Open
Conversation
nitzmahone
force-pushed
the
foobranch
branch
from
0653ab7 to
1d7db40
Compare
nitzmahone
pushed a commit
that referenced
this pull request
Apr 5, 2019
…ble#54260) * nxos_interfaces_ospf: fix passive-interface states & check_mode This fix addresses issues ansible#41704 and ansible#45343. The crux of the problem is that `passive-interface` should have been treated as a tri-state value instead of a boolean. The `no` form of the command disables the passive state on an interface (allows it to form adjacencies and send routing updates). It's essentially an override for `passive-interface default` which enables passive state on all OSPF interfaces.\* This `no` config will be present in `running-config`. \**See `router ospf` configuration.* Since both enable and disable states are explicit configs, the proper way to remove either of these is with the `default` syntax. Passive-interface config syntax: ``` ip ospf passive-interface # enable (nvgens) no ip ospf passive-interface # disable (nvgens) default ip ospf passive-interface # default (removes config, does not nvgen) ``` Code changes: * `passive_interface` param changed from boolean to string, restricted to `true`,`false`,`default`. * Several passive-interface specific checks were added because the existing module logic tends to test for true or false and doesn't handle the None case. * Fixed `check_mode`. Sanity verified on: N9K,N7K,N3K,N6K * Fix doc header * Unit tests for passive-interface * doc fix #2 * Fix indent for SA * Remove 'default' keyword, restore bool behavior * remove changes to sanity
nitzmahone
pushed a commit
that referenced
this pull request
Jun 14, 2019
…nit test (ansible#55643) * remove external grep call and parse with python * use function for repeated code * use module.get_bin_path() for iscsiutil on HPUX * some code opt for HPUX * clean up non-module code, module being defined is a requirement for this code * import get_bin_path() directly and use without module prefix * Add integration tests for AIX and HP-UX * add changelog fragment * Apply suggestions from code review Co-Authored-By: mator <matorola@gmail.com> * Apply suggestions from code review #2 Co-Authored-By: Sam Doran <sdoran@redhat.com> * Remove strict requirement on executable to exist for get_bin_path() as it will allow facts gathering to continue without an error. Almost all other files under facts do not have "required=True" (except 2 files, which should be probably fixed). And check return value for get_bin_path() , before run attempt. * add check for AIX lsattr run_command return code
nitzmahone
pushed a commit
that referenced
this pull request
Sep 18, 2019
* docs: Update apt_key.py, add requirements of gpg (ansible#61552) (cherry picked from commit 5d7d4a9) * Proposals aren't really used much, delete reference from docs (ansible#61800) (cherry picked from commit 41055b5) * Update gitlab_hooks docs (ansible#61837) (cherry picked from commit 223dab9) * Unify ios_logging and eos_logging documentation with accepted options (ansible#61777) (cherry picked from commit cc9adf7) * don't set default:None in documentation when there is no default (ansible#61111), otherwise "None" will be rendered as a string on docsite (cherry picked from commit 1aca1f8) * Update mso_schema_template_deploy.py (ansible#61849), correct module name in examples (cherry picked from commit 394a051) * Update hashi_vault.py documentation with kv V2 example (ansible#61221) (cherry picked from commit 70f501d)
nitzmahone
pushed a commit
that referenced
this pull request
Nov 12, 2019
…ble#54260) * nxos_interfaces_ospf: fix passive-interface states & check_mode This fix addresses issues ansible#41704 and ansible#45343. The crux of the problem is that `passive-interface` should have been treated as a tri-state value instead of a boolean. The `no` form of the command disables the passive state on an interface (allows it to form adjacencies and send routing updates). It's essentially an override for `passive-interface default` which enables passive state on all OSPF interfaces.\* This `no` config will be present in `running-config`. \**See `router ospf` configuration.* Since both enable and disable states are explicit configs, the proper way to remove either of these is with the `default` syntax. Passive-interface config syntax: ``` ip ospf passive-interface # enable (nvgens) no ip ospf passive-interface # disable (nvgens) default ip ospf passive-interface # default (removes config, does not nvgen) ``` Code changes: * `passive_interface` param changed from boolean to string, restricted to `true`,`false`,`default`. * Several passive-interface specific checks were added because the existing module logic tends to test for true or false and doesn't handle the None case. * Fixed `check_mode`. Sanity verified on: N9K,N7K,N3K,N6K * Fix doc header * Unit tests for passive-interface * doc fix #2 * Fix indent for SA * Remove 'default' keyword, restore bool behavior * remove changes to sanity (cherry picked from commit 20fb77c)
nitzmahone
added a commit
that referenced
this pull request
Jun 5, 2024
* WIP reimplement vault support on data tagging
* mostly working, now tags all vault-sourced values as SensitiveData
* decryption is now load-time only, but only once per var instead of once per access
* fixed ancient MAJOR perf problem with key expansion being repeated on every access (that dwarfed decryption by ~100x)
* propagate AnsibleSourcePosition tags, fix more sneaky unmanaged copies
* Fixed config integration test
* Fix filter_mathstuff integration test
* fix roles_arg_spec test for data tagging
* fix non-native jinja2 test for data tagging
* fix bad merge conflicts
* underlying socket requires a "real" int for port
* move AnsibleJSONDecoder to module_utils
* update all internal callers
* deprecate ansible.parsing.ajson module
* wip module support
* wip data tagging integration tests
* add ANSIBLE_WRAP_STDERR config
* makes output testing easier
* Add output filtering for data tagging test
* distro-neutral test updates
* fix output tests and document update procedure
* clean up temporary root dir cruft
* Fix sanity test errors
* Remove Python 2.x compatibility tests
* Remove Python 3.6 support
Also remove more Python 2.7 references
* Fix ansible-test future boilerplate
* Fix pylint error in ansible-test
* more integration tests, rename
* WIP kill convert_data and Jinja repr/eval
* fix indirect convert_data from tests
* Jinja2 native by default
* compat-ish fix (prevent returning Nones, but sometimes we need them)
* make hostvars silently untaggable
* Inline Jinja native templating fix
* we should try to upstream this fix- prevent stringification for things that won't be eval'd later
* misc test fixes
* temp disable conditional tests affected by FDI026
* don't return nested tuples from lookup
* crazy
* misc test fixes/FDI disables
* comment failing test with FDI
* fix bogus test
* disable filter_encryption test
* TrustedAsTemplate conversion WIP
* trustedastemplate wip fixes
* misc TrustedAsTemplate and lazy template fixes
* Recursively apply NotATemplate for the YAML !unsafe tag
* Preserve datatags when splitting tags
* Support tuple in _proxy_or_render_template
* fix various test failures
* misc test fixes
* disable (some) AnsibleSourcePosition propagation
* breaks when applied to proxies, FDI031
* ensure that all tuple-source comparisons are lists
* Move tagged_type_map into a cached function
* lazy template containers to AnsibleTaggedObject subclasses
* expose current templar on TemplateContext, use in lazy template containers
* move DeprecatedAccessAuditContext to controller-side
* eliminate hardcoded repr format from lookup_sequence test
* skip super init for tuple subclasses
* templating/tagging perf improvements
* listify_lookup_plugin_terms-ectomy
* even lazier templating on lookups
* reduced copies in datatag wrapper impls
* propagate TrustedAsTemplate on inlined const template values at Jinja layer
* remove bogus tests for dead features
* fix !unsafe behavior
* remove unused _check_conditional_old
* make tagged reprs optional, hacky 1-pass conditional fixes
* more assert conditional deferral hackery
* change template lookup jinja2_native to true
* collapse AnsibleNativeXXX Jinja classes
* bypass parts of template integration tests for Jinja2 always native
* upgrade to Jinja 3.1.0 as minimum
* bump core version to 2.17
* "untag" support, NativeJinjaText-ectomy
* Made parsing.yaml.objects a no-op
* Fix systemd integration test
* Fix slurp test
* Fix script test
* Fix copy test
* Fix command_shell test
* Fix find test
* Fix lookup_subelements test
* fix module_precedence test
* disable inventory_constructed test
* FDI023
* Fix include_vars test
* fix flie tests
* fix filter_core tests
* fix filter_mathstuff tests
* Add work-around for dict_transformations test to bypass unwanted side-effect of our }} replacmement hack
* fix inventory tests
* FDI023 - temporarily disabled usages of constructed until solved
* Fix apt_repository test
* fixed gathering_facts tests
* fix expect tests
* fix wait_for tests
* fix lookup_url tests
* Fix git test
* fix ansible-vault tests
* fix galaxy CLI template trust marking and tests
* Fix uri test
* "fix" basename behavior on role tasks_from
* fix dict_transformation tests
* revert dict_transformation test workarounds
* embedded var-end-string collisions `}}` are now supported in conditionals
This reverts commit 09a94d8731c1385d81807648e84e60dfc135eba2.
This reverts commit 2290b138db21a296e913c7782a62989f1d8858dc.
* harden conditionals against template injection
* dedicated conditional templar uses random values for jinja block start/end and wraps the conditional expression in that (instead of {{ }})
* currently entirely disables inline template expansion for conditionals without warning (FDI032, a follow-up commit will add temporary warning/error behavior once tests have been adjusted)
* fix custom templar config in conditional
* fixme for unnecessary deepcopy in template lookup
* fix template test
* disallow execution of non-string/bool conditionals
* Remove unnecessary templates from conditionals in integration tests
* increase fixme detail in assert for FDI023
* misc test assert fixes
* fix embedded templates and quoting in dnf test assert
* Remove stray }} from git test after previous cleanup
* UntrustedAsTemplate-ectomy
* workaround template issues in ansible-playbook-callbacks test
* fully disable convert_bare on templates and update tests accordingly
* temp disable debugger tests (FDI032)
* move conditional eval logic under Templar
* WIP Templar.evaluate_conditional
* work towards leaning on Jinja's "compile_expression" instead of all the manual template wrapping
* add support to the playbook output validator filter script for arbitrary regexes to include and route to stdout/stderr comparison
* add "untemplated_args" attr to Task for things that want access to "post-munged but not templated" versions of the task args
* restore partial support for conditionals with embedded templates
* fix debugger test to not run afoul of template trust
* provide empty list default for new filter match args
* make HostVars container untaggable
* remove stale support plugin usage of convert_bare
* add surrogate test coverage for post_process_whens
* template finalizer cleanup
* don't call our finalizer at compile-time
* extra tests
* emit warning on Conditional failure since callers are inconsistent about exposing errors/forensic info
* generalize inline constant template support
* disabled Jinja optimizer
* added tests for both optimized/non-optimized usages
* cleaned up special cases
* rename _make_trusted to _render_inline_template
* ensure lookup.run() first arg is always of type list
* change assert on untrusted template in conditional to exception
* pre-emptive force disable Jinja autoescape
* Convert namedtuple based tags to dataclasses
* Use dataclasses for all non-singleton datatags
* Use dict instead of MappingProxyType
Rename `_tags` to `_atags`
Add more comments
Miscellaneous optimizations
* Renaming, refactoring in datatag and template
* Mark lazy template classes final
* Rename _atags to _ansible_tags
* Use __slots__ for datatags
Also eliminate use of __subclasses__ in favor of __init_subclass__.
Move _proxyfactory into AnsibleTaggedObject.
Unit tests for __slots__ on AnsibleSerializable types (except those used by templating).
* Remove unused code
- contextvars compat for Python 2.7 and 3.6
- datatag_ast
* Use kw_only for dataclass based datatags
* Remove unused ansible_pos property from AnsibleSourcePosition
* Fix some template unit tests
* slotted datatag support tests
* Fix datatag unit tests
Instead of checking for __slots__ in the hierarchy, only check on the type we're testing.
This allows checking for the presence of __slots__ instead of empty/non-empty.
* Remove outdated FIXME entries
Now that we have tests for pickle and deepcopy, these are no longer needed.
* Removed obsolete FIXME entries, and:
* Updated Deprecated to use datetime.date
* Made line/col on AnsibleSourcePosition optional
* Updated datatag dataclasses to omit default None values from serialization
* Added quotes around template when reporting a template error
* Updated expected output for data_tagging_controller test
* Fix tag detection and simplify code
- Centralized tag lookup to a single method
- Use Exception instead of AttributeError when detecting tags (for things like AnsibleUndefined)
* "fix" module_utils remove_values to preserve tags on copied containers
* optimize untaggable_types handling
* Rename local var for consistency
* Fix no_log handling of tagged container types
* Fix unit test mock data loader
* Fix conditional unit tests
* Fix yaml loader unit tests
* Fix recursive finder unit test
* Fix galaxy list collection unit test
* Improve unit test mock data loader
* Fix action plugin unit test
* Only tag task msg as NotATemplate when it's str
* Add xfail for vault related unit tests
* Sanity test fixes
* Fix integration test aliases
* Avoid assert in lib
* Fix pep8 sanity test issues
* Fix pylint issues
* Remove unused _discovery_deprecation_warnings
* Remove incorrect type annotations
* Add missing type annotation for interpreter discovery
* Improve data tagging type hints
* Ignore pylint error about slots
* Comment out unreachable code
* Omit line/col for CLI extra-vars
* Fix various templar unit tests
* Fix mypy and pylint issues
* Simplify toml_dumps (fixes mypy issue also)
* Fix var name and mypy issue
* Fix another mypy issue
* Fix warning unit tests
* Use tag_copy instead of tags+tag
* Use tag() instance method for single tags
* Initial prototype for resolving part of FDI028
* Restore escape_backslashes
Update the docstring for _escape_backslashes to more accurately describe its purpose.
Also disable escape_backslashes when processing conditionals, to maintain backwards compatibility.
This is necessary because conditionals were previously evaluated using {% %}, which was *NOT* affected by escape_backslashes.
Now that conditionals use expressions, they would be affected by escape_backslashes if it was not disabled.
* further clarify _escape_backslashes docstring
* Add FIXME for change in behavior around templating non-str conditionals
Mark associated unit test for the old behavior as xfail
* Fix test_backslash_escaping unit test
* Fix templar unit tests
* Fix various inventory plugin cases in core
Inventory unit tests now pass
Trust by default has been partially implemented
* Remove unused import
* WIP inventory trusted_by_default support
* Improve toml inventory integration tests
Also move toml_dumps out of the inventory plugin, since it's not used there
* Fix the TOML encoder to handle datatagging
Raise the minimum version of toml to 0.10.0 so we can use Encoder -- it's already ~5 years old, so we don't need to support anything older.
* Fix whitespace on warning, update data_tagging_controller test expected output
* Ignore tomli_w in mypy
* Fix changelog fragment
* sanity ignores on vendored wrapt
* Fix sanity test failures
* apply trust to conditionals in constructed inventory unit tests
* Fix mypy issue and use of t
* Rip out toml, it's busted, require tomli/tomli-w instead
One reason it's busted is because it returns custom dict subclasses with no apparent way to override during decoding.
Encoding also requires custom type mapping to handle subclasses of built-in types.
Add more complete TOML testing for dumping/reading
* Remove unused import
* Added AnsibleVariableVisitor (factored out of ansible.inventory.data)
Switched over to AnsibleVariableVisitor from _auto_trust in inventory
Updated inventory manager to call a new config_and_parse() method instead of parse() on BaseInventoryPlugin
Moved setting of some BaseInventoryPlugin attributes from parse() to config_and_parse()
* Fix unit tests, add FIXME for possible future feature
* Switch back from config_and_parse to just using parse
* Removed unused imports
* Fix set pickling, added support for tagging datetime, date, time
Also improved data tagging unit test coverage
* Clean up FDI018 references
* remove tagged_repr support
* see wip_tagged_debug_repr branch for a mostly-working dynamic impl if we want to revisit
* fix dynamic scalar type regression
* updated inventory_toml tests for new types
* new fixmes
* Fix sanity test issues
* remove undocumented VarsWithSources debug mechanism
* see nitzmahone/ansible-private/var_access_logging_wip branch for a PoC replacement based on data tagging + AnsibleSourcePosition
* handle empty tags on lazy template wrappers
* also added more explanatory comments
* replace template static_vars with NotATemplate tag
* also optimize some copies, test cleanups, killed dead test code
* optimized tag_copy/tag via generator WIP
* Fix up hostvars type hints, comments and var names
* Fix datatag type hints
* Eliminate double-copy in datatag utils
* Add missing blank line
* Remove obsolete test for contextvars from when we supported Python 3.6
* Rename allowed vars set for collections
Exclude bytes from _ANSIBLE_ALLOWED_NON_SCALAR_COLLECTION_VAR_TYPES
* Added more datatag tests -- still needs further coverage and refactoring (particularly to cover lazy template logic)
* Consolidate datatag logic
- Implement native_type and native_copy on AnsibleTaggedObject
- Move setting of _ansible_tags_mapping into _native_instance_factory
- Use generators in more places
- Create _copy_collection and _instance_factory_collection for use by collections
- Fix lazy template dispatch for untagged collections
- Add JSON round-trip unit tests
- Consolidate round-trip unit test logic
- Fix variables named `t`
- Add copy.copy tests
- Add instance copy tests
- Add untag tests
* Minor tag optimizations
* Exclude base classes from type maps/sets
Also eliminate isinstance checks from AnsibleTaggedObject.tag/untag
* Make _AnsibleTagsMapping check strict
This avoids more isinstance checks
* Eliminate isinstance from _instance_factory_collection
* Eliminate isinstance from Deprecated
* Fix mypy issue
* Convert native_type from a method to a class attribute
* Eliminate a few typing.cast uses
* Consolidate custom pickle code on AnsibleTaggedObject
* Suppress protected member warnings in PyCharm
* Remove unused import
* Rename pickle_protocol to _pickle_protocol
* Remove use of OrderedDict from datatag code
* Fix coverage issues in datatag unit tests
* Add a few docstrings
* Add more unit tests
* Docstrings, pragmas for coverage on overloads, type hints, more unit tests
* Cleanup
* Ensure tagged instances have the same repr() and str() as their untagged base types
* More unit test code coverage
* Move datatag access context code into a separate module
* Use standard tag types in datatag ambientcontext tests
* Move ambientcontext unit tests to module_utils tests
Also fix Python 3.7 bug in AnsibleAccessContext.access
* Add unit test coverage for tag_types() method
* Add access mutator unit test
* Remove unused _AnsibleNonMappedWrapper
* Move NotTaggableError up so it's not in the middle of tag types
* Fix unit test
* Add deprecation for listifying dict before reversed
* Fix unit test function name typo
* propagate template trust to VaultedValue (so embedded templates render)
* switch Jinja templating to ImmutableSandboxedEnvironment
* capture FIXMEs
* fix bad WIP branch stash
* dynamic tag propagation on common string methods
* add associated tests
* FIXME
* fix _init_class invocation
* Sanity test fixes
* Make pylint happy
* ditch SandboxedEnvironment `safe_range` since it breaks valid usages
---------
Co-authored-by: Matt Clay <matt@mystile.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SUMMARY
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION