isdir(self.vars.storage_path): diff --git a/plugins/modules/modprobe.py b/plugins/modules/modprobe.py index f271b3946f..cff77e9558 100644 --- a/plugins/modules/modprobe.py +++ b/plugins/modules/modprobe.py @@ -8,58 +8,60 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: modprobe short_description: Load or unload kernel modules author: - - David Stygstra (@stygstra) - - Julien Dauphant (@jdauphant) - - Matt Jeffery (@mattjeffery) + - David Stygstra (@stygstra) + - Julien Dauphant (@jdauphant) + - Matt Jeffery (@mattjeffery) description: - - Load or unload kernel modules. + - Load or unload kernel modules. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: - check_mode: - support: full - diff_mode: - support: none + check_mode: + support: full + diff_mode: + support: none options: - name: - type: str - required: true - description: - - Name of kernel module to manage. - state: - type: str - description: - - Whether the module should be present or absent. - choices: [ absent, present ] - default: present - params: - type: str - description: - - Modules parameters. - default: '' - persistent: - type: str - choices: [ disabled, absent, present ] - default: disabled - description: - - Persistency between reboots for configured module. - - This option creates files in C(/etc/modules-load.d/) and C(/etc/modprobe.d/) that make your module configuration persistent during reboots. - - If V(present), adds module name to C(/etc/modules-load.d/) and params to C(/etc/modprobe.d/) so the module will be loaded on next reboot. - - If V(absent), will comment out module name from C(/etc/modules-load.d/) and comment out params from C(/etc/modprobe.d/) so the module will not be - loaded on next reboot. - - If V(disabled), will not touch anything and leave C(/etc/modules-load.d/) and C(/etc/modprobe.d/) as it is. - - Note that it is usually a better idea to rely on the automatic module loading by PCI IDs, USB IDs, DMI IDs or similar triggers encoded in the - kernel modules themselves instead of configuration like this. - - In fact, most modern kernel modules are prepared for automatic loading already. - - "B(Note:) This option works only with distributions that use C(systemd) when set to values other than V(disabled)." -''' + name: + type: str + required: true + description: + - Name of kernel module to manage. + state: + type: str + description: + - Whether the module should be present or absent. + choices: [absent, present] + default: present + params: + type: str + description: + - Modules parameters. + default: '' + persistent: + type: str + choices: [disabled, absent, present] + default: disabled + version_added: 7.0.0 + description: + - Persistency between reboots for configured module. + - This option creates files in C(/etc/modules-load.d/) and C(/etc/modprobe.d/) that make your module configuration persistent + during reboots. + - If V(present), adds module name to C(/etc/modules-load.d/) and params to C(/etc/modprobe.d/) so the module will be + loaded on next reboot. + - If V(absent), will comment out module name from C(/etc/modules-load.d/) and comment out params from C(/etc/modprobe.d/) + so the module will not be loaded on next reboot. + - If V(disabled), will not touch anything and leave C(/etc/modules-load.d/) and C(/etc/modprobe.d/) as it is. + - Note that it is usually a better idea to rely on the automatic module loading by PCI IDs, USB IDs, DMI IDs or similar + triggers encoded in the kernel modules themselves instead of configuration like this. + - In fact, most modern kernel modules are prepared for automatic loading already. + - B(Note:) This option works only with distributions that use C(systemd) when set to values other than V(disabled). +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Add the 802.1q module community.general.modprobe: name: 8021q @@ -77,7 +79,7 @@ EXAMPLES = ''' state: present params: 'numdummies=2' persistent: present -''' +""" import os.path import platform @@ -163,8 +165,9 @@ class Modprobe(object): def create_module_file(self): file_path = os.path.join(MODULES_LOAD_LOCATION, self.name + '.conf') - with open(file_path, 'w') as file: - file.write(self.name + '\n') + if not self.check_mode: + with open(file_path, 'w') as file: + file.write(self.name + '\n') @property def module_options_file_content(self): @@ -175,8 +178,9 @@ class Modprobe(object): def create_module_options_file(self): new_file_path = os.path.join(PARAMETERS_FILES_LOCATION, self.name + '.conf') - with open(new_file_path, 'w') as file: - file.write(self.module_options_file_content) + if not self.check_mode: + with open(new_file_path, 'w') as file: + file.write(self.module_options_file_content) def disable_old_params(self): @@ -190,7 +194,7 @@ class Modprobe(object): file_content[index] = '#' + line content_changed = True - if content_changed: + if not self.check_mode and content_changed: with open(modprobe_file, 'w') as file: file.write('\n'.join(file_content)) @@ -206,7 +210,7 @@ class Modprobe(object): file_content[index] = '#' + line content_changed = True - if content_changed: + if not self.check_mode and content_changed: with open(module_file, 'w') as file: file.write('\n'.join(file_content)) diff --git a/plugins/modules/monit.py b/plugins/modules/monit.py index 5475ab1e52..65b6c606e9 100644 --- a/plugins/modules/monit.py +++ b/plugins/modules/monit.py @@ -9,14 +9,13 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: monit -short_description: Manage the state of a program monitored via Monit +short_description: Manage the state of a program monitored using Monit description: - - Manage the state of a program monitored via Monit. + - Manage the state of a program monitored using Monit. extends_documentation_fragment: - - community.general.attributes + - community.general.attributes attributes: check_mode: support: full @@ -32,26 +31,25 @@ options: description: - The state of service. required: true - choices: [ "present", "started", "stopped", "restarted", "monitored", "unmonitored", "reloaded" ] + choices: ["present", "started", "stopped", "restarted", "monitored", "unmonitored", "reloaded"] type: str timeout: description: - - If there are pending actions for the service monitored by monit, then Ansible will check - for up to this many seconds to verify the requested action has been performed. - Ansible will sleep for five seconds between each check. + - If there are pending actions for the service monitored by monit, then Ansible will check for up to this many seconds + to verify the requested action has been performed. Ansible will sleep for five seconds between each check. default: 300 type: int author: - - Darryl Stoflet (@dstoflet) - - Simon Kelly (@snopoke) -''' + - Darryl Stoflet (@dstoflet) + - Simon Kelly (@snopoke) +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Manage the state of program httpd to be in started state community.general.monit: name: httpd state: started -''' +""" import time import re @@ -218,7 +216,7 @@ class Monit(object): return running_status def wait_for_monit_to_stop_pending(self, current_status=None): - """Fails this run if there is no status or it's pending/initializing for timeout""" + """Fails this run if there is no status or it is pending/initializing for timeout""" timeout_time = time.time() + self.timeout if not current_status: diff --git a/plugins/modules/mqtt.py b/plugins/modules/mqtt.py index f8d64e6a00..9c610d02c7 100644 --- a/plugins/modules/mqtt.py +++ b/plugins/modules/mqtt.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: mqtt short_description: Publish a message on an MQTT topic for the IoT description: @@ -26,12 +25,12 @@ options: server: type: str description: - - MQTT broker address/name + - MQTT broker address/name. default: localhost port: type: int description: - - MQTT broker port number + - MQTT broker port number. default: 1883 username: type: str @@ -44,76 +43,68 @@ options: client_id: type: str description: - - MQTT client identifier + - MQTT client identifier. - If not specified, a value C(hostname + pid) will be used. topic: type: str description: - - MQTT topic name + - MQTT topic name. required: true payload: type: str description: - - Payload. The special string V("None") may be used to send a NULL - (that is, empty) payload which is useful to simply notify with the O(topic) - or to clear previously retained messages. + - Payload. The special string V("None") may be used to send a NULL (that is, empty) payload which is useful to simply + notify with the O(topic) or to clear previously retained messages. required: true qos: type: str description: - - QoS (Quality of Service) + - QoS (Quality of Service). default: "0" - choices: [ "0", "1", "2" ] + choices: ["0", "1", "2"] retain: description: - - Setting this flag causes the broker to retain (i.e. keep) the message so that - applications that subsequently subscribe to the topic can received the last - retained message immediately. + - Setting this flag causes the broker to retain (in other words keep) the message so that applications that subsequently + subscribe to the topic can received the last retained message immediately. type: bool default: false ca_cert: type: path description: - - The path to the Certificate Authority certificate files that are to be - treated as trusted by this client. If this is the only option given - then the client will operate in a similar manner to a web browser. That - is to say it will require the broker to have a certificate signed by the - Certificate Authorities in ca_certs and will communicate using TLS v1, - but will not attempt any form of authentication. This provides basic - network encryption but may not be sufficient depending on how the broker - is configured. - aliases: [ ca_certs ] + - The path to the Certificate Authority certificate files that are to be treated as trusted by this client. If this + is the only option given then the client will operate in a similar manner to a web browser. That is to say it will + require the broker to have a certificate signed by the Certificate Authorities in ca_certs and will communicate using + TLS v1, but will not attempt any form of authentication. This provides basic network encryption but may not be sufficient + depending on how the broker is configured. + aliases: [ca_certs] client_cert: type: path description: - - The path pointing to the PEM encoded client certificate. If this is not - None it will be used as client information for TLS based - authentication. Support for this feature is broker dependent. - aliases: [ certfile ] + - The path pointing to the PEM encoded client certificate. If this is not None it will be used as client information + for TLS based authentication. Support for this feature is broker dependent. + aliases: [certfile] client_key: type: path description: - - The path pointing to the PEM encoded client private key. If this is not - None it will be used as client information for TLS based - authentication. Support for this feature is broker dependent. - aliases: [ keyfile ] + - The path pointing to the PEM encoded client private key. If this is not None it will be used as client information + for TLS based authentication. Support for this feature is broker dependent. + aliases: [keyfile] tls_version: description: - Specifies the version of the SSL/TLS protocol to be used. - - By default (if the python version supports it) the highest TLS version is - detected. If unavailable, TLS v1 is used. + - By default (if the python version supports it) the highest TLS version is detected. If unavailable, TLS v1 is used. type: str choices: - tlsv1.1 - tlsv1.2 -requirements: [ mosquitto ] +requirements: [mosquitto] notes: - - This module requires a connection to an MQTT broker such as Mosquitto - U(http://mosquitto.org) and the I(Paho) C(mqtt) Python client (U(https://pypi.org/project/paho-mqtt/)). + - This module requires a connection to an MQTT broker such as Mosquitto U(http://mosquitto.org) and the I(Paho) C(mqtt) + Python client (U(https://pypi.org/project/paho-mqtt/)). author: "Jan-Piet Mens (@jpmens)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Publish a message on an MQTT topic community.general.mqtt: topic: 'service/ansible/{{ ansible_hostname }}' @@ -122,7 +113,7 @@ EXAMPLES = ''' retain: false client_id: ans001 delegate_to: localhost -''' +""" # =========================================== # MQTT module support methods. diff --git a/plugins/modules/mssql_db.py b/plugins/modules/mssql_db.py index a85f721fca..e1fc222e71 100644 --- a/plugins/modules/mssql_db.py +++ b/plugins/modules/mssql_db.py @@ -10,8 +10,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: mssql_db short_description: Add or remove MSSQL databases from a remote host description: @@ -26,56 +25,55 @@ attributes: options: name: description: - - name of the database to add or remove + - Name of the database to add or remove. required: true - aliases: [ db ] + aliases: [db] type: str login_user: description: - - The username used to authenticate with + - The username used to authenticate with. type: str default: '' login_password: description: - - The password used to authenticate with + - The password used to authenticate with. type: str default: '' login_host: description: - - Host running the database + - Host running the database. type: str required: true login_port: description: - - Port of the MSSQL server. Requires login_host be defined as other than localhost if login_port is used + - Port of the MSSQL server. Requires login_host be defined as other than localhost if login_port is used. default: '1433' type: str state: description: - - The database state + - The database state. default: present - choices: [ "present", "absent", "import" ] + choices: ["present", "absent", "import"] type: str target: description: - - Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL - files (C(.sql)) files are supported. + - Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) files are + supported. type: str autocommit: description: - - Automatically commit the change only if the import succeed. Sometimes it is necessary to use autocommit=true, since some content can't be changed - within a transaction. + - Automatically commit the change only if the import succeed. Sometimes it is necessary to use autocommit=true, since + some content can not be changed within a transaction. type: bool default: false notes: - - Requires the pymssql Python package on the remote host. For Ubuntu, this - is as easy as pip install pymssql (See M(ansible.builtin.pip).) + - Requires the pymssql Python package on the remote host. For Ubuntu, this is as easy as pip install pymssql (See M(ansible.builtin.pip)). requirements: - - pymssql + - pymssql author: Vedit Firat Arig (@vedit) -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a new database with name 'jackdata' community.general.mssql_db: name: jackdata @@ -92,11 +90,11 @@ EXAMPLES = ''' name: my_db state: import target: /tmp/dump.sql -''' +""" -RETURN = ''' +RETURN = r""" # -''' +""" import os import traceback diff --git a/plugins/modules/mssql_script.py b/plugins/modules/mssql_script.py index b1713092c8..872b2ee13d 100644 --- a/plugins/modules/mssql_script.py +++ b/plugins/modules/mssql_script.py @@ -7,8 +7,7 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: mssql_script short_description: Execute SQL scripts on a MSSQL database @@ -17,77 +16,75 @@ version_added: "4.0.0" description: - Execute SQL scripts on a MSSQL database. - extends_documentation_fragment: - community.general.attributes attributes: - check_mode: - support: partial - details: - - The script will not be executed in check mode. - diff_mode: - support: none + check_mode: + support: partial + details: + - The script will not be executed in check mode. + diff_mode: + support: none options: - name: - description: Database to run script against. - aliases: [ db ] - default: '' - type: str - login_user: - description: The username used to authenticate with. - type: str - login_password: - description: The password used to authenticate with. - type: str - login_host: - description: Host running the database. - type: str - required: true - login_port: - description: Port of the MSSQL server. Requires O(login_host) be defined as well. - default: 1433 - type: int - script: - description: - - The SQL script to be executed. - - Script can contain multiple SQL statements. Multiple Batches can be separated by V(GO) command. - - Each batch must return at least one result set. - required: true - type: str - transaction: - description: - - If transactional mode is requested, start a transaction and commit the change only if the script succeed. - Otherwise, rollback the transaction. - - If transactional mode is not requested (default), automatically commit the change. - type: bool - default: false - version_added: 8.4.0 - output: - description: - - With V(default) each row will be returned as a list of values. See RV(query_results). - - Output format V(dict) will return dictionary with the column names as keys. See RV(query_results_dict). - - V(dict) requires named columns to be returned by each query otherwise an error is thrown. - choices: [ "dict", "default" ] - default: 'default' - type: str - params: - description: | - Parameters passed to the script as SQL parameters. - (Query V('SELECT %(name\)s"') with V(example: '{"name": "John Doe"}).)' - type: dict + name: + description: Database to run script against. + aliases: [db] + default: '' + type: str + login_user: + description: The username used to authenticate with. + type: str + login_password: + description: The password used to authenticate with. + type: str + login_host: + description: Host running the database. + type: str + required: true + login_port: + description: Port of the MSSQL server. Requires O(login_host) be defined as well. + default: 1433 + type: int + script: + description: + - The SQL script to be executed. + - Script can contain multiple SQL statements. Multiple Batches can be separated by V(GO) command. + - Each batch must return at least one result set. + required: true + type: str + transaction: + description: + - If transactional mode is requested, start a transaction and commit the change only if the script succeed. Otherwise, + rollback the transaction. + - If transactional mode is not requested (default), automatically commit the change. + type: bool + default: false + version_added: 8.4.0 + output: + description: + - With V(default) each row will be returned as a list of values. See RV(query_results). + - Output format V(dict) will return dictionary with the column names as keys. See RV(query_results_dict). + - V(dict) requires named columns to be returned by each query otherwise an error is thrown. + choices: ["dict", "default"] + default: 'default' + type: str + params: + description: |- + Parameters passed to the script as SQL parameters. + (Query V('SELECT %(name\)s"') with V(example: '{"name": "John Doe"}).)'. + type: dict notes: - - Requires the pymssql Python package on the remote host. For Ubuntu, this - is as easy as C(pip install pymssql) (See M(ansible.builtin.pip).) + - Requires the pymssql Python package on the remote host. For Ubuntu, this is as easy as C(pip install pymssql) (See M(ansible.builtin.pip)). requirements: - - pymssql + - pymssql author: - - Kris Budde (@kbudde) -''' + - Kris Budde (@kbudde) +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Check DB connection community.general.mssql_script: login_user: "{{ mssql_login_user }}" @@ -140,11 +137,11 @@ EXAMPLES = r''' register: result_batches - assert: that: - - result_batches.query_results | length == 2 # two batch results - - result_batches.query_results[0] | length == 2 # two selects in first batch - - result_batches.query_results[0][0] | length == 1 # one row in first select - - result_batches.query_results[0][0][0] | length == 1 # one column in first row - - result_batches.query_results[0][0][0][0] == 'Batch 0 - Select 0' # each row contains a list of values. + - result_batches.query_results | length == 2 # two batch results + - result_batches.query_results[0] | length == 2 # two selects in first batch + - result_batches.query_results[0][0] | length == 1 # one row in first select + - result_batches.query_results[0][0][0] | length == 1 # one column in first row + - result_batches.query_results[0][0][0][0] == 'Batch 0 - Select 0' # each row contains a list of values. - name: two batches with dict output community.general.mssql_script: @@ -161,68 +158,68 @@ EXAMPLES = r''' register: result_batches_dict - assert: that: - - result_batches_dict.query_results_dict | length == 2 # two batch results - - result_batches_dict.query_results_dict[0] | length == 2 # two selects in first batch - - result_batches_dict.query_results_dict[0][0] | length == 1 # one row in first select - - result_batches_dict.query_results_dict[0][0][0]['b0s0'] == 'Batch 0 - Select 0' # column 'b0s0' of first row -''' + - result_batches_dict.query_results_dict | length == 2 # two batch results + - result_batches_dict.query_results_dict[0] | length == 2 # two selects in first batch + - result_batches_dict.query_results_dict[0][0] | length == 1 # one row in first select + - result_batches_dict.query_results_dict[0][0][0]['b0s0'] == 'Batch 0 - Select 0' # column 'b0s0' of first row +""" -RETURN = r''' +RETURN = r""" query_results: - description: List of batches (queries separated by V(GO) keyword). - type: list - elements: list - returned: success and O(output=default) - sample: [[[["Batch 0 - Select 0"]], [["Batch 0 - Select 1"]]], [[["Batch 1 - Select 0"]]]] - contains: - queries: - description: - - List of result sets of each query. - - If a query returns no results, the results of this and all the following queries will not be included in the output. - - Use the V(GO) keyword in O(script) to separate queries. - type: list - elements: list - contains: - rows: - description: List of rows returned by query. - type: list - elements: list - contains: - column_value: - description: - - List of column values. - - Any non-standard JSON type is converted to string. - type: list - example: ["Batch 0 - Select 0"] - returned: success, if output is default + description: List of batches (queries separated by V(GO) keyword). + type: list + elements: list + returned: success and O(output=default) + sample: [[[["Batch 0 - Select 0"]], [["Batch 0 - Select 1"]]], [[["Batch 1 - Select 0"]]]] + contains: + queries: + description: + - List of result sets of each query. + - If a query returns no results, the results of this and all the following queries will not be included in the output. + - Use the V(GO) keyword in O(script) to separate queries. + type: list + elements: list + contains: + rows: + description: List of rows returned by query. + type: list + elements: list + contains: + column_value: + description: + - List of column values. + - Any non-standard JSON type is converted to string. + type: list + example: ["Batch 0 - Select 0"] + returned: success, if output is default query_results_dict: - description: List of batches (queries separated by V(GO) keyword). - type: list - elements: list - returned: success and O(output=dict) - sample: [[[["Batch 0 - Select 0"]], [["Batch 0 - Select 1"]]], [[["Batch 1 - Select 0"]]]] - contains: - queries: - description: - - List of result sets of each query. - - If a query returns no results, the results of this and all the following queries will not be included in the output. - Use 'GO' keyword to separate queries. - type: list - elements: list - contains: - rows: - description: List of rows returned by query. - type: list - elements: list - contains: - column_dict: - description: - - Dictionary of column names and values. - - Any non-standard JSON type is converted to string. - type: dict - example: {"col_name": "Batch 0 - Select 0"} - returned: success, if output is dict -''' + description: List of batches (queries separated by V(GO) keyword). + type: list + elements: list + returned: success and O(output=dict) + sample: [[[["Batch 0 - Select 0"]], [["Batch 0 - Select 1"]]], [[["Batch 1 - Select 0"]]]] + contains: + queries: + description: + - List of result sets of each query. + - If a query returns no results, the results of this and all the following queries will not be included in the output. + Use V(GO) keyword to separate queries. + type: list + elements: list + contains: + rows: + description: List of rows returned by query. + type: list + elements: list + contains: + column_dict: + description: + - Dictionary of column names and values. + - Any non-standard JSON type is converted to string. + type: dict + example: {"col_name": "Batch 0 - Select 0"} + returned: success, if output is dict +""" from ansible.module_utils.basic import AnsibleModule, missing_required_lib import traceback diff --git a/plugins/modules/nagios.py b/plugins/modules/nagios.py index 783aa88e24..3c12b85c0b 100644 --- a/plugins/modules/nagios.py +++ b/plugins/modules/nagios.py @@ -14,20 +14,19 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: nagios short_description: Perform common tasks in Nagios related to downtime and notifications description: - - "The C(nagios) module has two basic functions: scheduling downtime and toggling alerts for services or hosts." + - 'The C(nagios) module has two basic functions: scheduling downtime and toggling alerts for services or hosts.' - The C(nagios) module is not idempotent. - - All actions require the O(host) parameter to be given explicitly. In playbooks you can use the C({{inventory_hostname}}) variable to refer - to the host the playbook is currently running on. - - You can specify multiple services at once by separating them with commas, .e.g. O(services=httpd,nfs,puppet). - - When specifying what service to handle there is a special service value, O(host), which will handle alerts/downtime/acknowledge for the I(host itself), - for example O(services=host). This keyword may not be given with other services at the same time. - B(Setting alerts/downtime/acknowledge for a host does not affect alerts/downtime/acknowledge for any of the services running on it.) - To schedule downtime for all services on particular host use keyword "all", for example O(services=all). + - All actions require the O(host) parameter to be given explicitly. In playbooks you can use the C({{inventory_hostname}}) + variable to refer to the host the playbook is currently running on. + - You can specify multiple services at once by separating them with commas, for example O(services=httpd,nfs,puppet). + - When specifying what service to handle there is a special service value, O(host), which will handle alerts/downtime/acknowledge + for the I(host itself), for example O(services=host). This keyword may not be given with other services at the same time. + B(Setting alerts/downtime/acknowledge for a host does not affect alerts/downtime/acknowledge for any of the services running + on it.) To schedule downtime for all services on particular host use keyword "all", for example O(services=all). extends_documentation_fragment: - community.general.attributes attributes: @@ -39,13 +38,10 @@ options: action: description: - Action to take. - - servicegroup options were added in 2.0. - - delete_downtime options were added in 2.2. - The V(acknowledge) and V(forced_check) actions were added in community.general 1.2.0. required: true - choices: [ "downtime", "delete_downtime", "enable_alerts", "disable_alerts", "silence", "unsilence", - "silence_nagios", "unsilence_nagios", "command", "servicegroup_service_downtime", - "servicegroup_host_downtime", "acknowledge", "forced_check" ] + choices: ["downtime", "delete_downtime", "enable_alerts", "disable_alerts", "silence", "unsilence", "silence_nagios", + "unsilence_nagios", "command", "servicegroup_service_downtime", "servicegroup_host_downtime", "acknowledge", "forced_check"] type: str host: description: @@ -53,18 +49,16 @@ options: type: str cmdfile: description: - - Path to the nagios I(command file) (FIFO pipe). - Only required if auto-detection fails. + - Path to the nagios I(command file) (FIFO pipe). Only required if auto-detection fails. type: str author: description: - - Author to leave downtime comments as. - Only used when O(action) is V(downtime) or V(acknowledge). + - Author to leave downtime comments as. Only used when O(action) is V(downtime) or V(acknowledge). type: str default: Ansible comment: description: - - Comment when O(action) is V(downtime) or V(acknowledge). + - Comment when O(action) is V(downtime) or V(acknowledge). type: str default: Scheduling downtime start: @@ -81,8 +75,8 @@ options: services: description: - What to manage downtime/alerts for. Separate multiple services with commas. - - "B(Required) option when O(action) is one of: V(downtime), V(acknowledge), V(forced_check), V(enable_alerts), V(disable_alerts)." - aliases: [ "service" ] + - 'B(Required) option when O(action) is one of: V(downtime), V(acknowledge), V(forced_check), V(enable_alerts), V(disable_alerts).' + aliases: ["service"] type: str servicegroup: description: @@ -96,9 +90,9 @@ options: type: str author: "Tim Bielawa (@tbielawa)" -''' +""" -EXAMPLES = ''' +EXAMPLES = r""" - name: Set 30 minutes of apache downtime community.general.nagios: action: downtime @@ -247,7 +241,7 @@ EXAMPLES = ''' community.general.nagios: action: command command: DISABLE_FAILURE_PREDICTION -''' +""" import time import os.path diff --git a/plugins/modules/netcup_dns.py b/plugins/modules/netcup_dns.py index cba70c0fa3..900eb01e0d 100644 --- a/plugins/modules/netcup_dns.py +++ b/plugins/modules/netcup_dns.py @@ -9,13 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: netcup_dns notes: [] short_description: Manage Netcup DNS records description: - - "Manages DNS records via the Netcup API, see the docs U(https://ccp.netcup.net/run/webservice/servers/endpoint.php)." + - Manages DNS records using the Netcup API, see the docs U(https://ccp.netcup.net/run/webservice/servers/endpoint.php). extends_documentation_fragment: - community.general.attributes attributes: @@ -26,17 +25,17 @@ attributes: options: api_key: description: - - "API key for authentication, must be obtained via the netcup CCP (U(https://ccp.netcup.net))." + - API key for authentication, must be obtained using the netcup CCP (U(https://ccp.netcup.net)). required: true type: str api_password: description: - - "API password for authentication, must be obtained via the netcup CCP (U(https://ccp.netcup.net))." + - API password for authentication, must be obtained using the netcup CCP (U(https://ccp.netcup.net)). required: true type: str customer_id: description: - - Netcup customer id. + - Netcup customer ID. required: true type: int domain: @@ -48,7 +47,7 @@ options: description: - Record to add or delete, supports wildcard (V(*)). Default is V(@) (that is, the zone name). default: "@" - aliases: [ name ] + aliases: [name] type: str type: description: @@ -80,7 +79,7 @@ options: - Whether the record should exist or not. required: false default: present - choices: [ 'present', 'absent' ] + choices: ['present', 'absent'] type: str timeout: description: @@ -91,10 +90,9 @@ options: requirements: - "nc-dnsapi >= 0.1.3" author: "Nicolai Buchwitz (@nbuchwitz)" +""" -''' - -EXAMPLES = ''' +EXAMPLES = r""" - name: Create a record of type A community.general.netcup_dns: api_key: "..." @@ -156,41 +154,41 @@ EXAMPLES = ''' type: "A" value: "127.0.0.1" timeout: 30 +""" -''' - -RETURN = ''' +RETURN = r""" records: - description: list containing all records - returned: success - type: complex - contains: - name: - description: the record name - returned: success - type: str - sample: fancy-hostname - type: - description: the record type - returned: success - type: str - sample: A - value: - description: the record destination - returned: success - type: str - sample: 127.0.0.1 - priority: - description: the record priority (only relevant if type=MX) - returned: success - type: int - sample: 0 - id: - description: internal id of the record - returned: success - type: int - sample: 12345 -''' + description: List containing all records. + returned: success + type: list + elements: dict + contains: + name: + description: The record name. + returned: success + type: str + sample: fancy-hostname + type: + description: The record type. + returned: success + type: str + sample: A + value: + description: The record destination. + returned: success + type: str + sample: 127.0.0.1 + priority: + description: The record priority (only relevant if RV(records[].type=MX)). + returned: success + type: int + sample: 0 + id: + description: Internal ID of the record. + returned: success + type: int + sample: 12345 +""" import traceback diff --git a/plugins/modules/newrelic_deployment.py b/plugins/modules/newrelic_deployment.py index e5a1160822..b9ce8af586 100644 --- a/plugins/modules/newrelic_deployment.py +++ b/plugins/modules/newrelic_deployment.py @@ -9,13 +9,12 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' ---- +DOCUMENTATION = r""" module: newrelic_deployment author: "Matt Coddington (@mcodd)" short_description: Notify New Relic about app deployments description: - - Notify New Relic about app deployments (see https://docs.newrelic.com/docs/apm/new-relic-apm/maintenance/record-monitor-deployments/) + - Notify New Relic about app deployments (see U(https://docs.newrelic.com/docs/apm/new-relic-apm/maintenance/record-monitor-deployments/)). extends_documentation_fragment: - community.general.attributes attributes: @@ -44,49 +43,49 @@ options: changelog: type: str description: - - A list of changes for this deployment + - A list of changes for this deployment. required: false description: type: str description: - - Text annotation for the deployment - notes for you + - Text annotation for the deployment - notes for you. required: false revision: type: str description: - - A revision number (e.g., git commit SHA) + - A revision number (for example, git commit SHA). required: true user: type: str description: - - The name of the user/process that triggered this deployment + - The name of the user/process that triggered this deployment. required: false validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. required: false default: true type: bool app_name_exact_match: type: bool description: - - If this flag is set to V(true) then the application ID lookup by name would only work for an exact match. - If set to V(false) it returns the first result. + - If this flag is set to V(true) then the application ID lookup by name would only work for an exact match. If set to + V(false) it returns the first result. required: false default: false version_added: 7.5.0 requirements: [] -''' +""" -EXAMPLES = ''' -- name: Notify New Relic about an app deployment +EXAMPLES = r""" +- name: Notify New Relic about an app deployment community.general.newrelic_deployment: token: AAAAAA app_name: myapp user: ansible deployment revision: '1.0' -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.urls import fetch_url diff --git a/plugins/modules/nexmo.py b/plugins/modules/nexmo.py index 39f127f98c..ef6502532d 100644 --- a/plugins/modules/nexmo.py +++ b/plugins/modules/nexmo.py @@ -9,11 +9,11 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = ''' +DOCUMENTATION = r""" module: nexmo -short_description: Send a SMS via nexmo +short_description: Send a SMS using nexmo description: - - Send a SMS message via nexmo + - Send a SMS message using nexmo. author: "Matt Martz (@sivel)" attributes: check_mode: @@ -24,42 +24,41 @@ options: api_key: type: str description: - - Nexmo API Key + - Nexmo API Key. required: true api_secret: type: str description: - - Nexmo API Secret + - Nexmo API Secret. required: true src: type: int description: - - Nexmo Number to send from + - Nexmo Number to send from. required: true dest: type: list elements: int description: - - Phone number(s) to send SMS message to + - Phone number(s) to send SMS message to. required: true msg: type: str description: - - Message to text to send. Messages longer than 160 characters will be - split into multiple messages + - Message to text to send. Messages longer than 160 characters will be split into multiple messages. required: true validate_certs: description: - - If V(false), SSL certificates will not be validated. This should only be used - on personally controlled sites using self-signed certificates. + - If V(false), SSL certificates will not be validated. This should only be used on personally controlled sites using + self-signed certificates. type: bool default: true extends_documentation_fragment: - ansible.builtin.url - community.general.attributes -''' +""" -EXAMPLES = """ +EXAMPLES = r""" - name: Send notification message via Nexmo community.general.nexmo: api_key: 640c8a53 diff --git a/plugins/modules/nginx_status_info.py b/plugins/modules/nginx_status_info.py index 6bbea078b0..7f9865878c 100644 --- a/plugins/modules/nginx_status_info.py +++ b/plugins/modules/nginx_status_info.py @@ -9,8 +9,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: nginx_status_info short_description: Retrieve information on nginx status description: @@ -34,9 +33,9 @@ options: notes: - See U(http://nginx.org/en/docs/http/ngx_http_stub_status_module.html) for more information. -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" # Gather status info from nginx on localhost - name: Get current http stats community.general.nginx_status_info: @@ -49,10 +48,9 @@ EXAMPLES = r''' url: http://localhost/nginx_status timeout: 20 register: result -''' +""" -RETURN = r''' ---- +RETURN = r""" active_connections: description: Active connections. returned: success @@ -64,7 +62,8 @@ accepts: type: int sample: 81769947 handled: - description: The total number of handled connections. Generally, the parameter value is the same as accepts unless some resource limits have been reached. + description: The total number of handled connections. Generally, the parameter value is the same as accepts unless some + resource limits have been reached. returned: success type: int sample: 81769947 @@ -93,7 +92,7 @@ data: returned: success type: str sample: "Active connections: 2340 \nserver accepts handled requests\n 81769947 81769947 144332345 \nReading: 0 Writing: 241 Waiting: 2092 \n" -''' +""" import re from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/nictagadm.py b/plugins/modules/nictagadm.py index 5b81861e8f..a02a8fcffd 100644 --- a/plugins/modules/nictagadm.py +++ b/plugins/modules/nictagadm.py @@ -8,8 +8,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: nictagadm short_description: Manage nic tags on SmartOS systems description: @@ -26,39 +25,39 @@ attributes: options: name: description: - - Name of the nic tag. + - Name of the nic tag. required: true type: str mac: description: - - Specifies the O(mac) address to attach the nic tag to when not creating an O(etherstub). - - Parameters O(mac) and O(etherstub) are mutually exclusive. + - Specifies the O(mac) address to attach the nic tag to when not creating an O(etherstub). + - Parameters O(mac) and O(etherstub) are mutually exclusive. type: str etherstub: description: - - Specifies that the nic tag will be attached to a created O(etherstub). - - Parameter O(etherstub) is mutually exclusive with both O(mtu), and O(mac). + - Specifies that the nic tag will be attached to a created O(etherstub). + - Parameter O(etherstub) is mutually exclusive with both O(mtu), and O(mac). type: bool default: false mtu: description: - - Specifies the size of the O(mtu) of the desired nic tag. - - Parameters O(mtu) and O(etherstub) are mutually exclusive. + - Specifies the size of the O(mtu) of the desired nic tag. + - Parameters O(mtu) and O(etherstub) are mutually exclusive. type: int force: description: - - When O(state=absent) this switch will use the C(-f) parameter and delete the nic tag regardless of existing VMs. + - When O(state=absent) this switch will use the C(-f) parameter and delete the nic tag regardless of existing VMs. type: bool default: false state: description: - - Create or delete a SmartOS nic tag. + - Create or delete a SmartOS nic tag. type: str - choices: [ absent, present ] + choices: [absent, present] default: present -''' +""" -EXAMPLES = r''' +EXAMPLES = r""" - name: Create 'storage0' on '00:1b:21:a3:f5:4d' community.general.nictagadm: name: storage0 @@ -70,11 +69,11 @@ EXAMPLES = r''' community.general.nictagadm: name: storage0 state: absent -''' +""" -RETURN = r''' +RETURN = r""" name: - description: nic tag name + description: Nic tag name. returned: always type: str sample: storage0 @@ -84,26 +83,26 @@ mac: type: str sample: 00:1b:21:a3:f5:4d etherstub: - description: specifies if the nic tag will create and attach to an etherstub. + description: Specifies if the nic tag will create and attach to an etherstub. returned: always type: bool sample: false mtu: - description: specifies which MTU size was passed during the nictagadm add command. mtu and etherstub are mutually exclusive. + description: Specifies which MTU size was passed during the nictagadm add command. mtu and etherstub are mutually exclusive. returned: always type: int sample: 1500 force: - description: Shows if -f was used during the deletion of a nic tag + description: Shows if -f was used during the deletion of a nic tag. returned: always type: bool sample: false state: - description: state of the target + description: State of the target. returned: always type: str sample: present -''' +""" from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.common.network import is_mac diff --git a/plugins/modules/nmcli.py b/plugins/modules/nmcli.py index 4ca4198e35..0daf667160 100644 --- a/plugins/modules/nmcli.py +++ b/plugins/modules/nmcli.py @@ -9,1045 +9,1100 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type -DOCUMENTATION = r''' ---- +DOCUMENTATION = r""" module: nmcli author: - - Chris Long (@alcamie101) + - Chris Long (@alcamie101) short_description: Manage Networking requirements: - - nmcli + - nmcli extends_documentation_fragment: - - community.general.attributes + - community.general.attributes description: - - 'Manage the network devices. Create, modify and manage various connection and device type e.g., ethernet, teams, bonds, vlans etc.' - - 'On CentOS 8 and Fedora >=29 like systems, the requirements can be met by installing the following packages: NetworkManager.' - - 'On CentOS 7 and Fedora <=28 like systems, the requirements can be met by installing the following packages: NetworkManager-tui.' - - 'On Ubuntu and Debian like systems, the requirements can be met by installing the following packages: network-manager' - - 'On openSUSE, the requirements can be met by installing the following packages: NetworkManager.' + - Manage the network devices. Create, modify and manage various connection and device type, for example V(ethernet), V(team), + V(bond), V(vlan) and so on. + - 'On CentOS 8 and Fedora >=29 like systems, the requirements can be met by installing the following packages: NetworkManager.' + - 'On CentOS 7 and Fedora <=28 like systems, the requirements can be met by installing the following packages: NetworkManager-tui.' + - 'On Ubuntu and Debian like systems, the requirements can be met by installing the following packages: network-manager.' + - 'On openSUSE, the requirements can be met by installing the following packages: NetworkManager.' attributes: - check_mode: - support: full - diff_mode: - support: full + check_mode: + support: full + diff_mode: + support: full options: - state: + state: + description: + - Whether the device should exist or not, taking action if the state is different from what is stated. + - Using O(state=present) to create connection will automatically bring connection up. + - Using O(state=up) and O(state=down) will not modify connection with other parameters. These states have been added + in community.general 9.5.0. + type: str + required: true + choices: [absent, present, up, down] + autoconnect: + description: + - Whether the connection should start on boot. + - Whether the connection profile can be automatically activated. + type: bool + default: true + conn_name: + description: + - The name used to call the connection. Pattern is V([-][-]). + type: str + required: true + conn_reload: + description: + - Whether the connection should be reloaded if it was modified. + type: bool + required: false + default: false + version_added: 9.5.0 + ifname: + description: + - The interface to bind the connection to. + - The connection will only be applicable to this interface name. + - A special value of V(*) can be used for interface-independent connections. + - The ifname argument is mandatory for all connection types except bond, team, bridge, vlan and vpn. + - This parameter defaults to O(conn_name) when left unset for all connection types except vpn that removes it. + type: str + type: + description: + - This is the type of device or network connection that you wish to create or modify. + - Type V(dummy) is added in community.general 3.5.0. + - Type V(gsm) is added in community.general 3.7.0. + - Type V(infiniband) is added in community.general 2.0.0. + - Type V(loopback) is added in community.general 8.1.0. + - Type V(macvlan) is added in community.general 6.6.0. + - Type V(ovs-bridge) is added in community.general 8.6.0. + - Type V(ovs-interface) is added in community.general 8.6.0. + - Type V(ovs-port) is added in community.general 8.6.0. + - Type V(wireguard) is added in community.general 4.3.0. + - Type V(vpn) is added in community.general 5.1.0. + - Using V(bond-slave), V(bridge-slave), or V(team-slave) implies V(ethernet) connection type with corresponding O(slave_type) + option. + - If you want to control non-ethernet connection attached to V(bond), V(bridge), or V(team) consider using O(slave_type) + option. + type: str + choices: [bond, bond-slave, bridge, bridge-slave, dummy, ethernet, generic, gre, infiniband, ipip, macvlan, sit, team, + team-slave, vlan, vxlan, wifi, gsm, wireguard, ovs-bridge, ovs-port, ovs-interface, vpn, loopback] + mode: + description: + - This is the type of device or network connection that you wish to create for a bond or bridge. + type: str + choices: [802.3ad, active-backup, balance-alb, balance-rr, balance-tlb, balance-xor, broadcast] + default: balance-rr + transport_mode: + description: + - This option sets the connection type of Infiniband IPoIB devices. + type: str + choices: [datagram, connected] + version_added: 5.8.0 + slave_type: + description: + - Type of the device of this slave's master connection (for example V(bond)). + - Type V(ovs-port) is added in community.general 8.6.0. + type: str + choices: ['bond', 'bridge', 'team', 'ovs-port'] + version_added: 7.0.0 + master: + description: + - Master [-][-]. + - The Type Of Service. + type: int + route_metric4: + description: + - Set metric level of ipv4 routes configured on interface. + type: int + version_added: 2.0.0 + routing_rules4: + description: + - Is the same as in an C(ip rule add) command, except always requires specifying a priority. + type: list + elements: str + version_added: 3.3.0 + never_default4: + description: + - Set as default route. + - This parameter is mutually_exclusive with gw4 parameter. + type: bool + default: false + version_added: 2.0.0 + dns4: + description: + - A list of up to 3 DNS servers. + - The entries must be IPv4 addresses, for example V(192.0.2.53). + elements: str + type: list + dns4_search: + description: + - A list of DNS search domains. + elements: str + type: list + dns4_options: + description: + - A list of DNS options. + elements: str + type: list + version_added: 7.2.0 + dns4_ignore_auto: + description: + - Ignore automatically configured IPv4 name servers. + type: bool + default: false + version_added: 3.2.0 + method4: + description: + - Configuration method to be used for IPv4. + - If O(ip4) is set, C(ipv4.method) is automatically set to V(manual) and this parameter is not needed. + type: str + choices: [auto, link-local, manual, shared, disabled] + version_added: 2.2.0 + may_fail4: + description: + - If you need O(ip4) configured before C(network-online.target) is reached, set this option to V(false). + - This option applies when O(method4) is not V(disabled). + type: bool + default: true + version_added: 3.3.0 + ip6: + description: + - List of IPv6 addresses to this interface. + - Use the format V(abbe::cafe/128) or V(abbe::cafe). + - If defined and O(method6) is not specified, automatically set C(ipv6.method) to V(manual). + type: list + elements: str + gw6: + description: + - The IPv6 gateway for this interface. + - Use the format V(2001:db8::1). + type: str + gw6_ignore_auto: + description: + - Ignore automatically configured IPv6 routes. + type: bool + default: false + version_added: 3.2.0 + routes6: + description: + - The list of IPv6 routes. + - Use the format V(fd12:3456:789a:1::/64 2001:dead:beef::1). + - To specify more complex routes, use the O(routes6_extended) option. + type: list + elements: str + version_added: 4.4.0 + routes6_extended: + description: + - The list of IPv6 routes but with parameters. + type: list + elements: dict + suboptions: + ip: + description: + - IP or prefix of route. + - Use the format V(fd12:3456:789a:1::/64). type: str required: true - ifname: + next_hop: description: - - The interface to bind the connection to. - - The connection will only be applicable to this interface name. - - A special value of V('*') can be used for interface-independent connections. - - The ifname argument is mandatory for all connection types except bond, team, bridge, vlan and vpn. - - This parameter defaults to O(conn_name) when left unset for all connection types except vpn that removes it. + - Use the format V(2001:dead:beef::1). type: str - type: + metric: description: - - This is the type of device or network connection that you wish to create or modify. - - Type V(dummy) is added in community.general 3.5.0. - - Type V(gsm) is added in community.general 3.7.0. - - Type V(infiniband) is added in community.general 2.0.0. - - Type V(loopback) is added in community.general 8.1.0. - - Type V(macvlan) is added in community.general 6.6.0. - - Type V(wireguard) is added in community.general 4.3.0. - - Type V(vpn) is added in community.general 5.1.0. - - Using V(bond-slave), V(bridge-slave), or V(team-slave) implies V(ethernet) connection type with corresponding O(slave_type) option. - - If you want to control non-ethernet connection attached to V(bond), V(bridge), or V(team) consider using O(slave_type) option. + - Route metric. + type: int + table: + description: + - The table to add this route to. + - The default depends on C(ipv6.route-table). + type: int + cwnd: + description: + - The clamp for congestion window. + type: int + mtu: + description: + - If non-zero, only transmit packets of the specified size or smaller. + type: int + onlink: + description: + - Pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. + type: bool + route_metric6: + description: + - Set metric level of IPv6 routes configured on interface. + type: int + version_added: 4.4.0 + dns6: + description: + - A list of up to 3 DNS servers. + - The entries must be IPv6 addresses, for example V(2001:4860:4860::8888). + elements: str + type: list + dns6_search: + description: + - A list of DNS search domains. + elements: str + type: list + dns6_options: + description: + - A list of DNS options. + elements: str + type: list + version_added: 7.2.0 + dns6_ignore_auto: + description: + - Ignore automatically configured IPv6 name servers. + type: bool + default: false + version_added: 3.2.0 + method6: + description: + - Configuration method to be used for IPv6. + - If O(ip6) is set, C(ipv6.method) is automatically set to V(manual) and this parameter is not needed. + - V(disabled) was added in community.general 3.3.0. + type: str + choices: [ignore, auto, dhcp, link-local, manual, shared, disabled] + version_added: 2.2.0 + ip_privacy6: + description: + - If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one. + type: str + choices: [disabled, prefer-public-addr, prefer-temp-addr, unknown] + version_added: 4.2.0 + addr_gen_mode6: + description: + - Configure method for creating the address for use with IPv6 Stateless Address Autoconfiguration. + - V(default) and V(default-or-eui64) have been added in community.general 6.5.0. + type: str + choices: [default, default-or-eui64, eui64, stable-privacy] + version_added: 4.2.0 + mtu: + description: + - The connection MTU, for example V(9000). This can not be applied when creating the interface and is done once the + interface has been created. + - Can be used when modifying Team, VLAN, Ethernet (Future plans to implement wifi, gsm, pppoe, infiniband). + - This parameter defaults to V(1500) when unset. + type: int + dhcp_client_id: + description: + - DHCP Client Identifier sent to the DHCP server. + type: str + primary: + description: + - This is only used with bond and is the primary interface name (for "active-backup" mode), this is the usually the + 'ifname'. + type: str + miimon: + description: + - This is only used with bond - miimon. + - This parameter defaults to V(100) when unset. + type: int + downdelay: + description: + - This is only used with bond - downdelay. + type: int + updelay: + description: + - This is only used with bond - updelay. + type: int + xmit_hash_policy: + description: + - This is only used with bond - xmit_hash_policy type. + type: str + version_added: 5.6.0 + arp_interval: + description: + - This is only used with bond - ARP interval. + type: int + arp_ip_target: + description: + - This is only used with bond - ARP IP target. + type: str + stp: + description: + - This is only used with bridge and controls whether Spanning Tree Protocol (STP) is enabled for this bridge. + type: bool + default: true + priority: + description: + - This is only used with 'bridge' - sets STP priority. + type: int + default: 128 + forwarddelay: + description: + - This is only used with bridge - [forward-delay <2-30>] STP forwarding delay, in seconds. + type: int + default: 15 + hellotime: + description: + - This is only used with bridge - [hello-time <1-10>] STP hello time, in seconds. + type: int + default: 2 + maxage: + description: + - This is only used with bridge - [max-age <6-42>] STP maximum message age, in seconds. + type: int + default: 20 + ageingtime: + description: + - This is only used with bridge - [ageing-time <0-1000000>] the Ethernet MAC address aging time, in seconds. + type: int + default: 300 + mac: + description: + - MAC address of the connection. + - Note this requires a recent kernel feature, originally introduced in 3.15 upstream kernel. + type: str + slavepriority: + description: + - This is only used with 'bridge-slave' - [<0-63>] - STP priority of this slave. + type: int + default: 32 + path_cost: + description: + - This is only used with 'bridge-slave' - [<1-65535>] - STP port cost for destinations using this slave. + type: int + default: 100 + hairpin: + description: + - This is only used with 'bridge-slave' - 'hairpin mode' for the slave, which allows frames to be sent back out through + the slave the frame was received on. + - The default change to V(false) in community.general 7.0.0. It used to be V(true) before. + type: bool + default: false + runner: + description: + - This is the type of device or network connection that you wish to create for a team. + type: str + choices: [broadcast, roundrobin, activebackup, loadbalance, lacp] + default: roundrobin + version_added: 3.4.0 + runner_hwaddr_policy: + description: + - This defines the policy of how hardware addresses of team device and port devices should be set during the team lifetime. + type: str + choices: [same_all, by_active, only_active] + version_added: 3.4.0 + runner_fast_rate: + description: + - Option specifies the rate at which our link partner is asked to transmit LACPDU packets. If this is V(true) then packets + will be sent once per second. Otherwise they will be sent every 30 seconds. + - Only allowed for O(runner=lacp). + type: bool + version_added: 6.5.0 + vlanid: + description: + - This is only used with VLAN - VLAN ID in range <0-4095>. + type: int + vlandev: + description: + - This is only used with VLAN - parent device this VLAN is on, can use ifname. + type: str + flags: + description: + - This is only used with VLAN - flags. + type: str + ingress: + description: + - This is only used with VLAN - VLAN ingress priority mapping. + type: str + egress: + description: + - This is only used with VLAN - VLAN egress priority mapping. + type: str + vxlan_id: + description: + - This is only used with VXLAN - VXLAN ID. + type: int + vxlan_remote: + description: + - This is only used with VXLAN - VXLAN destination IP address. + type: str + vxlan_local: + description: + - This is only used with VXLAN - VXLAN local IP address. + type: str + ip_tunnel_dev: + description: + - This is used with GRE/IPIP/SIT - parent device this GRE/IPIP/SIT tunnel, can use ifname. + type: str + ip_tunnel_remote: + description: + - This is used with GRE/IPIP/SIT - GRE/IPIP/SIT destination IP address. + type: str + ip_tunnel_local: + description: + - This is used with GRE/IPIP/SIT - GRE/IPIP/SIT local IP address. + type: str + ip_tunnel_input_key: + description: + - The key used for tunnel input packets. + - Only used when O(type=gre). + type: str + version_added: 3.6.0 + ip_tunnel_output_key: + description: + - The key used for tunnel output packets. + - Only used when O(type=gre). + type: str + version_added: 3.6.0 + zone: + description: + - The trust level of the connection. + - When updating this property on a currently activated connection, the change takes effect immediately. + type: str + version_added: 2.0.0 + wifi_sec: + description: + - The security configuration of the WiFi connection. + - Note the list of suboption attributes may vary depending on which version of NetworkManager/nmcli is installed on + the host. + - 'An up-to-date list of supported attributes can be found here: U(https://networkmanager.dev/docs/api/latest/settings-802-11-wireless-security.html).' + - 'For instance to use common WPA-PSK auth with a password: V({key-mgmt: wpa-psk, psk: my_password}).' + type: dict + suboptions: + auth-alg: + description: + - When WEP is used (that is, if O(wifi_sec.key-mgmt) is V(none) or V(ieee8021x)) indicate the 802.11 authentication + algorithm required by the AP here. + - One of V(open) for Open System, V(shared) for Shared Key, or V(leap) for Cisco LEAP. + - When using Cisco LEAP (that is, if O(wifi_sec.key-mgmt=ieee8021x) and O(wifi_sec.auth-alg=leap)) the O(wifi_sec.leap-username) + and O(wifi_sec.leap-password) properties must be specified. type: str - choices: [ bond, bond-slave, bridge, bridge-slave, dummy, ethernet, generic, gre, infiniband, ipip, macvlan, sit, team, team-slave, vlan, vxlan, - wifi, gsm, wireguard, vpn, loopback ] - mode: + choices: [open, shared, leap] + fils: description: - - This is the type of device or network connection that you wish to create for a bond or bridge. - type: str - choices: [ 802.3ad, active-backup, balance-alb, balance-rr, balance-tlb, balance-xor, broadcast ] - default: balance-rr - transport_mode: + - Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for the connection. + - One of V(0) (use global default value), V(1) (disable FILS), V(2) (enable FILS if the supplicant and the access + point support it) or V(3) (enable FILS and fail if not supported). + - When set to V(0) and no global default is set, FILS will be optionally enabled. + type: int + choices: [0, 1, 2, 3] + default: 0 + group: description: - - This option sets the connection type of Infiniband IPoIB devices. - type: str - choices: [ datagram, connected ] - version_added: 5.8.0 - slave_type: - description: - - Type of the device of this slave's master connection (for example V(bond)). - type: str - choices: [ 'bond', 'bridge', 'team' ] - version_added: 7.0.0 - master: - description: - - Master