* Add note on idempotency.
* Make platform a list of strings.
* Support specifying secrets.
* Add test for secrets.
* Support specifying outputs.
* Ignore invalid choices syntax for ansible-core <= 2.16.
It actually works with ansible-core 2.14+ (though not with <= 2.13),
but the sanity tests only accept it from 2.17 on.
* Only use --secret with type=env for buildx 0.6.0+, and multiple --output for buildx 0.13.0+.
* add sysctls option to docker_swarm_service
* Add added version number
Co-authored-by: Felix Fontein <felix@fontein.de>
* version added -> 3.10.0
Co-authored-by: Felix Fontein <felix@fontein.de>
* changelog fragment for docker_swarm_service sysctls
* add minimal docker_py / docker_api versions to use for sysctls
* set expected sysctls to null on integration test
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow to specify inline compose definitions.
* Remove comma that trips Python 2.7.
* Add tests.
* Add PyYAML as EE dependency.
* Be more explicit on PyYAML.
* docs(docker_plugin): note that `--grant-all-permissions` is true by default
Fixes#145
* Update plugins/modules/docker_plugin.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow to configure behavior of pull=true in check mode.
* Change pull to option that accepts some strings as well, such as pull=never.
* Adjust values.
* Add inventory filter capability.
* Use community.library_inventory_filtering_v1 collection.
* Bump dependency to 1.0.0.
* Mention the new dependency in the changelog.
* Add pull option for 'docker compose up'.
* Improve dry-mode event parsing, and also parse pull-related events.
* Improve error handling, and add first tests.
* Fix action status documentation.
* Add more tests.
* Always return stderr.
This makes debugging misbehavior a lot easier since you can see
what 'docker compose' actually returned.
* Reformat existing tests.
* Mention new modules in guide.
* Improve formatting.
* Improve docs for SSL version option.
* Add docs and example for module defaults group.
* Remove not applicable comment.
* Improvements.
* Remove dead link for Ansible Operator.
* Ansible-bender seems to be no longer actively maintained, and its more aimed at podman.
* Add note and preamble for example.
* Add docker_compose_v2 module.
* Add note on compatibility.
* Parse more events.
Emit warnings (or things we assume are warnings), and report unparsable
messages to the user so they can report them to us.
* Do not accept ssl_version for Docker SDK for Python 7.0.0+.
* Add changelog fragment.
* Generally avoid sending None values to TLSConfig. Potentially prevents similar errors in the future, assuming the users do not pass values in.
* Python 2.6 compatibility.
* Always get the container's image as well to allow get_value() to use that one too.
* Allow options and engines to overwrite comparison functions.
* Do not fail if image (by ID) cannot be found.
* Allow to control when container image is needed.
* Pass option to compare function.
* Allow to pass the host info for retrieving a value.
* Add changelog fragment.
* vendored Docker SDK for Python code: volume: added support for bind propagation
https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation
Cherry-picked from bea63224e0
Co-authored-by: Janne Jakob Fleischer <janne.fleischer@ils-forschung.de>
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* vendored Docker SDK for Python code: fix: eventlet compatibility
Check if poll attribute exists on select module instead of win32 platform check
The implementation done in #2865 is breaking usage of docker-py library within eventlet.
As per the Python `select.poll` documentation (https://docs.python.org/3/library/select.html#select.poll) and eventlet select removal advice (eventlet/eventlet#608 (comment)), it is preferable to use an implementation based on the availability of the `poll()` method that trying to check if the platform is `win32`.
Fixes https://github.com/docker/docker-py/issues/3131
Cherry-picked from 78439ebbe1
Co-authored-by: Mathieu Virbel <mat@meltingrocks.com>
* vendored Docker SDK for Python code: fix: use response.text to get string rather than bytes
Adjusted from 0618951093
Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com>
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* vendored Docker SDK for Python code: Fix missing asserts or assignments
Cherry-picked from 0566f1260c
Co-authored-by: Aarni Koskela <akx@iki.fi>
---------
Co-authored-by: Janne Jakob Fleischer <janne.fleischer@ils-forschung.de>
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
Co-authored-by: Mathieu Virbel <mat@meltingrocks.com>
Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com>
Co-authored-by: Aarni Koskela <akx@iki.fi>
* Update documentation to reflect module functionality
Clarify that this module is used for accessing information on all stacks
Add link to docker_stack_task_info module for users looking for detailed info on a single stack
Fixes#690
* Remove trailing whitespace, add trailing period.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* socket: fix for errors on pipe close in Windows (https://github.com/docker/docker-py/pull/3099)
Need to return data, not size. By returning an empty
string, EOF will be detected properly since `len()`
will be `0`.
Fixes https://github.com/docker/docker-py/issues/3098.
Cherry-picked from f84623225e
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* socket: use poll() instead of select() except on Windows (https://github.com/docker/docker-py/pull/2865)
Fixes https://github.com/docker/docker-py/issues/2278, which was originally addressed in https://github.com/docker/docker-py/pull/2279, but was not
properly merged. Additionally it did not address the problem
of poll not existing on Windows. This patch falls back on the
more limited select method if host system is Windows.
Cherry-picked from a02ba74333
Co-authored-by: Tyler Westland <tylerofthewest@gmail.com>
* api: respect timeouts on Windows named pipes (https://github.com/docker/docker-py/pull/3112)
Cherry-picked from 9cadad009e
Co-authored-by: Imogen <59090860+ImogenBits@users.noreply.github.com>
* Add URL to changelog.
* api: avoid socket timeouts when executing commands (https://github.com/docker/docker-py/pull/3125)
Only listen to read events when polling a socket in order
to avoid incorrectly trying to read from a socket that is
not actually ready.
Cherry-picked from c5e582c413
Co-authored-by: Loïc Leyendecker <loic.leyendecker@gmail.com>
---------
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
Co-authored-by: Tyler Westland <tylerofthewest@gmail.com>
Co-authored-by: Imogen <59090860+ImogenBits@users.noreply.github.com>
Co-authored-by: Loïc Leyendecker <loic.leyendecker@gmail.com>
* Improve examples: use FQCNs and always add name: to tasks.
* Improvements.
Co-authored-by: Don Naro <dnaro@redhat.com>
---------
Co-authored-by: Don Naro <dnaro@redhat.com>
* Make compatible with requests 2.29.0.
* This fix should also work with urllib3 2.0 according to urllib3 maintainer.
* Add changelog fragment.
* We still need the constraint for CI until Docker SDK for Python has a new release with a fix.
* Make modifications to response_class as small as possible.
* Revert "We still need the constraint for CI until Docker SDK for Python has a new release with a fix."
This reverts commit 698d544a1e08308e8bf8b4e56ab78c5079f9a17b.
* The pip coming with the ansible-core 2.11 alpine3 image seems to be too old.
* docker_swarm: document manager removal
Add note that community.docker.swarm_node needs to
be used to demote a manager before it can be removed.
Fixes#601.
* docker_swarm: improve wording
* docker_swarm: fix formatting
Requests with stream=True MUST be closed or else the connection will
never be returned to the connection pool. Both ContainerApiMixin.attach
and ExecApiMixin.exec_start were leaking in the stream=False case.
exec_start was modified to follow attach for the stream=True case as
that allows the caller to close the stream when done (untested).
Tested with:
# Test exec_run (stream=False) - observe one less leak
make integration-test-py3 file=models_containers_test.py' -k test_exec_run_success -vs -W error::ResourceWarning'
# Test exec_start (stream=True, fully reads from CancellableStream)
make integration-test-py3 file=api_exec_test.py' -k test_execute_command -vs -W error::ResourceWarning'
After this change, one resource leak is removed, the remaining resource
leaks occur because none of the tests call client.close().
Fixes https://github.com/docker/docker-py/issues/1293
(Regression from https://github.com/docker/docker-py/pull/1130)
Cherry-picked from 34e6829dd4
Co-authored-by: Peter Wu <pwu@cloudflare.com>
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* fix: fix tmpfs_size and tmpfs_mode not being set
* fix: wrong file
* fix: add changelog fragment
* fix: update changelog fragment to match formatting
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Improve current_container_facts docs.
* [TEMP] Run current_container_facts module in CI outside of ansible-test.
* Revert "[TEMP] Run current_container_facts module in CI outside of ansible-test."
This reverts commit 1cdd3e3550.
* Describe current state of return values.
##### SUMMARY
The current path to the running state does not include `output.services.` which it should.
##### ISSUE TYPE
- Docs Pull Request
+label: docsite_pr
* Do not crash when plugin doesn't exist.
* Improve style.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Move copying functionality to module_utils.
* Add docker_container_copy_into module.
* Use new module in other tests.
* Fix copyright and attributes.
* Improve idempotency, improve stat code.
* Document and test when a stopped container works.
* Improve owner/group detection error handling when container is stopped.
* Fix formulation.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Improve file comparison.
* Avoid reading whole file at once.
* Stream when fetching files from daemon.
* Fix comment.
* Use read() instead of read1().
* Stream files when copying into container.
* Linting.
* Add force parameter.
* Simplify library code.
* Linting.
* Add content and content_is_b64 options.
* Make force=false work as for copy module: only copy if the destination does not exist.
* Improve docs.
* content should be no_log.
* Implement diff mode.
* Improve error handling.
* Lint and improve.
* Set owner/group ID to avoid ID lookup (which fails in paused containers).
* Apply suggestions from code review
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Add more debug output.
* Add basic integration test.
* Split into lines.
* Fix docker detection, add podman detection.
ci_complete
* Improve regular expression.
* Document that this module is trying its best, but might not be perfect.
* Update comment.
* Add better tests for env and env_file.
* Make sure that non-container options are also passed to preprocessing code.
* Add changelog fragment.
* Add env_file override test.
* Add diff output to figure out a bit more why the test fails.
* Make sure that both images have been pulled in advance.
* Dump the correct image.
* Allow tty test to fail in certain circumstances.
This is related to
42789818be
in the sense that for Python > 2, we also exclusively use shutil.which now,
but we do not remove the helper function since we need it for Python 2 on Windows.
Co-authored-by: Daniel Möller <n1ngu@riseup.net>
Co-authored-by: Daniel Möller <n1ngu@riseup.net>
* utils: fix IPv6 address w/ port parsing
This was using a deprecated function (`urllib.splitnport`),
ostensibly to work around issues with brackets on IPv6 addresses.
Ironically, its usage was broken, and would result in mangled IPv6
addresses if they had a port specified in some instances.
Usage of the deprecated function has been eliminated and extra test
cases added where missing. All existing cases pass as-is. (The only
other change to the test was to improve assertion messages.)
Cherry-picked from
f16c4e1147
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* client: fix exception semantics in _raise_for_status
We want "The above exception was the direct cause of the following exception:" instead of "During handling of the above exception, another exception occurred:"
Cherry-picked from
bb11197ee3
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
* tls: use auto-negotiated highest version
Specific TLS versions are deprecated in latest Python, which
causes test failures due to treating deprecation errors as
warnings.
Luckily, the fix here is straightforward: we can eliminate some
custom version selection logic by using `PROTOCOL_TLS_CLIENT`,
which is the recommended method and will select the highest TLS
version supported by both client and server.
Cherry-picked from
56dd6de7df
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* transport: fix ProxyCommand for SSH conn
Cherry-picked from
4e19cc48df
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
* ssh: do not create unnecessary subshell on exec
Cherry-picked from
bb40ba051f
Co-authored-by: liubo <liubo@uniontech.com>
* ssh: reject unknown host keys when using Python SSH impl
In the Secure Shell (SSH) protocol, host keys are used to verify the identity of remote hosts. Accepting unknown host keys may leave the connection open to man-in-the-middle attacks.
Do not accept unknown host keys. In particular, do not set the default missing host key policy for the Paramiko library to either AutoAddPolicy or WarningPolicy. Both of these policies continue even when the host key is unknown. The default setting of RejectPolicy is secure because it throws an exception when it encounters an unknown host key.
Reference: https://cwe.mitre.org/data/definitions/295.html
NOTE: This only affects SSH connections using the native Python SSH implementation (Paramiko), when `use_ssh_client=False` (default). If using the system SSH client (`use_ssh_client=True`), the host configuration
(e.g. `~/.ssh/config`) will apply.
Cherry-picked from
d9298647d9
Co-authored-by: Audun Nes <audun.nes@gmail.com>
* lint: fix deprecation warnings from threading package
Set `daemon` attribute instead of using `setDaemon` method that
was deprecated in Python 3.10.
Cherry-picked from
adf5a97b12
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
* api: preserve cause when re-raising error
Use `from e` to ensure that the error context is propagated
correctly.
Cherry-picked from
05e143429e
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
* build: trim trailing whitespace from dockerignore entries
Cherry-picked from
3ee3a2486f
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Improve formulation, also mention the security change as a breaking change.
Co-authored-by: Milas Bowman <milas.bowman@docker.com>
Co-authored-by: Maor Kleinberger <kmaork@gmail.com>
Co-authored-by: Guy Lichtman <glicht@users.noreply.github.com>
Co-authored-by: liubo <liubo@uniontech.com>
Co-authored-by: Audun Nes <audun.nes@gmail.com>
Co-authored-by: Karthikeyan Singaravelan <tir.karthi@gmail.com>
Co-authored-by: Clément Loiselet <clement.loiselet@capgemini.com>
* Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml.
* ignore.txt lines cannot be empty or contain only a comment.
* Cleanup.
* This particular __init__.py seems to be crucial.
* Try extra newline.
* Markdown comments are a real mess. I hope this won't break Galaxy...
* More licenses.
* Add sanity test.
* Skip some files, lint.
* Make sure there is a copyright line everywhere.
* Also check for copyright line in sanity tests.
* Remove colon after 'Copyright'.
* Normalize lint script.
* Avoid colon after 'Copyright' in lint script.
* Improve license checker.
* Update README.md
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Remove superfluous space.
* Referencing target instead of symlink
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Begin experiments for docker_container rewrite.
* Continued.
* We support API >= 1.25 only anyway.
* Continued.
* Fix bugs.
* Complete first basic implementation.
* Continuing.
* Improvements and fixes.
* Continuing.
* More 'easy' options.
* More options.
* Work on volumes and mounts.
* Add more options.
* The last option.
* Copy over.
* Fix exposed ports.
* Fix bugs.
* Fix command and entrypoint.
* More fixes.
* Fix more bugs.
* ci_complete
* Lint, fix Python 2.7 bugs, work around ansible-test bug.
ci_complete
* Remove no longer applicable test.
ci_complete
* Remove unnecessary ignore.
ci_complete
* Start with engine driver.
* Refactoring.
* Avoid using anything Docker specific from self.client.
* Refactor.
* Add Python 2.6 ignore.txt entries for ansible-core < 2.12.
* Improve healthcheck handling.
* Fix container removal logic.
* ci_complete
* Remove handling of older Docker SDK for Pyhon versions from integration tests.
* Avoid recreation if a pure update is possible without losing the diff data.
* Cover the case that blkio_weight does not work.
* Update plugins/module_utils/module_container/docker_api.py
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Improve memory_swap tests.
* Fix URLs in changelog fragment.
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* Rewrite the docker_plugin module to use the low-level client from Docker SDK for Python.
* Rewrite to no longer use the Docker SDK for Python.
* Remove Docker SDK for Python version from tests.
* List missing plugins.
* Fix short description.
* Improve section on requirements.
* Apply suggestions from code review
Co-authored-by: Don Naro <dnaro@redhat.com>
Co-authored-by: Don Naro <dnaro@redhat.com>
