Ensure standard locale in run_command (group4-batch1) (#11765)
* ensure standard locale in run_command (group4)
Adds ``LANGUAGE=C`` and ``LC_ALL=C`` to the ``environ_update`` passed to
``run_command()`` calls in modules that parse command output, to prevent
locale-dependent parsing failures on non-C-locale systems.
Modules updated: dconf, pkgng, terraform.
* add changelog fragment for group4
* add PR link to group4 changelog fragment
* fix changelog fragment: rename with PR prefix, fix URL order
---------
(cherry picked from commit 2297a5c876)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ipa_host: fix errors when disabling host (#11487)
* fix errors when disabling host
- Fix the logic to actually allow disabling hosts
- Fix the dict != string error when error does happen
- Add has_keytab to returned dicts to allow users see if host is disabled or not
* Add changelog-fragments
* Run formatters
* More formatting
* Remove feature, only fix the logic
* Update changelogs/fragments/11487-ipa-host-fix-disable.yml
* Update changelogs/fragments/11487-ipa-host-fix-disable.yml
* Back to fstring
* Update plugins/modules/ipa_host.py
* Use more Pythonic way to for if
* Nox
* Revert back to working if
* Simplify if
* Remove extra get
---------
(cherry picked from commit 5eaa22b067)
Co-authored-by: quasd <quasd@users.noreply.github.com>
Co-authored-by: quasd <1747330+quasd@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
nsupdate: fix GSS-TSIG support (#11712)
The fix for missing keyring initialization without TSIG auth in
PR #11461 put the initialization of "self.keyring" and "self.keyname"
in an else clause after checking if "key_name" is set.
The problem is that for "key_algorithm" == "gss-tsig":
a) "key_name" isn't set
b) self.keyring and self.keyname have already been initialized and
will be discarded
This means that gss-tsig support is broken. Fix it by moving the
initialization of "self.keyring" and "self.keyname" to the top.
(cherry picked from commit bd7b361db1)
Co-authored-by: David Härdeman <david@hardeman.nu>
java_cert: support proxy authentication from https_proxy env var (#11753)
* java_cert: support proxy authentication from https_proxy env var
When https_proxy is set with credentials (USER:PASSWORD@HOST:PORT),
pass the corresponding JVM proxy auth flags to keytool and clear the
JDK 8u111+ Basic auth tunneling restriction.
Fixes https://github.com/ansible-collections/community.general/issues/4126
* java_cert: add changelog fragment for PR #11753
* java_cert: fix changelog fragment type to minor_changes
---------
(cherry picked from commit c7deda2ec7)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
mssql_script: only pass params to cursor.execute() when provided (#11754)
* mssql_script: only pass params to cursor.execute() when provided
Fixes#11699
* mssql_script: add changelog fragment for PR #11754
---------
(cherry picked from commit b780224d6d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
nmcli: use get_best_parsable_locale() to support UTF-8 connection names (#11742)
* nmcli: start locale fix - normalize run_command environ to LANGUAGE=C, LC_ALL=C
Work in progress - issue #10384 (UTF-8 conn_name support) requires deeper
investigation beyond simple locale variable normalization.
* nmcli: use get_best_parsable_locale() to support UTF-8 connection names
Fixes issue where UTF-8 connection names (e.g. Chinese characters) were
corrupted to '????' when LC_ALL=C forced ASCII encoding, causing
connection_exists() to always return False for non-ASCII names.
* add changelog fragment for PR #11742
---------
(cherry picked from commit bdd3174563)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix KeyError for 'dnsttl' (#11717)
* Fix KeyError for 'dnsttl'
I did not further dig into the code. However, since upgrading to the latest version of `community.general`, ansible fails with a weird error message "dnsttl" at a task where `community.general.ipa_dnsrecord` is called. After digging into the code a bit, I found out that it is a KeyError and caused by this line of code. I'm not sure, if it is safe to skip that line and not to set `result["dnsttl"]`.
* Add changelog fragment
* Adopt suggestion for changelogs/fragments/11717-fix-error-dnsttl.yml
---------
(cherry picked from commit b2cd1b555e)
Co-authored-by: sedrubal <sedrubal@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
integration tests: remove CentOS conditionals (#11715)
* test(integration): remove CentOS references
* further simplification
* more removals
* rollback systemd_info for now
* ufw: not trivially used with RHEL9 and RHEL10, simplifying tests
* remove tasks for setup_epel where unused
* adjustments from review
(cherry picked from commit 79431c36b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
consul integration tests: re-enable on macOS (#11697)
* consul integration tests: re-enable on macOS
- Update consul version to 1.22.6
- Add arm64/aarch64 architecture support
- Fix macOS Gatekeeper quarantine on downloaded binary
- Add wait_for before ACL bootstrap (race condition fix)
- Update HCL config to use tls stanza (required in 1.22)
- Disable gRPC port (conflicts with tls stanza when not configured)
- Remove skip/macos from aliases
Fixes: https://github.com/ansible-collections/community.general/issues/1016
* changelogs/fragments: add PR number for consul tests fix
* remove changelog fragment (test-only PR)
---------
(cherry picked from commit 8b114e999e)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
jira - add cloud option to support Jira Cloud search endpoint (#11701)
* jira - add cloud option to support Jira Cloud search endpoint
Jira Cloud has removed the legacy GET /rest/api/2/search endpoint
(see https://developer.atlassian.com/changelog/#CHANGE-2046).
Add a new boolean `cloud` option (default false). When set to true,
the search operation uses the replacement /rest/api/2/search/jql
endpoint. The default remains false to preserve backward compatibility
for Jira Data Center / Server users.
Fixes: https://github.com/ansible-collections/community.general/issues/10786
Assisted-by AI: Claude 4.6 Opus (Anthropic) via Cursor IDE
* Adding PR link to changelogs/fragments/10786-jira-cloud-search.yml
* Adding note about future usage of cloud parameter
---------
(cherry picked from commit d956fb8197)
Signed-off-by: Vladimir Vasilev <vvasilev@redhat.com>
Co-authored-by: vladi-k <53343355+vladi-k@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
flatpak: fix removal of runtimes (#11688)
* flatpak: fix removal of runtimes (issue #553)
The module was using `--app` when listing installed flatpaks for name
matching, which excluded runtimes from the results. This caused removal
of runtimes to fail even though `flatpak_exists()` correctly detected
them as installed (it lists both apps and runtimes).
Fix by dropping `--app` from the three matching functions so that both
apps and runtimes are searchable.
* flatpak: add changelog fragment for PR #11688
---------
(cherry picked from commit 8568594453)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
snmp_facts: update to pysnmp >= 7.1 async API (#11683)
* snmp_facts: update to pysnmp >= 7.1 async API
Migrate snmp_facts module from the removed pysnmp oneliner API
(pysnmp.entity.rfc3413.oneliner.cmdgen) to the current async API
(pysnmp.hlapi.v3arch.asyncio).
This fixes compatibility with Python 3.12+ and pysnmp >= 7.1.
Closes#8852
* Continue to support pysnmp 6.2.4
* Correct PR number
* sort imports
* shorter changelog
* move `SNMP_DEFAULT_PORT`
* Add `notes:`
* Become an author
* use `deps.declare`
* add lalten to BOTMETA
(cherry picked from commit 5a27cbdec6)
Co-authored-by: Laurenz <lalten@users.noreply.github.com>
composer - make `create-project` idempotent, add `force` parameter (#11689)
* composer - make create-project idempotent, add force parameter
Adds a check for an existing composer.json in working_dir before running
create-project, so the task is skipped rather than failing on second run.
A new force parameter allows bypassing this check when needed.
Fixes#725.
* changelog fragment: rename to PR number, add PR URL
---------
(cherry picked from commit a4bba99203)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
docs: improve timezone module examples and add hwclock usage (#11685)
* docs: add variable-based example for timezone module
### Summary
Added a variable-based example to the EXAMPLES section of the timezone module.
### Changes
- Added an example demonstrating how to set timezone dynamically using a variable
### Motivation
Using variables is a common practice in Ansible playbooks. This example helps users understand how to make the module usage more flexible and reusable.
* docs: improve timezone module examples with hwclock usage
### Summary
Improved the EXAMPLES section of the timezone module by adding a more meaningful, module-specific example.
### Changes
- Added an example demonstrating usage of the `hwclock` parameter
- Simplified examples to avoid redundancy
- Fixed formatting issues causing CI failures (invalid YAML, lint errors)
### Motivation
The previous examples were minimal and did not demonstrate module-specific features. This update adds a more practical use case and ensures the examples follow proper formatting and validation rules.
(cherry picked from commit 909458a661)
Co-authored-by: Anshjeet Mahir <anshjeetmahir123@gmail.com>
nsupdate: add unit tests (#11677)
* nsupdate: add unit tests
* fix var name to regain sanity
* remove unneeded typing from test file
* formatting
---------
(cherry picked from commit ef700b116a)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
pacman: add root, cachedir, and config options (#11681)
* pacman: add root, cachedir, and config options
Add three dedicated options -- O(root), O(cachedir), and O(config) --
so that all pacman commands get the corresponding global flags
(--root, --cachedir, --config) prepended, enabling use cases such as
installing packages into a chroot or alternative root directory
(similar to pacstrap).
* add changelog frag
---------
(cherry picked from commit e2c06f2d12)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
etcd3: re-enable and fix tests, add unit tests (#11678)
* etcd3: re-enable and fix tests, add unit tests
- Add unit tests for community.general.etcd3 module (12 tests covering
state=present/absent, idempotency, check mode, and error paths)
- Fix integration test setup: update etcd binary to v3.6.9 (from v3.2.14),
download from GitHub releases, add health-check retry loop after start
- Work around etcd3 Python library incompatibility with protobuf >= 4.x
by setting PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python
- Update to FQCNs throughout integration tests
- Re-enable both etcd3 and lookup_etcd3 integration targets
Fixes https://github.com/ansible-collections/community.general/issues/322
* improve use of multiple context managers
---------
(cherry picked from commit d06c83eb68)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
keycloak_realm: Add support for setting first broker login flow (#11622)
* keycloak_realm: Add support for setting first broker login flow
* Update plugins/modules/keycloak_realm.py
* Add changelog fragment
---------
(cherry picked from commit 7c039918e0)
Co-authored-by: Nils Bergmann <Nils1794@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
nmcli: fix setting_types() to properly handle routing_rules as a list type (#11635)
* Fix setting_types() to properly handle routing_rules as a list type
* Add changelog fragment for ipv6.routing-rules bugfix
* Update changelogs/fragments/11630-nmcli-ipv6-routing-rules.yml
* Add PR URL to changelog fragment
---------
(cherry picked from commit 3c21ac961b)
Co-authored-by: Ted W. <ted.l.wood@gmail.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
osx_defaults: add dict support (#11659)
* osx_defaults: add dict support
* add changelog frag
* osx_defaults: fix dict idempotency by using plutil -extract for type-preserving read
The previous approach piped `defaults read` output (old-style plist text)
through `plutil -convert json`. Old-style plist loses boolean type info
(booleans appear as 1/0, indistinguishable from integers), causing the
comparison to fail and reporting changed=True on every run.
Fix by exporting the domain binary plist to a temp file and using
`plutil -extract key json` which correctly preserves all plist types
(booleans stay true/false, integers stay integers, etc.).
* change param from bool to str
* Apply suggestion from review
* Update plugins/modules/osx_defaults.py
---------
(cherry picked from commit d6cb56c022)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
supervisorctl: skip no such process for all (#11632)
* feat(supervisorctl): skip no such process for all
Do not fail, if there are no matching processes for name=all
* feat(supervisorctl): add changelog
* Update 11621-skip-no_such_process-for-name-all.yml
* fix(supervisorctl): replace single quotes to double
---------
(cherry picked from commit 69b9a3f8e2)
Co-authored-by: zr0dy <58261587+zr0dy@users.noreply.github.com>
Co-authored-by: zr0dy <zr0dy@mail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
