Ensure standard locale in run_command (group4-batch1) (#11765)
* ensure standard locale in run_command (group4)
Adds ``LANGUAGE=C`` and ``LC_ALL=C`` to the ``environ_update`` passed to
``run_command()`` calls in modules that parse command output, to prevent
locale-dependent parsing failures on non-C-locale systems.
Modules updated: dconf, pkgng, terraform.
* add changelog fragment for group4
* add PR link to group4 changelog fragment
* fix changelog fragment: rename with PR prefix, fix URL order
---------
(cherry picked from commit 2297a5c876)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ipa_host: fix errors when disabling host (#11487)
* fix errors when disabling host
- Fix the logic to actually allow disabling hosts
- Fix the dict != string error when error does happen
- Add has_keytab to returned dicts to allow users see if host is disabled or not
* Add changelog-fragments
* Run formatters
* More formatting
* Remove feature, only fix the logic
* Update changelogs/fragments/11487-ipa-host-fix-disable.yml
* Update changelogs/fragments/11487-ipa-host-fix-disable.yml
* Back to fstring
* Update plugins/modules/ipa_host.py
* Use more Pythonic way to for if
* Nox
* Revert back to working if
* Simplify if
* Remove extra get
---------
(cherry picked from commit 5eaa22b067)
Co-authored-by: quasd <quasd@users.noreply.github.com>
Co-authored-by: quasd <1747330+quasd@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
nsupdate: fix GSS-TSIG support (#11712)
The fix for missing keyring initialization without TSIG auth in
PR #11461 put the initialization of "self.keyring" and "self.keyname"
in an else clause after checking if "key_name" is set.
The problem is that for "key_algorithm" == "gss-tsig":
a) "key_name" isn't set
b) self.keyring and self.keyname have already been initialized and
will be discarded
This means that gss-tsig support is broken. Fix it by moving the
initialization of "self.keyring" and "self.keyname" to the top.
(cherry picked from commit bd7b361db1)
Co-authored-by: David Härdeman <david@hardeman.nu>
java_cert: support proxy authentication from https_proxy env var (#11753)
* java_cert: support proxy authentication from https_proxy env var
When https_proxy is set with credentials (USER:PASSWORD@HOST:PORT),
pass the corresponding JVM proxy auth flags to keytool and clear the
JDK 8u111+ Basic auth tunneling restriction.
Fixes https://github.com/ansible-collections/community.general/issues/4126
* java_cert: add changelog fragment for PR #11753
* java_cert: fix changelog fragment type to minor_changes
---------
(cherry picked from commit c7deda2ec7)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
mssql_script: only pass params to cursor.execute() when provided (#11754)
* mssql_script: only pass params to cursor.execute() when provided
Fixes#11699
* mssql_script: add changelog fragment for PR #11754
---------
(cherry picked from commit b780224d6d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
nmcli: use get_best_parsable_locale() to support UTF-8 connection names (#11742)
* nmcli: start locale fix - normalize run_command environ to LANGUAGE=C, LC_ALL=C
Work in progress - issue #10384 (UTF-8 conn_name support) requires deeper
investigation beyond simple locale variable normalization.
* nmcli: use get_best_parsable_locale() to support UTF-8 connection names
Fixes issue where UTF-8 connection names (e.g. Chinese characters) were
corrupted to '????' when LC_ALL=C forced ASCII encoding, causing
connection_exists() to always return False for non-ASCII names.
* add changelog fragment for PR #11742
---------
(cherry picked from commit bdd3174563)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix KeyError for 'dnsttl' (#11717)
* Fix KeyError for 'dnsttl'
I did not further dig into the code. However, since upgrading to the latest version of `community.general`, ansible fails with a weird error message "dnsttl" at a task where `community.general.ipa_dnsrecord` is called. After digging into the code a bit, I found out that it is a KeyError and caused by this line of code. I'm not sure, if it is safe to skip that line and not to set `result["dnsttl"]`.
* Add changelog fragment
* Adopt suggestion for changelogs/fragments/11717-fix-error-dnsttl.yml
---------
(cherry picked from commit b2cd1b555e)
Co-authored-by: sedrubal <sedrubal@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
jira - add cloud option to support Jira Cloud search endpoint (#11701)
* jira - add cloud option to support Jira Cloud search endpoint
Jira Cloud has removed the legacy GET /rest/api/2/search endpoint
(see https://developer.atlassian.com/changelog/#CHANGE-2046).
Add a new boolean `cloud` option (default false). When set to true,
the search operation uses the replacement /rest/api/2/search/jql
endpoint. The default remains false to preserve backward compatibility
for Jira Data Center / Server users.
Fixes: https://github.com/ansible-collections/community.general/issues/10786
Assisted-by AI: Claude 4.6 Opus (Anthropic) via Cursor IDE
* Adding PR link to changelogs/fragments/10786-jira-cloud-search.yml
* Adding note about future usage of cloud parameter
---------
(cherry picked from commit d956fb8197)
Signed-off-by: Vladimir Vasilev <vvasilev@redhat.com>
Co-authored-by: vladi-k <53343355+vladi-k@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
flatpak: fix removal of runtimes (#11688)
* flatpak: fix removal of runtimes (issue #553)
The module was using `--app` when listing installed flatpaks for name
matching, which excluded runtimes from the results. This caused removal
of runtimes to fail even though `flatpak_exists()` correctly detected
them as installed (it lists both apps and runtimes).
Fix by dropping `--app` from the three matching functions so that both
apps and runtimes are searchable.
* flatpak: add changelog fragment for PR #11688
---------
(cherry picked from commit 8568594453)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
snmp_facts: update to pysnmp >= 7.1 async API (#11683)
* snmp_facts: update to pysnmp >= 7.1 async API
Migrate snmp_facts module from the removed pysnmp oneliner API
(pysnmp.entity.rfc3413.oneliner.cmdgen) to the current async API
(pysnmp.hlapi.v3arch.asyncio).
This fixes compatibility with Python 3.12+ and pysnmp >= 7.1.
Closes#8852
* Continue to support pysnmp 6.2.4
* Correct PR number
* sort imports
* shorter changelog
* move `SNMP_DEFAULT_PORT`
* Add `notes:`
* Become an author
* use `deps.declare`
* add lalten to BOTMETA
(cherry picked from commit 5a27cbdec6)
Co-authored-by: Laurenz <lalten@users.noreply.github.com>
composer - make `create-project` idempotent, add `force` parameter (#11689)
* composer - make create-project idempotent, add force parameter
Adds a check for an existing composer.json in working_dir before running
create-project, so the task is skipped rather than failing on second run.
A new force parameter allows bypassing this check when needed.
Fixes#725.
* changelog fragment: rename to PR number, add PR URL
---------
(cherry picked from commit a4bba99203)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
docs: improve timezone module examples and add hwclock usage (#11685)
* docs: add variable-based example for timezone module
### Summary
Added a variable-based example to the EXAMPLES section of the timezone module.
### Changes
- Added an example demonstrating how to set timezone dynamically using a variable
### Motivation
Using variables is a common practice in Ansible playbooks. This example helps users understand how to make the module usage more flexible and reusable.
* docs: improve timezone module examples with hwclock usage
### Summary
Improved the EXAMPLES section of the timezone module by adding a more meaningful, module-specific example.
### Changes
- Added an example demonstrating usage of the `hwclock` parameter
- Simplified examples to avoid redundancy
- Fixed formatting issues causing CI failures (invalid YAML, lint errors)
### Motivation
The previous examples were minimal and did not demonstrate module-specific features. This update adds a more practical use case and ensures the examples follow proper formatting and validation rules.
(cherry picked from commit 909458a661)
Co-authored-by: Anshjeet Mahir <anshjeetmahir123@gmail.com>
pacman: add root, cachedir, and config options (#11681)
* pacman: add root, cachedir, and config options
Add three dedicated options -- O(root), O(cachedir), and O(config) --
so that all pacman commands get the corresponding global flags
(--root, --cachedir, --config) prepended, enabling use cases such as
installing packages into a chroot or alternative root directory
(similar to pacstrap).
* add changelog frag
---------
(cherry picked from commit e2c06f2d12)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
keycloak_realm: Add support for setting first broker login flow (#11622)
* keycloak_realm: Add support for setting first broker login flow
* Update plugins/modules/keycloak_realm.py
* Add changelog fragment
---------
(cherry picked from commit 7c039918e0)
Co-authored-by: Nils Bergmann <Nils1794@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
nmcli: fix setting_types() to properly handle routing_rules as a list type (#11635)
* Fix setting_types() to properly handle routing_rules as a list type
* Add changelog fragment for ipv6.routing-rules bugfix
* Update changelogs/fragments/11630-nmcli-ipv6-routing-rules.yml
* Add PR URL to changelog fragment
---------
(cherry picked from commit 3c21ac961b)
Co-authored-by: Ted W. <ted.l.wood@gmail.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
osx_defaults: add dict support (#11659)
* osx_defaults: add dict support
* add changelog frag
* osx_defaults: fix dict idempotency by using plutil -extract for type-preserving read
The previous approach piped `defaults read` output (old-style plist text)
through `plutil -convert json`. Old-style plist loses boolean type info
(booleans appear as 1/0, indistinguishable from integers), causing the
comparison to fail and reporting changed=True on every run.
Fix by exporting the domain binary plist to a temp file and using
`plutil -extract key json` which correctly preserves all plist types
(booleans stay true/false, integers stay integers, etc.).
* change param from bool to str
* Apply suggestion from review
* Update plugins/modules/osx_defaults.py
---------
(cherry picked from commit d6cb56c022)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
supervisorctl: skip no such process for all (#11632)
* feat(supervisorctl): skip no such process for all
Do not fail, if there are no matching processes for name=all
* feat(supervisorctl): add changelog
* Update 11621-skip-no_such_process-for-name-all.yml
* fix(supervisorctl): replace single quotes to double
---------
(cherry picked from commit 69b9a3f8e2)
Co-authored-by: zr0dy <58261587+zr0dy@users.noreply.github.com>
Co-authored-by: zr0dy <zr0dy@mail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
merge_variables: extended merge capabilities added (#11536)
* merge_variables: extended merge capabilities added
This extension gives you more control over the variable merging process of the lookup plugin `merge_variables`. It closes the gap between Puppet's Hiera merging capabilities and the limitations of Ansible's default variable plugin `host_group_vars` regarding fragment-based value definition. You can now decide which merge strategy should be applied to dicts, lists, and other types. Furthermore, you can specify a merge strategy that should be applied in case of type conflicts.
The default behavior of the plugin has been preserved so that it is fully backward-compatible with the already implemented state.
* Update changelogs/fragments/11536-merge-variables-extended-merging-capabilities.yml
* Update plugins/lookup/merge_variables.py
* Periods added at the end of each choice description
* Update plugins/lookup/merge_variables.py
* ref: follow project standard for choice descriptions
* ref: more examples added and refactoring
* Update plugins/lookup/merge_variables.py
* ref: some more comments to examples added
* fix: unused import removed
* ref: re-add "merge" to strategy map
* Update comments
* Specification of transformations solely as string
* Comments updated
* ref: `append_rp` and `prepend_rp` removed
feat: options dict for list transformations re-added
feat: allow setting `keep` for dedup transformation with possible values: `first` (default) and `last`
* ref: improve options documentation
* ref: documentation improved, avoiding words like newer or older in merge description
* Update plugins/lookup/merge_variables.py
* ref: "prio" replaced by "dict"
* feat: two integration tests added
---------
(cherry picked from commit dae2157bb7)
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Christoph Fiehe <cfiehe@users.noreply.github.com>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
nictagadm: don't call is_valid_mac when etherstub is true (#11589)
* nictagadm: don't call is_valid_mac when etherstub is true
* Add changelog fragment
* update changelog fragment
* Shorten changelog fragement
* Update changelogs/fragments/nictagadm-etherstub-nonetype-bugfix.yml
---------
(cherry picked from commit d8bb637cba)
Co-authored-by: Adam D <44533090+emptyDir@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
github_secrets_info: new module (#11586)
* github_secrets_info: new module
* clean tests
* remove pynacl dep
* fqcn
* remove excess output
* just return result as sample
* only print secrets, adapt tests
* Update plugins/modules/github_secrets_info.py
* Update plugins/modules/github_secrets_info.py
* Update plugins/modules/github_secrets_info.py
* t is for typing, and typing is what we did
* add info_module attributes
---------
(cherry picked from commit df9b30448a)
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
github_secrets: new module (#11514)
* add support for managing GitHub secrets
* fix tab
* update for sanity
* more sanity fixes
* update botmeta
* formating
* remove list function
* remove docstring, format text strings and return codes
* switch to deps
* black and ruff doesnt get along
* initial unit tests
* update non-existing secret test
* update description and details
* handle when a secret cant be deleted
* fail if not acceptable error codes
* add test for non-acceptable status codes
* remove local ruff config
* allow empty strings
* set required_
* extend tests
* cleanup
* cover all, got a git urlopen error
* cover all, got a git urlopen error
* ensure value cant be None
* check_mode
* bump to 12.5.0
* Update plugins/modules/github_secrets.py
* extend check_mode and related tests
* split constants and return dict when checking secret
* switch to HTTPStatus
* replace DELETE and UPDATE with NO_CONTENT
* Update plugins/modules/github_secrets.py
* Update plugins/modules/github_secrets.py
* update tests
* Update plugins/modules/github_secrets.py
* Update plugins/modules/github_secrets.py
* Update plugins/modules/github_secrets.py
* Update plugins/modules/github_secrets.py
* Update plugins/modules/github_secrets.py
---------
(cherry picked from commit 46ffec6f0e)
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
ipa_dnsrecord fix error when using dnsttl and nothing to change (#11559)
* ipa_dnsrecord fix error when using dnsttl and nothing to change
* Add changelog and bump version
* ipa_dnsrecord list comp in dnsrecord_find
* 11559 changelog fragment fix capitalization
* ipa_dnsrecord dnsrecord_find ttl transform to integer always
* ipa_dnsrecord dnsrecord_find method refactor
---------
(cherry picked from commit 3194ed9d36)
Co-authored-by: Dor Breger <75537576+DorBreger@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Binary attribute support for `ldap_attrs` and `ldap_entry` (#11558)
* Binary attribute support for `ldap_attrs` and `ldap_entry`
This commit implements binary attribute support for the `ldap_attrs` and
`ldap_entry` plugins. This used to be "supported" before, because it was
possible to simply load arbitrary binary data into the attributes, but
no longer functions on recent Ansible versions.
In order to support binary attributes, this commit introduces two new
options to both plugins:
* `binary_attributes`, a list of attribute names which will be
considered as being binary,
* `honor_binary_option`, a flag which is true by default and will
handle all attributes that include the binary option (see RFC 4522)
as binary automatically.
When an attribute is determined to be binary through either of these
means, the plugin will assume that the attribute's value is in fact
base64-encoded. It will proceed to decode it and handle it accordingly.
While changes to `ldap_entry` are pretty straightforward, more work was
required on `ldap_attrs`.
* First, because both `present` and `absent` state require checking
the attribute's current values and normally do that using LDAP search
queries for each value, a specific path for binary attributes was
added that loads and caches all values for the attribute and compares
the values in the Python code.
* In addition, generating both the modlist and the diff output require
re-encoding binary attributes' values into base64 so it can be
transmitted back to Ansible.
* Various fixes on `ldap_attrs`/`ldap_entry` from PR 11558 discussion
* Rename `honor_binary_option` to `honor_binary`
* Add some general documentation about binary attributes
* Fix changelog fragment after renaming one of the new options
* Add examples of `honor_binary` and `binary_attributes`
* Add note that indicates that binary values are supported from 12.5.0+
* Fix punctuation
* Add links to RFC 4522 to `ldap_attrs` and `ldap_entry`
* Catch base64 decoding errors
* Rephrase changelog fragment
* Use f-string to format the encoding error message
(cherry picked from commit 0e4783dcc3)
Co-authored-by: Emmanuel Benoît <tseeker@nocternity.net>
