mirror of
https://github.com/ansible-collections/ansible.posix.git
synced 2026-01-13 08:05:19 +01:00
Compare commits
3 commits
afa724ba8a
...
e0076ebc37
| Author | SHA1 | Date | |
|---|---|---|---|
|
e0076ebc37 | ||
|
|
3abd029b9f | ||
|
|
3d2681aea6 |
43 changed files with 93 additions and 489 deletions
|
|
@ -57,21 +57,6 @@ stages:
|
|||
test: units
|
||||
- name: Lint
|
||||
test: lint
|
||||
- stage: Sanity_2_18
|
||||
displayName: Ansible 2.18 sanity
|
||||
dependsOn: []
|
||||
jobs:
|
||||
- template: templates/matrix.yml
|
||||
parameters:
|
||||
nameFormat: "{0}"
|
||||
testFormat: 2.18/{0}
|
||||
targets:
|
||||
- name: Sanity
|
||||
test: sanity
|
||||
- name: Units
|
||||
test: units
|
||||
- name: Lint
|
||||
test: lint
|
||||
- stage: Sanity_2_17
|
||||
displayName: Ansible 2.17 sanity
|
||||
dependsOn: []
|
||||
|
|
@ -128,20 +113,6 @@ stages:
|
|||
test: ubuntu2204
|
||||
- name: Ubuntu 24.04
|
||||
test: ubuntu2404
|
||||
- stage: Docker_2_18
|
||||
displayName: Docker devel
|
||||
dependsOn: []
|
||||
jobs:
|
||||
- template: templates/matrix.yml
|
||||
parameters:
|
||||
testFormat: 2.18/linux/{0}/1
|
||||
targets:
|
||||
- name: Fedora 40
|
||||
test: fedora40
|
||||
- name: Ubuntu 22.04
|
||||
test: ubuntu2204
|
||||
- name: Ubuntu 24.04
|
||||
test: ubuntu2404
|
||||
- stage: Docker_2_17
|
||||
displayName: Docker 2.17
|
||||
dependsOn: []
|
||||
|
|
@ -205,18 +176,6 @@ stages:
|
|||
test: rhel/9.4
|
||||
- name: FreeBSD 13.3
|
||||
test: freebsd/13.3
|
||||
- stage: Remote_2_18
|
||||
displayName: Remote devel
|
||||
dependsOn: []
|
||||
jobs:
|
||||
- template: templates/matrix.yml
|
||||
parameters:
|
||||
testFormat: 2.18/{0}/1
|
||||
targets:
|
||||
- name: RHEL 9.4
|
||||
test: rhel/9.4
|
||||
- name: FreeBSD 13.3
|
||||
test: freebsd/13.3
|
||||
- stage: Remote_2_17
|
||||
displayName: Remote 2.17
|
||||
dependsOn: []
|
||||
|
|
@ -275,11 +234,8 @@ stages:
|
|||
- Sanity_2_17
|
||||
- Remote_2_17
|
||||
- Docker_2_17
|
||||
- Sanity_2_18
|
||||
- Remote_2_18
|
||||
- Docker_2_18
|
||||
- Sanity_devel
|
||||
# - Remote_devel # Wait for test environment release
|
||||
# - Docker_devel # Wait for test environment release
|
||||
- Remote_devel
|
||||
- Docker_devel
|
||||
jobs:
|
||||
- template: templates/coverage.yml
|
||||
|
|
|
|||
|
|
@ -5,48 +5,6 @@ ansible.posix Release Notes
|
|||
.. contents:: Topics
|
||||
|
||||
|
||||
v1.6.0
|
||||
======
|
||||
|
||||
Release Summary
|
||||
---------------
|
||||
|
||||
This is the minor release of the ``ansible.posix`` collection.
|
||||
This changelog contains all changes to the modules and plugins
|
||||
in this collection that have been added after the release of
|
||||
``ansible.posix`` 1.5.4.
|
||||
|
||||
Major Changes
|
||||
-------------
|
||||
|
||||
- Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required version for this release
|
||||
|
||||
Minor Changes
|
||||
-------------
|
||||
|
||||
- Add summary_only parameter to profile_roles and profile_tasks callbacks.
|
||||
- firewalld - add functionality to set forwarding (https://github.com/ansible-collections/ansible.posix/pull/548).
|
||||
- firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)
|
||||
- firewalld - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
- firewalld_info - Only warn about ignored zones, when there are zones ignored.
|
||||
- firewalld_info - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
- mount - add no_log option for opts parameter (https://github.com/ansible-collections/ansible.posix/pull/563).
|
||||
- seboolean - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
- selinux - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
|
||||
Removed Features (previously deprecated)
|
||||
----------------------------------------
|
||||
|
||||
- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
|
||||
|
||||
Bugfixes
|
||||
--------
|
||||
|
||||
- Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483).
|
||||
- seboolean - make it work with disabled SELinux
|
||||
- synchronize - maintain proper formatting of the remote paths (https://github.com/ansible-collections/ansible.posix/pull/361).
|
||||
- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).
|
||||
|
||||
v1.5.4
|
||||
======
|
||||
|
||||
|
|
|
|||
|
|
@ -74,14 +74,11 @@ None
|
|||
|
||||
<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
|
||||
|
||||
- ansible-core 2.19 (devel)
|
||||
- ansible-core 2.18 (stable) *
|
||||
- ansible-core 2.18 (devel)
|
||||
- ansible-core 2.17 (stable)
|
||||
- ansible-core 2.16 (stable)
|
||||
- ansible-core 2.15 (stable)
|
||||
|
||||
*Note: For ansible-core 2.18, CI only covers sanity tests and no integration tests will be run until the test environment is released.*
|
||||
|
||||
## Roadmap
|
||||
|
||||
<!-- Optional. Include the roadmap for this collection, and the proposed release/versioning strategy so users can anticipate the upgrade/update cycle. -->
|
||||
|
|
|
|||
|
|
@ -347,61 +347,3 @@ releases:
|
|||
- 451_firewall_fix_protocol_parameter.yml
|
||||
- 456_sysctl_fix_nonetype.yml
|
||||
release_date: '2023-05-10'
|
||||
1.6.0:
|
||||
changes:
|
||||
bugfixes:
|
||||
- Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483).
|
||||
- seboolean - make it work with disabled SELinux
|
||||
- synchronize - maintain proper formatting of the remote paths (https://github.com/ansible-collections/ansible.posix/pull/361).
|
||||
- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).
|
||||
major_changes:
|
||||
- Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required
|
||||
version for this release
|
||||
minor_changes:
|
||||
- Add summary_only parameter to profile_roles and profile_tasks callbacks.
|
||||
- firewalld - add functionality to set forwarding (https://github.com/ansible-collections/ansible.posix/pull/548).
|
||||
- firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)
|
||||
- firewalld - respawn module to use the system python interpreter when the ``firewall``
|
||||
python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
- firewalld_info - Only warn about ignored zones, when there are zones ignored.
|
||||
- firewalld_info - respawn module to use the system python interpreter when
|
||||
the ``firewall`` python module is not available for ``ansible_python_interpreter``
|
||||
(https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
- mount - add no_log option for opts parameter (https://github.com/ansible-collections/ansible.posix/pull/563).
|
||||
- seboolean - respawn module to use the system python interpreter when the ``selinux``
|
||||
python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
- selinux - respawn module to use the system python interpreter when the ``selinux``
|
||||
python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
|
||||
release_summary: 'This is the minor release of the ``ansible.posix`` collection.
|
||||
|
||||
This changelog contains all changes to the modules and plugins
|
||||
|
||||
in this collection that have been added after the release of
|
||||
|
||||
``ansible.posix`` 1.5.4.'
|
||||
removed_features:
|
||||
- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
|
||||
fragments:
|
||||
- 1.6.0.yml
|
||||
- 206_fix_sysctl_to_work_on_symlinks.yml
|
||||
- 333_doc_absent_precision.yml
|
||||
- 361_maintain_proper_formating_remote_paths.yml
|
||||
- 421-remove-deprecation-warning.yml
|
||||
- 460-respawn.yaml
|
||||
- 466-tests.yml
|
||||
- 477_ci_update.yml
|
||||
- 484-firewalld-offline.yml
|
||||
- 487_ci_update.yml
|
||||
- 490_doc_authorized_key_path.yml
|
||||
- 496_seboolean-make-it-wrk-with-SELinux-disabled.yaml
|
||||
- 504-firewalld_info-warning.yaml
|
||||
- 508_ci_update.yml
|
||||
- 510_ci_update.yml
|
||||
- 511_profile-callbacks-add-summary-only-parameter.yml
|
||||
- 548_add_foward.yml
|
||||
- 556_remove_skippy_callback.yml
|
||||
- 562_update_core_version.yml
|
||||
- 563_add_no_log_option.yml
|
||||
- dropping-ansible29.yml
|
||||
- test-reqs.yml
|
||||
release_date: '2024-09-11'
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
bugfixes:
|
||||
- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).
|
||||
4
changelogs/fragments/333_doc_absent_precision.yml
Normal file
4
changelogs/fragments/333_doc_absent_precision.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
trivial:
|
||||
- mount - fix description in the documentation of the state ``absent`` to match its actual behavior
|
||||
and point out that ``src`` is ignored with state ``absent`` and ``unmounted`` (https://github.com/ansible-collections/ansible.posix/issues/322)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
minor_changes:
|
||||
- callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
|
||||
2
changelogs/fragments/421-remove-deprecation-warning.yml
Normal file
2
changelogs/fragments/421-remove-deprecation-warning.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
trivial:
|
||||
- synchronize - instantiate the connection plugin without the ``new_stdin`` argument, which is deprecated in ansible-core 2.15 (https://github.com/ansible-collections/ansible.posix/pull/421).
|
||||
10
changelogs/fragments/460-respawn.yaml
Normal file
10
changelogs/fragments/460-respawn.yaml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
minor_changes:
|
||||
- "seboolean - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
|
||||
(https://github.com/ansible-collections/ansible.posix/pull/460)."
|
||||
- "selinux - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
|
||||
(https://github.com/ansible-collections/ansible.posix/pull/460)."
|
||||
- "firewalld - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
|
||||
(https://github.com/ansible-collections/ansible.posix/pull/460)."
|
||||
- "firewalld_info - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
|
||||
(https://github.com/ansible-collections/ansible.posix/pull/460)."
|
||||
2
changelogs/fragments/466-tests.yml
Normal file
2
changelogs/fragments/466-tests.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
trivial:
|
||||
- "Fix integration tests so they work with ansible-core devel / 2.16 (https://github.com/ansible-collections/ansible.posix/pull/466)."
|
||||
3
changelogs/fragments/477_ci_update.yml
Normal file
3
changelogs/fragments/477_ci_update.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
trivial:
|
||||
- "Drop Python3.9 and update versions of RHEL,Fedora and FreeBSD for ansible-core:devel test(https://github.com/ansible-collections/ansible.posix/issues/476)."
|
||||
2
changelogs/fragments/484-firewalld-offline.yml
Normal file
2
changelogs/fragments/484-firewalld-offline.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)
|
||||
3
changelogs/fragments/487_ci_update.yml
Normal file
3
changelogs/fragments/487_ci_update.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
trivial:
|
||||
- "Drop FreeBSD12.4 from CI for ansible-core:devel(https://github.com/ansible-collections/ansible.posix/issues/486)."
|
||||
3
changelogs/fragments/490_doc_authorized_key_path.yml
Normal file
3
changelogs/fragments/490_doc_authorized_key_path.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
bugfixes:
|
||||
- "Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483)."
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
bugfixes:
|
||||
- seboolean - make it work with disabled SELinux
|
||||
2
changelogs/fragments/504-firewalld_info-warning.yaml
Normal file
2
changelogs/fragments/504-firewalld_info-warning.yaml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- firewalld_info - Only warn about ignored zones, when there are zones ignored.
|
||||
3
changelogs/fragments/508_ci_update.yml
Normal file
3
changelogs/fragments/508_ci_update.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
trivial:
|
||||
- "Refactoring remote CI targets."
|
||||
3
changelogs/fragments/510_ci_update.yml
Normal file
3
changelogs/fragments/510_ci_update.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
trivial:
|
||||
- "Replace Fedora 38 with 39 for container test(https://github.com/ansible-collections/ansible.posix/issues/509)."
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
minor_changes:
|
||||
- "Add summary_only parameter to profile_roles and profile_tasks callbacks."
|
||||
2
changelogs/fragments/556_remove_skippy_callback.yml
Normal file
2
changelogs/fragments/556_remove_skippy_callback.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
removed_features:
|
||||
- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
|
||||
3
changelogs/fragments/562_update_core_version.yml
Normal file
3
changelogs/fragments/562_update_core_version.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
minor_changes:
|
||||
- "Dropping support for ansible-core 2.14, ansible-core 2.15 will be minimum required version for this release"
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
trivial:
|
||||
- Bump version to 1.6.1 for next release.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
trivial:
|
||||
- mount - remove wrong version_added section from ``opts_no_log``.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
minor_changes:
|
||||
- authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
bugfixes:
|
||||
- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
trivial:
|
||||
- Bump ansible-core version to 2.19 of devel branch and add 2.18 to CI.
|
||||
2
changelogs/fragments/dropping-ansible29.yml
Normal file
2
changelogs/fragments/dropping-ansible29.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
major_changes:
|
||||
- "Dropping support for Ansible 2.9, ansible-core 2.14 will be minimum required version for this release"
|
||||
2
changelogs/fragments/test-reqs.yml
Normal file
2
changelogs/fragments/test-reqs.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
trivial:
|
||||
- "Move Galaxy test requirements from old transitional format in tests/requirements.yml to standard Ansible Galaxy requirements files in tests/integration/requirements.yml and tests/unit/requirements.yml."
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
namespace: ansible
|
||||
name: posix
|
||||
version: 1.6.1
|
||||
version: 1.5.4
|
||||
readme: README.md
|
||||
authors:
|
||||
- Ansible (github.com/ansible)
|
||||
|
|
@ -10,6 +10,6 @@ license_file: COPYING
|
|||
tags: [posix, networking, shell, unix]
|
||||
dependencies: {}
|
||||
repository: https://github.com/ansible-collections/ansible.posix
|
||||
documentation: https://docs.ansible.com/ansible/latest/collections/ansible/posix/
|
||||
documentation: https://github.com/ansible-collections/ansible.posix/tree/main/docs
|
||||
homepage: https://github.com/ansible-collections/ansible.posix
|
||||
issues: https://github.com/ansible-collections/ansible.posix
|
||||
|
|
|
|||
|
|
@ -77,14 +77,7 @@ class ActionModule(ActionBase):
|
|||
|
||||
if self._host_is_ipv6_address(host):
|
||||
return '[%s%s]:%s' % (user_prefix, host, path)
|
||||
|
||||
# preserve formatting of remote paths if host or user@host is explicitly defined in the path
|
||||
if ':' not in path:
|
||||
return '%s%s:%s' % (user_prefix, host, path)
|
||||
elif '@' not in path:
|
||||
return '%s%s' % (user_prefix, path)
|
||||
else:
|
||||
return path
|
||||
return '%s%s:%s' % (user_prefix, host, path)
|
||||
|
||||
def _process_origin(self, host, path, user):
|
||||
|
||||
|
|
|
|||
|
|
@ -129,10 +129,7 @@ class CallbackModule(CallbackBase):
|
|||
|
||||
def playbook_on_stats(self, stats):
|
||||
# Align summary report header with other callback plugin summary
|
||||
self._display.banner("ROLES RECAP")
|
||||
|
||||
self._display.display(tasktime())
|
||||
self._display.display(filled("", fchar="="))
|
||||
self._display.banner("ROLE RECAP")
|
||||
|
||||
timestamp(self)
|
||||
total_time = sum(self.totals.values())
|
||||
|
|
@ -144,4 +141,4 @@ class CallbackModule(CallbackBase):
|
|||
|
||||
msg_total = u"{0:-<70}{1:->9}".format(u'total ', u' {0:.02f}s'.format(total_time))
|
||||
self._display.display(filled("", fchar="~"))
|
||||
self._display.display(msg_total)
|
||||
self._display.display(msg_total)
|
||||
|
|
@ -196,9 +196,6 @@ class CallbackModule(CallbackBase):
|
|||
# Align summary report header with other callback plugin summary
|
||||
self._display.banner("TASKS RECAP")
|
||||
|
||||
self._display.display(tasktime())
|
||||
self._display.display(filled("", fchar="="))
|
||||
|
||||
timestamp(self)
|
||||
self.current = None
|
||||
|
||||
|
|
@ -220,4 +217,4 @@ class CallbackModule(CallbackBase):
|
|||
msg = u"{0:-<{2}}{1:->9}".format(result['name'] + u' ', u' {0:.02f}s'.format(result['elapsed']), self._display.columns - 9)
|
||||
if 'path' in result:
|
||||
msg += u"\n{0:-<{1}}".format(result['path'] + u' ', self._display.columns)
|
||||
self._display.display(msg)
|
||||
self._display.display(msg)
|
||||
|
|
@ -75,10 +75,6 @@ options:
|
|||
use_nfsv4_acls:
|
||||
description:
|
||||
- Use NFSv4 ACLs instead of POSIX ACLs.
|
||||
- This feature uses C(nfs4_setfacl) and C(nfs4_getfacl). The behavior depends on those implementation.
|
||||
And currently it only supports C(A) in ACE, so C(D) must be replaced with the appropriate C(A).
|
||||
- Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value.
|
||||
- More info C(man nfs4_setfacl)
|
||||
type: bool
|
||||
default: false
|
||||
recalculate_mask:
|
||||
|
|
@ -183,7 +179,7 @@ def split_entry(entry):
|
|||
def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
|
||||
'''Builds and returns an entry string. Does not include the permissions bit if they are not provided.'''
|
||||
if use_nfsv4_acls:
|
||||
return ':'.join(['A', 'g' if etype == 'group' else '', entity, permissions + 'tcy'])
|
||||
return ':'.join([etype, entity, permissions, 'allow'])
|
||||
|
||||
if permissions:
|
||||
return etype + ':' + entity + ':' + permissions
|
||||
|
|
@ -191,27 +187,22 @@ def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
|
|||
return etype + ':' + entity
|
||||
|
||||
|
||||
def build_command(module, mode, path, follow, default, recursive, recalculate_mask, use_nfsv4_acls, entry=''):
|
||||
def build_command(module, mode, path, follow, default, recursive, recalculate_mask, entry=''):
|
||||
'''Builds and returns a getfacl/setfacl command.'''
|
||||
if mode == 'set':
|
||||
cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
|
||||
cmd.extend(['-a' if use_nfsv4_acls else '-m', entry])
|
||||
cmd = [module.get_bin_path('setfacl', True)]
|
||||
cmd.extend(['-m', entry])
|
||||
elif mode == 'rm':
|
||||
cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
|
||||
cmd = [module.get_bin_path('setfacl', True)]
|
||||
cmd.extend(['-x', entry])
|
||||
else: # mode == 'get'
|
||||
cmd = [module.get_bin_path('getfacl', True)]
|
||||
# prevents absolute path warnings and removes headers
|
||||
if platform.system().lower() == 'linux':
|
||||
if use_nfsv4_acls:
|
||||
# use nfs4_getfacl instead of getfacl if use_nfsv4_acls is True
|
||||
cmd = [module.get_bin_path('nfs4_getfacl', True)]
|
||||
else:
|
||||
cmd = [module.get_bin_path('getfacl', True)]
|
||||
cmd.append('--absolute-names')
|
||||
cmd.append('--omit-header')
|
||||
cmd.append('--absolute-names')
|
||||
|
||||
if recursive and not use_nfsv4_acls:
|
||||
if recursive:
|
||||
cmd.append('--recursive')
|
||||
|
||||
if recalculate_mask == 'mask' and mode in ['set', 'rm']:
|
||||
|
|
@ -219,7 +210,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
|
|||
elif recalculate_mask == 'no_mask' and mode in ['set', 'rm']:
|
||||
cmd.append('--no-mask')
|
||||
|
||||
if not follow and not use_nfsv4_acls:
|
||||
if not follow:
|
||||
if platform.system().lower() == 'linux':
|
||||
cmd.append('--physical')
|
||||
elif platform.system().lower() == 'freebsd':
|
||||
|
|
@ -232,34 +223,24 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
|
|||
return cmd
|
||||
|
||||
|
||||
def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
|
||||
def acl_changed(module, cmd):
|
||||
'''Returns true if the provided command affects the existing ACLs, false otherwise.'''
|
||||
# To check the ACL changes, use the output of setfacl or nfs4_setfacl with '--test'.
|
||||
# FreeBSD do not have a --test flag, so by default, it is safer to always say "true".
|
||||
# FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
|
||||
if platform.system().lower() == 'freebsd':
|
||||
return True
|
||||
|
||||
cmd = cmd[:] # lists are mutables so cmd would be overwritten without this
|
||||
cmd.insert(1, '--test')
|
||||
lines = run_acl(module, cmd)
|
||||
counter = 0
|
||||
for line in lines:
|
||||
if line.endswith('*,*') and not use_nfsv4_acls:
|
||||
return False
|
||||
# if use_nfsv4_acls and entry is listed
|
||||
if use_nfsv4_acls and entry == line:
|
||||
counter += 1
|
||||
|
||||
# The current 'nfs4_setfacl --test' lists a new entry,
|
||||
# which will be added at the top of list, followed by the existing entries.
|
||||
# So if the entry has already been registered, the entry should be find twice.
|
||||
if counter == 2:
|
||||
return False
|
||||
return True
|
||||
for line in lines:
|
||||
if not line.endswith('*,*'):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def run_acl(module, cmd, check_rc=True):
|
||||
'''Runs the provided command and returns the output as a list of lines.'''
|
||||
|
||||
try:
|
||||
(rc, out, err) = module.run_command(cmd, check_rc=check_rc)
|
||||
except Exception as e:
|
||||
|
|
@ -332,7 +313,7 @@ def main():
|
|||
module.fail_json(msg="'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.")
|
||||
|
||||
if not entry:
|
||||
if state == 'absent' and permissions and not use_nfsv4_acls:
|
||||
if state == 'absent' and permissions:
|
||||
module.fail_json(msg="'permissions' MUST NOT be set when 'state=absent'.")
|
||||
|
||||
if state == 'absent' and not entity:
|
||||
|
|
@ -369,24 +350,21 @@ def main():
|
|||
entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
|
||||
command = build_command(
|
||||
module, 'set', path, follow,
|
||||
default, recursive, recalculate_mask, use_nfsv4_acls, entry
|
||||
default, recursive, recalculate_mask, entry
|
||||
)
|
||||
changed = acl_changed(module, command, entry, use_nfsv4_acls)
|
||||
changed = acl_changed(module, command)
|
||||
|
||||
if changed and not module.check_mode:
|
||||
run_acl(module, command)
|
||||
msg = "%s is present" % entry
|
||||
|
||||
elif state == 'absent':
|
||||
if use_nfsv4_acls:
|
||||
entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
|
||||
else:
|
||||
entry = build_entry(etype, entity, use_nfsv4_acls)
|
||||
entry = build_entry(etype, entity, use_nfsv4_acls)
|
||||
command = build_command(
|
||||
module, 'rm', path, follow,
|
||||
default, recursive, recalculate_mask, use_nfsv4_acls, entry
|
||||
default, recursive, recalculate_mask, entry
|
||||
)
|
||||
changed = acl_changed(module, command, entry, use_nfsv4_acls)
|
||||
changed = acl_changed(module, command)
|
||||
|
||||
if changed and not module.check_mode:
|
||||
run_acl(module, command, False)
|
||||
|
|
@ -397,10 +375,7 @@ def main():
|
|||
|
||||
acl = run_acl(
|
||||
module,
|
||||
build_command(
|
||||
module, 'get', path, follow, default, recursive,
|
||||
recalculate_mask, use_nfsv4_acls
|
||||
)
|
||||
build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
|
||||
)
|
||||
|
||||
module.exit_json(changed=changed, msg=msg, acl=acl)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ options:
|
|||
key:
|
||||
description:
|
||||
- The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
|
||||
- You can also use V(file://) prefix to search remote for a file with SSH key(s).
|
||||
type: str
|
||||
required: true
|
||||
path:
|
||||
|
|
@ -97,12 +96,6 @@ EXAMPLES = r'''
|
|||
state: present
|
||||
key: https://github.com/charlie.keys
|
||||
|
||||
- name: Set authorized keys taken from path on controller node
|
||||
ansible.posix.authorized_key:
|
||||
user: charlie
|
||||
state: present
|
||||
key: file:///home/charlie/.ssh/id_rsa.pub
|
||||
|
||||
- name: Set authorized keys taken from url using lookup
|
||||
ansible.posix.authorized_key:
|
||||
user: charlie
|
||||
|
|
@ -230,7 +223,6 @@ from operator import itemgetter
|
|||
from ansible.module_utils._text import to_native
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.urls import fetch_url
|
||||
from ansible.module_utils.six.moves.urllib.parse import urlparse
|
||||
|
||||
|
||||
class keydict(dict):
|
||||
|
|
@ -564,7 +556,7 @@ def enforce_state(module, params):
|
|||
follow = params.get('follow', False)
|
||||
error_msg = "Error getting key from: %s"
|
||||
|
||||
# if the key is a url or file, request it and use it as key source
|
||||
# if the key is a url, request it and use it as key source
|
||||
if key.startswith("http"):
|
||||
try:
|
||||
resp, info = fetch_url(module, key)
|
||||
|
|
@ -578,19 +570,6 @@ def enforce_state(module, params):
|
|||
# resp.read gives bytes on python3, convert to native string type
|
||||
key = to_native(key, errors='surrogate_or_strict')
|
||||
|
||||
if key.startswith("file"):
|
||||
# if the key is an absolute path, check for existense and use it as a key source
|
||||
key_path = urlparse(key).path
|
||||
if not os.path.exists(key_path):
|
||||
module.fail_json(msg="Path to a key file not found: %s" % key_path)
|
||||
if not os.path.isfile(key_path):
|
||||
module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key_path)
|
||||
try:
|
||||
with open(key_path, 'r') as source_fh:
|
||||
key = source_fh.read()
|
||||
except OSError as e:
|
||||
module.fail_json(msg="Failed to read key file %s : %s" % (key_path, to_native(e)))
|
||||
|
||||
# extract individual keys into an array, skipping blank lines and comments
|
||||
new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]
|
||||
|
||||
|
|
|
|||
|
|
@ -108,11 +108,6 @@ options:
|
|||
- The amount of time in seconds the rule should be in effect for when non-permanent.
|
||||
type: int
|
||||
default: 0
|
||||
forward:
|
||||
description:
|
||||
- The forward setting you would like to enable/disable to/from zones within firewalld.
|
||||
- This option only is supported by firewalld v0.9.0 or later.
|
||||
type: str
|
||||
masquerade:
|
||||
description:
|
||||
- The masquerade setting you would like to enable/disable to/from zones within firewalld.
|
||||
|
|
@ -143,8 +138,8 @@ notes:
|
|||
- This module needs C(python-firewall) or C(python3-firewall) on managed nodes.
|
||||
It is usually provided as a subset with C(firewalld) from the OS distributor for the OS default Python interpreter.
|
||||
requirements:
|
||||
- firewalld >= 0.9.0
|
||||
- python-firewall >= 0.9.0
|
||||
- firewalld >= 0.2.11
|
||||
- python-firewall >= 0.2.11
|
||||
author:
|
||||
- Adam Miller (@maxamillion)
|
||||
'''
|
||||
|
|
@ -203,12 +198,6 @@ EXAMPLES = r'''
|
|||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- ansible.posix.firewalld:
|
||||
forward: true
|
||||
state: enabled
|
||||
permanent: true
|
||||
zone: internal
|
||||
|
||||
- ansible.posix.firewalld:
|
||||
masquerade: true
|
||||
state: enabled
|
||||
|
|
@ -416,49 +405,6 @@ class ProtocolTransaction(FirewallTransaction):
|
|||
self.update_fw_settings(fw_zone, fw_settings)
|
||||
|
||||
|
||||
class ForwardTransaction(FirewallTransaction):
|
||||
"""
|
||||
ForwardTransaction
|
||||
"""
|
||||
|
||||
def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
|
||||
super(ForwardTransaction, self).__init__(
|
||||
module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
|
||||
)
|
||||
|
||||
self.enabled_msg = "Added forward to zone %s" % self.zone
|
||||
self.disabled_msg = "Removed forward from zone %s" % self.zone
|
||||
|
||||
def get_enabled_immediate(self):
|
||||
if self.fw.queryForward(self.zone) is True:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def get_enabled_permanent(self):
|
||||
fw_zone, fw_settings = self.get_fw_zone_settings()
|
||||
if fw_settings.queryForward() is True:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def set_enabled_immediate(self):
|
||||
self.fw.addForward(self.zone)
|
||||
|
||||
def set_enabled_permanent(self):
|
||||
fw_zone, fw_settings = self.get_fw_zone_settings()
|
||||
fw_settings.setForward(True)
|
||||
self.update_fw_settings(fw_zone, fw_settings)
|
||||
|
||||
def set_disabled_immediate(self):
|
||||
self.fw.removeForward(self.zone)
|
||||
|
||||
def set_disabled_permanent(self):
|
||||
fw_zone, fw_settings = self.get_fw_zone_settings()
|
||||
fw_settings.setForward(False)
|
||||
self.update_fw_settings(fw_zone, fw_settings)
|
||||
|
||||
|
||||
class MasqueradeTransaction(FirewallTransaction):
|
||||
"""
|
||||
MasqueradeTransaction
|
||||
|
|
@ -875,7 +821,6 @@ def main():
|
|||
state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
|
||||
timeout=dict(type='int', default=0),
|
||||
interface=dict(type='str'),
|
||||
forward=dict(type='str'),
|
||||
masquerade=dict(type='str'),
|
||||
offline=dict(type='bool', default=False),
|
||||
target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
|
||||
|
|
@ -888,7 +833,7 @@ def main():
|
|||
),
|
||||
mutually_exclusive=[
|
||||
['icmp_block', 'icmp_block_inversion', 'service', 'protocol', 'port', 'port_forward', 'rich_rule',
|
||||
'interface', 'forward', 'masquerade', 'source', 'target']
|
||||
'interface', 'masquerade', 'source', 'target']
|
||||
],
|
||||
)
|
||||
|
||||
|
|
@ -897,7 +842,6 @@ def main():
|
|||
immediate = module.params['immediate']
|
||||
timeout = module.params['timeout']
|
||||
interface = module.params['interface']
|
||||
forward = module.params['forward']
|
||||
masquerade = module.params['masquerade']
|
||||
offline = module.params['offline']
|
||||
|
||||
|
|
@ -961,7 +905,7 @@ def main():
|
|||
|
||||
modification = False
|
||||
if any([icmp_block, icmp_block_inversion, service, protocol, port, port_forward, rich_rule,
|
||||
interface, forward, masquerade, source, target]):
|
||||
interface, masquerade, source, target]):
|
||||
modification = True
|
||||
if modification and desired_state in ['absent', 'present'] and target is None:
|
||||
module.fail_json(
|
||||
|
|
@ -1128,29 +1072,6 @@ def main():
|
|||
changed, transaction_msgs = transaction.run()
|
||||
msgs = msgs + transaction_msgs
|
||||
|
||||
if forward is not None:
|
||||
# Type of forward will be changed to boolean in a future release.
|
||||
forward_status = False
|
||||
try:
|
||||
forward_status = boolean(forward, False)
|
||||
except TypeError:
|
||||
module.warn('The value of the forward option is "%s". '
|
||||
'The type of the option will be changed from string to boolean in a future release. '
|
||||
'To avoid unexpected behavior, please change the value to boolean.' % forward)
|
||||
|
||||
expected_state = 'enabled' if (desired_state == 'enabled') == forward_status else 'disabled'
|
||||
transaction = ForwardTransaction(
|
||||
module,
|
||||
action_args=(),
|
||||
zone=zone,
|
||||
desired_state=expected_state,
|
||||
permanent=permanent,
|
||||
immediate=immediate,
|
||||
)
|
||||
|
||||
changed, transaction_msgs = transaction.run()
|
||||
msgs = msgs + transaction_msgs
|
||||
|
||||
if masquerade is not None:
|
||||
# Type of masquerade will be changed to boolean in a future release.
|
||||
masquerade_status = True
|
||||
|
|
|
|||
|
|
@ -43,11 +43,6 @@ options:
|
|||
description:
|
||||
- Mount options (see fstab(5), or vfstab(4) on Solaris).
|
||||
type: str
|
||||
opts_no_log:
|
||||
description:
|
||||
- Do not log opts.
|
||||
type: bool
|
||||
default: false
|
||||
dump:
|
||||
description:
|
||||
- Dump (see fstab(5)).
|
||||
|
|
@ -214,7 +209,6 @@ EXAMPLES = r'''
|
|||
src: //192.168.1.200/share
|
||||
path: /mnt/smb_share
|
||||
opts: "rw,vers=3,file_mode=0600,dir_mode=0700,dom={{ ad_domain }},username={{ ad_username }},password={{ ad_password }}"
|
||||
opts_no_log: true
|
||||
fstype: cifs
|
||||
state: ephemeral
|
||||
'''
|
||||
|
|
@ -774,7 +768,6 @@ def main():
|
|||
fstype=dict(type='str'),
|
||||
path=dict(type='path', required=True, aliases=['name']),
|
||||
opts=dict(type='str'),
|
||||
opts_no_log=dict(type='bool', default=False),
|
||||
passno=dict(type='str', no_log=False, default='0'),
|
||||
src=dict(type='path'),
|
||||
backup=dict(type='bool', default=False),
|
||||
|
|
@ -788,9 +781,6 @@ def main():
|
|||
),
|
||||
)
|
||||
|
||||
if module.params['opts_no_log']:
|
||||
module.no_log_values.add(module.params['opts'])
|
||||
|
||||
# solaris args:
|
||||
# name, src, fstype, opts, boot, passno, state, fstab=/etc/vfstab
|
||||
# linux args:
|
||||
|
|
|
|||
|
|
@ -35,5 +35,3 @@ multiple_keys_comments: |
|
|||
ssh-rsa DATA_BASIC 1@testing
|
||||
# I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing
|
||||
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
|
||||
|
||||
key_path: /tmp/id_rsa.pub
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
- name: Create key file for test
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ key_path }}"
|
||||
content: "{{ rsa_key_basic }}"
|
||||
mode: "0600"
|
||||
|
||||
- name: Add key using path
|
||||
ansible.posix.authorized_key:
|
||||
user: root
|
||||
key: file://{{ key_path }}
|
||||
state: present
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: Assert that the key was added
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- result.changed == true
|
||||
|
||||
- name: Add key using path again
|
||||
ansible.posix.authorized_key:
|
||||
user: root
|
||||
key: file://{{ key_path }}
|
||||
state: present
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: Assert that no changes were applied
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- result.changed == false
|
||||
|
|
@ -31,6 +31,3 @@
|
|||
|
||||
- name: Test for the management of comments with key
|
||||
ansible.builtin.import_tasks: comments.yml
|
||||
|
||||
- name: Test for specifying key as a path
|
||||
ansible.builtin.import_tasks: check_path.yml
|
||||
|
|
|
|||
|
|
@ -83,6 +83,5 @@
|
|||
ansible.builtin.assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- >
|
||||
result.msg == 'parameters are mutually exclusive:
|
||||
icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|forward|masquerade|source|target'
|
||||
- "result.msg ==
|
||||
'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"
|
||||
|
|
|
|||
|
|
@ -23,55 +23,6 @@
|
|||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Zone forwarding test
|
||||
when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('8', '>='))
|
||||
block:
|
||||
- name: Enable zone forwarding
|
||||
ansible.posix.firewalld:
|
||||
zone: custom
|
||||
forward: true
|
||||
permanent: true
|
||||
state: enabled
|
||||
register: result
|
||||
|
||||
- name: Assert zone forwarding is enabled
|
||||
ansible.builtin.debug:
|
||||
var: result is changed
|
||||
|
||||
- name: Enable zone forwarding (verify not changed)
|
||||
ansible.posix.firewalld:
|
||||
zone: custom
|
||||
forward: true
|
||||
permanent: true
|
||||
state: enabled
|
||||
register: result
|
||||
|
||||
- name: Assert zone forwarding is enabled (verify not changed)
|
||||
ansible.builtin.debug:
|
||||
var: result is not changed
|
||||
|
||||
- name: Disable zone forwarding
|
||||
ansible.posix.firewalld:
|
||||
zone: custom
|
||||
forward: false
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- name: Assert zone forwarding is disabled
|
||||
ansible.builtin.debug:
|
||||
var: result is changed
|
||||
|
||||
- name: Disable zone forwarding (verify not changed)
|
||||
ansible.posix.firewalld:
|
||||
zone: custom
|
||||
forward: false
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- name: Assert zone forwarding is disabled (verify not changed)
|
||||
ansible.builtin.debug:
|
||||
var: result is not changed
|
||||
|
||||
- name: Firewalld remove zone custom
|
||||
ansible.posix.firewalld:
|
||||
zone: custom
|
||||
|
|
|
|||
|
|
@ -739,53 +739,3 @@
|
|||
- /tmp/myfs_A.img
|
||||
- /tmp/myfs_B.img
|
||||
- /tmp/myfs
|
||||
|
||||
- name: Block to test opts_no_log option
|
||||
when: ansible_system == 'Linux'
|
||||
block:
|
||||
- name: Create an empty file
|
||||
community.general.filesize:
|
||||
path: /tmp/myfs.img
|
||||
size: 1M
|
||||
- name: Format FS
|
||||
community.general.filesystem:
|
||||
fstype: ext4
|
||||
dev: /tmp/myfs.img
|
||||
- name: Mount the FS with opts_no_log option true
|
||||
ansible.posix.mount:
|
||||
path: /tmp/myfs
|
||||
src: /tmp/myfs.img
|
||||
fstype: ext4
|
||||
state: mounted
|
||||
opts: rw
|
||||
opts_no_log: true
|
||||
register: mount_info
|
||||
- name: Assert opts_no_log option true
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- mount_info.opts == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
|
||||
- name: Remount the FS with opts_no_log option false
|
||||
ansible.posix.mount:
|
||||
path: /tmp/myfs
|
||||
src: /tmp/myfs.img
|
||||
fstype: ext4
|
||||
state: remounted
|
||||
opts: rw,user
|
||||
opts_no_log: false
|
||||
register: mount_info
|
||||
- name: Assert opts_no_log option false
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- mount_info.opts == 'rw,user'
|
||||
always:
|
||||
- name: Unmount FS
|
||||
ansible.posix.mount:
|
||||
path: /tmp/myfs
|
||||
state: absent
|
||||
- name: Remove the test FS
|
||||
ansible.builtin.file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
loop:
|
||||
- /tmp/myfs.img
|
||||
- /tmp/myfs
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
tests/utils/shippable/timing.py shebang
|
||||
Loading…
Reference in a new issue