cobbler_system: fix `KeyError` when adding new interface to existing system (#11995)
* fix(cobbler_system): handle missing interface device on existing system
When adding a new interface to an existing Cobbler system that does not
yet have that interface defined, the module raised a KeyError. Use .get()
with a fallback empty dict to safely handle that case. Also add a
continue after the unknown-property warning to prevent a secondary
KeyError on IFPROPS_MAPPING lookup.
Fixes: #7007
* chore(cobbler_system): add changelog fragment for #11995
---------
(cherry picked from commit 02b969ee4d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ipa_group: fix idempotency when `external: false` on existing non-external group (#11933)
* fix(ipa_group): skip group_mod when external flag matches IPA state
When external=false (the default), get_group_diff() left the external
key in the diff even though the group was already non-external, causing
a spurious group_mod call that IPA rejected with "no modifications to
be performed". The fix checks equality in both directions.
Fixes#5061
* fix(ipa_group): add changelog fragment for PR 11933
* add quoting to fragment
(cherry picked from commit c4fc0ff4e1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Improve module docs (#11981)
* Fix _facts module documentation.
* Get rid of some more 'type: complex'.
(cherry picked from commit de42aec78b)
Co-authored-by: Felix Fontein <felix@fontein.de>
odbc: fetch rows before commit to fix HY010 function sequence error (#11972)
* fix(odbc): fetch rows before committing to fix HY010 function sequence error
Fixes#5395
* chore(odbc): add changelog fragment for PR #11972
---------
(cherry picked from commit d7f248fb01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Docs: ohai examples are not YAML (#11975)
ohai examples are not YAML.
(cherry picked from commit 2e29b3204d)
Co-authored-by: Felix Fontein <felix@fontein.de>
apt_rpm: handle `update-kernel` rc=1 when no new kernel is available (#11949)
* fix(apt_rpm): do not fail when update-kernel finds no new kernel
update-kernel exits with rc=1 when the kernel is already at the latest
version. Handle this case gracefully by checking for the known
"There are no available kernels" message in stderr and returning
changed=False instead of raising an error.
Fixes#10055
* fix(apt_rpm): add changelog fragment for #11949
* Apply suggestion from review
---------
(cherry picked from commit dd5bd733fc)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
logstash_plugin: fix proxy support and improve error reporting (#11951)
* fix(logstash_plugin): use env vars for proxy, expose stderr on failure
Replace broken -DproxyHost/-DproxyPort JVM flags with http_proxy/https_proxy
environment variables, which are respected by modern Logstash bundled JDK.
Also include stderr in fail_json so the actual error output is visible.
Fixes#8650
* feat(changelog): add fragment for PR 11951
(cherry picked from commit 881f64c93b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
zypper_repository: allow `state=absent` when `.repo` URL/file is unreachable (#11947)
* fix(zypper_repository): allow state=absent when .repo URL/file is unreachable
When removing a repository by .repo URL, a download failure used to cause
an unconditional fail_json. Now, for state=absent, the module warns and
falls back to deriving the alias from the .repo filename basename.
* feat(changelog): add fragment for PR 11947
---------
(cherry picked from commit 2becfe45b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
odbc: add Arch Linux support via AUR psqlodbc (#11944)
* test(odbc): add Arch Linux support via AUR psqlodbc
Fixes#4267
* test(setup_postgresql_db): guard Arch Linux initdb with creates
* test(odbc): add setup_remote_tmp_dir dependency
(cherry picked from commit c7be9e4d5b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
test(integration): enable homectl test for ArchLinux (#11945)
* test(integration): enable homectl test for ArchLinux
* install passlib in Arch Linux
* test: requires vm in homectl aliases
(cherry picked from commit 036811e668)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Move ansible-core 2.18 to EOL CI (#11901)
Move ansible-core 2.18 to EOL CI.
(cherry picked from commit 9ef1dbb6d5)
Co-authored-by: Felix Fontein <felix@fontein.de>
keycloak modules: add missing author credit (#11840)
keycloak modules: add missing author credit for contributions
Added myself (@koke1997) to the author list of three modules
I contributed to in PRs #11468, #11470, #11471, and #11473 but forgot
to include at the time. Also signing up as maintainer for these modules
in .github/BOTMETA.yml so the bot can route related issues and PRs.
(cherry picked from commit 7ce198f0e7)
Co-authored-by: Ivan Kokalovic <67540157+koke1997@users.noreply.github.com>
jira - resolve Cloud assignee email to account ID via user search (#11735)
* jira - resolve Cloud assignee email to account ID via user search
When cloud=true and assignee contains '@', look up a unique user with
GET /rest/api/2/user/search and use accountId for create, transition,
and edit. Document Jira Cloud vs Server/Data Center assignee behavior.
Fixes https://github.com/ansible-collections/community.general/issues/11734
Assisted-by AI: Claude 4.6 Opus (Anthropic) via Cursor IDE
* * Using urllib.parse.quote for URL encoding
* Adding "added in version" note for assignee when resolving account_id from email
* * Added cached variable 'user_email'
* Changed comparison to handle missing email safely
* Updated error message formatting to use repr-style values
* jira - adjust assignee and cloud descriptions (#11734)
* jira - resolve user-type field emails to account IDs on Jira Cloud (#11734)
When cloud=true, user-type fields (assignee, reporter, and any listed
in the new custom_user_fields parameter) that contain '@' are resolved
from email to Jira Cloud account ID via the user search API. Strings
without '@' are assumed to be account IDs. Add custom_user_fields
parameter for user to declare additional custom fields of user type.
* jira - address PR 11735 review (docs, assignee path, errors, naming)
- Clarify O(custom_user_fields): built-ins stay automatic; list extra
user-typed fields without implying they are only custom-field IDs.
- On Jira Cloud, set assignee from the module param as a plain string and
let resolve_user_fields() map it to accountId (including email lookup).
- Drop redundant ``or []`` when merging O(custom_user_fields) with the
built-in user field list.
- Use public names USER_FIELDS, resolve_user_fields, and resolve_account_id
(no leading underscore) per reviewer preference.
- Quote field name and email in resolution errors with explicit "…" text
instead of repr-style !r, keeping values readable in failure messages.
Refs: https://github.com/ansible-collections/community.general/pull/11735
AI-assisted: Composer 2 (Anthropic) via Cursor IDE
* Changing fail_json formatting
* formatting fixes
* jira - fixing assignee as module option in description
---------
(cherry picked from commit 3e9689b13d)
Signed-off-by: Vladimir Vasilev <vvasilev@redhat.com>
Co-authored-by: vladi-k <53343355+vladi-k@users.noreply.github.com>
ipa_dnsrecord: add `exclusive` parameter for append-without-replace semantics (#11694)
* ipa_dnsrecord: add solo parameter for append-without-replace semantics
Fixes#682
Adds O(solo) boolean parameter (default true, preserving current
replace behaviour) consistent with other DNS modules such as
community.general.dnsimple. When solo=false, only values not
already present in IPA are added, leaving existing values untouched.
* ipa_dnsrecord: rename solo parameter to exclusive
Rename O(solo) to O(exclusive) following reviewer feedback.
'exclusive' is the established Ansible convention for this semantic
(e.g. community.general.ini_file), while 'solo' implies single-value
DNS records.
* ipa_dnsrecord: fix changelog fragment symbol markup
Use double backticks per RST convention in changelog fragments,
not the O() macro (which is for module docstrings).
* Update plugins/modules/ipa_dnsrecord.py
* ipa_dnsrecord: implement exclusive semantics for state=absent
- exclusive=true + state=absent: remove all existing values of that
record type and name, ignoring the specified record_value(s)
- exclusive=false + state=absent: remove only the specified values
that actually exist in IPA, preserving all others
Also updates the exclusive parameter documentation to cover both
state=present and state=absent behaviour.
---------
(cherry picked from commit 180da98a7c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
udm_user, homectl - replace crypt/legacycrypt with passlib (#11860)
* udm_user - replace crypt/legacycrypt with passlib
The stdlib crypt module was removed in Python 3.13. Replace the
crypt/legacycrypt import chain with passlib (already used elsewhere
in the collection) and use CryptContext.verify() for password
comparison.
Fixes#4690
* Add changelog fragment for PR 11860
* remove redundant ignore file entries
* udm_user, homectl - replace crypt/legacycrypt with _crypt module utils
Add a new _crypt module_utils that abstracts password hashing and
verification. It uses passlib when available, falling back to the
stdlib crypt or legacycrypt, and raises ImportError if none of them
can be imported. Both udm_user and homectl now use this shared
utility, fixing compatibility with Python 3.13+.
Fixes#4690
* Add BOTMETA entry for _crypt module utils
* _crypt - fix mypy errors and handle complete unavailability
Replace CryptContext = object fallback (rejected by mypy) with a
proper dummy class definition. Add has_crypt_context flag so modules
can detect when no backend is available. Update both modules to
import and check has_crypt_context instead of testing for None.
* adjsutments from review
* Update plugins/modules/homectl.py
* Update plugins/modules/udm_user.py
---------
(cherry picked from commit 25b21183bb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
homebrew_cask: fix false failure on upgrade of latest-versioned casks (#11838)
* homebrew_cask: fix false failure on upgrade of latest-versioned casks
Use rc == 0 to determine upgrade success, consistent with _upgrade_all().
The previous check (_current_cask_is_installed() and not _current_cask_is_outdated())
was unreliable: for `latest`-versioned casks under --greedy, brew may still
list the cask as outdated after a successful upgrade, causing the task to fail
with a harmless warning from stderr as the error message.
Fixes#1647
* homebrew_cask: add changelog fragment for #11838
* Fix changelog fragment
---------
(cherry picked from commit d0d213a41d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_project_variable - use find_project() for graceful error handling (#11878)
* gitlab_project_variable - use find_project() for consistent error handling
Replace the bare projects.get() call in GitlabProjectVariables.get_project()
with find_project() from module_utils/gitlab, which all other GitLab modules
already use. This ensures a graceful fail_json (with a clear error message)
when the project is not found, rather than an unhandled GitlabGetError
propagating as a module traceback.
* Add changelog fragment for PR 11878
* minor adjustment in f-string
---------
(cherry picked from commit 1b0b8d5cc1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
locale_gen: support locales not yet listed in /etc/locale.gen (#11824)
* locale_gen: support locales not yet listed in /etc/locale.gen
On systems like Gentoo where /etc/locale.gen starts with only a handful
of commented examples, set_locale_glibc() now appends missing locale
entries sourced from /usr/share/i18n/SUPPORTED instead of silently
doing nothing. Also extracts the shared locale-entry regex into a
module-level constant RE_LOCALE_ENTRY.
* locale_gen: add changelog fragment for issue 2399
---------
(cherry picked from commit 39f4cda6b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
pacemaker: fix race condition on resource creation (#11750)
* remove pacemaker wait arg and fix race condition
* fix up pacemaker resource and stonith polling
* add changelog for pacemaker timeout bug
* remove env from test case and fix changelog file name
* Update changelogs/fragments/11750-pacemaker-wait-race-condition.yml
---------
(cherry picked from commit 6c809dd9db)
Co-authored-by: munchtoast <45038532+munchtoast@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
parted: add unit_preserve_case option to fix unit case in return value (#11813)
* parted: add unit_preserve_case option to fix unit case in return value
Adds O(unit_preserve_case) feature flag (bool, default None) to control
the case of the ``unit`` field in the module return value.
Previously the unit was always lowercased (e.g. ``kib``), making it
impossible to feed ``disk.unit`` back as the ``unit`` parameter without
a validation error. With O(unit_preserve_case=true) the unit is returned
in its original mixed case (e.g. ``KiB``), matching the accepted input
values.
The default (None) emits a deprecation notice; the default will become
V(true) in community.general 14.0.0.
Fixes#1860
* parted: add changelog fragment for PR #11813
* adjustments from review
* Comment 15.0.0 deprecation in option decription.
* parted: fix unit test calls to parse_partition_info after signature change
* parted: fix unit_preserve_case - parted outputs lowercase units in machine mode
Parted's machine-parseable output always uses lowercase unit suffixes
(e.g. ``kib``, ``mib``) regardless of what was passed to the ``unit``
parameter. Removing the explicit ``.lower()`` call was therefore not
enough to preserve case.
Add a ``canonical_unit()`` helper that maps a unit string to its canonical
mixed-case form using ``parted_units`` as the reference, and use it
instead of a bare identity when ``unit_preserve_case=true``.
Also fix a yamllint violation in the DOCUMENTATION block (missing space
after ``#`` in inline comments).
* Update plugins/modules/parted.py
* Update plugins/modules/parted.py
---------
(cherry picked from commit edf8f24959)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
xenserver_guest: changed cdrom handling for userdevice != 3, fixes#11624 (#11702)
* xenserver_guest: changed cdrom handling for userdevice != 3, fixes#11624
- CD-ROM handling code has been moved before disk handling code. This more
closely mimics XenCenter/XCP-ng Center behavior. CD-ROM device, if added,
will now grab position 3 before any disk grabs it.
- Position 3 is now skipped when adding disks to leave it reserved for
CD-ROM device. If any disk ends up occupying position 3 and CD-ROM
device ends up pushed to position above 3, booting from ISO is not
possible (#11624).
* Added changelog fragment for #11702
* Added missing issue and PR URLs to changelog fragment for #11702
* Fixed changelog fragment for #11702
(cherry picked from commit 314863e3a7)
Co-authored-by: Bojan Vitnik <bvitnik@yahoo.com>
consul_kv: add ca_path option for custom CA certificate (#11817)
* consul_kv: add ca_path option for custom CA certificate
Adds ca_path parameter to both the consul_kv module and consul_kv lookup
plugin, allowing users to specify a CA bundle for HTTPS connections instead
of being limited to toggling certificate validation on/off.
* consul_kv: add changelog fragment for PR #11817
* consul_kv: address review comments from felixfontein
- Fix verify logic: ca_path is ignored when validate_certs=false
- Improve validate_certs description to nudge users toward ca_path
---------
(cherry picked from commit 175808d997)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
homebrew_cask: handle placeholder version from brew --version (#11849)
* homebrew_cask: handle placeholder version from brew --version
When brew is run as the wrong user, git repositories may be owned by
a different user, causing brew --version to output a placeholder like
"Homebrew >= 4.3.0 (shallow or no git repository)" instead of the real
version. The parsed version would then be lower than the 2.6.0 threshold,
causing _brew_cask_command_is_deprecated() to return False and the module
to use the disabled "brew cask" command syntax.
Detect the ">=" prefix in the parsed version and treat it as a modern
installation.
Fixes#4708
* homebrew_cask: add changelog fragment for #11849
---------
(cherry picked from commit 74c096b00c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
logrotate: fix parameter and config file validation and more (#11764)
* fix(logrotate): add missing defaults and parameter validation declarations
- Add default="present" to state parameter
- Add default="/etc/logrotate.d" to config_dir parameter
- Add required_by declarations for shred and compression parameters
* fix(logrotate): fix runtime validation bugs, remove duplicate checks
- Fix shred_cycles TypeError when value is None
- Fix enabled=None handling in get_config_path
- Remove duplicate runtime mutually_exclusive checks
- Add runtime boolean truthiness checks
- Add 'create' parameter format validation
- Remove stale test method
* fix(logrotate): restructure file operations, validate before write
- Write content to tmpdir temp file, validate, then atomic move to destination.
- Wrap all os.remove() calls in try/except with fail_json on error
- Wrap all module.atomic_move() calls in try/except with fail_json on error
- Also add self.mock_module.tmpdir = self.test_dir to test setUp for new code path
* docs(logrotate): update DOCUMENTATION block
- Add 'default: present' to state option
- Add 'default: /etc/logrotate.d' to config_dir option
* feat(logrotate): add optional backup parameter
* chore: add logrotate fixes changelog fragment
* chore(changelog/logrotate): use present tense singular
* fix(logrotate): handle trailing spaces in create param
* refactor(logrotate): remove redundant checks
These are already handled by `required_if` statements in the module spec
* refactor(logrotate): use tempfile to create temporary file
* refactor(logrotate): remove redundant `bool()` casts on `target_enabled`
`target_enabled` is guaranteed to be bool by this point. It's either the module param (typed bool) or falls back to `current_enabled` (also bool). The `bool()` wraps are no-ops.
* refactor(logrotate): remove unused `self.config_file` attribute
* refactor(logrotate): remove dead `any_state` parameter from `read_existing_config`
* fix(logrotate): raise error instead of falling through on enabled-state rename failures
* refactor(logrotate): tighten `get_config_path` sig to bool
`None` callers are removed now so this is safe
* test(logrotate): remove stale open mock assertion after tempfile refactor
* style(logrotate): format file
* chore(logrotate): add missing `version_added` attribute
* fix(logrotate): clean up temp file
* fix(logrotate): remove redundant temp file cleanup
* refactor(logrotate): Use dict subscript to access required backup param
* fix(logrotate): fix: only remove old config file when path differs from target
* fix(logrotate): update logrotate_bin type hint to str
* feat(logrotate): add backup file handling when removing old config
* style(logrotate): format file
* test(logrotate): add missing backup default to `_setup_module_params`
* test(logrotate): fix incorrect `os.remove` assertion in update test
* refactor(logrotate): remove unnecessary `to_native()` call
* refactor(logrotate): replace str quotes with !r
* fix(logrotate): change backup default back to true
* fix(logrotate): raise error when `shred_cycle`s is set with `shred=false`
* docs(logrotate): clarify `shred_cycles` behaviour
* fix(logrotate): remove to_native calls for exception messages
* docs(logrotate): improve `config_dir` param description
* refactor(logrotate): simplify backup file assignment logic
* style(logrotate): format file
* docs(logrotate): improve config_map description
---------
(cherry picked from commit e911081102)
Co-authored-by: tigattack <10629864+tigattack@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
iso_extract: retry umount on busy filesystem before cleanup (#11837)
* iso_extract: retry umount on busy filesystem before cleanup
Fixes#5333
* iso_extract: add changelog fragment for #11837
* make chglog more concise
---------
(cherry picked from commit 87ecfa3432)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
udm_user - fix alias-to-canonical param name mismatch (#11859)
* udm_user - fix alias-to-canonical param name mismatch
The loop that maps UDM object properties to module params iterated
over UDM keys (camelCase, e.g. displayName, primaryGroup) and looked
them up directly in module.params, which is keyed by canonical names
(snake_case, e.g. display_name, primary_group). This caused all
aliased params to be silently ignored.
Build an alias-to-canonical mapping from argument_spec and use it
to resolve UDM keys to the correct module.params entries.
Also fix the direct module.params["displayName"] access which raised
KeyError when the user did not explicitly use the alias form.
Fixes#2950Fixes#3691
* Add changelog fragment for PR 11859
---------
(cherry picked from commit dad84dd36d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
