Release 1.3.3.

* fix reconfigure option

If `init_reconfigure` is true, the init fails because it is run as:
`terraform init -input=false - r e c o n f i g u r e`

* changelog fragment

* typo

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 9f4fd4c899)

Co-authored-by: christophemorio <49184206+christophemorio@users.noreply.github.com>

.azure-pipelines/README.md

@@ -0,0 +1,3 @@
+## Azure Pipelines Configuration
+
+Please see the [Documentation](https://github.com/ansible/community/wiki/Testing:-Azure-Pipelines) for more information.

.azure-pipelines/azure-pipelines.yml

@@ -0,0 +1,329 @@
+trigger:
+  batch: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+pr:
+  autoCancel: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+schedules:
+  - cron: 0 9 * * *
+    displayName: Nightly
+    always: true
+    branches:
+      include:
+        - main
+        - stable-*
+
+variables:
+  - name: checkoutPath
+    value: ansible_collections/community/general
+  - name: coverageBranches
+    value: main
+  - name: pipelinesCoverage
+    value: coverage
+  - name: entryPoint
+    value: tests/utils/shippable/shippable.sh
+  - name: fetchDepth
+    value: 0
+
+resources:
+  containers:
+    - container: default
+      image: quay.io/ansible/azure-pipelines-test-container:1.7.1
+
+pool: Standard
+
+stages:
+### Sanity
+  - stage: Sanity_devel
+    displayName: Sanity devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: devel/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+            - test: extra
+  - stage: Sanity_2_10
+    displayName: Sanity 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.10/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+  - stage: Sanity_2_9
+    displayName: Sanity 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.9/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+### Units
+  - stage: Units_devel
+    displayName: Units devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: devel/units/{0}/1
+          targets:
+            - test: 2.6
+            - test: 2.7
+            - test: 3.5
+            - test: 3.6
+            - test: 3.7
+            - test: 3.8
+            - test: 3.9
+  - stage: Units_2_10
+    displayName: Units 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.10/units/{0}/1
+          targets:
+            - test: 2.6
+            - test: 2.7
+            - test: 3.5
+            - test: 3.6
+            - test: 3.7
+            - test: 3.8
+            - test: 3.9
+  - stage: Units_2_9
+    displayName: Units 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.9/units/{0}/1
+          targets:
+            - test: 2.6
+            - test: 2.7
+            - test: 3.5
+            - test: 3.6
+            - test: 3.7
+            - test: 3.8
+
+## Remote
+  - stage: Remote_devel
+    displayName: Remote devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/{0}
+          targets:
+            - name: OS X 10.11
+              test: osx/10.11
+            - name: macOS 10.15
+              test: macos/10.15
+            - name: RHEL 7.8
+              test: rhel/7.8
+            - name: RHEL 8.2
+              test: rhel/8.2
+            - name: FreeBSD 11.1
+              test: freebsd/11.1
+            - name: FreeBSD 12.1
+              test: freebsd/12.1
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+  - stage: Remote_2_10
+    displayName: Remote 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.10/{0}
+          targets:
+            - name: OS X 10.11
+              test: osx/10.11
+            - name: RHEL 8.2
+              test: rhel/8.2
+            - name: FreeBSD 12.1
+              test: freebsd/12.1
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+  - stage: Remote_2_9
+    displayName: Remote 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.9/{0}
+          targets:
+            - name: RHEL 8.2
+              test: rhel/8.2
+            #- name: FreeBSD 12.0
+            #  test: freebsd/12.0
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+
+### Docker
+  - stage: Docker_devel
+    displayName: Docker devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/linux/{0}
+          targets:
+            - name: CentOS 6
+              test: centos6
+            - name: CentOS 7
+              test: centos7
+            - name: CentOS 8
+              test: centos8
+            - name: Fedora 31
+              test: fedora31
+            - name: Fedora 32
+              test: fedora32
+            - name: openSUSE 15 py2
+              test: opensuse15py2
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 16.04
+              test: ubuntu1604
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+  - stage: Docker_2_10
+    displayName: Docker 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.10/linux/{0}
+          targets:
+            #- name: CentOS 8
+            #  test: centos8
+            - name: Fedora 32
+              test: fedora32
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+  - stage: Docker_2_9
+    displayName: Docker 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.9/linux/{0}
+          targets:
+            #- name: CentOS 8
+            #  test: centos8
+            #- name: Fedora 31
+            #  test: fedora31
+            #- name: openSUSE 15 py3
+            #  test: opensuse15
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+
+### Cloud
+  - stage: Cloud_devel
+    displayName: Cloud devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: devel/cloud/{0}/1
+          targets:
+            - test: 2.7
+            - test: 3.6
+  - stage: Cloud_2_10
+    displayName: Cloud 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.10/cloud/{0}/1
+          targets:
+            - test: 3.6
+  - stage: Cloud_2_9
+    displayName: Cloud 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.9/cloud/{0}/1
+          targets:
+            - test: 2.7
+  - stage: Summary
+    condition: succeededOrFailed()
+    dependsOn:
+      - Sanity_devel
+      - Sanity_2_9
+      - Sanity_2_10
+      - Units_devel
+      - Units_2_9
+      - Units_2_10
+      - Remote_devel
+      - Remote_2_9
+      - Remote_2_10
+      - Docker_devel
+      - Docker_2_9
+      - Docker_2_10
+      - Cloud_devel
+      - Cloud_2_9
+      - Cloud_2_10
+    jobs:
+      - template: templates/coverage.yml

.azure-pipelines/scripts/aggregate-coverage.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# Aggregate code coverage results for later processing.
+
+set -o pipefail -eu
+
+agent_temp_directory="$1"
+
+PATH="${PWD}/bin:${PATH}"
+
+mkdir "${agent_temp_directory}/coverage/"
+
+options=(--venv --venv-system-site-packages --color -v)
+
+ansible-test coverage combine --export "${agent_temp_directory}/coverage/" "${options[@]}"
+
+if ansible-test coverage analyze targets generate --help >/dev/null 2>&1; then
+    # Only analyze coverage if the installed version of ansible-test supports it.
+    # Doing so allows this script to work unmodified for multiple Ansible versions.
+    ansible-test coverage analyze targets generate "${agent_temp_directory}/coverage/coverage-analyze-targets.json" "${options[@]}"
+fi

.azure-pipelines/scripts/combine-coverage.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+"""
+Combine coverage data from multiple jobs, keeping the data only from the most recent attempt from each job.
+Coverage artifacts must be named using the format: "Coverage $(System.JobAttempt) {StableUniqueNameForEachJob}"
+The recommended coverage artifact name format is: Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)
+Keep in mind that Azure Pipelines does not enforce unique job display names (only names).
+It is up to pipeline authors to avoid name collisions when deviating from the recommended format.
+"""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import re
+import shutil
+import sys
+
+
+def main():
+    """Main program entry point."""
+    source_directory = sys.argv[1]
+
+    if '/ansible_collections/' in os.getcwd():
+        output_path = "tests/output"
+    else:
+        output_path = "test/results"
+
+    destination_directory = os.path.join(output_path, 'coverage')
+
+    if not os.path.exists(destination_directory):
+        os.makedirs(destination_directory)
+
+    jobs = {}
+    count = 0
+
+    for name in os.listdir(source_directory):
+        match = re.search('^Coverage (?P<attempt>[0-9]+) (?P<label>.+)$', name)
+        label = match.group('label')
+        attempt = int(match.group('attempt'))
+        jobs[label] = max(attempt, jobs.get(label, 0))
+
+    for label, attempt in jobs.items():
+        name = 'Coverage {attempt} {label}'.format(label=label, attempt=attempt)
+        source = os.path.join(source_directory, name)
+        source_files = os.listdir(source)
+
+        for source_file in source_files:
+            source_path = os.path.join(source, source_file)
+            destination_path = os.path.join(destination_directory, source_file + '.' + label)
+            print('"%s" -> "%s"' % (source_path, destination_path))
+            shutil.copyfile(source_path, destination_path)
+            count += 1
+
+    print('Coverage file count: %d' % count)
+    print('##vso[task.setVariable variable=coverageFileCount]%d' % count)
+    print('##vso[task.setVariable variable=outputPath]%s' % output_path)
+
+
+if __name__ == '__main__':
+    main()

.azure-pipelines/scripts/process-results.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# Check the test results and set variables for use in later steps.
+
+set -o pipefail -eu
+
+if [[ "$PWD" =~ /ansible_collections/ ]]; then
+    output_path="tests/output"
+else
+    output_path="test/results"
+fi
+
+echo "##vso[task.setVariable variable=outputPath]${output_path}"
+
+if compgen -G "${output_path}"'/junit/*.xml' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveTestResults]true"
+fi
+
+if compgen -G "${output_path}"'/bot/ansible-test-*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveBotResults]true"
+fi
+
+if compgen -G "${output_path}"'/coverage/*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveCoverageData]true"
+fi

.azure-pipelines/scripts/publish-codecov.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# Upload code coverage reports to codecov.io.
+# Multiple coverage files from multiple languages are accepted and aggregated after upload.
+# Python coverage, as well as PowerShell and Python stubs can all be uploaded.
+
+set -o pipefail -eu
+
+output_path="$1"
+
+curl --silent --show-error https://codecov.io/bash > codecov.sh
+
+for file in "${output_path}"/reports/coverage*.xml; do
+    name="${file}"
+    name="${name##*/}"  # remove path
+    name="${name##coverage=}"  # remove 'coverage=' prefix if present
+    name="${name%.xml}"  # remove '.xml' suffix
+
+    bash codecov.sh \
+        -f "${file}" \
+        -n "${name}" \
+        -X coveragepy \
+        -X gcov \
+        -X fix \
+        -X search \
+        -X xcode \
+        || echo "Failed to upload code coverage report to codecov.io: ${file}"
+done

.azure-pipelines/scripts/report-coverage.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+# Generate code coverage reports for uploading to Azure Pipelines and codecov.io.
+
+set -o pipefail -eu
+
+PATH="${PWD}/bin:${PATH}"
+
+if ! ansible-test --help >/dev/null 2>&1; then
+    # Install the devel version of ansible-test for generating code coverage reports.
+    # This is only used by Ansible Collections, which are typically tested against multiple Ansible versions (in separate jobs).
+    # Since a version of ansible-test is required that can work the output from multiple older releases, the devel version is used.
+    pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
+fi
+
+ansible-test coverage xml --stub --venv --venv-system-site-packages --color -v

.azure-pipelines/scripts/run-tests.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# Configure the test environment and run the tests.
+
+set -o pipefail -eu
+
+entry_point="$1"
+test="$2"
+read -r -a coverage_branches <<< "$3"  # space separated list of branches to run code coverage on for scheduled builds
+
+export COMMIT_MESSAGE
+export COMPLETE
+export COVERAGE
+export IS_PULL_REQUEST
+
+if [ "${SYSTEM_PULLREQUEST_TARGETBRANCH:-}" ]; then
+    IS_PULL_REQUEST=true
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD^2)
+else
+    IS_PULL_REQUEST=
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
+fi
+
+COMPLETE=
+COVERAGE=
+
+if [ "${BUILD_REASON}" = "Schedule" ]; then
+    COMPLETE=yes
+
+    if printf '%s\n' "${coverage_branches[@]}" | grep -q "^${BUILD_SOURCEBRANCHNAME}$"; then
+        COVERAGE=yes
+    fi
+fi
+
+"${entry_point}" "${test}" 2>&1 | "$(dirname "$0")/time-command.py"

.azure-pipelines/scripts/time-command.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+"""Prepends a relative timestamp to each input line from stdin and writes it to stdout."""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import sys
+import time
+
+
+def main():
+    """Main program entry point."""
+    start = time.time()
+
+    sys.stdin.reconfigure(errors='surrogateescape')
+    sys.stdout.reconfigure(errors='surrogateescape')
+
+    for line in sys.stdin:
+        seconds = time.time() - start
+        sys.stdout.write('%02d:%02d %s' % (seconds // 60, seconds % 60, line))
+        sys.stdout.flush()
+
+
+if __name__ == '__main__':
+    main()

.azure-pipelines/templates/coverage.yml

@@ -0,0 +1,39 @@
+# This template adds a job for processing code coverage data.
+# It will upload results to Azure Pipelines and codecov.io.
+# Use it from a job stage that completes after all other jobs have completed.
+# This can be done by placing it in a separate summary stage that runs after the test stage(s) have completed.
+
+jobs:
+  - job: Coverage
+    displayName: Code Coverage
+    container: default
+    workspace:
+      clean: all
+    steps:
+      - checkout: self
+        fetchDepth: $(fetchDepth)
+        path: $(checkoutPath)
+      - task: DownloadPipelineArtifact@2
+        displayName: Download Coverage Data
+        inputs:
+          path: coverage/
+          patterns: "Coverage */*=coverage.combined"
+      - bash: .azure-pipelines/scripts/combine-coverage.py coverage/
+        displayName: Combine Coverage Data
+      - bash: .azure-pipelines/scripts/report-coverage.sh
+        displayName: Generate Coverage Report
+        condition: gt(variables.coverageFileCount, 0)
+      - task: PublishCodeCoverageResults@1
+        inputs:
+          codeCoverageTool: Cobertura
+          # Azure Pipelines only accepts a single coverage data file.
+          # That means only Python or PowerShell coverage can be uploaded, but not both.
+          # Set the "pipelinesCoverage" variable to determine which type is uploaded.
+          # Use "coverage" for Python and "coverage-powershell" for PowerShell.
+          summaryFileLocation: "$(outputPath)/reports/$(pipelinesCoverage).xml"
+        displayName: Publish to Azure Pipelines
+        condition: gt(variables.coverageFileCount, 0)
+      - bash: .azure-pipelines/scripts/publish-codecov.sh "$(outputPath)"
+        displayName: Publish to codecov.io
+        condition: gt(variables.coverageFileCount, 0)
+        continueOnError: true

.azure-pipelines/templates/matrix.yml

@@ -0,0 +1,55 @@
+# This template uses the provided targets and optional groups to generate a matrix which is then passed to the test template.
+# If this matrix template does not provide the required functionality, consider using the test template directly instead.
+
+parameters:
+  # A required list of dictionaries, one per test target.
+  # Each item in the list must contain a "test" or "name" key.
+  # Both may be provided. If one is omitted, the other will be used.
+  - name: targets
+    type: object
+
+  # An optional list of values which will be used to multiply the targets list into a matrix.
+  # Values can be strings or numbers.
+  - name: groups
+    type: object
+    default: []
+
+  # An optional format string used to generate the job name.
+  # - {0} is the name of an item in the targets list.
+  - name: nameFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to generate the test name.
+  # - {0} is the name of an item in the targets list.
+  - name: testFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to add the group to the job name.
+  # {0} is the formatted name of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: nameGroupFormat
+    type: string
+    default: "{0} - {{1}}"
+
+  # An optional format string used to add the group to the test name.
+  # {0} is the formatted test of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: testGroupFormat
+    type: string
+    default: "{0}/{{1}}"
+
+jobs:
+  - template: test.yml
+    parameters:
+      jobs:
+        - ${{ if eq(length(parameters.groups), 0) }}:
+          - ${{ each target in parameters.targets }}:
+            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
+              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
+        - ${{ if not(eq(length(parameters.groups), 0)) }}:
+          - ${{ each group in parameters.groups }}:
+            - ${{ each target in parameters.targets }}:
+              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
+                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}

.azure-pipelines/templates/test.yml

@@ -0,0 +1,45 @@
+# This template uses the provided list of jobs to create test one or more test jobs.
+# It can be used directly if needed, or through the matrix template.
+
+parameters:
+  # A required list of dictionaries, one per test job.
+  # Each item in the list must contain a "job" and "name" key.
+  - name: jobs
+    type: object
+
+jobs:
+  - ${{ each job in parameters.jobs }}:
+    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
+      displayName: ${{ job.name }}
+      container: default
+      workspace:
+        clean: all
+      steps:
+        - checkout: self
+          fetchDepth: $(fetchDepth)
+          path: $(checkoutPath)
+        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
+          displayName: Run Tests
+        - bash: .azure-pipelines/scripts/process-results.sh
+          condition: succeededOrFailed()
+          displayName: Process Results
+        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Aggregate Coverage Data
+        - task: PublishTestResults@2
+          condition: eq(variables.haveTestResults, 'true')
+          inputs:
+            testResultsFiles: "$(outputPath)/junit/*.xml"
+          displayName: Publish Test Results
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveBotResults, 'true')
+          displayName: Publish Bot Results
+          inputs:
+            targetPath: "$(outputPath)/bot/"
+            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Publish Coverage Data
+          inputs:
+            targetPath: "$(Agent.TempDirectory)/coverage/"
+            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"

CHANGELOG.rst

@@ -5,6 +5,301 @@ Community General Release Notes
 .. contents:: Topics
 
 
+v1.3.3
+======
+
+Release Summary
+---------------
+
+Bugfix/security release that addresses CVE-2021-20178.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the kubevirt modules will be moved to the `community.kubevirt <https://galaxy.ansible.com/community/kubevirt>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use kubevirt modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.kubevirt.`` instead of ``community.general.``,
+  for example replace ``community.general.kubevirt_vm`` in a task by ``community.kubevirt.kubevirt_vm``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the kubevirt modules, you have to make sure to install the ``community.kubevirt`` collection as well.
+  If you are using FQCNs, for example ``community.general.kubevirt_vm`` instead of ``kubevirt_vm``, it will continue working, but we still recommend to adjust the FQCNs as well.
+
+Security Fixes
+--------------
+
+- snmp_facts - **CVE-2021-20178** - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).
+
+Bugfixes
+--------
+
+- terraform - fix ``init_reconfigure`` option for proper CLI args (https://github.com/ansible-collections/community.general/pull/1620).
+
+v1.3.2
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the Google modules will be moved to the `community.google <https://galaxy.ansible.com/community/google>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use Google modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.google.`` instead of ``community.general.``,
+  for example replace ``community.general.gcpubsub`` in a task by ``community.google.gcpubsub``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the Google modules, you have to make sure to install the ``community.google`` collection as well.
+  If you are using FQCNs, for example ``community.general.gcpubsub`` instead of ``gcpubsub``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the OC connection plugin will be moved to the `community.okd <https://galaxy.ansible.com/community/okd>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use OC connection plugin from this collection, you will need to adjust your playbooks and roles to use FQCNs ``community.okd.oc`` instead of ``community.general.oc``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the OC connection plugin, you have to make sure to install the ``community.okd`` collection as well.
+  If you are using FQCNs, in other words ``community.general.oc`` instead of ``oc``, it will continue working, but we still recommend to adjust this FQCN as well.
+- For community.general 2.0.0, the hashi_vault lookup plugin will be moved to the `community.hashi_vault <https://galaxy.ansible.com/community/hashi_vault>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use hashi_vault lookup plugin from this collection, you will need to adjust your playbooks and roles to use FQCNs ``community.hashi_vault.hashi_vault`` instead of ``community.general.hashi_vault``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the hashi_vault lookup plugin, you have to make sure to install the ``community.hashi_vault`` collection as well.
+  If you are using FQCNs, in other words ``community.general.hashi_vault`` instead of ``hashi_vault``, it will continue working, but we still recommend to adjust this FQCN as well.
+
+Minor Changes
+-------------
+
+- homebrew_cask - Homebrew will be deprecating use of ``brew cask`` commands as of version 2.6.0, see https://brew.sh/2020/12/01/homebrew-2.6.0/. Added logic to stop using ``brew cask`` for brew version >= 2.6.0 (https://github.com/ansible-collections/community.general/pull/1481).
+- jira - added the traceback output to ``fail_json()`` calls deriving from exceptions (https://github.com/ansible-collections/community.general/pull/1536).
+
+Bugfixes
+--------
+
+- docker_image - if ``push=true`` is used with ``repository``, and the image does not need to be tagged, still push. This can happen if ``repository`` and ``name`` are equal (https://github.com/ansible-collections/community.docker/issues/52, https://github.com/ansible-collections/community.docker/pull/53).
+- docker_image - report error when loading a broken archive that contains no image (https://github.com/ansible-collections/community.docker/issues/46, https://github.com/ansible-collections/community.docker/pull/55).
+- docker_image - report error when the loaded archive does not contain the specified image (https://github.com/ansible-collections/community.docker/issues/41, https://github.com/ansible-collections/community.docker/pull/55).
+- jira - ``fetch`` and ``search`` no longer indicate that something changed (https://github.com/ansible-collections/community.general/pull/1536).
+- jira - ensured parameter ``issue`` is mandatory for operation ``transition`` (https://github.com/ansible-collections/community.general/pull/1536).
+- jira - module no longer incorrectly reports change for information gathering operations (https://github.com/ansible-collections/community.general/pull/1536).
+- jira - replaced custom parameter validation with ``required_if`` (https://github.com/ansible-collections/community.general/pull/1536).
+- launchd - handle deprecated APIs like ``readPlist`` and ``writePlist`` in ``plistlib`` (https://github.com/ansible-collections/community.general/issues/1552).
+- ldap_search - the module no longer incorrectly reports a change (https://github.com/ansible-collections/community.general/issues/1040).
+- make - fixed ``make`` parameter used for check mode when running a non-GNU ``make`` (https://github.com/ansible-collections/community.general/pull/1574).
+- monit - add support for all monit service checks (https://github.com/ansible-collections/community.general/pull/1532).
+- nios_member - fix Python 3 compatibility with nios api ``member_normalize`` function (https://github.com/ansible-collections/community.general/issues/1526).
+- nmcli - remove ``bridge-slave`` from list of IP based connections ((https://github.com/ansible-collections/community.general/issues/1500).
+- pamd - added logic to retain the comment line (https://github.com/ansible-collections/community.general/issues/1394).
+- passwordstore lookup plugin - always use explicit ``show`` command to retrieve password. This ensures compatibility with ``gopass`` and avoids problems when password names equal ``pass`` commands (https://github.com/ansible-collections/community.general/pull/1493).
+- rhn_channel - Python 2.7.5 fails if the certificate should not be validated. Fixed this by creating the correct ``ssl_context`` (https://github.com/ansible-collections/community.general/pull/470).
+- sendgrid - update documentation and warn user about sendgrid Python library version (https://github.com/ansible-collections/community.general/issues/1553).
+- syslogger - update ``syslog.openlog`` API call for older Python versions, and improve error handling (https://github.com/ansible-collections/community.general/issues/953).
+- yaml callback plugin - do not remove non-ASCII Unicode characters from multiline string output (https://github.com/ansible-collections/community.general/issues/1519).
+
+v1.3.1
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- bigpanda - removed the dynamic default for ``host`` param (https://github.com/ansible-collections/community.general/pull/1423).
+- bitbucket_pipeline_variable - change pagination logic for pipeline variable get API (https://github.com/ansible-collections/community.general/issues/1425).
+- cobbler inventory script - add Python 3 support (https://github.com/ansible-collections/community.general/issues/638).
+- docker_container - the validation for ``capabilities`` in ``device_requests`` was incorrect (https://github.com/ansible-collections/community.docker/issues/42, https://github.com/ansible-collections/community.docker/pull/43).
+- git_config - now raises an error for non-existent repository paths (https://github.com/ansible-collections/community.general/issues/630).
+- icinga2_host - fix returning error codes (https://github.com/ansible-collections/community.general/pull/335).
+- jira - provide error message raised from exception (https://github.com/ansible-collections/community.general/issues/1504).
+- json_query - handle ``AnsibleUnicode`` and ``AnsibleUnsafeText`` (https://github.com/ansible-collections/community.general/issues/320).
+- keycloak module_utils - provide meaningful error message to user when auth URL does not start with http or https (https://github.com/ansible-collections/community.general/issues/331).
+- ldap_entry - improvements in documentation, simplifications and replaced code with better ``AnsibleModule`` arguments (https://github.com/ansible-collections/community.general/pull/1516).
+- mas - fix ``invalid literal`` when no app can be found (https://github.com/ansible-collections/community.general/pull/1436).
+- nios_host_record - fix to remove ``aliases`` (CNAMES) for configuration comparison (https://github.com/ansible-collections/community.general/issues/1335).
+- osx_defaults - unquote values and unescape double quotes when reading array values (https://github.com/ansible-collections/community.general/pull/358).
+- profitbricks_nic - removed the dynamic default for ``name`` param (https://github.com/ansible-collections/community.general/pull/1423).
+- profitbricks_nic - replaced code with ``required`` and ``required_if`` (https://github.com/ansible-collections/community.general/pull/1423).
+- redfish_info module, redfish_utils module utils - correct ``PartNumber`` property name in Redfish ``GetMemoryInventory`` command (https://github.com/ansible-collections/community.general/issues/1483).
+- saltstack connection plugin - use ``hashutil.base64_decodefile`` to ensure that the file checksum is preserved (https://github.com/ansible-collections/community.general/pull/1472).
+- udm_user - removed the dynamic default for ``userexpiry`` param (https://github.com/ansible-collections/community.general/pull/1423).
+- utm_network_interface_address - changed param type from invalid 'boolean' to valid 'bool' (https://github.com/ansible-collections/community.general/pull/1423).
+- utm_proxy_exception - four parameters had elements types set as 'string' (invalid), changed to 'str' (https://github.com/ansible-collections/community.general/pull/1399).
+- vmadm - simplification of code (https://github.com/ansible-collections/community.general/pull/1415).
+- xfconf - add in missing return values that are specified in the documentation (https://github.com/ansible-collections/community.general/issues/1418).
+
+v1.3.0
+======
+
+Release Summary
+---------------
+
+This is the last minor 1.x.0 release. The next releases from the stable-1 branch will be 1.3.y patch releases.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the Hetzner Robot modules will be moved to the `community.hrobot <https://galaxy.ansible.com/community/hrobot>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use Hetzner Robot modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.hrobot.`` instead of ``community.general.hetzner_``,
+  for example replace ``community.general.hetzner_firewall_info`` in a task by ``community.hrobot.firewall_info``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the Hetzner Robot modules, you have to make sure to install the ``community.hrobot`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.hetzner_failover_ip`` instead of ``hetzner_failover_ip``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the ``docker`` modules and plugins will be moved to the `community.docker <https://galaxy.ansible.com/community/docker>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use ``docker`` content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.docker.`` instead of ``community.general.``,
+  for example replace ``community.general.docker_container`` in a task by ``community.docker.docker_container``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the ``docker`` content, you have to make sure to install the ``community.docker`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.docker_container`` instead of ``docker_container``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the ``postgresql`` modules and plugins will be moved to the `community.postgresql <https://galaxy.ansible.com/community/postgresql>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use ``postgresql`` content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.postgresql.`` instead of ``community.general.``,
+  for example replace ``community.general.postgresql_info`` in a task by ``community.postgresql.postgresql_info``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the ``postgresql`` content, you have to make sure to install the ``community.postgresql`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.postgresql_info`` instead of ``postgresql_info``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- The community.general collection no longer depends on the ansible.posix collection (https://github.com/ansible-collections/community.general/pull/1157).
+
+Minor Changes
+-------------
+
+- Add new filter plugin ``dict_kv`` which returns a single key-value pair from two arguments. Useful for generating complex dictionaries without using loops. For example ``'value' | community.general.dict_kv('key'))`` evaluates to ``{'key': 'value'}`` (https://github.com/ansible-collections/community.general/pull/1264).
+- archive - fix paramater types (https://github.com/ansible-collections/community.general/pull/1039).
+- consul - added support for tcp checks (https://github.com/ansible-collections/community.general/issues/1128).
+- datadog - mark ``notification_message`` as ``no_log`` (https://github.com/ansible-collections/community.general/pull/1338).
+- datadog_monitor - add ``include_tags`` option (https://github.com/ansible/ansible/issues/57441).
+- django_manage - renamed parameter ``app_path`` to ``project_path``, adding ``app_path`` and ``chdir`` as aliases (https://github.com/ansible-collections/community.general/issues/1044).
+- docker_container - now supports the ``device_requests`` option, which allows to request additional resources such as GPUs (https://github.com/ansible/ansible/issues/65748, https://github.com/ansible-collections/community.general/pull/1119).
+- docker_image - return docker build output (https://github.com/ansible-collections/community.general/pull/805).
+- docker_secret - add a warning when the secret does not have an ``ansible_key`` label but the ``force`` parameter is not set (https://github.com/ansible-collections/community.docker/issues/30, https://github.com/ansible-collections/community.docker/pull/31).
+- facter - added option for ``arguments`` (https://github.com/ansible-collections/community.general/pull/768).
+- hashi_vault - support ``VAULT_SKIP_VERIFY`` environment variable for determining if to verify certificates (in addition to the ``validate_certs=`` flag supported today) (https://github.com/ansible-collections/community.general/pull/1024).
+- hashi_vault lookup plugin - add support for JWT authentication (https://github.com/ansible-collections/community.general/pull/1213).
+- infoblox inventory script - use stderr for reporting errors, and allow use of environment for configuration (https://github.com/ansible-collections/community.general/pull/436).
+- ipa_host - silence warning about non-secret ``random_password`` option not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+- ipa_user - silence warning about non-secret ``krbpasswordexpiration`` and ``update_password`` options not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+- linode_v4 - added support for Linode StackScript usage when creating instances (https://github.com/ansible-collections/community.general/issues/723).
+- lvol - fix idempotency issue when using lvol with ``%VG`` or ``%PVS`` size options and VG is fully allocated (https://github.com/ansible-collections/community.general/pull/229).
+- maven_artifact - added ``client_cert`` and ``client_key`` parameters to the maven_artifact module (https://github.com/ansible-collections/community.general/issues/1123).
+- module_helper - added ModuleHelper class and a couple of convenience tools for module developers (https://github.com/ansible-collections/community.general/pull/1322).
+- nmcli - refactor internal methods for simplicity and enhance reuse to support existing and future connection types (https://github.com/ansible-collections/community.general/pull/1113).
+- nmcli - remove Python DBus and GTK Object library dependencies (https://github.com/ansible-collections/community.general/issues/1112).
+- nmcli - the ``dns4``, ``dns4_search``, ``dns6``, and ``dns6_search`` arguments are retained internally as lists (https://github.com/ansible-collections/community.general/pull/1113).
+- odbc - added a parameter ``commit`` which allows users to disable the explicit commit after the execute call (https://github.com/ansible-collections/community.general/pull/1139).
+- openbsd_pkg - added ``snapshot`` option (https://github.com/ansible-collections/community.general/pull/965).
+- pacman - improve group expansion speed: query list of pacman groups once (https://github.com/ansible-collections/community.general/pull/349).
+- parted - add ``resize`` option to resize existing partitions (https://github.com/ansible-collections/community.general/pull/773).
+- passwordstore lookup plugin - added ``umask`` option to set the desired file permisions on creation. This is done via the ``PASSWORD_STORE_UMASK`` environment variable (https://github.com/ansible-collections/community.general/pull/1156).
+- pkgin - add support for installation of full versioned package names (https://github.com/ansible-collections/community.general/pull/1256).
+- pkgng - present the ``ignore_osver`` option to pkg (https://github.com/ansible-collections/community.general/pull/1243).
+- portage - add ``getbinpkgonly`` option, remove unnecessary note on internal portage behaviour (getbinpkg=yes), and remove the undocumented exclusiveness of the pkg options as portage makes no such restriction (https://github.com/ansible-collections/community.general/pull/1169).
+- postgresql_info - add ``in_recovery`` return value to show if a service in recovery mode or not (https://github.com/ansible-collections/community.general/issues/1068).
+- postgresql_privs - add ``procedure`` type support (https://github.com/ansible-collections/community.general/issues/1002).
+- postgresql_query - add ``query_list`` and ``query_all_results`` return values (https://github.com/ansible-collections/community.general/issues/838).
+- proxmox - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox - extract common code and documentation (https://github.com/ansible-collections/community.general/pull/1331).
+- proxmox inventory plugin - ignore QEMU templates altogether instead of skipping the creation of the host in the inventory (https://github.com/ansible-collections/community.general/pull/1185).
+- proxmox_kvm - add cloud-init support (new options: ``cicustom``, ``cipassword``, ``citype``, ``ciuser``, ``ipconfig``, ``nameservers``, ``searchdomains``, ``sshkeys``) (https://github.com/ansible-collections/community.general/pull/797).
+- proxmox_kvm - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox_kvm - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox_template - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox_template - download proxmox applicance templates (pveam) (https://github.com/ansible-collections/community.general/pull/1046).
+- redis cache plugin - add redis sentinel functionality to cache plugin (https://github.com/ansible-collections/community.general/pull/1055).
+- redis cache plugin - make the redis cache keyset name configurable (https://github.com/ansible-collections/community.general/pull/1036).
+- terraform - add ``init_reconfigure`` option, which controls the ``-reconfigure`` flag (backend reconfiguration) (https://github.com/ansible-collections/community.general/pull/823).
+- xfconf - removed unnecessary second execution of ``xfconf-query`` (https://github.com/ansible-collections/community.general/pull/1305).
+
+Deprecated Features
+-------------------
+
+- django_manage - the parameter ``liveserver`` relates to a no longer maintained third-party module for django. It is now deprecated, and will be remove in community.general 3.0.0 (https://github.com/ansible-collections/community.general/pull/1154).
+- proxmox - the default of the new ``proxmox_default_behavior`` option will change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0. Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox_kvm - the default of the new ``proxmox_default_behavior`` option will change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0. Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+- syspatch - deprecate the redundant ``apply`` argument (https://github.com/ansible-collections/community.general/pull/360).
+
+Bugfixes
+--------
+
+- apache2_module - amend existing module identifier workaround to also apply to updated Shibboleth modules (https://github.com/ansible-collections/community.general/issues/1379).
+- beadm - fixed issue "list object has no attribute split" (https://github.com/ansible-collections/community.general/issues/791).
+- capabilities - fix for a newer version of libcap release (https://github.com/ansible-collections/community.general/pull/1061).
+- composer - fix bug in command idempotence with composer v2 (https://github.com/ansible-collections/community.general/issues/1179).
+- docker_login - fix internal config file storage to handle credentials for more than one registry (https://github.com/ansible-collections/community.general/issues/1117).
+- filesystem - add option ``state`` with default ``present``. When set to ``absent``, filesystem signatures are removed (https://github.com/ansible-collections/community.general/issues/355).
+- flatpak - use of the ``--non-interactive`` argument instead of ``-y`` when possible (https://github.com/ansible-collections/community.general/pull/1246).
+- gcp_storage_files lookup plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- gitlab_group - added description parameter to ``createGroup()`` call (https://github.com/ansible-collections/community.general/issues/138).
+- gitlab_group_variable - support for GitLab pagination limitation by iterating over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+- gitlab_project_variable - support for GitLab pagination limitation by iterating over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+- hashi_vault - fix approle authentication without ``secret_id`` (https://github.com/ansible-collections/community.general/pull/1138).
+- homebrew - fix package name validation for packages containing hypen ``-`` (https://github.com/ansible-collections/community.general/issues/1037).
+- homebrew_cask - fix package name validation for casks containing hypen ``-`` (https://github.com/ansible-collections/community.general/issues/1037).
+- influxdb - fix usage of path for older version of python-influxdb (https://github.com/ansible-collections/community.general/issues/997).
+- iptables_state - fix race condition between module and its action plugin (https://github.com/ansible-collections/community.general/issues/1136).
+- linode inventory plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- lxc_container - fix the type of the ``container_config`` parameter. It is now processed as a list and not a string (https://github.com/ansible-collections/community.general/pull/216).
+- macports - fix failure to install a package whose name is contained within an already installed package's name or variant (https://github.com/ansible-collections/community.general/issues/1307).
+- maven_artifact - handle timestamped snapshot version strings properly (https://github.com/ansible-collections/community.general/issues/709).
+- memcached cache plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- monit - fix modules ability to determine the current state of the monitored process (https://github.com/ansible-collections/community.general/pull/1107).
+- nios_fixed_address, nios_host_record, nios_zone - removed redundant parameter aliases causing warning messages to incorrectly appear in task output (https://github.com/ansible-collections/community.general/issues/852).
+- nmcli - cannot modify ``ifname`` after connection creation (https://github.com/ansible-collections/community.general/issues/1089).
+- nmcli - use consistent autoconnect parameters (https://github.com/ansible-collections/community.general/issues/459).
+- omapi_host - fix compatibility with Python 3 (https://github.com/ansible-collections/community.general/issues/787).
+- packet_net.py inventory script - fixed failure w.r.t. operating system retrieval by changing array subscription back to attribute access (https://github.com/ansible-collections/community.general/pull/891).
+- postgresql_ext - fix the module crashes when available ext versions cannot be compared with current version (https://github.com/ansible-collections/community.general/issues/1095).
+- postgresql_ext - fix version selection when ``version=latest`` (https://github.com/ansible-collections/community.general/pull/1078).
+- postgresql_pg_hba - fix a crash when a new rule with an 'options' field replaces a rule without or vice versa (https://github.com/ansible-collections/community.general/issues/1108).
+- postgresql_privs - fix module fails when ``type`` group and passing ``objs`` value containing hyphens (https://github.com/ansible-collections/community.general/issues/1058).
+- proxmox_kvm - fix issue causing linked clones not being create by allowing ``format=unspecified`` (https://github.com/ansible-collections/community.general/issues/1027).
+- proxmox_kvm - ignore unsupported ``pool`` parameter on update (https://github.com/ansible-collections/community.general/pull/1258).
+- redis - fixes parsing of config values which should not be converted to bytes (https://github.com/ansible-collections/community.general/pull/1079).
+- redis cache plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- slack - avoid trying to update existing message when sending messages that contain the string "ts" (https://github.com/ansible-collections/community.general/issues/1097).
+- solaris_zone - fixed issue trying to configure zone in Python 3 (https://github.com/ansible-collections/community.general/issues/1081).
+- syspatch - fix bug where not setting ``apply=true`` would result in error (https://github.com/ansible-collections/community.general/pull/360).
+- xfconf - parameter ``value`` no longer required for state ``absent`` (https://github.com/ansible-collections/community.general/issues/1329).
+- xfconf - xfconf no longer passing the command args as a string, but rather as a list (https://github.com/ansible-collections/community.general/issues/1328).
+- zypper - force ``LANG=C`` to as zypper is looking in XML output where attribute could be translated (https://github.com/ansible-collections/community.general/issues/1175).
+
+New Modules
+-----------
+
+Cloud
+~~~~~
+
+misc
+^^^^
+
+- proxmox_domain_info - Retrieve information about one or more Proxmox VE domains
+- proxmox_group_info - Retrieve information about one or more Proxmox VE groups
+- proxmox_user_info - Retrieve information about one or more Proxmox VE users
+
+Clustering
+~~~~~~~~~~
+
+nomad
+^^^^^
+
+- nomad_job - Launch a Nomad Job
+- nomad_job_info - Get Nomad Jobs info
+
+Monitoring
+~~~~~~~~~~
+
+- pagerduty_change - Track a code or infrastructure change as a PagerDuty change event
+- pagerduty_user - Manage a user account on PagerDuty
+
 v1.2.0
 ======
 

README.md

@@ -1,9 +1,12 @@
 # Community General Collection
 
-[![Run Status](https://api.shippable.com/projects/5e664a167c32620006c9fa50/badge?branch=main)](https://app.shippable.com/github/ansible-collections/community.general/dashboard) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
+[![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-1)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
 
 This repo contains the `community.general` Ansible Collection. The collection includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.
 
+You can find [documentation for this collection on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
+
 ## Tested with Ansible
 
 Tested with the current Ansible 2.9 and 2.10 releases and the current development version of Ansible. Ansible versions before 2.9.10 are not supported.
@@ -14,7 +17,7 @@ Some modules and plugins require external libraries. Please check the requiremen
 
 ## Included content
 
-Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/community/general).
+Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/community/general) or the [documentation on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
 
 ## Using this collection
 
@@ -35,6 +38,14 @@ See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_gui
 
 If you want to develop new content for this collection or improve what is already here, the easiest way to work on the collection is to clone it into one of the configured [`COLLECTIONS_PATH`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), and work on it there.
 
+For example, if you are working in the `~/dev` directory:
+
+```
+cd ~/dev
+git clone git@github.com:ansible-collections/community.general.git collections/ansible_collections/community/general
+export COLLECTIONS_PATH=$(pwd)/collections:$COLLECTIONS_PATH
+```
+
 You can find more information in the [developer guide for collections](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections), and in the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).
 
 ### Running tests

changelogs/changelog.yaml

@@ -1231,3 +1231,574 @@ releases:
         name: stackpath_compute
         namespace: null
     release_date: '2020-09-30'
+  1.3.0:
+    changes:
+      bugfixes:
+      - apache2_module - amend existing module identifier workaround to also apply
+        to updated Shibboleth modules (https://github.com/ansible-collections/community.general/issues/1379).
+      - beadm - fixed issue "list object has no attribute split" (https://github.com/ansible-collections/community.general/issues/791).
+      - capabilities - fix for a newer version of libcap release (https://github.com/ansible-collections/community.general/pull/1061).
+      - composer - fix bug in command idempotence with composer v2 (https://github.com/ansible-collections/community.general/issues/1179).
+      - docker_login - fix internal config file storage to handle credentials for
+        more than one registry (https://github.com/ansible-collections/community.general/issues/1117).
+      - filesystem - add option ``state`` with default ``present``. When set to ``absent``,
+        filesystem signatures are removed (https://github.com/ansible-collections/community.general/issues/355).
+      - flatpak - use of the ``--non-interactive`` argument instead of ``-y`` when
+        possible (https://github.com/ansible-collections/community.general/pull/1246).
+      - gcp_storage_files lookup plugin - make sure that plugin errors out on initialization
+        if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - gitlab_group - added description parameter to ``createGroup()`` call (https://github.com/ansible-collections/community.general/issues/138).
+      - gitlab_group_variable - support for GitLab pagination limitation by iterating
+        over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+      - gitlab_project_variable - support for GitLab pagination limitation by iterating
+        over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+      - hashi_vault - fix approle authentication without ``secret_id`` (https://github.com/ansible-collections/community.general/pull/1138).
+      - homebrew - fix package name validation for packages containing hypen ``-``
+        (https://github.com/ansible-collections/community.general/issues/1037).
+      - homebrew_cask - fix package name validation for casks containing hypen ``-``
+        (https://github.com/ansible-collections/community.general/issues/1037).
+      - influxdb - fix usage of path for older version of python-influxdb (https://github.com/ansible-collections/community.general/issues/997).
+      - iptables_state - fix race condition between module and its action plugin (https://github.com/ansible-collections/community.general/issues/1136).
+      - linode inventory plugin - make sure that plugin errors out on initialization
+        if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - lxc_container - fix the type of the ``container_config`` parameter. It is
+        now processed as a list and not a string (https://github.com/ansible-collections/community.general/pull/216).
+      - macports - fix failure to install a package whose name is contained within
+        an already installed package's name or variant (https://github.com/ansible-collections/community.general/issues/1307).
+      - maven_artifact - handle timestamped snapshot version strings properly (https://github.com/ansible-collections/community.general/issues/709).
+      - memcached cache plugin - make sure that plugin errors out on initialization
+        if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - monit - fix modules ability to determine the current state of the monitored
+        process (https://github.com/ansible-collections/community.general/pull/1107).
+      - nios_fixed_address, nios_host_record, nios_zone - removed redundant parameter
+        aliases causing warning messages to incorrectly appear in task output (https://github.com/ansible-collections/community.general/issues/852).
+      - nmcli - cannot modify ``ifname`` after connection creation (https://github.com/ansible-collections/community.general/issues/1089).
+      - nmcli - use consistent autoconnect parameters (https://github.com/ansible-collections/community.general/issues/459).
+      - omapi_host - fix compatibility with Python 3 (https://github.com/ansible-collections/community.general/issues/787).
+      - packet_net.py inventory script - fixed failure w.r.t. operating system retrieval
+        by changing array subscription back to attribute access (https://github.com/ansible-collections/community.general/pull/891).
+      - postgresql_ext - fix the module crashes when available ext versions cannot
+        be compared with current version (https://github.com/ansible-collections/community.general/issues/1095).
+      - postgresql_ext - fix version selection when ``version=latest`` (https://github.com/ansible-collections/community.general/pull/1078).
+      - postgresql_pg_hba - fix a crash when a new rule with an 'options' field replaces
+        a rule without or vice versa (https://github.com/ansible-collections/community.general/issues/1108).
+      - postgresql_privs - fix module fails when ``type`` group and passing ``objs``
+        value containing hyphens (https://github.com/ansible-collections/community.general/issues/1058).
+      - proxmox_kvm - fix issue causing linked clones not being create by allowing
+        ``format=unspecified`` (https://github.com/ansible-collections/community.general/issues/1027).
+      - proxmox_kvm - ignore unsupported ``pool`` parameter on update (https://github.com/ansible-collections/community.general/pull/1258).
+      - redis - fixes parsing of config values which should not be converted to bytes
+        (https://github.com/ansible-collections/community.general/pull/1079).
+      - redis cache plugin - make sure that plugin errors out on initialization if
+        the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - slack - avoid trying to update existing message when sending messages that
+        contain the string "ts" (https://github.com/ansible-collections/community.general/issues/1097).
+      - solaris_zone - fixed issue trying to configure zone in Python 3 (https://github.com/ansible-collections/community.general/issues/1081).
+      - syspatch - fix bug where not setting ``apply=true`` would result in error
+        (https://github.com/ansible-collections/community.general/pull/360).
+      - xfconf - parameter ``value`` no longer required for state ``absent`` (https://github.com/ansible-collections/community.general/issues/1329).
+      - xfconf - xfconf no longer passing the command args as a string, but rather
+        as a list (https://github.com/ansible-collections/community.general/issues/1328).
+      - zypper - force ``LANG=C`` to as zypper is looking in XML output where attribute
+        could be translated (https://github.com/ansible-collections/community.general/issues/1175).
+      deprecated_features:
+      - django_manage - the parameter ``liveserver`` relates to a no longer maintained
+        third-party module for django. It is now deprecated, and will be remove in
+        community.general 3.0.0 (https://github.com/ansible-collections/community.general/pull/1154).
+      - proxmox - the default of the new ``proxmox_default_behavior`` option will
+        change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0.
+        Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+      - proxmox_kvm - the default of the new ``proxmox_default_behavior`` option will
+        change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0.
+        Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+      - syspatch - deprecate the redundant ``apply`` argument (https://github.com/ansible-collections/community.general/pull/360).
+      major_changes:
+      - 'For community.general 2.0.0, the Hetzner Robot modules will be moved to the
+        `community.hrobot <https://galaxy.ansible.com/community/hrobot>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use Hetzner Robot modules from this
+        collection, you will need to adjust your playbooks and roles to use FQCNs
+        starting with ``community.hrobot.`` instead of ``community.general.hetzner_``,
+
+        for example replace ``community.general.hetzner_firewall_info`` in a task
+        by ``community.hrobot.firewall_info``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the Hetzner Robot modules, you have to make sure to install the ``community.hrobot``
+        collection as well.
+
+        If you are using FQCNs, i.e. ``community.general.hetzner_failover_ip`` instead
+        of ``hetzner_failover_ip``, it will continue working, but we still recommend
+        to adjust the FQCNs as well.
+
+        '
+      - 'For community.general 2.0.0, the ``docker`` modules and plugins will be moved
+        to the `community.docker <https://galaxy.ansible.com/community/docker>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use ``docker`` content from this collection,
+        you will need to adjust your playbooks and roles to use FQCNs starting with
+        ``community.docker.`` instead of ``community.general.``,
+
+        for example replace ``community.general.docker_container`` in a task by ``community.docker.docker_container``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the ``docker`` content, you have to make sure to install the ``community.docker``
+        collection as well.
+
+        If you are using FQCNs, i.e. ``community.general.docker_container`` instead
+        of ``docker_container``, it will continue working, but we still recommend
+        to adjust the FQCNs as well.
+
+        '
+      - 'For community.general 2.0.0, the ``postgresql`` modules and plugins will
+        be moved to the `community.postgresql <https://galaxy.ansible.com/community/postgresql>`_
+        collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use ``postgresql`` content from this
+        collection, you will need to adjust your playbooks and roles to use FQCNs
+        starting with ``community.postgresql.`` instead of ``community.general.``,
+
+        for example replace ``community.general.postgresql_info`` in a task by ``community.postgresql.postgresql_info``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the ``postgresql`` content, you have to make sure to install the ``community.postgresql``
+        collection as well.
+
+        If you are using FQCNs, i.e. ``community.general.postgresql_info`` instead
+        of ``postgresql_info``, it will continue working, but we still recommend to
+        adjust the FQCNs as well.
+
+        '
+      - The community.general collection no longer depends on the ansible.posix collection
+        (https://github.com/ansible-collections/community.general/pull/1157).
+      minor_changes:
+      - 'Add new filter plugin ``dict_kv`` which returns a single key-value pair from
+        two arguments. Useful for generating complex dictionaries without using loops.
+        For example ``''value'' | community.general.dict_kv(''key''))`` evaluates
+        to ``{''key'': ''value''}`` (https://github.com/ansible-collections/community.general/pull/1264).'
+      - archive - fix paramater types (https://github.com/ansible-collections/community.general/pull/1039).
+      - consul - added support for tcp checks (https://github.com/ansible-collections/community.general/issues/1128).
+      - datadog - mark ``notification_message`` as ``no_log`` (https://github.com/ansible-collections/community.general/pull/1338).
+      - datadog_monitor - add ``include_tags`` option (https://github.com/ansible/ansible/issues/57441).
+      - django_manage - renamed parameter ``app_path`` to ``project_path``, adding
+        ``app_path`` and ``chdir`` as aliases (https://github.com/ansible-collections/community.general/issues/1044).
+      - docker_container - now supports the ``device_requests`` option, which allows
+        to request additional resources such as GPUs (https://github.com/ansible/ansible/issues/65748,
+        https://github.com/ansible-collections/community.general/pull/1119).
+      - docker_image - return docker build output (https://github.com/ansible-collections/community.general/pull/805).
+      - docker_secret - add a warning when the secret does not have an ``ansible_key``
+        label but the ``force`` parameter is not set (https://github.com/ansible-collections/community.docker/issues/30,
+        https://github.com/ansible-collections/community.docker/pull/31).
+      - facter - added option for ``arguments`` (https://github.com/ansible-collections/community.general/pull/768).
+      - hashi_vault - support ``VAULT_SKIP_VERIFY`` environment variable for determining
+        if to verify certificates (in addition to the ``validate_certs=`` flag supported
+        today) (https://github.com/ansible-collections/community.general/pull/1024).
+      - hashi_vault lookup plugin - add support for JWT authentication (https://github.com/ansible-collections/community.general/pull/1213).
+      - infoblox inventory script - use stderr for reporting errors, and allow use
+        of environment for configuration (https://github.com/ansible-collections/community.general/pull/436).
+      - ipa_host - silence warning about non-secret ``random_password`` option not
+        having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+      - ipa_user - silence warning about non-secret ``krbpasswordexpiration`` and
+        ``update_password`` options not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+      - linode_v4 - added support for Linode StackScript usage when creating instances
+        (https://github.com/ansible-collections/community.general/issues/723).
+      - lvol - fix idempotency issue when using lvol with ``%VG`` or ``%PVS`` size
+        options and VG is fully allocated (https://github.com/ansible-collections/community.general/pull/229).
+      - maven_artifact - added ``client_cert`` and ``client_key`` parameters to the
+        maven_artifact module (https://github.com/ansible-collections/community.general/issues/1123).
+      - module_helper - added ModuleHelper class and a couple of convenience tools
+        for module developers (https://github.com/ansible-collections/community.general/pull/1322).
+      - nmcli - refactor internal methods for simplicity and enhance reuse to support
+        existing and future connection types (https://github.com/ansible-collections/community.general/pull/1113).
+      - nmcli - remove Python DBus and GTK Object library dependencies (https://github.com/ansible-collections/community.general/issues/1112).
+      - nmcli - the ``dns4``, ``dns4_search``, ``dns6``, and ``dns6_search`` arguments
+        are retained internally as lists (https://github.com/ansible-collections/community.general/pull/1113).
+      - odbc - added a parameter ``commit`` which allows users to disable the explicit
+        commit after the execute call (https://github.com/ansible-collections/community.general/pull/1139).
+      - openbsd_pkg - added ``snapshot`` option (https://github.com/ansible-collections/community.general/pull/965).
+      - 'pacman - improve group expansion speed: query list of pacman groups once
+        (https://github.com/ansible-collections/community.general/pull/349).'
+      - parted - add ``resize`` option to resize existing partitions (https://github.com/ansible-collections/community.general/pull/773).
+      - passwordstore lookup plugin - added ``umask`` option to set the desired file
+        permisions on creation. This is done via the ``PASSWORD_STORE_UMASK`` environment
+        variable (https://github.com/ansible-collections/community.general/pull/1156).
+      - pkgin - add support for installation of full versioned package names (https://github.com/ansible-collections/community.general/pull/1256).
+      - pkgng - present the ``ignore_osver`` option to pkg (https://github.com/ansible-collections/community.general/pull/1243).
+      - portage - add ``getbinpkgonly`` option, remove unnecessary note on internal
+        portage behaviour (getbinpkg=yes), and remove the undocumented exclusiveness
+        of the pkg options as portage makes no such restriction (https://github.com/ansible-collections/community.general/pull/1169).
+      - postgresql_info - add ``in_recovery`` return value to show if a service in
+        recovery mode or not (https://github.com/ansible-collections/community.general/issues/1068).
+      - postgresql_privs - add ``procedure`` type support (https://github.com/ansible-collections/community.general/issues/1002).
+      - postgresql_query - add ``query_list`` and ``query_all_results`` return values
+        (https://github.com/ansible-collections/community.general/issues/838).
+      - proxmox - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+      - proxmox - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+      - proxmox - extract common code and documentation (https://github.com/ansible-collections/community.general/pull/1331).
+      - proxmox inventory plugin - ignore QEMU templates altogether instead of skipping
+        the creation of the host in the inventory (https://github.com/ansible-collections/community.general/pull/1185).
+      - 'proxmox_kvm - add cloud-init support (new options: ``cicustom``, ``cipassword``,
+        ``citype``, ``ciuser``, ``ipconfig``, ``nameservers``, ``searchdomains``,
+        ``sshkeys``) (https://github.com/ansible-collections/community.general/pull/797).'
+      - proxmox_kvm - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+      - proxmox_kvm - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+      - proxmox_template - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+      - proxmox_template - download proxmox applicance templates (pveam) (https://github.com/ansible-collections/community.general/pull/1046).
+      - redis cache plugin - add redis sentinel functionality to cache plugin (https://github.com/ansible-collections/community.general/pull/1055).
+      - redis cache plugin - make the redis cache keyset name configurable (https://github.com/ansible-collections/community.general/pull/1036).
+      - terraform - add ``init_reconfigure`` option, which controls the ``-reconfigure``
+        flag (backend reconfiguration) (https://github.com/ansible-collections/community.general/pull/823).
+      - xfconf - removed unnecessary second execution of ``xfconf-query`` (https://github.com/ansible-collections/community.general/pull/1305).
+      release_summary: This is the last minor 1.x.0 release. The next releases from
+        the stable-1 branch will be 1.3.y patch releases.
+    fragments:
+    - 1.3.0.yml
+    - 1024-vault-skip-verify-support.yml
+    - 1028-proxmox-kvm-linked-clone.yml
+    - 1036-redis-cache-keyset-name.yaml
+    - 1038-fix-homebrew-and-homebrew-cask-package-validation.yaml
+    - 1039-archive-fix-paramater-types.yaml
+    - 1048-postgresql_privs_add_procedure_type.yml
+    - 1055-redis-cache-sentinel.yaml
+    - 1059-postgresql_privs_fix_failings_when_using_roles_with_hyphen.yml
+    - 1078-postgresql_ext_fix_version_selection_when_version_is_latest.yml
+    - 1079-redis-use-regexp-to-check-if-the-value-matches-expected-form.yaml
+    - 1081-solaris_zone-python3.yml
+    - 1091-postgresql_info_add_in_recovery_ret_val.yml
+    - 1099-postgresql_ext_fix_failing_when_version_cannot_be_compared.yml
+    - 1101-slack-ts-fix.yaml
+    - 1105-beadm_bugfix.yaml
+    - 1107-monit-fix-status-check.yml
+    - 1118-docker_login-config-store.yml
+    - 1119-docker_container-device-reqests.yml
+    - 1124-pg_hba-dictkey_bugfix.yaml
+    - 1126-influxdb-conditional-path-argument.yml
+    - 1127-maven_artifact_client_cert.yml
+    - 1138-hashi_vault_fix_approle_authentication_without_secret_id.yml
+    - 1140-iptables_state-fix-race-condition.yml
+    - 1144-consul-add-tcp-check-support.yml
+    - 1149-filesystem-fix-355-state-absent.yml
+    - 1154-django_manage-docs.yml
+    - 1169-getbinpkgonly.yaml
+    - 1175-zypper-absent-lang.yml
+    - 1179-composer_require_v2_idempotence_fix.yml
+    - 1185-proxmox-ignore-qemu-templates.yml
+    - 1196-use_description-in-gitlab-group-creation.yml
+    - 1206-proxmox-api-token.yml
+    - 1213-hashi_vault-jwt-auth-support.yaml
+    - 1223-nios-remove-redundant-aliases.yml
+    - 1243-pkgng-present-ignoreosver.yaml
+    - 1244-renamed-parameter.yaml
+    - 1246-flatpak-use-non-interactive-argument.yaml
+    - 1256-feat-pkgin-add-full-version-package-name.yml
+    - 1258-proxmox_kvm-ignore-pool-on-update.yaml
+    - 1264-dict_kv-new-filter.yaml
+    - 1270-linode-v4-stackscript-support.yaml
+    - 1305-added-xfconf-tests.yaml
+    - 1307-macports-fix-status-check.yml
+    - 1322-module_helper_and_xfconf.yaml
+    - 1331-proxmox-info-modules.yml
+    - 1338-datadog-mark-notification_message-no_log.yml
+    - 1339-ip-no_log-nonsecret.yml
+    - 1383-apache2-module-amend-shib-workaround.yaml
+    - 216-fix-lxc-container-container_config-parameter.yaml
+    - 229_lvol_percentage_fix.yml
+    - 349-pacman_improve_group_expansion_speed.yml
+    - 360_syspatch_apply_patches_by_default.yml
+    - 409-datadog-monitor-include-tags.yaml
+    - 436-infoblox-use-stderr-and-environment-for-config.yaml
+    - 713-maven-timestamp-snapshot.yml
+    - 768-facter.yml
+    - 773-resize-partition.yml
+    - 788-fix_omapi_host_on_python3.yaml
+    - 797-proxmox-kvm-cloud-init.yaml
+    - 805-docker_image-build-output.yml
+    - 823-terraform_init_reconfigure.yaml
+    - 850-proxmox_kvm-remove_hard_coded_defaults.yml
+    - 886-postgresql_query_add_ret_vals.yml
+    - 891-packet_net-fix-not-subscriptable.yaml
+    - 968-gitlab_variables-pagination.yml
+    - 993-file-capabilities.yml
+    - community.docker-31-docker-secret.yml
+    - docker-migration.yml
+    - fix-plugin-imports.yml
+    - hetzner-migration.yml
+    - lookup-passwordstore-umask.yml
+    - nmcli-refactor.yml
+    - odbc.yml
+    - openbsd_pkg.yml
+    - postgresql-migration.yml
+    - proxmox_template-appliance-download.yml
+    - remove-ansible.posix-dependency.yml
+    modules:
+    - description: Launch a Nomad Job
+      name: nomad_job
+      namespace: clustering.nomad
+    - description: Get Nomad Jobs info
+      name: nomad_job_info
+      namespace: clustering.nomad
+    - description: Track a code or infrastructure change as a PagerDuty change event
+      name: pagerduty_change
+      namespace: monitoring
+    - description: Manage a user account on PagerDuty
+      name: pagerduty_user
+      namespace: monitoring
+    - description: Retrieve information about one or more Proxmox VE domains
+      name: proxmox_domain_info
+      namespace: cloud.misc
+    - description: Retrieve information about one or more Proxmox VE groups
+      name: proxmox_group_info
+      namespace: cloud.misc
+    - description: Retrieve information about one or more Proxmox VE users
+      name: proxmox_user_info
+      namespace: cloud.misc
+    release_date: '2020-11-26'
+  1.3.1:
+    changes:
+      bugfixes:
+      - bigpanda - removed the dynamic default for ``host`` param (https://github.com/ansible-collections/community.general/pull/1423).
+      - bitbucket_pipeline_variable - change pagination logic for pipeline variable
+        get API (https://github.com/ansible-collections/community.general/issues/1425).
+      - cobbler inventory script - add Python 3 support (https://github.com/ansible-collections/community.general/issues/638).
+      - docker_container - the validation for ``capabilities`` in ``device_requests``
+        was incorrect (https://github.com/ansible-collections/community.docker/issues/42,
+        https://github.com/ansible-collections/community.docker/pull/43).
+      - git_config - now raises an error for non-existent repository paths (https://github.com/ansible-collections/community.general/issues/630).
+      - icinga2_host - fix returning error codes (https://github.com/ansible-collections/community.general/pull/335).
+      - jira - provide error message raised from exception (https://github.com/ansible-collections/community.general/issues/1504).
+      - json_query - handle ``AnsibleUnicode`` and ``AnsibleUnsafeText`` (https://github.com/ansible-collections/community.general/issues/320).
+      - keycloak module_utils - provide meaningful error message to user when auth
+        URL does not start with http or https (https://github.com/ansible-collections/community.general/issues/331).
+      - ldap_entry - improvements in documentation, simplifications and replaced code
+        with better ``AnsibleModule`` arguments (https://github.com/ansible-collections/community.general/pull/1516).
+      - mas - fix ``invalid literal`` when no app can be found (https://github.com/ansible-collections/community.general/pull/1436).
+      - nios_host_record - fix to remove ``aliases`` (CNAMES) for configuration comparison
+        (https://github.com/ansible-collections/community.general/issues/1335).
+      - osx_defaults - unquote values and unescape double quotes when reading array
+        values (https://github.com/ansible-collections/community.general/pull/358).
+      - profitbricks_nic - removed the dynamic default for ``name`` param (https://github.com/ansible-collections/community.general/pull/1423).
+      - profitbricks_nic - replaced code with ``required`` and ``required_if`` (https://github.com/ansible-collections/community.general/pull/1423).
+      - redfish_info module, redfish_utils module utils - correct ``PartNumber`` property
+        name in Redfish ``GetMemoryInventory`` command (https://github.com/ansible-collections/community.general/issues/1483).
+      - saltstack connection plugin - use ``hashutil.base64_decodefile`` to ensure
+        that the file checksum is preserved (https://github.com/ansible-collections/community.general/pull/1472).
+      - udm_user - removed the dynamic default for ``userexpiry`` param (https://github.com/ansible-collections/community.general/pull/1423).
+      - utm_network_interface_address - changed param type from invalid 'boolean'
+        to valid 'bool' (https://github.com/ansible-collections/community.general/pull/1423).
+      - utm_proxy_exception - four parameters had elements types set as 'string' (invalid),
+        changed to 'str' (https://github.com/ansible-collections/community.general/pull/1399).
+      - vmadm - simplification of code (https://github.com/ansible-collections/community.general/pull/1415).
+      - xfconf - add in missing return values that are specified in the documentation
+        (https://github.com/ansible-collections/community.general/issues/1418).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 1.3.1.yml
+    - 1399-fixed-wrong-elements-type.yaml
+    - 1415-valmod_req_mismatch.yml
+    - 1419-xfconf-return-values.yaml
+    - 1423-valmod_multiple_cases.yml
+    - 1425_bitbucket_pipeline_variable.yml
+    - 1436-mas-fix-no-app-installed.yml
+    - 1472-saltstack-fix-put_file-to-preserve-checksum.yml
+    - 1484-fix-property-name-in-redfish-memory-inventory.yml
+    - 1504_jira.yml
+    - 1516-ldap_entry-improvements.yaml
+    - 320_unsafe_text.yml
+    - 331_keycloak.yml
+    - 335-icinga2_host-return-error-code.yaml
+    - 630-git_config-handling-invalid-dir.yaml
+    - 638_cobbler_py3.yml
+    - community.docker-43-docker_container-device_requests.yml
+    - fix_parsing_array_values_in_osx_defaults.yml
+    - nios_host_record-fix-aliases-removal.yml
+    release_date: '2020-12-21'
+  1.3.2:
+    changes:
+      bugfixes:
+      - docker_image - if ``push=true`` is used with ``repository``, and the image
+        does not need to be tagged, still push. This can happen if ``repository``
+        and ``name`` are equal (https://github.com/ansible-collections/community.docker/issues/52,
+        https://github.com/ansible-collections/community.docker/pull/53).
+      - docker_image - report error when loading a broken archive that contains no
+        image (https://github.com/ansible-collections/community.docker/issues/46,
+        https://github.com/ansible-collections/community.docker/pull/55).
+      - docker_image - report error when the loaded archive does not contain the specified
+        image (https://github.com/ansible-collections/community.docker/issues/41,
+        https://github.com/ansible-collections/community.docker/pull/55).
+      - jira - ``fetch`` and ``search`` no longer indicate that something changed
+        (https://github.com/ansible-collections/community.general/pull/1536).
+      - jira - ensured parameter ``issue`` is mandatory for operation ``transition``
+        (https://github.com/ansible-collections/community.general/pull/1536).
+      - jira - module no longer incorrectly reports change for information gathering
+        operations (https://github.com/ansible-collections/community.general/pull/1536).
+      - jira - replaced custom parameter validation with ``required_if`` (https://github.com/ansible-collections/community.general/pull/1536).
+      - launchd - handle deprecated APIs like ``readPlist`` and ``writePlist`` in
+        ``plistlib`` (https://github.com/ansible-collections/community.general/issues/1552).
+      - ldap_search - the module no longer incorrectly reports a change (https://github.com/ansible-collections/community.general/issues/1040).
+      - make - fixed ``make`` parameter used for check mode when running a non-GNU
+        ``make`` (https://github.com/ansible-collections/community.general/pull/1574).
+      - monit - add support for all monit service checks (https://github.com/ansible-collections/community.general/pull/1532).
+      - nios_member - fix Python 3 compatibility with nios api ``member_normalize``
+        function (https://github.com/ansible-collections/community.general/issues/1526).
+      - nmcli - remove ``bridge-slave`` from list of IP based connections ((https://github.com/ansible-collections/community.general/issues/1500).
+      - pamd - added logic to retain the comment line (https://github.com/ansible-collections/community.general/issues/1394).
+      - passwordstore lookup plugin - always use explicit ``show`` command to retrieve
+        password. This ensures compatibility with ``gopass`` and avoids problems when
+        password names equal ``pass`` commands (https://github.com/ansible-collections/community.general/pull/1493).
+      - rhn_channel - Python 2.7.5 fails if the certificate should not be validated.
+        Fixed this by creating the correct ``ssl_context`` (https://github.com/ansible-collections/community.general/pull/470).
+      - sendgrid - update documentation and warn user about sendgrid Python library
+        version (https://github.com/ansible-collections/community.general/issues/1553).
+      - syslogger - update ``syslog.openlog`` API call for older Python versions,
+        and improve error handling (https://github.com/ansible-collections/community.general/issues/953).
+      - yaml callback plugin - do not remove non-ASCII Unicode characters from multiline
+        string output (https://github.com/ansible-collections/community.general/issues/1519).
+      major_changes:
+      - 'For community.general 2.0.0, the Google modules will be moved to the `community.google
+        <https://galaxy.ansible.com/community/google>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use Google modules from this collection,
+        you will need to adjust your playbooks and roles to use FQCNs starting with
+        ``community.google.`` instead of ``community.general.``,
+
+        for example replace ``community.general.gcpubsub`` in a task by ``community.google.gcpubsub``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the Google modules, you have to make sure to install the ``community.google``
+        collection as well.
+
+        If you are using FQCNs, for example ``community.general.gcpubsub`` instead
+        of ``gcpubsub``, it will continue working, but we still recommend to adjust
+        the FQCNs as well.
+
+        '
+      - 'For community.general 2.0.0, the OC connection plugin will be moved to the
+        `community.okd <https://galaxy.ansible.com/community/okd>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use OC connection plugin from this collection,
+        you will need to adjust your playbooks and roles to use FQCNs ``community.okd.oc``
+        instead of ``community.general.oc``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the OC connection plugin, you have to make sure to install the ``community.okd``
+        collection as well.
+
+        If you are using FQCNs, in other words ``community.general.oc`` instead of
+        ``oc``, it will continue working, but we still recommend to adjust this FQCN
+        as well.
+
+        '
+      - 'For community.general 2.0.0, the hashi_vault lookup plugin will be moved
+        to the `community.hashi_vault <https://galaxy.ansible.com/community/hashi_vault>`_
+        collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use hashi_vault lookup plugin from this
+        collection, you will need to adjust your playbooks and roles to use FQCNs
+        ``community.hashi_vault.hashi_vault`` instead of ``community.general.hashi_vault``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the hashi_vault lookup plugin, you have to make sure to install the ``community.hashi_vault``
+        collection as well.
+
+        If you are using FQCNs, in other words ``community.general.hashi_vault`` instead
+        of ``hashi_vault``, it will continue working, but we still recommend to adjust
+        this FQCN as well.
+
+        '
+      minor_changes:
+      - homebrew_cask - Homebrew will be deprecating use of ``brew cask`` commands
+        as of version 2.6.0, see https://brew.sh/2020/12/01/homebrew-2.6.0/. Added
+        logic to stop using ``brew cask`` for brew version >= 2.6.0 (https://github.com/ansible-collections/community.general/pull/1481).
+      - jira - added the traceback output to ``fail_json()`` calls deriving from exceptions
+        (https://github.com/ansible-collections/community.general/pull/1536).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 1.3.2.yml
+    - 1040-ldap_search-changed-must-be-false.yaml
+    - 1394-pamd-removing-comments.yaml
+    - 1481-deprecated-brew-cask-command.yaml
+    - 1493-fix_passwordstore.py_to_be_compatible_with_gopass_versions.yml
+    - 1517-bridge-slave-from-list-of-ip-based-connections.yml
+    - 1522-yaml-callback-unicode.yml
+    - 1527-fix-nios-api-member-normalize.yaml
+    - 1532-monit-support-all-services.yaml
+    - 1552_launchd.yml
+    - 1553_sendgrid.yml
+    - 1574-make-question.yaml
+    - 470-spacewalk-legacy-python-certificate-validation.yaml
+    - 953_syslogger.yml
+    - community.docker-53-docker_image-tag-push.yml
+    - community.docker-55-docker_image-loading.yml
+    - google-migration.yml
+    - hashi_vault-migration.yml
+    - jira_improvements.yaml
+    - oc-migration.yml
+    release_date: '2021-01-04'
+  1.3.3:
+    changes:
+      bugfixes:
+      - terraform - fix ``init_reconfigure`` option for proper CLI args (https://github.com/ansible-collections/community.general/pull/1620).
+      major_changes:
+      - 'For community.general 2.0.0, the kubevirt modules will be moved to the `community.kubevirt
+        <https://galaxy.ansible.com/community/kubevirt>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use kubevirt modules from this collection,
+        you will need to adjust your playbooks and roles to use FQCNs starting with
+        ``community.kubevirt.`` instead of ``community.general.``,
+
+        for example replace ``community.general.kubevirt_vm`` in a task by ``community.kubevirt.kubevirt_vm``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the kubevirt modules, you have to make sure to install the ``community.kubevirt``
+        collection as well.
+
+        If you are using FQCNs, for example ``community.general.kubevirt_vm`` instead
+        of ``kubevirt_vm``, it will continue working, but we still recommend to adjust
+        the FQCNs as well.
+
+        '
+      release_summary: Bugfix/security release that addresses CVE-2021-20178.
+      security_fixes:
+      - snmp_facts - **CVE-2021-20178** - hide user sensitive information such as
+        ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).
+    fragments:
+    - 1.3.3.yml
+    - 1620-terraform_init_reconfigure_fix.yml
+    - kubevirt-migration.yml
+    - snmp_facts.yml
+    release_date: '2021-01-13'

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 1.2.0
+version: 1.3.3
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)
@@ -10,11 +10,10 @@ tags: [community]
 # NOTE: No more dependencies can be added to this list
 dependencies:
   ansible.netcommon: '>=1.0.0'
-  ansible.posix: '>=1.0.0'
   community.kubernetes: '>=1.0.0'
   google.cloud: '>=1.0.0'
 repository: https://github.com/ansible-collections/community.general
-#documentation: https://github.com/ansible-collection-migration/community.general/tree/main/docs
+documentation: https://docs.ansible.com/ansible/latest/collections/community/general/
 homepage: https://github.com/ansible-collections/community.general
 issues: https://github.com/ansible-collections/community.general/issues
 #type: flatmap

plugins/action/system/iptables_state.py

@@ -125,15 +125,18 @@ class ActionModule(ActionBase):
                     module_args['_back'] = '%s/iptables.state' % async_dir
                     async_status_args = dict(_async_dir=async_dir)
                     confirm_cmd = 'rm -f %s' % module_args['_back']
+                    starter_cmd = 'touch %s.starter' % module_args['_back']
                     remaining_time = max(task_async, max_timeout)
 
             # do work!
             result = merge_hash(result, self._execute_module(module_args=module_args, task_vars=task_vars, wrap_async=wrap_async))
 
             # Then the 3-steps "go ahead or rollback":
-            # - reset connection to ensure a persistent one will not be reused
-            # - confirm the restored state by removing the backup on the remote
-            # - retrieve the results of the asynchronous task to return them
+            # 1. Catch early errors of the module (in asynchronous task) if any.
+            #    Touch a file on the target to signal the module to process now.
+            # 2. Reset connection to ensure a persistent one will not be reused.
+            # 3. Confirm the restored state by removing the backup on the remote.
+            #    Retrieve the results of the asynchronous task to return them.
             if '_back' in module_args:
                 async_status_args['jid'] = result.get('ansible_job_id', None)
                 if async_status_args['jid'] is None:
@@ -143,12 +146,18 @@ class ActionModule(ActionBase):
                 # option type/value, missing required system command, etc.
                 result = merge_hash(result, self._async_result(async_status_args, task_vars, 0))
 
+                # The module is aware to not process the main iptables-restore
+                # command before finding (and deleting) the 'starter' cookie on
+                # the host, so the previous query will not reach ssh timeout.
+                garbage = self._low_level_execute_command(starter_cmd, sudoable=self.DEFAULT_SUDOABLE)
+
+                # As the main command is not yet executed on the target, here
+                # 'finished' means 'failed before main command be executed'.
                 if not result['finished']:
                     try:
                         self._connection.reset()
-                        display.v("%s: reset connection" % (module_name))
                     except AttributeError:
-                        display.warning("Connection plugin does not allow to reset the connection.")
+                        pass
 
                     for x in range(max_timeout):
                         time.sleep(1)

plugins/cache/memcached.py

@@ -57,8 +57,9 @@ from ansible.utils.display import Display
 
 try:
     import memcache
+    HAS_MEMCACHE = True
 except ImportError:
-    raise AnsibleError("python-memcached is required for the memcached fact cache")
+    HAS_MEMCACHE = False
 
 display = Display()
 
@@ -187,6 +188,9 @@ class CacheModule(BaseCacheModule):
             self._timeout = C.CACHE_PLUGIN_TIMEOUT
             self._prefix = C.CACHE_PLUGIN_PREFIX
 
+        if not HAS_MEMCACHE:
+            raise AnsibleError("python-memcached is required for the memcached fact cache")
+
         self._cache = {}
         self._db = ProxyClientPool(connection, debug=0)
         self._keys = CacheModuleKeys(self._db, self._db.get(CacheModuleKeys.PREFIX) or [])

plugins/cache/redis.py

@@ -18,6 +18,7 @@ DOCUMENTATION = '''
           - A colon separated string of connection information for Redis.
           - The format is C(host:port:db:password), for example C(localhost:6379:0:changeme).
           - To use encryption in transit, prefix the connection with C(tls://), as in C(tls://localhost:6379:0:changeme).
+          - To use redis sentinel, use separator C(;), for example C(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0.
         required: True
         env:
           - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
@@ -32,6 +33,23 @@ DOCUMENTATION = '''
         ini:
           - key: fact_caching_prefix
             section: defaults
+      _keyset_name:
+        description: User defined name for cache keyset name.
+        default: ansible_cache_keys
+        env:
+          - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME
+        ini:
+          - key: fact_caching_redis_keyset_name
+            section: defaults
+        version_added: 1.3.0
+      _sentinel_service_name:
+        description: The redis sentinel service name (or referenced as cluster name).
+        env:
+          - name: ANSIBLE_CACHE_REDIS_SENTINEL
+        ini:
+          - key: fact_caching_redis_sentinel
+            section: defaults
+        version_added: 1.3.0
       _timeout:
         default: 86400
         description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
@@ -48,14 +66,16 @@ import json
 
 from ansible import constants as C
 from ansible.errors import AnsibleError
+from ansible.module_utils._text import to_native
 from ansible.parsing.ajson import AnsibleJSONEncoder, AnsibleJSONDecoder
 from ansible.plugins.cache import BaseCacheModule
 from ansible.utils.display import Display
 
 try:
     from redis import StrictRedis, VERSION
+    HAS_REDIS = True
 except ImportError:
-    raise AnsibleError("The 'redis' python module (version 2.4.5 or newer) is required for the redis fact cache, 'pip install redis'")
+    HAS_REDIS = False
 
 display = Display()
 
@@ -69,6 +89,8 @@ class CacheModule(BaseCacheModule):
     to expire keys. This mechanism is used or a pattern matched 'scan' for
     performance.
     """
+    _sentinel_service_name = None
+
     def __init__(self, *args, **kwargs):
         uri = ''
 
@@ -78,6 +100,8 @@ class CacheModule(BaseCacheModule):
                 uri = self.get_option('_uri')
             self._timeout = float(self.get_option('_timeout'))
             self._prefix = self.get_option('_prefix')
+            self._keys_set = self.get_option('_keyset_name')
+            self._sentinel_service_name = self.get_option('_sentinel_service_name')
         except KeyError:
             display.deprecated('Rather than importing CacheModules directly, '
                                'use ansible.plugins.loader.cache_loader',
@@ -86,17 +110,60 @@ class CacheModule(BaseCacheModule):
                 uri = C.CACHE_PLUGIN_CONNECTION
             self._timeout = float(C.CACHE_PLUGIN_TIMEOUT)
             self._prefix = C.CACHE_PLUGIN_PREFIX
+            self._keys_set = 'ansible_cache_keys'
+
+        if not HAS_REDIS:
+            raise AnsibleError("The 'redis' python module (version 2.4.5 or newer) is required for the redis fact cache, 'pip install redis'")
 
         self._cache = {}
         kw = {}
+
+        # tls connection
         tlsprefix = 'tls://'
         if uri.startswith(tlsprefix):
             kw['ssl'] = True
             uri = uri[len(tlsprefix):]
 
-        connection = uri.split(':')
-        self._db = StrictRedis(*connection, **kw)
-        self._keys_set = 'ansible_cache_keys'
+        # redis sentinel connection
+        if self._sentinel_service_name:
+            self._db = self._get_sentinel_connection(uri, kw)
+        # normal connection
+        else:
+            connection = uri.split(':')
+            self._db = StrictRedis(*connection, **kw)
+
+        display.vv('Redis connection: %s' % self._db)
+
+    def _get_sentinel_connection(self, uri, kw):
+        """
+        get sentinel connection details from _uri
+        """
+        try:
+            from redis.sentinel import Sentinel
+        except ImportError:
+            raise AnsibleError("The 'redis' python module (version 2.9.0 or newer) is required to use redis sentinel.")
+
+        if ';' not in uri:
+            raise AnsibleError('_uri does not have sentinel syntax.')
+
+        # format: "localhost:26379;localhost2:26379;0:changeme"
+        connections = uri.split(';')
+        connection_args = connections.pop(-1)
+        if len(connection_args) > 0:  # hanle if no db nr is given
+            connection_args = connection_args.split(':')
+            kw['db'] = connection_args.pop(0)
+            try:
+                kw['password'] = connection_args.pop(0)
+            except IndexError:
+                pass  # password is optional
+
+        sentinels = [tuple(shost.split(':')) for shost in connections]
+        display.vv('\nUsing redis sentinels: %s' % sentinels)
+        scon = Sentinel(sentinels, **kw)
+        try:
+            return scon.master_for(self._sentinel_service_name, socket_timeout=0.2)
+        except Exception as exc:
+            raise AnsibleError('Could not connect to redis sentinel: %s' % to_native(exc))
 
     def _make_key(self, key):
         return self._prefix + key

plugins/callback/yaml.py

@@ -50,7 +50,7 @@ def my_represent_scalar(self, tag, value, style=None):
             # ...no trailing space
             value = value.rstrip()
             # ...and non-printable characters
-            value = ''.join(x for x in value if x in string.printable)
+            value = ''.join(x for x in value if x in string.printable or ord(x) >= 0xA0)
             # ...tabs prevent blocks from expanding
             value = value.expandtabs()
             # ...and odd bits of whitespace

plugins/connection/saltstack.py

@@ -19,6 +19,7 @@ DOCUMENTATION = '''
 import re
 import os
 import pty
+import codecs
 import subprocess
 
 from ansible.module_utils._text import to_bytes, to_text
@@ -85,9 +86,9 @@ class Connection(ConnectionBase):
 
         out_path = self._normalize_path(out_path, '/')
         self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.host)
-        with open(in_path) as in_fh:
+        with open(in_path, 'rb') as in_fh:
             content = in_fh.read()
-        self.client.cmd(self.host, 'file.write', [out_path, content])
+        self.client.cmd(self.host, 'hashutil.base64_decodefile', [codecs.encode(content, 'base64'), out_path])
 
     # TODO test it
     def fetch_file(self, in_path, out_path):

plugins/doc_fragments/dimensiondata.py

@@ -19,7 +19,6 @@ options:
   region:
     description:
       - The target region.
-    choices:
       - Regions are defined in Apache libcloud project [libcloud/common/dimensiondata.py]
       - They are also listed in U(https://libcloud.readthedocs.io/en/latest/compute/drivers/dimensiondata.html)
       - Note that the default value "na" stands for "North America".

plugins/doc_fragments/influxdb.py

@@ -40,6 +40,7 @@ options:
   path:
     description:
     - The path on which InfluxDB server is accessible
+    - Only available when using python-influxdb >= 5.1.0
     type: str
     version_added: '0.2.0'
   validate_certs:
@@ -52,6 +53,7 @@ options:
     description:
     - Use https instead of http to connect to InfluxDB server.
     type: bool
+    default: false
   timeout:
     description:
     - Number of seconds Requests will wait for client to establish a connection.
@@ -60,12 +62,14 @@ options:
     description:
     - Number of retries client will try before aborting.
     - C(0) indicates try until success.
+    - Only available when using python-influxdb >= 4.1.0
     type: int
     default: 3
   use_udp:
     description:
     - Use UDP to connect to InfluxDB server.
     type: bool
+    default: false
   udp_port:
     description:
     - UDP port to connect to InfluxDB server.

plugins/doc_fragments/manageiq.py

@@ -15,14 +15,14 @@ options:
   manageiq_connection:
     description:
       - ManageIQ connection configuration information.
-    required: true
+    required: false
     type: dict
     suboptions:
       url:
         description:
           - ManageIQ environment url. C(MIQ_URL) env var if set. otherwise, it is required to pass it.
         type: str
-        required: true
+        required: false
       username:
         description:
           - ManageIQ username. C(MIQ_USERNAME) env var if set. otherwise, required if no token is passed in.
@@ -44,7 +44,7 @@ options:
       ca_cert:
         description:
           - The path to a CA bundle file or directory with certificates. defaults to None.
-        type: path
+        type: str
         aliases: [ ca_bundle_path ]
 
 requirements:

plugins/doc_fragments/nios.py

@@ -24,7 +24,6 @@ options:
           - Value can also be specified using C(INFOBLOX_HOST) environment
             variable.
         type: str
-        required: true
       username:
         description:
           - Configures the username to use to authenticate the connection to

plugins/doc_fragments/nomad.py

@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2020 FERREIRA Christophe <christophe.ferreira@cnaf.fr>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+    # Standard files documentation fragment
+    DOCUMENTATION = r'''
+options:
+    host:
+      description:
+        - FQDN of Nomad server.
+      required: true
+      type: str
+    use_ssl:
+      description:
+        - Use TLS/SSL connection.
+      type: bool
+      default: true
+    timeout:
+      description:
+        - Timeout (in seconds) for the request to Nomad.
+      type: int
+      default: 5
+    validate_certs:
+      description:
+        - Enable TLS/SSL certificate validation.
+      type: bool
+      default: true
+    client_cert:
+      description:
+        - Path of certificate for TLS/SSL.
+      type: path
+    client_key:
+      description:
+        - Path of certificate's private key for TLS/SSL.
+      type: path
+    namespace:
+      description:
+        - Namespace for Nomad.
+      type: str
+    token:
+      description:
+        - ACL token for authentification.
+      type: str
+'''

plugins/doc_fragments/online.py

@@ -15,6 +15,7 @@ options:
     description:
       - Online OAuth token.
     type: str
+    required: true
     aliases: [ oauth_token ]
   api_url:
     description:

plugins/doc_fragments/ovirt_facts.py

@@ -19,6 +19,7 @@ options:
               Only the attributes of the current entity. User can configure to fetch other
               attributes of the nested entities by specifying C(nested_attributes).
         type: bool
+        default: false
     nested_attributes:
         description:
             - Specifies list of the attributes which should be fetched from the API.

plugins/doc_fragments/proxmox.py

@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+    # Common parameters for Proxmox VE modules
+    DOCUMENTATION = r'''
+options:
+  api_host:
+    description:
+      - Specify the target host of the Proxmox VE cluster.
+    type: str
+    required: true
+  api_user:
+    description:
+      - Specify the user to authenticate with.
+    type: str
+    required: true
+  api_password:
+    description:
+      - Specify the password to authenticate with.
+      - You can use C(PROXMOX_PASSWORD) environment variable.
+    type: str
+  api_token_id:
+    description:
+      - Specify the token ID.
+    type: str
+    version_added: 1.3.0
+  api_token_secret:
+    description:
+      - Specify the token secret.
+    type: str
+    version_added: 1.3.0
+  validate_certs:
+    description:
+      - If C(no), SSL certificates will not be validated.
+      - This should only be used on personally controlled sites using self-signed certificates.
+    type: bool
+    default: no
+requirements: [ "proxmoxer", "requests" ]
+'''

plugins/doc_fragments/rackspace.py

@@ -32,7 +32,6 @@ options:
     description:
       - Region to create an instance in.
     type: str
-    default: DFW
   username:
     description:
       - Rackspace username, overrides I(credentials).
@@ -59,37 +58,45 @@ notes:
     OPENSTACK = r'''
 options:
   api_key:
+    type: str
     description:
       - Rackspace API key, overrides I(credentials).
     aliases: [ password ]
   auth_endpoint:
+    type: str
     description:
       - The URI of the authentication service.
-    default: https://identity.api.rackspacecloud.com/v2.0/
+      - If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/)
   credentials:
+    type: path
     description:
       - File to find the Rackspace credentials in. Ignored if I(api_key) and
         I(username) are provided.
     aliases: [ creds_file ]
   env:
+    type: str
     description:
       - Environment as configured in I(~/.pyrax.cfg),
         see U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration).
   identity_type:
+    type: str
     description:
       - Authentication mechanism to use, such as rackspace or keystone.
     default: rackspace
   region:
+    type: str
     description:
       - Region to create an instance in.
-    default: DFW
   tenant_id:
+    type: str
     description:
       - The tenant ID used for authentication.
   tenant_name:
+    type: str
     description:
       - The tenant name used for authentication.
   username:
+    type: str
     description:
       - Rackspace username, overrides I(credentials).
   validate_certs:

plugins/filter/dict_kv.py

@@ -0,0 +1,70 @@
+# Copyright (C) 2020 Stanislav German-Evtushenko (@giner) <ginermail@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+def dict_kv(value, key):
+    '''Return a dictionary with a single key-value pair
+
+    Example:
+
+        - hosts: localhost
+          gather_facts: false
+          vars:
+            myvar: myvalue
+          tasks:
+          - debug:
+              msg: "{{ myvar | dict_kv('thatsmyvar') }}"
+
+        produces:
+
+        ok: [localhost] => {
+            "msg": {
+                "thatsmyvar": "myvalue"
+            }
+        }
+
+    Example 2:
+
+        - hosts: localhost
+          gather_facts: false
+          vars:
+            common_config:
+              type: host
+              database: all
+            myservers:
+            - server1
+            - server2
+          tasks:
+          - debug:
+              msg: "{{ myservers | map('dict_kv', 'server') | map('combine', common_config) }}"
+
+        produces:
+
+        ok: [localhost] => {
+            "msg": [
+                {
+                    "database": "all",
+                    "server": "server1",
+                    "type": "host"
+                },
+                {
+                    "database": "all",
+                    "server": "server2",
+                    "type": "host"
+                }
+            ]
+        }
+    '''
+    return {key: value}
+
+
+class FilterModule(object):
+    ''' Query filter '''
+
+    def filters(self):
+        return {
+            'dict_kv': dict_kv
+        }

plugins/filter/json_query.py

@@ -35,6 +35,9 @@ def json_query(data, expr):
         raise AnsibleError('You need to install "jmespath" prior to running '
                            'json_query filter')
 
+    # Hack to handle Ansible String Types
+    # See issue: https://github.com/ansible-collections/community.general/issues/320
+    jmespath.functions.REVERSE_TYPES_MAP['string'] = jmespath.functions.REVERSE_TYPES_MAP['string'] + ('AnsibleUnicode', 'AnsibleUnsafeText', )
     try:
         return jmespath.search(expr, data)
     except jmespath.exceptions.JMESPathError as e:

plugins/inventory/linode.py

@@ -63,8 +63,9 @@ from ansible.plugins.inventory import BaseInventoryPlugin
 try:
     from linode_api4 import LinodeClient
     from linode_api4.errors import ApiError as LinodeApiError
+    HAS_LINODE = True
 except ImportError:
-    raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
+    HAS_LINODE = False
 
 
 class InventoryModule(BaseInventoryPlugin):
@@ -194,6 +195,9 @@ class InventoryModule(BaseInventoryPlugin):
         """Dynamically parse Linode the cloud inventory."""
         super(InventoryModule, self).parse(inventory, loader, path)
 
+        if not HAS_LINODE:
+            raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
+
         config_data = self._read_config_data(path)
         self._build_client()
 

plugins/inventory/online.py

@@ -2,18 +2,16 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import (absolute_import, division, print_function)
-
-
 __metaclass__ = type
 
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
     name: online
     plugin_type: inventory
     author:
       - Remy Leone (@sieben)
-    short_description: Online inventory source
+    short_description: Scaleway (previously Online SAS or Online.net) inventory source
     description:
-        - Get inventory hosts from Online
+        - Get inventory hosts from Scaleway (previously Online SAS or Online.net).
     options:
         plugin:
             description: token that ensures this is a source file for the 'online' plugin.
@@ -45,7 +43,7 @@ DOCUMENTATION = '''
                 - rpn
 '''
 
-EXAMPLES = '''
+EXAMPLES = r'''
 # online_inventory.yml file in YAML format
 # Example command line: ansible-inventory --list -i online_inventory.yml
 

plugins/inventory/proxmox.py

@@ -300,10 +300,12 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                 node_qemu_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), ('%s_qemu' % node['node']).lower()))
                 self.inventory.add_group(node_qemu_group)
                 for qemu in self._get_qemu_per_node(node['node']):
-                    if not qemu['template']:
-                        self.inventory.add_host(qemu['name'])
-                        self.inventory.add_child(qemu_group, qemu['name'])
-                        self.inventory.add_child(node_qemu_group, qemu['name'])
+                    if qemu['template']:
+                        continue
+
+                    self.inventory.add_host(qemu['name'])
+                    self.inventory.add_child(qemu_group, qemu['name'])
+                    self.inventory.add_child(node_qemu_group, qemu['name'])
 
                     # get QEMU status
                     self._get_vm_status(node['node'], qemu['vmid'], 'qemu', qemu['name'])

plugins/lookup/gcp_storage_file.py

@@ -48,11 +48,16 @@ import base64
 import json
 import mimetypes
 import os
-import requests
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display
 
+try:
+    import requests
+    HAS_REQUESTS = True
+except ImportError:
+    HAS_REQUESTS = False
+
 try:
     from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import navigate_hash, GcpSession
     HAS_GOOGLE_CLOUD_COLLECTION = True
@@ -146,4 +151,6 @@ class LookupModule(LookupBase):
     def run(self, terms, variables=None, **kwargs):
         if not HAS_GOOGLE_CLOUD_COLLECTION:
             raise AnsibleError("community.general.gcp_storage_file needs a supported version of the google.cloud collection installed")
+        if not HAS_REQUESTS:
+            raise AnsibleError("community.general.gcp_storage_file needs requests installed. Use `pip install requests` to install it")
         return GcpFileLookup().run(terms, variables=variables, **kwargs)

plugins/lookup/hashi_vault.py

@@ -11,7 +11,7 @@ DOCUMENTATION = """
   author:
     - Jonathan Davila (!UNKNOWN) <jdavila(at)ansible.com>
     - Brian Scholer (@briantist)
-  short_description: Retrieve secrets from HashiCorp's vault
+  short_description: Retrieve secrets from HashiCorp's Vault
   requirements:
     - hvac (python library)
     - hvac 0.7.0+ (for namespace support)
@@ -19,7 +19,7 @@ DOCUMENTATION = """
     - botocore (only if inferring aws params from boto)
     - boto3 (only if using a boto profile)
   description:
-    - Retrieve secrets from HashiCorp's vault.
+    - Retrieve secrets from HashiCorp's Vault.
   notes:
     - Due to a current limitation in the HVAC library there won't necessarily be an error if a bad endpoint is specified.
     - As of community.general 0.2.0, only the latest version of a secret is returned when specifying a KV v2 path.
@@ -27,7 +27,7 @@ DOCUMENTATION = """
     - As of community.general 0.2.0, when C(secret) is the first option in the term string, C(secret=) is not required (see examples).
   options:
     secret:
-      description: query you are making.
+      description: Vault path to the secret being requested in the format C(path[:field]).
       required: True
     token:
       description:
@@ -55,7 +55,7 @@ DOCUMENTATION = """
       default: '.vault-token'
       version_added: '0.2.0'
     url:
-      description: URL to vault service.
+      description: URL to the Vault service.
       env:
         - name: VAULT_ADDR
       ini:
@@ -76,7 +76,7 @@ DOCUMENTATION = """
           key: role_id
           version_added: '0.2.0'
     secret_id:
-      description: Secret id for a vault AppRole auth.
+      description: Secret ID to be used for Vault AppRole authentication.
       env:
         - name: VAULT_SECRET_ID
     auth_method:
@@ -84,6 +84,7 @@ DOCUMENTATION = """
         - Authentication method to be used.
         - C(userpass) is added in Ansible 2.8.
         - C(aws_iam_login) is added in community.general 0.2.0.
+        - C(jwt) is added in community.general 1.3.0.
       env:
         - name: VAULT_AUTH_METHOD
       ini:
@@ -96,6 +97,7 @@ DOCUMENTATION = """
         - ldap
         - approle
         - aws_iam_login
+        - jwt
       default: token
     return_format:
       description:
@@ -111,16 +113,27 @@ DOCUMENTATION = """
       aliases: [ as ]
       version_added: '0.2.0'
     mount_point:
-      description: Vault mount point, only required if you have a custom mount point.
+      description: Vault mount point, only required if you have a custom mount point. Does not apply to token authentication.
+    jwt:
+      description: The JSON Web Token (JWT) to use for JWT authentication to Vault.
+      env:
+        - name: ANSIBLE_HASHI_VAULT_JWT
+      version_added: 1.3.0
     ca_cert:
       description: Path to certificate to use for authentication.
       aliases: [ cacert ]
     validate_certs:
-      description: Controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
+      description:
+        - Controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
+        - Will be populated with the inverse of C(VAULT_SKIP_VERIFY) if that is set and I(validate_certs) is not explicitly
+          provided (added in community.general 1.3.0).
+        - Will default to C(true) if neither I(validate_certs) or C(VAULT_SKIP_VERIFY) are set.
       type: boolean
-      default: True
     namespace:
-      description: Namespace where secrets reside. Requires HVAC 0.7.0+ and Vault 0.11+.
+      description:
+        - Vault namespace where secrets reside. This option requires HVAC 0.7.0+ and Vault 0.11+.
+        - Optionally, this may be achieved by prefixing the authentication mount point and/or secret path with the namespace
+          (e.g C(mynamespace/secret/mysecret)).
       env:
         - name: VAULT_NAMESPACE
           version_added: 1.2.0
@@ -183,7 +196,7 @@ EXAMPLES = """
   ansible.builtin.debug:
     msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hello:value auth_method=userpass username=myuser password=psw url=http://myvault:8200') }}"
 
-- name: Using an ssl vault
+- name: Connect to Vault using TLS
   ansible.builtin.debug:
     msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hola:value token=c975b780-d1be-8016-866b-01d0f9b688a5 validate_certs=False') }}"
 
@@ -191,7 +204,7 @@ EXAMPLES = """
   ansible.builtin.debug:
     msg: "{{ lookup('community.general.hashi_vault', 'secret/hi:value token=xxxx url=https://myvault:8200 validate_certs=True cacert=/cacert/path/ca.pem') }}"
 
-- name: authenticate with a Vault app role
+- name: Authenticate with a Vault app role
   ansible.builtin.debug:
     msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hello:value auth_method=approle role_id=myroleid secret_id=mysecretid') }}"
 
@@ -241,7 +254,13 @@ EXAMPLES = """
 
 - name: authenticate with aws_iam_login
   ansible.builtin.debug:
-    msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='aws_iam_login' role_id='myroleid', profile=my_boto_profile) }}"
+    msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='aws_iam_login', role_id='myroleid', profile=my_boto_profile) }}"
+
+# The following examples work in collection releases after community.general 1.3.0
+
+- name: Authenticate with a JWT
+  ansible.builtin.debug:
+      msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='jwt', role_id='myroleid', jwt='myjwt', url='https://myvault:8200')}}"
 """
 
 RETURN = """
@@ -257,6 +276,7 @@ import os
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display
+from ansible.module_utils.parsing.convert_bool import boolean
 
 HAS_HVAC = False
 try:
@@ -424,6 +444,17 @@ class HashiVault:
             Display().warning("HVAC should be updated to version 0.9.3 or higher. Deprecated method 'auth_aws_iam' will be used.")
             self.client.auth_aws_iam(**params)
 
+    def auth_jwt(self):
+        params = self.get_options('role_id', 'jwt', 'mount_point')
+        params['role'] = params.pop('role_id')
+        if self.hvac_has_auth_methods and hasattr(self.client.auth, 'jwt') and hasattr(self.client.auth.jwt, 'jwt_login'):
+            response = self.client.auth.jwt.jwt_login(**params)
+            # must manually set the client token with JWT login
+            # see https://github.com/hvac/hvac/issues/644
+            self.client.token = response['auth']['client_token']
+        else:
+            raise AnsibleError("JWT authentication requires HVAC version 0.10.5 or higher.")
+
     # end auth implementation methods
 
 
@@ -486,8 +517,28 @@ class LookupModule(LookupBase):
         #
         '''' return a bool or cacert '''
         ca_cert = self.get_option('ca_cert')
+
         validate_certs = self.get_option('validate_certs')
 
+        if validate_certs is None:
+            # Validate certs option was not explicitly set
+
+            # Check if VAULT_SKIP_VERIFY is set
+            vault_skip_verify = os.environ.get('VAULT_SKIP_VERIFY')
+
+            if vault_skip_verify is not None:
+                # VAULT_SKIP_VERIFY is set
+                try:
+                    # Check that we have a boolean value
+                    vault_skip_verify = boolean(vault_skip_verify)
+                    # Use the inverse of VAULT_SKIP_VERIFY
+                    validate_certs = not vault_skip_verify
+                except TypeError:
+                    # Not a boolean value fallback to default value (True)
+                    validate_certs = True
+            else:
+                validate_certs = True
+
         if not (validate_certs and ca_cert):
             self.set_option('ca_cert', validate_certs)
 
@@ -506,7 +557,7 @@ class LookupModule(LookupBase):
     def auth_methods(self):
         # enforce and set the list of available auth methods
         # TODO: can this be read from the choices: field in documentation?
-        avail_auth_methods = ['token', 'approle', 'userpass', 'ldap', 'aws_iam_login']
+        avail_auth_methods = ['token', 'approle', 'userpass', 'ldap', 'aws_iam_login', 'jwt']
         self.set_option('avail_auth_methods', avail_auth_methods)
         auth_method = self.get_option('auth_method')
 
@@ -537,7 +588,7 @@ class LookupModule(LookupBase):
         self.validate_by_required_fields(auth_method, 'username', 'password')
 
     def validate_auth_approle(self, auth_method):
-        self.validate_by_required_fields(auth_method, 'role_id', 'secret_id')
+        self.validate_by_required_fields(auth_method, 'role_id')
 
     def validate_auth_token(self, auth_method):
         if auth_method == 'token':
@@ -593,4 +644,7 @@ class LookupModule(LookupBase):
 
         self.set_option('iam_login_credentials', params)
 
+    def validate_auth_jwt(self, auth_method):
+        self.validate_by_required_fields(auth_method, 'role_id', 'jwt')
+
     # end auth method validators

plugins/lookup/passwordstore.py

@@ -32,6 +32,13 @@ DOCUMENTATION = '''
         description: Overwrite the password if it does already exist.
         type: bool
         default: 'no'
+      umask:
+        description:
+          - Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable).
+          - Note pass' default value is C('077').
+        env:
+          - name: PASSWORD_STORE_UMASK
+        version_added: 1.3.0
       returnall:
         description: Return all the content of the password, not only the first line.
         type: bool
@@ -175,17 +182,29 @@ class LookupModule(LookupBase):
                 else:
                     raise AnsibleError("{0} is not a correct value for length".format(self.paramvals['length']))
 
+            # Collect pass environment variables from the plugin's parameters.
+            self.env = os.environ.copy()
+
             # Set PASSWORD_STORE_DIR if directory is set
             if self.paramvals['directory']:
                 if os.path.isdir(self.paramvals['directory']):
-                    os.environ['PASSWORD_STORE_DIR'] = self.paramvals['directory']
+                    self.env['PASSWORD_STORE_DIR'] = self.paramvals['directory']
                 else:
                     raise AnsibleError('Passwordstore directory \'{0}\' does not exist'.format(self.paramvals['directory']))
 
+            # Set PASSWORD_STORE_UMASK if umask is set
+            if 'umask' in self.paramvals:
+                if len(self.paramvals['umask']) != 3:
+                    raise AnsibleError('Passwordstore umask must have a length of 3.')
+                elif int(self.paramvals['umask'][0]) > 3:
+                    raise AnsibleError('Passwordstore umask not allowed (password not user readable).')
+                else:
+                    self.env['PASSWORD_STORE_UMASK'] = self.paramvals['umask']
+
     def check_pass(self):
         try:
             self.passoutput = to_text(
-                check_output2(["pass", self.passname]),
+                check_output2(["pass", "show", self.passname], env=self.env),
                 errors='surrogate_or_strict'
             ).splitlines()
             self.password = self.passoutput[0]
@@ -228,7 +247,7 @@ class LookupModule(LookupBase):
         if self.paramvals['backup']:
             msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
         try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg)
+            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
             raise AnsibleError(e)
         return newpass
@@ -240,7 +259,7 @@ class LookupModule(LookupBase):
         datetime = time.strftime("%d/%m/%Y %H:%M:%S")
         msg = newpass + '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
         try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg)
+            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
             raise AnsibleError(e)
         return newpass

plugins/module_utils/_mount.py

@@ -0,0 +1,90 @@
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is based on
+# Lib/posixpath.py of cpython
+# It is licensed under the PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+#
+# 1. This LICENSE AGREEMENT is between the Python Software Foundation
+# ("PSF"), and the Individual or Organization ("Licensee") accessing and
+# otherwise using this software ("Python") in source or binary form and
+# its associated documentation.
+#
+# 2. Subject to the terms and conditions of this License Agreement, PSF hereby
+# grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+# analyze, test, perform and/or display publicly, prepare derivative works,
+# distribute, and otherwise use Python alone or in any derivative version,
+# provided, however, that PSF's License Agreement and PSF's notice of copyright,
+# i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012, 2013, 2014, 2015 Python Software Foundation; All Rights Reserved"
+# are retained in Python alone or in any derivative version prepared by Licensee.
+#
+# 3. In the event Licensee prepares a derivative work that is based on
+# or incorporates Python or any part thereof, and wants to make
+# the derivative work available to others as provided herein, then
+# Licensee hereby agrees to include in any such work a brief summary of
+# the changes made to Python.
+#
+# 4. PSF is making Python available to Licensee on an "AS IS"
+# basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+# IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+# DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+# FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+# INFRINGE ANY THIRD PARTY RIGHTS.
+#
+# 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+# FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+# A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+# OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+#
+# 6. This License Agreement will automatically terminate upon a material
+# breach of its terms and conditions.
+#
+# 7. Nothing in this License Agreement shall be deemed to create any
+# relationship of agency, partnership, or joint venture between PSF and
+# Licensee.  This License Agreement does not grant permission to use PSF
+# trademarks or trade name in a trademark sense to endorse or promote
+# products or services of Licensee, or any third party.
+#
+# 8. By copying, installing or otherwise using Python, Licensee
+# agrees to be bound by the terms and conditions of this License
+# Agreement.
+
+import os
+
+
+def ismount(path):
+    """Test whether a path is a mount point
+    This is a copy of the upstream version of ismount(). Originally this was copied here as a workaround
+    until Python issue 2466 was fixed. Now it is here so this will work on older versions of Python
+    that may not have the upstream fix.
+    https://github.com/ansible/ansible-modules-core/issues/2186
+    http://bugs.python.org/issue2466
+    """
+    try:
+        s1 = os.lstat(path)
+    except (OSError, ValueError):
+        # It doesn't exist -- so not a mount point. :-)
+        return False
+    else:
+        # A symlink can never be a mount point
+        if os.path.stat.S_ISLNK(s1.st_mode):
+            return False
+
+    if isinstance(path, bytes):
+        parent = os.path.join(path, b'..')
+    else:
+        parent = os.path.join(path, '..')
+    parent = os.path.realpath(parent)
+    try:
+        s2 = os.lstat(parent)
+    except (OSError, ValueError):
+        return False
+
+    dev1 = s1.st_dev
+    dev2 = s2.st_dev
+    if dev1 != dev2:
+        return True     # path/.. on a different device as path
+    ino1 = s1.st_ino
+    ino2 = s2.st_ino
+    if ino1 == ino2:
+        return True     # path/.. is the same i-node as path
+    return False

plugins/module_utils/identity/keycloak/keycloak.py

@@ -75,6 +75,8 @@ class KeycloakError(Exception):
 
 def get_token(base_url, validate_certs, auth_realm, client_id,
               auth_username, auth_password, client_secret):
+    if not base_url.lower().startswith(('http', 'https')):
+        raise KeycloakError("auth_url '%s' should either start with 'http' or 'https'." % base_url)
     auth_url = URL_TOKEN.format(url=base_url, realm=auth_realm)
     temp_payload = {
         'grant_type': 'password',

plugins/module_utils/influxdb.py

@@ -9,6 +9,7 @@ __metaclass__ = type
 import traceback
 
 from ansible.module_utils.basic import missing_required_lib
+from distutils.version import LooseVersion
 
 REQUESTS_IMP_ERR = None
 try:
@@ -69,7 +70,6 @@ class InfluxDb():
         args = dict(
             host=self.hostname,
             port=self.port,
-            path=self.path,
             username=self.username,
             password=self.password,
             database=self.database_name,
@@ -80,9 +80,13 @@ class InfluxDb():
             udp_port=self.params['udp_port'],
             proxies=self.params['proxies'],
         )
-        influxdb_api_version = tuple(influxdb_version.split("."))
-        if influxdb_api_version >= ('4', '1', '0'):
+        influxdb_api_version = LooseVersion(influxdb_version)
+        if influxdb_api_version >= LooseVersion('4.1.0'):
             # retries option is added in version 4.1.0
             args.update(retries=self.params['retries'])
 
+        if influxdb_api_version >= LooseVersion('5.1.0'):
+            # path argument is added in version 5.1.0
+            args.update(path=self.path)
+
         return InfluxDBClient(**args)

plugins/module_utils/module_helper.py

@@ -0,0 +1,302 @@
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2018, Ansible Project
+# Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from functools import partial, wraps
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule
+
+
+class ArgFormat(object):
+    """
+    Argument formatter
+    """
+    BOOLEAN = 0
+    PRINTF = 1
+    FORMAT = 2
+
+    @staticmethod
+    def stars_deco(num):
+        if num == 1:
+            def deco(f):
+                return lambda v: f(*v)
+            return deco
+        elif num == 2:
+            def deco(f):
+                return lambda v: f(**v)
+            return deco
+
+        return lambda f: f
+
+    def __init__(self, name, fmt=None, style=FORMAT, stars=0):
+        """
+        Creates a new formatter
+        :param name: Name of the argument to be formatted
+        :param fmt: Either a str to be formatted (using or not printf-style) or a callable that does that
+        :param style: Whether arg_format (as str) should use printf-style formatting.
+                             Ignored if arg_format is None or not a str (should be callable).
+        :param stars: A int with 0, 1 or 2 value, indicating to formatting the value as: value, *value or **value
+        """
+        def printf_fmt(_fmt, v):
+            try:
+                return [_fmt % v]
+            except TypeError as e:
+                if e.args[0] != 'not all arguments converted during string formatting':
+                    raise
+                return [_fmt]
+
+        _fmts = {
+            ArgFormat.BOOLEAN: lambda _fmt, v: ([_fmt] if bool(v) else []),
+            ArgFormat.PRINTF: printf_fmt,
+            ArgFormat.FORMAT: lambda _fmt, v: [_fmt.format(v)],
+        }
+
+        self.name = name
+        self.stars = stars
+
+        if fmt is None:
+            fmt = "{0}"
+            style = ArgFormat.FORMAT
+
+        if isinstance(fmt, str):
+            func = _fmts[style]
+            self.arg_format = partial(func, fmt)
+        elif isinstance(fmt, list) or isinstance(fmt, tuple):
+            self.arg_format = lambda v: [_fmts[style](f, v)[0] for f in fmt]
+        elif hasattr(fmt, '__call__'):
+            self.arg_format = fmt
+        else:
+            raise TypeError('Parameter fmt must be either: a string, a list/tuple of '
+                            'strings or a function: type={0}, value={1}'.format(type(fmt), fmt))
+
+        if stars:
+            self.arg_format = (self.stars_deco(stars))(self.arg_format)
+
+    def to_text(self, value):
+        func = self.arg_format
+        return [str(p) for p in func(value)]
+
+
+def cause_changes(func, on_success=True, on_failure=False):
+    @wraps(func)
+    def wrapper(self, *args, **kwargs):
+        try:
+            func(*args, **kwargs)
+            if on_success:
+                self.changed = True
+        except Exception as e:
+            if on_failure:
+                self.changed = True
+            raise
+    return wrapper
+
+
+def module_fails_on_exception(func):
+    @wraps(func)
+    def wrapper(self, *args, **kwargs):
+        try:
+            func(self, *args, **kwargs)
+        except SystemExit:
+            raise
+        except Exception as e:
+            self.vars.msg = "Module failed with exception: {0}".format(str(e).strip())
+            self.vars.exception = traceback.format_exc()
+            self.module.fail_json(changed=False, msg=self.vars.msg, exception=self.vars.exception, output=self.output, vars=self.vars)
+    return wrapper
+
+
+class DependencyCtxMgr(object):
+    def __init__(self, name, msg=None):
+        self.name = name
+        self.msg = msg
+        self.has_it = False
+        self.exc_type = None
+        self.exc_val = None
+        self.exc_tb = None
+
+    def __enter__(self):
+        pass
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        self.has_it = exc_type is None
+        self.exc_type = exc_type
+        self.exc_val = exc_val
+        self.exc_tb = exc_tb
+        return not self.has_it
+
+    @property
+    def text(self):
+        return self.msg or str(self.exc_val)
+
+
+class ModuleHelper(object):
+    _dependencies = []
+    module = {}
+    facts_name = None
+
+    class AttrDict(dict):
+        def __getattr__(self, item):
+            return self[item]
+
+    def __init__(self, module=None):
+        self.vars = ModuleHelper.AttrDict()
+        self.output_dict = dict()
+        self.facts_dict = dict()
+        self._changed = False
+
+        if module:
+            self.module = module
+
+        if not isinstance(module, AnsibleModule):
+            self.module = AnsibleModule(**self.module)
+
+    def update_output(self, **kwargs):
+        if kwargs:
+            self.output_dict.update(kwargs)
+
+    def update_facts(self, **kwargs):
+        if kwargs:
+            self.facts_dict.update(kwargs)
+
+    def __init_module__(self):
+        pass
+
+    def __run__(self):
+        raise NotImplementedError()
+
+    @property
+    def changed(self):
+        return self._changed
+
+    @changed.setter
+    def changed(self, value):
+        self._changed = value
+
+    @property
+    def output(self):
+        result = dict(self.vars)
+        result.update(self.output_dict)
+        if self.facts_name:
+            result['ansible_facts'] = {self.facts_name: self.facts_dict}
+        return result
+
+    @module_fails_on_exception
+    def run(self):
+        self.fail_on_missing_deps()
+        self.__init_module__()
+        self.__run__()
+        self.module.exit_json(changed=self.changed, **self.output_dict)
+
+    @classmethod
+    def dependency(cls, name, msg):
+        cls._dependencies.append(DependencyCtxMgr(name, msg))
+        return cls._dependencies[-1]
+
+    def fail_on_missing_deps(self):
+        for d in self._dependencies:
+            if not d.has_it:
+                self.module.fail_json(changed=False,
+                                      exception=d.exc_val.__traceback__.format_exc(),
+                                      msg=d.text,
+                                      **self.output_dict)
+
+
+class StateMixin(object):
+    state_param = 'state'
+    default_state = None
+
+    def _state(self):
+        state = self.module.params.get(self.state_param)
+        return self.default_state if state is None else state
+
+    def __run__(self):
+        state = self._state()
+        self.vars.state = state
+
+        # resolve aliases
+        if state not in self.module.params:
+            aliased = [name for name, param in self.module.argument_spec.items() if state in param.get('aliases', [])]
+            if aliased:
+                state = aliased[0]
+                self.vars.effective_state = state
+
+        method = "state_{0}".format(state)
+        if not hasattr(self, method):
+            return self.__state_fallback__()
+        func = getattr(self, method)
+        return func()
+
+    def __state_fallback__(self):
+        raise ValueError("Cannot find method for state: {0}".format(self._state()))
+
+
+class CmdMixin(object):
+    """
+    Mixin for mapping module options to running a CLI command with its arguments.
+    """
+    command = None
+    command_args_formats = dict()
+    check_rc = False
+    force_lang = "C"
+
+    @property
+    def module_formats(self):
+        result = {}
+        for param in self.module.params.keys():
+            result[param] = ArgFormat(param)
+        return result
+
+    @property
+    def custom_formats(self):
+        result = {}
+        for param, fmt_spec in self.command_args_formats.items():
+            result[param] = ArgFormat(param, **fmt_spec)
+        return result
+
+    def _calculate_args(self, extra_params=None, params=None):
+        def add_arg_formatted_param(_cmd_args, arg_format, _value):
+            args = [x for x in arg_format.to_text(_value)]
+            return _cmd_args + args
+
+        def find_format(_param):
+            return self.custom_formats.get(_param, self.module_formats.get(_param))
+
+        extra_params = extra_params or dict()
+        cmd_args = [self.module.get_bin_path(self.command)]
+        param_list = params if params else self.module.params.keys()
+
+        for param in param_list:
+            if param in self.module.argument_spec:
+                if param not in self.module.params:
+                    continue
+                fmt = find_format(param)
+                value = self.module.params[param]
+            else:
+                if param not in extra_params:
+                    continue
+                fmt = find_format(param)
+                value = extra_params[param]
+            self.cmd_args = cmd_args
+            cmd_args = add_arg_formatted_param(cmd_args, fmt, value)
+
+        return cmd_args
+
+    def process_command_output(self, rc, out, err):
+        return rc, out, err
+
+    def run_command(self, extra_params=None, params=None, *args, **kwargs):
+        self.vars['cmd_args'] = self._calculate_args(extra_params, params)
+        env_update = kwargs.get('environ_update', {})
+        check_rc = kwargs.get('check_rc', self.check_rc)
+        if self.force_lang:
+            env_update.update({'LANGUAGE': self.force_lang})
+            self.update_output(force_lang=self.force_lang)
+        rc, out, err = self.module.run_command(self.vars['cmd_args'],
+                                               environ_update=env_update,
+                                               check_rc=check_rc, *args, **kwargs)
+        self.update_output(rc=rc, stdout=out, stderr=err)
+        return self.process_command_output(rc, out, err)

plugins/module_utils/net_tools/nios/api.py

@@ -144,7 +144,7 @@ def member_normalize(member_spec):
                        'pre_provisioning', 'network_setting', 'v6_network_setting',
                        'ha_port_setting', 'lan_port_setting', 'lan2_physical_setting',
                        'lan_ha_port_setting', 'mgmt_network_setting', 'v6_mgmt_network_setting']
-    for key in member_spec.keys():
+    for key in list(member_spec.keys()):
         if key in member_elements and member_spec[key] is not None:
             member_spec[key] = member_spec[key][0]
         if isinstance(member_spec[key], dict):
@@ -455,6 +455,9 @@ class WapiModule(WapiBase):
                 return False
 
             elif isinstance(proposed_item, list):
+                if key == 'aliases':
+                    if set(current_item) != set(proposed_item):
+                        return False
                 for subitem in proposed_item:
                     if not self.issubset(subitem, current_item):
                         return False

plugins/module_utils/proxmox.py

@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright: (c) 2020, Tristan Le Guern <tleguern at bouledef.eu>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import atexit
+import time
+import re
+import traceback
+
+PROXMOXER_IMP_ERR = None
+try:
+    from proxmoxer import ProxmoxAPI
+    HAS_PROXMOXER = True
+except ImportError:
+    HAS_PROXMOXER = False
+    PROXMOXER_IMP_ERR = traceback.format_exc()
+
+
+from ansible.module_utils.basic import env_fallback, missing_required_lib
+
+
+def proxmox_auth_argument_spec():
+    return dict(
+        api_host=dict(type='str',
+                      required=True,
+                      fallback=(env_fallback, ['PROXMOX_HOST'])
+                      ),
+        api_user=dict(type='str',
+                      required=True,
+                      fallback=(env_fallback, ['PROXMOX_USER'])
+                      ),
+        api_password=dict(type='str',
+                          no_log=True,
+                          fallback=(env_fallback, ['PROXMOX_PASSWORD'])
+                          ),
+        api_token_id=dict(type='str',
+                          no_log=False
+                          ),
+        api_token_secret=dict(type='str',
+                              no_log=True
+                              ),
+        validate_certs=dict(type='bool',
+                            default=False
+                            ),
+    )
+
+
+def proxmox_to_ansible_bool(value):
+    '''Convert Proxmox representation of a boolean to be ansible-friendly'''
+    return True if value == 1 else False
+
+
+class ProxmoxAnsible(object):
+    """Base class for Proxmox modules"""
+    def __init__(self, module):
+        self.module = module
+        self.proxmox_api = self._connect()
+        # Test token validity
+        try:
+            self.proxmox_api.version.get()
+        except Exception as e:
+            module.fail_json(msg='%s' % e, exception=traceback.format_exc())
+
+    def _connect(self):
+        api_host = self.module.params['api_host']
+        api_user = self.module.params['api_user']
+        api_password = self.module.params['api_password']
+        api_token_id = self.module.params['api_token_id']
+        api_token_secret = self.module.params['api_token_secret']
+        validate_certs = self.module.params['validate_certs']
+
+        auth_args = {'user': api_user}
+        if api_password:
+            auth_args['password'] = api_password
+        else:
+            auth_args['token_name'] = api_token_id
+            auth_args['token_value'] = api_token_secret
+
+        try:
+            return ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
+        except Exception as e:
+            self.module.fail_json(msg='%s' % e, exception=traceback.format_exc())

plugins/module_utils/redfish_utils.py

@@ -1886,7 +1886,7 @@ class RedfishUtils(object):
         memory_results = []
         key = "Memory"
         # Get these entries, but does not fail if not found
-        properties = ['SerialNumber', 'MemoryDeviceType', 'PartNuber',
+        properties = ['SerialNumber', 'MemoryDeviceType', 'PartNumber',
                       'MemoryLocation', 'RankCount', 'CapacityMiB', 'OperatingMemoryModes', 'Status', 'Manufacturer', 'Name']
 
         # Search for 'key' entry and extract URI from it

plugins/modules/cloud/atomic/atomic_container.py

@@ -45,14 +45,12 @@ options:
     state:
         description:
           - State of the container.
-        required: True
         choices: ["absent", "latest", "present", "rollback"]
         default: "latest"
         type: str
     mode:
         description:
           - Define if it is an user or a system container.
-        required: True
         choices: ["user", "system"]
         type: str
     values:

plugins/modules/cloud/centurylink/clc_aa_policy.py

@@ -16,14 +16,17 @@ options:
   name:
     description:
       - The name of the Anti Affinity Policy.
+    type: str
     required: True
   location:
     description:
       - Datacenter in which the policy lives/should live.
+    type: str
     required: True
   state:
     description:
       - Whether to create or delete the policy.
+    type: str
     required: False
     default: present
     choices: ['present','absent']
@@ -68,7 +71,6 @@ EXAMPLES = '''
       ansible.builtin.debug:
         var: policy
 
----
 - name: Delete AA Policy
   hosts: localhost
   gather_facts: False

plugins/modules/cloud/centurylink/clc_alert_policy.py

@@ -17,34 +17,42 @@ options:
   alias:
     description:
       - The alias of your CLC Account
+    type: str
     required: True
   name:
     description:
       - The name of the alert policy. This is mutually exclusive with id
+    type: str
   id:
     description:
       - The alert policy id. This is mutually exclusive with name
+    type: str
   alert_recipients:
     description:
       - A list of recipient email ids to notify the alert.
         This is required for state 'present'
+    type: list
   metric:
     description:
       - The metric on which to measure the condition that will trigger the alert.
         This is required for state 'present'
+    type: str
     choices: ['cpu','memory','disk']
   duration:
     description:
       - The length of time in minutes that the condition must exceed the threshold.
         This is required for state 'present'
+    type: str
   threshold:
     description:
       - The threshold that will trigger the alert when the metric equals or exceeds it.
         This is required for state 'present'
         This number represents a percentage and must be a value between 5.0 - 95.0 that is a multiple of 5.0
+    type: int
   state:
     description:
       - Whether to create or delete the policy.
+    type: str
     default: present
     choices: ['present','absent']
 requirements:
@@ -89,7 +97,6 @@ EXAMPLES = '''
     - name: Debug
       ansible.builtin.debug: var=policy
 
----
 - name: Delete Alert Policy Example
   hosts: localhost
   gather_facts: False
@@ -210,18 +217,18 @@ class ClcAlertPolicy:
         :return: argument spec dictionary
         """
         argument_spec = dict(
-            name=dict(default=None),
-            id=dict(default=None),
-            alias=dict(required=True, default=None),
-            alert_recipients=dict(type='list', default=None),
+            name=dict(),
+            id=dict(),
+            alias=dict(required=True),
+            alert_recipients=dict(type='list'),
             metric=dict(
                 choices=[
                     'cpu',
                     'memory',
                     'disk'],
                 default=None),
-            duration=dict(type='str', default=None),
-            threshold=dict(type='int', default=None),
+            duration=dict(type='str'),
+            threshold=dict(type='int'),
             state=dict(default='present', choices=['present', 'absent'])
         )
         mutually_exclusive = [

plugins/modules/cloud/centurylink/clc_blueprint_package.py

@@ -16,26 +16,30 @@ options:
   server_ids:
     description:
       - A list of server Ids to deploy the blue print package.
+    type: list
     required: True
   package_id:
     description:
       - The package id of the blue print.
+    type: str
     required: True
   package_params:
     description:
       - The dictionary of arguments required to deploy the blue print.
+    type: dict
     default: {}
     required: False
   state:
     description:
       - Whether to install or uninstall the package. Currently it supports only "present" for install action.
+    type: str
     required: False
     default: present
     choices: ['present']
   wait:
     description:
       - Whether to wait for the tasks to finish before returning.
-    type: bool
+    type: str
     default: True
     required: False
 requirements:
@@ -163,7 +167,7 @@ class ClcBlueprintPackage:
             server_ids=dict(type='list', required=True),
             package_id=dict(required=True),
             package_params=dict(type='dict', default={}),
-            wait=dict(default=True),
+            wait=dict(default=True),   # @FIXME should be bool?
             state=dict(default='present', choices=['present'])
         )
         return argument_spec

plugins/modules/cloud/centurylink/clc_firewall_policy.py

@@ -16,45 +16,54 @@ options:
   location:
     description:
       - Target datacenter for the firewall policy
+    type: str
     required: True
   state:
     description:
       - Whether to create or delete the firewall policy
+    type: str
     default: present
     choices: ['present', 'absent']
   source:
     description:
       - The list  of source addresses for traffic on the originating firewall.
         This is required when state is 'present'
+    type: list
   destination:
     description:
       - The list of destination addresses for traffic on the terminating firewall.
         This is required when state is 'present'
+    type: list
   ports:
     description:
       - The list of ports associated with the policy.
         TCP and UDP can take in single ports or port ranges.
-    choices: ['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456']
+      - "Example: C(['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456'])."
+    type: list
   firewall_policy_id:
     description:
       - Id of the firewall policy. This is required to update or delete an existing firewall policy
+    type: str
   source_account_alias:
     description:
       - CLC alias for the source account
+    type: str
     required: True
   destination_account_alias:
     description:
       - CLC alias for the destination account
+    type: str
   wait:
     description:
       - Whether to wait for the provisioning tasks to finish before returning.
-    type: bool
-    default: 'yes'
+    type: str
+    default: 'True'
   enabled:
     description:
       - Whether the firewall policy is enabled or disabled
+    type: str
     choices: [True, False]
-    default: 'yes'
+    default: True
 requirements:
     - python = 2.7
     - requests >= 2.5.0
@@ -89,7 +98,6 @@ EXAMPLES = '''
         ports: Any
         destination_account_alias: WFAD
 
----
 - name: Delete Firewall Policy
   hosts: localhost
   gather_facts: False
@@ -206,13 +214,13 @@ class ClcFirewallPolicy:
         """
         argument_spec = dict(
             location=dict(required=True),
-            source_account_alias=dict(required=True, default=None),
-            destination_account_alias=dict(default=None),
-            firewall_policy_id=dict(default=None),
-            ports=dict(default=None, type='list'),
-            source=dict(default=None, type='list'),
-            destination=dict(default=None, type='list'),
-            wait=dict(default=True),
+            source_account_alias=dict(required=True),
+            destination_account_alias=dict(),
+            firewall_policy_id=dict(),
+            ports=dict(type='list'),
+            source=dict(type='list'),
+            destination=dict(type='list'),
+            wait=dict(default=True),   # @FIXME type=bool
             state=dict(default='present', choices=['present', 'absent']),
             enabled=dict(default=True, choices=[True, False])
         )

plugins/modules/cloud/centurylink/clc_group.py

@@ -17,23 +17,28 @@ options:
   name:
     description:
       - The name of the Server Group
+    type: str
     required: True
   description:
     description:
       - A description of the Server Group
+    type: str
     required: False
   parent:
     description:
       - The parent group of the server group. If parent is not provided, it creates the group at top level.
+    type: str
     required: False
   location:
     description:
       - Datacenter to create the group in. If location is not provided, the group gets created in the default datacenter
         associated with the account
+    type: str
     required: False
   state:
     description:
       - Whether to create or delete the group
+    type: str
     default: present
     choices: ['present', 'absent']
   wait:
@@ -81,8 +86,6 @@ EXAMPLES = '''
         var: clc
 
 # Delete a Server Group
-
----
 - name: Delete Server Group
   hosts: localhost
   gather_facts: False

plugins/modules/cloud/centurylink/clc_loadbalancer.py

@@ -17,42 +17,52 @@ options:
   name:
     description:
       - The name of the loadbalancer
+    type: str
     required: True
   description:
     description:
       - A description for the loadbalancer
+    type: str
   alias:
     description:
       - The alias of your CLC Account
+    type: str
     required: True
   location:
     description:
       - The location of the datacenter where the load balancer resides in
+    type: str
     required: True
   method:
     description:
       -The balancing method for the load balancer pool
+    type: str
     choices: ['leastConnection', 'roundRobin']
   persistence:
     description:
       - The persistence method for the load balancer
+    type: str
     choices: ['standard', 'sticky']
   port:
     description:
       - Port to configure on the public-facing side of the load balancer pool
+    type: str
     choices: [80, 443]
   nodes:
     description:
       - A list of nodes that needs to be added to the load balancer pool
+    type: list
     default: []
   status:
     description:
       - The status of the loadbalancer
+    type: str
     default: enabled
     choices: ['enabled', 'disabled']
   state:
     description:
       - Whether to create or delete the load balancer pool
+    type: str
     default: present
     choices: ['present', 'absent', 'port_absent', 'nodes_present', 'nodes_absent']
 requirements:

plugins/modules/cloud/centurylink/clc_modify_server.py

@@ -16,32 +16,40 @@ options:
   server_ids:
     description:
       - A list of server Ids to modify.
+    type: list
     required: True
   cpu:
     description:
       - How many CPUs to update on the server
+    type: str
   memory:
     description:
       - Memory (in GB) to set to the server.
+    type: str
   anti_affinity_policy_id:
     description:
       - The anti affinity policy id to be set for a hyper scale server.
         This is mutually exclusive with 'anti_affinity_policy_name'
+    type: str
   anti_affinity_policy_name:
     description:
       - The anti affinity policy name to be set for a hyper scale server.
         This is mutually exclusive with 'anti_affinity_policy_id'
+    type: str
   alert_policy_id:
     description:
       - The alert policy id to be associated to the server.
         This is mutually exclusive with 'alert_policy_name'
+    type: str
   alert_policy_name:
     description:
       - The alert policy name to be associated to the server.
         This is mutually exclusive with 'alert_policy_id'
+    type: str
   state:
     description:
       - The state to insure that the provided resources are in.
+    type: str
     default: 'present'
     choices: ['present', 'absent']
   wait:

plugins/modules/cloud/centurylink/clc_publicip.py

@@ -16,19 +16,23 @@ options:
   protocol:
     description:
       - The protocol that the public IP will listen for.
+    type: str
     default: TCP
     choices: ['TCP', 'UDP', 'ICMP']
   ports:
     description:
       - A list of ports to expose. This is required when state is 'present'
+    type: list
   server_ids:
     description:
       - A list of servers to create public ips on.
+    type: list
     required: True
   state:
     description:
       - Determine whether to create or delete public IPs. If present module will not create a second public ip if one
         already exists.
+    type: str
     default: present
     choices: ['present', 'absent']
   wait:

plugins/modules/cloud/centurylink/clc_server.py

@@ -16,6 +16,7 @@ options:
   additional_disks:
     description:
       - The list of additional disks for the server
+    type: list
     default: []
   add_public_ip:
     description:
@@ -25,53 +26,68 @@ options:
   alias:
     description:
       - The account alias to provision the servers under.
+    type: str
   anti_affinity_policy_id:
     description:
       - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_name'.
+    type: str
   anti_affinity_policy_name:
     description:
       - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_id'.
+    type: str
   alert_policy_id:
     description:
       - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_name'.
+    type: str
   alert_policy_name:
     description:
       - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_id'.
+    type: str
   count:
     description:
       - The number of servers to build (mutually exclusive with exact_count)
     default: 1
+    type: int
   count_group:
     description:
       - Required when exact_count is specified.  The Server Group use to determine how many servers to deploy.
+    type: str
   cpu:
     description:
       - How many CPUs to provision on the server
     default: 1
+    type: int
   cpu_autoscale_policy_id:
     description:
       - The autoscale policy to assign to the server.
+    type: str
   custom_fields:
     description:
       - The list of custom fields to set on the server.
+    type: list
     default: []
   description:
     description:
       - The description to set for the server.
+    type: str
   exact_count:
     description:
       - Run in idempotent mode.  Will insure that this exact number of servers are running in the provided group,
         creating and deleting them to reach that count.  Requires count_group to be set.
+    type: int
   group:
     description:
       - The Server Group to create servers under.
+    type: str
     default: 'Default Group'
   ip_address:
     description:
       - The IP Address for the server. One is assigned if not provided.
+    type: str
   location:
     description:
       - The Datacenter to create servers in.
+    type: str
   managed_os:
     description:
       - Whether to create the server as 'Managed' or not.
@@ -81,73 +97,91 @@ options:
   memory:
     description:
       - Memory in GB.
+    type: int
     default: 1
   name:
     description:
       - A 1 to 6 character identifier to use for the server. This is required when state is 'present'
+    type: str
   network_id:
     description:
       - The network UUID on which to create servers.
+    type: str
   packages:
     description:
       - The list of blue print packages to run on the server after its created.
+    type: list
     default: []
   password:
     description:
       - Password for the administrator / root user
+    type: str
   primary_dns:
     description:
       - Primary DNS used by the server.
+    type: str
   public_ip_protocol:
     description:
       - The protocol to use for the public ip if add_public_ip is set to True.
+    type: str
     default: 'TCP'
     choices: ['TCP', 'UDP', 'ICMP']
   public_ip_ports:
     description:
       - A list of ports to allow on the firewall to the servers public ip, if add_public_ip is set to True.
+    type: list
     default: []
   secondary_dns:
     description:
       - Secondary DNS used by the server.
+    type: str
   server_ids:
     description:
       - Required for started, stopped, and absent states.
         A list of server Ids to insure are started, stopped, or absent.
+    type: list
     default: []
   source_server_password:
     description:
       - The password for the source server if a clone is specified.
+    type: str
   state:
     description:
       - The state to insure that the provided resources are in.
+    type: str
     default: 'present'
     choices: ['present', 'absent', 'started', 'stopped']
   storage_type:
     description:
       - The type of storage to attach to the server.
+    type: str
     default: 'standard'
     choices: ['standard', 'hyperscale']
   template:
     description:
       - The template to use for server creation.  Will search for a template if a partial string is provided.
         This is required when state is 'present'
+    type: str
   ttl:
     description:
       - The time to live for the server in seconds.  The server will be deleted when this time expires.
+    type: str
   type:
     description:
       - The type of server to create.
+    type: str
     default: 'standard'
     choices: ['standard', 'hyperscale', 'bareMetal']
   configuration_id:
     description:
       -  Only required for bare metal servers.
          Specifies the identifier for the specific configuration type of bare metal server to deploy.
+    type: str
   os_type:
     description:
       - Only required for bare metal servers.
         Specifies the OS to provision with the bare metal server.
+    type: str
     choices: ['redHat6_64Bit', 'centOS6_64Bit', 'windows2012R2Standard_64Bit', 'ubuntu14_64Bit']
   wait:
     description:

plugins/modules/cloud/centurylink/clc_server_snapshot.py

@@ -16,15 +16,18 @@ options:
   server_ids:
     description:
       - The list of CLC server Ids.
+    type: list
     required: True
   expiration_days:
     description:
       - The number of days to keep the server snapshot before it expires.
+    type: int
     default: 7
     required: False
   state:
     description:
       - The state to insure that the provided resources are in.
+    type: str
     default: 'present'
     required: False
     choices: ['present', 'absent', 'restore']
@@ -33,7 +36,7 @@ options:
       - Whether to wait for the provisioning tasks to finish before returning.
     default: True
     required: False
-    type: bool
+    type: str
 requirements:
     - python = 2.7
     - requests >= 2.5.0

plugins/modules/cloud/dimensiondata/dimensiondata_network.py

@@ -29,21 +29,25 @@ options:
     description:
       - The name of the network domain to create.
     required: true
+    type: str
   description:
     description:
       - Additional description of the network domain.
     required: false
+    type: str
   service_plan:
     description:
       - The service plan, either "ESSENTIALS" or "ADVANCED".
       - MCP 2.0 Only.
     choices: [ESSENTIALS, ADVANCED]
     default: ESSENTIALS
+    type: str
   state:
     description:
       - Should the resource be present or absent.
     choices: [present, absent]
     default: present
+    type: str
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/dimensiondata/dimensiondata_vlan.py

@@ -38,27 +38,33 @@ options:
   name:
     description:
       - The name of the target VLAN.
-      - Required if C(state) is C(present).
+    type: str
+    required: true
   description:
     description:
       - A description of the VLAN.
+    type: str
   network_domain:
     description:
       - The Id or name of the target network domain.
     required: true
+    type: str
   private_ipv4_base_address:
     description:
         - The base address for the VLAN's IPv4 network (e.g. 192.168.1.0).
+    type: str
   private_ipv4_prefix_size:
     description:
         - The size of the IPv4 address space, e.g 24.
         - Required, if C(private_ipv4_base_address) is specified.
+    type: int
   state:
     description:
       - The desired state for the target VLAN.
       - C(readonly) ensures that the state is only ever read, not modified (the module will fail if the resource does not exist).
     choices: [present, absent, readonly]
     default: present
+    type: str
   allow_expand:
     description:
       - Permit expansion of the target VLAN's network if the module parameters specify a larger network than the VLAN currently possesses.

plugins/modules/cloud/docker/docker_container.py

@@ -212,6 +212,40 @@ options:
         - "Must be a positive integer."
         type: int
         required: yes
+  device_requests:
+    description:
+      - Allows to request additional resources, such as GPUs.
+    type: list
+    elements: dict
+    suboptions:
+      capabilities:
+        description:
+          - List of lists of strings to request capabilities.
+          - The top-level list entries are combined by OR, and for every list entry,
+            the entries in the list it contains are combined by AND.
+          - The driver tries to satisfy one of the sub-lists.
+          - Available capabilities for the C(nvidia) driver can be found at
+            U(https://github.com/NVIDIA/nvidia-container-runtime).
+        type: list
+        elements: list
+      count:
+        description:
+          - Number or devices to request.
+          - Set to C(-1) to request all available devices.
+        type: int
+      device_ids:
+        description:
+          - List of device IDs.
+        type: list
+        elements: str
+      driver:
+        description:
+          - Which driver to use for this device.
+        type: str
+      options:
+        description:
+          - Driver-specific options.
+        type: dict
   dns_opts:
     description:
       - List of DNS options.
@@ -1047,6 +1081,26 @@ EXAMPLES = '''
       # Limit read rate for /dev/sdb to 300 IO per second
       - path: /dev/sdb
         rate: 300
+
+- name: Start container with GPUs
+  community.general.docker_container:
+    name: test
+    image: ubuntu:18.04
+    state: started
+    device_requests:
+      - # Add some specific devices to this container
+        device_ids:
+          - '0'
+          - 'GPU-3a23c669-1f69-c64e-cf85-44e9b07e7a2a'
+      - # Add nVidia GPUs to this container
+        driver: nvidia
+        count: -1  # this means we want all
+        capabilities:
+          # We have one OR condition: 'gpu' AND 'utility'
+          - - gpu
+            - utility
+          # See https://github.com/NVIDIA/nvidia-container-runtime#supported-driver-capabilities
+          # for a list of capabilities supported by the nvidia driver
 '''
 
 RETURN = '''
@@ -1230,6 +1284,7 @@ class TaskParameters(DockerBaseClass):
         self.device_write_bps = None
         self.device_read_iops = None
         self.device_write_iops = None
+        self.device_requests = None
         self.dns_servers = None
         self.dns_opts = None
         self.dns_search_domains = None
@@ -1391,6 +1446,21 @@ class TaskParameters(DockerBaseClass):
             if client.module.params.get(param_name):
                 self._process_rate_iops(option=param_name)
 
+        if self.device_requests:
+            for dr_index, dr in enumerate(self.device_requests):
+                # Make sure that capabilities are lists of lists of strings
+                if dr['capabilities']:
+                    for or_index, or_list in enumerate(dr['capabilities']):
+                        for and_index, and_term in enumerate(or_list):
+                            if not isinstance(and_term, string_types):
+                                self.fail(
+                                    "device_requests[{0}].capabilities[{1}][{2}] is not a string".format(
+                                        dr_index, or_index, and_index))
+                            or_list[and_index] = to_native(and_term)
+                # Make sure that options is a dictionary mapping strings to strings
+                if dr['options']:
+                    dr['options'] = clean_dict_booleans_for_docker_api(dr['options'])
+
     def fail(self, msg):
         self.client.fail(msg)
 
@@ -1594,6 +1664,9 @@ class TaskParameters(DockerBaseClass):
         if 'mounts' in params:
             params['mounts'] = self.mounts_opt
 
+        if self.device_requests is not None:
+            params['device_requests'] = [dict((k, v) for k, v in dr.items() if v is not None) for dr in self.device_requests]
+
         return self.client.create_host_config(**params)
 
     @property
@@ -1990,6 +2063,7 @@ class Container(DockerBaseClass):
         self.parameters.expected_sysctls = None
         self.parameters.expected_etc_hosts = None
         self.parameters.expected_env = None
+        self.parameters.expected_device_requests = None
         self.parameters_map = dict()
         self.parameters_map['expected_links'] = 'links'
         self.parameters_map['expected_ports'] = 'expected_ports'
@@ -2005,6 +2079,7 @@ class Container(DockerBaseClass):
         self.parameters_map['expected_devices'] = 'devices'
         self.parameters_map['expected_healthcheck'] = 'healthcheck'
         self.parameters_map['expected_mounts'] = 'mounts'
+        self.parameters_map['expected_device_requests'] = 'device_requests'
 
     def fail(self, msg):
         self.parameters.client.fail(msg)
@@ -2078,6 +2153,7 @@ class Container(DockerBaseClass):
         self.parameters.expected_cmd = self._get_expected_cmd()
         self.parameters.expected_devices = self._get_expected_devices()
         self.parameters.expected_healthcheck = self._get_expected_healthcheck()
+        self.parameters.expected_device_requests = self._get_expected_device_requests()
 
         if not self.container.get('HostConfig'):
             self.fail("has_config_diff: Error parsing container properties. HostConfig missing.")
@@ -2155,6 +2231,7 @@ class Container(DockerBaseClass):
             device_write_bps=host_config.get('BlkioDeviceWriteBps'),
             device_read_iops=host_config.get('BlkioDeviceReadIOps'),
             device_write_iops=host_config.get('BlkioDeviceWriteIOps'),
+            expected_device_requests=host_config.get('DeviceRequests'),
             pids_limit=host_config.get('PidsLimit'),
             # According to https://github.com/moby/moby/, support for HostConfig.Mounts
             # has been included at least since v17.03.0-ce, which has API version 1.26.
@@ -2454,6 +2531,20 @@ class Container(DockerBaseClass):
         self.log(result, pretty_print=True)
         return result
 
+    def _get_expected_device_requests(self):
+        if self.parameters.device_requests is None:
+            return None
+        device_requests = []
+        for dr in self.parameters.device_requests:
+            device_requests.append({
+                'Driver': dr['driver'],
+                'Count': dr['count'],
+                'DeviceIDs': dr['device_ids'],
+                'Capabilities': dr['capabilities'],
+                'Options': dr['options'],
+            })
+        return device_requests
+
     def _get_image_binds(self, volumes):
         '''
         Convert array of binds to array of strings with format host_path:container_path:mode
@@ -3089,6 +3180,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
         explicit_types = dict(
             command='list',
             devices='set(dict)',
+            device_requests='set(dict)',
             dns_search_domains='list',
             dns_servers='list',
             env='set',
@@ -3222,6 +3314,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
             device_read_iops=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
             device_write_bps=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
             device_write_iops=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
+            device_requests=dict(docker_py_version='4.3.0', docker_api_version='1.40'),
             dns_opts=dict(docker_api_version='1.21', docker_py_version='1.10.0'),
             ipc_mode=dict(docker_api_version='1.25'),
             mac_address=dict(docker_api_version='1.25'),
@@ -3320,6 +3413,13 @@ def main():
             path=dict(required=True, type='str'),
             rate=dict(required=True, type='int'),
         )),
+        device_requests=dict(type='list', elements='dict', options=dict(
+            capabilities=dict(type='list', elements='list'),
+            count=dict(type='int'),
+            device_ids=dict(type='list', elements='str'),
+            driver=dict(type='str'),
+            options=dict(type='dict'),
+        )),
         dns_servers=dict(type='list', elements='str'),
         dns_opts=dict(type='list', elements='str'),
         dns_search_domains=dict(type='list', elements='str'),

plugins/modules/cloud/docker/docker_image.py

@@ -400,6 +400,12 @@ image:
     returned: success
     type: dict
     sample: {}
+stdout:
+    description: Docker build output when building an image.
+    returned: success
+    type: str
+    sample: ""
+    version_added: 1.3.0
 '''
 
 import errno
@@ -506,7 +512,8 @@ class ImageManager(DockerBaseClass):
                 self.results['actions'].append("Built image %s from %s" % (image_name, self.build_path))
                 self.results['changed'] = True
                 if not self.check_mode:
-                    self.results['image'] = self.build_image()
+                    self.results.update(self.build_image())
+
             elif self.source == 'load':
                 # Load the image from an archive
                 if not os.path.isfile(self.load_path):
@@ -691,8 +698,8 @@ class ImageManager(DockerBaseClass):
                 if image and image['Id'] == self.results['image']['Id']:
                     self.results['changed'] = False
 
-                if push:
-                    self.push_image(repo, repo_tag)
+        if push:
+            self.push_image(repo, repo_tag)
 
     def build_image(self):
         '''
@@ -713,7 +720,7 @@ class ImageManager(DockerBaseClass):
         )
         if self.client.docker_py_version < LooseVersion('3.0.0'):
             params['stream'] = True
-        build_output = []
+
         if self.tag:
             params['tag'] = "%s:%s" % (self.name, self.tag)
         if self.container_limits:
@@ -737,11 +744,14 @@ class ImageManager(DockerBaseClass):
         if self.target:
             params['target'] = self.target
 
+        build_output = []
         for line in self.client.build(**params):
             # line = json.loads(line)
             self.log(line, pretty_print=True)
-            if "stream" in line:
-                build_output.append(line["stream"])
+            if "stream" in line or "status" in line:
+                build_line = line.get("stream") or line.get("status") or ''
+                build_output.append(build_line)
+
             if line.get('error'):
                 if line.get('errorDetail'):
                     errorDetail = line.get('errorDetail')
@@ -754,7 +764,9 @@ class ImageManager(DockerBaseClass):
                 else:
                     self.fail("Error building %s - message: %s, logs: %s" % (
                         self.name, line.get('error'), build_output))
-        return self.client.find_image(name=self.name, tag=self.tag)
+
+        return {"stdout": "\n".join(build_output),
+                "image": self.client.find_image(name=self.name, tag=self.tag)}
 
     def load_image(self):
         '''
@@ -762,17 +774,45 @@ class ImageManager(DockerBaseClass):
 
         :return: image dict
         '''
+        # Load image(s) from file
+        load_output = []
         try:
             self.log("Opening image %s" % self.load_path)
             with open(self.load_path, 'rb') as image_tar:
                 self.log("Loading image from %s" % self.load_path)
-                self.client.load_image(image_tar)
+                for line in self.client.load_image(image_tar):
+                    self.log(line, pretty_print=True)
+                    if "stream" in line or "status" in line:
+                        load_line = line.get("stream") or line.get("status") or ''
+                        load_output.append(load_line)
         except EnvironmentError as exc:
             if exc.errno == errno.ENOENT:
-                self.fail("Error opening image %s - %s" % (self.load_path, str(exc)))
-            self.fail("Error loading image %s - %s" % (self.name, str(exc)))
+                self.client.fail("Error opening image %s - %s" % (self.load_path, str(exc)))
+            self.client.fail("Error loading image %s - %s" % (self.name, str(exc)), stdout='\n'.join(load_output))
         except Exception as exc:
-            self.fail("Error loading image %s - %s" % (self.name, str(exc)))
+            self.client.fail("Error loading image %s - %s" % (self.name, str(exc)), stdout='\n'.join(load_output))
+
+        # Collect loaded images
+        loaded_images = set()
+        for line in load_output:
+            if line.startswith('Loaded image:'):
+                loaded_images.add(line[len('Loaded image:'):].strip())
+
+        if not loaded_images:
+            self.client.fail("Detected no loaded images. Archive potentially corrupt?", stdout='\n'.join(load_output))
+
+        expected_image = '%s:%s' % (self.name, self.tag)
+        if expected_image not in loaded_images:
+            self.client.fail(
+                "The archive did not contain image '%s'. Instead, found %s." % (
+                    expected_image, ', '.join(["'%s'" % image for image in sorted(loaded_images)])),
+                stdout='\n'.join(load_output))
+        loaded_images.remove(expected_image)
+
+        if loaded_images:
+            self.client.module.warn(
+                "The archive contained more images than specified: %s" % (
+                    ', '.join(["'%s'" % image for image in sorted(loaded_images)]), ))
 
         return self.client.find_image(self.name, self.tag)
 

plugins/modules/cloud/docker/docker_login.py

@@ -257,14 +257,13 @@ class DockerFileStore(object):
         auth = to_text(b64auth)
 
         # build up the auth structure
-        new_auth = dict(
-            auths=dict()
-        )
-        new_auth['auths'][server] = dict(
+        if 'auths' not in self._config:
+            self._config['auths'] = dict()
+
+        self._config['auths'][server] = dict(
             auth=auth
         )
 
-        self._config.update(new_auth)
         self._write()
 
     def erase(self, server):
@@ -272,8 +271,9 @@ class DockerFileStore(object):
         Remove credentials for the given server from the configuration.
         '''
 
-        self._config['auths'].pop(server)
-        self._write()
+        if 'auths' in self._config and server in self._config['auths']:
+            self._config['auths'].pop(server)
+            self._write()
 
 
 class LoginManager(DockerBaseClass):

plugins/modules/cloud/docker/docker_secret.py

@@ -236,6 +236,9 @@ class SecretManager(DockerBaseClass):
             if attrs.get('Labels', {}).get('ansible_key'):
                 if attrs['Labels']['ansible_key'] != self.data_key:
                     data_changed = True
+            else:
+                if not self.force:
+                    self.client.module.warn("'ansible_key' label not found. Secret will not be changed unless the force parameter is set to 'yes'")
             labels_changed = not compare_generic(self.labels, attrs.get('Labels'), 'allow_more_present', 'dict')
             if data_changed or labels_changed or self.force:
                 # if something changed or force, delete and re-create the secret

plugins/modules/cloud/docker/docker_stack.py

@@ -36,7 +36,7 @@ options:
         referring to the path of the compose file on the target host
         or the YAML contents of a compose file nested as dictionary.
     type: list
-    # elements: raw
+    elements: raw
     default: []
   prune:
     description:

plugins/modules/cloud/docker/docker_volume.py

@@ -48,7 +48,6 @@ options:
       - Deprecated. Will be removed in community.general 2.0.0. Set I(recreate) to C(options-changed) instead
         for the same behavior of setting I(force) to C(yes).
     type: bool
-    default: no
 
   recreate:
     description:

plugins/modules/cloud/google/gc_storage.py

@@ -19,52 +19,66 @@ description:
 
 options:
   bucket:
+    type: str
     description:
       - Bucket name.
     required: true
   object:
+    type: path
     description:
       - Keyname of the object inside the bucket. Can be also be used to create "virtual directories" (see examples).
   src:
+    type: str
     description:
       - The source file path when performing a PUT operation.
   dest:
+    type: path
     description:
       - The destination file path when downloading an object/key with a GET operation.
-  force:
+  overwrite:
     description:
       - Forces an overwrite either locally on the filesystem or remotely with the object/key. Used with PUT and GET operations.
     type: bool
     default: 'yes'
-    aliases: [ 'overwrite' ]
+    aliases: [ 'force' ]
   permission:
+    type: str
     description:
       - This option let's the user set the canned permissions on the object/bucket that are created. The permissions that can be set are 'private',
         'public-read', 'authenticated-read'.
     default: private
+    choices: ['private', 'public-read', 'authenticated-read']
   headers:
+    type: dict
     description:
       - Headers to attach to object.
     default: {}
   expiration:
+    type: int
+    default: 600
     description:
       - Time limit (in seconds) for the URL generated and returned by GCA when performing a mode=put or mode=get_url operation. This url is only
         available when public-read is the acl for the object.
+    aliases: [expiry]
   mode:
+    type: str
     description:
       - Switches the module behaviour between upload, download, get_url (return download url) , get_str (download object as string), create (bucket) and
         delete (bucket).
     required: true
     choices: [ 'get', 'put', 'get_url', 'get_str', 'delete', 'create' ]
   gs_secret_key:
+    type: str
     description:
       - GS secret key. If not set then the value of the GS_SECRET_ACCESS_KEY environment variable is used.
     required: true
   gs_access_key:
+    type: str
     description:
       - GS access key. If not set then the value of the GS_ACCESS_KEY_ID environment variable is used.
     required: true
   region:
+    type: str
     description:
       - The gs region to use. If not defined then the value 'US' will be used. See U(https://cloud.google.com/storage/docs/bucket-locations)
     default: 'US'
@@ -72,6 +86,7 @@ options:
     description:
       - Whether versioning is enabled or disabled (note that once versioning is enabled, it can only be suspended)
     type: bool
+    default: false
 
 requirements:
     - "python >= 2.6"

plugins/modules/cloud/google/gcdns_record.py

@@ -28,16 +28,19 @@ deprecated:
     alternative: Use M(google.cloud.gcp_dns_resource_record_set) instead.
 options:
     state:
+        type: str
         description:
             - Whether the given resource record should or should not be present.
         choices: ["present", "absent"]
         default: "present"
     record:
+        type: str
         description:
             - The fully-qualified domain name of the resource record.
         required: true
         aliases: ['name']
     zone:
+        type: str
         description:
             - The DNS domain name of the zone (e.g., example.com).
             - One of either I(zone) or I(zone_id) must be specified as an
@@ -45,6 +48,7 @@ options:
             - If both I(zone) and I(zone_id) are specified, I(zone_id) will be
               used.
     zone_id:
+        type: str
         description:
             - The Google Cloud ID of the zone (e.g., example-com).
             - One of either I(zone) or I(zone_id) must be specified as an
@@ -56,11 +60,13 @@ options:
             - If both I(zone) and I(zone_id) are specified, I(zone_id) will be
               used.
     type:
+        type: str
         description:
             - The type of resource record to add.
         required: true
         choices: [ 'A', 'AAAA', 'CNAME', 'SRV', 'TXT', 'SOA', 'NS', 'MX', 'SPF', 'PTR' ]
     record_data:
+        type: list
         description:
             - The record_data to use for the resource record.
             - I(record_data) must be specified if I(state) is C(present) or
@@ -77,6 +83,7 @@ options:
         required: false
         aliases: ['value']
     ttl:
+        type: int
         description:
             - The amount of time in seconds that a resource record will remain
               cached by a caching resolver.
@@ -99,20 +106,24 @@ options:
         type: bool
         default: 'no'
     service_account_email:
+        type: str
         description:
             - The e-mail address for a service account with access to Google
               Cloud DNS.
     pem_file:
+        type: path
         description:
             - The path to the PEM file associated with the service account
               email.
             - This option is deprecated and may be removed in a future release.
               Use I(credentials_file) instead.
     credentials_file:
+        type: path
         description:
             - The path to the JSON file associated with the service account
               email.
     project_id:
+        type: str
         description:
             - The Google Cloud Platform project ID to use.
 notes:

plugins/modules/cloud/google/gcdns_zone.py

@@ -27,11 +27,13 @@ deprecated:
     alternative: Use M(google.cloud.gcp_dns_managed_zone) instead.
 options:
     state:
+        type: str
         description:
             - Whether the given zone should or should not be present.
         choices: ["present", "absent"]
         default: "present"
     zone:
+        type: str
         description:
             - The DNS domain name of the zone.
             - This is NOT the Google Cloud DNS zone ID (e.g., example-com). If
@@ -40,24 +42,29 @@ options:
         required: true
         aliases: ['name']
     description:
+        type: str
         description:
             - An arbitrary text string to use for the zone description.
         default: ""
     service_account_email:
+        type: str
         description:
             - The e-mail address for a service account with access to Google
               Cloud DNS.
     pem_file:
+        type: path
         description:
             - The path to the PEM file associated with the service account
               email.
             - This option is deprecated and may be removed in a future release.
               Use I(credentials_file) instead.
     credentials_file:
+        type: path
         description:
             - The path to the JSON file associated with the service account
               email.
     project_id:
+        type: str
         description:
             - The Google Cloud Platform project ID to use.
 notes:

plugins/modules/cloud/google/gce.py

@@ -21,68 +21,83 @@ deprecated:
     alternative: Use M(google.cloud.gcp_compute_instance) instead.
 options:
   image:
+    type: str
     description:
       - image string to use for the instance (default will follow latest
         stable debian image)
     default: "debian-8"
   image_family:
+    type: str
     description:
       - image family from which to select the image.  The most recent
         non-deprecated image in the family will be used.
   external_projects:
+    type: list
     description:
       - A list of other projects (accessible with the provisioning credentials)
         to be searched for the image.
   instance_names:
+    type: str
     description:
       - a comma-separated list of instance names to create or destroy
   machine_type:
+    type: str
     description:
       - machine type to use for the instance, use 'n1-standard-1' by default
     default: "n1-standard-1"
   metadata:
+    type: str
     description:
       - a hash/dictionary of custom data for the instance;
         '{"key":"value", ...}'
   service_account_email:
+    type: str
     description:
       - service account email
   service_account_permissions:
+    type: list
     description:
       - service account permissions (see
         U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
         --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
   pem_file:
+    type: path
     description:
       - path to the pem file associated with the service account email
         This option is deprecated. Use 'credentials_file'.
   credentials_file:
+    type: path
     description:
       - path to the JSON file associated with the service account email
   project_id:
+    type: str
     description:
       - your GCE project ID
   name:
+    type: str
     description:
       - either a name of a single instance or when used with 'num_instances',
         the base name of a cluster of nodes
     aliases: ['base_name']
   num_instances:
+    type: int
     description:
       - can be used with 'name', specifies
         the number of nodes to provision using 'name'
         as a base name
   network:
+    type: str
     description:
       - name of the network, 'default' will be used if not specified
     default: "default"
   subnetwork:
+    type: str
     description:
       - name of the subnetwork in which the instance should be created
   persistent_boot_disk:
@@ -91,23 +106,26 @@ options:
     type: bool
     default: 'no'
   disks:
+    type: list
     description:
       - a list of persistent disks to attach to the instance; a string value
         gives the name of the disk; alternatively, a dictionary value can
         define 'name' and 'mode' ('READ_ONLY' or 'READ_WRITE'). The first entry
         will be the boot disk (which must be READ_WRITE).
   state:
+    type: str
     description:
       - desired state of the resource
     default: "present"
     choices: ["active", "present", "absent", "deleted", "started", "stopped", "terminated"]
   tags:
+    type: list
     description:
       - a comma-separated list of tags to associate with the instance
   zone:
+    type: str
     description:
       - the GCE zone to use. The list of available zones is at U(https://cloud.google.com/compute/docs/regions-zones/regions-zones#available).
-    required: true
     default: "us-central1-a"
   ip_forward:
     description:
@@ -116,6 +134,7 @@ options:
     type: bool
     default: 'no'
   external_ip:
+    type: str
     description:
       - type of external ip, ephemeral by default; alternatively, a fixed gce ip or ip name can be given. Specify 'none' if no external ip is desired.
     default: "ephemeral"
@@ -129,8 +148,8 @@ options:
       - if set to C(yes), instances will be preemptible and time-limited.
         (requires libcloud >= 0.20.0)
     type: bool
-    default: 'no'
   disk_size:
+    type: int
     description:
       - The size of the boot disk created for this instance (in GB)
     default: 10

plugins/modules/cloud/google/gce_eip.py

@@ -21,18 +21,42 @@ author:
   - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
   name:
+    type: str
     description:
        - Name of Address.
     required: true
   region:
+    type: str
     description:
        - Region to create the address in. Set to 'global' to create a global address.
     required: true
   state:
+    type: str
     description: The state the address should be in. C(present) or C(absent) are the only valid options.
     default: present
     required: false
     choices: [present, absent]
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: path
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: path
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gce_img.py

@@ -18,38 +18,48 @@ description:
       disks in any zone. U(https://cloud.google.com/compute/docs/images)
 options:
   name:
+    type: str
     description:
       - the name of the image to create or delete
     required: true
   description:
+    type: str
     description:
       - an optional description
   family:
+    type: str
     description:
       - an optional family name
   source:
+    type: str
     description:
       - the source disk or the Google Cloud Storage URI to create the image from
   state:
+    type: str
     description:
       - desired state of the image
     default: "present"
     choices: ["present", "absent"]
   zone:
+    type: str
     description:
       - the zone of the disk specified by source
     default: "us-central1-a"
   timeout:
+    type: int
     description:
       - timeout for the operation
     default: 180
   service_account_email:
+    type: str
     description:
       - service account email
   pem_file:
+    type: path
     description:
       - path to the pem file associated with the service account email
   project_id:
+    type: str
     description:
       - your GCE project ID
 requirements:

plugins/modules/cloud/google/gce_instance_template.py

@@ -17,35 +17,46 @@ description:
        of Compute Engine of Google Cloud Platform.
 options:
   state:
+    type: str
     description:
       - The desired state for the instance template.
     default: "present"
     choices: ["present", "absent"]
   name:
+    type: str
     description:
       - The name of the GCE instance template.
     required: True
+    aliases: [base_name]
   size:
+    type: str
     description:
       - The desired machine type for the instance template.
     default: "f1-micro"
   source:
+    type: str
     description:
       - A source disk to attach to the instance.
         Cannot specify both I(image) and I(source).
   image:
+    type: str
     description:
       - The image to use to create the instance.
         Cannot specify both both I(image) and I(source).
   image_family:
+    type: str
     description:
       - The image family to use to create the instance.
         If I(image) has been used I(image_family) is ignored.
         Cannot specify both I(image) and I(source).
+    default: debian-8
   disk_type:
+    type: str
     description:
-      - Specify a C(pd-standard) disk or C(pd-ssd)
-        for an SSD disk.
+      - Specify a C(pd-standard) disk or C(pd-ssd) for an SSD disk.
+    choices:
+      - pd-standard
+      - pd-ssd
     default: pd-standard
   disk_auto_delete:
     description:
@@ -54,10 +65,12 @@ options:
     default: true
     type: bool
   network:
+    type: str
     description:
       - The network to associate with the instance.
     default: "default"
   subnetwork:
+    type: str
     description:
       - The Subnetwork resource name for this instance.
   can_ip_forward:
@@ -67,6 +80,7 @@ options:
     type: bool
     default: 'no'
   external_ip:
+    type: str
     description:
       - The external IP address to use.
         If C(ephemeral), a new non-static address will be
@@ -75,19 +89,21 @@ options:
         specify address name.
     default: "ephemeral"
   service_account_email:
+    type: str
     description:
       - service account email
   service_account_permissions:
+    type: list
     description:
       - service account permissions (see
         U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
         --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
   automatic_restart:
     description:
       - Defines whether the instance should be
@@ -99,6 +115,7 @@ options:
       - Defines whether the instance is preemptible.
     type: bool
   tags:
+    type: list
     description:
       - a comma-separated list of tags to associate with the instance
   metadata:
@@ -106,34 +123,42 @@ options:
       - a hash/dictionary of custom data for the instance;
         '{"key":"value", ...}'
   description:
+    type: str
     description:
       - description of instance template
   disks:
+    type: list
     description:
       - a list of persistent disks to attach to the instance; a string value
         gives the name of the disk; alternatively, a dictionary value can
         define 'name' and 'mode' ('READ_ONLY' or 'READ_WRITE'). The first entry
         will be the boot disk (which must be READ_WRITE).
   nic_gce_struct:
+    type: list
     description:
       - Support passing in the GCE-specific
         formatted networkInterfaces[] structure.
   disks_gce_struct:
+    type: list
     description:
       - Support passing in the GCE-specific
         formatted formatted disks[] structure. Case sensitive.
         see U(https://cloud.google.com/compute/docs/reference/latest/instanceTemplates#resource) for detailed information
   project_id:
+    type: str
     description:
       - your GCE project ID
   pem_file:
+    type: path
     description:
       - path to the pem file associated with the service account email
         This option is deprecated. Use 'credentials_file'.
   credentials_file:
+    type: path
     description:
       - path to the JSON file associated with the service account email
   subnetwork_region:
+    type: str
     description:
       - Region that subnetwork resides in. (Required for subnetwork to successfully complete)
 requirements:

plugins/modules/cloud/google/gce_labels.py

@@ -33,25 +33,57 @@ author:
   - 'Eric Johnson (@erjohnso) <erjohnso@google.com>'
 options:
   labels:
+    type: dict
     description:
        - A list of labels (key/value pairs) to add or remove for the resource.
     required: false
   resource_url:
+    type: str
     description:
        - The 'self_link' for the resource (instance, disk, snapshot, etc)
     required: false
   resource_type:
+    type: str
     description:
        - The type of resource (instances, disks, snapshots, images)
     required: false
   resource_location:
+    type: str
     description:
        - The location of resource (global, us-central1-f, etc.)
     required: false
   resource_name:
+    type: str
     description:
        - The name of resource.
     required: false
+  state:
+    type: str
+    description: The state the labels should be in. C(present) or C(absent) are the only valid options.
+    default: present
+    required: false
+    choices: [present, absent]
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: str
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: str
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account email
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gce_lb.py

@@ -23,72 +23,90 @@ description:
       be found in the comments of ansible/test/gce_tests.py.
 options:
   httphealthcheck_name:
+    type: str
     description:
       - the name identifier for the HTTP health check
   httphealthcheck_port:
+    type: int
     description:
       - the TCP port to use for HTTP health checking
     default: 80
   httphealthcheck_path:
+    type: str
     description:
       - the url path to use for HTTP health checking
     default: "/"
   httphealthcheck_interval:
+    type: int
     description:
       - the duration in seconds between each health check request
     default: 5
   httphealthcheck_timeout:
+    type: int
     description:
       - the timeout in seconds before a request is considered a failed check
     default: 5
   httphealthcheck_unhealthy_count:
+    type: int
     description:
       - number of consecutive failed checks before marking a node unhealthy
     default: 2
   httphealthcheck_healthy_count:
+    type: int
     description:
       - number of consecutive successful checks before marking a node healthy
     default: 2
   httphealthcheck_host:
+    type: str
     description:
       - host header to pass through on HTTP check requests
   name:
+    type: str
     description:
       - name of the load-balancer resource
   protocol:
+    type: str
     description:
       - the protocol used for the load-balancer packet forwarding, tcp or udp
+      - "the available choices are: C(tcp) or C(udp)."
     default: "tcp"
-    choices: ['tcp', 'udp']
   region:
+    type: str
     description:
       - the GCE region where the load-balancer is defined
   external_ip:
+    type: str
     description:
       - the external static IPv4 (or auto-assigned) address for the LB
   port_range:
+    type: str
     description:
       - the port (range) to forward, e.g. 80 or 8000-8888 defaults to all ports
   members:
+    type: list
     description:
       - a list of zone/nodename pairs, e.g ['us-central1-a/www-a', ...]
-    aliases: ['nodes']
   state:
+    type: str
     description:
       - desired state of the LB
+      - "the available choices are: C(active), C(present), C(absent), C(deleted)."
     default: "present"
-    choices: ["active", "present", "absent", "deleted"]
   service_account_email:
+    type: str
     description:
       - service account email
   pem_file:
+    type: path
     description:
       - path to the pem file associated with the service account email
         This option is deprecated. Use 'credentials_file'.
   credentials_file:
+    type: path
     description:
       - path to the JSON file associated with the service account email
   project_id:
+    type: str
     description:
       - your GCE project ID
 

plugins/modules/cloud/google/gce_mig.py

@@ -26,46 +26,70 @@ author:
   - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
   name:
+    type: str
     description:
        - Name of the Managed Instance Group.
     required: true
   template:
+    type: str
     description:
        - Instance Template to be used in creating the VMs.  See
          U(https://cloud.google.com/compute/docs/instance-templates) to learn more
          about Instance Templates.  Required for creating MIGs.
   size:
+    type: int
     description:
        - Size of Managed Instance Group.  If MIG already exists, it will be
          resized to the number provided here.  Required for creating MIGs.
   service_account_email:
+    type: str
     description:
       - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  pem_file:
+    type: path
+    description:
+      - path to the pem file associated with the service account email
+        This option is deprecated. Use 'credentials_file'.
   credentials_file:
+    type: path
     description:
       - Path to the JSON file associated with the service account email
   project_id:
+    type: str
     description:
       - GCE project ID
   state:
+    type: str
     description:
       - desired state of the resource
     default: "present"
     choices: ["absent", "present"]
   zone:
+    type: str
     description:
       - The GCE zone to use for this Managed Instance Group.
     required: true
   autoscaling:
+    type: dict
     description:
       - A dictionary of configuration for the autoscaler. 'enabled (bool)', 'name (str)'
         and policy.max_instances (int) are required fields if autoscaling is used. See
         U(https://cloud.google.com/compute/docs/reference/beta/autoscalers) for more information
         on Autoscaling.
   named_ports:
+    type: list
     description:
       - Define named ports that backend services can forward data to.  Format is a a list of
         name:port dictionaries.
+  recreate_instances:
+    type: bool
+    default: no
+    description:
+      - Recreate MIG instances.
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gce_net.py

@@ -21,54 +21,64 @@ description:
       be found in the comments of ansible/test/gce_tests.py.
 options:
   allowed:
+    type: str
     description:
       - the protocol:ports to allow (I(tcp:80) or I(tcp:80,443) or I(tcp:80-800;udp:1-25))
         this parameter is mandatory when creating or updating a firewall rule
   ipv4_range:
+    type: str
     description:
       - the IPv4 address range in CIDR notation for the network
         this parameter is not mandatory when you specified existing network in name parameter,
         but when you create new network, this parameter is mandatory
-    aliases: ['cidr']
   fwname:
+    type: str
     description:
       - name of the firewall rule
-    aliases: ['fwrule']
   name:
+    type: str
     description:
       - name of the network
   src_range:
+    type: list
     description:
       - the source IPv4 address range in CIDR notation
     default: []
-    aliases: ['src_cidr']
   src_tags:
+    type: list
     description:
       - the source instance tags for creating a firewall rule
     default: []
   target_tags:
+    type: list
     description:
       - the target instance tags for creating a firewall rule
     default: []
   state:
+    type: str
     description:
       - desired state of the network or firewall
+      - "Available choices are: C(active), C(present), C(absent), C(deleted)."
     default: "present"
-    choices: ["active", "present", "absent", "deleted"]
   service_account_email:
+    type: str
     description:
       - service account email
   pem_file:
+    type: path
     description:
       - path to the pem file associated with the service account email
         This option is deprecated. Use C(credentials_file).
   credentials_file:
+    type: path
     description:
       - path to the JSON file associated with the service account email
   project_id:
+    type: str
     description:
       - your GCE project ID
   mode:
+    type: str
     description:
       - network mode for Google Cloud
         C(legacy) indicates a network with an IP address range;
@@ -78,12 +88,15 @@ options:
     default: "legacy"
     choices: ["legacy", "auto", "custom"]
   subnet_name:
+    type: str
     description:
       - name of subnet to create
   subnet_region:
+    type: str
     description:
       - region of subnet to create
   subnet_desc:
+    type: str
     description:
       - description of subnet to create
 

plugins/modules/cloud/google/gce_pd.py

@@ -21,61 +21,82 @@ options:
     description:
       - do not destroy the disk, merely detach it from an instance
     type: bool
-    default: 'no'
   instance_name:
+    type: str
     description:
       - instance name if you wish to attach or detach the disk
   mode:
+    type: str
     description:
       - GCE mount mode of disk, READ_ONLY (default) or READ_WRITE
     default: "READ_ONLY"
     choices: ["READ_WRITE", "READ_ONLY"]
   name:
+    type: str
     description:
       - name of the disk
     required: true
   size_gb:
+    type: str
     description:
       - whole integer size of disk (in GB) to create, default is 10 GB
-    default: 10
+    default: "10"
   image:
+    type: str
     description:
       - the source image to use for the disk
   snapshot:
+    type: str
     description:
       - the source snapshot to use for the disk
   state:
+    type: str
     description:
       - desired state of the persistent disk
+      - "Available choices are: C(active), C(present), C(absent), C(deleted)."
     default: "present"
-    choices: ["active", "present", "absent", "deleted"]
   zone:
+    type: str
     description:
       - zone in which to create the disk
     default: "us-central1-b"
   service_account_email:
+    type: str
     description:
       - service account email
   pem_file:
+    type: path
     description:
       - path to the pem file associated with the service account email
         This option is deprecated. Use 'credentials_file'.
   credentials_file:
+    type: path
     description:
       - path to the JSON file associated with the service account email
   project_id:
+    type: str
     description:
       - your GCE project ID
   disk_type:
+    type: str
     description:
-      - type of disk provisioned
+      - Specify a C(pd-standard) disk or C(pd-ssd) for an SSD disk.
     default: "pd-standard"
-    choices: ["pd-standard", "pd-ssd"]
   delete_on_termination:
     description:
       - If C(yes), deletes the volume when instance is terminated
     type: bool
-    default: 'no'
+  image_family:
+    type: str
+    description:
+      - The image family to use to create the instance.
+        If I(image) has been used I(image_family) is ignored.
+        Cannot specify both I(image) and I(source).
+  external_projects:
+    type: list
+    description:
+      - A list of other projects (accessible with the provisioning credentials)
+        to be searched for the image.
 
 requirements:
     - "python >= 2.6"

plugins/modules/cloud/google/gce_snapshot.py

@@ -18,36 +18,40 @@ description:
     volumes, each snapshot will be prepended with the disk name
 options:
   instance_name:
+    type: str
     description:
       - The GCE instance to snapshot
     required: True
   snapshot_name:
+    type: str
     description:
       - The name of the snapshot to manage
+    required: True
   disks:
+    type: list
     description:
       - A list of disks to create snapshots for. If none is provided,
-        all of the volumes will be snapshotted
-    default: all
+        all of the volumes will have snapshots created.
     required: False
   state:
+    type: str
     description:
       - Whether a snapshot should be C(present) or C(absent)
     required: false
     default: present
     choices: [present, absent]
   service_account_email:
+    type: str
     description:
       - GCP service account email for the project where the instance resides
-    required: true
   credentials_file:
+    type: path
     description:
       - The path to the credentials file associated with the service account
-    required: true
   project_id:
+    type: str
     description:
       - The GCP project ID to use
-    required: true
 requirements:
     - "python >= 2.6"
     - "apache-libcloud >= 0.19.0"

plugins/modules/cloud/google/gce_tag.py

@@ -16,34 +16,42 @@ description:
       to/from GCE instances.  Use 'instance_pattern' to update multiple instances in a specify zone.
 options:
   instance_name:
+    type: str
     description:
       - The name of the GCE instance to add/remove tags.
       - Required if C(instance_pattern) is not specified.
   instance_pattern:
+    type: str
     description:
       - The pattern of GCE instance names to match for adding/removing tags.  Full-Python regex is supported.
         See U(https://docs.python.org/2/library/re.html) for details.
       - If C(instance_name) is not specified, this field is required.
   tags:
+    type: list
     description:
       - Comma-separated list of tags to add or remove.
     required: yes
   state:
+    type: str
     description:
       - Desired state of the tags.
     choices: [ absent, present ]
     default: present
   zone:
+    type: str
     description:
       - The zone of the disk specified by source.
     default: us-central1-a
   service_account_email:
+    type: str
     description:
       - Service account email.
   pem_file:
+    type: path
     description:
       - Path to the PEM file associated with the service account email.
   project_id:
+    type: str
     description:
       - Your GCE project ID.
 requirements:

plugins/modules/cloud/google/gcp_backend_service.py

@@ -29,10 +29,12 @@ author:
   - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
   backend_service_name:
+    type: str
     description:
        - Name of the Backend Service.
     required: true
   backends:
+    type: list
     description:
        - List of backends that make up the backend service. A backend is made up of
          an instance group and optionally several other parameters.  See
@@ -40,6 +42,7 @@ options:
          for details.
     required: true
   healthchecks:
+    type: list
     description:
        - List of healthchecks. Only one healthcheck is supported.
     required: true
@@ -48,29 +51,46 @@ options:
        - If true, enable Cloud CDN for this Backend Service.
     type: bool
   port_name:
+    type: str
     description:
       - Name of the port on the managed instance group (MIG) that backend
         services can forward data to. Required for external load balancing.
   protocol:
+    type: str
     description:
        - The protocol this Backend Service uses to communicate with backends.
-         Possible values are HTTP, HTTPS, TCP, and SSL. The default is HTTP.
+         Possible values are HTTP, HTTPS, TCP, and SSL. The default is TCP.
+    choices: [HTTP, HTTPS, TCP, SSL]
+    default: TCP
     required: false
   timeout:
+    type: int
     description:
        - How many seconds to wait for the backend before considering it a failed
          request. Default is 30 seconds. Valid range is 1-86400.
     required: false
   service_account_email:
+    type: str
     description:
       - Service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
   credentials_file:
+    type: str
     description:
       - Path to the JSON file associated with the service account email.
+  pem_file:
+    type: str
+    description:
+      - Path to the PEM file associated with the service account email.
   project_id:
+    type: str
     description:
       - GCE project ID.
   state:
+    type: str
     description:
       - Desired state of the resource
     default: "present"

plugins/modules/cloud/google/gcp_forwarding_rule.py

@@ -33,6 +33,7 @@ author:
   - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
   address:
+    type: str
     description:
        - IPv4 or named IP address. Must be of the same scope (regional, global).
          Reserved addresses can (and probably should) be used for global
@@ -40,32 +41,67 @@ options:
          via the gce_eip module.
     required: false
   forwarding_rule_name:
+    type: str
     description:
        - Name of the Forwarding_Rule.
     required: true
   port_range:
+    type: str
     description:
        - For global forwarding rules, must be set to 80 or 8080 for TargetHttpProxy, and
          443 for TargetHttpsProxy or TargetSslProxy.
     required: false
   protocol:
+    type: str
     description:
        - For global forwarding rules, TCP, UDP, ESP, AH, SCTP or ICMP. Default is TCP.
     required: false
+    choices: [TCP]
+    default: TCP
   region:
+    type: str
     description:
        - The region for this forwarding rule. Currently, only 'global' is supported.
-    required: false
+    required: true
   state:
+    type: str
     description:
        - The state of the Forwarding Rule. 'present' or 'absent'
     required: true
     choices: ["present", "absent"]
   target:
+    type: str
     description:
        - Target resource for forwarding rule. For global proxy, this is a Global
          TargetProxy resource. Required for external load balancing (including Global load balancing)
     required: false
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: str
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: str
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  load_balancing_scheme:
+    type: str
+    choices: [EXTERNAL]
+    default: EXTERNAL
+    description:
+      - Load balancing scheme. At the moment the only choice is EXTERNAL.
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gcp_healthcheck.py

@@ -41,72 +41,85 @@ author:
   - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
   check_interval:
+    type: int
     description:
        - How often (in seconds) to send a health check.
     default: 5
   healthcheck_name:
+    type: str
     description:
        - Name of the Healthcheck.
     required: true
   healthcheck_type:
+    type: str
     description:
        - Type of Healthcheck.
     required: true
     choices: ["HTTP", "HTTPS"]
   host_header:
+    type: str
     description:
        - The value of the host header in the health check request. If left
          empty, the public IP on behalf of which this health
          check is performed will be used.
-    required: true
     default: ""
   port:
+    type: int
     description:
        - The TCP port number for the health check request. The default value is
          443 for HTTPS and 80 for HTTP.
   request_path:
+    type: str
     description:
        - The request path of the HTTPS health check request.
     required: false
     default: "/"
   state:
+    type: str
     description: State of the Healthcheck.
-    required: true
     choices: ["present", "absent"]
+    default: present
   timeout:
+    type: int
     description:
        - How long (in seconds) to wait for a response before claiming
          failure. It is invalid for timeout
          to have a greater value than check_interval.
     default: 5
   unhealthy_threshold:
+    type: int
     description:
        - A so-far healthy instance will be marked unhealthy after this
          many consecutive failures.
     default: 2
   healthy_threshold:
+    type: int
     description:
        - A so-far unhealthy instance will be marked healthy after this
          many consecutive successes.
     default: 2
   service_account_email:
+    type: str
     description:
       - service account email
   service_account_permissions:
+    type: list
     description:
       - service account permissions (see
         U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
         --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
   credentials_file:
+    type: str
     description:
       - Path to the JSON file associated with the service account email
   project_id:
+    type: str
     description:
       - Your GCP project ID
 '''

plugins/modules/cloud/google/gcp_target_proxy.py

@@ -30,17 +30,47 @@ author:
   - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
   target_proxy_name:
+    type: str
     description:
        - Name of the Target_Proxy.
     required: true
   target_proxy_type:
+    type: str
     description:
        - Type of Target_Proxy. HTTP, HTTPS or SSL. Only HTTP is currently supported.
     required: true
+    choices: [HTTP]
   url_map_name:
+    type: str
     description:
        - Name of the Url Map.  Required if type is HTTP or HTTPS proxy.
     required: false
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  pem_file:
+    type: str
+    description:
+      - path to the pem file associated with the service account email
+        This option is deprecated. Use 'credentials_file'.
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  state:
+    type: str
+    description: The state the target proxy should be in. C(present) or C(absent) are the only valid options.
+    required: true
+    choices: [present, absent]
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gcp_url_map.py

@@ -31,14 +31,17 @@ deprecated:
     alternative: Use M(google.cloud.gcp_compute_url_map) instead.
 options:
   url_map_name:
+    type: str
     description:
        - Name of the Url_Map.
     required: true
   default_service:
+    type: str
     description:
        - Default Backend Service if no host rules match.
     required: true
   host_rules:
+    type: list
     description:
        - The list of HostRules to use against the URL. Contains
          a list of hosts and an associated path_matcher.
@@ -51,6 +54,7 @@ options:
          host portion.
     required: false
   path_matchers:
+    type: list
     description:
        - The list of named PathMatchers to use against the URL. Contains
          path_rules, which is a list of paths and an associated service. A
@@ -66,6 +70,33 @@ options:
          a /. The string fed to the path matcher does not include any text after
          the first ? or #, and those chars are not allowed here.
     required: false
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: str
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: str
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  state:
+    type: str
+    description: The state the URL map should be in. C(present) or C(absent) are the only valid options.
+    default: present
+    required: false
+    choices: [present, absent]
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gcpubsub.py

@@ -23,33 +23,42 @@ author:
   - Tom Melendez (@supertom) <tom@supertom.com>
 options:
   topic:
+    type: str
     description:
        - GCP pubsub topic name.
        - Only the name, not the full path, is required.
     required: yes
   subscription:
+    type: dict
     description:
        - Dictionary containing a subscription name associated with a topic (required), along with optional ack_deadline, push_endpoint and pull.
          For pulling from a subscription, message_ack (bool), max_messages (int) and return_immediate are available as subfields.
          See subfields name, push_endpoint and ack_deadline for more information.
-  name:
-    description: Subfield of subscription. Required if subscription is specified. See examples.
-  ack_deadline:
-    description: Subfield of subscription. Not required. Default deadline for subscriptions to ACK the message before it is resent. See examples.
-  pull:
-    description:
-        - Subfield of subscription. Not required. If specified, messages will be retrieved from topic via the provided subscription name.
-          max_messages (int; default None; max number of messages to pull), message_ack (bool; default False; acknowledge the message) and return_immediately
-          (bool; default True, don't wait for messages to appear). If the messages are acknowledged, changed is set to True, otherwise, changed is False.
-  push_endpoint:
-    description:
-        - Subfield of subscription.  Not required.  If specified, message will be sent to an endpoint.
-          See U(https://cloud.google.com/pubsub/docs/advanced#push_endpoints) for more information.
+    suboptions:
+      name:
+        description:
+          - Subfield of subscription. Required if subscription is specified. See examples.
+      ack_deadline:
+        description:
+          - Subfield of subscription. Not required. Default deadline for subscriptions to ACK the message before it is resent. See examples.
+      pull:
+        description:
+          - Subfield of subscription. Not required. If specified, messages will be retrieved from topic via the
+            provided subscription name. max_messages (int; default None; max number of messages to pull),
+            message_ack (bool; default False; acknowledge the message) and return_immediately
+            (bool; default True, don't wait for messages to appear). If the messages are acknowledged,
+            changed is set to True, otherwise, changed is False.
+      push_endpoint:
+        description:
+          - Subfield of subscription.  Not required.  If specified, message will be sent to an endpoint.
+            See U(https://cloud.google.com/pubsub/docs/advanced#push_endpoints) for more information.
   publish:
+    type: list
     description:
         - List of dictionaries describing messages and attributes to be published.  Dictionary is in message(str):attributes(dict) format.
           Only message is required.
   state:
+    type: str
     description:
         - State of the topic or queue.
         - Applies to the most granular resource.
@@ -58,6 +67,18 @@ options:
         - NOTE - A topic can be removed without first removing the subscription.
     choices: [ absent, present ]
     default: present
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gcpubsub_info.py

@@ -25,17 +25,35 @@ author:
   - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
   topic:
+    type: str
     description:
        - GCP pubsub topic name.  Only the name, not the full path, is required.
     required: False
   view:
+    type: str
     description:
        - Choices are 'topics' or 'subscriptions'
-    required: True
+    choices: [topics, subscriptions]
+    default: topics
   state:
+    type: str
     description:
        - list is the only valid option.
     required: False
+    choices: [list]
+    default: list
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/google/gcspanner.py

@@ -28,15 +28,18 @@ author:
   - Tom Melendez (@supertom) <tom@supertom.com>
 options:
   configuration:
+    type: str
     description:
        - Configuration the instance should use.
        - Examples are us-central1, asia-east1 and europe-west1.
     required: yes
   instance_id:
+    type: str
     description:
        - GCP spanner instance name.
     required: yes
   database_name:
+    type: str
     description:
        - Name of database contained on the instance.
   force_instance_delete:
@@ -45,20 +48,35 @@ options:
     type: bool
     default: 'no'
   instance_display_name:
+    type: str
     description:
        - Name of Instance to display.
        - If not specified, instance_id will be used instead.
   node_count:
+    type: int
     description:
        - Number of nodes in the instance.
     default: 1
   state:
+    type: str
     description:
     - State of the instance or database. Applies to the most granular resource.
     - If a C(database_name) is specified we remove it.
     - If only C(instance_id) is specified, that is what is removed.
     choices: [ absent, present ]
     default: present
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
 '''
 
 EXAMPLES = '''

plugins/modules/cloud/heroku/heroku_collaborator.py

@@ -21,9 +21,11 @@ requirements:
   - heroku3
 options:
   api_key:
+    type: str
     description:
       - Heroku API key
   apps:
+    type: list
     description:
       - List of Heroku App names
     required: true
@@ -33,10 +35,12 @@ options:
     type: bool
     default: "no"
   user:
+    type: str
     description:
       - User ID or e-mail
     required: true
   state:
+    type: str
     description:
       - Create or remove the heroku collaborator
     choices: ["present", "absent"]

plugins/modules/cloud/huawei/hwc_ecs_instance.py

@@ -77,6 +77,7 @@ options:
               network of the NIC must belong to the VPC specified by vpc_id. A
               maximum of 12 NICs can be attached to an ECS.
         type: list
+        elements: dict
         required: true
         suboptions:
             ip_address:
@@ -150,6 +151,7 @@ options:
         description:
             - Specifies the data disks of ECS instance.
         type: list
+        elements: dict
         required: false
         suboptions:
             volume_id:
@@ -193,6 +195,7 @@ options:
               parameter is left blank, the default security group is bound to
               the ECS by default.
         type: list
+        elements: str
         required: false
     server_metadata:
         description:

plugins/modules/cloud/huawei/hwc_vpc_port.py

@@ -54,6 +54,7 @@ options:
             - Specifies a set of zero or more allowed address pairs.
         required: false
         type: list
+        elements: dict
         suboptions:
             ip_address:
                 description:
@@ -72,6 +73,7 @@ options:
         description:
             - Specifies the extended option of DHCP.
         type: list
+        elements: dict
         required: false
         suboptions:
             name:
@@ -99,6 +101,7 @@ options:
         description:
             - Specifies the ID of the security group.
         type: list
+        elements: str
         required: false
 extends_documentation_fragment:
 - community.general.hwc

plugins/modules/cloud/huawei/hwc_vpc_subnet.py

@@ -90,6 +90,7 @@ options:
             - Specifies the DNS server addresses for subnet. The address
               in the head will be used first.
         type: list
+        elements: str
         required: false
 extends_documentation_fragment:
 - community.general.hwc

plugins/modules/cloud/linode/linode.py

@@ -18,17 +18,21 @@ options:
      - Indicate desired state of the resource
     choices: [ absent, active, deleted, present, restarted, started, stopped ]
     default: present
+    type: str
   api_key:
     description:
      - Linode API key
+    type: str
   name:
     description:
      - Name to give the instance (alphanumeric, dashes, underscore).
      - To keep sanity on the Linode Web Console, name is prepended with C(LinodeID-).
     required: true
+    type: str
   displaygroup:
     description:
      - Add the instance to a Display Group in Linode Manager.
+    type: str
   linode_id:
     description:
      - Unique ID of a linode server. This value is read-only in the sense that
@@ -36,10 +40,12 @@ options:
        Linode API generates these IDs and we can those generated value here to
        reference a Linode more specifically. This is useful for idempotence.
     aliases: [ lid ]
+    type: int
   additional_disks:
     description:
       - List of dictionaries for creating additional disks that are added to the Linode configuration settings.
       - Dictionary takes Size, Label, Type. Size is in MB.
+    type: list
   alert_bwin_enabled:
     description:
     - Set status of bandwidth in alerts.
@@ -47,6 +53,7 @@ options:
   alert_bwin_threshold:
     description:
     - Set threshold in MB of bandwidth in alerts.
+    type: int
   alert_bwout_enabled:
     description:
     - Set status of bandwidth out alerts.
@@ -54,6 +61,7 @@ options:
   alert_bwout_threshold:
     description:
     - Set threshold in MB of bandwidth out alerts.
+    type: int
   alert_bwquota_enabled:
     description:
     - Set status of bandwidth quota alerts as percentage of network transfer quota.
@@ -61,6 +69,7 @@ options:
   alert_bwquota_threshold:
     description:
     - Set threshold in MB of bandwidth quota alerts.
+    type: int
   alert_cpu_enabled:
     description:
     - Set status of receiving CPU usage alerts.
@@ -68,6 +77,7 @@ options:
   alert_cpu_threshold:
     description:
     - Set percentage threshold for receiving CPU usage alerts. Each CPU core adds 100% to total.
+    type: int
   alert_diskio_enabled:
     description:
     - Set status of receiving disk IO alerts.
@@ -75,50 +85,61 @@ options:
   alert_diskio_threshold:
     description:
     - Set threshold for average IO ops/sec over 2 hour period.
+    type: int
   backupweeklyday:
     description:
     - Integer value for what day of the week to store weekly backups.
+    type: int
   plan:
     description:
      - plan to use for the instance (Linode plan)
+    type: int
   payment_term:
     description:
      - payment term to use for the instance (payment term in months)
     default: 1
     choices: [ 1, 12, 24 ]
+    type: int
   password:
     description:
      - root password to apply to a new server (auto generated if missing)
+    type: str
   private_ip:
     description:
     - Add private IPv4 address when Linode is created.
+    - Default is C(false).
     type: bool
-    default: "no"
   ssh_pub_key:
     description:
      - SSH public key applied to root user
+    type: str
   swap:
     description:
      - swap size in MB
     default: 512
+    type: int
   distribution:
     description:
      - distribution to use for the instance (Linode Distribution)
+    type: int
   datacenter:
     description:
      - datacenter to create an instance in (Linode Datacenter)
+    type: int
   kernel_id:
     description:
      - kernel to use for the instance (Linode Kernel)
+    type: int
   wait:
     description:
      - wait for the instance to be in state C(running) before returning
     type: bool
-    default: "no"
+    default: true
   wait_timeout:
     description:
      - how long before wait gives up, in seconds
     default: 300
+    type: int
   watchdog:
     description:
     - Set status of Lassie watchdog.
@@ -337,7 +358,7 @@ def linodeServers(module, api, state, name,
         if not servers:
             for arg in (name, plan, distribution, datacenter):
                 if not arg:
-                    module.fail_json(msg='%s is required for %s state' % (arg, state))
+                    module.fail_json(msg='%s is required for %s state' % (arg, state))  # @TODO use required_if instead
             # Create linode entity
             new_server = True
 

plugins/modules/cloud/linode/linode_v4.py

@@ -27,21 +27,21 @@ options:
     description:
       - The region of the instance. This is a required parameter only when
         creating Linode instances. See
-        U(https://developers.linode.com/api/v4#tag/Regions).
+        U(https://www.linode.com/docs/api/regions/).
     required: false
     type: str
   image:
     description:
       - The image of the instance. This is a required parameter only when
         creating Linode instances. See
-        U(https://developers.linode.com/api/v4#tag/Images).
+        U(https://www.linode.com/docs/api/images/).
     type: str
     required: false
   type:
     description:
       - The type of the instance. This is a required parameter only when
         creating Linode instances. See
-        U(https://developers.linode.com/api/v4#tag/Linode-Types).
+        U(https://www.linode.com/docs/api/linode-types/).
     type: str
     required: false
   label:
@@ -60,7 +60,7 @@ options:
   tags:
     description:
       - The tags that the instance should be marked under. See
-        U(https://developers.linode.com/api/v4#tag/Tags).
+        U(https://www.linode.com/docs/api/tags/).
     required: false
     type: list
   root_pass:
@@ -87,8 +87,23 @@ options:
     description:
       - The Linode API v4 access token. It may also be specified by exposing
         the C(LINODE_ACCESS_TOKEN) environment variable. See
-        U(https://developers.linode.com/api/v4#section/Access-and-Authentication).
+        U(https://www.linode.com/docs/api#access-and-authentication).
     required: true
+    type: str
+  stackscript_id:
+    description:
+      - The numeric ID of the StackScript to use when creating the instance.
+        See U(https://www.linode.com/docs/api/stackscripts/).
+    type: int
+    version_added: 1.3.0
+  stackscript_data:
+    description:
+      - An object containing arguments to any User Defined Fields present in
+        the StackScript used when creating the instance.
+        Only valid when a stackscript_id is provided.
+        See U(https://www.linode.com/docs/api/stackscripts/).
+    type: dict
+    version_added: 1.3.0
 '''
 
 EXAMPLES = """
@@ -101,6 +116,9 @@ EXAMPLES = """
     root_pass: passw0rd
     authorized_keys:
       - "ssh-rsa ..."
+    stackscript_id: 1337
+    stackscript_data:
+      variable: value
     state: present
 
 - name: Delete that new Linode.
@@ -229,6 +247,8 @@ def initialise_module():
             root_pass=dict(type='str', required=False, no_log=True),
             tags=dict(type='list', required=False),
             type=dict(type='str', required=False),
+            stackscript_id=dict(type='int', required=False),
+            stackscript_data=dict(type='dict', required=False),
         ),
         supports_check_mode=False,
         required_one_of=(
@@ -272,6 +292,8 @@ def main():
             root_pass=module.params['root_pass'],
             tags=module.params['tags'],
             ltype=module.params['type'],
+            stackscript=module.params['stackscript_id'],
+            stackscript_data=module.params['stackscript_data'],
         )
         module.exit_json(changed=True, instance=instance_json)
 

plugins/modules/cloud/lxc/lxc_container.py

@@ -1,24 +1,25 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 
-# (c) 2014, Kevin Carter <kevin.carter@rackspace.com>
+# Copyright: (c) 2014, Kevin Carter <kevin.carter@rackspace.com>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
 
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: lxc_container
 short_description: Manage LXC Containers
 description:
-  - Management of LXC containers
+  - Management of LXC containers.
 author: "Kevin Carter (@cloudnull)"
 options:
     name:
         description:
           - Name of a container.
+        type: str
         required: true
     backing_store:
         choices:
@@ -30,93 +31,105 @@ options:
           - zfs
         description:
           - Backend storage type for the container.
+        type: str
         default: dir
     template:
         description:
           - Name of the template to use within an LXC create.
+        type: str
         default: ubuntu
     template_options:
         description:
           - Template options when building the container.
+        type: str
     config:
         description:
           - Path to the LXC configuration file.
+        type: path
     lv_name:
         description:
           - Name of the logical volume, defaults to the container name.
-        default: $CONTAINER_NAME
+          - If not specified, it defaults to C($CONTAINER_NAME).
+        type: str
     vg_name:
         description:
-          - If Backend store is lvm, specify the name of the volume group.
+          - If backend store is lvm, specify the name of the volume group.
+        type: str
         default: lxc
     thinpool:
         description:
           - Use LVM thin pool called TP.
+        type: str
     fs_type:
         description:
           - Create fstype TYPE.
+        type: str
         default: ext4
     fs_size:
         description:
           - File system Size.
+        type: str
         default: 5G
     directory:
         description:
           - Place rootfs directory under DIR.
+        type: path
     zfs_root:
         description:
           - Create zfs under given zfsroot.
+        type: str
     container_command:
         description:
           - Run a command within a container.
+        type: str
     lxc_path:
         description:
-          - Place container under PATH
+          - Place container under PATH.
+        type: path
     container_log:
-        choices:
-          - true
-          - false
         description:
           - Enable a container log for host actions to the container.
         type: bool
         default: 'no'
     container_log_level:
         choices:
+          - Info
+          - info
           - INFO
+          - Error
+          - error
           - ERROR
+          - Debug
+          - debug
           - DEBUG
         description:
           - Set the log level for a container where *container_log* was set.
+        type: str
         required: false
         default: INFO
     clone_name:
         description:
-          - Name of the new cloned server. This is only used when state is
-            clone.
+          - Name of the new cloned server.
+          - This is only used when state is clone.
         type: str
     clone_snapshot:
-        choices:
-          - true
-          - false
         description:
-          - Create a snapshot a container when cloning. This is not supported
-            by all container storage backends. Enabling this may fail if the
-            backing store does not support snapshots.
+          - Create a snapshot a container when cloning.
+          - This is not supported by all container storage backends.
+          - Enabling this may fail if the backing store does not support snapshots.
         type: bool
         default: 'no'
     archive:
-        choices:
-          - true
-          - false
         description:
-          - Create an archive of a container. This will create a tarball of the
-            running container.
+          - Create an archive of a container.
+          - This will create a tarball of the running container.
         type: bool
         default: 'no'
     archive_path:
         description:
-          - Path the save the archived container. If the path does not exist
-            the archive method will attempt to create it.
+          - Path the save the archived container.
+          - If the path does not exist the archive method will attempt to create it.
+        type: path
     archive_compression:
         choices:
           - gzip
@@ -125,6 +138,7 @@ options:
         description:
           - Type of compression to use when creating an archive of a running
             container.
+        type: str
         default: gzip
     state:
         choices:
@@ -133,16 +147,21 @@ options:
           - restarted
           - absent
           - frozen
+          - clone
         description:
-          - Define the state of a container. If you clone a container using
-            `clone_name` the newly cloned container created in a stopped state.
-            The running container will be stopped while the clone operation is
+          - Define the state of a container.
+          - If you clone a container using I(clone_name) the newly cloned
+            container created in a stopped state.
+          - The running container will be stopped while the clone operation is
             happening and upon completion of the clone the original container
             state will be restored.
+        type: str
         default: started
     container_config:
         description:
-          - list of 'key=value' options to use when configuring a container.
+          - A list of C(key=value) options to use when configuring a container.
+        type: list
+        elements: str
 requirements:
   - 'lxc >= 1.0 # OS package'
   - 'python >= 2.6 # OS Package'
@@ -170,7 +189,7 @@ notes:
     name lxc-python2.
 '''
 
-EXAMPLES = """
+EXAMPLES = r"""
 - name: Create a started container
   community.general.lxc_container:
     name: test-container-started
@@ -353,7 +372,7 @@ EXAMPLES = """
     - test-container-new-archive-destroyed-clone
 """
 
-RETURN = """
+RETURN = r"""
 lxc_container:
     description: container information
     returned: success
@@ -701,14 +720,7 @@ class LxcContainerManagement(object):
         with open(container_config_file, 'rb') as f:
             container_config = to_text(f.read(), errors='surrogate_or_strict').splitlines(True)
 
-        # Note used ast literal_eval because AnsibleModule does not provide for
-        # adequate dictionary parsing.
-        # Issue: https://github.com/ansible/ansible/issues/7679
-        # TODO(cloudnull) adjust import when issue has been resolved.
-        import ast
-        options_dict = ast.literal_eval(_container_config)
-        parsed_options = [i.split('=', 1) for i in options_dict]
-
+        parsed_options = [i.split('=', 1) for i in _container_config]
         config_change = False
         for key, value in parsed_options:
             key = key.strip()
@@ -917,8 +929,7 @@ class LxcContainerManagement(object):
 
         if self._container_exists(container_name=self.container_name, lxc_path=self.lxc_path):
             return str(self.container.state).lower()
-        else:
-            return str('absent')
+        return str('absent')
 
     def _execute_command(self):
         """Execute a shell command."""
@@ -1695,11 +1706,12 @@ def main():
                 type='str'
             ),
             container_config=dict(
-                type='str'
+                type='list',
+                elements='str'
             ),
             container_log=dict(
                 type='bool',
-                default='false'
+                default=False
             ),
             container_log_level=dict(
                 choices=[n for i in LXC_LOGGING_LEVELS.values() for n in i],
@@ -1715,7 +1727,7 @@ def main():
             ),
             archive=dict(
                 type='bool',
-                default='false'
+                default=False
             ),
             archive_path=dict(
                 type='path',

plugins/modules/cloud/lxd/lxd_container.py

@@ -19,11 +19,13 @@ options:
     name:
         description:
           - Name of a container.
+        type: str
         required: true
     architecture:
         description:
           - The architecture for the container (e.g. "x86_64" or "i686").
             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1)
+        type: str
         required: false
     config:
         description:
@@ -37,12 +39,18 @@ options:
           - The key starts with 'volatile.' are ignored for this comparison.
           - Not all config values are supported to apply the existing container.
             Maybe you need to delete and recreate a container.
+        type: dict
         required: false
+    profiles:
+        description:
+          - Profile to be used by the container
+        type: list
     devices:
         description:
           - 'The devices for the container
             (e.g. { "rootfs": { "path": "/dev/kvm", "type": "unix-char" }).
             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1)'
+        type: dict
         required: false
     ephemeral:
         description:
@@ -61,6 +69,7 @@ options:
           - 'See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1) for complete API documentation.'
           - 'Note that C(protocol) accepts two choices: C(lxd) or C(simplestreams)'
         required: false
+        type: dict
     state:
         choices:
           - started
@@ -72,6 +81,7 @@ options:
           - Define the state of a container.
         required: false
         default: started
+        type: str
     target:
         description:
           - For cluster deployments. Will attempt to create a container on a target node.
@@ -88,6 +98,7 @@ options:
             starting or restarting.
         required: false
         default: 30
+        type: int
     wait_for_ipv4_addresses:
         description:
           - If this is true, the C(lxd_container) waits until IPv4 addresses
@@ -108,23 +119,27 @@ options:
           - The unix domain socket path or the https URL for the LXD server.
         required: false
         default: unix:/var/lib/lxd/unix.socket
+        type: str
     snap_url:
         description:
           - The unix domain socket path when LXD is installed by snap package manager.
         required: false
         default: unix:/var/snap/lxd/common/lxd/unix.socket
+        type: str
     client_key:
         description:
           - The client certificate key file path.
+          - If not specified, it defaults to C(${HOME}/.config/lxc/client.key).
         required: false
-        default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])'
         aliases: [ key_file ]
+        type: str
     client_cert:
         description:
           - The client certificate file path.
+          - If not specified, it defaults to C(${HOME}/.config/lxc/client.crt).
         required: false
-        default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])'
         aliases: [ cert_file ]
+        type: str
     trust_password:
         description:
           - The client trusted password.
@@ -135,6 +150,7 @@ options:
           - If trust_password is set, this module send a request for
             authentication before sending any requests.
         required: false
+        type: str
 notes:
   - Containers must have a unique name. If you attempt to create a container
     with a name that already existed in the users namespace the module will
@@ -356,8 +372,12 @@ class LXDContainerManagement(object):
         self.addresses = None
         self.target = self.module.params['target']
 
-        self.key_file = self.module.params.get('client_key', None)
-        self.cert_file = self.module.params.get('client_cert', None)
+        self.key_file = self.module.params.get('client_key')
+        if self.key_file is None:
+            self.key_file = '{0}/.config/lxc/client.key'.format(os.environ['HOME'])
+        self.cert_file = self.module.params.get('client_cert')
+        if self.cert_file is None:
+            self.cert_file = '{0}/.config/lxc/client.crt'.format(os.environ['HOME'])
         self.debug = self.module._verbosity >= 4
 
         try:
@@ -671,12 +691,10 @@ def main():
             ),
             client_key=dict(
                 type='str',
-                default='{0}/.config/lxc/client.key'.format(os.environ['HOME']),
                 aliases=['key_file']
             ),
             client_cert=dict(
                 type='str',
-                default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']),
                 aliases=['cert_file']
             ),
             trust_password=dict(type='str', no_log=True)

plugins/modules/cloud/lxd/lxd_profile.py

@@ -20,9 +20,11 @@ options:
         description:
           - Name of a profile.
         required: true
+        type: str
     description:
         description:
           - Description of the profile.
+        type: str
     config:
         description:
           - 'The config for the container (e.g. {"limits.memory": "4GB"}).
@@ -35,18 +37,21 @@ options:
           - Not all config values are supported to apply the existing profile.
             Maybe you need to delete and recreate a profile.
         required: false
+        type: dict
     devices:
         description:
           - 'The devices for the profile
             (e.g. {"rootfs": {"path": "/dev/kvm", "type": "unix-char"}).
             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#patch-3)'
         required: false
+        type: dict
     new_name:
         description:
           - A new name of a profile.
           - If this parameter is specified a profile will be renamed to this name.
             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-11)
         required: false
+        type: str
     state:
         choices:
           - present
@@ -55,28 +60,33 @@ options:
           - Define the state of a profile.
         required: false
         default: present
+        type: str
     url:
         description:
           - The unix domain socket path or the https URL for the LXD server.
         required: false
         default: unix:/var/lib/lxd/unix.socket
+        type: str
     snap_url:
         description:
           - The unix domain socket path when LXD is installed by snap package manager.
         required: false
         default: unix:/var/snap/lxd/common/lxd/unix.socket
+        type: str
     client_key:
         description:
           - The client certificate key file path.
+          - If not specified, it defaults to C($HOME/.config/lxc/client.key).
         required: false
-        default: '"{}/.config/lxc/client.key" .format(os.environ["HOME"])'
         aliases: [ key_file ]
+        type: str
     client_cert:
         description:
           - The client certificate file path.
+          - If not specified, it defaults to C($HOME/.config/lxc/client.crt).
         required: false
-        default: '"{}/.config/lxc/client.crt" .format(os.environ["HOME"])'
         aliases: [ cert_file ]
+        type: str
     trust_password:
         description:
           - The client trusted password.
@@ -87,6 +97,7 @@ options:
           - If trust_password is set, this module send a request for
             authentication before sending any requests.
         required: false
+        type: str
 notes:
   - Profiles must have a unique name. If you attempt to create a profile
     with a name that already existed in the users namespace the module will
@@ -201,8 +212,12 @@ class LXDProfileManagement(object):
         self.state = self.module.params['state']
         self.new_name = self.module.params.get('new_name', None)
 
-        self.key_file = self.module.params.get('client_key', None)
-        self.cert_file = self.module.params.get('client_cert', None)
+        self.key_file = self.module.params.get('client_key')
+        if self.key_file is None:
+            self.key_file = '{0}/.config/lxc/client.key'.format(os.environ['HOME'])
+        self.cert_file = self.module.params.get('client_cert')
+        if self.cert_file is None:
+            self.cert_file = '{0}/.config/lxc/client.crt'.format(os.environ['HOME'])
         self.debug = self.module._verbosity >= 4
 
         try:
@@ -370,12 +385,10 @@ def main():
             ),
             client_key=dict(
                 type='str',
-                default='{0}/.config/lxc/client.key'.format(os.environ['HOME']),
                 aliases=['key_file']
             ),
             client_cert=dict(
                 type='str',
-                default='{0}/.config/lxc/client.crt'.format(os.environ['HOME']),
                 aliases=['cert_file']
             ),
             trust_password=dict(type='str', no_log=True)

plugins/modules/cloud/memset/memset_dns_reload.py

@@ -24,6 +24,7 @@ description:
 options:
     api_key:
         required: true
+        type: str
         description:
             - The API key obtained from the Memset control panel.
     poll:

plugins/modules/cloud/memset/memset_memstore_info.py

@@ -21,10 +21,12 @@ description:
 options:
     api_key:
         required: true
+        type: str
         description:
             - The API key obtained from the Memset control panel.
     name:
         required: true
+        type: str
         description:
             - The Memstore product name (i.e. C(mstestyaa1)).
 '''

plugins/modules/cloud/memset/memset_server_info.py

@@ -21,10 +21,12 @@ description:
 options:
     api_key:
         required: true
+        type: str
         description:
             - The API key obtained from the Memset control panel.
     name:
         required: true
+        type: str
         description:
             - The server product name (i.e. C(testyaa1)).
 '''

plugins/modules/cloud/memset/memset_zone.py

@@ -24,21 +24,25 @@ options:
         required: true
         description:
             - Indicates desired state of resource.
+        type: str
         choices: [ absent, present ]
     api_key:
         required: true
         description:
             - The API key obtained from the Memset control panel.
+        type: str
     name:
         required: true
         description:
             - The zone nickname; usually the same as the main domain. Ensure this
               value has at most 250 characters.
+        type: str
         aliases: [ nickname ]
     ttl:
         description:
             - The default TTL for all records created in the zone. This must be a
               valid int from U(https://www.memset.com/apidocs/methods_dns.html#dns.zone_create).
+        type: int
         choices: [ 0, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400 ]
     force:
         required: false