* test(yarn): add Alpine Linux support via apk
Install nodejs and yarn via apk on Alpine, sharing the functional
test block with the existing non-Alpine (pre-built binary) path.
Extracts the test block into tests.yml to avoid duplication.
Fixes#4270
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(yarn): skip Node.js runtime warnings in stderr processing
Node.js 24 emits DeprecationWarning lines to stderr (e.g. for url.parse())
that are not JSON, causing _process_yarn_error to fail with "Unexpected
stderr output from Yarn". Skip lines starting with "(node:" before
attempting JSON parsing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(yarn): add changelog fragment for #11943
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(yarn): only JSON-parse lines starting with '{' in stderr
Node.js 24 emits multi-line DeprecationWarnings to stderr (e.g. the hint
line "(Use `node --trace-deprecation ...`") that are not JSON and were
tripping the "Unexpected stderr output from Yarn" failure. Yarn's
structured output always starts with '{', so skip any line that doesn't.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(yarn): install sqlite on Alpine to fix nodejs 22 symbol error
On Alpine 3.21 nodejs 22 requires SQLite session extension symbols
(sqlite3session_*) that are not present in sqlite-libs; installing
the full sqlite package provides them.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(yarn): refresh apk cache and upgrade sqlite-libs before installing nodejs
The CI Alpine container may have a stale sqlite-libs that lacks the
session extension symbols (sqlite3session_*) required by nodejs 22+.
Force a cache refresh and upgrade sqlite-libs to the latest revision.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(yarn): warn on non-JSON stderr lines instead of silently skipping
Non-JSON lines in stderr (e.g. Node.js runtime DeprecationWarnings) are
surfaced to the user via module.warn() rather than being silently ignored,
since their content and meaning are not known in advance.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* prefix yarn output line
* Update changelogs/fragments/11943-yarn-nodejs-runtime-warnings.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(xml): coerce boolean values to string with a warning
Fixes#7171
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(xml): add integration tests for boolean value handling
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 11959
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* adjustments from review
* test(xml): update boolean-value integration tests to expect failure
Now that xml fails on non-string values, replace the old success-path
tests with failure assertions and add a positive test for quoted strings.
Remove the no-longer-needed result XML fixtures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* adjustments from review
* fix(xml): correct boolean test assertions to match actual error message format
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* gem - fix --user-install conflict with OS-injected --install-dir
Some distributions (e.g. Fedora) inject --install-dir via operating_system.rb
as a platform default. Combining that with --user-install causes a gem CLI
parser error. Resolve the user install directory at install time and pass
--install-dir instead, which is semantically equivalent and avoids the conflict.
Uninstall is intentionally left unscoped so gem can find gems regardless of
where they were originally installed.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* gem - add changelog fragment for #11873
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* gem - fix user_install handling for install and uninstall
Two issues found in CI:
1. `gem environment user_gemhome` is not supported on older RubyGems (e.g.
Ubuntu 20.04 ships 3.1.2). Simplify get_user_install_dir() to always parse
the full `gem environment` output for "USER INSTALLATION DIRECTORY", which
is stable across all supported versions.
2. On Fedora, `gem uninstall` without flags only searches the system gem path
(set by operating_system.rb), so it cannot find gems installed to the user
dir via --install-dir. Add user_install to the uninstall args_order so that
gem uninstall --user-install is passed when user_install=True. The OS
defaults conflict only applies to gem install, not gem uninstall.
The integration test is updated to be consistent: the user_install:false
install/remove block now also specifies user_install:false on removal.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* gem - use --install-dir for both install and uninstall of user gems
gem uninstall --user-install does not reliably find gems on Fedora/RHEL when
running as root, because those systems may disable user gem home for root and
Gem.user_dir may differ from the path resolved via 'gem environment'.
Use --install-dir <user_dir> for uninstall as well, since that is the exact
path used during install, making the operation consistent across platforms.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* gem - add override_platform_install_dir option and type hints
- add type hints to all functions
- fix misleading comment about --install-dir scoping for uninstall
- add override_platform_install_dir option (default=false) to opt in to
resolving and passing the user gem dir explicitly to both gem install
and gem uninstall, working around OS-injected platform defaults on
distributions such as Fedora
- reclassify changelog fragment as minor_changes (new parameter, not
backport-eligible)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(gem): add integration test for override_platform_install_dir
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(gem): skip default user_install test on RedHat family
OS-injected --install-dir on RHEL/Fedora makes the default user_install: true
case fail. The override_platform_install_dir block already covers the correct
path on those platforms.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* test(odbc): add Arch Linux support via AUR psqlodbc
Fixes#4267
* test(setup_postgresql_db): guard Arch Linux initdb with creates
* test(odbc): add setup_remote_tmp_dir dependency
* Make all doc fragments private.
* Make all plugin utils private.
* Make all module utils private.
* Reformat.
* Changelog fragment.
* Update configs and ignores.
* Adjust unit test names.
* Bump version to 13.0.0.
* Remove deprecated modules and plugins.
* Remove deprecated module utils.
* Remove leftovers.
* Remove mode=compatibility.
* Change default of is_pre740 from true to false.
* Change default of force_defaults from true to false.
* Remove support for ubuntu_legacy mechanism.
* Remove cpanm compatibility tests.
* parted: add unit_preserve_case option to fix unit case in return value
Adds O(unit_preserve_case) feature flag (bool, default None) to control
the case of the ``unit`` field in the module return value.
Previously the unit was always lowercased (e.g. ``kib``), making it
impossible to feed ``disk.unit`` back as the ``unit`` parameter without
a validation error. With O(unit_preserve_case=true) the unit is returned
in its original mixed case (e.g. ``KiB``), matching the accepted input
values.
The default (None) emits a deprecation notice; the default will become
V(true) in community.general 14.0.0.
Fixes#1860
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* parted: add changelog fragment for PR #11813
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* adjustments from review
* Comment 15.0.0 deprecation in option decription.
* parted: fix unit test calls to parse_partition_info after signature change
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* parted: fix unit_preserve_case - parted outputs lowercase units in machine mode
Parted's machine-parseable output always uses lowercase unit suffixes
(e.g. ``kib``, ``mib``) regardless of what was passed to the ``unit``
parameter. Removing the explicit ``.lower()`` call was therefore not
enough to preserve case.
Add a ``canonical_unit()`` helper that maps a unit string to its canonical
mixed-case form using ``parted_units`` as the reference, and use it
instead of a bare identity when ``unit_preserve_case=true``.
Also fix a yamllint violation in the DOCUMENTATION block (missing space
after ``#`` in inline comments).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Update plugins/modules/parted.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/parted.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* iso_extract: strip leading path separator from file entries
Fixes#5283
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* iso_extract: add changelog fragment for issue 5283
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* flatpak: add from_url parameter, deprecate URLs in name
Adds a new `from_url` parameter for installing flatpaks from a
.flatpakref URL, using `flatpak install --from <url>`. The `name`
parameter then carries the reverse DNS application ID, enabling
reliable idempotency checks.
Passing URLs directly in `name` is now deprecated and will be
removed in community.general 14.0.0.
Fixes#4000
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* flatpak: add changelog fragment for PR #11748
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* flatpak: remove deprecation, adjust docs tone
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* flatpak: add integration tests for from_url parameter
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* consul integration tests: re-enable on macOS
- Update consul version to 1.22.6
- Add arm64/aarch64 architecture support
- Fix macOS Gatekeeper quarantine on downloaded binary
- Add wait_for before ACL bootstrap (race condition fix)
- Update HCL config to use tls stanza (required in 1.22)
- Disable gRPC port (conflicts with tls stanza when not configured)
- Remove skip/macos from aliases
Fixes: https://github.com/ansible-collections/community.general/issues/1016
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelogs/fragments: add PR number for consul tests fix
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* remove changelog fragment (test-only PR)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(integration): remove CentOS references
* further simplification
* more removals
* rollback systemd_info for now
* ufw: not trivially used with RHEL9 and RHEL10, simplifying tests
* remove tasks for setup_epel where unused
* adjustments from review
* re-enable monit tests in rhel
* enable EPEL for RHEL<11
* rollback EPEL setup, skip only specific versions
* remove skip entirely
* change download URL in setup_epel, adjusted code to use it
* claude tries to install virtualenv, round 1
* claude tries python3 -m venv instead
* remove outdated centos6 file
* add scripts to clean aliases' skips
* remove legacy skips
* code cosmetics
* add license to ALIASES.md
* Fix typos in ALIASES.md documentation
* rolling back freebsd14.2 and 14.3 in iso_extract
* fix versions and re-run
* etcd3: re-enable and fix tests, add unit tests
- Add unit tests for community.general.etcd3 module (12 tests covering
state=present/absent, idempotency, check mode, and error paths)
- Fix integration test setup: update etcd binary to v3.6.9 (from v3.2.14),
download from GitHub releases, add health-check retry loop after start
- Work around etcd3 Python library incompatibility with protobuf >= 4.x
by setting PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python
- Update to FQCNs throughout integration tests
- Re-enable both etcd3 and lookup_etcd3 integration targets
Fixes https://github.com/ansible-collections/community.general/issues/322
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* improve use of multiple context managers
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* osx_defaults: add dict support
* add changelog frag
* osx_defaults: fix dict idempotency by using plutil -extract for type-preserving read
The previous approach piped `defaults read` output (old-style plist text)
through `plutil -convert json`. Old-style plist loses boolean type info
(booleans appear as 1/0, indistinguishable from integers), causing the
comparison to fail and reporting changed=True on every run.
Fix by exporting the domain binary plist to a temp file and using
`plutil -extract key json` which correctly preserves all plist types
(booleans stay true/false, integers stay integers, etc.).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* change param from bool to str
* Apply suggestion from review
* Update plugins/modules/osx_defaults.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* merge_variables: extended merge capabilities added
This extension gives you more control over the variable merging process of the lookup plugin `merge_variables`. It closes the gap between Puppet's Hiera merging capabilities and the limitations of Ansible's default variable plugin `host_group_vars` regarding fragment-based value definition. You can now decide which merge strategy should be applied to dicts, lists, and other types. Furthermore, you can specify a merge strategy that should be applied in case of type conflicts.
The default behavior of the plugin has been preserved so that it is fully backward-compatible with the already implemented state.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update changelogs/fragments/11536-merge-variables-extended-merging-capabilities.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Periods added at the end of each choice description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* ref: follow project standard for choice descriptions
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: more examples added and refactoring
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: some more comments to examples added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* fix: unused import removed
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: re-add "merge" to strategy map
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update comments
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Specification of transformations solely as string
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Comments updated
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: `append_rp` and `prepend_rp` removed
feat: options dict for list transformations re-added
feat: allow setting `keep` for dedup transformation with possible values: `first` (default) and `last`
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: improve options documentation
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: documentation improved, avoiding words like newer or older in merge description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: "prio" replaced by "dict"
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* feat: two integration tests added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
---------
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* adds parameter delimiters to from_ini filter
fixes issue #11506
* adds changelog fragment
* fixes pylint dangerous-default-value / W0102
* does not assume default delimiters
let that be decided in the super class
* Update plugins/filter/from_ini.py
verbose description
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/11512-from_ini-delimiters.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* adds input validation
* adss check for delimiters not None
* adds missing import
* removes the negation
* adds suggestions from russoz
* adds ruff format suggestion
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(keycloak_user_rolemapping): handle None response for client role lookup
When adding a client role to a user who has no existing roles for that
client, get_client_user_rolemapping_by_id() returns None. The existing
code indexed directly into the result causing a TypeError. Add the same
None check that already existed for realm roles since PR #11256.
Fixes#10960
* fix(tests): use dict format for task vars in keycloak_user_rolemapping tests
Task-level vars requires a YAML mapping, not a sequence. The leading
dash (- roles:) produced a list instead of a dict, which ansible-core
2.20 rejects with "Vars in a Task must be specified as a dictionary".
* Update changelogs/fragments/keycloak-user-rolemapping-client-none-check.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(keycloak_realm_key): add support for auto-generated key providers
Add support for Keycloak's auto-generated key providers where Keycloak
manages the key material automatically:
- rsa-generated: Auto-generates RSA signing keys
- hmac-generated: Auto-generates HMAC signing keys
- aes-generated: Auto-generates AES encryption keys
- ecdsa-generated: Auto-generates ECDSA signing keys
New algorithms:
- HMAC: HS256, HS384, HS512
- ECDSA: ES256, ES384, ES512
- AES: AES (no algorithm parameter needed)
New config options:
- secret_size: For HMAC/AES providers (key size in bytes)
- key_size: For RSA-generated provider (key size in bits)
- elliptic_curve: For ECDSA-generated provider (P-256, P-384, P-521)
Changes:
- Make private_key/certificate optional (only required for rsa/rsa-enc)
- Add provider-algorithm validation with clear error messages
- Fix KeyError when managing default realm keys (issue #11459)
- Maintain backward compatibility: RS256 default works for rsa/rsa-generated
Fixes: #11459
* fix: address sanity test failures
- Add 'default: RS256' to algorithm documentation to match spec
- Add no_log=True to secret_size parameter per sanity check
* feat(keycloak_realm_key): extend support for all Keycloak key providers
Add support for remaining auto-generated key providers:
- rsa-enc-generated (RSA encryption keys with RSA1_5, RSA-OAEP, RSA-OAEP-256)
- ecdh-generated (ECDH key exchange with ECDH_ES, ECDH_ES_A128KW/A192KW/A256KW)
- eddsa-generated (EdDSA signing with Ed25519, Ed448 curves)
Changes:
- Add provider-specific elliptic curve config key mapping
(ecdsaEllipticCurveKey, ecdhEllipticCurveKey, eddsaEllipticCurveKey)
- Add PROVIDERS_WITHOUT_ALGORITHM constant for providers that don't need algorithm
- Add elliptic curve validation per provider type
- Update documentation with all supported algorithms and examples
- Add comprehensive integration tests for all new providers
This completes full coverage of all Keycloak key provider types.
* style: apply ruff formatting
* feat(keycloak_realm_key): add java-keystore provider and update_password
Add support for java-keystore provider to import keys from Java
Keystore (JKS or PKCS12) files on the Keycloak server filesystem.
Add update_password parameter to control password handling for
java-keystore provider:
- always (default): Always send passwords to Keycloak
- on_create: Only send passwords when creating, preserve existing
passwords when updating (enables idempotent playbooks)
The on_create mode sends the masked value ("**********") that Keycloak
recognizes as "preserve existing password", matching the behavior when
re-importing an exported realm.
Replace password_checksum with update_password - the checksum approach
was complex and error-prone. The update_password parameter is simpler
and follows the pattern used by ansible.builtin.user module.
Also adds key_info return value containing kid, certificate fingerprint,
status, and expiration for java-keystore keys.
* address PR review feedback
- Remove no_log=True from secret_size (just an int, not sensitive)
- Add version_added: 12.4.0 to new parameters and return values
- Remove "Added in community.general 12.4.0" from description text
- Consolidate changelog entries into 4 focused entries
- Remove bugfix from changelog (now in separate PR #11470)
* address review feedback from russoz and felixfontein
- remove docstrings from module-local helpers
- remove line-by-line comments and unnecessary null guard
- use specific exceptions instead of bare except Exception
- use module.params["key"] instead of .get("key")
- consolidate changelog into single entry
- avoid "complete set" claim, reference Keycloak 26 instead
* address round 2 review feedback
- Extract remove_sensitive_config_keys() helper (DRY refactor)
- Simplify RS256 validation to single code path
- Add TypeError to inner except in compute_certificate_fingerprint()
- Remove redundant comments (L812, L1031)
- Switch .get() to direct dict access for module.params
* feat(keycloak_client): add valid_post_logout_redirect_uris and backchannel_logout_url
Add two new convenience parameters that map to client attributes:
- valid_post_logout_redirect_uris: sets post.logout.redirect.uris
attribute (list items joined with ##)
- backchannel_logout_url: sets backchannel.logout.url attribute
These fields are not top-level in the Keycloak REST API but are stored
as client attributes. The new parameters provide a user-friendly
interface without requiring users to know the internal attribute names
and ##-separator format.
Fixes#6812, fixes#4892
* consolidate changelog and add PR link per review feedback
* fix(keycloak): URL-encode query params for usernames with special chars
get_user_by_username() concatenates the username directly into the URL
query string. When the username contains a +, it is interpreted as a
space by the server, returning no match and causing a TypeError.
Use urllib.parse.quote() (already imported) for the username parameter.
Also replace three fragile .replace(' ', '%20') calls in the authz
search methods with proper quote() calls.
Fixes#10305
* Update changelogs/fragments/keycloak-url-encode-query-params.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add to_toml filter
This is based heavily on the to_yaml filter, but
with a pared-down feature set.
* Protect import
* Don't quote datetime as a string
* Use Ansible error types
* Import correct error types
* Don't use AnsibleTypeError
It doesn't seem to be available on older Ansible
core versions.
* Fix antsibull-nox errors
* Install dependencies for to_toml integration test
Co-authored-by: Felix Fontein <felix@fontein.de>
* Reduce author list to main contributor
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version added for to_toml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use AnsibleError for missing import
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use AnsibleFilterError for runtime type check
Co-authored-by: Felix Fontein <felix@fontein.de>
* Move common code to plugin_utils/_tags.py
* Mark module util as private
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update BOTMETA for to_toml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix typo
* Correct version number
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use to_text for to_toml dict key conversions
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add tomlkit requirement to docs
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add missing import
* Add aliases for for to_toml integration test
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
