Merge cd941397d9 into 1b9ae1c77f

* ``masquerade`` and ``icmp_block_inversion`` will be changed from ``str`` to ``bool``

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

.azure-pipelines/azure-pipelines.yml

@@ -57,23 +57,8 @@ stages:
               test: units
             - name: Lint
               test: lint
-  - stage: Sanity_2_19
-    displayName: Ansible 2.19 sanitay & Units & Lint
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: "{0}"
-          testFormat: 2.19/{0OI}
-          targets:
-            - name: Sanity
-              test: sanity
-            - name: Units
-              test: units
-            - name: Lint
-              test: lint
   - stage: Sanity_2_18
-    displayName: Ansible 2.18 sanity & Units & Lint
+    displayName: Ansible 2.18 sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -88,11 +73,10 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_17
-    displayName: Ansible 2.17 sanity & Units & Lint
+    displayName: Ansible 2.17 sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
-        I
         parameters:
           nameFormat: "{0}"
           testFormat: 2.17/{0}
@@ -104,7 +88,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_16
-    displayName: Ansible 2.16 sanity & Units & Lint
+    displayName: Ansible 2.16 sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -117,7 +101,7 @@ stages:
             - name: Units
               test: units
   - stage: Sanity_2_15
-    displayName: Ansible 2.15 sanity & Units & Lint
+    displayName: Ansible 2.15 sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -138,28 +122,14 @@ stages:
         parameters:
           testFormat: devel/linux/{0}/1
           targets:
-            - name: Fedora 41
+            - name: Fedora 40
-              test: fedora41
+              test: fedora40
-            - name: Ubuntu 22.04
-              test: ubuntu2204
-            - name: Ubuntu 24.04
-              test: ubuntu2404
-  - stage: Docker_2_19
-    displayName: Docker 2.19
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: devel/linux/{0}/1
-          targets:
-            - name: Fedora 41
-              test: fedora41
             - name: Ubuntu 22.04
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
   - stage: Docker_2_18
-    displayName: Docker 2.18
+    displayName: Docker devel
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -182,6 +152,8 @@ stages:
           targets:
             - name: Fedora 39
               test: fedora39
+            - name: Ubuntu 20.04
+              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
   - stage: Docker_2_16
@@ -196,6 +168,8 @@ stages:
               test: centos7
             - name: Fedora 38
               test: fedora38
+            - name: Ubuntu 20.04
+              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
 
@@ -213,6 +187,8 @@ stages:
               test: fedora37
             - name: openSUSE 15 py3
               test: opensuse15
+            - name: Ubuntu 20.04
+              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
 
@@ -225,32 +201,14 @@ stages:
         parameters:
           testFormat: devel/{0}/1
           targets:
-            - name: RHEL 10.0
+            - name: RHEL 9.4
-              test: rhel/10.0
+              test: rhel/9.4
-            - name: RHEL 9.5
+            - name: FreeBSD 14.1
-              test: rhel/9.5
+              test: freebsd/14.1
-            - name: FreeBSD 14.2
+            - name: FreeBSD 13.4
-              test: freebsd/14.2
+              test: freebsd/13.4
-            - name: FreeBSD 13.5
-              test: freebsd/13.5
-  - stage: Remote_2_19
-    displayName: Remote 2.19
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: devel/{0}/1
-          targets:
-            - name: RHEL 10.0
-              test: rhel/10.0
-            - name: RHEL 9.5
-              test: rhel/9.5
-            - name: FreeBSD 14.2
-              test: freebsd/14.2
-            - name: FreeBSD 13.5
-              test: freebsd/13.5
   - stage: Remote_2_18
-    displayName: Remote 2.18
+    displayName: Remote devel
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -285,6 +243,8 @@ stages:
               test: rhel/8.8
             - name: RHEL 9.2
               test: rhel/9.2
+            - name: FreeBSD 13.2
+              test: freebsd/13.2
 
   - stage: Remote_2_15
     displayName: Remote 2.15
@@ -300,6 +260,8 @@ stages:
               test: rhel/8.7
             - name: RHEL 9.1
               test: rhel/9.1
+            - name: FreeBSD 13.2
+              test: freebsd/13.2
 
   ## Finally
 
@@ -318,9 +280,6 @@ stages:
       - Sanity_2_18
       - Remote_2_18
       - Docker_2_18
-      - Sanity_2_19
-      - Remote_2_19
-      - Docker_2_19
       - Sanity_devel
       - Remote_devel
       - Docker_devel

CHANGELOG.rst

@@ -4,95 +4,6 @@ ansible.posix Release Notes
 
 .. contents:: Topics
 
-v2.1.0
-======
-
-Release Summary
----------------
-
-This is the minor release of the ``ansible.posix`` collection.
-This changelog contains all changes to the modules and plugins
-in the stable-2 branch that have been added after the release of
-``ansible.posix`` 2.0.0
-
-Minor Changes
--------------
-
-- profile_tasks and profile_roles callback plugins - avoid deleted/deprecated callback functions, instead use modern interface that was introduced a longer time ago (https://github.com/ansible-collections/ansible.posix/issues/650).
-
-Bugfixes
---------
-
-- ansible.posix.cgroup_perf_recap - fixes json module load path (https://github.com/ansible-collections/ansible.posix/issues/630).
-
-v2.0.0
-======
-
-Release Summary
----------------
-
-This is the major release of the ``ansible.posix`` collection.
-This changelog contains all changes to the modules and plugins
-in this collection that have been added after the release of
-``ansible.posix`` 1.6.2
-
-Minor Changes
--------------
-
-- authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)
-- callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
-
-Breaking Changes / Porting Guide
---------------------------------
-
-- firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).
-- firewalld - Changed the type of icmp_block_inversion option from str to bool (https://github.com/ansible-collections/ansible.posix/issues/586).
-
-Removed Features (previously deprecated)
-----------------------------------------
-
-- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
-
-Bugfixes
---------
-
-- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
-- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
-- mount - If a comment is appended to a fstab entry, state present creates a double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
-
-v1.6.2
-======
-
-Release Summary
----------------
-
-This is the bugfix release of the stable version ``ansible.posix`` collection.
-This changelog contains all changes to the modules and plugins
-in this collection that have been added after the release of
-``ansible.posix`` 1.6.1.
-
-Bugfixes
---------
-
-- backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
-
-v1.6.1
-======
-
-Release Summary
----------------
-
-This is the bugfix release of the stable version ``ansible.posix`` collection.
-This changelog contains all changes to the modules and plugins
-in this collection that have been added after the release of
-``ansible.posix`` 1.6.1.
-
-Bugfixes
---------
-
-- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
-- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
-- skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0 (https://github.com/ansible-collections/ansible.posix/issues/573).
 
 v1.6.0
 ======

changelogs/changelog.yaml

@@ -405,110 +405,3 @@ releases:
     - dropping-ansible29.yml
     - test-reqs.yml
     release_date: '2024-09-11'
-  1.6.1:
-    changes:
-      bugfixes:
-      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
-      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
-      - skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0
-        (https://github.com/ansible-collections/ansible.posix/issues/573).
-      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
-        collection.
-
-        This changelog contains all changes to the modules and plugins
-
-        in this collection that have been added after the release of
-
-        ``ansible.posix`` 1.6.1.'
-    fragments:
-    - 1.6.1.yml
-    - 365-boot-linux.yml
-    - 566_bump_version_161.yml
-    - 567_remove_version_added.yml
-    - 570_nfs4_acl.yml
-    - 571_ci_bump_core_version.yml
-    - 572_revert_removal_of_skippy.yml
-    release_date: '2024-10-11'
-  1.6.2:
-    changes:
-      bugfixes:
-      - backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
-      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
-        collection.
-
-        This changelog contains all changes to the modules and plugins
-
-        in this collection that have been added after the release of
-
-        ``ansible.posix`` 1.6.1.'
-    fragments:
-    - 1.6.2.yml
-    - 580_drop_ansible214.yml
-    release_date: '2024-10-22'
-  2.0.0:
-    changes:
-      breaking_changes:
-      - firewalld - Changed the type of forward and masquerade options from str to
-        bool (https://github.com/ansible-collections/ansible.posix/issues/582).
-      - firewalld - Changed the type of icmp_block_inversion option from str to bool
-        (https://github.com/ansible-collections/ansible.posix/issues/586).
-      bugfixes:
-      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
-      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
-      - mount - If a comment is appended to a fstab entry, state present creates a
-        double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
-      minor_changes:
-      - authorized_keys - allow using absolute path to a file as a SSH key(s) source
-        (https://github.com/ansible-collections/ansible.posix/pull/568)
-      - callback plugins - Add recap information to timer, profile_roles and profile_tasks
-        callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
-      release_summary: 'This is the major release of the ``ansible.posix`` collection.
-
-        This changelog contains all changes to the modules and plugins
-
-        in this collection that have been added after the release of
-
-        ``ansible.posix`` 1.6.2'
-      removed_features:
-      - skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
-    fragments:
-    - 2.0.0.yml
-    - 365-boot-linux.yml
-    - 387_callback_output_header.yml
-    - 556_remove_skippy_callback.yml
-    - 566_bump_version_161.yml
-    - 567_remove_version_added.yml
-    - 568_update_authorized_key.yml
-    - 570_nfs4_acl.yml
-    - 571_ci_bump_core_version.yml
-    - 576_bump_version_2.yml
-    - 581_ci_selinux.yml
-    - 584_firewalld_opt_type.yml
-    - 587_update_README.yml
-    - 588_ci_enable_devel.yml
-    - 593_replace_freebsd_version.yml
-    - 597_remove_fstab_comment_on_updating.yml
-    - 598_icmp_block_inversion.yml
-    release_date: '2024-12-04'
-  2.1.0:
-    changes:
-      bugfixes:
-      - ansible.posix.cgroup_perf_recap - fixes json module load path (https://github.com/ansible-collections/ansible.posix/issues/630).
-      minor_changes:
-      - profile_tasks and profile_roles callback plugins - avoid deleted/deprecated
-        callback functions, instead use modern interface that was introduced a longer
-        time ago (https://github.com/ansible-collections/ansible.posix/issues/650).
-      release_summary: 'This is the minor release of the ``ansible.posix`` collection.
-
-        This changelog contains all changes to the modules and plugins
-
-        in the stable-2 branch that have been added after the release of
-
-        ``ansible.posix`` 2.0.0'
-    fragments:
-    - 2.1.0.yml
-    - 631_fixes_module_path.yml
-    - 642_ci_add_rhel10.yml
-    - 650-profile_tasks_roles.yml
-    - 654_ci_bump_core_version.yml
-    release_date: '2025-07-16'

changelogs/fragments/365-boot-linux.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).

changelogs/fragments/387_callback_output_header.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).

changelogs/fragments/566_bump_version_161.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump version to 1.6.1 for next release.

changelogs/fragments/567_remove_version_added.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - mount - remove wrong version_added section from ``opts_no_log``.

changelogs/fragments/568_update_authorized_key.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)

changelogs/fragments/570_nfs4_acl.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).

changelogs/fragments/571_ci_bump_core_version.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible-core version to 2.19 of devel branch and add 2.18 to CI.

changelogs/fragments/576_bump_version_2.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible.posix version to 2.0.0.

changelogs/fragments/581_ci_selinux.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - selinux - conditions for selinux integration tests have been modified to be more accurate.

changelogs/fragments/584_firewalld_opt_type.yml

@@ -0,0 +1,3 @@
+---
+breaking_changes:
+  - firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).

changelogs/fragments/587_update_README.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - README.md - update README to cover RH guidelines (https://github.com/ansible-collections/ansible.posix/issues/585).

changelogs/fragments/588_ci_enable_devel.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Enabled remote and docker integration tests for devel branch.

changelogs/fragments/593_replace_freebsd_version.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Replaced FreeBSD version 13.3 with 13.4 and 14.1 in CI for devel branch.

changelogs/fragments/firewalld_breaking_change.yml

@@ -0,0 +1,3 @@
+---
+breaking_changes:
+- firewalld - ``icmp_block_inversion`` and ``masquerade`` will be changed to ``bool`` from ``str``. Please change playbooks accordingly (https://github.com/ansible-collections/ansible.posix/issues/235).

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: ansible
 name: posix
-version: 2.1.0
+version: 2.0.0
 readme: README.md
 authors:
   - Ansible (github.com/ansible)

plugins/callback/cgroup_perf_recap.py

@@ -132,7 +132,6 @@ DOCUMENTATION = '''
 
 import csv
 import datetime
-import json
 import os
 import time
 import threading
@@ -143,7 +142,7 @@ from functools import partial
 
 from ansible.module_utils._text import to_bytes, to_text
 from ansible.module_utils.six import with_metaclass
-from ansible.parsing.ajson import AnsibleJSONEncoder
+from ansible.parsing.ajson import AnsibleJSONEncoder, json
 from ansible.plugins.callback import CallbackBase
 
 

plugins/callback/profile_roles.py

@@ -124,7 +124,10 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_handler_task_start(self, task):
         self._record_task(task)
 
-    def v2_playbook_on_stats(self, stats):
+    def playbook_on_setup(self):
+        self._display_tasktime()
+
+    def playbook_on_stats(self, stats):
         # Align summary report header with other callback plugin summary
         self._display.banner("ROLES RECAP")
 

plugins/callback/profile_tasks.py

@@ -189,7 +189,10 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_handler_task_start(self, task):
         self._record_task(task)
 
-    def v2_playbook_on_stats(self, stats):
+    def playbook_on_setup(self):
+        self._display_tasktime()
+
+    def playbook_on_stats(self, stats):
         # Align summary report header with other callback plugin summary
         self._display.banner("TASKS RECAP")
 

plugins/modules/firewalld.py

@@ -74,8 +74,7 @@ options:
   icmp_block_inversion:
     description:
       - Enable/Disable inversion of ICMP blocks for a zone in firewalld.
-      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: str
-    type: bool
   zone:
     description:
       - The firewalld zone to add/remove to/from.
@@ -153,7 +152,7 @@ author:
 '''
 
 EXAMPLES = r'''
-- name: Permanently enable https service, also enable it immediately if possible
+- name: permanently enable https service, also enable it immediately if possible
   ansible.posix.firewalld:
     service: https
     state: enabled
@@ -161,92 +160,81 @@ EXAMPLES = r'''
     immediate: true
     offline: true
 
-- name: Permit traffic in default zone for https service
+- name: permit traffic in default zone for https service
   ansible.posix.firewalld:
     service: https
     permanent: true
     state: enabled
 
-- name: Permit ospf traffic
+- name: permit ospf traffic
   ansible.posix.firewalld:
     protocol: ospf
     permanent: true
     state: enabled
 
-- name: Do not permit traffic in default zone on port 8081/tcp
+- name: do not permit traffic in default zone on port 8081/tcp
   ansible.posix.firewalld:
     port: 8081/tcp
     permanent: true
     state: disabled
 
-- name: Permit traffic in default zone on port 161-162/ucp
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     port: 161-162/udp
     permanent: true
     state: enabled
 
-- name: Permit traffic in dmz zone on http service
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     zone: dmz
     service: http
     permanent: true
     state: enabled
 
-- name: Enable FTP service with rate limiting using firewalld rich rule
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     rich_rule: rule service name="ftp" audit limit value="1/m" accept
     permanent: true
     state: enabled
 
-- name: Allow traffic from 192.0.2.0/24 in internal zone
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     source: 192.0.2.0/24
     zone: internal
     state: enabled
 
-- name: Assign eth2 interface to trusted zone
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     zone: trusted
     interface: eth2
     permanent: true
     state: enabled
 
-- name: Enable forwarding in internal zone
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     forward: true
     state: enabled
     permanent: true
     zone: internal
 
-- name: Enable masquerade in dmz zone
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     masquerade: true
     state: enabled
     permanent: true
     zone: dmz
 
-- name: Create custom zone if not already present
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     zone: custom
     state: present
     permanent: true
 
-- name: Enable ICMP block inversion in drop zone
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     zone: drop
     state: enabled
     permanent: true
     icmp_block_inversion: true
 
-- name: Block ICMP echo requests in drop zone
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     zone: drop
     state: enabled
     permanent: true
     icmp_block: echo-request
 
-- name: Set internal zone target to ACCEPT
+- ansible.posix.firewalld:
-  ansible.posix.firewalld:
     zone: internal
     state: present
     permanent: true
@@ -262,6 +250,7 @@ EXAMPLES = r'''
 '''
 
 from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.parsing.convert_bool import boolean
 from ansible_collections.ansible.posix.plugins.module_utils.firewalld import FirewallTransaction, fw_offline
 
 try:
@@ -875,7 +864,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             icmp_block=dict(type='str'),
-            icmp_block_inversion=dict(type='bool'),
+            icmp_block_inversion=dict(type='str'),
             service=dict(type='str'),
             protocol=dict(type='str'),
             port=dict(type='str'),
@@ -998,7 +987,16 @@ def main():
             msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
 
     if icmp_block_inversion is not None:
-        expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion else 'disabled'
+        # Type of icmp_block_inversion will be changed to boolean in a future release.
+        icmp_block_inversion_status = True
+        try:
+            icmp_block_inversion_status = boolean(icmp_block_inversion, True)
+        except TypeError:
+            module.warn('The value of the icmp_block_inversion option is "%s". '
+                        'The type of the option will be changed from string to boolean in a future release. '
+                        'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
+        expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion_status else 'disabled'
+
         transaction = IcmpBlockInversionTransaction(
             module,
             action_args=(),

plugins/modules/mount.py

@@ -303,7 +303,7 @@ def _set_mount_save_old(module, args):
 
             continue
 
-        fields = line.split('#')[0].split()
+        fields = line.split()
 
         # Check if we got a valid line for splitting
         # (on Linux the 5th and the 6th field is optional)

tests/integration/targets/acl/tasks/acl.yml

@@ -46,12 +46,6 @@
     path: "{{ test_dir }}"
     state: directory
     mode: "0755"
-
-- name: Install acl package
-  ansible.builtin.package:
-    name: acl
-    state: present
-
 ##############################################################################
 - name: Grant ansible user read access to a file
   ansible.posix.acl:

tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml

@@ -114,3 +114,60 @@
       ansible.builtin.assert:
         that:
           - result is not changed
+
+# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
+- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
+  block:
+    - name: Testing enable icmp block inversion
+      ansible.posix.firewalld:
+        zone: trusted
+        icmp_block_inversion: some string
+        permanent: true
+        state: enabled
+      register: result
+
+    - name: Assert icmp block inversion is enabled
+      ansible.builtin.assert:
+        that:
+          - result is changed
+
+    - name: Testing enable icmp block inversion (verify not changed)
+      ansible.posix.firewalld:
+        zone: trusted
+        icmp_block_inversion: some string
+        permanent: true
+        state: enabled
+      register: result
+
+    - name: Assert icmp block inversion is enabled (verify not changed)
+      ansible.builtin.assert:
+        that:
+          - result is not changed
+
+- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
+  block:
+    - name: Testing disable icmp block inversion
+      ansible.posix.firewalld:
+        zone: trusted
+        icmp_block_inversion: some string
+        permanent: true
+        state: disabled
+      register: result
+
+    - name: Assert icmp block inversion is disabled
+      ansible.builtin.assert:
+        that:
+          - result is changed
+
+    - name: Testing disable icmp block inversion (verify not changed)
+      ansible.posix.firewalld:
+        zone: trusted
+        icmp_block_inversion: some string
+        permanent: true
+        state: disabled
+      register: result
+
+    - name: Assert icmp block inversion is disabled (verify not changed)
+      ansible.builtin.assert:
+        that:
+          - result is not changed

tests/integration/targets/mount/tasks/main.yml

@@ -1,4 +1,3 @@
-# SETUP ################################################################################
 - name: Install dependencies (Linux)
   ansible.builtin.package:
     name: e2fsprogs
@@ -111,42 +110,6 @@
     mode: '0644'
   register: orig_info
 
-# BIND MOUNT ################################################################################
-# bind mount check mode
-- name: Bind mount a filesystem (Linux) (check mode)
-  ansible.posix.mount:
-    src: '{{ output_dir }}/mount_source'
-    name: '{{ output_dir }}/mount_dest'
-    state: mounted
-    fstype: None
-    opts: bind
-  when: ansible_system == 'Linux'
-  register: bind_result_linux_dry_run
-  check_mode: true
-
-- name: Bind mount a filesystem (FreeBSD) (check mode)
-  ansible.posix.mount:
-    src: '{{ output_dir }}/mount_source'
-    name: '{{ output_dir }}/mount_dest'
-    state: mounted
-    fstype: nullfs
-  when: ansible_system == 'FreeBSD'
-  register: bind_result_freebsd_dry_run
-  check_mode: true
-
-- name: Attempt to stat bind mounted file
-  ansible.builtin.stat:
-    path: '{{ output_dir }}/mount_dest/test_file'
-  when: ansible_system in ('FreeBSD', 'Linux')
-  register: dest_stat
-
-- name: Assert the bind mount did not take place
-  ansible.builtin.assert:
-    that:
-      - not dest_stat['stat']['exists']
-  when: ansible_system in ('FreeBSD', 'Linux')
-
-# bind mount
 - name: Bind mount a filesystem (Linux)
   ansible.posix.mount:
     src: '{{ output_dir }}/mount_source'
@@ -205,48 +168,6 @@
       - (ansible_system == 'Linux' and not bind_result_linux['changed']) or (ansible_system == 'FreeBSD' and not bind_result_freebsd['changed'])
   when: ansible_system in ('FreeBSD', 'Linux')
 
-# remount check mode
-- name: Remount filesystem with different opts (Linux) (check mode)
-  ansible.posix.mount:
-    src: '{{ output_dir }}/mount_source'
-    name: '{{ output_dir }}/mount_dest'
-    state: mounted
-    fstype: None
-    opts: bind,ro
-  when: ansible_system == 'Linux'
-  register: bind_result_linux
-  check_mode: true
-
-- name: Remount filesystem with different opts (FreeBSD) (check mode)
-  ansible.posix.mount:
-    src: '{{ output_dir }}/mount_source'
-    name: '{{ output_dir }}/mount_dest'
-    state: mounted
-    fstype: nullfs
-    opts: ro
-  when: ansible_system == 'FreeBSD'
-  register: bind_result_freebsd
-  check_mode: true
-
-- name: Get mount options
-  ansible.builtin.shell:
-    cmd: set -o pipefail && mount | grep mount_dest | grep -c -E -w '(ro|read-only)'
-    executable: "{{ shell_executable }}"
-  changed_when: false
-  failed_when: false
-  register: new_options_count
-
-- name: Make sure the filesystem does not have the new opts
-  ansible.builtin.assert:
-    that:
-      - linux_and_changed or freebsd_and_changed
-      - new_options_count.stdout | int == 0
-  vars:
-    linux_and_changed: "{{ ansible_system == 'Linux' and bind_result_linux_dry_run['changed'] }}"
-    freebsd_and_changed: "{{ ansible_system == 'FreeBSD' and bind_result_freebsd['changed'] }}"
-  when: ansible_system in ('FreeBSD', 'Linux')
-
-# remount
 - name: Remount filesystem with different opts (Linux)
   ansible.posix.mount:
     src: '{{ output_dir }}/mount_source'
@@ -282,29 +203,6 @@
       - 1 == remount_options.stdout_lines | length
   when: ansible_system in ('FreeBSD', 'Linux')
 
-# unmount check mode
-- name: Unmount the bind mount (check mode)
-  ansible.posix.mount:
-    name: '{{ output_dir }}/mount_dest'
-    state: absent
-  when: ansible_system in ('Linux', 'FreeBSD')
-  register: unmount_result
-  check_mode: true
-
-- name: Make sure the file still exists in dest
-  ansible.builtin.stat:
-    path: '{{ output_dir }}/mount_dest/test_file'
-  when: ansible_system in ('FreeBSD', 'Linux')
-  register: dest_stat
-
-- name: Check that we did not unmount
-  ansible.builtin.assert:
-    that:
-      - unmount_result['changed']
-      - dest_stat['stat']['exists']
-  when: ansible_system in ('FreeBSD', 'Linux')
-
-# unmount
 - name: Unmount the bind mount
   ansible.posix.mount:
     name: '{{ output_dir }}/mount_dest'
@@ -325,36 +223,9 @@
       - not dest_stat['stat']['exists']
   when: ansible_system in ('FreeBSD', 'Linux')
 
-# SWAP #############################################################
+- name: Block to test remounted option
-- name: Swap
   when: ansible_system in ('Linux')
   block:
-    # mount swap check mode
-    - name: Stat /etc/fstab
-      ansible.builtin.stat:
-        path: /etc/fstab
-      register: stat_fstab_before
-
-    - name: Create fstab record for the first swap file (check mode)
-      ansible.posix.mount:
-        name: none
-        src: /tmp/swap1
-        opts: sw
-        fstype: swap
-        state: present
-      check_mode: true
-
-    - name: Stat /etc/fstab
-      ansible.builtin.stat:
-        path: /etc/fstab
-      register: stat_fstab_after
-
-    - name: Assert that fstab checksum did not change
-      ansible.builtin.assert:
-        that:
-          - stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
-
-    # mount swap1
     - name: Create fstab record for the first swap file
       ansible.posix.mount:
         name: none
@@ -379,7 +250,6 @@
           - swap1_created['changed']
           - not swap1_created_again['changed']
 
-    # mount swap2
     - name: Create fstab record for the second swap file
       ansible.posix.mount:
         name: none
@@ -404,30 +274,6 @@
           - swap2_created['changed']
           - not swap2_created_again['changed']
 
-    # remove swap check mode
-    - name: Stat /etc/fstab
-      ansible.builtin.stat:
-        path: /etc/fstab
-      register: stat_fstab_before
-
-    - name: Remove the fstab record for the first swap file (check mode)
-      ansible.posix.mount:
-        name: none
-        src: /tmp/swap1
-        state: absent
-      check_mode: true
-
-    - name: Stat /etc/fstab
-      ansible.builtin.stat:
-        path: /etc/fstab
-      register: stat_fstab_after
-
-    - name: Assert that fstab checksum did not change
-      ansible.builtin.assert:
-        that:
-          - stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
-
-    # remove swap1
     - name: Remove the fstab record for the first swap file
       ansible.posix.mount:
         name: none
@@ -448,7 +294,6 @@
           - swap1_removed['changed']
           - not swap1_removed_again['changed']
 
-    # remove swap2
     - name: Remove the fstab record for the second swap file
       ansible.posix.mount:
         name: none
@@ -469,10 +314,6 @@
           - swap2_removed['changed']
           - not swap2_removed_again['changed']
 
-# FIXUP #############################################################
-- name: Fix incomplete entry already present in fstab
-  when: ansible_system == 'Linux'
-  block:
     - name: Create fstab record with missing last two fields
       ansible.builtin.copy:
         dest: /etc/fstab
@@ -502,11 +343,6 @@
           - ''' 0 0'' in optional_fields_content.stdout'
           - 1 == optional_fields_content.stdout_lines | length
 
-# REMOUNTED #############################################################
-- name: Block to test remounted option
-  when: ansible_system in ('Linux')
-  block:
-    # setup
     - name: Create empty file
       community.general.filesize:
         path: /tmp/myfs.img
@@ -536,26 +372,6 @@
       ansible.builtin.pause:
         seconds: 2
 
-    # remount check mode
-    - name: Remount (check mode)
-      ansible.posix.mount:
-        path: /tmp/myfs
-        state: remounted
-
-    - name: Get again the last write time
-      ansible.builtin.shell:
-        cmd: >-
-          set -o pipefail && dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i "last write time:" |cut -d: -f2-
-        executable: "{{ shell_executable }}"
-      changed_when: false
-      register: last_write_time_check
-
-    - name: Fail if they are different
-      ansible.builtin.fail:
-        msg: Filesytem was remounted, testing of the module failed!
-      when: last_write_time.stdout != last_write_time_check.stdout
-
-    # remount
     - name: Test if the FS is remounted
       ansible.posix.mount:
         path: /tmp/myfs
@@ -574,29 +390,6 @@
         msg: Filesytem was not remounted, testing of the module failed!
       when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout
 
-    # remount different options check mode
-    - name: Remount filesystem with different opts using remounted option (Linux only)
-      ansible.posix.mount:
-        path: /tmp/myfs
-        state: remounted
-        opts: rw,noexec
-      check_mode: true
-
-    - name: Get remounted options (Linux only)
-      ansible.builtin.shell:
-        cmd: set -o pipefail && mount | grep myfs | grep -E -w 'noexec' | wc -l
-        executable: "{{ shell_executable }}"
-      failed_when: false
-      changed_when: false
-      register: remounted_options
-
-    - name: Make sure the filesystem now has the new opts after using remounted (Linux only)
-      ansible.builtin.assert:
-        that:
-          - "'0' in remounted_options.stdout"
-          - "1 == remounted_options.stdout_lines | length"
-
-    # remount different options
     - name: Remount filesystem with different opts using remounted option (Linux only)
       ansible.posix.mount:
         path: /tmp/myfs
@@ -616,7 +409,6 @@
           - "'1' in remounted_options.stdout"
           - "1 == remounted_options.stdout_lines | length"
 
-    # backup
     - name: Mount the FS again to test backup
       ansible.posix.mount:
         path: /tmp/myfs
@@ -647,11 +439,9 @@
         - /tmp/myfs.img
         - /tmp/myfs
 
-# BOOT #############################################################
 - name: Block to test boot option for Linux
   when: ansible_system in ('Linux')
   block:
-    # setup
     - name: Create empty file
       community.general.filesize:
         path: /tmp/myfs.img
@@ -662,7 +452,6 @@
         fstype: ext3
         dev: /tmp/myfs.img
 
-    # noauto
     - name: Mount the FS with noauto option
       ansible.posix.mount:
         path: /tmp/myfs
@@ -683,7 +472,6 @@
         path: /tmp/myfs
         state: absent
 
-    # noauto + defaults
     - name: Mount the FS with noauto option and defaults
       ansible.posix.mount:
         path: /tmp/myfs
@@ -711,7 +499,6 @@
         - /tmp/myfs.img
         - /tmp/myfs
 
-# NEWLINE END OF FILE ############################################
 - name: Block to test missing newline at the EOF of fstab
   when: ansible_system in ('Linux')
   block:
@@ -750,7 +537,6 @@
         - /tmp/myfs1
         - /tmp/test_fstab
 
-# EPHEMERAL ################################################
 - name: Block to test ephemeral option
   environment:
     PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -767,6 +553,7 @@
         size: 20M
 
   ##### FORMAT FS ON LINUX
+
     - name: Block to format FS on Linux
       when: ansible_system == 'Linux'
       block:
@@ -781,6 +568,7 @@
             dev: /tmp/myfs_B.img
 
   ##### FORMAT FS ON SOLARIS AND BSD
+
     - name: Create loop devices on Solaris and BSD
       ansible.builtin.shell:
         cmd: "set -o pipefail && {{ ephemeral_create_loop_dev_cmd }}"
@@ -795,49 +583,14 @@
       changed_when: true
       when: ephemeral_format_fs_cmd is defined
 
+  ##### TESTS
+
     - name: Create fstab if it does not exist
       ansible.builtin.file:
         path: "{{ ephemeral_fstab }}"
         state: touch
         mode: '0644'
 
-    # normal ephemeral mount check mode
-    - name: Get checksum of /etc/fstab before mounting anything
-      ansible.builtin.stat:
-        path: '{{ ephemeral_fstab }}'
-      register: fstab_stat_before_mount
-
-    - name: Mount the FS A with ephemeral state (check mode)
-      ansible.posix.mount:
-        path: /tmp/myfs
-        src: '{{ ephemeral_device_a }}'
-        fstype: '{{ ephemeral_fstype }}'
-        opts: rw
-        state: ephemeral
-      register: ephemeral_mount_info
-      check_mode: true
-
-    - name: Get checksum of /etc/fstab after an ephemeral mount
-      ansible.builtin.stat:
-        path: '{{ ephemeral_fstab }}'
-      register: fstab_stat_after_mount
-
-    - name: Get mountinfo
-      ansible.builtin.shell:
-        cmd: grep -c '/tmp/myfs' <(mount -v)
-        executable: "{{ shell_executable }}"
-      register: check_mountinfo
-      failed_when: false
-      changed_when: false
-
-    - name: Assert the mount occurred and the fstab is unchanged
-      ansible.builtin.assert:
-        that:
-          - check_mountinfo.stdout|int == 0
-          - ephemeral_mount_info['changed']
-          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
-
-    # normal ephemeral mount
     - name: Get checksum of /etc/fstab before mounting anything
       ansible.builtin.stat:
         path: '{{ ephemeral_fstab }}'
@@ -878,48 +631,6 @@
           - ephemeral_mount_info['changed']
           - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
 
-    # remount different options check mode
-    - name: Get first mount record
-      ansible.builtin.shell:
-        cmd: grep '/tmp/myfs' <(mount -v)
-        executable: "{{ shell_executable }}"
-      register: ephemeral_mount_record_1
-      changed_when: false
-
-    - name: Try to mount FS A where FS A is already mounted (should trigger remount and changed)
-      ansible.posix.mount:
-        path: /tmp/myfs
-        src: '{{ ephemeral_device_a }}'
-        fstype: '{{ ephemeral_fstype }}'
-        opts: ro
-        state: ephemeral
-      register: ephemeral_mount_info
-      check_mode: true
-
-    - name: Get second mount record (should be different than the first)
-      ansible.builtin.shell:
-        cmd: grep '/tmp/myfs' <(mount -v)
-        executable: "{{ shell_executable }}"
-      register: ephemeral_mount_record_2
-      changed_when: false
-
-    - name: Get mountinfo
-      ansible.builtin.shell:
-        cmd: grep -c '/tmp/myfs' <(mount -v)
-        executable: "{{ shell_executable }}"
-      failed_when: false
-      register: check_mountinfo
-      changed_when: false
-
-    - name: Assert the FS A is still mounted, the options unchanged and the fstab unchanged
-      ansible.builtin.assert:
-        that:
-          - check_mountinfo.stdout|int == 1
-          - ephemeral_mount_record_1.stdout == ephemeral_mount_record_2.stdout
-          - ephemeral_mount_info['changed']
-          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
-
-    # remount different options
     - name: Get first mount record
       ansible.builtin.shell:
         cmd: grep '/tmp/myfs' <(mount -v)
@@ -959,7 +670,6 @@
           - ephemeral_mount_info['changed']
           - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
 
-    # conflicting mount
     - name: Try to mount file B on file A mountpoint (should fail)
       ansible.posix.mount:
         path: /tmp/myfs
@@ -997,39 +707,6 @@
           - test_file_stat['stat']['exists']
           - ephemeral_mount_b_info is failed
 
-    # unmount check mode
-    - name: Unmount FS with state = unmounted
-      ansible.posix.mount:
-        path: /tmp/myfs
-        state: unmounted
-      check_mode: true
-
-    - name: Get fstab checksum after unmounting an ephemeral mount with state = unmounted
-      ansible.builtin.stat:
-        path: '{{ ephemeral_fstab }}'
-      register: fstab_stat_after_unmount
-
-    - name: Get mountinfo
-      ansible.builtin.shell:
-        cmd: grep -c '/tmp/myfs' <(mount -v)
-        executable: "{{ shell_executable }}"
-      register: check_mountinfo
-      failed_when: false
-      changed_when: false
-
-    - name: Try to stat our test file
-      ansible.builtin.stat:
-        path: /tmp/myfs/test_file
-      register: test_file_stat
-
-    - name: Assert that unmount did not take place and fstab unchanged
-      ansible.builtin.assert:
-        that:
-          - check_mountinfo.stdout|int == 1
-          - test_file_stat['stat']['exists']
-          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_unmount['stat']['checksum']
-
-    # unmount
     - name: Unmount FS with state = unmounted
       ansible.posix.mount:
         path: /tmp/myfs
@@ -1082,7 +759,6 @@
         - /tmp/myfs_B.img
         - /tmp/myfs
 
-# OPTS_NO_LOG ######################################
 - name: Block to test opts_no_log option
   when: ansible_system == 'Linux'
   block:

tests/integration/targets/seboolean/tasks/main.yml

@@ -20,4 +20,5 @@
   ansible.builtin.include_tasks: seboolean.yml
   when:
     - ansible_selinux is defined
+    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/integration/targets/selinux/tasks/main.yml

@@ -19,21 +19,23 @@
 - name: Debug message for when SELinux is disabled
   ansible.builtin.debug:
     msg: SELinux is disabled
-  when: ansible_selinux is defined and ansible_selinux.status == 'disabled'
+  when: ansible_selinux is defined and not ansible_selinux
 
 - name: Debug message for when SELinux is enabled and not disabled
   ansible.builtin.debug:
     msg: SELinux is {{ ansible_selinux.status }}
-  when: ansible_selinux is defined
+  when: ansible_selinux is defined and ansible_selinux
 
 - name: Include_tasks for when SELinux is enabled
   ansible.builtin.include_tasks: selinux.yml
   when:
     - ansible_selinux is defined
+    - ansible_selinux
     - ansible_selinux.status == 'enabled'
 
 - name: Include tasks for selogin when SELinux is enabled
   ansible.builtin.include_tasks: selogin.yml
   when:
     - ansible_selinux is defined
+    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/sanity/ignore-2.20.txt

@@ -1 +0,0 @@
-tests/utils/shippable/timing.py shebang

tests/utils/shippable/shippable.sh

@@ -62,15 +62,15 @@ else
     retry pip install "https://github.com/ansible/ansible/archive/stable-${ansible_version}.tar.gz" --disable-pip-version-check
 fi
 
-export ANSIBLE_COLLECTIONS_PATH="${PWD}/../../../"
+export ANSIBLE_COLLECTIONS_PATHS="${PWD}/../../../"
 
 # START: HACK install dependencies
 if [ "${ansible_version}" == "2.9" ] || [ "${ansible_version}" == "2.10" ]; then
     # Note: Since community.general 5.x, Ansible Core versions prior to 2.11 are not supported.
     # So we need to use 4.8.1 for Ansible 2.9 and Ansible Engine 2.10.
-    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
 else
-    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
 fi
 # Note:  we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429)
 # END: HACK