* utils: fix IPv6 address w/ port parsing
This was using a deprecated function (`urllib.splitnport`),
ostensibly to work around issues with brackets on IPv6 addresses.
Ironically, its usage was broken, and would result in mangled IPv6
addresses if they had a port specified in some instances.
Usage of the deprecated function has been eliminated and extra test
cases added where missing. All existing cases pass as-is. (The only
other change to the test was to improve assertion messages.)
Cherry-picked from
f16c4e1147
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* client: fix exception semantics in _raise_for_status
We want "The above exception was the direct cause of the following exception:" instead of "During handling of the above exception, another exception occurred:"
Cherry-picked from
bb11197ee3
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
* tls: use auto-negotiated highest version
Specific TLS versions are deprecated in latest Python, which
causes test failures due to treating deprecation errors as
warnings.
Luckily, the fix here is straightforward: we can eliminate some
custom version selection logic by using `PROTOCOL_TLS_CLIENT`,
which is the recommended method and will select the highest TLS
version supported by both client and server.
Cherry-picked from
56dd6de7df
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* transport: fix ProxyCommand for SSH conn
Cherry-picked from
4e19cc48df
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
* ssh: do not create unnecessary subshell on exec
Cherry-picked from
bb40ba051f
Co-authored-by: liubo <liubo@uniontech.com>
* ssh: reject unknown host keys when using Python SSH impl
In the Secure Shell (SSH) protocol, host keys are used to verify the identity of remote hosts. Accepting unknown host keys may leave the connection open to man-in-the-middle attacks.
Do not accept unknown host keys. In particular, do not set the default missing host key policy for the Paramiko library to either AutoAddPolicy or WarningPolicy. Both of these policies continue even when the host key is unknown. The default setting of RejectPolicy is secure because it throws an exception when it encounters an unknown host key.
Reference: https://cwe.mitre.org/data/definitions/295.html
NOTE: This only affects SSH connections using the native Python SSH implementation (Paramiko), when `use_ssh_client=False` (default). If using the system SSH client (`use_ssh_client=True`), the host configuration
(e.g. `~/.ssh/config`) will apply.
Cherry-picked from
d9298647d9
Co-authored-by: Audun Nes <audun.nes@gmail.com>
* lint: fix deprecation warnings from threading package
Set `daemon` attribute instead of using `setDaemon` method that
was deprecated in Python 3.10.
Cherry-picked from
adf5a97b12
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
* api: preserve cause when re-raising error
Use `from e` to ensure that the error context is propagated
correctly.
Cherry-picked from
05e143429e
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* build: trim trailing whitespace from dockerignore entries
Cherry-picked from
3ee3a2486f
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Improve formulation, also mention the security change as a breaking change.
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
Co-authored-by: liubo <liubo@uniontech.com>
Co-authored-by: Audun Nes <audun.nes@gmail.com>
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Prefer unitest.mock by using compat.mock
`mock` is a backport of the `unittest.mock` module from the stdlib, and
there's no reason to use it on newer Python versions. `mock` is deprecated
in Fedora, so I figured I'd propose this here before downstream patching
our ansible-collection-community-docker package.
* Remove compat.mock code for older Python 3 versions
This removes compatibility for older versions of Python 3 that are no
longer supported.
* Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml.
* ignore.txt lines cannot be empty or contain only a comment.
* Cleanup.
* This particular __init__.py seems to be crucial.
* Try extra newline.
* Markdown comments are a real mess. I hope this won't break Galaxy...
* More licenses.
* Add sanity test.
* Skip some files, lint.
* Make sure there is a copyright line everywhere.
* Also check for copyright line in sanity tests.
* Remove colon after 'Copyright'.
* Normalize lint script.
* Avoid colon after 'Copyright' in lint script.
* Improve license checker.
* Update README.md
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Remove superfluous space.
* Referencing target instead of symlink
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Begin experiments for docker_container rewrite.
* Continued.
* We support API >= 1.25 only anyway.
* Continued.
* Fix bugs.
* Complete first basic implementation.
* Continuing.
* Improvements and fixes.
* Continuing.
* More 'easy' options.
* More options.
* Work on volumes and mounts.
* Add more options.
* The last option.
* Copy over.
* Fix exposed ports.
* Fix bugs.
* Fix command and entrypoint.
* More fixes.
* Fix more bugs.
* ci_complete
* Lint, fix Python 2.7 bugs, work around ansible-test bug.
ci_complete
* Remove no longer applicable test.
ci_complete
* Remove unnecessary ignore.
ci_complete
* Start with engine driver.
* Refactoring.
* Avoid using anything Docker specific from self.client.
* Refactor.
* Add Python 2.6 ignore.txt entries for ansible-core < 2.12.
* Improve healthcheck handling.
* Fix container removal logic.
* ci_complete
* Remove handling of older Docker SDK for Pyhon versions from integration tests.
* Avoid recreation if a pure update is possible without losing the diff data.
* Cover the case that blkio_weight does not work.
* Update plugins/module_utils/module_container/docker_api.py
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Improve memory_swap tests.
* Fix URLs in changelog fragment.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Vendor parts of the Docker SDK for Python
This is a combination of the latest git version
(a48a5a9647)
and the version before Python 2.7 support was removed
(650aad3a5f),
including some modifications to work with Ansible module_utils's
system (i.e. third-party imports are guarded, and errors are
reported during runtime through a new exception
MissingRequirementException).
* Create module_utils and plugin_utils for working with the vendored code.
The delete call cannot be called delete() since that method already exists from requests.
* Vendor more code from Docker SDK for Python.
* Adjust code from common module_utils.
* Add unit tests from Docker SDK for Python.
* Make test compile with Python 2.6, but skip them on Python 2.6.
* Skip test that requires a network server.
* Add changelog.
* Update changelogs/fragments/398-docker-api.yml
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Minimum API version is 1.25.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* fix config docs and update to use config system
wean off play_context which did not have the correct data in all cases
* moar fixes
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* updated for backwards compat
* badmergeresolution
* makeitworks
* attempt to fix unit test
* mocking it# No more than 50 chars. #### 50 chars is here: #
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* nomock
* remove bad paste
* properly load connection to initialize config
* initizlie docker args
* Fix bugs.
* Call _set_conn_data() when needed.
* Cache result of _get_docker_remote_user() now that it is called multiple times per task.
* Fix unit tests.
* list.clear() is Python 3...
* Add changelog.
* Call _set_conn_data() also in _connect().
Co-authored-by: Felix Fontein <felix@fontein.de>
* Began with docker inventory plugin.
* Linting.
* Improve plugin, add basic unit tests.
* Linting.
* Add integration test.
* Adjust tests to case that there are more containers.
* There can be stopped containers.
ci_coverage
* docker -> docker_containers
