* docs: add Execution Environment guide
Closes#2968Closes#4512
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* add to botmeta
* fix code block language
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update section title for community.general EE metadata
* Apply suggestion from felixfontein
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove extraneous paragraph
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Don Naro <dnaro@redhat.com>
* remove link to legacy documentation
* Update docs/docsite/rst/guide_ee.rst
Co-authored-by: Don Naro <dnaro@redhat.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Don Naro <dnaro@redhat.com>
* nsupdate: add unit tests
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix var name to regain sanity
* remove unneeded typing from test file
* formatting
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* pacman: add root, cachedir, and config options
Add three dedicated options -- O(root), O(cachedir), and O(config) --
so that all pacman commands get the corresponding global flags
(--root, --cachedir, --config) prepended, enabling use cases such as
installing packages into a chroot or alternative root directory
(similar to pacstrap).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* add changelog frag
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* etcd3: re-enable and fix tests, add unit tests
- Add unit tests for community.general.etcd3 module (12 tests covering
state=present/absent, idempotency, check mode, and error paths)
- Fix integration test setup: update etcd binary to v3.6.9 (from v3.2.14),
download from GitHub releases, add health-check retry loop after start
- Work around etcd3 Python library incompatibility with protobuf >= 4.x
by setting PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python
- Update to FQCNs throughout integration tests
- Re-enable both etcd3 and lookup_etcd3 integration targets
Fixes https://github.com/ansible-collections/community.general/issues/322
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* improve use of multiple context managers
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* osx_defaults: add dict support
* add changelog frag
* osx_defaults: fix dict idempotency by using plutil -extract for type-preserving read
The previous approach piped `defaults read` output (old-style plist text)
through `plutil -convert json`. Old-style plist loses boolean type info
(booleans appear as 1/0, indistinguishable from integers), causing the
comparison to fail and reporting changed=True on every run.
Fix by exporting the domain binary plist to a temp file and using
`plutil -extract key json` which correctly preserves all plist types
(booleans stay true/false, integers stay integers, etc.).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* change param from bool to str
* Apply suggestion from review
* Update plugins/modules/osx_defaults.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm: Add support for setting first broker login flow
* Update plugins/modules/keycloak_realm.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add changelog fragment
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix setting_types() to properly handle routing_rules as a list type
* Add changelog fragment for ipv6.routing-rules bugfix
* Update changelogs/fragments/11630-nmcli-ipv6-routing-rules.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add PR URL to changelog fragment
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* feat(supervisorctl): skip no such process for all
Do not fail, if there are no matching processes for name=all
* feat(supervisorctl): add changelog
* Update 11621-skip-no_such_process-for-name-all.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(supervisorctl): replace single quotes to double
---------
Co-authored-by: zr0dy <zr0dy@mail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* merge_variables: extended merge capabilities added
This extension gives you more control over the variable merging process of the lookup plugin `merge_variables`. It closes the gap between Puppet's Hiera merging capabilities and the limitations of Ansible's default variable plugin `host_group_vars` regarding fragment-based value definition. You can now decide which merge strategy should be applied to dicts, lists, and other types. Furthermore, you can specify a merge strategy that should be applied in case of type conflicts.
The default behavior of the plugin has been preserved so that it is fully backward-compatible with the already implemented state.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update changelogs/fragments/11536-merge-variables-extended-merging-capabilities.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Periods added at the end of each choice description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* ref: follow project standard for choice descriptions
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: more examples added and refactoring
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: some more comments to examples added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* fix: unused import removed
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: re-add "merge" to strategy map
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update comments
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Specification of transformations solely as string
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Comments updated
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: `append_rp` and `prepend_rp` removed
feat: options dict for list transformations re-added
feat: allow setting `keep` for dedup transformation with possible values: `first` (default) and `last`
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: improve options documentation
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: documentation improved, avoiding words like newer or older in merge description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: "prio" replaced by "dict"
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* feat: two integration tests added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
---------
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* ipa_dnsrecord fix error when using dnsttl and nothing to change
* Add changelog and bump version
* ipa_dnsrecord list comp in dnsrecord_find
Co-authored-by: Felix Fontein <felix@fontein.de>
* 11559 changelog fragment fix capitalization
* ipa_dnsrecord dnsrecord_find ttl transform to integer always
* ipa_dnsrecord dnsrecord_find method refactor
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add module logrotate
* add values for start
* fix docs
* version 12.5.0 and fix test
---------
Co-authored-by: Александр Габидуллин <agabidullin@astralinux.ru>
* Binary attribute support for `ldap_attrs` and `ldap_entry`
This commit implements binary attribute support for the `ldap_attrs` and
`ldap_entry` plugins. This used to be "supported" before, because it was
possible to simply load arbitrary binary data into the attributes, but
no longer functions on recent Ansible versions.
In order to support binary attributes, this commit introduces two new
options to both plugins:
* `binary_attributes`, a list of attribute names which will be
considered as being binary,
* `honor_binary_option`, a flag which is true by default and will
handle all attributes that include the binary option (see RFC 4522)
as binary automatically.
When an attribute is determined to be binary through either of these
means, the plugin will assume that the attribute's value is in fact
base64-encoded. It will proceed to decode it and handle it accordingly.
While changes to `ldap_entry` are pretty straightforward, more work was
required on `ldap_attrs`.
* First, because both `present` and `absent` state require checking
the attribute's current values and normally do that using LDAP search
queries for each value, a specific path for binary attributes was
added that loads and caches all values for the attribute and compares
the values in the Python code.
* In addition, generating both the modlist and the diff output require
re-encoding binary attributes' values into base64 so it can be
transmitted back to Ansible.
* Various fixes on `ldap_attrs`/`ldap_entry` from PR 11558 discussion
* Rename `honor_binary_option` to `honor_binary`
* Add some general documentation about binary attributes
* Fix changelog fragment after renaming one of the new options
* Add examples of `honor_binary` and `binary_attributes`
* Add note that indicates that binary values are supported from 12.5.0+
* Fix punctuation
* Add links to RFC 4522 to `ldap_attrs` and `ldap_entry`
* Catch base64 decoding errors
* Rephrase changelog fragment
* Use f-string to format the encoding error message
* nmcli: fix idempotency issue with macvlan
The nmcli module is not idempotent for macvlan interfaces.
Ansible running in diff mode for a case where the interface in question
already exists:
```
TASK [nm_macvlan : Check macvlan connection] *********************************************************************************
--- before
+++ after
@@ -11,5 +11,5 @@
"ipv6.method": "disabled",
"macvlan.mode": "2",
"macvlan.parent": "eth0",
- "macvlan.tap": "no"
+ "macvlan.tap": "False"
}
```
The problem is that `macvlan.tap` isn't treated as boolean option. Fix it.
* Update changelogs/fragments/11551-fix-nmcli-idempotency-for-macvlan.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* TIAAS-12174: fix(keycloak_authentication): handle None authenticationExecutions
When a flow is defined without authenticationExecutions, module.params.get()
returns None but the key still exists in the config dict. The 'in' check
passes but iterating over None raises TypeError.
Guard the iteration with an explicit None check.
* keycloak_authentication: add changelog fragment for NoneType fix
* keycloak_authentication: update changelog fragment with PR link
* Update plugins/modules/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Changelog polishing
---------
Co-authored-by: Ivan Kokalovic <ivan.kokalovic@example.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
