Merge 8cdf51b3b3 into 1b9ae1c77f

Replace FreeBSD 13.3 with 13.4 and add FreeBSD 14.1 for devel

SUMMARY
Replace FreeBSD 13.3 with 13.4 and add FreeBSD 14.1 for integration test environments for ansible-core devel branch.
ISSUE TYPE

CI tests Pull Request

COMPONENT NAME

ansible.posix

ADDITIONAL INFORMATION

None

.azure-pipelines/azure-pipelines.yml

@@ -57,6 +57,21 @@ stages:
               test: units
             - name: Lint
               test: lint
+  - stage: Sanity_2_18
+    displayName: Ansible 2.18 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: 2.18/{0}
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+            - name: Lint
+              test: lint
   - stage: Sanity_2_17
     displayName: Ansible 2.17 sanity
     dependsOn: []
@@ -113,6 +128,20 @@ stages:
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
+  - stage: Docker_2_18
+    displayName: Docker devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.18/linux/{0}/1
+          targets:
+            - name: Fedora 40
+              test: fedora40
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
   - stage: Docker_2_17
     displayName: Docker 2.17
     dependsOn: []
@@ -171,6 +200,20 @@ stages:
       - template: templates/matrix.yml
         parameters:
           testFormat: devel/{0}/1
+          targets:
+            - name: RHEL 9.4
+              test: rhel/9.4
+            - name: FreeBSD 14.1
+              test: freebsd/14.1
+            - name: FreeBSD 13.4
+              test: freebsd/13.4
+  - stage: Remote_2_18
+    displayName: Remote devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.18/{0}/1
           targets:
             - name: RHEL 9.4
               test: rhel/9.4
@@ -234,6 +277,9 @@ stages:
       - Sanity_2_17
       - Remote_2_17
       - Docker_2_17
+      - Sanity_2_18
+      - Remote_2_18
+      - Docker_2_18
       - Sanity_devel
       - Remote_devel
       - Docker_devel

README.md

@@ -4,9 +4,6 @@
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
 [![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
 
-<!-- Describe the collection and why a user would want to use it. What does the collection do? -->
-An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems.
-
 ## Communication
 
 * Join the Ansible forum:
@@ -14,85 +11,103 @@ An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and de
   * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
   * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
 
-* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
+## Description
 
-For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+<!-- Describe the collection and why a user would want to use it. What does the collection do? -->
+An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems.
 
-## Supported Versions of Ansible
+## Requirements
-<!--start requires_ansible-->
-## Ansible version compatibility
 
-This collection has been tested against following Ansible versions: **>=2.15**.
+* Python:
-<!--end requires_ansible-->
+  * The Python interpreter version must meet Ansible Core's requirements.
+* Ansible Core:
+  - ansible-core 2.15 or later
 
-## Included content
+## Installation
-Check out [Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/ansible/posix/content/) or [the Ansible documentation](https://docs.ansible.com/ansible/devel/collections/ansible/posix/) for all modules and plugins included in this collection.
 
-## Installing this collection
+Before using this collection, you need to install it with the Ansible Galaxy command-line tool:
 
-You can install the ``ansible.posix`` collection with the Ansible Galaxy CLI:
+```shell
+ansible-galaxy collection install ansible.posix
+```
 
-    ansible-galaxy collection install ansible.posix
+You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:
 
-You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format:
 
 ```yaml
----
 collections:
   - name: ansible.posix
 ```
 
-## Using this collection
+Note that if you install any collections from Ansible Galaxy, they will not be upgraded automatically when you upgrade the Ansible package.
+To upgrade the collection to the latest available version, run the following command:
 
-<!--Include some quick examples that cover the most common use cases for your collection content. -->
+```shell
+ansible-galaxy collection install ansible.posix --upgrade
+```
 
-See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details.
+You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 1.0.0:
 
-## Contributing to this collection
+```shell
+ansible-galaxy collection install ansible.posix:==1.0.0
+```
 
-<!--Describe how the community can contribute to your collection. At a minimum, include how and where users can create issues to report problems or request features for this collection.  List contribution requirements, including preferred workflows and necessary testing, so you can benefit from community PRs. If you are following general Ansible contributor guidelines, you can link to - [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html). -->
+See [using Ansible collections](https://docs.ansible.com/ansible/devel/user_guide/collections_using.html) for more details.
 
-We welcome community contributions to this collection. See [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details.
+* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
+
+For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+
+## Use Cases
+
+You can see the general use-cases as an example by `ansible-doc` command like below.
+
+For example, ansible.posix.firewalld module:
+```shell
+ansible-doc ansible.posix.firewalld
+```
+
+Also, if you want to confirm the plugins descriptions, you can follow the following option with `ansible-doc` command:
+
+For example, ansible.posix.profile_tasks callback plugin:
+```shell
+ansible-doc -t callback ansible.posix.profile_tasks
+```
+
+## Testing
+
+The following ansible-core versions have been tested with this collection:
+
+- ansible-core 2.19 (devel)
+- ansible-core 2.18 (stable) *
+- ansible-core 2.17 (stable)
+- ansible-core 2.16 (stable)
+- ansible-core 2.15 (stable)
+
+## Contributing
+
+We welcome community contributions to this collection. For more details, see [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details.
 
 * [Issues](https://github.com/ansible-collections/ansible.posix/issues)
 * [Pull Requests](https://github.com/ansible-collections/ansible.posix/pulls)
 * [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html)
 
-### Code of Conduct
-This collection follows the Ansible project's
-[Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html).
-Please read and familiarize yourself with this document.
 
-## Release notes
+## Support
+
+See [Communication](#Communication) section.
+
+## Release Notes and Roadmap
+
 See [changelog](https://github.com/ansible-collections/ansible.posix/blob/main/CHANGELOG.rst) for more details.
 
-## External requirements
+## Related Information
 
-None
+This document was written using the following [template](https://access.redhat.com/articles/7068606).
 
-## Tested with Ansible
+The README has been carefully prepared to cover the [community template](https://github.com/ansible-collections/collection_template/blob/main/README.md), but if you find any problems, please file a [documentation issue](https://github.com/ansible-collections/ansible.posix/issues/new?assignees=&labels=&projects=&template=documentation_report.md).
 
-<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
+## License Information
-
-- ansible-core 2.18 (devel)
-- ansible-core 2.17 (stable)
-- ansible-core 2.16 (stable)
-- ansible-core 2.15 (stable)
-
-## Roadmap
-
-<!-- Optional. Include the roadmap for this collection, and the proposed release/versioning strategy so users can anticipate the upgrade/update cycle. -->
-
-## More information
-
-<!-- List out where the user can find additional information, such as working group meeting times, slack/IRC channels, or documentation for the product this collection automates. At a minimum, link to: -->
-
-- [Ansible Collection overview](https://github.com/ansible-collections/overview)
-- [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html)
-- [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html)
-- [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)
-
-## Licensing
 
 GNU General Public License v3.0 or later.
 

changelogs/fragments/365-boot-linux.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).

changelogs/fragments/387_callback_output_header.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).

changelogs/fragments/428-synchronize-user-defined-out-format.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - synchronize - user-defined ``--out-format`` in ``rsync_opts`` is now honored in the returned output. (https://github.com/ansible-collections/ansible.posix/pull/428)

changelogs/fragments/566_bump_version_161.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump version to 1.6.1 for next release.

changelogs/fragments/567_remove_version_added.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - mount - remove wrong version_added section from ``opts_no_log``.

changelogs/fragments/568_update_authorized_key.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)

changelogs/fragments/570_nfs4_acl.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).

changelogs/fragments/571_ci_bump_core_version.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible-core version to 2.19 of devel branch and add 2.18 to CI.

changelogs/fragments/576_bump_version_2.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible.posix version to 2.0.0.

changelogs/fragments/581_ci_selinux.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - selinux - conditions for selinux integration tests have been modified to be more accurate.

changelogs/fragments/584_firewalld_opt_type.yml

@@ -0,0 +1,3 @@
+---
+breaking_changes:
+  - firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).

changelogs/fragments/587_update_README.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - README.md - update README to cover RH guidelines (https://github.com/ansible-collections/ansible.posix/issues/585).

changelogs/fragments/588_ci_enable_devel.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Enabled remote and docker integration tests for devel branch.

changelogs/fragments/593_replace_freebsd_version.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Replaced FreeBSD version 13.3 with 13.4 and 14.1 in CI for devel branch.

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: ansible
 name: posix
-version: 1.6.0
+version: 2.0.0
 readme: README.md
 authors:
   - Ansible (github.com/ansible)
@@ -10,6 +10,6 @@ license_file: COPYING
 tags: [posix, networking, shell, unix]
 dependencies: {}
 repository: https://github.com/ansible-collections/ansible.posix
-documentation: https://github.com/ansible-collections/ansible.posix/tree/main/docs
+documentation: https://docs.ansible.com/ansible/latest/collections/ansible/posix/
 homepage: https://github.com/ansible-collections/ansible.posix
 issues: https://github.com/ansible-collections/ansible.posix

plugins/callback/profile_roles.py

@@ -128,7 +128,10 @@ class CallbackModule(CallbackBase):
         self._display_tasktime()
 
     def playbook_on_stats(self, stats):
-        self._display_tasktime()
+        # Align summary report header with other callback plugin summary
+        self._display.banner("ROLES RECAP")
+
+        self._display.display(tasktime())
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/callback/profile_tasks.py

@@ -193,7 +193,10 @@ class CallbackModule(CallbackBase):
         self._display_tasktime()
 
     def playbook_on_stats(self, stats):
-        self._display_tasktime()
+        # Align summary report header with other callback plugin summary
+        self._display.banner("TASKS RECAP")
+
+        self._display.display(tasktime())
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/callback/timer.py

@@ -46,4 +46,6 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_stats(self, stats):
         end_time = datetime.utcnow()
         runtime = end_time - self.start_time
-        self._display.display("Playbook run took %s days, %s hours, %s minutes, %s seconds" % (self.days_hours_minutes_seconds(runtime)))
+        # Align summary report header with other callback plugin summary
+        self._display.banner("PLAYBOOK RECAP")
+        self._display.display("Playbook run took %s days, %s hours, %s minutes, %s seconds\n\r" % (self.days_hours_minutes_seconds(runtime)))

plugins/modules/acl.py

@@ -75,6 +75,10 @@ options:
   use_nfsv4_acls:
     description:
     - Use NFSv4 ACLs instead of POSIX ACLs.
+    - This feature uses C(nfs4_setfacl) and C(nfs4_getfacl). The behavior depends on those implementation.
+      And currently it only supports C(A) in ACE, so C(D) must be replaced with the appropriate C(A).
+    - Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value.
+    - More info C(man nfs4_setfacl)
     type: bool
     default: false
   recalculate_mask:
@@ -179,7 +183,7 @@ def split_entry(entry):
 def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
     '''Builds and returns an entry string. Does not include the permissions bit if they are not provided.'''
     if use_nfsv4_acls:
-        return ':'.join([etype, entity, permissions, 'allow'])
+        return ':'.join(['A', 'g' if etype == 'group' else '', entity, permissions + 'tcy'])
 
     if permissions:
         return etype + ':' + entity + ':' + permissions
@@ -187,22 +191,27 @@ def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
     return etype + ':' + entity
 
 
-def build_command(module, mode, path, follow, default, recursive, recalculate_mask, entry=''):
+def build_command(module, mode, path, follow, default, recursive, recalculate_mask, use_nfsv4_acls, entry=''):
     '''Builds and returns a getfacl/setfacl command.'''
     if mode == 'set':
-        cmd = [module.get_bin_path('setfacl', True)]
+        cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
-        cmd.extend(['-m', entry])
+        cmd.extend(['-a' if use_nfsv4_acls else '-m', entry])
     elif mode == 'rm':
-        cmd = [module.get_bin_path('setfacl', True)]
+        cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
         cmd.extend(['-x', entry])
     else:  # mode == 'get'
         cmd = [module.get_bin_path('getfacl', True)]
         # prevents absolute path warnings and removes headers
         if platform.system().lower() == 'linux':
-            cmd.append('--omit-header')
+            if use_nfsv4_acls:
+                # use nfs4_getfacl instead of getfacl if use_nfsv4_acls is True
+                cmd = [module.get_bin_path('nfs4_getfacl', True)]
+            else:
+                cmd = [module.get_bin_path('getfacl', True)]
                 cmd.append('--absolute-names')
+            cmd.append('--omit-header')
 
-    if recursive:
+    if recursive and not use_nfsv4_acls:
         cmd.append('--recursive')
 
     if recalculate_mask == 'mask' and mode in ['set', 'rm']:
@@ -210,7 +219,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     elif recalculate_mask == 'no_mask' and mode in ['set', 'rm']:
         cmd.append('--no-mask')
 
-    if not follow:
+    if not follow and not use_nfsv4_acls:
         if platform.system().lower() == 'linux':
             cmd.append('--physical')
         elif platform.system().lower() == 'freebsd':
@@ -223,24 +232,34 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     return cmd
 
 
-def acl_changed(module, cmd):
+def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
     '''Returns true if the provided command affects the existing ACLs, false otherwise.'''
-    # FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
+    # To check the ACL changes, use the output of setfacl or nfs4_setfacl with '--test'.
+    # FreeBSD do not have a --test flag, so by default, it is safer to always say "true".
     if platform.system().lower() == 'freebsd':
         return True
 
     cmd = cmd[:]  # lists are mutables so cmd would be overwritten without this
     cmd.insert(1, '--test')
     lines = run_acl(module, cmd)
-
+    counter = 0
     for line in lines:
-        if not line.endswith('*,*'):
+        if line.endswith('*,*') and not use_nfsv4_acls:
-            return True
             return False
+        # if use_nfsv4_acls and entry is listed
+        if use_nfsv4_acls and entry == line:
+            counter += 1
+
+    # The current 'nfs4_setfacl --test' lists a new entry,
+    #  which will be added at the top of list, followed by the existing entries.
+    # So if the entry has already been registered, the entry should be find twice.
+    if counter == 2:
+        return False
+    return True
 
 
 def run_acl(module, cmd, check_rc=True):
-
+    '''Runs the provided command and returns the output as a list of lines.'''
     try:
         (rc, out, err) = module.run_command(cmd, check_rc=check_rc)
     except Exception as e:
@@ -313,7 +332,7 @@ def main():
             module.fail_json(msg="'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.")
 
     if not entry:
-        if state == 'absent' and permissions:
+        if state == 'absent' and permissions and not use_nfsv4_acls:
             module.fail_json(msg="'permissions' MUST NOT be set when 'state=absent'.")
 
         if state == 'absent' and not entity:
@@ -350,21 +369,24 @@ def main():
         entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
         command = build_command(
             module, 'set', path, follow,
-            default, recursive, recalculate_mask, entry
+            default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command)
+        changed = acl_changed(module, command, entry, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command)
         msg = "%s is present" % entry
 
     elif state == 'absent':
+        if use_nfsv4_acls:
+            entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
+        else:
             entry = build_entry(etype, entity, use_nfsv4_acls)
         command = build_command(
             module, 'rm', path, follow,
-            default, recursive, recalculate_mask, entry
+            default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command)
+        changed = acl_changed(module, command, entry, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command, False)
@@ -375,7 +397,10 @@ def main():
 
     acl = run_acl(
         module,
-        build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
+        build_command(
+            module, 'get', path, follow, default, recursive,
+            recalculate_mask, use_nfsv4_acls
+        )
     )
 
     module.exit_json(changed=changed, msg=msg, acl=acl)

plugins/modules/authorized_key.py

@@ -24,6 +24,7 @@ options:
   key:
     description:
       - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
+      - You can also use V(file://) prefix to search remote for a file with SSH key(s).
     type: str
     required: true
   path:
@@ -96,6 +97,12 @@ EXAMPLES = r'''
     state: present
     key: https://github.com/charlie.keys
 
+- name: Set authorized keys taken from path on controller node
+  ansible.posix.authorized_key:
+    user: charlie
+    state: present
+    key: file:///home/charlie/.ssh/id_rsa.pub
+
 - name: Set authorized keys taken from url using lookup
   ansible.posix.authorized_key:
     user: charlie
@@ -223,6 +230,7 @@ from operator import itemgetter
 from ansible.module_utils._text import to_native
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.urls import fetch_url
+from ansible.module_utils.six.moves.urllib.parse import urlparse
 
 
 class keydict(dict):
@@ -556,7 +564,7 @@ def enforce_state(module, params):
     follow = params.get('follow', False)
     error_msg = "Error getting key from: %s"
 
-    # if the key is a url, request it and use it as key source
+    # if the key is a url or file, request it and use it as key source
     if key.startswith("http"):
         try:
             resp, info = fetch_url(module, key)
@@ -570,6 +578,19 @@ def enforce_state(module, params):
         # resp.read gives bytes on python3, convert to native string type
         key = to_native(key, errors='surrogate_or_strict')
 
+    if key.startswith("file"):
+        # if the key is an absolute path, check for existense and use it as a key source
+        key_path = urlparse(key).path
+        if not os.path.exists(key_path):
+            module.fail_json(msg="Path to a key file not found: %s" % key_path)
+        if not os.path.isfile(key_path):
+            module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key_path)
+        try:
+            with open(key_path, 'r') as source_fh:
+                key = source_fh.read()
+        except OSError as e:
+            module.fail_json(msg="Failed to read key file %s : %s" % (key_path, to_native(e)))
+
     # extract individual keys into an array, skipping blank lines and comments
     new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]
 

plugins/modules/firewalld.py

@@ -112,11 +112,13 @@ options:
     description:
       - The forward setting you would like to enable/disable to/from zones within firewalld.
       - This option only is supported by firewalld v0.9.0 or later.
-    type: str
+      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: bool
   masquerade:
     description:
       - The masquerade setting you would like to enable/disable to/from zones within firewalld.
-    type: str
+      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: bool
   offline:
     description:
       - Ignores O(immediate) if O(permanent=true) and firewalld is not running.
@@ -875,8 +877,8 @@ def main():
             state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
             timeout=dict(type='int', default=0),
             interface=dict(type='str'),
-            forward=dict(type='str'),
+            forward=dict(type='bool'),
-            masquerade=dict(type='str'),
+            masquerade=dict(type='bool'),
             offline=dict(type='bool', default=False),
             target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
         ),
@@ -1129,16 +1131,7 @@ def main():
         msgs = msgs + transaction_msgs
 
     if forward is not None:
-        # Type of forward will be changed to boolean in a future release.
+        expected_state = 'enabled' if (desired_state == 'enabled') == forward else 'disabled'
-        forward_status = False
-        try:
-            forward_status = boolean(forward, False)
-        except TypeError:
-            module.warn('The value of the forward option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % forward)
-
-        expected_state = 'enabled' if (desired_state == 'enabled') == forward_status else 'disabled'
         transaction = ForwardTransaction(
             module,
             action_args=(),
@@ -1152,16 +1145,7 @@ def main():
         msgs = msgs + transaction_msgs
 
     if masquerade is not None:
-        # Type of masquerade will be changed to boolean in a future release.
+        expected_state = 'enabled' if (desired_state == 'enabled') == masquerade else 'disabled'
-        masquerade_status = True
-        try:
-            masquerade_status = boolean(masquerade, True)
-        except TypeError:
-            module.warn('The value of the masquerade option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
-
-        expected_state = 'enabled' if (desired_state == 'enabled') == masquerade_status else 'disabled'
         transaction = MasqueradeTransaction(
             module,
             action_args=(),

plugins/modules/mount.py

@@ -48,7 +48,6 @@ options:
       - Do not log opts.
     type: bool
     default: false
-    version_added: 1.6.0
   dump:
     description:
       - Dump (see fstab(5)).
@@ -851,9 +850,6 @@ def main():
             args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
         elif not module.params['boot']:
             args['boot'] = 'no'
-            if 'defaults' in opts:
-                args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'defaults'.")
-            else:
             opts.append('noauto')
             args['opts'] = ','.join(opts)
 

plugins/modules/synchronize.py

@@ -366,6 +366,7 @@ EXAMPLES = r'''
 
 import os
 import errno
+import re
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_bytes, to_native
@@ -597,8 +598,19 @@ def main():
                 module.fail_json(msg='Hardlinking into a subdirectory of the source would cause recursion. %s and %s' % (destination_path, dest))
             cmd.append('--link-dest=%s' % link_path)
 
-    changed_marker = '<<CHANGED>>'
+    # find the last specified out-format
-    cmd.append('--out-format=%s' % shlex_quote(changed_marker + '%i %n%L'))
+    out_format = ''
+    for rsync_opt in rsync_opts:
+        if rsync_opt.startswith('--out-format='):
+            out_format = rsync_opt.replace('--out-format=', '', 1)
+
+    # force a known out-format so we can test for changes and return a known format of diff
+    diff_marker = 'DIFF'
+    if out_format == '' or module._diff:
+        diff_detail = '%n%L'
+    else:
+        diff_detail = ''
+    cmd.append('--out-format=%s' % shlex_quote('%s//%s//%%i//%s' % (out_format, diff_marker, diff_detail)))
 
     cmd.append(shlex_quote(source))
     cmd.append(shlex_quote(dest))
@@ -624,18 +636,36 @@ def main():
     if rc:
         return module.fail_json(msg=err, rc=rc, cmd=cmdstr)
 
-    if link_dest:
+    changed = False
-        # a leading period indicates no change
+    diff = []
-        changed = (changed_marker + '.') not in out
+    out_lines = []
-    else:
+    # remove forced out-format suffix, check for file changes
-        changed = changed_marker in out
+    for line in out.split('\n'):
+        match = re.match('(.*)//%s//(...*?)//(.*)$' % diff_marker, line)
+        if match:
+            default_diff = '%s %s' % (match.group(2), match.group(3))
 
-    out_clean = out.replace(changed_marker, '')
+            if module._diff:
-    out_lines = out_clean.split('\n')
+                diff.append(default_diff)
+
+            if out_format == '':
+                out_lines.append(default_diff)
+            else:
+                out_lines.append(match.group(1))
+
+            # a period in the first position indicates no changes to the file's contents
+            # a period in every other position from the third onward indicates no attribute changes
+            if not re.match(r'\..\.*$', match.group(2)):
+                changed = True
+        else:
+            out_lines.append(line)
+
+    out_clean = '\n'.join(out_lines)
     while '' in out_lines:
         out_lines.remove('')
+
     if module._diff:
-        diff = {'prepared': out_clean}
+        diff = {'prepared': '\n'.join(diff)}
         return module.exit_json(changed=changed, msg=out_clean,
                                 rc=rc, cmd=cmdstr, stdout_lines=out_lines,
                                 diff=diff)

tests/integration/targets/authorized_key/defaults/main.yml

@@ -35,3 +35,5 @@ multiple_keys_comments: |
   ssh-rsa DATA_BASIC 1@testing
   # I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing
   ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
+
+key_path: /tmp/id_rsa.pub

tests/integration/targets/authorized_key/tasks/check_path.yml

@@ -0,0 +1,32 @@
+---
+- name: Create key file for test
+  ansible.builtin.copy:
+    dest: "{{ key_path }}"
+    content: "{{ rsa_key_basic }}"
+    mode: "0600"
+
+- name: Add key using path
+  ansible.posix.authorized_key:
+    user: root
+    key: file://{{ key_path }}
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that the key was added
+  ansible.builtin.assert:
+    that:
+      - result.changed == true
+
+- name: Add key using path again
+  ansible.posix.authorized_key:
+    user: root
+    key: file://{{ key_path }}
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that no changes were applied
+  ansible.builtin.assert:
+    that:
+      - result.changed == false

tests/integration/targets/authorized_key/tasks/main.yml

@@ -31,3 +31,6 @@
 
 - name: Test for the management of comments with key
   ansible.builtin.import_tasks: comments.yml
+
+- name: Test for specifying key as a path
+  ansible.builtin.import_tasks: check_path.yml

tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml

@@ -114,60 +114,3 @@
       ansible.builtin.assert:
         that:
           - result is not changed
-
-# Validate backwards compatible behavior until masquerade is switched from string to boolean type
-- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
-  block:
-    - name: Testing enable masquerade
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert masquerade is enabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing enable masquerade (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert masquerade is enabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed
-
-- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
-  block:
-    - name: Testing disable masquerade
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert masquerade is disabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing disable masquerade (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert masquerade is disabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed

tests/integration/targets/mount/tasks/main.yml

@@ -472,6 +472,25 @@
         path: /tmp/myfs
         state: absent
 
+    - name: Mount the FS with noauto option and defaults
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: /tmp/myfs.img
+        fstype: ext3
+        state: mounted
+        boot: false
+      register: mount_info
+
+    - name: Assert the mount without noauto was successful
+      ansible.builtin.assert:
+        that:
+          - "'noauto' in mount_info['opts'].split(',')"
+
+    - name: Unmount FS
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: absent
+
     - name: Remove the test FS
       ansible.builtin.file:
         path: '{{ item }}'

tests/integration/targets/selinux/tasks/selinux.yml

@@ -128,8 +128,8 @@
   ansible.builtin.assert:
     that:
       - selinux_config_original | length == selinux_config_after | length
-      - selinux_config_after[selinux_config_after.index('SELINUX=disabled')]  is search("^SELINUX=\w+$")
+      - (selinux_config_after | select("search", "^SELINUX=disabled\s*$") | list | length) > 0
-      - selinux_config_after[selinux_config_after.index('SELINUXTYPE=targeted')]  is search("^SELINUXTYPE=\w+$")
+      - (selinux_config_after | select("search", "^SELINUXTYPE=targeted\s*$") | list | length) > 0
 
 - name: TEST 1 | Disable SELinux again, with kernel arguments update
   ansible.posix.selinux:

tests/sanity/ignore-2.19.txt

@@ -0,0 +1 @@
+tests/utils/shippable/timing.py shebang