* Add note on idempotency.
* Make platform a list of strings.
* Support specifying secrets.
* Add test for secrets.
* Support specifying outputs.
* Ignore invalid choices syntax for ansible-core <= 2.16.
It actually works with ansible-core 2.14+ (though not with <= 2.13),
but the sanity tests only accept it from 2.17 on.
* Only use --secret with type=env for buildx 0.6.0+, and multiple --output for buildx 0.13.0+.
* add sysctls option to docker_swarm_service
* Add added version number
Co-authored-by: Felix Fontein <felix@fontein.de>
* version added -> 3.10.0
Co-authored-by: Felix Fontein <felix@fontein.de>
* changelog fragment for docker_swarm_service sysctls
* add minimal docker_py / docker_api versions to use for sysctls
* set expected sysctls to null on integration test
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow to specify inline compose definitions.
* Remove comma that trips Python 2.7.
* Add tests.
* Add PyYAML as EE dependency.
* Be more explicit on PyYAML.
* Ignore pylint warnings for construct that does not work with Python 2.
* Revert "Ignore pylint warnings for construct that does not work with Python 2."
This reverts commit 92c19c78dc.
* Different approach: use ignore.txt since otherwise ansible-core 2.14 tests fail.
* Allow to configure behavior of pull=true in check mode.
* Change pull to option that accepts some strings as well, such as pull=never.
* Adjust values.
* Add inventory filter capability.
* Use community.library_inventory_filtering_v1 collection.
* Bump dependency to 1.0.0.
* Mention the new dependency in the changelog.
* Add pull option for 'docker compose up'.
* Improve dry-mode event parsing, and also parse pull-related events.
* Improve error handling, and add first tests.
* Fix action status documentation.
* Add more tests.
* Always return stderr.
This makes debugging misbehavior a lot easier since you can see
what 'docker compose' actually returned.
* Reformat existing tests.
* Add docker_compose_v2 module.
* Add note on compatibility.
* Parse more events.
Emit warnings (or things we assume are warnings), and report unparsable
messages to the user so they can report them to us.
* Rename setup role.
* Create new CI group 6, and move docker_compose v1 tests into there.
* Split up Docker setup in integration tests.
* Change setup_docker_compose_v1 to install its own Docker SDK for Python.
* Docker SDK for Python not needed to set up registry or query host info.
* vendored Docker SDK for Python code: volume: added support for bind propagation
https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation
Cherry-picked from bea63224e0
Co-authored-by: Janne Jakob Fleischer <janne.fleischer@ils-forschung.de>
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* vendored Docker SDK for Python code: fix: eventlet compatibility
Check if poll attribute exists on select module instead of win32 platform check
The implementation done in #2865 is breaking usage of docker-py library within eventlet.
As per the Python `select.poll` documentation (https://docs.python.org/3/library/select.html#select.poll) and eventlet select removal advice (eventlet/eventlet#608 (comment)), it is preferable to use an implementation based on the availability of the `poll()` method that trying to check if the platform is `win32`.
Fixes https://github.com/docker/docker-py/issues/3131
Cherry-picked from 78439ebbe1
Co-authored-by: Mathieu Virbel <mat@meltingrocks.com>
* vendored Docker SDK for Python code: fix: use response.text to get string rather than bytes
Adjusted from 0618951093
Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com>
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* vendored Docker SDK for Python code: Fix missing asserts or assignments
Cherry-picked from 0566f1260c
Co-authored-by: Aarni Koskela <akx@iki.fi>
---------
Co-authored-by: Janne Jakob Fleischer <janne.fleischer@ils-forschung.de>
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
Co-authored-by: Mathieu Virbel <mat@meltingrocks.com>
Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com>
Co-authored-by: Aarni Koskela <akx@iki.fi>
* Make compatible with requests 2.29.0.
* This fix should also work with urllib3 2.0 according to urllib3 maintainer.
* Add changelog fragment.
* We still need the constraint for CI until Docker SDK for Python has a new release with a fix.
* Make modifications to response_class as small as possible.
* Revert "We still need the constraint for CI until Docker SDK for Python has a new release with a fix."
This reverts commit 698d544a1e08308e8bf8b4e56ab78c5079f9a17b.
* The pip coming with the ansible-core 2.11 alpine3 image seems to be too old.
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Improve test.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit d381f1a431.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
* fix: fix tmpfs_size and tmpfs_mode not being set
* fix: wrong file
* fix: add changelog fragment
* fix: update changelog fragment to match formatting
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Do not crash when plugin doesn't exist.
* Improve style.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Move copying functionality to module_utils.
* Add docker_container_copy_into module.
* Use new module in other tests.
* Fix copyright and attributes.
* Improve idempotency, improve stat code.
* Document and test when a stopped container works.
* Improve owner/group detection error handling when container is stopped.
* Fix formulation.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Improve file comparison.
* Avoid reading whole file at once.
* Stream when fetching files from daemon.
* Fix comment.
* Use read() instead of read1().
* Stream files when copying into container.
* Linting.
* Add force parameter.
* Simplify library code.
* Linting.
* Add content and content_is_b64 options.
* Make force=false work as for copy module: only copy if the destination does not exist.
* Improve docs.
* content should be no_log.
* Implement diff mode.
* Improve error handling.
* Lint and improve.
* Set owner/group ID to avoid ID lookup (which fails in paused containers).
* Apply suggestions from code review
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Cache has already been updated a few lines before.
* When skipping Docker cleanup, create flag to avoid the expensive part of the setup (including package manager cache update) to be run again.
* Update CI scripts to be more close to the ones in ansible-core.
* Extend CI matrix.
* Make sure that docker daemon is running (when not in a container).
* Make sure that connection plugin tests do not uninstall Docker daemon.
* Check some conditions.
* Fix error ignores.
* Skip SSH test on Alpine VMs.
* Take care of more errors.
* Adjust for more errors.
* Improve conditions.
* Remove new entries from CI matrix; make CI matrix nicer.
* Add more debug output.
* Add basic integration test.
* Split into lines.
* Fix docker detection, add podman detection.
ci_complete
* Improve regular expression.
* Document that this module is trying its best, but might not be perfect.
* Update comment.
* Add better tests for env and env_file.
* Make sure that non-container options are also passed to preprocessing code.
* Add changelog fragment.
* Add env_file override test.
* Add diff output to figure out a bit more why the test fails.
* Make sure that both images have been pulled in advance.
* Dump the correct image.
* Allow tty test to fail in certain circumstances.
* utils: fix IPv6 address w/ port parsing
This was using a deprecated function (`urllib.splitnport`),
ostensibly to work around issues with brackets on IPv6 addresses.
Ironically, its usage was broken, and would result in mangled IPv6
addresses if they had a port specified in some instances.
Usage of the deprecated function has been eliminated and extra test
cases added where missing. All existing cases pass as-is. (The only
other change to the test was to improve assertion messages.)
Cherry-picked from
f16c4e1147
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* client: fix exception semantics in _raise_for_status
We want "The above exception was the direct cause of the following exception:" instead of "During handling of the above exception, another exception occurred:"
Cherry-picked from
bb11197ee3
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
* tls: use auto-negotiated highest version
Specific TLS versions are deprecated in latest Python, which
causes test failures due to treating deprecation errors as
warnings.
Luckily, the fix here is straightforward: we can eliminate some
custom version selection logic by using `PROTOCOL_TLS_CLIENT`,
which is the recommended method and will select the highest TLS
version supported by both client and server.
Cherry-picked from
56dd6de7df
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* transport: fix ProxyCommand for SSH conn
Cherry-picked from
4e19cc48df
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
* ssh: do not create unnecessary subshell on exec
Cherry-picked from
bb40ba051f
Co-authored-by: liubo <liubo@uniontech.com>
* ssh: reject unknown host keys when using Python SSH impl
In the Secure Shell (SSH) protocol, host keys are used to verify the identity of remote hosts. Accepting unknown host keys may leave the connection open to man-in-the-middle attacks.
Do not accept unknown host keys. In particular, do not set the default missing host key policy for the Paramiko library to either AutoAddPolicy or WarningPolicy. Both of these policies continue even when the host key is unknown. The default setting of RejectPolicy is secure because it throws an exception when it encounters an unknown host key.
Reference: https://cwe.mitre.org/data/definitions/295.html
NOTE: This only affects SSH connections using the native Python SSH implementation (Paramiko), when `use_ssh_client=False` (default). If using the system SSH client (`use_ssh_client=True`), the host configuration
(e.g. `~/.ssh/config`) will apply.
Cherry-picked from
d9298647d9
Co-authored-by: Audun Nes <audun.nes@gmail.com>
* lint: fix deprecation warnings from threading package
Set `daemon` attribute instead of using `setDaemon` method that
was deprecated in Python 3.10.
Cherry-picked from
adf5a97b12
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
* api: preserve cause when re-raising error
Use `from e` to ensure that the error context is propagated
correctly.
Cherry-picked from
05e143429e
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* build: trim trailing whitespace from dockerignore entries
Cherry-picked from
3ee3a2486f
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Improve formulation, also mention the security change as a breaking change.
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
Co-authored-by: liubo <liubo@uniontech.com>
Co-authored-by: Audun Nes <audun.nes@gmail.com>
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Prefer unitest.mock by using compat.mock
`mock` is a backport of the `unittest.mock` module from the stdlib, and
there's no reason to use it on newer Python versions. `mock` is deprecated
in Fedora, so I figured I'd propose this here before downstream patching
our ansible-collection-community-docker package.
* Remove compat.mock code for older Python 3 versions
This removes compatibility for older versions of Python 3 that are no
longer supported.
* Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml.
* ignore.txt lines cannot be empty or contain only a comment.
* Cleanup.
* This particular __init__.py seems to be crucial.
* Try extra newline.
* Markdown comments are a real mess. I hope this won't break Galaxy...
* More licenses.
* Add sanity test.
* Skip some files, lint.
* Make sure there is a copyright line everywhere.
* Also check for copyright line in sanity tests.
* Remove colon after 'Copyright'.
* Normalize lint script.
* Avoid colon after 'Copyright' in lint script.
* Improve license checker.
* Update README.md
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Remove superfluous space.
* Referencing target instead of symlink
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Begin experiments for docker_container rewrite.
* Continued.
* We support API >= 1.25 only anyway.
* Continued.
* Fix bugs.
* Complete first basic implementation.
* Continuing.
* Improvements and fixes.
* Continuing.
* More 'easy' options.
* More options.
* Work on volumes and mounts.
* Add more options.
* The last option.
* Copy over.
* Fix exposed ports.
* Fix bugs.
* Fix command and entrypoint.
* More fixes.
* Fix more bugs.
* ci_complete
* Lint, fix Python 2.7 bugs, work around ansible-test bug.
ci_complete
* Remove no longer applicable test.
ci_complete
* Remove unnecessary ignore.
ci_complete
* Start with engine driver.
* Refactoring.
* Avoid using anything Docker specific from self.client.
* Refactor.
* Add Python 2.6 ignore.txt entries for ansible-core < 2.12.
* Improve healthcheck handling.
* Fix container removal logic.
* ci_complete
* Remove handling of older Docker SDK for Pyhon versions from integration tests.
* Avoid recreation if a pure update is possible without losing the diff data.
* Cover the case that blkio_weight does not work.
* Update plugins/module_utils/module_container/docker_api.py
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Improve memory_swap tests.
* Fix URLs in changelog fragment.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Rewrite the docker_plugin module to use the low-level client from Docker SDK for Python.
* Rewrite to no longer use the Docker SDK for Python.
* Remove Docker SDK for Python version from tests.
* Remove support for Ansible 2.9 and ansible-base 2.10.
* Remove Ansible 2.9 compatiblity code.
* Remove docker-compose from EE.
* Drop support for Python 2.6. Stop advertising docker-py for Python 2.6.
* Drop support for API versions 1.20 to 1.24.
* Fix condition.
* Vendor parts of the Docker SDK for Python
This is a combination of the latest git version
(a48a5a9647)
and the version before Python 2.7 support was removed
(650aad3a5f),
including some modifications to work with Ansible module_utils's
system (i.e. third-party imports are guarded, and errors are
reported during runtime through a new exception
MissingRequirementException).
* Create module_utils and plugin_utils for working with the vendored code.
The delete call cannot be called delete() since that method already exists from requests.
* Vendor more code from Docker SDK for Python.
* Adjust code from common module_utils.
* Add unit tests from Docker SDK for Python.
* Make test compile with Python 2.6, but skip them on Python 2.6.
* Skip test that requires a network server.
* Add changelog.
* Update changelogs/fragments/398-docker-api.yml
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Minimum API version is 1.25.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Add image_label_mismatch to docker_container
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Test image_label_mismatch error message
* Add change fragment for image_label_mismatch
* Break long line in docker_container.py for pep-8 compliance
* pep8 compliance
* Update changelogs/fragments/370-add-image-label-mismatch.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: add expected_labels to parameters_map in docker_container
* Apply suggestions from code review
* Apply suggestions from code review
* Update tests/integration/targets/docker_container/tasks/tests/options.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add RHEL 9.0 to CI.
* Add RHEL 9 specific files.
* Add Ubuntu 22.04 and Fedora 36 to CI.
* Another try.
* Adjust kernel memory tests.
* Add more details.
* RHEL 9 doesn't support setting memory swappiness.
* Fix docker_swarm_service tests.
The 'less' case should always have been changed, but it probably was always skipped
due to a too old Docker SDK for Python or a too old Docker daemon.
* More checks / improve checks.
* Run some tests with the latest PyPi version of Docker SDK for Python.
* Use new enough Python so we can actually install the latest Docker SDK for Python.
* Ansibilize
* Fix test.
* Fix two stupid errors by myself.
* template_driver integration tests
* adding comment
* naming swarm default
* Apply suggestions from code review
* Only run tests for new enough Docker SDK for Python and Docker API version.
Co-authored-by: Sasha Jenner <sasha.jenner@cba.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Try adding EE support.
* Use GHA instead of AZP for EE tests.
* Update changelog fragment, extend tests.
* Disable current_container_facts test.
* Increase verbosity.
* 2.9 compatibility.
* Use docker instead of podman for building EE and running tests in it.
* Output some more information (helpful for debugging).
* Fix GHA handling for current_container_facts.
* Try to fix permissions.
* fix config docs and update to use config system
wean off play_context which did not have the correct data in all cases
* moar fixes
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* updated for backwards compat
* badmergeresolution
* makeitworks
* attempt to fix unit test
* mocking it# No more than 50 chars. #### 50 chars is here: #
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* nomock
* remove bad paste
* properly load connection to initialize config
* initizlie docker args
* Fix bugs.
* Call _set_conn_data() when needed.
* Cache result of _get_docker_remote_user() now that it is called multiple times per task.
* Fix unit tests.
* list.clear() is Python 3...
* Add changelog.
* Call _set_conn_data() also in _connect().
Co-authored-by: Felix Fontein <felix@fontein.de>
* Implement `cap_add` and `cap_drop` handling for `docker_swarm_service`
* Fix typos in changelog fragment
* Add missing `version_added` docstrings to `docker_swarm_service`
* Check api version too in `docker_swarm_service` capability tests
* Fix API version checking in tests for docker_swarm_service
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add `cap_add` and `cap_drop` to sample output for `docker_swarm_service`
* Use proper diff checking for `docker_swarm_service` capabilities
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add parameters for rolling updates to `docker_secret`
* Extract `remove_secrets` to its own function in `docker_secret`
* Store existing secrets in a list instead of a single secret
With this change `docker_secret` now supports the case where we store
multiple versions of a secret with the `_v123` postfix.
`absent` state implicitly handles removing these this way.
* When using `rolling_versions` don't automatically remove current secret
To make rolling updates actually work instead of failing on trying to
remove a secret that is attached to a service, use the
`versions_to_keep` parameter to remove old versions of the secret after
creating the new one. This way the secret with the new data is created
with a different name and can be attached to the service by its ID
without having to delete the previous one first which would fail if it
is already attached to a service.
* Add version numbers to newly created secrets
Attach the incremental version number to the secret name as a `_v123`
postfix where `123` is replaced with an incremental counter starting
from 1.
A label with the numeric version is also attached to the secret to ease
calculating the new version number upon change with the name
`ansible_version`.
* Return `secret_name` for docker secrets as well
* Add integration test for rolling secrets
* Update `docker_secret` documentation as per review comments
* Correctly return `docker_secret` version number as int
* Use template string for naming `docker_secrets` instead of concatenation
* Return the correct secret name on deletion failure
* Simplify `docker_secret` creation
* Add missing comma for `docker_secret` schema
* Only remove old docker secrets if `rolling_versions` is set
* Add check in `docker_secret` version parsing to handle NaNs
* Add newly created `docker_secret` to internal secret list to avoid additional deletions
* Add changelog fragment for `docker_secret` `rolling_versions` feature
* Update changelogs/fragments/270-rolling-secrets.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
