* Update CI scripts to be more close to the ones in ansible-core.
* Extend CI matrix.
* Make sure that docker daemon is running (when not in a container).
* Make sure that connection plugin tests do not uninstall Docker daemon.
* Check some conditions.
* Fix error ignores.
* Skip SSH test on Alpine VMs.
* Take care of more errors.
* Adjust for more errors.
* Improve conditions.
* Remove new entries from CI matrix; make CI matrix nicer.
* Add more debug output.
* Add basic integration test.
* Split into lines.
* Fix docker detection, add podman detection.
ci_complete
* Improve regular expression.
* Document that this module is trying its best, but might not be perfect.
* Update comment.
* Add better tests for env and env_file.
* Make sure that non-container options are also passed to preprocessing code.
* Add changelog fragment.
* Add env_file override test.
* Add diff output to figure out a bit more why the test fails.
* Make sure that both images have been pulled in advance.
* Dump the correct image.
* Allow tty test to fail in certain circumstances.
* utils: fix IPv6 address w/ port parsing
This was using a deprecated function (`urllib.splitnport`),
ostensibly to work around issues with brackets on IPv6 addresses.
Ironically, its usage was broken, and would result in mangled IPv6
addresses if they had a port specified in some instances.
Usage of the deprecated function has been eliminated and extra test
cases added where missing. All existing cases pass as-is. (The only
other change to the test was to improve assertion messages.)
Cherry-picked from
f16c4e1147
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* client: fix exception semantics in _raise_for_status
We want "The above exception was the direct cause of the following exception:" instead of "During handling of the above exception, another exception occurred:"
Cherry-picked from
bb11197ee3
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
* tls: use auto-negotiated highest version
Specific TLS versions are deprecated in latest Python, which
causes test failures due to treating deprecation errors as
warnings.
Luckily, the fix here is straightforward: we can eliminate some
custom version selection logic by using `PROTOCOL_TLS_CLIENT`,
which is the recommended method and will select the highest TLS
version supported by both client and server.
Cherry-picked from
56dd6de7df
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* transport: fix ProxyCommand for SSH conn
Cherry-picked from
4e19cc48df
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
* ssh: do not create unnecessary subshell on exec
Cherry-picked from
bb40ba051f
Co-authored-by: liubo <liubo@uniontech.com>
* ssh: reject unknown host keys when using Python SSH impl
In the Secure Shell (SSH) protocol, host keys are used to verify the identity of remote hosts. Accepting unknown host keys may leave the connection open to man-in-the-middle attacks.
Do not accept unknown host keys. In particular, do not set the default missing host key policy for the Paramiko library to either AutoAddPolicy or WarningPolicy. Both of these policies continue even when the host key is unknown. The default setting of RejectPolicy is secure because it throws an exception when it encounters an unknown host key.
Reference: https://cwe.mitre.org/data/definitions/295.html
NOTE: This only affects SSH connections using the native Python SSH implementation (Paramiko), when `use_ssh_client=False` (default). If using the system SSH client (`use_ssh_client=True`), the host configuration
(e.g. `~/.ssh/config`) will apply.
Cherry-picked from
d9298647d9
Co-authored-by: Audun Nes <audun.nes@gmail.com>
* lint: fix deprecation warnings from threading package
Set `daemon` attribute instead of using `setDaemon` method that
was deprecated in Python 3.10.
Cherry-picked from
adf5a97b12
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
* api: preserve cause when re-raising error
Use `from e` to ensure that the error context is propagated
correctly.
Cherry-picked from
05e143429e
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* build: trim trailing whitespace from dockerignore entries
Cherry-picked from
3ee3a2486f
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Improve formulation, also mention the security change as a breaking change.
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
Co-authored-by: liubo <liubo@uniontech.com>
Co-authored-by: Audun Nes <audun.nes@gmail.com>
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Prefer unitest.mock by using compat.mock
`mock` is a backport of the `unittest.mock` module from the stdlib, and
there's no reason to use it on newer Python versions. `mock` is deprecated
in Fedora, so I figured I'd propose this here before downstream patching
our ansible-collection-community-docker package.
* Remove compat.mock code for older Python 3 versions
This removes compatibility for older versions of Python 3 that are no
longer supported.
* Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml.
* ignore.txt lines cannot be empty or contain only a comment.
* Cleanup.
* This particular __init__.py seems to be crucial.
* Try extra newline.
* Markdown comments are a real mess. I hope this won't break Galaxy...
* More licenses.
* Add sanity test.
* Skip some files, lint.
* Make sure there is a copyright line everywhere.
* Also check for copyright line in sanity tests.
* Remove colon after 'Copyright'.
* Normalize lint script.
* Avoid colon after 'Copyright' in lint script.
* Improve license checker.
* Update README.md
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Remove superfluous space.
* Referencing target instead of symlink
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Begin experiments for docker_container rewrite.
* Continued.
* We support API >= 1.25 only anyway.
* Continued.
* Fix bugs.
* Complete first basic implementation.
* Continuing.
* Improvements and fixes.
* Continuing.
* More 'easy' options.
* More options.
* Work on volumes and mounts.
* Add more options.
* The last option.
* Copy over.
* Fix exposed ports.
* Fix bugs.
* Fix command and entrypoint.
* More fixes.
* Fix more bugs.
* ci_complete
* Lint, fix Python 2.7 bugs, work around ansible-test bug.
ci_complete
* Remove no longer applicable test.
ci_complete
* Remove unnecessary ignore.
ci_complete
* Start with engine driver.
* Refactoring.
* Avoid using anything Docker specific from self.client.
* Refactor.
* Add Python 2.6 ignore.txt entries for ansible-core < 2.12.
* Improve healthcheck handling.
* Fix container removal logic.
* ci_complete
* Remove handling of older Docker SDK for Pyhon versions from integration tests.
* Avoid recreation if a pure update is possible without losing the diff data.
* Cover the case that blkio_weight does not work.
* Update plugins/module_utils/module_container/docker_api.py
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Improve memory_swap tests.
* Fix URLs in changelog fragment.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Rewrite the docker_plugin module to use the low-level client from Docker SDK for Python.
* Rewrite to no longer use the Docker SDK for Python.
* Remove Docker SDK for Python version from tests.
* Remove support for Ansible 2.9 and ansible-base 2.10.
* Remove Ansible 2.9 compatiblity code.
* Remove docker-compose from EE.
* Drop support for Python 2.6. Stop advertising docker-py for Python 2.6.
* Drop support for API versions 1.20 to 1.24.
* Fix condition.
* Vendor parts of the Docker SDK for Python
This is a combination of the latest git version
(a48a5a9647)
and the version before Python 2.7 support was removed
(650aad3a5f),
including some modifications to work with Ansible module_utils's
system (i.e. third-party imports are guarded, and errors are
reported during runtime through a new exception
MissingRequirementException).
* Create module_utils and plugin_utils for working with the vendored code.
The delete call cannot be called delete() since that method already exists from requests.
* Vendor more code from Docker SDK for Python.
* Adjust code from common module_utils.
* Add unit tests from Docker SDK for Python.
* Make test compile with Python 2.6, but skip them on Python 2.6.
* Skip test that requires a network server.
* Add changelog.
* Update changelogs/fragments/398-docker-api.yml
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Minimum API version is 1.25.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Add image_label_mismatch to docker_container
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Test image_label_mismatch error message
* Add change fragment for image_label_mismatch
* Break long line in docker_container.py for pep-8 compliance
* pep8 compliance
* Update changelogs/fragments/370-add-image-label-mismatch.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: add expected_labels to parameters_map in docker_container
* Apply suggestions from code review
* Apply suggestions from code review
* Update tests/integration/targets/docker_container/tasks/tests/options.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add RHEL 9.0 to CI.
* Add RHEL 9 specific files.
* Add Ubuntu 22.04 and Fedora 36 to CI.
* Another try.
* Adjust kernel memory tests.
* Add more details.
* RHEL 9 doesn't support setting memory swappiness.
* Fix docker_swarm_service tests.
The 'less' case should always have been changed, but it probably was always skipped
due to a too old Docker SDK for Python or a too old Docker daemon.
* More checks / improve checks.
* Run some tests with the latest PyPi version of Docker SDK for Python.
* Use new enough Python so we can actually install the latest Docker SDK for Python.
* Ansibilize
* Fix test.
* Fix two stupid errors by myself.
* template_driver integration tests
* adding comment
* naming swarm default
* Apply suggestions from code review
* Only run tests for new enough Docker SDK for Python and Docker API version.
Co-authored-by: Sasha Jenner <sasha.jenner@cba.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Try adding EE support.
* Use GHA instead of AZP for EE tests.
* Update changelog fragment, extend tests.
* Disable current_container_facts test.
* Increase verbosity.
* 2.9 compatibility.
* Use docker instead of podman for building EE and running tests in it.
* Output some more information (helpful for debugging).
* Fix GHA handling for current_container_facts.
* Try to fix permissions.
* fix config docs and update to use config system
wean off play_context which did not have the correct data in all cases
* moar fixes
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* updated for backwards compat
* badmergeresolution
* makeitworks
* attempt to fix unit test
* mocking it# No more than 50 chars. #### 50 chars is here: #
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/connection/docker.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* nomock
* remove bad paste
* properly load connection to initialize config
* initizlie docker args
* Fix bugs.
* Call _set_conn_data() when needed.
* Cache result of _get_docker_remote_user() now that it is called multiple times per task.
* Fix unit tests.
* list.clear() is Python 3...
* Add changelog.
* Call _set_conn_data() also in _connect().
Co-authored-by: Felix Fontein <felix@fontein.de>
* Implement `cap_add` and `cap_drop` handling for `docker_swarm_service`
* Fix typos in changelog fragment
* Add missing `version_added` docstrings to `docker_swarm_service`
* Check api version too in `docker_swarm_service` capability tests
* Fix API version checking in tests for docker_swarm_service
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add `cap_add` and `cap_drop` to sample output for `docker_swarm_service`
* Use proper diff checking for `docker_swarm_service` capabilities
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add parameters for rolling updates to `docker_secret`
* Extract `remove_secrets` to its own function in `docker_secret`
* Store existing secrets in a list instead of a single secret
With this change `docker_secret` now supports the case where we store
multiple versions of a secret with the `_v123` postfix.
`absent` state implicitly handles removing these this way.
* When using `rolling_versions` don't automatically remove current secret
To make rolling updates actually work instead of failing on trying to
remove a secret that is attached to a service, use the
`versions_to_keep` parameter to remove old versions of the secret after
creating the new one. This way the secret with the new data is created
with a different name and can be attached to the service by its ID
without having to delete the previous one first which would fail if it
is already attached to a service.
* Add version numbers to newly created secrets
Attach the incremental version number to the secret name as a `_v123`
postfix where `123` is replaced with an incremental counter starting
from 1.
A label with the numeric version is also attached to the secret to ease
calculating the new version number upon change with the name
`ansible_version`.
* Return `secret_name` for docker secrets as well
* Add integration test for rolling secrets
* Update `docker_secret` documentation as per review comments
* Correctly return `docker_secret` version number as int
* Use template string for naming `docker_secrets` instead of concatenation
* Return the correct secret name on deletion failure
* Simplify `docker_secret` creation
* Add missing comma for `docker_secret` schema
* Only remove old docker secrets if `rolling_versions` is set
* Add check in `docker_secret` version parsing to handle NaNs
* Add newly created `docker_secret` to internal secret list to avoid additional deletions
* Add changelog fragment for `docker_secret` `rolling_versions` feature
* Update changelogs/fragments/270-rolling-secrets.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove docker_login's email option.
* container_default_behavior now has default value no_defaults.
* Disallow 'all' next to other ports. Deprecate 'all' in favor of publish_all_ports.
* Change default for network_mode.
* Add changelog fragment.
* Fix tests.
* Next expected release is 2.0.0.
* Show inspection results for all Docker networks before running docker_network tests.
* AZP/Docker seems to prefer networks in 172.0.0.0/8, so we use 10.0.0.0/8 for our tests.
* Fix use of wrong variable.
* Use remote temp path, replace remote lookups.
* Copy local files.
* Change docker resource name prefix from ansible-test to ansible-docker-test to avoid collision with ansible-test's containers.
* Fix typos.
* We don't neceessarily have a TTY.
* Use hopefully less collision-likely subnet.
* More collision avoidance.
* More changes.
* Fix handling of command and entrypoint in a backwards-compatible way.
* Fix copy'n'paste error.
* Fix some more.
* Improve documentation.
* Keep command and entrypoint as lists and not as strings.
* Simplify code, since we're already emitting the deprecation warning in this case during parameter processing.
* Change default only in community.docker 3.0.0.
* Update tests/integration/targets/docker_container/tasks/tests/options.yml
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Apply suggestion to more places.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Initial commit
* Adding changelog fragment
* Updating deprecation notice
* Adding integration test
* Applying second round of review suggestions
* Updating docs and cleaning up integration tests
* Updating test loop logic
* Add test to tag image with ID.
* Document that source=local also works with image IDs.
* Improve 'repository' documentation.
* Fix typo.
* Looks like a fix is needed to make this work.
* ...
* Avoid unnecessary re.search() calls.
* Add changelog fragment.
* Improve main description.
* Remove import.
* Add basic docker_compose tests.
* Add more constraints for Py 2.
* Try to install docker-compose from system packages.
* Another try.
* Some more tries.
* One more.
* Move task into block.
* Clean up constraints file.
* More adjustments.
* TEMP: add debug output
* feat: allow unlimited memory_swap in docker_container
summary: in docker_container, allow `memory_swap: values
`unlimited` and `-1` for unlimited container swap usage.
`--memory-swap=-1` is a valid docker run value allowing
unlimited swap usage. `docker_container` should allow
setting this value via `memory_swap` values `unlimited`
and `-1` as it sometimes must explicitly be set to prevent
docker from attempting to limit swap usage to double the
`--memory` value by default. In rootless docker environments,
attempting to set `memory-swap` usage limits will result in an error
if the user doesn't have the ability to do so. Allowing explicit
unlimited swap usage via docker_container will prevent these errors.
https://docs.docker.com/config/containers/resource_constraints/#--memory-swap-details
* Update tests/integration/targets/docker_container/tasks/tests/options.yml
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Move some code from plugin_utils to module_utils.
* First version of docker_container_exec module.
* Linting.
* Avoid using display.
* Move common socket_handler code to module_utils.
* Add module support, use it in docker_container_exec.
* Add tests.
* Fix copyright lines.
* Add this and other 'new' modules to README.
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/docker_container_exec.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add docker_image_load module.
* Polish module.
* Fix bug and add tests.
* Apply suggestions from code review
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Make sure that containers that still exist are also cleared.
* Always return stdout.
* Try to work around removal problems.
* Accept that the Docker daemon sometimes only reports the named image.
* More debug output.
* Also prune containers, in the hope that these cause the problems.
* Let's see whether pruning containers (but not images) is enough.
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/docker_image_load.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Amin Vakil <info@aminvakil.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* New module docker-plugin with integration_tests
* Fix sanity test
* Changes made as per the reviewer suggested
* Fix check-mode and test directory
* Fix Sanity
* fix integration
* fix integration
* fix integration
* fix integration
* Allow to specify pull platform.
* Add basic test and document that the value is not used for idempotency at the moment.
* Fix pulling.
* Simplify code.
* Add API version for pull_platform.
* Move pull_platform into new pull option. Use apply_defaults=True to avoid some special logic.
* Add example.
* Remove apply_defaults=True.
* Avoid crash for docker-py < 2.5.0.
* Add warnings when load_image does not return a generator.
* Add test.
* Update plugins/modules/docker_image.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Support IPv6 zones (RFC 4007).
* Add changelog fragment.
* Remove change for docker_network.
* Add IPv6 zone test.
It looks like an arbitrary zone name works. If Docker daemon ever starts
validating it (against what?) we either have to try to fix this test by
a valid value, or remove it again.
* Began with docker inventory plugin.
* Linting.
* Improve plugin, add basic unit tests.
* Linting.
* Add integration test.
* Adjust tests to case that there are more containers.
* There can be stopped containers.
ci_coverage
* docker -> docker_containers
* Add new facts module for determining whether the module is running inside a container or not.
* Add containers to main network.
* Fix running tests locally with newer docker.
* Simplify setup_openssl to only install cryptography.
* Add alias in network.
* Make sure to upgrade cryptography to something more sensible on Ubuntu 16.04.
* Don't jump through hoops for bridge.
* Try to use other IPv4 nets.
* Improve module docs.
* Remove PATH hack
azure-pipelines-test-container:1.7.1 contains a proper fix for ensuring
PATH contains the location of pip installed binaries so we can remove
the hack.
* Correct RHEL groups
Cleanup means purging the docker daemon. This was necessary when the
docker tests were run as part of ansible/ansible and community.general
CI, but in the community.docker CI the problematic runs are on their
own CI node.
ci_complete
