* nmcli: start locale fix - normalize run_command environ to LANGUAGE=C, LC_ALL=C
Work in progress - issue #10384 (UTF-8 conn_name support) requires deeper
investigation beyond simple locale variable normalization.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* nmcli: use get_best_parsable_locale() to support UTF-8 connection names
Fixes issue where UTF-8 connection names (e.g. Chinese characters) were
corrupted to '????' when LC_ALL=C forced ASCII encoding, causing
connection_exists() to always return False for non-ASCII names.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* add changelog fragment for PR #11742
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* consul integration tests: re-enable on macOS
- Update consul version to 1.22.6
- Add arm64/aarch64 architecture support
- Fix macOS Gatekeeper quarantine on downloaded binary
- Add wait_for before ACL bootstrap (race condition fix)
- Update HCL config to use tls stanza (required in 1.22)
- Disable gRPC port (conflicts with tls stanza when not configured)
- Remove skip/macos from aliases
Fixes: https://github.com/ansible-collections/community.general/issues/1016
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelogs/fragments: add PR number for consul tests fix
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* remove changelog fragment (test-only PR)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(integration): remove CentOS references
* further simplification
* more removals
* rollback systemd_info for now
* ufw: not trivially used with RHEL9 and RHEL10, simplifying tests
* remove tasks for setup_epel where unused
* adjustments from review
* re-enable monit tests in rhel
* enable EPEL for RHEL<11
* rollback EPEL setup, skip only specific versions
* remove skip entirely
* change download URL in setup_epel, adjusted code to use it
* claude tries to install virtualenv, round 1
* claude tries python3 -m venv instead
* remove outdated centos6 file
* add scripts to clean aliases' skips
* remove legacy skips
* code cosmetics
* add license to ALIASES.md
* Fix typos in ALIASES.md documentation
* rolling back freebsd14.2 and 14.3 in iso_extract
* fix versions and re-run
* composer - make create-project idempotent, add force parameter
Adds a check for an existing composer.json in working_dir before running
create-project, so the task is skipped rather than failing on second run.
A new force parameter allows bypassing this check when needed.
Fixes#725.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog fragment: rename to PR number, add PR URL
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* nsupdate: add unit tests
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix var name to regain sanity
* remove unneeded typing from test file
* formatting
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* pacman: add root, cachedir, and config options
Add three dedicated options -- O(root), O(cachedir), and O(config) --
so that all pacman commands get the corresponding global flags
(--root, --cachedir, --config) prepended, enabling use cases such as
installing packages into a chroot or alternative root directory
(similar to pacstrap).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* add changelog frag
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* etcd3: re-enable and fix tests, add unit tests
- Add unit tests for community.general.etcd3 module (12 tests covering
state=present/absent, idempotency, check mode, and error paths)
- Fix integration test setup: update etcd binary to v3.6.9 (from v3.2.14),
download from GitHub releases, add health-check retry loop after start
- Work around etcd3 Python library incompatibility with protobuf >= 4.x
by setting PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python
- Update to FQCNs throughout integration tests
- Re-enable both etcd3 and lookup_etcd3 integration targets
Fixes https://github.com/ansible-collections/community.general/issues/322
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* improve use of multiple context managers
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* osx_defaults: add dict support
* add changelog frag
* osx_defaults: fix dict idempotency by using plutil -extract for type-preserving read
The previous approach piped `defaults read` output (old-style plist text)
through `plutil -convert json`. Old-style plist loses boolean type info
(booleans appear as 1/0, indistinguishable from integers), causing the
comparison to fail and reporting changed=True on every run.
Fix by exporting the domain binary plist to a temp file and using
`plutil -extract key json` which correctly preserves all plist types
(booleans stay true/false, integers stay integers, etc.).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* change param from bool to str
* Apply suggestion from review
* Update plugins/modules/osx_defaults.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix setting_types() to properly handle routing_rules as a list type
* Add changelog fragment for ipv6.routing-rules bugfix
* Update changelogs/fragments/11630-nmcli-ipv6-routing-rules.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add PR URL to changelog fragment
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* merge_variables: extended merge capabilities added
This extension gives you more control over the variable merging process of the lookup plugin `merge_variables`. It closes the gap between Puppet's Hiera merging capabilities and the limitations of Ansible's default variable plugin `host_group_vars` regarding fragment-based value definition. You can now decide which merge strategy should be applied to dicts, lists, and other types. Furthermore, you can specify a merge strategy that should be applied in case of type conflicts.
The default behavior of the plugin has been preserved so that it is fully backward-compatible with the already implemented state.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update changelogs/fragments/11536-merge-variables-extended-merging-capabilities.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Periods added at the end of each choice description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* ref: follow project standard for choice descriptions
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: more examples added and refactoring
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: some more comments to examples added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* fix: unused import removed
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: re-add "merge" to strategy map
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update comments
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Specification of transformations solely as string
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Comments updated
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: `append_rp` and `prepend_rp` removed
feat: options dict for list transformations re-added
feat: allow setting `keep` for dedup transformation with possible values: `first` (default) and `last`
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: improve options documentation
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: documentation improved, avoiding words like newer or older in merge description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: "prio" replaced by "dict"
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* feat: two integration tests added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
---------
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* add module logrotate
* add values for start
* fix docs
* version 12.5.0 and fix test
---------
Co-authored-by: Александр Габидуллин <agabidullin@astralinux.ru>
Allowing the domain suffix to be appended independent of the `host_fqdn`
setting enables the inventory plugin to construct proper FQDNs if a
network has the `dns.domain` property set. Otherwise you would always
end up with something like `host01.project.local.example.net` despite
`host01.example.net` being the expected result.
* adds parameter delimiters to from_ini filter
fixes issue #11506
* adds changelog fragment
* fixes pylint dangerous-default-value / W0102
* does not assume default delimiters
let that be decided in the super class
* Update plugins/filter/from_ini.py
verbose description
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/11512-from_ini-delimiters.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* adds input validation
* adss check for delimiters not None
* adds missing import
* removes the negation
* adds suggestions from russoz
* adds ruff format suggestion
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Icinga 2 downtime module added allowing to schedule and remove downtimes through its REST API.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ensure compatibility with ModuleTestCase
feat: errors raised from MH now contain the changed flag
ref: move module exit out of the decorated run method
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* revised module
ref: module refactored using StateModuleHelper now
ref: suggested changes by reviewer added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* revert change regarding changed flag in MH
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* refactoring and set changed flag explicitly on error
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Check whether there was a state change on module failure removed.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: test cases migrated to the new feature that allows passing through exceptions
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/module_utils/icinga2.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/icinga2.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: make module helper private
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* fix: ensure that all non-null values are added to the request otherwise a `false` value is dropped
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: module description extended with the note that check mode is not supported
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: documentation updated
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: documentation updated
ref: doc fragment added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/doc_fragments/icinga2_api.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: doc fragment renamed to `_icinga2_api.py`
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: maintainer to doc fragment in BOTMETA.yml added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add Azure Log Analytics Ingestion API plugin
The Ingestion API allows sending data to a Log Analytics workspace in
Azure Monitor.
* Fix LogAnalytics Ingestion shebang
* Fix Log Analytics Ingestion pep8 tests
* Fix Log Analytics Ingestion pylint tests
* Fix Log Analytics Ingestion import tests
* Fix Log Analytics Ingestion pylint test
* Add Log Analytics Ingestion auth timeout
Previous behavior was to use the 'request' module's default timeout;
this makes auth timeout value consistent with the task submission
timeout value.
* Display Log Analytics Ingestion event data as JSON
Previous behavior was to display the data as a Python dictionary.
The new behavior makes it easier to generate a sample JSON file in order
to import into Azure when creating the table.
* Add Azure Log Analytics Ingestion timeout param
This parameter controls how long the plugin will wait for an HTTP response
from the Azure Log Analytics API before considering the request a failure.
Previous behavior was hardcoded to 2 seconds.
* Fix Azure Log Ingestion unit test
The class instantiation was missing an additional argument that was added
in a previous patch; add it. Converting to JSON also caused the Mock
TaskResult object to throw a serialization error; override the function
for JSON conversion to just return bogus data instead.
* Fix loganalytics_ingestion linter errors
* Fix LogAnalytics Ingestion env vars
Prefix the LogAnalytics Ingestion plugin's environment variable names
with 'ANSIBLE_' in order to align with plugin best practices.
* Remove LogAnalytics 'requests' dep from docs
The LogAnalytics callback plugin does not actually require 'requests',
so remove it from the documented dependencies.
* Refactor LogAnalytics Ingestion to use URL utils
This replaces the previous behavior of depending on the external
'requests' library.
* Simplify LogAnalytics Ingestion token valid check
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove LogAnalytics Ingestion extra arg validation
Argument validation should be handled by ansible-core, so remove the
extra argument validation in the plugin itself.
* Update LogAnalytics Ingestion version added
* Remove LogAnalytics Ingestion coding marker
The marker is no longer needed as Python2 is no longer supported.
* Fix some LogAnalytics Ingestion grammar errors
* Refactor LogAnalytics Ingestion plugin messages
Consistently use "plugin" instead of module, and refer to the module by
its FQCN instead of its prose name.
* Remove LogAnalytics Ingestion extra logic
A few unused vars were being set; stop setting them.
* Fix LogAnalytics Ingestion nox sanity tests
* Fix LogAnalytics Ingestion unit tests
The refactor to move away from the 'requests' dependency to use
module_utils broke the plugin's unit tests; re-write the plugin's unit
tests for module_utils.
* Add nox formatting to LogAnalytics Ingestion
* Fix Log Analytics Ingestion urllib import
Remove the compatibility import via 'six' for 'urllib' since Python 2
support is no longer supported.
* Bump LogAnalytics Ingestion plugin version added
* Remove LogAnalytics Ingestion required: false docs
Required being false is the default, so no need to explicitly add it.
* Simplify LogAnalytics Ingestion role name logic
* Clean LogAnalytics Ingestion redundant comments
* Clean LogAnalytics Ingestion unit test code
Rename all Mock objects to use snake_case and consistently use '_mock'
as a suffix instead of sometimes using it as a prefix and sometimes
using it as a suffix.
* Refactor LogAnalytics Ingestion unit tests
Move all of the tests outside of the 'setUp' method.
* Refactor LogAnalytics Ingestion test
Add a test to validate that part of the contents sent match what was
supposed to be sent.
* Refactor LogAnalytics Ingestion test
Make the names consistent again.
* Add LogAnalytics Ingestion sample data docs
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(keycloak_user_rolemapping): handle None response for client role lookup
When adding a client role to a user who has no existing roles for that
client, get_client_user_rolemapping_by_id() returns None. The existing
code indexed directly into the result causing a TypeError. Add the same
None check that already existed for realm roles since PR #11256.
Fixes#10960
* fix(tests): use dict format for task vars in keycloak_user_rolemapping tests
Task-level vars requires a YAML mapping, not a sequence. The leading
dash (- roles:) produced a list instead of a dict, which ansible-core
2.20 rejects with "Vars in a Task must be specified as a dictionary".
* Update changelogs/fragments/keycloak-user-rolemapping-client-none-check.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(keycloak_realm_key): add support for auto-generated key providers
Add support for Keycloak's auto-generated key providers where Keycloak
manages the key material automatically:
- rsa-generated: Auto-generates RSA signing keys
- hmac-generated: Auto-generates HMAC signing keys
- aes-generated: Auto-generates AES encryption keys
- ecdsa-generated: Auto-generates ECDSA signing keys
New algorithms:
- HMAC: HS256, HS384, HS512
- ECDSA: ES256, ES384, ES512
- AES: AES (no algorithm parameter needed)
New config options:
- secret_size: For HMAC/AES providers (key size in bytes)
- key_size: For RSA-generated provider (key size in bits)
- elliptic_curve: For ECDSA-generated provider (P-256, P-384, P-521)
Changes:
- Make private_key/certificate optional (only required for rsa/rsa-enc)
- Add provider-algorithm validation with clear error messages
- Fix KeyError when managing default realm keys (issue #11459)
- Maintain backward compatibility: RS256 default works for rsa/rsa-generated
Fixes: #11459
* fix: address sanity test failures
- Add 'default: RS256' to algorithm documentation to match spec
- Add no_log=True to secret_size parameter per sanity check
* feat(keycloak_realm_key): extend support for all Keycloak key providers
Add support for remaining auto-generated key providers:
- rsa-enc-generated (RSA encryption keys with RSA1_5, RSA-OAEP, RSA-OAEP-256)
- ecdh-generated (ECDH key exchange with ECDH_ES, ECDH_ES_A128KW/A192KW/A256KW)
- eddsa-generated (EdDSA signing with Ed25519, Ed448 curves)
Changes:
- Add provider-specific elliptic curve config key mapping
(ecdsaEllipticCurveKey, ecdhEllipticCurveKey, eddsaEllipticCurveKey)
- Add PROVIDERS_WITHOUT_ALGORITHM constant for providers that don't need algorithm
- Add elliptic curve validation per provider type
- Update documentation with all supported algorithms and examples
- Add comprehensive integration tests for all new providers
This completes full coverage of all Keycloak key provider types.
* style: apply ruff formatting
* feat(keycloak_realm_key): add java-keystore provider and update_password
Add support for java-keystore provider to import keys from Java
Keystore (JKS or PKCS12) files on the Keycloak server filesystem.
Add update_password parameter to control password handling for
java-keystore provider:
- always (default): Always send passwords to Keycloak
- on_create: Only send passwords when creating, preserve existing
passwords when updating (enables idempotent playbooks)
The on_create mode sends the masked value ("**********") that Keycloak
recognizes as "preserve existing password", matching the behavior when
re-importing an exported realm.
Replace password_checksum with update_password - the checksum approach
was complex and error-prone. The update_password parameter is simpler
and follows the pattern used by ansible.builtin.user module.
Also adds key_info return value containing kid, certificate fingerprint,
status, and expiration for java-keystore keys.
* address PR review feedback
- Remove no_log=True from secret_size (just an int, not sensitive)
- Add version_added: 12.4.0 to new parameters and return values
- Remove "Added in community.general 12.4.0" from description text
- Consolidate changelog entries into 4 focused entries
- Remove bugfix from changelog (now in separate PR #11470)
* address review feedback from russoz and felixfontein
- remove docstrings from module-local helpers
- remove line-by-line comments and unnecessary null guard
- use specific exceptions instead of bare except Exception
- use module.params["key"] instead of .get("key")
- consolidate changelog into single entry
- avoid "complete set" claim, reference Keycloak 26 instead
* address round 2 review feedback
- Extract remove_sensitive_config_keys() helper (DRY refactor)
- Simplify RS256 validation to single code path
- Add TypeError to inner except in compute_certificate_fingerprint()
- Remove redundant comments (L812, L1031)
- Switch .get() to direct dict access for module.params
* add support for management of keycloak localizations
* unit test for keycloak localization support
* keycloak_realm_localization botmeta record
* rev: improvements after code review
