xml: fail for non-string `value`s (#11959)
* fix(xml): coerce boolean values to string with a warning
Fixes#7171
* test(xml): add integration tests for boolean value handling
* changelog: add fragment for PR 11959
* adjustments from review
* test(xml): update boolean-value integration tests to expect failure
Now that xml fails on non-string values, replace the old success-path
tests with failure assertions and add a positive test for quoted strings.
Remove the no-longer-needed result XML fixtures.
* adjustments from review
* fix(xml): correct boolean test assertions to match actual error message format
---------
(cherry picked from commit d87a8a167f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
yarn: add Alpine Linux support in integration tests (#11943)
* test(yarn): add Alpine Linux support via apk
Install nodejs and yarn via apk on Alpine, sharing the functional
test block with the existing non-Alpine (pre-built binary) path.
Extracts the test block into tests.yml to avoid duplication.
Fixes#4270
* fix(yarn): skip Node.js runtime warnings in stderr processing
Node.js 24 emits DeprecationWarning lines to stderr (e.g. for url.parse())
that are not JSON, causing _process_yarn_error to fail with "Unexpected
stderr output from Yarn". Skip lines starting with "(node:" before
attempting JSON parsing.
* test(yarn): add changelog fragment for #11943
* fix(yarn): only JSON-parse lines starting with '{' in stderr
Node.js 24 emits multi-line DeprecationWarnings to stderr (e.g. the hint
line "(Use `node --trace-deprecation ...`") that are not JSON and were
tripping the "Unexpected stderr output from Yarn" failure. Yarn's
structured output always starts with '{', so skip any line that doesn't.
* test(yarn): install sqlite on Alpine to fix nodejs 22 symbol error
On Alpine 3.21 nodejs 22 requires SQLite session extension symbols
(sqlite3session_*) that are not present in sqlite-libs; installing
the full sqlite package provides them.
* test(yarn): refresh apk cache and upgrade sqlite-libs before installing nodejs
The CI Alpine container may have a stale sqlite-libs that lacks the
session extension symbols (sqlite3session_*) required by nodejs 22+.
Force a cache refresh and upgrade sqlite-libs to the latest revision.
* fix(yarn): warn on non-JSON stderr lines instead of silently skipping
Non-JSON lines in stderr (e.g. Node.js runtime DeprecationWarnings) are
surfaced to the user via module.warn() rather than being silently ignored,
since their content and meaning are not known in advance.
* prefix yarn output line
* Update changelogs/fragments/11943-yarn-nodejs-runtime-warnings.yml
---------
(cherry picked from commit 38d49d240e)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
cobbler_system: fix `KeyError` when adding new interface to existing system (#11995)
* fix(cobbler_system): handle missing interface device on existing system
When adding a new interface to an existing Cobbler system that does not
yet have that interface defined, the module raised a KeyError. Use .get()
with a fallback empty dict to safely handle that case. Also add a
continue after the unknown-property warning to prevent a secondary
KeyError on IFPROPS_MAPPING lookup.
Fixes: #7007
* chore(cobbler_system): add changelog fragment for #11995
---------
(cherry picked from commit 02b969ee4d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ipa_group: fix idempotency when `external: false` on existing non-external group (#11933)
* fix(ipa_group): skip group_mod when external flag matches IPA state
When external=false (the default), get_group_diff() left the external
key in the diff even though the group was already non-external, causing
a spurious group_mod call that IPA rejected with "no modifications to
be performed". The fix checks equality in both directions.
Fixes#5061
* fix(ipa_group): add changelog fragment for PR 11933
* add quoting to fragment
(cherry picked from commit c4fc0ff4e1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Improve module docs (#11981)
* Fix _facts module documentation.
* Get rid of some more 'type: complex'.
(cherry picked from commit de42aec78b)
Co-authored-by: Felix Fontein <felix@fontein.de>
odbc: fetch rows before commit to fix HY010 function sequence error (#11972)
* fix(odbc): fetch rows before committing to fix HY010 function sequence error
Fixes#5395
* chore(odbc): add changelog fragment for PR #11972
---------
(cherry picked from commit d7f248fb01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Docs: ohai examples are not YAML (#11975)
ohai examples are not YAML.
(cherry picked from commit 2e29b3204d)
Co-authored-by: Felix Fontein <felix@fontein.de>
apt_rpm: handle `update-kernel` rc=1 when no new kernel is available (#11949)
* fix(apt_rpm): do not fail when update-kernel finds no new kernel
update-kernel exits with rc=1 when the kernel is already at the latest
version. Handle this case gracefully by checking for the known
"There are no available kernels" message in stderr and returning
changed=False instead of raising an error.
Fixes#10055
* fix(apt_rpm): add changelog fragment for #11949
* Apply suggestion from review
---------
(cherry picked from commit dd5bd733fc)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
logstash_plugin: fix proxy support and improve error reporting (#11951)
* fix(logstash_plugin): use env vars for proxy, expose stderr on failure
Replace broken -DproxyHost/-DproxyPort JVM flags with http_proxy/https_proxy
environment variables, which are respected by modern Logstash bundled JDK.
Also include stderr in fail_json so the actual error output is visible.
Fixes#8650
* feat(changelog): add fragment for PR 11951
(cherry picked from commit 881f64c93b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
zypper_repository: allow `state=absent` when `.repo` URL/file is unreachable (#11947)
* fix(zypper_repository): allow state=absent when .repo URL/file is unreachable
When removing a repository by .repo URL, a download failure used to cause
an unconditional fail_json. Now, for state=absent, the module warns and
falls back to deriving the alias from the .repo filename basename.
* feat(changelog): add fragment for PR 11947
---------
(cherry picked from commit 2becfe45b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
keycloak modules: add missing author credit (#11840)
keycloak modules: add missing author credit for contributions
Added myself (@koke1997) to the author list of three modules
I contributed to in PRs #11468, #11470, #11471, and #11473 but forgot
to include at the time. Also signing up as maintainer for these modules
in .github/BOTMETA.yml so the bot can route related issues and PRs.
(cherry picked from commit 7ce198f0e7)
Co-authored-by: Ivan Kokalovic <67540157+koke1997@users.noreply.github.com>
jira - resolve Cloud assignee email to account ID via user search (#11735)
* jira - resolve Cloud assignee email to account ID via user search
When cloud=true and assignee contains '@', look up a unique user with
GET /rest/api/2/user/search and use accountId for create, transition,
and edit. Document Jira Cloud vs Server/Data Center assignee behavior.
Fixes https://github.com/ansible-collections/community.general/issues/11734
Assisted-by AI: Claude 4.6 Opus (Anthropic) via Cursor IDE
* * Using urllib.parse.quote for URL encoding
* Adding "added in version" note for assignee when resolving account_id from email
* * Added cached variable 'user_email'
* Changed comparison to handle missing email safely
* Updated error message formatting to use repr-style values
* jira - adjust assignee and cloud descriptions (#11734)
* jira - resolve user-type field emails to account IDs on Jira Cloud (#11734)
When cloud=true, user-type fields (assignee, reporter, and any listed
in the new custom_user_fields parameter) that contain '@' are resolved
from email to Jira Cloud account ID via the user search API. Strings
without '@' are assumed to be account IDs. Add custom_user_fields
parameter for user to declare additional custom fields of user type.
* jira - address PR 11735 review (docs, assignee path, errors, naming)
- Clarify O(custom_user_fields): built-ins stay automatic; list extra
user-typed fields without implying they are only custom-field IDs.
- On Jira Cloud, set assignee from the module param as a plain string and
let resolve_user_fields() map it to accountId (including email lookup).
- Drop redundant ``or []`` when merging O(custom_user_fields) with the
built-in user field list.
- Use public names USER_FIELDS, resolve_user_fields, and resolve_account_id
(no leading underscore) per reviewer preference.
- Quote field name and email in resolution errors with explicit "…" text
instead of repr-style !r, keeping values readable in failure messages.
Refs: https://github.com/ansible-collections/community.general/pull/11735
AI-assisted: Composer 2 (Anthropic) via Cursor IDE
* Changing fail_json formatting
* formatting fixes
* jira - fixing assignee as module option in description
---------
(cherry picked from commit 3e9689b13d)
Signed-off-by: Vladimir Vasilev <vvasilev@redhat.com>
Co-authored-by: vladi-k <53343355+vladi-k@users.noreply.github.com>
ipa_dnsrecord: add `exclusive` parameter for append-without-replace semantics (#11694)
* ipa_dnsrecord: add solo parameter for append-without-replace semantics
Fixes#682
Adds O(solo) boolean parameter (default true, preserving current
replace behaviour) consistent with other DNS modules such as
community.general.dnsimple. When solo=false, only values not
already present in IPA are added, leaving existing values untouched.
* ipa_dnsrecord: rename solo parameter to exclusive
Rename O(solo) to O(exclusive) following reviewer feedback.
'exclusive' is the established Ansible convention for this semantic
(e.g. community.general.ini_file), while 'solo' implies single-value
DNS records.
* ipa_dnsrecord: fix changelog fragment symbol markup
Use double backticks per RST convention in changelog fragments,
not the O() macro (which is for module docstrings).
* Update plugins/modules/ipa_dnsrecord.py
* ipa_dnsrecord: implement exclusive semantics for state=absent
- exclusive=true + state=absent: remove all existing values of that
record type and name, ignoring the specified record_value(s)
- exclusive=false + state=absent: remove only the specified values
that actually exist in IPA, preserving all others
Also updates the exclusive parameter documentation to cover both
state=present and state=absent behaviour.
---------
(cherry picked from commit 180da98a7c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
udm_user, homectl - replace crypt/legacycrypt with passlib (#11860)
* udm_user - replace crypt/legacycrypt with passlib
The stdlib crypt module was removed in Python 3.13. Replace the
crypt/legacycrypt import chain with passlib (already used elsewhere
in the collection) and use CryptContext.verify() for password
comparison.
Fixes#4690
* Add changelog fragment for PR 11860
* remove redundant ignore file entries
* udm_user, homectl - replace crypt/legacycrypt with _crypt module utils
Add a new _crypt module_utils that abstracts password hashing and
verification. It uses passlib when available, falling back to the
stdlib crypt or legacycrypt, and raises ImportError if none of them
can be imported. Both udm_user and homectl now use this shared
utility, fixing compatibility with Python 3.13+.
Fixes#4690
* Add BOTMETA entry for _crypt module utils
* _crypt - fix mypy errors and handle complete unavailability
Replace CryptContext = object fallback (rejected by mypy) with a
proper dummy class definition. Add has_crypt_context flag so modules
can detect when no backend is available. Update both modules to
import and check has_crypt_context instead of testing for None.
* adjsutments from review
* Update plugins/modules/homectl.py
* Update plugins/modules/udm_user.py
---------
(cherry picked from commit 25b21183bb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
homebrew_cask: fix false failure on upgrade of latest-versioned casks (#11838)
* homebrew_cask: fix false failure on upgrade of latest-versioned casks
Use rc == 0 to determine upgrade success, consistent with _upgrade_all().
The previous check (_current_cask_is_installed() and not _current_cask_is_outdated())
was unreliable: for `latest`-versioned casks under --greedy, brew may still
list the cask as outdated after a successful upgrade, causing the task to fail
with a harmless warning from stderr as the error message.
Fixes#1647
* homebrew_cask: add changelog fragment for #11838
* Fix changelog fragment
---------
(cherry picked from commit d0d213a41d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_project_variable - use find_project() for graceful error handling (#11878)
* gitlab_project_variable - use find_project() for consistent error handling
Replace the bare projects.get() call in GitlabProjectVariables.get_project()
with find_project() from module_utils/gitlab, which all other GitLab modules
already use. This ensures a graceful fail_json (with a clear error message)
when the project is not found, rather than an unhandled GitlabGetError
propagating as a module traceback.
* Add changelog fragment for PR 11878
* minor adjustment in f-string
---------
(cherry picked from commit 1b0b8d5cc1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
locale_gen: support locales not yet listed in /etc/locale.gen (#11824)
* locale_gen: support locales not yet listed in /etc/locale.gen
On systems like Gentoo where /etc/locale.gen starts with only a handful
of commented examples, set_locale_glibc() now appends missing locale
entries sourced from /usr/share/i18n/SUPPORTED instead of silently
doing nothing. Also extracts the shared locale-entry regex into a
module-level constant RE_LOCALE_ENTRY.
* locale_gen: add changelog fragment for issue 2399
---------
(cherry picked from commit 39f4cda6b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
pacemaker: fix race condition on resource creation (#11750)
* remove pacemaker wait arg and fix race condition
* fix up pacemaker resource and stonith polling
* add changelog for pacemaker timeout bug
* remove env from test case and fix changelog file name
* Update changelogs/fragments/11750-pacemaker-wait-race-condition.yml
---------
(cherry picked from commit 6c809dd9db)
Co-authored-by: munchtoast <45038532+munchtoast@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
parted: add unit_preserve_case option to fix unit case in return value (#11813)
* parted: add unit_preserve_case option to fix unit case in return value
Adds O(unit_preserve_case) feature flag (bool, default None) to control
the case of the ``unit`` field in the module return value.
Previously the unit was always lowercased (e.g. ``kib``), making it
impossible to feed ``disk.unit`` back as the ``unit`` parameter without
a validation error. With O(unit_preserve_case=true) the unit is returned
in its original mixed case (e.g. ``KiB``), matching the accepted input
values.
The default (None) emits a deprecation notice; the default will become
V(true) in community.general 14.0.0.
Fixes#1860
* parted: add changelog fragment for PR #11813
* adjustments from review
* Comment 15.0.0 deprecation in option decription.
* parted: fix unit test calls to parse_partition_info after signature change
* parted: fix unit_preserve_case - parted outputs lowercase units in machine mode
Parted's machine-parseable output always uses lowercase unit suffixes
(e.g. ``kib``, ``mib``) regardless of what was passed to the ``unit``
parameter. Removing the explicit ``.lower()`` call was therefore not
enough to preserve case.
Add a ``canonical_unit()`` helper that maps a unit string to its canonical
mixed-case form using ``parted_units`` as the reference, and use it
instead of a bare identity when ``unit_preserve_case=true``.
Also fix a yamllint violation in the DOCUMENTATION block (missing space
after ``#`` in inline comments).
* Update plugins/modules/parted.py
* Update plugins/modules/parted.py
---------
(cherry picked from commit edf8f24959)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
xenserver_guest: changed cdrom handling for userdevice != 3, fixes#11624 (#11702)
* xenserver_guest: changed cdrom handling for userdevice != 3, fixes#11624
- CD-ROM handling code has been moved before disk handling code. This more
closely mimics XenCenter/XCP-ng Center behavior. CD-ROM device, if added,
will now grab position 3 before any disk grabs it.
- Position 3 is now skipped when adding disks to leave it reserved for
CD-ROM device. If any disk ends up occupying position 3 and CD-ROM
device ends up pushed to position above 3, booting from ISO is not
possible (#11624).
* Added changelog fragment for #11702
* Added missing issue and PR URLs to changelog fragment for #11702
* Fixed changelog fragment for #11702
(cherry picked from commit 314863e3a7)
Co-authored-by: Bojan Vitnik <bvitnik@yahoo.com>
consul_kv: add ca_path option for custom CA certificate (#11817)
* consul_kv: add ca_path option for custom CA certificate
Adds ca_path parameter to both the consul_kv module and consul_kv lookup
plugin, allowing users to specify a CA bundle for HTTPS connections instead
of being limited to toggling certificate validation on/off.
* consul_kv: add changelog fragment for PR #11817
* consul_kv: address review comments from felixfontein
- Fix verify logic: ca_path is ignored when validate_certs=false
- Improve validate_certs description to nudge users toward ca_path
---------
(cherry picked from commit 175808d997)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
homebrew_cask: handle placeholder version from brew --version (#11849)
* homebrew_cask: handle placeholder version from brew --version
When brew is run as the wrong user, git repositories may be owned by
a different user, causing brew --version to output a placeholder like
"Homebrew >= 4.3.0 (shallow or no git repository)" instead of the real
version. The parsed version would then be lower than the 2.6.0 threshold,
causing _brew_cask_command_is_deprecated() to return False and the module
to use the disabled "brew cask" command syntax.
Detect the ">=" prefix in the parsed version and treat it as a modern
installation.
Fixes#4708
* homebrew_cask: add changelog fragment for #11849
---------
(cherry picked from commit 74c096b00c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
logrotate: fix parameter and config file validation and more (#11764)
* fix(logrotate): add missing defaults and parameter validation declarations
- Add default="present" to state parameter
- Add default="/etc/logrotate.d" to config_dir parameter
- Add required_by declarations for shred and compression parameters
* fix(logrotate): fix runtime validation bugs, remove duplicate checks
- Fix shred_cycles TypeError when value is None
- Fix enabled=None handling in get_config_path
- Remove duplicate runtime mutually_exclusive checks
- Add runtime boolean truthiness checks
- Add 'create' parameter format validation
- Remove stale test method
* fix(logrotate): restructure file operations, validate before write
- Write content to tmpdir temp file, validate, then atomic move to destination.
- Wrap all os.remove() calls in try/except with fail_json on error
- Wrap all module.atomic_move() calls in try/except with fail_json on error
- Also add self.mock_module.tmpdir = self.test_dir to test setUp for new code path
* docs(logrotate): update DOCUMENTATION block
- Add 'default: present' to state option
- Add 'default: /etc/logrotate.d' to config_dir option
* feat(logrotate): add optional backup parameter
* chore: add logrotate fixes changelog fragment
* chore(changelog/logrotate): use present tense singular
* fix(logrotate): handle trailing spaces in create param
* refactor(logrotate): remove redundant checks
These are already handled by `required_if` statements in the module spec
* refactor(logrotate): use tempfile to create temporary file
* refactor(logrotate): remove redundant `bool()` casts on `target_enabled`
`target_enabled` is guaranteed to be bool by this point. It's either the module param (typed bool) or falls back to `current_enabled` (also bool). The `bool()` wraps are no-ops.
* refactor(logrotate): remove unused `self.config_file` attribute
* refactor(logrotate): remove dead `any_state` parameter from `read_existing_config`
* fix(logrotate): raise error instead of falling through on enabled-state rename failures
* refactor(logrotate): tighten `get_config_path` sig to bool
`None` callers are removed now so this is safe
* test(logrotate): remove stale open mock assertion after tempfile refactor
* style(logrotate): format file
* chore(logrotate): add missing `version_added` attribute
* fix(logrotate): clean up temp file
* fix(logrotate): remove redundant temp file cleanup
* refactor(logrotate): Use dict subscript to access required backup param
* fix(logrotate): fix: only remove old config file when path differs from target
* fix(logrotate): update logrotate_bin type hint to str
* feat(logrotate): add backup file handling when removing old config
* style(logrotate): format file
* test(logrotate): add missing backup default to `_setup_module_params`
* test(logrotate): fix incorrect `os.remove` assertion in update test
* refactor(logrotate): remove unnecessary `to_native()` call
* refactor(logrotate): replace str quotes with !r
* fix(logrotate): change backup default back to true
* fix(logrotate): raise error when `shred_cycle`s is set with `shred=false`
* docs(logrotate): clarify `shred_cycles` behaviour
* fix(logrotate): remove to_native calls for exception messages
* docs(logrotate): improve `config_dir` param description
* refactor(logrotate): simplify backup file assignment logic
* style(logrotate): format file
* docs(logrotate): improve config_map description
---------
(cherry picked from commit e911081102)
Co-authored-by: tigattack <10629864+tigattack@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
iso_extract: retry umount on busy filesystem before cleanup (#11837)
* iso_extract: retry umount on busy filesystem before cleanup
Fixes#5333
* iso_extract: add changelog fragment for #11837
* make chglog more concise
---------
(cherry picked from commit 87ecfa3432)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
udm_user - fix alias-to-canonical param name mismatch (#11859)
* udm_user - fix alias-to-canonical param name mismatch
The loop that maps UDM object properties to module params iterated
over UDM keys (camelCase, e.g. displayName, primaryGroup) and looked
them up directly in module.params, which is keyed by canonical names
(snake_case, e.g. display_name, primary_group). This caused all
aliased params to be silently ignored.
Build an alias-to-canonical mapping from argument_spec and use it
to resolve UDM keys to the correct module.params entries.
Also fix the direct module.params["displayName"] access which raised
KeyError when the user did not explicitly use the alias form.
Fixes#2950Fixes#3691
* Add changelog fragment for PR 11859
---------
(cherry picked from commit dad84dd36d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
homebrew_tap: fix None in command, redundant brew tap calls, format strings, and drop no-op locale vars (#11848)
* homebrew_tap: fix None in command list, redundant brew tap calls, and bad format strings
- Fix None being injected into the run_command list when url is not
provided to add_tap (filter with [opt for opt in [...] if opt])
- Reduce redundant `brew tap` calls: add_taps and remove_taps now
fetch the tap list once upfront and pass it to the per-tap functions;
already_tapped accepts an optional pre-fetched list to avoid re-running
brew for every tap in a batch
- Fix mixed f-string/%-formatting in error messages in add_taps and
remove_taps, replaced with plain f-strings
* homebrew_tap: simplify command construction in add_tap
Replace the opaque list comprehension filter with an explicit conditional
append — only url is ever optional, so testing the known-present items
was misleading.
* homebrew_tap: remove unnecessary locale env vars
Homebrew has no i18n/l10n support — all output is hardcoded English.
LANGUAGE=C and LC_ALL=C have no effect on brew output.
* homebrew_tap: add changelog fragment for #11848
* remove hombrew_tap from PR #11783 changelog - change reverted here
---------
(cherry picked from commit c4ed3467b6)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_project_members: fail when multiple projects match by name (#11851)
* gitlab_project_members: fail when multiple projects match by name
When the project parameter is a bare name (not a full path), and the
search returns more than one match, the module now fails with a clear
error asking the user to provide the full path (group/project) to
disambiguate, instead of silently operating on the first result.
Fixes#2767
* gitlab_project_members: improve code formatting
* gitlab_project_members: add changelog fragment for #11851
---------
(cherry picked from commit 1db3d4f441)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
homebrew_cask: fix sudo_password failing with special characters (#11850)
* homebrew_cask: fix sudo_password with special characters in password
The SUDO_ASKPASS script embedded the password inside single quotes, which
breaks shell parsing whenever the password contains a single quote. Use a
quoted heredoc (cat <<'SUDO_PASS') instead, which treats the content
completely literally regardless of special characters.
Also replace .file.close() with .flush() (correct semantics — flushes
the write buffer without leaving the NamedTemporaryFile in a half-closed
state) and remove the redundant add_cleanup_file() call (the context
manager already deletes the file on exit).
Fixes#4957
* homebrew_cask: add changelog fragment for #11850
* homebrew_cask: fix sudo_password example and clarify ansible_become_password
* homebrew_cask: use shlex.quote() for sudo_password instead of heredoc
shlex.quote() is the standard Python approach for shell-safe quoting
and handles all special characters without the edge cases of heredocs.
---------
(cherry picked from commit f8869af65f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
etcd3 lookup - improve HTTPS connection handling and docs (#11861)
* etcd3 lookup - improve HTTPS connection handling and documentation
Improve user experience when connecting to HTTPS etcd3 endpoints:
- Strip URL scheme from host option when present, with a warning
- Warn when HTTPS endpoint is specified but ca_cert is not provided
- Document that ca_cert is required to enable TLS
- Add HTTPS connection example
- Fix minor doc markup issue in notes section
Fixes#1664
* Add changelog fragment for PR 11861
---------
(cherry picked from commit 076bc4e03b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
CI: Replace Fedora 43 with 44 for devel (#11836)
* Replace Fedora 43 with 44 for devel in CI.
* Adjust tests.
* Adjust flatpak module to Fedora 44.
(cherry picked from commit ef656cb9b6)
Co-authored-by: Felix Fontein <felix@fontein.de>
lvol: fix LVM version regex to handle date formats without dashes (#11823)
* lvol: fix LVM version regex to handle date formats without dashes
Fixes#5445
* lvol: add changelog fragment for issue 5445
---------
(cherry picked from commit 7172326868)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
