odbc: add Arch Linux support via AUR psqlodbc (#11944)
* test(odbc): add Arch Linux support via AUR psqlodbc
Fixes#4267
* test(setup_postgresql_db): guard Arch Linux initdb with creates
* test(odbc): add setup_remote_tmp_dir dependency
(cherry picked from commit c7be9e4d5b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
test(integration): enable homectl test for ArchLinux (#11945)
* test(integration): enable homectl test for ArchLinux
* install passlib in Arch Linux
* test: requires vm in homectl aliases
(cherry picked from commit 036811e668)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Move ansible-core 2.18 to EOL CI (#11901)
Move ansible-core 2.18 to EOL CI.
(cherry picked from commit 9ef1dbb6d5)
Co-authored-by: Felix Fontein <felix@fontein.de>
keycloak modules: add missing author credit (#11840)
keycloak modules: add missing author credit for contributions
Added myself (@koke1997) to the author list of three modules
I contributed to in PRs #11468, #11470, #11471, and #11473 but forgot
to include at the time. Also signing up as maintainer for these modules
in .github/BOTMETA.yml so the bot can route related issues and PRs.
(cherry picked from commit 7ce198f0e7)
Co-authored-by: Ivan Kokalovic <67540157+koke1997@users.noreply.github.com>
jira - resolve Cloud assignee email to account ID via user search (#11735)
* jira - resolve Cloud assignee email to account ID via user search
When cloud=true and assignee contains '@', look up a unique user with
GET /rest/api/2/user/search and use accountId for create, transition,
and edit. Document Jira Cloud vs Server/Data Center assignee behavior.
Fixes https://github.com/ansible-collections/community.general/issues/11734
Assisted-by AI: Claude 4.6 Opus (Anthropic) via Cursor IDE
* * Using urllib.parse.quote for URL encoding
* Adding "added in version" note for assignee when resolving account_id from email
* * Added cached variable 'user_email'
* Changed comparison to handle missing email safely
* Updated error message formatting to use repr-style values
* jira - adjust assignee and cloud descriptions (#11734)
* jira - resolve user-type field emails to account IDs on Jira Cloud (#11734)
When cloud=true, user-type fields (assignee, reporter, and any listed
in the new custom_user_fields parameter) that contain '@' are resolved
from email to Jira Cloud account ID via the user search API. Strings
without '@' are assumed to be account IDs. Add custom_user_fields
parameter for user to declare additional custom fields of user type.
* jira - address PR 11735 review (docs, assignee path, errors, naming)
- Clarify O(custom_user_fields): built-ins stay automatic; list extra
user-typed fields without implying they are only custom-field IDs.
- On Jira Cloud, set assignee from the module param as a plain string and
let resolve_user_fields() map it to accountId (including email lookup).
- Drop redundant ``or []`` when merging O(custom_user_fields) with the
built-in user field list.
- Use public names USER_FIELDS, resolve_user_fields, and resolve_account_id
(no leading underscore) per reviewer preference.
- Quote field name and email in resolution errors with explicit "…" text
instead of repr-style !r, keeping values readable in failure messages.
Refs: https://github.com/ansible-collections/community.general/pull/11735
AI-assisted: Composer 2 (Anthropic) via Cursor IDE
* Changing fail_json formatting
* formatting fixes
* jira - fixing assignee as module option in description
---------
(cherry picked from commit 3e9689b13d)
Signed-off-by: Vladimir Vasilev <vvasilev@redhat.com>
Co-authored-by: vladi-k <53343355+vladi-k@users.noreply.github.com>
ipa_dnsrecord: add `exclusive` parameter for append-without-replace semantics (#11694)
* ipa_dnsrecord: add solo parameter for append-without-replace semantics
Fixes#682
Adds O(solo) boolean parameter (default true, preserving current
replace behaviour) consistent with other DNS modules such as
community.general.dnsimple. When solo=false, only values not
already present in IPA are added, leaving existing values untouched.
* ipa_dnsrecord: rename solo parameter to exclusive
Rename O(solo) to O(exclusive) following reviewer feedback.
'exclusive' is the established Ansible convention for this semantic
(e.g. community.general.ini_file), while 'solo' implies single-value
DNS records.
* ipa_dnsrecord: fix changelog fragment symbol markup
Use double backticks per RST convention in changelog fragments,
not the O() macro (which is for module docstrings).
* Update plugins/modules/ipa_dnsrecord.py
* ipa_dnsrecord: implement exclusive semantics for state=absent
- exclusive=true + state=absent: remove all existing values of that
record type and name, ignoring the specified record_value(s)
- exclusive=false + state=absent: remove only the specified values
that actually exist in IPA, preserving all others
Also updates the exclusive parameter documentation to cover both
state=present and state=absent behaviour.
---------
(cherry picked from commit 180da98a7c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
udm_user, homectl - replace crypt/legacycrypt with passlib (#11860)
* udm_user - replace crypt/legacycrypt with passlib
The stdlib crypt module was removed in Python 3.13. Replace the
crypt/legacycrypt import chain with passlib (already used elsewhere
in the collection) and use CryptContext.verify() for password
comparison.
Fixes#4690
* Add changelog fragment for PR 11860
* remove redundant ignore file entries
* udm_user, homectl - replace crypt/legacycrypt with _crypt module utils
Add a new _crypt module_utils that abstracts password hashing and
verification. It uses passlib when available, falling back to the
stdlib crypt or legacycrypt, and raises ImportError if none of them
can be imported. Both udm_user and homectl now use this shared
utility, fixing compatibility with Python 3.13+.
Fixes#4690
* Add BOTMETA entry for _crypt module utils
* _crypt - fix mypy errors and handle complete unavailability
Replace CryptContext = object fallback (rejected by mypy) with a
proper dummy class definition. Add has_crypt_context flag so modules
can detect when no backend is available. Update both modules to
import and check has_crypt_context instead of testing for None.
* adjsutments from review
* Update plugins/modules/homectl.py
* Update plugins/modules/udm_user.py
---------
(cherry picked from commit 25b21183bb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
homebrew_cask: fix false failure on upgrade of latest-versioned casks (#11838)
* homebrew_cask: fix false failure on upgrade of latest-versioned casks
Use rc == 0 to determine upgrade success, consistent with _upgrade_all().
The previous check (_current_cask_is_installed() and not _current_cask_is_outdated())
was unreliable: for `latest`-versioned casks under --greedy, brew may still
list the cask as outdated after a successful upgrade, causing the task to fail
with a harmless warning from stderr as the error message.
Fixes#1647
* homebrew_cask: add changelog fragment for #11838
* Fix changelog fragment
---------
(cherry picked from commit d0d213a41d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_project_variable - use find_project() for graceful error handling (#11878)
* gitlab_project_variable - use find_project() for consistent error handling
Replace the bare projects.get() call in GitlabProjectVariables.get_project()
with find_project() from module_utils/gitlab, which all other GitLab modules
already use. This ensures a graceful fail_json (with a clear error message)
when the project is not found, rather than an unhandled GitlabGetError
propagating as a module traceback.
* Add changelog fragment for PR 11878
* minor adjustment in f-string
---------
(cherry picked from commit 1b0b8d5cc1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
locale_gen: support locales not yet listed in /etc/locale.gen (#11824)
* locale_gen: support locales not yet listed in /etc/locale.gen
On systems like Gentoo where /etc/locale.gen starts with only a handful
of commented examples, set_locale_glibc() now appends missing locale
entries sourced from /usr/share/i18n/SUPPORTED instead of silently
doing nothing. Also extracts the shared locale-entry regex into a
module-level constant RE_LOCALE_ENTRY.
* locale_gen: add changelog fragment for issue 2399
---------
(cherry picked from commit 39f4cda6b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
pacemaker: fix race condition on resource creation (#11750)
* remove pacemaker wait arg and fix race condition
* fix up pacemaker resource and stonith polling
* add changelog for pacemaker timeout bug
* remove env from test case and fix changelog file name
* Update changelogs/fragments/11750-pacemaker-wait-race-condition.yml
---------
(cherry picked from commit 6c809dd9db)
Co-authored-by: munchtoast <45038532+munchtoast@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
parted: add unit_preserve_case option to fix unit case in return value (#11813)
* parted: add unit_preserve_case option to fix unit case in return value
Adds O(unit_preserve_case) feature flag (bool, default None) to control
the case of the ``unit`` field in the module return value.
Previously the unit was always lowercased (e.g. ``kib``), making it
impossible to feed ``disk.unit`` back as the ``unit`` parameter without
a validation error. With O(unit_preserve_case=true) the unit is returned
in its original mixed case (e.g. ``KiB``), matching the accepted input
values.
The default (None) emits a deprecation notice; the default will become
V(true) in community.general 14.0.0.
Fixes#1860
* parted: add changelog fragment for PR #11813
* adjustments from review
* Comment 15.0.0 deprecation in option decription.
* parted: fix unit test calls to parse_partition_info after signature change
* parted: fix unit_preserve_case - parted outputs lowercase units in machine mode
Parted's machine-parseable output always uses lowercase unit suffixes
(e.g. ``kib``, ``mib``) regardless of what was passed to the ``unit``
parameter. Removing the explicit ``.lower()`` call was therefore not
enough to preserve case.
Add a ``canonical_unit()`` helper that maps a unit string to its canonical
mixed-case form using ``parted_units`` as the reference, and use it
instead of a bare identity when ``unit_preserve_case=true``.
Also fix a yamllint violation in the DOCUMENTATION block (missing space
after ``#`` in inline comments).
* Update plugins/modules/parted.py
* Update plugins/modules/parted.py
---------
(cherry picked from commit edf8f24959)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
xenserver_guest: changed cdrom handling for userdevice != 3, fixes#11624 (#11702)
* xenserver_guest: changed cdrom handling for userdevice != 3, fixes#11624
- CD-ROM handling code has been moved before disk handling code. This more
closely mimics XenCenter/XCP-ng Center behavior. CD-ROM device, if added,
will now grab position 3 before any disk grabs it.
- Position 3 is now skipped when adding disks to leave it reserved for
CD-ROM device. If any disk ends up occupying position 3 and CD-ROM
device ends up pushed to position above 3, booting from ISO is not
possible (#11624).
* Added changelog fragment for #11702
* Added missing issue and PR URLs to changelog fragment for #11702
* Fixed changelog fragment for #11702
(cherry picked from commit 314863e3a7)
Co-authored-by: Bojan Vitnik <bvitnik@yahoo.com>
consul_kv: add ca_path option for custom CA certificate (#11817)
* consul_kv: add ca_path option for custom CA certificate
Adds ca_path parameter to both the consul_kv module and consul_kv lookup
plugin, allowing users to specify a CA bundle for HTTPS connections instead
of being limited to toggling certificate validation on/off.
* consul_kv: add changelog fragment for PR #11817
* consul_kv: address review comments from felixfontein
- Fix verify logic: ca_path is ignored when validate_certs=false
- Improve validate_certs description to nudge users toward ca_path
---------
(cherry picked from commit 175808d997)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
homebrew_cask: handle placeholder version from brew --version (#11849)
* homebrew_cask: handle placeholder version from brew --version
When brew is run as the wrong user, git repositories may be owned by
a different user, causing brew --version to output a placeholder like
"Homebrew >= 4.3.0 (shallow or no git repository)" instead of the real
version. The parsed version would then be lower than the 2.6.0 threshold,
causing _brew_cask_command_is_deprecated() to return False and the module
to use the disabled "brew cask" command syntax.
Detect the ">=" prefix in the parsed version and treat it as a modern
installation.
Fixes#4708
* homebrew_cask: add changelog fragment for #11849
---------
(cherry picked from commit 74c096b00c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
logrotate: fix parameter and config file validation and more (#11764)
* fix(logrotate): add missing defaults and parameter validation declarations
- Add default="present" to state parameter
- Add default="/etc/logrotate.d" to config_dir parameter
- Add required_by declarations for shred and compression parameters
* fix(logrotate): fix runtime validation bugs, remove duplicate checks
- Fix shred_cycles TypeError when value is None
- Fix enabled=None handling in get_config_path
- Remove duplicate runtime mutually_exclusive checks
- Add runtime boolean truthiness checks
- Add 'create' parameter format validation
- Remove stale test method
* fix(logrotate): restructure file operations, validate before write
- Write content to tmpdir temp file, validate, then atomic move to destination.
- Wrap all os.remove() calls in try/except with fail_json on error
- Wrap all module.atomic_move() calls in try/except with fail_json on error
- Also add self.mock_module.tmpdir = self.test_dir to test setUp for new code path
* docs(logrotate): update DOCUMENTATION block
- Add 'default: present' to state option
- Add 'default: /etc/logrotate.d' to config_dir option
* feat(logrotate): add optional backup parameter
* chore: add logrotate fixes changelog fragment
* chore(changelog/logrotate): use present tense singular
* fix(logrotate): handle trailing spaces in create param
* refactor(logrotate): remove redundant checks
These are already handled by `required_if` statements in the module spec
* refactor(logrotate): use tempfile to create temporary file
* refactor(logrotate): remove redundant `bool()` casts on `target_enabled`
`target_enabled` is guaranteed to be bool by this point. It's either the module param (typed bool) or falls back to `current_enabled` (also bool). The `bool()` wraps are no-ops.
* refactor(logrotate): remove unused `self.config_file` attribute
* refactor(logrotate): remove dead `any_state` parameter from `read_existing_config`
* fix(logrotate): raise error instead of falling through on enabled-state rename failures
* refactor(logrotate): tighten `get_config_path` sig to bool
`None` callers are removed now so this is safe
* test(logrotate): remove stale open mock assertion after tempfile refactor
* style(logrotate): format file
* chore(logrotate): add missing `version_added` attribute
* fix(logrotate): clean up temp file
* fix(logrotate): remove redundant temp file cleanup
* refactor(logrotate): Use dict subscript to access required backup param
* fix(logrotate): fix: only remove old config file when path differs from target
* fix(logrotate): update logrotate_bin type hint to str
* feat(logrotate): add backup file handling when removing old config
* style(logrotate): format file
* test(logrotate): add missing backup default to `_setup_module_params`
* test(logrotate): fix incorrect `os.remove` assertion in update test
* refactor(logrotate): remove unnecessary `to_native()` call
* refactor(logrotate): replace str quotes with !r
* fix(logrotate): change backup default back to true
* fix(logrotate): raise error when `shred_cycle`s is set with `shred=false`
* docs(logrotate): clarify `shred_cycles` behaviour
* fix(logrotate): remove to_native calls for exception messages
* docs(logrotate): improve `config_dir` param description
* refactor(logrotate): simplify backup file assignment logic
* style(logrotate): format file
* docs(logrotate): improve config_map description
---------
(cherry picked from commit e911081102)
Co-authored-by: tigattack <10629864+tigattack@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
iso_extract: retry umount on busy filesystem before cleanup (#11837)
* iso_extract: retry umount on busy filesystem before cleanup
Fixes#5333
* iso_extract: add changelog fragment for #11837
* make chglog more concise
---------
(cherry picked from commit 87ecfa3432)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
udm_user - fix alias-to-canonical param name mismatch (#11859)
* udm_user - fix alias-to-canonical param name mismatch
The loop that maps UDM object properties to module params iterated
over UDM keys (camelCase, e.g. displayName, primaryGroup) and looked
them up directly in module.params, which is keyed by canonical names
(snake_case, e.g. display_name, primary_group). This caused all
aliased params to be silently ignored.
Build an alias-to-canonical mapping from argument_spec and use it
to resolve UDM keys to the correct module.params entries.
Also fix the direct module.params["displayName"] access which raised
KeyError when the user did not explicitly use the alias form.
Fixes#2950Fixes#3691
* Add changelog fragment for PR 11859
---------
(cherry picked from commit dad84dd36d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
homebrew_tap: fix None in command, redundant brew tap calls, format strings, and drop no-op locale vars (#11848)
* homebrew_tap: fix None in command list, redundant brew tap calls, and bad format strings
- Fix None being injected into the run_command list when url is not
provided to add_tap (filter with [opt for opt in [...] if opt])
- Reduce redundant `brew tap` calls: add_taps and remove_taps now
fetch the tap list once upfront and pass it to the per-tap functions;
already_tapped accepts an optional pre-fetched list to avoid re-running
brew for every tap in a batch
- Fix mixed f-string/%-formatting in error messages in add_taps and
remove_taps, replaced with plain f-strings
* homebrew_tap: simplify command construction in add_tap
Replace the opaque list comprehension filter with an explicit conditional
append — only url is ever optional, so testing the known-present items
was misleading.
* homebrew_tap: remove unnecessary locale env vars
Homebrew has no i18n/l10n support — all output is hardcoded English.
LANGUAGE=C and LC_ALL=C have no effect on brew output.
* homebrew_tap: add changelog fragment for #11848
* remove hombrew_tap from PR #11783 changelog - change reverted here
---------
(cherry picked from commit c4ed3467b6)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_project_members: fail when multiple projects match by name (#11851)
* gitlab_project_members: fail when multiple projects match by name
When the project parameter is a bare name (not a full path), and the
search returns more than one match, the module now fails with a clear
error asking the user to provide the full path (group/project) to
disambiguate, instead of silently operating on the first result.
Fixes#2767
* gitlab_project_members: improve code formatting
* gitlab_project_members: add changelog fragment for #11851
---------
(cherry picked from commit 1db3d4f441)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
homebrew_cask: fix sudo_password failing with special characters (#11850)
* homebrew_cask: fix sudo_password with special characters in password
The SUDO_ASKPASS script embedded the password inside single quotes, which
breaks shell parsing whenever the password contains a single quote. Use a
quoted heredoc (cat <<'SUDO_PASS') instead, which treats the content
completely literally regardless of special characters.
Also replace .file.close() with .flush() (correct semantics — flushes
the write buffer without leaving the NamedTemporaryFile in a half-closed
state) and remove the redundant add_cleanup_file() call (the context
manager already deletes the file on exit).
Fixes#4957
* homebrew_cask: add changelog fragment for #11850
* homebrew_cask: fix sudo_password example and clarify ansible_become_password
* homebrew_cask: use shlex.quote() for sudo_password instead of heredoc
shlex.quote() is the standard Python approach for shell-safe quoting
and handles all special characters without the edge cases of heredocs.
---------
(cherry picked from commit f8869af65f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
etcd3 lookup - improve HTTPS connection handling and docs (#11861)
* etcd3 lookup - improve HTTPS connection handling and documentation
Improve user experience when connecting to HTTPS etcd3 endpoints:
- Strip URL scheme from host option when present, with a warning
- Warn when HTTPS endpoint is specified but ca_cert is not provided
- Document that ca_cert is required to enable TLS
- Add HTTPS connection example
- Fix minor doc markup issue in notes section
Fixes#1664
* Add changelog fragment for PR 11861
---------
(cherry picked from commit 076bc4e03b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
CI: Replace Fedora 43 with 44 for devel (#11836)
* Replace Fedora 43 with 44 for devel in CI.
* Adjust tests.
* Adjust flatpak module to Fedora 44.
(cherry picked from commit ef656cb9b6)
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Temporarily skip failing callback unit tests for ansible-core 2.21+ (#11842)
Temporarily skip failing unit tests.
(cherry picked from commit 7884a3f2a2)
Co-authored-by: Felix Fontein <felix@fontein.de>
lvol: fix LVM version regex to handle date formats without dashes (#11823)
* lvol: fix LVM version regex to handle date formats without dashes
Fixes#5445
* lvol: add changelog fragment for issue 5445
---------
(cherry picked from commit 7172326868)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
