Release 1.3.0.

Add release summary.
BOTMETA.yml: add a maintainer for pagerduty_user module (#1402 ) (#1403 )
2026-04-29 09:56:53 +00:00 · 2020-11-26 14:12:35 +01:00 · 2020-11-26 14:10:50 +01:00 · 2020-11-26 14:09:52 +01:00 · 2020-11-26 13:54:17 +01:00 · 2020-11-26 13:21:12 +01:00
514 changed files with 12228 additions and 5564 deletions
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,174 @@ Community General Release Notes
 .. contents:: Topics


+v1.3.0
+======
+
+Release Summary
+---------------
+
+This is the last minor 1.x.0 release. The next releases from the stable-1 branch will be 1.3.y patch releases.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the Hetzner Robot modules will be moved to the `community.hrobot <https://galaxy.ansible.com/community/hrobot>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use Hetzner Robot modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.hrobot.`` instead of ``community.general.hetzner_``,
+  for example replace ``community.general.hetzner_firewall_info`` in a task by ``community.hrobot.firewall_info``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the Hetzner Robot modules, you have to make sure to install the ``community.hrobot`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.hetzner_failover_ip`` instead of ``hetzner_failover_ip``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the ``docker`` modules and plugins will be moved to the `community.docker <https://galaxy.ansible.com/community/docker>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use ``docker`` content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.docker.`` instead of ``community.general.``,
+  for example replace ``community.general.docker_container`` in a task by ``community.docker.docker_container``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the ``docker`` content, you have to make sure to install the ``community.docker`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.docker_container`` instead of ``docker_container``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the ``postgresql`` modules and plugins will be moved to the `community.postgresql <https://galaxy.ansible.com/community/postgresql>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use ``postgresql`` content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.postgresql.`` instead of ``community.general.``,
+  for example replace ``community.general.postgresql_info`` in a task by ``community.postgresql.postgresql_info``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the ``postgresql`` content, you have to make sure to install the ``community.postgresql`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.postgresql_info`` instead of ``postgresql_info``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- The community.general collection no longer depends on the ansible.posix collection (https://github.com/ansible-collections/community.general/pull/1157).
+
+Minor Changes
+-------------
+
+- Add new filter plugin ``dict_kv`` which returns a single key-value pair from two arguments. Useful for generating complex dictionaries without using loops. For example ``'value' | community.general.dict_kv('key'))`` evaluates to ``{'key': 'value'}`` (https://github.com/ansible-collections/community.general/pull/1264).
+- archive - fix paramater types (https://github.com/ansible-collections/community.general/pull/1039).
+- consul - added support for tcp checks (https://github.com/ansible-collections/community.general/issues/1128).
+- datadog - mark ``notification_message`` as ``no_log`` (https://github.com/ansible-collections/community.general/pull/1338).
+- datadog_monitor - add ``include_tags`` option (https://github.com/ansible/ansible/issues/57441).
+- django_manage - renamed parameter ``app_path`` to ``project_path``, adding ``app_path`` and ``chdir`` as aliases (https://github.com/ansible-collections/community.general/issues/1044).
+- docker_container - now supports the ``device_requests`` option, which allows to request additional resources such as GPUs (https://github.com/ansible/ansible/issues/65748, https://github.com/ansible-collections/community.general/pull/1119).
+- docker_image - return docker build output (https://github.com/ansible-collections/community.general/pull/805).
+- docker_secret - add a warning when the secret does not have an ``ansible_key`` label but the ``force`` parameter is not set (https://github.com/ansible-collections/community.docker/issues/30, https://github.com/ansible-collections/community.docker/pull/31).
+- facter - added option for ``arguments`` (https://github.com/ansible-collections/community.general/pull/768).
+- hashi_vault - support ``VAULT_SKIP_VERIFY`` environment variable for determining if to verify certificates (in addition to the ``validate_certs=`` flag supported today) (https://github.com/ansible-collections/community.general/pull/1024).
+- hashi_vault lookup plugin - add support for JWT authentication (https://github.com/ansible-collections/community.general/pull/1213).
+- infoblox inventory script - use stderr for reporting errors, and allow use of environment for configuration (https://github.com/ansible-collections/community.general/pull/436).
+- ipa_host - silence warning about non-secret ``random_password`` option not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+- ipa_user - silence warning about non-secret ``krbpasswordexpiration`` and ``update_password`` options not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+- linode_v4 - added support for Linode StackScript usage when creating instances (https://github.com/ansible-collections/community.general/issues/723).
+- lvol - fix idempotency issue when using lvol with ``%VG`` or ``%PVS`` size options and VG is fully allocated (https://github.com/ansible-collections/community.general/pull/229).
+- maven_artifact - added ``client_cert`` and ``client_key`` parameters to the maven_artifact module (https://github.com/ansible-collections/community.general/issues/1123).
+- module_helper - added ModuleHelper class and a couple of convenience tools for module developers (https://github.com/ansible-collections/community.general/pull/1322).
+- nmcli - refactor internal methods for simplicity and enhance reuse to support existing and future connection types (https://github.com/ansible-collections/community.general/pull/1113).
+- nmcli - remove Python DBus and GTK Object library dependencies (https://github.com/ansible-collections/community.general/issues/1112).
+- nmcli - the ``dns4``, ``dns4_search``, ``dns6``, and ``dns6_search`` arguments are retained internally as lists (https://github.com/ansible-collections/community.general/pull/1113).
+- odbc - added a parameter ``commit`` which allows users to disable the explicit commit after the execute call (https://github.com/ansible-collections/community.general/pull/1139).
+- openbsd_pkg - added ``snapshot`` option (https://github.com/ansible-collections/community.general/pull/965).
+- pacman - improve group expansion speed: query list of pacman groups once (https://github.com/ansible-collections/community.general/pull/349).
+- parted - add ``resize`` option to resize existing partitions (https://github.com/ansible-collections/community.general/pull/773).
+- passwordstore lookup plugin - added ``umask`` option to set the desired file permisions on creation. This is done via the ``PASSWORD_STORE_UMASK`` environment variable (https://github.com/ansible-collections/community.general/pull/1156).
+- pkgin - add support for installation of full versioned package names (https://github.com/ansible-collections/community.general/pull/1256).
+- pkgng - present the ``ignore_osver`` option to pkg (https://github.com/ansible-collections/community.general/pull/1243).
+- portage - add ``getbinpkgonly`` option, remove unnecessary note on internal portage behaviour (getbinpkg=yes), and remove the undocumented exclusiveness of the pkg options as portage makes no such restriction (https://github.com/ansible-collections/community.general/pull/1169).
+- postgresql_info - add ``in_recovery`` return value to show if a service in recovery mode or not (https://github.com/ansible-collections/community.general/issues/1068).
+- postgresql_privs - add ``procedure`` type support (https://github.com/ansible-collections/community.general/issues/1002).
+- postgresql_query - add ``query_list`` and ``query_all_results`` return values (https://github.com/ansible-collections/community.general/issues/838).
+- proxmox - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox - extract common code and documentation (https://github.com/ansible-collections/community.general/pull/1331).
+- proxmox inventory plugin - ignore QEMU templates altogether instead of skipping the creation of the host in the inventory (https://github.com/ansible-collections/community.general/pull/1185).
+- proxmox_kvm - add cloud-init support (new options: ``cicustom``, ``cipassword``, ``citype``, ``ciuser``, ``ipconfig``, ``nameservers``, ``searchdomains``, ``sshkeys``) (https://github.com/ansible-collections/community.general/pull/797).
+- proxmox_kvm - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox_kvm - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox_template - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox_template - download proxmox applicance templates (pveam) (https://github.com/ansible-collections/community.general/pull/1046).
+- redis cache plugin - add redis sentinel functionality to cache plugin (https://github.com/ansible-collections/community.general/pull/1055).
+- redis cache plugin - make the redis cache keyset name configurable (https://github.com/ansible-collections/community.general/pull/1036).
+- terraform - add ``init_reconfigure`` option, which controls the ``-reconfigure`` flag (backend reconfiguration) (https://github.com/ansible-collections/community.general/pull/823).
+- xfconf - removed unnecessary second execution of ``xfconf-query`` (https://github.com/ansible-collections/community.general/pull/1305).
+
+Deprecated Features
+-------------------
+
+- django_manage - the parameter ``liveserver`` relates to a no longer maintained third-party module for django. It is now deprecated, and will be remove in community.general 3.0.0 (https://github.com/ansible-collections/community.general/pull/1154).
+- proxmox - the default of the new ``proxmox_default_behavior`` option will change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0. Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox_kvm - the default of the new ``proxmox_default_behavior`` option will change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0. Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+- syspatch - deprecate the redundant ``apply`` argument (https://github.com/ansible-collections/community.general/pull/360).
+
+Bugfixes
+--------
+
+- apache2_module - amend existing module identifier workaround to also apply to updated Shibboleth modules (https://github.com/ansible-collections/community.general/issues/1379).
+- beadm - fixed issue "list object has no attribute split" (https://github.com/ansible-collections/community.general/issues/791).
+- capabilities - fix for a newer version of libcap release (https://github.com/ansible-collections/community.general/pull/1061).
+- composer - fix bug in command idempotence with composer v2 (https://github.com/ansible-collections/community.general/issues/1179).
+- docker_login - fix internal config file storage to handle credentials for more than one registry (https://github.com/ansible-collections/community.general/issues/1117).
+- filesystem - add option ``state`` with default ``present``. When set to ``absent``, filesystem signatures are removed (https://github.com/ansible-collections/community.general/issues/355).
+- flatpak - use of the ``--non-interactive`` argument instead of ``-y`` when possible (https://github.com/ansible-collections/community.general/pull/1246).
+- gcp_storage_files lookup plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- gitlab_group - added description parameter to ``createGroup()`` call (https://github.com/ansible-collections/community.general/issues/138).
+- gitlab_group_variable - support for GitLab pagination limitation by iterating over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+- gitlab_project_variable - support for GitLab pagination limitation by iterating over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+- hashi_vault - fix approle authentication without ``secret_id`` (https://github.com/ansible-collections/community.general/pull/1138).
+- homebrew - fix package name validation for packages containing hypen ``-`` (https://github.com/ansible-collections/community.general/issues/1037).
+- homebrew_cask - fix package name validation for casks containing hypen ``-`` (https://github.com/ansible-collections/community.general/issues/1037).
+- influxdb - fix usage of path for older version of python-influxdb (https://github.com/ansible-collections/community.general/issues/997).
+- iptables_state - fix race condition between module and its action plugin (https://github.com/ansible-collections/community.general/issues/1136).
+- linode inventory plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- lxc_container - fix the type of the ``container_config`` parameter. It is now processed as a list and not a string (https://github.com/ansible-collections/community.general/pull/216).
+- macports - fix failure to install a package whose name is contained within an already installed package's name or variant (https://github.com/ansible-collections/community.general/issues/1307).
+- maven_artifact - handle timestamped snapshot version strings properly (https://github.com/ansible-collections/community.general/issues/709).
+- memcached cache plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- monit - fix modules ability to determine the current state of the monitored process (https://github.com/ansible-collections/community.general/pull/1107).
+- nios_fixed_address, nios_host_record, nios_zone - removed redundant parameter aliases causing warning messages to incorrectly appear in task output (https://github.com/ansible-collections/community.general/issues/852).
+- nmcli - cannot modify ``ifname`` after connection creation (https://github.com/ansible-collections/community.general/issues/1089).
+- nmcli - use consistent autoconnect parameters (https://github.com/ansible-collections/community.general/issues/459).
+- omapi_host - fix compatibility with Python 3 (https://github.com/ansible-collections/community.general/issues/787).
+- packet_net.py inventory script - fixed failure w.r.t. operating system retrieval by changing array subscription back to attribute access (https://github.com/ansible-collections/community.general/pull/891).
+- postgresql_ext - fix the module crashes when available ext versions cannot be compared with current version (https://github.com/ansible-collections/community.general/issues/1095).
+- postgresql_ext - fix version selection when ``version=latest`` (https://github.com/ansible-collections/community.general/pull/1078).
+- postgresql_pg_hba - fix a crash when a new rule with an 'options' field replaces a rule without or vice versa (https://github.com/ansible-collections/community.general/issues/1108).
+- postgresql_privs - fix module fails when ``type`` group and passing ``objs`` value containing hyphens (https://github.com/ansible-collections/community.general/issues/1058).
+- proxmox_kvm - fix issue causing linked clones not being create by allowing ``format=unspecified`` (https://github.com/ansible-collections/community.general/issues/1027).
+- proxmox_kvm - ignore unsupported ``pool`` parameter on update (https://github.com/ansible-collections/community.general/pull/1258).
+- redis - fixes parsing of config values which should not be converted to bytes (https://github.com/ansible-collections/community.general/pull/1079).
+- redis cache plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- slack - avoid trying to update existing message when sending messages that contain the string "ts" (https://github.com/ansible-collections/community.general/issues/1097).
+- solaris_zone - fixed issue trying to configure zone in Python 3 (https://github.com/ansible-collections/community.general/issues/1081).
+- syspatch - fix bug where not setting ``apply=true`` would result in error (https://github.com/ansible-collections/community.general/pull/360).
+- xfconf - parameter ``value`` no longer required for state ``absent`` (https://github.com/ansible-collections/community.general/issues/1329).
+- xfconf - xfconf no longer passing the command args as a string, but rather as a list (https://github.com/ansible-collections/community.general/issues/1328).
+- zypper - force ``LANG=C`` to as zypper is looking in XML output where attribute could be translated (https://github.com/ansible-collections/community.general/issues/1175).
+
+New Modules
+-----------
+
+Cloud
+~~~~~
+
+misc
+^^^^
+
+- proxmox_domain_info - Retrieve information about one or more Proxmox VE domains
+- proxmox_group_info - Retrieve information about one or more Proxmox VE groups
+- proxmox_user_info - Retrieve information about one or more Proxmox VE users
+
+Clustering
+~~~~~~~~~~
+
+nomad
+^^^^^
+
+- nomad_job - Launch a Nomad Job
+- nomad_job_info - Get Nomad Jobs info
+
+Monitoring
+~~~~~~~~~~
+
+- pagerduty_change - Track a code or infrastructure change as a PagerDuty change event
+- pagerduty_user - Manage a user account on PagerDuty
+
 v1.2.0
 ======

--- a/README.md
+++ b/README.md
@@ -1,9 +1,12 @@
 # Community General Collection

-[![Run Status](https://api.shippable.com/projects/5e664a167c32620006c9fa50/badge?branch=main)](https://app.shippable.com/github/ansible-collections/community.general/dashboard) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
+[![Run Status](https://api.shippable.com/projects/5e664a167c32620006c9fa50/badge?branch=main)](https://app.shippable.com/github/ansible-collections/community.general/dashboard)
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)

 This repo contains the `community.general` Ansible Collection. The collection includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.

+You can find [documentation for this collection on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
+
 ## Tested with Ansible

 Tested with the current Ansible 2.9 and 2.10 releases and the current development version of Ansible. Ansible versions before 2.9.10 are not supported.
@@ -14,7 +17,7 @@ Some modules and plugins require external libraries. Please check the requiremen

 ## Included content

-Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/community/general).
+Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/community/general) or the [documentation on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).

 ## Using this collection

@@ -35,6 +38,14 @@ See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_gui

 If you want to develop new content for this collection or improve what is already here, the easiest way to work on the collection is to clone it into one of the configured [`COLLECTIONS_PATH`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), and work on it there.

+For example, if you are working in the `~/dev` directory:
+
+```
+cd ~/dev
+git clone git@github.com:ansible-collections/community.general.git collections/ansible_collections/community/general
+export COLLECTIONS_PATH=$(pwd)/collections:$COLLECTIONS_PATH
+```
+
 You can find more information in the [developer guide for collections](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections), and in the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).

 ### Running tests
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -1231,3 +1231,340 @@ releases:
        name: stackpath_compute
        namespace: null
    release_date: '2020-09-30'
+  1.3.0:
+    changes:
+      bugfixes:
+      - apache2_module - amend existing module identifier workaround to also apply
+        to updated Shibboleth modules (https://github.com/ansible-collections/community.general/issues/1379).
+      - beadm - fixed issue "list object has no attribute split" (https://github.com/ansible-collections/community.general/issues/791).
+      - capabilities - fix for a newer version of libcap release (https://github.com/ansible-collections/community.general/pull/1061).
+      - composer - fix bug in command idempotence with composer v2 (https://github.com/ansible-collections/community.general/issues/1179).
+      - docker_login - fix internal config file storage to handle credentials for
+        more than one registry (https://github.com/ansible-collections/community.general/issues/1117).
+      - filesystem - add option ``state`` with default ``present``. When set to ``absent``,
+        filesystem signatures are removed (https://github.com/ansible-collections/community.general/issues/355).
+      - flatpak - use of the ``--non-interactive`` argument instead of ``-y`` when
+        possible (https://github.com/ansible-collections/community.general/pull/1246).
+      - gcp_storage_files lookup plugin - make sure that plugin errors out on initialization
+        if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - gitlab_group - added description parameter to ``createGroup()`` call (https://github.com/ansible-collections/community.general/issues/138).
+      - gitlab_group_variable - support for GitLab pagination limitation by iterating
+        over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+      - gitlab_project_variable - support for GitLab pagination limitation by iterating
+        over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+      - hashi_vault - fix approle authentication without ``secret_id`` (https://github.com/ansible-collections/community.general/pull/1138).
+      - homebrew - fix package name validation for packages containing hypen ``-``
+        (https://github.com/ansible-collections/community.general/issues/1037).
+      - homebrew_cask - fix package name validation for casks containing hypen ``-``
+        (https://github.com/ansible-collections/community.general/issues/1037).
+      - influxdb - fix usage of path for older version of python-influxdb (https://github.com/ansible-collections/community.general/issues/997).
+      - iptables_state - fix race condition between module and its action plugin (https://github.com/ansible-collections/community.general/issues/1136).
+      - linode inventory plugin - make sure that plugin errors out on initialization
+        if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - lxc_container - fix the type of the ``container_config`` parameter. It is
+        now processed as a list and not a string (https://github.com/ansible-collections/community.general/pull/216).
+      - macports - fix failure to install a package whose name is contained within
+        an already installed package's name or variant (https://github.com/ansible-collections/community.general/issues/1307).
+      - maven_artifact - handle timestamped snapshot version strings properly (https://github.com/ansible-collections/community.general/issues/709).
+      - memcached cache plugin - make sure that plugin errors out on initialization
+        if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - monit - fix modules ability to determine the current state of the monitored
+        process (https://github.com/ansible-collections/community.general/pull/1107).
+      - nios_fixed_address, nios_host_record, nios_zone - removed redundant parameter
+        aliases causing warning messages to incorrectly appear in task output (https://github.com/ansible-collections/community.general/issues/852).
+      - nmcli - cannot modify ``ifname`` after connection creation (https://github.com/ansible-collections/community.general/issues/1089).
+      - nmcli - use consistent autoconnect parameters (https://github.com/ansible-collections/community.general/issues/459).
+      - omapi_host - fix compatibility with Python 3 (https://github.com/ansible-collections/community.general/issues/787).
+      - packet_net.py inventory script - fixed failure w.r.t. operating system retrieval
+        by changing array subscription back to attribute access (https://github.com/ansible-collections/community.general/pull/891).
+      - postgresql_ext - fix the module crashes when available ext versions cannot
+        be compared with current version (https://github.com/ansible-collections/community.general/issues/1095).
+      - postgresql_ext - fix version selection when ``version=latest`` (https://github.com/ansible-collections/community.general/pull/1078).
+      - postgresql_pg_hba - fix a crash when a new rule with an 'options' field replaces
+        a rule without or vice versa (https://github.com/ansible-collections/community.general/issues/1108).
+      - postgresql_privs - fix module fails when ``type`` group and passing ``objs``
+        value containing hyphens (https://github.com/ansible-collections/community.general/issues/1058).
+      - proxmox_kvm - fix issue causing linked clones not being create by allowing
+        ``format=unspecified`` (https://github.com/ansible-collections/community.general/issues/1027).
+      - proxmox_kvm - ignore unsupported ``pool`` parameter on update (https://github.com/ansible-collections/community.general/pull/1258).
+      - redis - fixes parsing of config values which should not be converted to bytes
+        (https://github.com/ansible-collections/community.general/pull/1079).
+      - redis cache plugin - make sure that plugin errors out on initialization if
+        the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+      - slack - avoid trying to update existing message when sending messages that
+        contain the string "ts" (https://github.com/ansible-collections/community.general/issues/1097).
+      - solaris_zone - fixed issue trying to configure zone in Python 3 (https://github.com/ansible-collections/community.general/issues/1081).
+      - syspatch - fix bug where not setting ``apply=true`` would result in error
+        (https://github.com/ansible-collections/community.general/pull/360).
+      - xfconf - parameter ``value`` no longer required for state ``absent`` (https://github.com/ansible-collections/community.general/issues/1329).
+      - xfconf - xfconf no longer passing the command args as a string, but rather
+        as a list (https://github.com/ansible-collections/community.general/issues/1328).
+      - zypper - force ``LANG=C`` to as zypper is looking in XML output where attribute
+        could be translated (https://github.com/ansible-collections/community.general/issues/1175).
+      deprecated_features:
+      - django_manage - the parameter ``liveserver`` relates to a no longer maintained
+        third-party module for django. It is now deprecated, and will be remove in
+        community.general 3.0.0 (https://github.com/ansible-collections/community.general/pull/1154).
+      - proxmox - the default of the new ``proxmox_default_behavior`` option will
+        change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0.
+        Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+      - proxmox_kvm - the default of the new ``proxmox_default_behavior`` option will
+        change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0.
+        Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+      - syspatch - deprecate the redundant ``apply`` argument (https://github.com/ansible-collections/community.general/pull/360).
+      major_changes:
+      - 'For community.general 2.0.0, the Hetzner Robot modules will be moved to the
+        `community.hrobot <https://galaxy.ansible.com/community/hrobot>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use Hetzner Robot modules from this
+        collection, you will need to adjust your playbooks and roles to use FQCNs
+        starting with ``community.hrobot.`` instead of ``community.general.hetzner_``,
+
+        for example replace ``community.general.hetzner_firewall_info`` in a task
+        by ``community.hrobot.firewall_info``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the Hetzner Robot modules, you have to make sure to install the ``community.hrobot``
+        collection as well.
+
+        If you are using FQCNs, i.e. ``community.general.hetzner_failover_ip`` instead
+        of ``hetzner_failover_ip``, it will continue working, but we still recommend
+        to adjust the FQCNs as well.
+
+        '
+      - 'For community.general 2.0.0, the ``docker`` modules and plugins will be moved
+        to the `community.docker <https://galaxy.ansible.com/community/docker>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use ``docker`` content from this collection,
+        you will need to adjust your playbooks and roles to use FQCNs starting with
+        ``community.docker.`` instead of ``community.general.``,
+
+        for example replace ``community.general.docker_container`` in a task by ``community.docker.docker_container``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the ``docker`` content, you have to make sure to install the ``community.docker``
+        collection as well.
+
+        If you are using FQCNs, i.e. ``community.general.docker_container`` instead
+        of ``docker_container``, it will continue working, but we still recommend
+        to adjust the FQCNs as well.
+
+        '
+      - 'For community.general 2.0.0, the ``postgresql`` modules and plugins will
+        be moved to the `community.postgresql <https://galaxy.ansible.com/community/postgresql>`_
+        collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use ``postgresql`` content from this
+        collection, you will need to adjust your playbooks and roles to use FQCNs
+        starting with ``community.postgresql.`` instead of ``community.general.``,
+
+        for example replace ``community.general.postgresql_info`` in a task by ``community.postgresql.postgresql_info``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the ``postgresql`` content, you have to make sure to install the ``community.postgresql``
+        collection as well.
+
+        If you are using FQCNs, i.e. ``community.general.postgresql_info`` instead
+        of ``postgresql_info``, it will continue working, but we still recommend to
+        adjust the FQCNs as well.
+
+        '
+      - The community.general collection no longer depends on the ansible.posix collection
+        (https://github.com/ansible-collections/community.general/pull/1157).
+      minor_changes:
+      - 'Add new filter plugin ``dict_kv`` which returns a single key-value pair from
+        two arguments. Useful for generating complex dictionaries without using loops.
+        For example ``''value'' | community.general.dict_kv(''key''))`` evaluates
+        to ``{''key'': ''value''}`` (https://github.com/ansible-collections/community.general/pull/1264).'
+      - archive - fix paramater types (https://github.com/ansible-collections/community.general/pull/1039).
+      - consul - added support for tcp checks (https://github.com/ansible-collections/community.general/issues/1128).
+      - datadog - mark ``notification_message`` as ``no_log`` (https://github.com/ansible-collections/community.general/pull/1338).
+      - datadog_monitor - add ``include_tags`` option (https://github.com/ansible/ansible/issues/57441).
+      - django_manage - renamed parameter ``app_path`` to ``project_path``, adding
+        ``app_path`` and ``chdir`` as aliases (https://github.com/ansible-collections/community.general/issues/1044).
+      - docker_container - now supports the ``device_requests`` option, which allows
+        to request additional resources such as GPUs (https://github.com/ansible/ansible/issues/65748,
+        https://github.com/ansible-collections/community.general/pull/1119).
+      - docker_image - return docker build output (https://github.com/ansible-collections/community.general/pull/805).
+      - docker_secret - add a warning when the secret does not have an ``ansible_key``
+        label but the ``force`` parameter is not set (https://github.com/ansible-collections/community.docker/issues/30,
+        https://github.com/ansible-collections/community.docker/pull/31).
+      - facter - added option for ``arguments`` (https://github.com/ansible-collections/community.general/pull/768).
+      - hashi_vault - support ``VAULT_SKIP_VERIFY`` environment variable for determining
+        if to verify certificates (in addition to the ``validate_certs=`` flag supported
+        today) (https://github.com/ansible-collections/community.general/pull/1024).
+      - hashi_vault lookup plugin - add support for JWT authentication (https://github.com/ansible-collections/community.general/pull/1213).
+      - infoblox inventory script - use stderr for reporting errors, and allow use
+        of environment for configuration (https://github.com/ansible-collections/community.general/pull/436).
+      - ipa_host - silence warning about non-secret ``random_password`` option not
+        having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+      - ipa_user - silence warning about non-secret ``krbpasswordexpiration`` and
+        ``update_password`` options not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+      - linode_v4 - added support for Linode StackScript usage when creating instances
+        (https://github.com/ansible-collections/community.general/issues/723).
+      - lvol - fix idempotency issue when using lvol with ``%VG`` or ``%PVS`` size
+        options and VG is fully allocated (https://github.com/ansible-collections/community.general/pull/229).
+      - maven_artifact - added ``client_cert`` and ``client_key`` parameters to the
+        maven_artifact module (https://github.com/ansible-collections/community.general/issues/1123).
+      - module_helper - added ModuleHelper class and a couple of convenience tools
+        for module developers (https://github.com/ansible-collections/community.general/pull/1322).
+      - nmcli - refactor internal methods for simplicity and enhance reuse to support
+        existing and future connection types (https://github.com/ansible-collections/community.general/pull/1113).
+      - nmcli - remove Python DBus and GTK Object library dependencies (https://github.com/ansible-collections/community.general/issues/1112).
+      - nmcli - the ``dns4``, ``dns4_search``, ``dns6``, and ``dns6_search`` arguments
+        are retained internally as lists (https://github.com/ansible-collections/community.general/pull/1113).
+      - odbc - added a parameter ``commit`` which allows users to disable the explicit
+        commit after the execute call (https://github.com/ansible-collections/community.general/pull/1139).
+      - openbsd_pkg - added ``snapshot`` option (https://github.com/ansible-collections/community.general/pull/965).
+      - 'pacman - improve group expansion speed: query list of pacman groups once
+        (https://github.com/ansible-collections/community.general/pull/349).'
+      - parted - add ``resize`` option to resize existing partitions (https://github.com/ansible-collections/community.general/pull/773).
+      - passwordstore lookup plugin - added ``umask`` option to set the desired file
+        permisions on creation. This is done via the ``PASSWORD_STORE_UMASK`` environment
+        variable (https://github.com/ansible-collections/community.general/pull/1156).
+      - pkgin - add support for installation of full versioned package names (https://github.com/ansible-collections/community.general/pull/1256).
+      - pkgng - present the ``ignore_osver`` option to pkg (https://github.com/ansible-collections/community.general/pull/1243).
+      - portage - add ``getbinpkgonly`` option, remove unnecessary note on internal
+        portage behaviour (getbinpkg=yes), and remove the undocumented exclusiveness
+        of the pkg options as portage makes no such restriction (https://github.com/ansible-collections/community.general/pull/1169).
+      - postgresql_info - add ``in_recovery`` return value to show if a service in
+        recovery mode or not (https://github.com/ansible-collections/community.general/issues/1068).
+      - postgresql_privs - add ``procedure`` type support (https://github.com/ansible-collections/community.general/issues/1002).
+      - postgresql_query - add ``query_list`` and ``query_all_results`` return values
+        (https://github.com/ansible-collections/community.general/issues/838).
+      - proxmox - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+      - proxmox - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+      - proxmox - extract common code and documentation (https://github.com/ansible-collections/community.general/pull/1331).
+      - proxmox inventory plugin - ignore QEMU templates altogether instead of skipping
+        the creation of the host in the inventory (https://github.com/ansible-collections/community.general/pull/1185).
+      - 'proxmox_kvm - add cloud-init support (new options: ``cicustom``, ``cipassword``,
+        ``citype``, ``ciuser``, ``ipconfig``, ``nameservers``, ``searchdomains``,
+        ``sshkeys``) (https://github.com/ansible-collections/community.general/pull/797).'
+      - proxmox_kvm - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+      - proxmox_kvm - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+      - proxmox_template - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+      - proxmox_template - download proxmox applicance templates (pveam) (https://github.com/ansible-collections/community.general/pull/1046).
+      - redis cache plugin - add redis sentinel functionality to cache plugin (https://github.com/ansible-collections/community.general/pull/1055).
+      - redis cache plugin - make the redis cache keyset name configurable (https://github.com/ansible-collections/community.general/pull/1036).
+      - terraform - add ``init_reconfigure`` option, which controls the ``-reconfigure``
+        flag (backend reconfiguration) (https://github.com/ansible-collections/community.general/pull/823).
+      - xfconf - removed unnecessary second execution of ``xfconf-query`` (https://github.com/ansible-collections/community.general/pull/1305).
+      release_summary: This is the last minor 1.x.0 release. The next releases from
+        the stable-1 branch will be 1.3.y patch releases.
+    fragments:
+    - 1.3.0.yml
+    - 1024-vault-skip-verify-support.yml
+    - 1028-proxmox-kvm-linked-clone.yml
+    - 1036-redis-cache-keyset-name.yaml
+    - 1038-fix-homebrew-and-homebrew-cask-package-validation.yaml
+    - 1039-archive-fix-paramater-types.yaml
+    - 1048-postgresql_privs_add_procedure_type.yml
+    - 1055-redis-cache-sentinel.yaml
+    - 1059-postgresql_privs_fix_failings_when_using_roles_with_hyphen.yml
+    - 1078-postgresql_ext_fix_version_selection_when_version_is_latest.yml
+    - 1079-redis-use-regexp-to-check-if-the-value-matches-expected-form.yaml
+    - 1081-solaris_zone-python3.yml
+    - 1091-postgresql_info_add_in_recovery_ret_val.yml
+    - 1099-postgresql_ext_fix_failing_when_version_cannot_be_compared.yml
+    - 1101-slack-ts-fix.yaml
+    - 1105-beadm_bugfix.yaml
+    - 1107-monit-fix-status-check.yml
+    - 1118-docker_login-config-store.yml
+    - 1119-docker_container-device-reqests.yml
+    - 1124-pg_hba-dictkey_bugfix.yaml
+    - 1126-influxdb-conditional-path-argument.yml
+    - 1127-maven_artifact_client_cert.yml
+    - 1138-hashi_vault_fix_approle_authentication_without_secret_id.yml
+    - 1140-iptables_state-fix-race-condition.yml
+    - 1144-consul-add-tcp-check-support.yml
+    - 1149-filesystem-fix-355-state-absent.yml
+    - 1154-django_manage-docs.yml
+    - 1169-getbinpkgonly.yaml
+    - 1175-zypper-absent-lang.yml
+    - 1179-composer_require_v2_idempotence_fix.yml
+    - 1185-proxmox-ignore-qemu-templates.yml
+    - 1196-use_description-in-gitlab-group-creation.yml
+    - 1206-proxmox-api-token.yml
+    - 1213-hashi_vault-jwt-auth-support.yaml
+    - 1223-nios-remove-redundant-aliases.yml
+    - 1243-pkgng-present-ignoreosver.yaml
+    - 1244-renamed-parameter.yaml
+    - 1246-flatpak-use-non-interactive-argument.yaml
+    - 1256-feat-pkgin-add-full-version-package-name.yml
+    - 1258-proxmox_kvm-ignore-pool-on-update.yaml
+    - 1264-dict_kv-new-filter.yaml
+    - 1270-linode-v4-stackscript-support.yaml
+    - 1305-added-xfconf-tests.yaml
+    - 1307-macports-fix-status-check.yml
+    - 1322-module_helper_and_xfconf.yaml
+    - 1331-proxmox-info-modules.yml
+    - 1338-datadog-mark-notification_message-no_log.yml
+    - 1339-ip-no_log-nonsecret.yml
+    - 1383-apache2-module-amend-shib-workaround.yaml
+    - 216-fix-lxc-container-container_config-parameter.yaml
+    - 229_lvol_percentage_fix.yml
+    - 349-pacman_improve_group_expansion_speed.yml
+    - 360_syspatch_apply_patches_by_default.yml
+    - 409-datadog-monitor-include-tags.yaml
+    - 436-infoblox-use-stderr-and-environment-for-config.yaml
+    - 713-maven-timestamp-snapshot.yml
+    - 768-facter.yml
+    - 773-resize-partition.yml
+    - 788-fix_omapi_host_on_python3.yaml
+    - 797-proxmox-kvm-cloud-init.yaml
+    - 805-docker_image-build-output.yml
+    - 823-terraform_init_reconfigure.yaml
+    - 850-proxmox_kvm-remove_hard_coded_defaults.yml
+    - 886-postgresql_query_add_ret_vals.yml
+    - 891-packet_net-fix-not-subscriptable.yaml
+    - 968-gitlab_variables-pagination.yml
+    - 993-file-capabilities.yml
+    - community.docker-31-docker-secret.yml
+    - docker-migration.yml
+    - fix-plugin-imports.yml
+    - hetzner-migration.yml
+    - lookup-passwordstore-umask.yml
+    - nmcli-refactor.yml
+    - odbc.yml
+    - openbsd_pkg.yml
+    - postgresql-migration.yml
+    - proxmox_template-appliance-download.yml
+    - remove-ansible.posix-dependency.yml
+    modules:
+    - description: Launch a Nomad Job
+      name: nomad_job
+      namespace: clustering.nomad
+    - description: Get Nomad Jobs info
+      name: nomad_job_info
+      namespace: clustering.nomad
+    - description: Track a code or infrastructure change as a PagerDuty change event
+      name: pagerduty_change
+      namespace: monitoring
+    - description: Manage a user account on PagerDuty
+      name: pagerduty_user
+      namespace: monitoring
+    - description: Retrieve information about one or more Proxmox VE domains
+      name: proxmox_domain_info
+      namespace: cloud.misc
+    - description: Retrieve information about one or more Proxmox VE groups
+      name: proxmox_group_info
+      namespace: cloud.misc
+    - description: Retrieve information about one or more Proxmox VE users
+      name: proxmox_user_info
+      namespace: cloud.misc
+    release_date: '2020-11-26'
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 1.2.0
+version: 1.3.0
 readme: README.md
 authors:
  - Ansible (https://github.com/ansible)
@@ -10,11 +10,10 @@ tags: [community]
 # NOTE: No more dependencies can be added to this list
 dependencies:
  ansible.netcommon: '>=1.0.0'
-  ansible.posix: '>=1.0.0'
  community.kubernetes: '>=1.0.0'
  google.cloud: '>=1.0.0'
 repository: https://github.com/ansible-collections/community.general
-#documentation: https://github.com/ansible-collection-migration/community.general/tree/main/docs
+documentation: https://docs.ansible.com/ansible/latest/collections/community/general/
 homepage: https://github.com/ansible-collections/community.general
 issues: https://github.com/ansible-collections/community.general/issues
 #type: flatmap
--- a/plugins/action/system/iptables_state.py
+++ b/plugins/action/system/iptables_state.py
@@ -125,15 +125,18 @@ class ActionModule(ActionBase):
                    module_args['_back'] = '%s/iptables.state' % async_dir
                    async_status_args = dict(_async_dir=async_dir)
                    confirm_cmd = 'rm -f %s' % module_args['_back']
+                    starter_cmd = 'touch %s.starter' % module_args['_back']
                    remaining_time = max(task_async, max_timeout)

            # do work!
            result = merge_hash(result, self._execute_module(module_args=module_args, task_vars=task_vars, wrap_async=wrap_async))

            # Then the 3-steps "go ahead or rollback":
-            # - reset connection to ensure a persistent one will not be reused
-            # - confirm the restored state by removing the backup on the remote
-            # - retrieve the results of the asynchronous task to return them
+            # 1. Catch early errors of the module (in asynchronous task) if any.
+            #    Touch a file on the target to signal the module to process now.
+            # 2. Reset connection to ensure a persistent one will not be reused.
+            # 3. Confirm the restored state by removing the backup on the remote.
+            #    Retrieve the results of the asynchronous task to return them.
            if '_back' in module_args:
                async_status_args['jid'] = result.get('ansible_job_id', None)
                if async_status_args['jid'] is None:
@@ -143,12 +146,18 @@ class ActionModule(ActionBase):
                # option type/value, missing required system command, etc.
                result = merge_hash(result, self._async_result(async_status_args, task_vars, 0))

+                # The module is aware to not process the main iptables-restore
+                # command before finding (and deleting) the 'starter' cookie on
+                # the host, so the previous query will not reach ssh timeout.
+                garbage = self._low_level_execute_command(starter_cmd, sudoable=self.DEFAULT_SUDOABLE)
+
+                # As the main command is not yet executed on the target, here
+                # 'finished' means 'failed before main command be executed'.
                if not result['finished']:
                    try:
                        self._connection.reset()
-                        display.v("%s: reset connection" % (module_name))
                    except AttributeError:
-                        display.warning("Connection plugin does not allow to reset the connection.")
+                        pass

                    for x in range(max_timeout):
                        time.sleep(1)
--- a/plugins/cache/memcached.py
+++ b/plugins/cache/memcached.py
@@ -57,8 +57,9 @@ from ansible.utils.display import Display

 try:
    import memcache
+    HAS_MEMCACHE = True
 except ImportError:
-    raise AnsibleError("python-memcached is required for the memcached fact cache")
+    HAS_MEMCACHE = False

 display = Display()

@@ -187,6 +188,9 @@ class CacheModule(BaseCacheModule):
            self._timeout = C.CACHE_PLUGIN_TIMEOUT
            self._prefix = C.CACHE_PLUGIN_PREFIX

+        if not HAS_MEMCACHE:
+            raise AnsibleError("python-memcached is required for the memcached fact cache")
+
        self._cache = {}
        self._db = ProxyClientPool(connection, debug=0)
        self._keys = CacheModuleKeys(self._db, self._db.get(CacheModuleKeys.PREFIX) or [])
--- a/plugins/cache/redis.py
+++ b/plugins/cache/redis.py
@@ -18,6 +18,7 @@ DOCUMENTATION = '''
          - A colon separated string of connection information for Redis.
          - The format is C(host:port:db:password), for example C(localhost:6379:0:changeme).
          - To use encryption in transit, prefix the connection with C(tls://), as in C(tls://localhost:6379:0:changeme).
+          - To use redis sentinel, use separator C(;), for example C(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0.
        required: True
        env:
          - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
@@ -32,6 +33,23 @@ DOCUMENTATION = '''
        ini:
          - key: fact_caching_prefix
            section: defaults
+      _keyset_name:
+        description: User defined name for cache keyset name.
+        default: ansible_cache_keys
+        env:
+          - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME
+        ini:
+          - key: fact_caching_redis_keyset_name
+            section: defaults
+        version_added: 1.3.0
+      _sentinel_service_name:
+        description: The redis sentinel service name (or referenced as cluster name).
+        env:
+          - name: ANSIBLE_CACHE_REDIS_SENTINEL
+        ini:
+          - key: fact_caching_redis_sentinel
+            section: defaults
+        version_added: 1.3.0
      _timeout:
        default: 86400
        description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
@@ -48,14 +66,16 @@ import json

 from ansible import constants as C
 from ansible.errors import AnsibleError
+from ansible.module_utils._text import to_native
 from ansible.parsing.ajson import AnsibleJSONEncoder, AnsibleJSONDecoder
 from ansible.plugins.cache import BaseCacheModule
 from ansible.utils.display import Display

 try:
    from redis import StrictRedis, VERSION
+    HAS_REDIS = True
 except ImportError:
-    raise AnsibleError("The 'redis' python module (version 2.4.5 or newer) is required for the redis fact cache, 'pip install redis'")
+    HAS_REDIS = False

 display = Display()

@@ -69,6 +89,8 @@ class CacheModule(BaseCacheModule):
    to expire keys. This mechanism is used or a pattern matched 'scan' for
    performance.
    """
+    _sentinel_service_name = None
+
    def __init__(self, *args, **kwargs):
        uri = ''

@@ -78,6 +100,8 @@ class CacheModule(BaseCacheModule):
                uri = self.get_option('_uri')
            self._timeout = float(self.get_option('_timeout'))
            self._prefix = self.get_option('_prefix')
+            self._keys_set = self.get_option('_keyset_name')
+            self._sentinel_service_name = self.get_option('_sentinel_service_name')
        except KeyError:
            display.deprecated('Rather than importing CacheModules directly, '
                               'use ansible.plugins.loader.cache_loader',
@@ -86,17 +110,60 @@ class CacheModule(BaseCacheModule):
                uri = C.CACHE_PLUGIN_CONNECTION
            self._timeout = float(C.CACHE_PLUGIN_TIMEOUT)
            self._prefix = C.CACHE_PLUGIN_PREFIX
+            self._keys_set = 'ansible_cache_keys'
+
+        if not HAS_REDIS:
+            raise AnsibleError("The 'redis' python module (version 2.4.5 or newer) is required for the redis fact cache, 'pip install redis'")

        self._cache = {}
        kw = {}
+
+        # tls connection
        tlsprefix = 'tls://'
        if uri.startswith(tlsprefix):
            kw['ssl'] = True
            uri = uri[len(tlsprefix):]

-        connection = uri.split(':')
-        self._db = StrictRedis(*connection, **kw)
-        self._keys_set = 'ansible_cache_keys'
+        # redis sentinel connection
+        if self._sentinel_service_name:
+            self._db = self._get_sentinel_connection(uri, kw)
+        # normal connection
+        else:
+            connection = uri.split(':')
+            self._db = StrictRedis(*connection, **kw)
+
+        display.vv('Redis connection: %s' % self._db)
+
+    def _get_sentinel_connection(self, uri, kw):
+        """
+        get sentinel connection details from _uri
+        """
+        try:
+            from redis.sentinel import Sentinel
+        except ImportError:
+            raise AnsibleError("The 'redis' python module (version 2.9.0 or newer) is required to use redis sentinel.")
+
+        if ';' not in uri:
+            raise AnsibleError('_uri does not have sentinel syntax.')
+
+        # format: "localhost:26379;localhost2:26379;0:changeme"
+        connections = uri.split(';')
+        connection_args = connections.pop(-1)
+        if len(connection_args) > 0:  # hanle if no db nr is given
+            connection_args = connection_args.split(':')
+            kw['db'] = connection_args.pop(0)
+            try:
+                kw['password'] = connection_args.pop(0)
+            except IndexError:
+                pass  # password is optional
+
+        sentinels = [tuple(shost.split(':')) for shost in connections]
+        display.vv('\nUsing redis sentinels: %s' % sentinels)
+        scon = Sentinel(sentinels, **kw)
+        try:
+            return scon.master_for(self._sentinel_service_name, socket_timeout=0.2)
+        except Exception as exc:
+            raise AnsibleError('Could not connect to redis sentinel: %s' % to_native(exc))

    def _make_key(self, key):
        return self._prefix + key
--- a/plugins/doc_fragments/dimensiondata.py
+++ b/plugins/doc_fragments/dimensiondata.py
@@ -19,7 +19,6 @@ options:
  region:
    description:
      - The target region.
-    choices:
      - Regions are defined in Apache libcloud project [libcloud/common/dimensiondata.py]
      - They are also listed in U(https://libcloud.readthedocs.io/en/latest/compute/drivers/dimensiondata.html)
      - Note that the default value "na" stands for "North America".
--- a/plugins/doc_fragments/influxdb.py
+++ b/plugins/doc_fragments/influxdb.py
@@ -40,6 +40,7 @@ options:
  path:
    description:
    - The path on which InfluxDB server is accessible
+    - Only available when using python-influxdb >= 5.1.0
    type: str
    version_added: '0.2.0'
  validate_certs:
@@ -52,6 +53,7 @@ options:
    description:
    - Use https instead of http to connect to InfluxDB server.
    type: bool
+    default: false
  timeout:
    description:
    - Number of seconds Requests will wait for client to establish a connection.
@@ -60,12 +62,14 @@ options:
    description:
    - Number of retries client will try before aborting.
    - C(0) indicates try until success.
+    - Only available when using python-influxdb >= 4.1.0
    type: int
    default: 3
  use_udp:
    description:
    - Use UDP to connect to InfluxDB server.
    type: bool
+    default: false
  udp_port:
    description:
    - UDP port to connect to InfluxDB server.
--- a/plugins/doc_fragments/manageiq.py
+++ b/plugins/doc_fragments/manageiq.py
@@ -15,14 +15,14 @@ options:
  manageiq_connection:
    description:
      - ManageIQ connection configuration information.
-    required: true
+    required: false
    type: dict
    suboptions:
      url:
        description:
          - ManageIQ environment url. C(MIQ_URL) env var if set. otherwise, it is required to pass it.
        type: str
-        required: true
+        required: false
      username:
        description:
          - ManageIQ username. C(MIQ_USERNAME) env var if set. otherwise, required if no token is passed in.
@@ -44,7 +44,7 @@ options:
      ca_cert:
        description:
          - The path to a CA bundle file or directory with certificates. defaults to None.
-        type: path
+        type: str
        aliases: [ ca_bundle_path ]

 requirements:
--- a/plugins/doc_fragments/nomad.py
+++ b/plugins/doc_fragments/nomad.py
@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2020 FERREIRA Christophe <christophe.ferreira@cnaf.fr>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+    # Standard files documentation fragment
+    DOCUMENTATION = r'''
+options:
+    host:
+      description:
+        - FQDN of Nomad server.
+      required: true
+      type: str
+    use_ssl:
+      description:
+        - Use TLS/SSL connection.
+      type: bool
+      default: true
+    timeout:
+      description:
+        - Timeout (in seconds) for the request to Nomad.
+      type: int
+      default: 5
+    validate_certs:
+      description:
+        - Enable TLS/SSL certificate validation.
+      type: bool
+      default: true
+    client_cert:
+      description:
+        - Path of certificate for TLS/SSL.
+      type: path
+    client_key:
+      description:
+        - Path of certificate's private key for TLS/SSL.
+      type: path
+    namespace:
+      description:
+        - Namespace for Nomad.
+      type: str
+    token:
+      description:
+        - ACL token for authentification.
+      type: str
+'''
--- a/plugins/doc_fragments/ovirt_facts.py
+++ b/plugins/doc_fragments/ovirt_facts.py
@@ -19,6 +19,7 @@ options:
              Only the attributes of the current entity. User can configure to fetch other
              attributes of the nested entities by specifying C(nested_attributes).
        type: bool
+        default: false
    nested_attributes:
        description:
            - Specifies list of the attributes which should be fetched from the API.
--- a/plugins/doc_fragments/proxmox.py
+++ b/plugins/doc_fragments/proxmox.py
@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+    # Common parameters for Proxmox VE modules
+    DOCUMENTATION = r'''
+options:
+  api_host:
+    description:
+      - Specify the target host of the Proxmox VE cluster.
+    type: str
+    required: true
+  api_user:
+    description:
+      - Specify the user to authenticate with.
+    type: str
+    required: true
+  api_password:
+    description:
+      - Specify the password to authenticate with.
+      - You can use C(PROXMOX_PASSWORD) environment variable.
+    type: str
+  api_token_id:
+    description:
+      - Specify the token ID.
+    type: str
+    version_added: 1.3.0
+  api_token_secret:
+    description:
+      - Specify the token secret.
+    type: str
+    version_added: 1.3.0
+  validate_certs:
+    description:
+      - If C(no), SSL certificates will not be validated.
+      - This should only be used on personally controlled sites using self-signed certificates.
+    type: bool
+    default: no
+requirements: [ "proxmoxer", "requests" ]
+'''
--- a/plugins/doc_fragments/rackspace.py
+++ b/plugins/doc_fragments/rackspace.py
@@ -32,7 +32,6 @@ options:
    description:
      - Region to create an instance in.
    type: str
-    default: DFW
  username:
    description:
      - Rackspace username, overrides I(credentials).
@@ -59,37 +58,45 @@ notes:
    OPENSTACK = r'''
 options:
  api_key:
+    type: str
    description:
      - Rackspace API key, overrides I(credentials).
    aliases: [ password ]
  auth_endpoint:
+    type: str
    description:
      - The URI of the authentication service.
-    default: https://identity.api.rackspacecloud.com/v2.0/
+      - If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/)
  credentials:
+    type: path
    description:
      - File to find the Rackspace credentials in. Ignored if I(api_key) and
        I(username) are provided.
    aliases: [ creds_file ]
  env:
+    type: str
    description:
      - Environment as configured in I(~/.pyrax.cfg),
        see U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration).
  identity_type:
+    type: str
    description:
      - Authentication mechanism to use, such as rackspace or keystone.
    default: rackspace
  region:
+    type: str
    description:
      - Region to create an instance in.
-    default: DFW
  tenant_id:
+    type: str
    description:
      - The tenant ID used for authentication.
  tenant_name:
+    type: str
    description:
      - The tenant name used for authentication.
  username:
+    type: str
    description:
      - Rackspace username, overrides I(credentials).
  validate_certs:
--- a/plugins/filter/dict_kv.py
+++ b/plugins/filter/dict_kv.py
@@ -0,0 +1,70 @@
+# Copyright (C) 2020 Stanislav German-Evtushenko (@giner) <ginermail@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+def dict_kv(value, key):
+    '''Return a dictionary with a single key-value pair
+
+    Example:
+
+        - hosts: localhost
+          gather_facts: false
+          vars:
+            myvar: myvalue
+          tasks:
+          - debug:
+              msg: "{{ myvar | dict_kv('thatsmyvar') }}"
+
+        produces:
+
+        ok: [localhost] => {
+            "msg": {
+                "thatsmyvar": "myvalue"
+            }
+        }
+
+    Example 2:
+
+        - hosts: localhost
+          gather_facts: false
+          vars:
+            common_config:
+              type: host
+              database: all
+            myservers:
+            - server1
+            - server2
+          tasks:
+          - debug:
+              msg: "{{ myservers | map('dict_kv', 'server') | map('combine', common_config) }}"
+
+        produces:
+
+        ok: [localhost] => {
+            "msg": [
+                {
+                    "database": "all",
+                    "server": "server1",
+                    "type": "host"
+                },
+                {
+                    "database": "all",
+                    "server": "server2",
+                    "type": "host"
+                }
+            ]
+        }
+    '''
+    return {key: value}
+
+
+class FilterModule(object):
+    ''' Query filter '''
+
+    def filters(self):
+        return {
+            'dict_kv': dict_kv
+        }
--- a/plugins/inventory/linode.py
+++ b/plugins/inventory/linode.py
@@ -63,8 +63,9 @@ from ansible.plugins.inventory import BaseInventoryPlugin
 try:
    from linode_api4 import LinodeClient
    from linode_api4.errors import ApiError as LinodeApiError
+    HAS_LINODE = True
 except ImportError:
-    raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
+    HAS_LINODE = False


 class InventoryModule(BaseInventoryPlugin):
@@ -194,6 +195,9 @@ class InventoryModule(BaseInventoryPlugin):
        """Dynamically parse Linode the cloud inventory."""
        super(InventoryModule, self).parse(inventory, loader, path)

+        if not HAS_LINODE:
+            raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
+
        config_data = self._read_config_data(path)
        self._build_client()

--- a/plugins/inventory/proxmox.py
+++ b/plugins/inventory/proxmox.py
@@ -300,10 +300,12 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                node_qemu_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), ('%s_qemu' % node['node']).lower()))
                self.inventory.add_group(node_qemu_group)
                for qemu in self._get_qemu_per_node(node['node']):
-                    if not qemu['template']:
-                        self.inventory.add_host(qemu['name'])
-                        self.inventory.add_child(qemu_group, qemu['name'])
-                        self.inventory.add_child(node_qemu_group, qemu['name'])
+                    if qemu['template']:
+                        continue
+
+                    self.inventory.add_host(qemu['name'])
+                    self.inventory.add_child(qemu_group, qemu['name'])
+                    self.inventory.add_child(node_qemu_group, qemu['name'])

                    # get QEMU status
                    self._get_vm_status(node['node'], qemu['vmid'], 'qemu', qemu['name'])
--- a/plugins/lookup/gcp_storage_file.py
+++ b/plugins/lookup/gcp_storage_file.py
@@ -48,11 +48,16 @@ import base64
 import json
 import mimetypes
 import os
-import requests
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display

+try:
+    import requests
+    HAS_REQUESTS = True
+except ImportError:
+    HAS_REQUESTS = False
+
 try:
    from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import navigate_hash, GcpSession
    HAS_GOOGLE_CLOUD_COLLECTION = True
@@ -146,4 +151,6 @@ class LookupModule(LookupBase):
    def run(self, terms, variables=None, **kwargs):
        if not HAS_GOOGLE_CLOUD_COLLECTION:
            raise AnsibleError("community.general.gcp_storage_file needs a supported version of the google.cloud collection installed")
+        if not HAS_REQUESTS:
+            raise AnsibleError("community.general.gcp_storage_file needs requests installed. Use `pip install requests` to install it")
        return GcpFileLookup().run(terms, variables=variables, **kwargs)
--- a/plugins/lookup/hashi_vault.py
+++ b/plugins/lookup/hashi_vault.py
@@ -11,7 +11,7 @@ DOCUMENTATION = """
  author:
    - Jonathan Davila (!UNKNOWN) <jdavila(at)ansible.com>
    - Brian Scholer (@briantist)
-  short_description: Retrieve secrets from HashiCorp's vault
+  short_description: Retrieve secrets from HashiCorp's Vault
  requirements:
    - hvac (python library)
    - hvac 0.7.0+ (for namespace support)
@@ -19,7 +19,7 @@ DOCUMENTATION = """
    - botocore (only if inferring aws params from boto)
    - boto3 (only if using a boto profile)
  description:
-    - Retrieve secrets from HashiCorp's vault.
+    - Retrieve secrets from HashiCorp's Vault.
  notes:
    - Due to a current limitation in the HVAC library there won't necessarily be an error if a bad endpoint is specified.
    - As of community.general 0.2.0, only the latest version of a secret is returned when specifying a KV v2 path.
@@ -27,7 +27,7 @@ DOCUMENTATION = """
    - As of community.general 0.2.0, when C(secret) is the first option in the term string, C(secret=) is not required (see examples).
  options:
    secret:
-      description: query you are making.
+      description: Vault path to the secret being requested in the format C(path[:field]).
      required: True
    token:
      description:
@@ -55,7 +55,7 @@ DOCUMENTATION = """
      default: '.vault-token'
      version_added: '0.2.0'
    url:
-      description: URL to vault service.
+      description: URL to the Vault service.
      env:
        - name: VAULT_ADDR
      ini:
@@ -76,7 +76,7 @@ DOCUMENTATION = """
          key: role_id
          version_added: '0.2.0'
    secret_id:
-      description: Secret id for a vault AppRole auth.
+      description: Secret ID to be used for Vault AppRole authentication.
      env:
        - name: VAULT_SECRET_ID
    auth_method:
@@ -84,6 +84,7 @@ DOCUMENTATION = """
        - Authentication method to be used.
        - C(userpass) is added in Ansible 2.8.
        - C(aws_iam_login) is added in community.general 0.2.0.
+        - C(jwt) is added in community.general 1.3.0.
      env:
        - name: VAULT_AUTH_METHOD
      ini:
@@ -96,6 +97,7 @@ DOCUMENTATION = """
        - ldap
        - approle
        - aws_iam_login
+        - jwt
      default: token
    return_format:
      description:
@@ -111,16 +113,27 @@ DOCUMENTATION = """
      aliases: [ as ]
      version_added: '0.2.0'
    mount_point:
-      description: Vault mount point, only required if you have a custom mount point.
+      description: Vault mount point, only required if you have a custom mount point. Does not apply to token authentication.
+    jwt:
+      description: The JSON Web Token (JWT) to use for JWT authentication to Vault.
+      env:
+        - name: ANSIBLE_HASHI_VAULT_JWT
+      version_added: 1.3.0
    ca_cert:
      description: Path to certificate to use for authentication.
      aliases: [ cacert ]
    validate_certs:
-      description: Controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
+      description:
+        - Controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
+        - Will be populated with the inverse of C(VAULT_SKIP_VERIFY) if that is set and I(validate_certs) is not explicitly
+          provided (added in community.general 1.3.0).
+        - Will default to C(true) if neither I(validate_certs) or C(VAULT_SKIP_VERIFY) are set.
      type: boolean
-      default: True
    namespace:
-      description: Namespace where secrets reside. Requires HVAC 0.7.0+ and Vault 0.11+.
+      description:
+        - Vault namespace where secrets reside. This option requires HVAC 0.7.0+ and Vault 0.11+.
+        - Optionally, this may be achieved by prefixing the authentication mount point and/or secret path with the namespace
+          (e.g C(mynamespace/secret/mysecret)).
      env:
        - name: VAULT_NAMESPACE
          version_added: 1.2.0
@@ -183,7 +196,7 @@ EXAMPLES = """
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hello:value auth_method=userpass username=myuser password=psw url=http://myvault:8200') }}"

- name: Using an ssl vault
+- name: Connect to Vault using TLS
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hola:value token=c975b780-d1be-8016-866b-01d0f9b688a5 validate_certs=False') }}"

@@ -191,7 +204,7 @@ EXAMPLES = """
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret/hi:value token=xxxx url=https://myvault:8200 validate_certs=True cacert=/cacert/path/ca.pem') }}"

- name: authenticate with a Vault app role
+- name: Authenticate with a Vault app role
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hello:value auth_method=approle role_id=myroleid secret_id=mysecretid') }}"

@@ -241,7 +254,13 @@ EXAMPLES = """

 - name: authenticate with aws_iam_login
  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='aws_iam_login' role_id='myroleid', profile=my_boto_profile) }}"
+    msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='aws_iam_login', role_id='myroleid', profile=my_boto_profile) }}"
+
+# The following examples work in collection releases after community.general 1.3.0
+
+- name: Authenticate with a JWT
+  ansible.builtin.debug:
+      msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='jwt', role_id='myroleid', jwt='myjwt', url='https://myvault:8200')}}"
 """

 RETURN = """
@@ -257,6 +276,7 @@ import os
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display
+from ansible.module_utils.parsing.convert_bool import boolean

 HAS_HVAC = False
 try:
@@ -424,6 +444,17 @@ class HashiVault:
            Display().warning("HVAC should be updated to version 0.9.3 or higher. Deprecated method 'auth_aws_iam' will be used.")
            self.client.auth_aws_iam(**params)

+    def auth_jwt(self):
+        params = self.get_options('role_id', 'jwt', 'mount_point')
+        params['role'] = params.pop('role_id')
+        if self.hvac_has_auth_methods and hasattr(self.client.auth, 'jwt') and hasattr(self.client.auth.jwt, 'jwt_login'):
+            response = self.client.auth.jwt.jwt_login(**params)
+            # must manually set the client token with JWT login
+            # see https://github.com/hvac/hvac/issues/644
+            self.client.token = response['auth']['client_token']
+        else:
+            raise AnsibleError("JWT authentication requires HVAC version 0.10.5 or higher.")
+
    # end auth implementation methods


@@ -486,8 +517,28 @@ class LookupModule(LookupBase):
        #
        '''' return a bool or cacert '''
        ca_cert = self.get_option('ca_cert')
+
        validate_certs = self.get_option('validate_certs')

+        if validate_certs is None:
+            # Validate certs option was not explicitly set
+
+            # Check if VAULT_SKIP_VERIFY is set
+            vault_skip_verify = os.environ.get('VAULT_SKIP_VERIFY')
+
+            if vault_skip_verify is not None:
+                # VAULT_SKIP_VERIFY is set
+                try:
+                    # Check that we have a boolean value
+                    vault_skip_verify = boolean(vault_skip_verify)
+                    # Use the inverse of VAULT_SKIP_VERIFY
+                    validate_certs = not vault_skip_verify
+                except TypeError:
+                    # Not a boolean value fallback to default value (True)
+                    validate_certs = True
+            else:
+                validate_certs = True
+
        if not (validate_certs and ca_cert):
            self.set_option('ca_cert', validate_certs)

@@ -506,7 +557,7 @@ class LookupModule(LookupBase):
    def auth_methods(self):
        # enforce and set the list of available auth methods
        # TODO: can this be read from the choices: field in documentation?
-        avail_auth_methods = ['token', 'approle', 'userpass', 'ldap', 'aws_iam_login']
+        avail_auth_methods = ['token', 'approle', 'userpass', 'ldap', 'aws_iam_login', 'jwt']
        self.set_option('avail_auth_methods', avail_auth_methods)
        auth_method = self.get_option('auth_method')

@@ -537,7 +588,7 @@ class LookupModule(LookupBase):
        self.validate_by_required_fields(auth_method, 'username', 'password')

    def validate_auth_approle(self, auth_method):
-        self.validate_by_required_fields(auth_method, 'role_id', 'secret_id')
+        self.validate_by_required_fields(auth_method, 'role_id')

    def validate_auth_token(self, auth_method):
        if auth_method == 'token':
@@ -593,4 +644,7 @@ class LookupModule(LookupBase):

        self.set_option('iam_login_credentials', params)

+    def validate_auth_jwt(self, auth_method):
+        self.validate_by_required_fields(auth_method, 'role_id', 'jwt')
+
    # end auth method validators
--- a/plugins/lookup/passwordstore.py
+++ b/plugins/lookup/passwordstore.py
@@ -32,6 +32,13 @@ DOCUMENTATION = '''
        description: Overwrite the password if it does already exist.
        type: bool
        default: 'no'
+      umask:
+        description:
+          - Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable).
+          - Note pass' default value is C('077').
+        env:
+          - name: PASSWORD_STORE_UMASK
+        version_added: 1.3.0
      returnall:
        description: Return all the content of the password, not only the first line.
        type: bool
@@ -175,17 +182,29 @@ class LookupModule(LookupBase):
                else:
                    raise AnsibleError("{0} is not a correct value for length".format(self.paramvals['length']))

+            # Collect pass environment variables from the plugin's parameters.
+            self.env = os.environ.copy()
+
            # Set PASSWORD_STORE_DIR if directory is set
            if self.paramvals['directory']:
                if os.path.isdir(self.paramvals['directory']):
-                    os.environ['PASSWORD_STORE_DIR'] = self.paramvals['directory']
+                    self.env['PASSWORD_STORE_DIR'] = self.paramvals['directory']
                else:
                    raise AnsibleError('Passwordstore directory \'{0}\' does not exist'.format(self.paramvals['directory']))

+            # Set PASSWORD_STORE_UMASK if umask is set
+            if 'umask' in self.paramvals:
+                if len(self.paramvals['umask']) != 3:
+                    raise AnsibleError('Passwordstore umask must have a length of 3.')
+                elif int(self.paramvals['umask'][0]) > 3:
+                    raise AnsibleError('Passwordstore umask not allowed (password not user readable).')
+                else:
+                    self.env['PASSWORD_STORE_UMASK'] = self.paramvals['umask']
+
    def check_pass(self):
        try:
            self.passoutput = to_text(
-                check_output2(["pass", self.passname]),
+                check_output2(["pass", self.passname], env=self.env),
                errors='surrogate_or_strict'
            ).splitlines()
            self.password = self.passoutput[0]
@@ -228,7 +247,7 @@ class LookupModule(LookupBase):
        if self.paramvals['backup']:
            msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
        try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg)
+            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
        except (subprocess.CalledProcessError) as e:
            raise AnsibleError(e)
        return newpass
@@ -240,7 +259,7 @@ class LookupModule(LookupBase):
        datetime = time.strftime("%d/%m/%Y %H:%M:%S")
        msg = newpass + '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
        try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg)
+            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
        except (subprocess.CalledProcessError) as e:
            raise AnsibleError(e)
        return newpass
--- a/plugins/module_utils/_mount.py
+++ b/plugins/module_utils/_mount.py
@@ -0,0 +1,90 @@
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is based on
+# Lib/posixpath.py of cpython
+# It is licensed under the PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+#
+# 1. This LICENSE AGREEMENT is between the Python Software Foundation
+# ("PSF"), and the Individual or Organization ("Licensee") accessing and
+# otherwise using this software ("Python") in source or binary form and
+# its associated documentation.
+#
+# 2. Subject to the terms and conditions of this License Agreement, PSF hereby
+# grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+# analyze, test, perform and/or display publicly, prepare derivative works,
+# distribute, and otherwise use Python alone or in any derivative version,
+# provided, however, that PSF's License Agreement and PSF's notice of copyright,
+# i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012, 2013, 2014, 2015 Python Software Foundation; All Rights Reserved"
+# are retained in Python alone or in any derivative version prepared by Licensee.
+#
+# 3. In the event Licensee prepares a derivative work that is based on
+# or incorporates Python or any part thereof, and wants to make
+# the derivative work available to others as provided herein, then
+# Licensee hereby agrees to include in any such work a brief summary of
+# the changes made to Python.
+#
+# 4. PSF is making Python available to Licensee on an "AS IS"
+# basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+# IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+# DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+# FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+# INFRINGE ANY THIRD PARTY RIGHTS.
+#
+# 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+# FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+# A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+# OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+#
+# 6. This License Agreement will automatically terminate upon a material
+# breach of its terms and conditions.
+#
+# 7. Nothing in this License Agreement shall be deemed to create any
+# relationship of agency, partnership, or joint venture between PSF and
+# Licensee.  This License Agreement does not grant permission to use PSF
+# trademarks or trade name in a trademark sense to endorse or promote
+# products or services of Licensee, or any third party.
+#
+# 8. By copying, installing or otherwise using Python, Licensee
+# agrees to be bound by the terms and conditions of this License
+# Agreement.
+
+import os
+
+
+def ismount(path):
+    """Test whether a path is a mount point
+    This is a copy of the upstream version of ismount(). Originally this was copied here as a workaround
+    until Python issue 2466 was fixed. Now it is here so this will work on older versions of Python
+    that may not have the upstream fix.
+    https://github.com/ansible/ansible-modules-core/issues/2186
+    http://bugs.python.org/issue2466
+    """
+    try:
+        s1 = os.lstat(path)
+    except (OSError, ValueError):
+        # It doesn't exist -- so not a mount point. :-)
+        return False
+    else:
+        # A symlink can never be a mount point
+        if os.path.stat.S_ISLNK(s1.st_mode):
+            return False
+
+    if isinstance(path, bytes):
+        parent = os.path.join(path, b'..')
+    else:
+        parent = os.path.join(path, '..')
+    parent = os.path.realpath(parent)
+    try:
+        s2 = os.lstat(parent)
+    except (OSError, ValueError):
+        return False
+
+    dev1 = s1.st_dev
+    dev2 = s2.st_dev
+    if dev1 != dev2:
+        return True     # path/.. on a different device as path
+    ino1 = s1.st_ino
+    ino2 = s2.st_ino
+    if ino1 == ino2:
+        return True     # path/.. is the same i-node as path
+    return False
--- a/plugins/module_utils/influxdb.py
+++ b/plugins/module_utils/influxdb.py
@@ -9,6 +9,7 @@ __metaclass__ = type
 import traceback

 from ansible.module_utils.basic import missing_required_lib
+from distutils.version import LooseVersion

 REQUESTS_IMP_ERR = None
 try:
@@ -69,7 +70,6 @@ class InfluxDb():
        args = dict(
            host=self.hostname,
            port=self.port,
-            path=self.path,
            username=self.username,
            password=self.password,
            database=self.database_name,
@@ -80,9 +80,13 @@ class InfluxDb():
            udp_port=self.params['udp_port'],
            proxies=self.params['proxies'],
        )
-        influxdb_api_version = tuple(influxdb_version.split("."))
-        if influxdb_api_version >= ('4', '1', '0'):
+        influxdb_api_version = LooseVersion(influxdb_version)
+        if influxdb_api_version >= LooseVersion('4.1.0'):
            # retries option is added in version 4.1.0
            args.update(retries=self.params['retries'])

+        if influxdb_api_version >= LooseVersion('5.1.0'):
+            # path argument is added in version 5.1.0
+            args.update(path=self.path)
+
        return InfluxDBClient(**args)
--- a/plugins/module_utils/module_helper.py
+++ b/plugins/module_utils/module_helper.py
@@ -0,0 +1,302 @@
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2018, Ansible Project
+# Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from functools import partial, wraps
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule
+
+
+class ArgFormat(object):
+    """
+    Argument formatter
+    """
+    BOOLEAN = 0
+    PRINTF = 1
+    FORMAT = 2
+
+    @staticmethod
+    def stars_deco(num):
+        if num == 1:
+            def deco(f):
+                return lambda v: f(*v)
+            return deco
+        elif num == 2:
+            def deco(f):
+                return lambda v: f(**v)
+            return deco
+
+        return lambda f: f
+
+    def __init__(self, name, fmt=None, style=FORMAT, stars=0):
+        """
+        Creates a new formatter
+        :param name: Name of the argument to be formatted
+        :param fmt: Either a str to be formatted (using or not printf-style) or a callable that does that
+        :param style: Whether arg_format (as str) should use printf-style formatting.
+                             Ignored if arg_format is None or not a str (should be callable).
+        :param stars: A int with 0, 1 or 2 value, indicating to formatting the value as: value, *value or **value
+        """
+        def printf_fmt(_fmt, v):
+            try:
+                return [_fmt % v]
+            except TypeError as e:
+                if e.args[0] != 'not all arguments converted during string formatting':
+                    raise
+                return [_fmt]
+
+        _fmts = {
+            ArgFormat.BOOLEAN: lambda _fmt, v: ([_fmt] if bool(v) else []),
+            ArgFormat.PRINTF: printf_fmt,
+            ArgFormat.FORMAT: lambda _fmt, v: [_fmt.format(v)],
+        }
+
+        self.name = name
+        self.stars = stars
+
+        if fmt is None:
+            fmt = "{0}"
+            style = ArgFormat.FORMAT
+
+        if isinstance(fmt, str):
+            func = _fmts[style]
+            self.arg_format = partial(func, fmt)
+        elif isinstance(fmt, list) or isinstance(fmt, tuple):
+            self.arg_format = lambda v: [_fmts[style](f, v)[0] for f in fmt]
+        elif hasattr(fmt, '__call__'):
+            self.arg_format = fmt
+        else:
+            raise TypeError('Parameter fmt must be either: a string, a list/tuple of '
+                            'strings or a function: type={0}, value={1}'.format(type(fmt), fmt))
+
+        if stars:
+            self.arg_format = (self.stars_deco(stars))(self.arg_format)
+
+    def to_text(self, value):
+        func = self.arg_format
+        return [str(p) for p in func(value)]
+
+
+def cause_changes(func, on_success=True, on_failure=False):
+    @wraps(func)
+    def wrapper(self, *args, **kwargs):
+        try:
+            func(*args, **kwargs)
+            if on_success:
+                self.changed = True
+        except Exception as e:
+            if on_failure:
+                self.changed = True
+            raise
+    return wrapper
+
+
+def module_fails_on_exception(func):
+    @wraps(func)
+    def wrapper(self, *args, **kwargs):
+        try:
+            func(self, *args, **kwargs)
+        except SystemExit:
+            raise
+        except Exception as e:
+            self.vars.msg = "Module failed with exception: {0}".format(str(e).strip())
+            self.vars.exception = traceback.format_exc()
+            self.module.fail_json(changed=False, msg=self.vars.msg, exception=self.vars.exception, output=self.output, vars=self.vars)
+    return wrapper
+
+
+class DependencyCtxMgr(object):
+    def __init__(self, name, msg=None):
+        self.name = name
+        self.msg = msg
+        self.has_it = False
+        self.exc_type = None
+        self.exc_val = None
+        self.exc_tb = None
+
+    def __enter__(self):
+        pass
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        self.has_it = exc_type is None
+        self.exc_type = exc_type
+        self.exc_val = exc_val
+        self.exc_tb = exc_tb
+        return not self.has_it
+
+    @property
+    def text(self):
+        return self.msg or str(self.exc_val)
+
+
+class ModuleHelper(object):
+    _dependencies = []
+    module = {}
+    facts_name = None
+
+    class AttrDict(dict):
+        def __getattr__(self, item):
+            return self[item]
+
+    def __init__(self, module=None):
+        self.vars = ModuleHelper.AttrDict()
+        self.output_dict = dict()
+        self.facts_dict = dict()
+        self._changed = False
+
+        if module:
+            self.module = module
+
+        if not isinstance(module, AnsibleModule):
+            self.module = AnsibleModule(**self.module)
+
+    def update_output(self, **kwargs):
+        if kwargs:
+            self.output_dict.update(kwargs)
+
+    def update_facts(self, **kwargs):
+        if kwargs:
+            self.facts_dict.update(kwargs)
+
+    def __init_module__(self):
+        pass
+
+    def __run__(self):
+        raise NotImplementedError()
+
+    @property
+    def changed(self):
+        return self._changed
+
+    @changed.setter
+    def changed(self, value):
+        self._changed = value
+
+    @property
+    def output(self):
+        result = dict(self.vars)
+        result.update(self.output_dict)
+        if self.facts_name:
+            result['ansible_facts'] = {self.facts_name: self.facts_dict}
+        return result
+
+    @module_fails_on_exception
+    def run(self):
+        self.fail_on_missing_deps()
+        self.__init_module__()
+        self.__run__()
+        self.module.exit_json(changed=self.changed, **self.output_dict)
+
+    @classmethod
+    def dependency(cls, name, msg):
+        cls._dependencies.append(DependencyCtxMgr(name, msg))
+        return cls._dependencies[-1]
+
+    def fail_on_missing_deps(self):
+        for d in self._dependencies:
+            if not d.has_it:
+                self.module.fail_json(changed=False,
+                                      exception=d.exc_val.__traceback__.format_exc(),
+                                      msg=d.text,
+                                      **self.output_dict)
+
+
+class StateMixin(object):
+    state_param = 'state'
+    default_state = None
+
+    def _state(self):
+        state = self.module.params.get(self.state_param)
+        return self.default_state if state is None else state
+
+    def __run__(self):
+        state = self._state()
+        self.vars.state = state
+
+        # resolve aliases
+        if state not in self.module.params:
+            aliased = [name for name, param in self.module.argument_spec.items() if state in param.get('aliases', [])]
+            if aliased:
+                state = aliased[0]
+                self.vars.effective_state = state
+
+        method = "state_{0}".format(state)
+        if not hasattr(self, method):
+            return self.__state_fallback__()
+        func = getattr(self, method)
+        return func()
+
+    def __state_fallback__(self):
+        raise ValueError("Cannot find method for state: {0}".format(self._state()))
+
+
+class CmdMixin(object):
+    """
+    Mixin for mapping module options to running a CLI command with its arguments.
+    """
+    command = None
+    command_args_formats = dict()
+    check_rc = False
+    force_lang = "C"
+
+    @property
+    def module_formats(self):
+        result = {}
+        for param in self.module.params.keys():
+            result[param] = ArgFormat(param)
+        return result
+
+    @property
+    def custom_formats(self):
+        result = {}
+        for param, fmt_spec in self.command_args_formats.items():
+            result[param] = ArgFormat(param, **fmt_spec)
+        return result
+
+    def _calculate_args(self, extra_params=None, params=None):
+        def add_arg_formatted_param(_cmd_args, arg_format, _value):
+            args = [x for x in arg_format.to_text(_value)]
+            return _cmd_args + args
+
+        def find_format(_param):
+            return self.custom_formats.get(_param, self.module_formats.get(_param))
+
+        extra_params = extra_params or dict()
+        cmd_args = [self.module.get_bin_path(self.command)]
+        param_list = params if params else self.module.params.keys()
+
+        for param in param_list:
+            if param in self.module.argument_spec:
+                if param not in self.module.params:
+                    continue
+                fmt = find_format(param)
+                value = self.module.params[param]
+            else:
+                if param not in extra_params:
+                    continue
+                fmt = find_format(param)
+                value = extra_params[param]
+            self.cmd_args = cmd_args
+            cmd_args = add_arg_formatted_param(cmd_args, fmt, value)
+
+        return cmd_args
+
+    def process_command_output(self, rc, out, err):
+        return rc, out, err
+
+    def run_command(self, extra_params=None, params=None, *args, **kwargs):
+        self.vars['cmd_args'] = self._calculate_args(extra_params, params)
+        env_update = kwargs.get('environ_update', {})
+        check_rc = kwargs.get('check_rc', self.check_rc)
+        if self.force_lang:
+            env_update.update({'LANGUAGE': self.force_lang})
+            self.update_output(force_lang=self.force_lang)
+        rc, out, err = self.module.run_command(self.vars['cmd_args'],
+                                               environ_update=env_update,
+                                               check_rc=check_rc, *args, **kwargs)
+        self.update_output(rc=rc, stdout=out, stderr=err)
+        return self.process_command_output(rc, out, err)
--- a/plugins/module_utils/proxmox.py
+++ b/plugins/module_utils/proxmox.py
@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright: (c) 2020, Tristan Le Guern <tleguern at bouledef.eu>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import atexit
+import time
+import re
+import traceback
+
+PROXMOXER_IMP_ERR = None
+try:
+    from proxmoxer import ProxmoxAPI
+    HAS_PROXMOXER = True
+except ImportError:
+    HAS_PROXMOXER = False
+    PROXMOXER_IMP_ERR = traceback.format_exc()
+
+
+from ansible.module_utils.basic import env_fallback, missing_required_lib
+
+
+def proxmox_auth_argument_spec():
+    return dict(
+        api_host=dict(type='str',
+                      required=True,
+                      fallback=(env_fallback, ['PROXMOX_HOST'])
+                      ),
+        api_user=dict(type='str',
+                      required=True,
+                      fallback=(env_fallback, ['PROXMOX_USER'])
+                      ),
+        api_password=dict(type='str',
+                          no_log=True,
+                          fallback=(env_fallback, ['PROXMOX_PASSWORD'])
+                          ),
+        api_token_id=dict(type='str',
+                          no_log=False
+                          ),
+        api_token_secret=dict(type='str',
+                              no_log=True
+                              ),
+        validate_certs=dict(type='bool',
+                            default=False
+                            ),
+    )
+
+
+def proxmox_to_ansible_bool(value):
+    '''Convert Proxmox representation of a boolean to be ansible-friendly'''
+    return True if value == 1 else False
+
+
+class ProxmoxAnsible(object):
+    """Base class for Proxmox modules"""
+    def __init__(self, module):
+        self.module = module
+        self.proxmox_api = self._connect()
+        # Test token validity
+        try:
+            self.proxmox_api.version.get()
+        except Exception as e:
+            module.fail_json(msg='%s' % e, exception=traceback.format_exc())
+
+    def _connect(self):
+        api_host = self.module.params['api_host']
+        api_user = self.module.params['api_user']
+        api_password = self.module.params['api_password']
+        api_token_id = self.module.params['api_token_id']
+        api_token_secret = self.module.params['api_token_secret']
+        validate_certs = self.module.params['validate_certs']
+
+        auth_args = {'user': api_user}
+        if api_password:
+            auth_args['password'] = api_password
+        else:
+            auth_args['token_name'] = api_token_id
+            auth_args['token_value'] = api_token_secret
+
+        try:
+            return ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
+        except Exception as e:
+            self.module.fail_json(msg='%s' % e, exception=traceback.format_exc())
--- a/plugins/modules/cloud/atomic/atomic_container.py
+++ b/plugins/modules/cloud/atomic/atomic_container.py
@@ -45,14 +45,12 @@ options:
    state:
        description:
          - State of the container.
-        required: True
        choices: ["absent", "latest", "present", "rollback"]
        default: "latest"
        type: str
    mode:
        description:
          - Define if it is an user or a system container.
-        required: True
        choices: ["user", "system"]
        type: str
    values:
--- a/plugins/modules/cloud/centurylink/clc_aa_policy.py
+++ b/plugins/modules/cloud/centurylink/clc_aa_policy.py
@@ -16,14 +16,17 @@ options:
  name:
    description:
      - The name of the Anti Affinity Policy.
+    type: str
    required: True
  location:
    description:
      - Datacenter in which the policy lives/should live.
+    type: str
    required: True
  state:
    description:
      - Whether to create or delete the policy.
+    type: str
    required: False
    default: present
    choices: ['present','absent']
@@ -68,7 +71,6 @@ EXAMPLES = '''
      ansible.builtin.debug:
        var: policy

---
 - name: Delete AA Policy
  hosts: localhost
  gather_facts: False
--- a/plugins/modules/cloud/centurylink/clc_alert_policy.py
+++ b/plugins/modules/cloud/centurylink/clc_alert_policy.py
@@ -17,34 +17,42 @@ options:
  alias:
    description:
      - The alias of your CLC Account
+    type: str
    required: True
  name:
    description:
      - The name of the alert policy. This is mutually exclusive with id
+    type: str
  id:
    description:
      - The alert policy id. This is mutually exclusive with name
+    type: str
  alert_recipients:
    description:
      - A list of recipient email ids to notify the alert.
        This is required for state 'present'
+    type: list
  metric:
    description:
      - The metric on which to measure the condition that will trigger the alert.
        This is required for state 'present'
+    type: str
    choices: ['cpu','memory','disk']
  duration:
    description:
      - The length of time in minutes that the condition must exceed the threshold.
        This is required for state 'present'
+    type: str
  threshold:
    description:
      - The threshold that will trigger the alert when the metric equals or exceeds it.
        This is required for state 'present'
        This number represents a percentage and must be a value between 5.0 - 95.0 that is a multiple of 5.0
+    type: int
  state:
    description:
      - Whether to create or delete the policy.
+    type: str
    default: present
    choices: ['present','absent']
 requirements:
@@ -89,7 +97,6 @@ EXAMPLES = '''
    - name: Debug
      ansible.builtin.debug: var=policy

---
 - name: Delete Alert Policy Example
  hosts: localhost
  gather_facts: False
@@ -210,7 +217,7 @@ class ClcAlertPolicy:
        :return: argument spec dictionary
        """
        argument_spec = dict(
-            name=dict(default=None),
+            name=dict(default=None),  # @FIXME default=None is redundant - remove all
            id=dict(default=None),
            alias=dict(required=True, default=None),
            alert_recipients=dict(type='list', default=None),
--- a/plugins/modules/cloud/centurylink/clc_blueprint_package.py
+++ b/plugins/modules/cloud/centurylink/clc_blueprint_package.py
@@ -16,26 +16,30 @@ options:
  server_ids:
    description:
      - A list of server Ids to deploy the blue print package.
+    type: list
    required: True
  package_id:
    description:
      - The package id of the blue print.
+    type: str
    required: True
  package_params:
    description:
      - The dictionary of arguments required to deploy the blue print.
+    type: dict
    default: {}
    required: False
  state:
    description:
      - Whether to install or uninstall the package. Currently it supports only "present" for install action.
+    type: str
    required: False
    default: present
    choices: ['present']
  wait:
    description:
      - Whether to wait for the tasks to finish before returning.
-    type: bool
+    type: str
    default: True
    required: False
 requirements:
@@ -163,7 +167,7 @@ class ClcBlueprintPackage:
            server_ids=dict(type='list', required=True),
            package_id=dict(required=True),
            package_params=dict(type='dict', default={}),
-            wait=dict(default=True),
+            wait=dict(default=True),   # @FIXME should be bool?
            state=dict(default='present', choices=['present'])
        )
        return argument_spec
--- a/plugins/modules/cloud/centurylink/clc_firewall_policy.py
+++ b/plugins/modules/cloud/centurylink/clc_firewall_policy.py
@@ -16,45 +16,54 @@ options:
  location:
    description:
      - Target datacenter for the firewall policy
+    type: str
    required: True
  state:
    description:
      - Whether to create or delete the firewall policy
+    type: str
    default: present
    choices: ['present', 'absent']
  source:
    description:
      - The list  of source addresses for traffic on the originating firewall.
        This is required when state is 'present'
+    type: list
  destination:
    description:
      - The list of destination addresses for traffic on the terminating firewall.
        This is required when state is 'present'
+    type: list
  ports:
    description:
      - The list of ports associated with the policy.
        TCP and UDP can take in single ports or port ranges.
-    choices: ['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456']
+      - "Example: C(['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456'])."
+    type: list
  firewall_policy_id:
    description:
      - Id of the firewall policy. This is required to update or delete an existing firewall policy
+    type: str
  source_account_alias:
    description:
      - CLC alias for the source account
+    type: str
    required: True
  destination_account_alias:
    description:
      - CLC alias for the destination account
+    type: str
  wait:
    description:
      - Whether to wait for the provisioning tasks to finish before returning.
-    type: bool
-    default: 'yes'
+    type: str
+    default: 'True'
  enabled:
    description:
      - Whether the firewall policy is enabled or disabled
+    type: str
    choices: [True, False]
-    default: 'yes'
+    default: True
 requirements:
    - python = 2.7
    - requests >= 2.5.0
@@ -89,7 +98,6 @@ EXAMPLES = '''
        ports: Any
        destination_account_alias: WFAD

---
 - name: Delete Firewall Policy
  hosts: localhost
  gather_facts: False
@@ -206,13 +214,13 @@ class ClcFirewallPolicy:
        """
        argument_spec = dict(
            location=dict(required=True),
-            source_account_alias=dict(required=True, default=None),
+            source_account_alias=dict(required=True, default=None),   # @FIXME remove default=None
            destination_account_alias=dict(default=None),
            firewall_policy_id=dict(default=None),
            ports=dict(default=None, type='list'),
            source=dict(default=None, type='list'),
            destination=dict(default=None, type='list'),
-            wait=dict(default=True),
+            wait=dict(default=True),   # @FIXME type=bool
            state=dict(default='present', choices=['present', 'absent']),
            enabled=dict(default=True, choices=[True, False])
        )
--- a/plugins/modules/cloud/centurylink/clc_group.py
+++ b/plugins/modules/cloud/centurylink/clc_group.py
@@ -17,23 +17,28 @@ options:
  name:
    description:
      - The name of the Server Group
+    type: str
    required: True
  description:
    description:
      - A description of the Server Group
+    type: str
    required: False
  parent:
    description:
      - The parent group of the server group. If parent is not provided, it creates the group at top level.
+    type: str
    required: False
  location:
    description:
      - Datacenter to create the group in. If location is not provided, the group gets created in the default datacenter
        associated with the account
+    type: str
    required: False
  state:
    description:
      - Whether to create or delete the group
+    type: str
    default: present
    choices: ['present', 'absent']
  wait:
@@ -81,8 +86,6 @@ EXAMPLES = '''
        var: clc

 # Delete a Server Group
-
---
 - name: Delete Server Group
  hosts: localhost
  gather_facts: False
--- a/plugins/modules/cloud/centurylink/clc_loadbalancer.py
+++ b/plugins/modules/cloud/centurylink/clc_loadbalancer.py
@@ -17,42 +17,52 @@ options:
  name:
    description:
      - The name of the loadbalancer
+    type: str
    required: True
  description:
    description:
      - A description for the loadbalancer
+    type: str
  alias:
    description:
      - The alias of your CLC Account
+    type: str
    required: True
  location:
    description:
      - The location of the datacenter where the load balancer resides in
+    type: str
    required: True
  method:
    description:
      -The balancing method for the load balancer pool
+    type: str
    choices: ['leastConnection', 'roundRobin']
  persistence:
    description:
      - The persistence method for the load balancer
+    type: str
    choices: ['standard', 'sticky']
  port:
    description:
      - Port to configure on the public-facing side of the load balancer pool
+    type: str
    choices: [80, 443]
  nodes:
    description:
      - A list of nodes that needs to be added to the load balancer pool
+    type: list
    default: []
  status:
    description:
      - The status of the loadbalancer
+    type: str
    default: enabled
    choices: ['enabled', 'disabled']
  state:
    description:
      - Whether to create or delete the load balancer pool
+    type: str
    default: present
    choices: ['present', 'absent', 'port_absent', 'nodes_present', 'nodes_absent']
 requirements:
--- a/plugins/modules/cloud/centurylink/clc_modify_server.py
+++ b/plugins/modules/cloud/centurylink/clc_modify_server.py
@@ -16,32 +16,40 @@ options:
  server_ids:
    description:
      - A list of server Ids to modify.
+    type: list
    required: True
  cpu:
    description:
      - How many CPUs to update on the server
+    type: str
  memory:
    description:
      - Memory (in GB) to set to the server.
+    type: str
  anti_affinity_policy_id:
    description:
      - The anti affinity policy id to be set for a hyper scale server.
        This is mutually exclusive with 'anti_affinity_policy_name'
+    type: str
  anti_affinity_policy_name:
    description:
      - The anti affinity policy name to be set for a hyper scale server.
        This is mutually exclusive with 'anti_affinity_policy_id'
+    type: str
  alert_policy_id:
    description:
      - The alert policy id to be associated to the server.
        This is mutually exclusive with 'alert_policy_name'
+    type: str
  alert_policy_name:
    description:
      - The alert policy name to be associated to the server.
        This is mutually exclusive with 'alert_policy_id'
+    type: str
  state:
    description:
      - The state to insure that the provided resources are in.
+    type: str
    default: 'present'
    choices: ['present', 'absent']
  wait:
--- a/plugins/modules/cloud/centurylink/clc_publicip.py
+++ b/plugins/modules/cloud/centurylink/clc_publicip.py
@@ -16,19 +16,23 @@ options:
  protocol:
    description:
      - The protocol that the public IP will listen for.
+    type: str
    default: TCP
    choices: ['TCP', 'UDP', 'ICMP']
  ports:
    description:
      - A list of ports to expose. This is required when state is 'present'
+    type: list
  server_ids:
    description:
      - A list of servers to create public ips on.
+    type: list
    required: True
  state:
    description:
      - Determine whether to create or delete public IPs. If present module will not create a second public ip if one
        already exists.
+    type: str
    default: present
    choices: ['present', 'absent']
  wait:
--- a/plugins/modules/cloud/centurylink/clc_server.py
+++ b/plugins/modules/cloud/centurylink/clc_server.py
@@ -16,6 +16,7 @@ options:
  additional_disks:
    description:
      - The list of additional disks for the server
+    type: list
    default: []
  add_public_ip:
    description:
@@ -25,53 +26,68 @@ options:
  alias:
    description:
      - The account alias to provision the servers under.
+    type: str
  anti_affinity_policy_id:
    description:
      - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_name'.
+    type: str
  anti_affinity_policy_name:
    description:
      - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_id'.
+    type: str
  alert_policy_id:
    description:
      - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_name'.
+    type: str
  alert_policy_name:
    description:
      - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_id'.
+    type: str
  count:
    description:
      - The number of servers to build (mutually exclusive with exact_count)
    default: 1
+    type: int
  count_group:
    description:
      - Required when exact_count is specified.  The Server Group use to determine how many servers to deploy.
+    type: str
  cpu:
    description:
      - How many CPUs to provision on the server
    default: 1
+    type: int
  cpu_autoscale_policy_id:
    description:
      - The autoscale policy to assign to the server.
+    type: str
  custom_fields:
    description:
      - The list of custom fields to set on the server.
+    type: list
    default: []
  description:
    description:
      - The description to set for the server.
+    type: str
  exact_count:
    description:
      - Run in idempotent mode.  Will insure that this exact number of servers are running in the provided group,
        creating and deleting them to reach that count.  Requires count_group to be set.
+    type: int
  group:
    description:
      - The Server Group to create servers under.
+    type: str
    default: 'Default Group'
  ip_address:
    description:
      - The IP Address for the server. One is assigned if not provided.
+    type: str
  location:
    description:
      - The Datacenter to create servers in.
+    type: str
  managed_os:
    description:
      - Whether to create the server as 'Managed' or not.
@@ -81,73 +97,91 @@ options:
  memory:
    description:
      - Memory in GB.
+    type: int
    default: 1
  name:
    description:
      - A 1 to 6 character identifier to use for the server. This is required when state is 'present'
+    type: str
  network_id:
    description:
      - The network UUID on which to create servers.
+    type: str
  packages:
    description:
      - The list of blue print packages to run on the server after its created.
+    type: list
    default: []
  password:
    description:
      - Password for the administrator / root user
+    type: str
  primary_dns:
    description:
      - Primary DNS used by the server.
+    type: str
  public_ip_protocol:
    description:
      - The protocol to use for the public ip if add_public_ip is set to True.
+    type: str
    default: 'TCP'
    choices: ['TCP', 'UDP', 'ICMP']
  public_ip_ports:
    description:
      - A list of ports to allow on the firewall to the servers public ip, if add_public_ip is set to True.
+    type: list
    default: []
  secondary_dns:
    description:
      - Secondary DNS used by the server.
+    type: str
  server_ids:
    description:
      - Required for started, stopped, and absent states.
        A list of server Ids to insure are started, stopped, or absent.
+    type: list
    default: []
  source_server_password:
    description:
      - The password for the source server if a clone is specified.
+    type: str
  state:
    description:
      - The state to insure that the provided resources are in.
+    type: str
    default: 'present'
    choices: ['present', 'absent', 'started', 'stopped']
  storage_type:
    description:
      - The type of storage to attach to the server.
+    type: str
    default: 'standard'
    choices: ['standard', 'hyperscale']
  template:
    description:
      - The template to use for server creation.  Will search for a template if a partial string is provided.
        This is required when state is 'present'
+    type: str
  ttl:
    description:
      - The time to live for the server in seconds.  The server will be deleted when this time expires.
+    type: str
  type:
    description:
      - The type of server to create.
+    type: str
    default: 'standard'
    choices: ['standard', 'hyperscale', 'bareMetal']
  configuration_id:
    description:
      -  Only required for bare metal servers.
         Specifies the identifier for the specific configuration type of bare metal server to deploy.
+    type: str
  os_type:
    description:
      - Only required for bare metal servers.
        Specifies the OS to provision with the bare metal server.
+    type: str
    choices: ['redHat6_64Bit', 'centOS6_64Bit', 'windows2012R2Standard_64Bit', 'ubuntu14_64Bit']
  wait:
    description:
--- a/plugins/modules/cloud/centurylink/clc_server_snapshot.py
+++ b/plugins/modules/cloud/centurylink/clc_server_snapshot.py
@@ -16,15 +16,18 @@ options:
  server_ids:
    description:
      - The list of CLC server Ids.
+    type: list
    required: True
  expiration_days:
    description:
      - The number of days to keep the server snapshot before it expires.
+    type: int
    default: 7
    required: False
  state:
    description:
      - The state to insure that the provided resources are in.
+    type: str
    default: 'present'
    required: False
    choices: ['present', 'absent', 'restore']
@@ -33,7 +36,7 @@ options:
      - Whether to wait for the provisioning tasks to finish before returning.
    default: True
    required: False
-    type: bool
+    type: str
 requirements:
    - python = 2.7
    - requests >= 2.5.0
--- a/plugins/modules/cloud/dimensiondata/dimensiondata_network.py
+++ b/plugins/modules/cloud/dimensiondata/dimensiondata_network.py
@@ -29,21 +29,25 @@ options:
    description:
      - The name of the network domain to create.
    required: true
+    type: str
  description:
    description:
      - Additional description of the network domain.
    required: false
+    type: str
  service_plan:
    description:
      - The service plan, either "ESSENTIALS" or "ADVANCED".
      - MCP 2.0 Only.
    choices: [ESSENTIALS, ADVANCED]
    default: ESSENTIALS
+    type: str
  state:
    description:
      - Should the resource be present or absent.
    choices: [present, absent]
    default: present
+    type: str
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/dimensiondata/dimensiondata_vlan.py
+++ b/plugins/modules/cloud/dimensiondata/dimensiondata_vlan.py
@@ -38,27 +38,33 @@ options:
  name:
    description:
      - The name of the target VLAN.
-      - Required if C(state) is C(present).
+    type: str
+    required: true
  description:
    description:
      - A description of the VLAN.
+    type: str
  network_domain:
    description:
      - The Id or name of the target network domain.
    required: true
+    type: str
  private_ipv4_base_address:
    description:
        - The base address for the VLAN's IPv4 network (e.g. 192.168.1.0).
+    type: str
  private_ipv4_prefix_size:
    description:
        - The size of the IPv4 address space, e.g 24.
        - Required, if C(private_ipv4_base_address) is specified.
+    type: int
  state:
    description:
      - The desired state for the target VLAN.
      - C(readonly) ensures that the state is only ever read, not modified (the module will fail if the resource does not exist).
    choices: [present, absent, readonly]
    default: present
+    type: str
  allow_expand:
    description:
      - Permit expansion of the target VLAN's network if the module parameters specify a larger network than the VLAN currently possesses.
--- a/plugins/modules/cloud/docker/docker_container.py
+++ b/plugins/modules/cloud/docker/docker_container.py
@@ -212,6 +212,40 @@ options:
        - "Must be a positive integer."
        type: int
        required: yes
+  device_requests:
+    description:
+      - Allows to request additional resources, such as GPUs.
+    type: list
+    elements: dict
+    suboptions:
+      capabilities:
+        description:
+          - List of lists of strings to request capabilities.
+          - The top-level list entries are combined by OR, and for every list entry,
+            the entries in the list it contains are combined by AND.
+          - The driver tries to satisfy one of the sub-lists.
+          - Available capabilities for the C(nvidia) driver can be found at
+            U(https://github.com/NVIDIA/nvidia-container-runtime).
+        type: list
+        elements: list
+      count:
+        description:
+          - Number or devices to request.
+          - Set to C(-1) to request all available devices.
+        type: int
+      device_ids:
+        description:
+          - List of device IDs.
+        type: list
+        elements: str
+      driver:
+        description:
+          - Which driver to use for this device.
+        type: str
+      options:
+        description:
+          - Driver-specific options.
+        type: dict
  dns_opts:
    description:
      - List of DNS options.
@@ -1047,6 +1081,26 @@ EXAMPLES = '''
      # Limit read rate for /dev/sdb to 300 IO per second
      - path: /dev/sdb
        rate: 300
+
+- name: Start container with GPUs
+  community.general.docker_container:
+    name: test
+    image: ubuntu:18.04
+    state: started
+    device_requests:
+      - # Add some specific devices to this container
+        device_ids:
+          - '0'
+          - 'GPU-3a23c669-1f69-c64e-cf85-44e9b07e7a2a'
+      - # Add nVidia GPUs to this container
+        driver: nvidia
+        count: -1  # this means we want all
+        capabilities:
+          # We have one OR condition: 'gpu' AND 'utility'
+          - - gpu
+            - utility
+          # See https://github.com/NVIDIA/nvidia-container-runtime#supported-driver-capabilities
+          # for a list of capabilities supported by the nvidia driver
 '''

 RETURN = '''
@@ -1230,6 +1284,7 @@ class TaskParameters(DockerBaseClass):
        self.device_write_bps = None
        self.device_read_iops = None
        self.device_write_iops = None
+        self.device_requests = None
        self.dns_servers = None
        self.dns_opts = None
        self.dns_search_domains = None
@@ -1391,6 +1446,22 @@ class TaskParameters(DockerBaseClass):
            if client.module.params.get(param_name):
                self._process_rate_iops(option=param_name)

+        if self.device_requests:
+            for dr_index, dr in enumerate(self.device_requests):
+                # Make sure that capabilities are lists of lists of strings
+                if dr['capabilities']:
+                    for or_index, or_list in enumerate(dr['capabilities']):
+                        for and_index, and_list in enumerate(or_list):
+                            for term_index, term in enumerate(and_list):
+                                if not isinstance(term, string_types):
+                                    self.fail(
+                                        "device_requests[{0}].capabilities[{1}][{2}][{3}] is not a string".format(
+                                            dr_index, or_index, and_index, term_index))
+                                and_list[term_index] = to_native(term)
+                # Make sure that options is a dictionary mapping strings to strings
+                if dr['options']:
+                    dr['options'] = clean_dict_booleans_for_docker_api(dr['options'])
+
    def fail(self, msg):
        self.client.fail(msg)

@@ -1594,6 +1665,9 @@ class TaskParameters(DockerBaseClass):
        if 'mounts' in params:
            params['mounts'] = self.mounts_opt

+        if self.device_requests is not None:
+            params['device_requests'] = [dict((k, v) for k, v in dr.items() if v is not None) for dr in self.device_requests]
+
        return self.client.create_host_config(**params)

    @property
@@ -1990,6 +2064,7 @@ class Container(DockerBaseClass):
        self.parameters.expected_sysctls = None
        self.parameters.expected_etc_hosts = None
        self.parameters.expected_env = None
+        self.parameters.expected_device_requests = None
        self.parameters_map = dict()
        self.parameters_map['expected_links'] = 'links'
        self.parameters_map['expected_ports'] = 'expected_ports'
@@ -2005,6 +2080,7 @@ class Container(DockerBaseClass):
        self.parameters_map['expected_devices'] = 'devices'
        self.parameters_map['expected_healthcheck'] = 'healthcheck'
        self.parameters_map['expected_mounts'] = 'mounts'
+        self.parameters_map['expected_device_requests'] = 'device_requests'

    def fail(self, msg):
        self.parameters.client.fail(msg)
@@ -2078,6 +2154,7 @@ class Container(DockerBaseClass):
        self.parameters.expected_cmd = self._get_expected_cmd()
        self.parameters.expected_devices = self._get_expected_devices()
        self.parameters.expected_healthcheck = self._get_expected_healthcheck()
+        self.parameters.expected_device_requests = self._get_expected_device_requests()

        if not self.container.get('HostConfig'):
            self.fail("has_config_diff: Error parsing container properties. HostConfig missing.")
@@ -2155,6 +2232,7 @@ class Container(DockerBaseClass):
            device_write_bps=host_config.get('BlkioDeviceWriteBps'),
            device_read_iops=host_config.get('BlkioDeviceReadIOps'),
            device_write_iops=host_config.get('BlkioDeviceWriteIOps'),
+            expected_device_requests=host_config.get('DeviceRequests'),
            pids_limit=host_config.get('PidsLimit'),
            # According to https://github.com/moby/moby/, support for HostConfig.Mounts
            # has been included at least since v17.03.0-ce, which has API version 1.26.
@@ -2454,6 +2532,20 @@ class Container(DockerBaseClass):
        self.log(result, pretty_print=True)
        return result

+    def _get_expected_device_requests(self):
+        if self.parameters.device_requests is None:
+            return None
+        device_requests = []
+        for dr in self.parameters.device_requests:
+            device_requests.append({
+                'Driver': dr['driver'],
+                'Count': dr['count'],
+                'DeviceIDs': dr['device_ids'],
+                'Capabilities': dr['capabilities'],
+                'Options': dr['options'],
+            })
+        return device_requests
+
    def _get_image_binds(self, volumes):
        '''
        Convert array of binds to array of strings with format host_path:container_path:mode
@@ -3089,6 +3181,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
        explicit_types = dict(
            command='list',
            devices='set(dict)',
+            device_requests='set(dict)',
            dns_search_domains='list',
            dns_servers='list',
            env='set',
@@ -3222,6 +3315,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
            device_read_iops=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
            device_write_bps=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
            device_write_iops=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
+            device_requests=dict(docker_py_version='4.3.0', docker_api_version='1.40'),
            dns_opts=dict(docker_api_version='1.21', docker_py_version='1.10.0'),
            ipc_mode=dict(docker_api_version='1.25'),
            mac_address=dict(docker_api_version='1.25'),
@@ -3320,6 +3414,13 @@ def main():
            path=dict(required=True, type='str'),
            rate=dict(required=True, type='int'),
        )),
+        device_requests=dict(type='list', elements='dict', options=dict(
+            capabilities=dict(type='list', elements='list'),
+            count=dict(type='int'),
+            device_ids=dict(type='list', elements='str'),
+            driver=dict(type='str'),
+            options=dict(type='dict'),
+        )),
        dns_servers=dict(type='list', elements='str'),
        dns_opts=dict(type='list', elements='str'),
        dns_search_domains=dict(type='list', elements='str'),
--- a/plugins/modules/cloud/docker/docker_image.py
+++ b/plugins/modules/cloud/docker/docker_image.py
@@ -400,6 +400,12 @@ image:
    returned: success
    type: dict
    sample: {}
+stdout:
+    description: Docker build output when building an image.
+    returned: success
+    type: str
+    sample: ""
+    version_added: 1.3.0
 '''

 import errno
@@ -506,7 +512,8 @@ class ImageManager(DockerBaseClass):
                self.results['actions'].append("Built image %s from %s" % (image_name, self.build_path))
                self.results['changed'] = True
                if not self.check_mode:
-                    self.results['image'] = self.build_image()
+                    self.results.update(self.build_image())
+
            elif self.source == 'load':
                # Load the image from an archive
                if not os.path.isfile(self.load_path):
@@ -713,7 +720,7 @@ class ImageManager(DockerBaseClass):
        )
        if self.client.docker_py_version < LooseVersion('3.0.0'):
            params['stream'] = True
-        build_output = []
+
        if self.tag:
            params['tag'] = "%s:%s" % (self.name, self.tag)
        if self.container_limits:
@@ -737,11 +744,14 @@ class ImageManager(DockerBaseClass):
        if self.target:
            params['target'] = self.target

+        build_output = []
        for line in self.client.build(**params):
            # line = json.loads(line)
            self.log(line, pretty_print=True)
-            if "stream" in line:
-                build_output.append(line["stream"])
+            if "stream" in line or "status" in line:
+                build_line = line.get("stream") or line.get("status")
+                build_output.append(build_line)
+
            if line.get('error'):
                if line.get('errorDetail'):
                    errorDetail = line.get('errorDetail')
@@ -754,7 +764,9 @@ class ImageManager(DockerBaseClass):
                else:
                    self.fail("Error building %s - message: %s, logs: %s" % (
                        self.name, line.get('error'), build_output))
-        return self.client.find_image(name=self.name, tag=self.tag)
+
+        return {"stdout": "\n".join(build_output),
+                "image": self.client.find_image(name=self.name, tag=self.tag)}

    def load_image(self):
        '''
--- a/plugins/modules/cloud/docker/docker_login.py
+++ b/plugins/modules/cloud/docker/docker_login.py
@@ -257,14 +257,13 @@ class DockerFileStore(object):
        auth = to_text(b64auth)

        # build up the auth structure
-        new_auth = dict(
-            auths=dict()
-        )
-        new_auth['auths'][server] = dict(
+        if 'auths' not in self._config:
+            self._config['auths'] = dict()
+
+        self._config['auths'][server] = dict(
            auth=auth
        )

-        self._config.update(new_auth)
        self._write()

    def erase(self, server):
@@ -272,8 +271,9 @@ class DockerFileStore(object):
        Remove credentials for the given server from the configuration.
        '''

-        self._config['auths'].pop(server)
-        self._write()
+        if 'auths' in self._config and server in self._config['auths']:
+            self._config['auths'].pop(server)
+            self._write()


 class LoginManager(DockerBaseClass):
--- a/plugins/modules/cloud/docker/docker_secret.py
+++ b/plugins/modules/cloud/docker/docker_secret.py
@@ -236,6 +236,9 @@ class SecretManager(DockerBaseClass):
            if attrs.get('Labels', {}).get('ansible_key'):
                if attrs['Labels']['ansible_key'] != self.data_key:
                    data_changed = True
+            else:
+                if not self.force:
+                    self.client.module.warn("'ansible_key' label not found. Secret will not be changed unless the force parameter is set to 'yes'")
            labels_changed = not compare_generic(self.labels, attrs.get('Labels'), 'allow_more_present', 'dict')
            if data_changed or labels_changed or self.force:
                # if something changed or force, delete and re-create the secret
--- a/plugins/modules/cloud/docker/docker_stack.py
+++ b/plugins/modules/cloud/docker/docker_stack.py
@@ -36,7 +36,7 @@ options:
        referring to the path of the compose file on the target host
        or the YAML contents of a compose file nested as dictionary.
    type: list
-    # elements: raw
+    elements: raw
    default: []
  prune:
    description:
--- a/plugins/modules/cloud/docker/docker_volume.py
+++ b/plugins/modules/cloud/docker/docker_volume.py
@@ -48,7 +48,6 @@ options:
      - Deprecated. Will be removed in community.general 2.0.0. Set I(recreate) to C(options-changed) instead
        for the same behavior of setting I(force) to C(yes).
    type: bool
-    default: no

  recreate:
    description:
--- a/plugins/modules/cloud/google/gc_storage.py
+++ b/plugins/modules/cloud/google/gc_storage.py
@@ -19,52 +19,66 @@ description:

 options:
  bucket:
+    type: str
    description:
      - Bucket name.
    required: true
  object:
+    type: path
    description:
      - Keyname of the object inside the bucket. Can be also be used to create "virtual directories" (see examples).
  src:
+    type: str
    description:
      - The source file path when performing a PUT operation.
  dest:
+    type: path
    description:
      - The destination file path when downloading an object/key with a GET operation.
-  force:
+  overwrite:
    description:
      - Forces an overwrite either locally on the filesystem or remotely with the object/key. Used with PUT and GET operations.
    type: bool
    default: 'yes'
-    aliases: [ 'overwrite' ]
+    aliases: [ 'force' ]
  permission:
+    type: str
    description:
      - This option let's the user set the canned permissions on the object/bucket that are created. The permissions that can be set are 'private',
        'public-read', 'authenticated-read'.
    default: private
+    choices: ['private', 'public-read', 'authenticated-read']
  headers:
+    type: dict
    description:
      - Headers to attach to object.
    default: {}
  expiration:
+    type: int
+    default: 600
    description:
      - Time limit (in seconds) for the URL generated and returned by GCA when performing a mode=put or mode=get_url operation. This url is only
        available when public-read is the acl for the object.
+    aliases: [expiry]
  mode:
+    type: str
    description:
      - Switches the module behaviour between upload, download, get_url (return download url) , get_str (download object as string), create (bucket) and
        delete (bucket).
    required: true
    choices: [ 'get', 'put', 'get_url', 'get_str', 'delete', 'create' ]
  gs_secret_key:
+    type: str
    description:
      - GS secret key. If not set then the value of the GS_SECRET_ACCESS_KEY environment variable is used.
    required: true
  gs_access_key:
+    type: str
    description:
      - GS access key. If not set then the value of the GS_ACCESS_KEY_ID environment variable is used.
    required: true
  region:
+    type: str
    description:
      - The gs region to use. If not defined then the value 'US' will be used. See U(https://cloud.google.com/storage/docs/bucket-locations)
    default: 'US'
@@ -72,6 +86,7 @@ options:
    description:
      - Whether versioning is enabled or disabled (note that once versioning is enabled, it can only be suspended)
    type: bool
+    default: false

 requirements:
    - "python >= 2.6"
--- a/plugins/modules/cloud/google/gcdns_record.py
+++ b/plugins/modules/cloud/google/gcdns_record.py
@@ -28,16 +28,19 @@ deprecated:
    alternative: Use M(google.cloud.gcp_dns_resource_record_set) instead.
 options:
    state:
+        type: str
        description:
            - Whether the given resource record should or should not be present.
        choices: ["present", "absent"]
        default: "present"
    record:
+        type: str
        description:
            - The fully-qualified domain name of the resource record.
        required: true
        aliases: ['name']
    zone:
+        type: str
        description:
            - The DNS domain name of the zone (e.g., example.com).
            - One of either I(zone) or I(zone_id) must be specified as an
@@ -45,6 +48,7 @@ options:
            - If both I(zone) and I(zone_id) are specified, I(zone_id) will be
              used.
    zone_id:
+        type: str
        description:
            - The Google Cloud ID of the zone (e.g., example-com).
            - One of either I(zone) or I(zone_id) must be specified as an
@@ -56,11 +60,13 @@ options:
            - If both I(zone) and I(zone_id) are specified, I(zone_id) will be
              used.
    type:
+        type: str
        description:
            - The type of resource record to add.
        required: true
        choices: [ 'A', 'AAAA', 'CNAME', 'SRV', 'TXT', 'SOA', 'NS', 'MX', 'SPF', 'PTR' ]
    record_data:
+        type: list
        description:
            - The record_data to use for the resource record.
            - I(record_data) must be specified if I(state) is C(present) or
@@ -77,6 +83,7 @@ options:
        required: false
        aliases: ['value']
    ttl:
+        type: int
        description:
            - The amount of time in seconds that a resource record will remain
              cached by a caching resolver.
@@ -99,20 +106,24 @@ options:
        type: bool
        default: 'no'
    service_account_email:
+        type: str
        description:
            - The e-mail address for a service account with access to Google
              Cloud DNS.
    pem_file:
+        type: path
        description:
            - The path to the PEM file associated with the service account
              email.
            - This option is deprecated and may be removed in a future release.
              Use I(credentials_file) instead.
    credentials_file:
+        type: path
        description:
            - The path to the JSON file associated with the service account
              email.
    project_id:
+        type: str
        description:
            - The Google Cloud Platform project ID to use.
 notes:
--- a/plugins/modules/cloud/google/gcdns_zone.py
+++ b/plugins/modules/cloud/google/gcdns_zone.py
@@ -27,11 +27,13 @@ deprecated:
    alternative: Use M(google.cloud.gcp_dns_managed_zone) instead.
 options:
    state:
+        type: str
        description:
            - Whether the given zone should or should not be present.
        choices: ["present", "absent"]
        default: "present"
    zone:
+        type: str
        description:
            - The DNS domain name of the zone.
            - This is NOT the Google Cloud DNS zone ID (e.g., example-com). If
@@ -40,24 +42,29 @@ options:
        required: true
        aliases: ['name']
    description:
+        type: str
        description:
            - An arbitrary text string to use for the zone description.
        default: ""
    service_account_email:
+        type: str
        description:
            - The e-mail address for a service account with access to Google
              Cloud DNS.
    pem_file:
+        type: path
        description:
            - The path to the PEM file associated with the service account
              email.
            - This option is deprecated and may be removed in a future release.
              Use I(credentials_file) instead.
    credentials_file:
+        type: path
        description:
            - The path to the JSON file associated with the service account
              email.
    project_id:
+        type: str
        description:
            - The Google Cloud Platform project ID to use.
 notes:
--- a/plugins/modules/cloud/google/gce.py
+++ b/plugins/modules/cloud/google/gce.py
@@ -21,68 +21,83 @@ deprecated:
    alternative: Use M(google.cloud.gcp_compute_instance) instead.
 options:
  image:
+    type: str
    description:
      - image string to use for the instance (default will follow latest
        stable debian image)
    default: "debian-8"
  image_family:
+    type: str
    description:
      - image family from which to select the image.  The most recent
        non-deprecated image in the family will be used.
  external_projects:
+    type: list
    description:
      - A list of other projects (accessible with the provisioning credentials)
        to be searched for the image.
  instance_names:
+    type: str
    description:
      - a comma-separated list of instance names to create or destroy
  machine_type:
+    type: str
    description:
      - machine type to use for the instance, use 'n1-standard-1' by default
    default: "n1-standard-1"
  metadata:
+    type: str
    description:
      - a hash/dictionary of custom data for the instance;
        '{"key":"value", ...}'
  service_account_email:
+    type: str
    description:
      - service account email
  service_account_permissions:
+    type: list
    description:
      - service account permissions (see
        U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
        --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
  name:
+    type: str
    description:
      - either a name of a single instance or when used with 'num_instances',
        the base name of a cluster of nodes
    aliases: ['base_name']
  num_instances:
+    type: int
    description:
      - can be used with 'name', specifies
        the number of nodes to provision using 'name'
        as a base name
  network:
+    type: str
    description:
      - name of the network, 'default' will be used if not specified
    default: "default"
  subnetwork:
+    type: str
    description:
      - name of the subnetwork in which the instance should be created
  persistent_boot_disk:
@@ -91,23 +106,26 @@ options:
    type: bool
    default: 'no'
  disks:
+    type: list
    description:
      - a list of persistent disks to attach to the instance; a string value
        gives the name of the disk; alternatively, a dictionary value can
        define 'name' and 'mode' ('READ_ONLY' or 'READ_WRITE'). The first entry
        will be the boot disk (which must be READ_WRITE).
  state:
+    type: str
    description:
      - desired state of the resource
    default: "present"
    choices: ["active", "present", "absent", "deleted", "started", "stopped", "terminated"]
  tags:
+    type: list
    description:
      - a comma-separated list of tags to associate with the instance
  zone:
+    type: str
    description:
      - the GCE zone to use. The list of available zones is at U(https://cloud.google.com/compute/docs/regions-zones/regions-zones#available).
-    required: true
    default: "us-central1-a"
  ip_forward:
    description:
@@ -116,6 +134,7 @@ options:
    type: bool
    default: 'no'
  external_ip:
+    type: str
    description:
      - type of external ip, ephemeral by default; alternatively, a fixed gce ip or ip name can be given. Specify 'none' if no external ip is desired.
    default: "ephemeral"
@@ -129,8 +148,8 @@ options:
      - if set to C(yes), instances will be preemptible and time-limited.
        (requires libcloud >= 0.20.0)
    type: bool
-    default: 'no'
  disk_size:
+    type: int
    description:
      - The size of the boot disk created for this instance (in GB)
    default: 10
--- a/plugins/modules/cloud/google/gce_eip.py
+++ b/plugins/modules/cloud/google/gce_eip.py
@@ -21,18 +21,42 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  name:
+    type: str
    description:
       - Name of Address.
    required: true
  region:
+    type: str
    description:
       - Region to create the address in. Set to 'global' to create a global address.
    required: true
  state:
+    type: str
    description: The state the address should be in. C(present) or C(absent) are the only valid options.
    default: present
    required: false
    choices: [present, absent]
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: path
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: path
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gce_img.py
+++ b/plugins/modules/cloud/google/gce_img.py
@@ -18,38 +18,48 @@ description:
      disks in any zone. U(https://cloud.google.com/compute/docs/images)
 options:
  name:
+    type: str
    description:
      - the name of the image to create or delete
    required: true
  description:
+    type: str
    description:
      - an optional description
  family:
+    type: str
    description:
      - an optional family name
  source:
+    type: str
    description:
      - the source disk or the Google Cloud Storage URI to create the image from
  state:
+    type: str
    description:
      - desired state of the image
    default: "present"
    choices: ["present", "absent"]
  zone:
+    type: str
    description:
      - the zone of the disk specified by source
    default: "us-central1-a"
  timeout:
+    type: int
    description:
      - timeout for the operation
    default: 180
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
 requirements:
--- a/plugins/modules/cloud/google/gce_instance_template.py
+++ b/plugins/modules/cloud/google/gce_instance_template.py
@@ -17,35 +17,46 @@ description:
       of Compute Engine of Google Cloud Platform.
 options:
  state:
+    type: str
    description:
      - The desired state for the instance template.
    default: "present"
    choices: ["present", "absent"]
  name:
+    type: str
    description:
      - The name of the GCE instance template.
    required: True
+    aliases: [base_name]
  size:
+    type: str
    description:
      - The desired machine type for the instance template.
    default: "f1-micro"
  source:
+    type: str
    description:
      - A source disk to attach to the instance.
        Cannot specify both I(image) and I(source).
  image:
+    type: str
    description:
      - The image to use to create the instance.
        Cannot specify both both I(image) and I(source).
  image_family:
+    type: str
    description:
      - The image family to use to create the instance.
        If I(image) has been used I(image_family) is ignored.
        Cannot specify both I(image) and I(source).
+    default: debian-8
  disk_type:
+    type: str
    description:
-      - Specify a C(pd-standard) disk or C(pd-ssd)
-        for an SSD disk.
+      - Specify a C(pd-standard) disk or C(pd-ssd) for an SSD disk.
+    choices:
+      - pd-standard
+      - pd-ssd
    default: pd-standard
  disk_auto_delete:
    description:
@@ -54,10 +65,12 @@ options:
    default: true
    type: bool
  network:
+    type: str
    description:
      - The network to associate with the instance.
    default: "default"
  subnetwork:
+    type: str
    description:
      - The Subnetwork resource name for this instance.
  can_ip_forward:
@@ -67,6 +80,7 @@ options:
    type: bool
    default: 'no'
  external_ip:
+    type: str
    description:
      - The external IP address to use.
        If C(ephemeral), a new non-static address will be
@@ -75,19 +89,21 @@ options:
        specify address name.
    default: "ephemeral"
  service_account_email:
+    type: str
    description:
      - service account email
  service_account_permissions:
+    type: list
    description:
      - service account permissions (see
        U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
        --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
  automatic_restart:
    description:
      - Defines whether the instance should be
@@ -99,6 +115,7 @@ options:
      - Defines whether the instance is preemptible.
    type: bool
  tags:
+    type: list
    description:
      - a comma-separated list of tags to associate with the instance
  metadata:
@@ -106,34 +123,42 @@ options:
      - a hash/dictionary of custom data for the instance;
        '{"key":"value", ...}'
  description:
+    type: str
    description:
      - description of instance template
  disks:
+    type: list
    description:
      - a list of persistent disks to attach to the instance; a string value
        gives the name of the disk; alternatively, a dictionary value can
        define 'name' and 'mode' ('READ_ONLY' or 'READ_WRITE'). The first entry
        will be the boot disk (which must be READ_WRITE).
  nic_gce_struct:
+    type: list
    description:
      - Support passing in the GCE-specific
        formatted networkInterfaces[] structure.
  disks_gce_struct:
+    type: list
    description:
      - Support passing in the GCE-specific
        formatted formatted disks[] structure. Case sensitive.
        see U(https://cloud.google.com/compute/docs/reference/latest/instanceTemplates#resource) for detailed information
  project_id:
+    type: str
    description:
      - your GCE project ID
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  subnetwork_region:
+    type: str
    description:
      - Region that subnetwork resides in. (Required for subnetwork to successfully complete)
 requirements:
--- a/plugins/modules/cloud/google/gce_labels.py
+++ b/plugins/modules/cloud/google/gce_labels.py
@@ -33,25 +33,57 @@ author:
  - 'Eric Johnson (@erjohnso) <erjohnso@google.com>'
 options:
  labels:
+    type: dict
    description:
       - A list of labels (key/value pairs) to add or remove for the resource.
    required: false
  resource_url:
+    type: str
    description:
       - The 'self_link' for the resource (instance, disk, snapshot, etc)
    required: false
  resource_type:
+    type: str
    description:
       - The type of resource (instances, disks, snapshots, images)
    required: false
  resource_location:
+    type: str
    description:
       - The location of resource (global, us-central1-f, etc.)
    required: false
  resource_name:
+    type: str
    description:
       - The name of resource.
    required: false
+  state:
+    type: str
+    description: The state the labels should be in. C(present) or C(absent) are the only valid options.
+    default: present
+    required: false
+    choices: [present, absent]
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: str
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: str
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account email
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gce_lb.py
+++ b/plugins/modules/cloud/google/gce_lb.py
@@ -23,72 +23,90 @@ description:
      be found in the comments of ansible/test/gce_tests.py.
 options:
  httphealthcheck_name:
+    type: str
    description:
      - the name identifier for the HTTP health check
  httphealthcheck_port:
+    type: int
    description:
      - the TCP port to use for HTTP health checking
    default: 80
  httphealthcheck_path:
+    type: str
    description:
      - the url path to use for HTTP health checking
    default: "/"
  httphealthcheck_interval:
+    type: int
    description:
      - the duration in seconds between each health check request
    default: 5
  httphealthcheck_timeout:
+    type: int
    description:
      - the timeout in seconds before a request is considered a failed check
    default: 5
  httphealthcheck_unhealthy_count:
+    type: int
    description:
      - number of consecutive failed checks before marking a node unhealthy
    default: 2
  httphealthcheck_healthy_count:
+    type: int
    description:
      - number of consecutive successful checks before marking a node healthy
    default: 2
  httphealthcheck_host:
+    type: str
    description:
      - host header to pass through on HTTP check requests
  name:
+    type: str
    description:
      - name of the load-balancer resource
  protocol:
+    type: str
    description:
      - the protocol used for the load-balancer packet forwarding, tcp or udp
+      - "the available choices are: C(tcp) or C(udp)."
    default: "tcp"
-    choices: ['tcp', 'udp']
  region:
+    type: str
    description:
      - the GCE region where the load-balancer is defined
  external_ip:
+    type: str
    description:
      - the external static IPv4 (or auto-assigned) address for the LB
  port_range:
+    type: str
    description:
      - the port (range) to forward, e.g. 80 or 8000-8888 defaults to all ports
  members:
+    type: list
    description:
      - a list of zone/nodename pairs, e.g ['us-central1-a/www-a', ...]
-    aliases: ['nodes']
  state:
+    type: str
    description:
      - desired state of the LB
+      - "the available choices are: C(active), C(present), C(absent), C(deleted)."
    default: "present"
-    choices: ["active", "present", "absent", "deleted"]
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID

--- a/plugins/modules/cloud/google/gce_mig.py
+++ b/plugins/modules/cloud/google/gce_mig.py
@@ -26,46 +26,70 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  name:
+    type: str
    description:
       - Name of the Managed Instance Group.
    required: true
  template:
+    type: str
    description:
       - Instance Template to be used in creating the VMs.  See
         U(https://cloud.google.com/compute/docs/instance-templates) to learn more
         about Instance Templates.  Required for creating MIGs.
  size:
+    type: int
    description:
       - Size of Managed Instance Group.  If MIG already exists, it will be
         resized to the number provided here.  Required for creating MIGs.
  service_account_email:
+    type: str
    description:
      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  pem_file:
+    type: path
+    description:
+      - path to the pem file associated with the service account email
+        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - Path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - GCE project ID
  state:
+    type: str
    description:
      - desired state of the resource
    default: "present"
    choices: ["absent", "present"]
  zone:
+    type: str
    description:
      - The GCE zone to use for this Managed Instance Group.
    required: true
  autoscaling:
+    type: dict
    description:
      - A dictionary of configuration for the autoscaler. 'enabled (bool)', 'name (str)'
        and policy.max_instances (int) are required fields if autoscaling is used. See
        U(https://cloud.google.com/compute/docs/reference/beta/autoscalers) for more information
        on Autoscaling.
  named_ports:
+    type: list
    description:
      - Define named ports that backend services can forward data to.  Format is a a list of
        name:port dictionaries.
+  recreate_instances:
+    type: bool
+    default: no
+    description:
+      - Recreate MIG instances.
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gce_net.py
+++ b/plugins/modules/cloud/google/gce_net.py
@@ -21,54 +21,64 @@ description:
      be found in the comments of ansible/test/gce_tests.py.
 options:
  allowed:
+    type: str
    description:
      - the protocol:ports to allow (I(tcp:80) or I(tcp:80,443) or I(tcp:80-800;udp:1-25))
        this parameter is mandatory when creating or updating a firewall rule
  ipv4_range:
+    type: str
    description:
      - the IPv4 address range in CIDR notation for the network
        this parameter is not mandatory when you specified existing network in name parameter,
        but when you create new network, this parameter is mandatory
-    aliases: ['cidr']
  fwname:
+    type: str
    description:
      - name of the firewall rule
-    aliases: ['fwrule']
  name:
+    type: str
    description:
      - name of the network
  src_range:
+    type: list
    description:
      - the source IPv4 address range in CIDR notation
    default: []
-    aliases: ['src_cidr']
  src_tags:
+    type: list
    description:
      - the source instance tags for creating a firewall rule
    default: []
  target_tags:
+    type: list
    description:
      - the target instance tags for creating a firewall rule
    default: []
  state:
+    type: str
    description:
      - desired state of the network or firewall
+      - "Available choices are: C(active), C(present), C(absent), C(deleted)."
    default: "present"
-    choices: ["active", "present", "absent", "deleted"]
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use C(credentials_file).
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
  mode:
+    type: str
    description:
      - network mode for Google Cloud
        C(legacy) indicates a network with an IP address range;
@@ -78,12 +88,15 @@ options:
    default: "legacy"
    choices: ["legacy", "auto", "custom"]
  subnet_name:
+    type: str
    description:
      - name of subnet to create
  subnet_region:
+    type: str
    description:
      - region of subnet to create
  subnet_desc:
+    type: str
    description:
      - description of subnet to create

--- a/plugins/modules/cloud/google/gce_pd.py
+++ b/plugins/modules/cloud/google/gce_pd.py
@@ -21,61 +21,82 @@ options:
    description:
      - do not destroy the disk, merely detach it from an instance
    type: bool
-    default: 'no'
  instance_name:
+    type: str
    description:
      - instance name if you wish to attach or detach the disk
  mode:
+    type: str
    description:
      - GCE mount mode of disk, READ_ONLY (default) or READ_WRITE
    default: "READ_ONLY"
    choices: ["READ_WRITE", "READ_ONLY"]
  name:
+    type: str
    description:
      - name of the disk
    required: true
  size_gb:
+    type: str
    description:
      - whole integer size of disk (in GB) to create, default is 10 GB
-    default: 10
+    default: "10"
  image:
+    type: str
    description:
      - the source image to use for the disk
  snapshot:
+    type: str
    description:
      - the source snapshot to use for the disk
  state:
+    type: str
    description:
      - desired state of the persistent disk
+      - "Available choices are: C(active), C(present), C(absent), C(deleted)."
    default: "present"
-    choices: ["active", "present", "absent", "deleted"]
  zone:
+    type: str
    description:
      - zone in which to create the disk
    default: "us-central1-b"
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
  disk_type:
+    type: str
    description:
-      - type of disk provisioned
+      - Specify a C(pd-standard) disk or C(pd-ssd) for an SSD disk.
    default: "pd-standard"
-    choices: ["pd-standard", "pd-ssd"]
  delete_on_termination:
    description:
      - If C(yes), deletes the volume when instance is terminated
    type: bool
-    default: 'no'
+  image_family:
+    type: str
+    description:
+      - The image family to use to create the instance.
+        If I(image) has been used I(image_family) is ignored.
+        Cannot specify both I(image) and I(source).
+  external_projects:
+    type: list
+    description:
+      - A list of other projects (accessible with the provisioning credentials)
+        to be searched for the image.

 requirements:
    - "python >= 2.6"
--- a/plugins/modules/cloud/google/gce_snapshot.py
+++ b/plugins/modules/cloud/google/gce_snapshot.py
@@ -18,36 +18,40 @@ description:
    volumes, each snapshot will be prepended with the disk name
 options:
  instance_name:
+    type: str
    description:
      - The GCE instance to snapshot
    required: True
  snapshot_name:
+    type: str
    description:
      - The name of the snapshot to manage
+    required: True
  disks:
+    type: list
    description:
      - A list of disks to create snapshots for. If none is provided,
-        all of the volumes will be snapshotted
-    default: all
+        all of the volumes will have snapshots created.
    required: False
  state:
+    type: str
    description:
      - Whether a snapshot should be C(present) or C(absent)
    required: false
    default: present
    choices: [present, absent]
  service_account_email:
+    type: str
    description:
      - GCP service account email for the project where the instance resides
-    required: true
  credentials_file:
+    type: path
    description:
      - The path to the credentials file associated with the service account
-    required: true
  project_id:
+    type: str
    description:
      - The GCP project ID to use
-    required: true
 requirements:
    - "python >= 2.6"
    - "apache-libcloud >= 0.19.0"
--- a/plugins/modules/cloud/google/gce_tag.py
+++ b/plugins/modules/cloud/google/gce_tag.py
@@ -16,34 +16,42 @@ description:
      to/from GCE instances.  Use 'instance_pattern' to update multiple instances in a specify zone.
 options:
  instance_name:
+    type: str
    description:
      - The name of the GCE instance to add/remove tags.
      - Required if C(instance_pattern) is not specified.
  instance_pattern:
+    type: str
    description:
      - The pattern of GCE instance names to match for adding/removing tags.  Full-Python regex is supported.
        See U(https://docs.python.org/2/library/re.html) for details.
      - If C(instance_name) is not specified, this field is required.
  tags:
+    type: list
    description:
      - Comma-separated list of tags to add or remove.
    required: yes
  state:
+    type: str
    description:
      - Desired state of the tags.
    choices: [ absent, present ]
    default: present
  zone:
+    type: str
    description:
      - The zone of the disk specified by source.
    default: us-central1-a
  service_account_email:
+    type: str
    description:
      - Service account email.
  pem_file:
+    type: path
    description:
      - Path to the PEM file associated with the service account email.
  project_id:
+    type: str
    description:
      - Your GCE project ID.
 requirements:
--- a/plugins/modules/cloud/google/gcp_backend_service.py
+++ b/plugins/modules/cloud/google/gcp_backend_service.py
@@ -29,10 +29,12 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  backend_service_name:
+    type: str
    description:
       - Name of the Backend Service.
    required: true
  backends:
+    type: list
    description:
       - List of backends that make up the backend service. A backend is made up of
         an instance group and optionally several other parameters.  See
@@ -40,6 +42,7 @@ options:
         for details.
    required: true
  healthchecks:
+    type: list
    description:
       - List of healthchecks. Only one healthcheck is supported.
    required: true
@@ -48,29 +51,46 @@ options:
       - If true, enable Cloud CDN for this Backend Service.
    type: bool
  port_name:
+    type: str
    description:
      - Name of the port on the managed instance group (MIG) that backend
        services can forward data to. Required for external load balancing.
  protocol:
+    type: str
    description:
       - The protocol this Backend Service uses to communicate with backends.
-         Possible values are HTTP, HTTPS, TCP, and SSL. The default is HTTP.
+         Possible values are HTTP, HTTPS, TCP, and SSL. The default is TCP.
+    choices: [HTTP, HTTPS, TCP, SSL]
+    default: TCP
    required: false
  timeout:
+    type: int
    description:
       - How many seconds to wait for the backend before considering it a failed
         request. Default is 30 seconds. Valid range is 1-86400.
    required: false
  service_account_email:
+    type: str
    description:
      - Service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
  credentials_file:
+    type: str
    description:
      - Path to the JSON file associated with the service account email.
+  pem_file:
+    type: str
+    description:
+      - Path to the PEM file associated with the service account email.
  project_id:
+    type: str
    description:
      - GCE project ID.
  state:
+    type: str
    description:
      - Desired state of the resource
    default: "present"
--- a/plugins/modules/cloud/google/gcp_forwarding_rule.py
+++ b/plugins/modules/cloud/google/gcp_forwarding_rule.py
@@ -33,6 +33,7 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  address:
+    type: str
    description:
       - IPv4 or named IP address. Must be of the same scope (regional, global).
         Reserved addresses can (and probably should) be used for global
@@ -40,32 +41,67 @@ options:
         via the gce_eip module.
    required: false
  forwarding_rule_name:
+    type: str
    description:
       - Name of the Forwarding_Rule.
    required: true
  port_range:
+    type: str
    description:
       - For global forwarding rules, must be set to 80 or 8080 for TargetHttpProxy, and
         443 for TargetHttpsProxy or TargetSslProxy.
    required: false
  protocol:
+    type: str
    description:
       - For global forwarding rules, TCP, UDP, ESP, AH, SCTP or ICMP. Default is TCP.
    required: false
+    choices: [TCP]
+    default: TCP
  region:
+    type: str
    description:
       - The region for this forwarding rule. Currently, only 'global' is supported.
-    required: false
+    required: true
  state:
+    type: str
    description:
       - The state of the Forwarding Rule. 'present' or 'absent'
    required: true
    choices: ["present", "absent"]
  target:
+    type: str
    description:
       - Target resource for forwarding rule. For global proxy, this is a Global
         TargetProxy resource. Required for external load balancing (including Global load balancing)
    required: false
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: str
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: str
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  load_balancing_scheme:
+    type: str
+    choices: [EXTERNAL]
+    default: EXTERNAL
+    description:
+      - Load balancing scheme. At the moment the only choice is EXTERNAL.
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gcp_healthcheck.py
+++ b/plugins/modules/cloud/google/gcp_healthcheck.py
@@ -41,72 +41,85 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  check_interval:
+    type: int
    description:
       - How often (in seconds) to send a health check.
    default: 5
  healthcheck_name:
+    type: str
    description:
       - Name of the Healthcheck.
    required: true
  healthcheck_type:
+    type: str
    description:
       - Type of Healthcheck.
    required: true
    choices: ["HTTP", "HTTPS"]
  host_header:
+    type: str
    description:
       - The value of the host header in the health check request. If left
         empty, the public IP on behalf of which this health
         check is performed will be used.
-    required: true
    default: ""
  port:
+    type: int
    description:
       - The TCP port number for the health check request. The default value is
         443 for HTTPS and 80 for HTTP.
  request_path:
+    type: str
    description:
       - The request path of the HTTPS health check request.
    required: false
    default: "/"
  state:
+    type: str
    description: State of the Healthcheck.
-    required: true
    choices: ["present", "absent"]
+    default: present
  timeout:
+    type: int
    description:
       - How long (in seconds) to wait for a response before claiming
         failure. It is invalid for timeout
         to have a greater value than check_interval.
    default: 5
  unhealthy_threshold:
+    type: int
    description:
       - A so-far healthy instance will be marked unhealthy after this
         many consecutive failures.
    default: 2
  healthy_threshold:
+    type: int
    description:
       - A so-far unhealthy instance will be marked healthy after this
         many consecutive successes.
    default: 2
  service_account_email:
+    type: str
    description:
      - service account email
  service_account_permissions:
+    type: list
    description:
      - service account permissions (see
        U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
        --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
  credentials_file:
+    type: str
    description:
      - Path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - Your GCP project ID
 '''
--- a/plugins/modules/cloud/google/gcp_target_proxy.py
+++ b/plugins/modules/cloud/google/gcp_target_proxy.py
@@ -30,17 +30,47 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  target_proxy_name:
+    type: str
    description:
       - Name of the Target_Proxy.
    required: true
  target_proxy_type:
+    type: str
    description:
       - Type of Target_Proxy. HTTP, HTTPS or SSL. Only HTTP is currently supported.
    required: true
+    choices: [HTTP]
  url_map_name:
+    type: str
    description:
       - Name of the Url Map.  Required if type is HTTP or HTTPS proxy.
    required: false
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  pem_file:
+    type: str
+    description:
+      - path to the pem file associated with the service account email
+        This option is deprecated. Use 'credentials_file'.
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  state:
+    type: str
+    description: The state the target proxy should be in. C(present) or C(absent) are the only valid options.
+    required: true
+    choices: [present, absent]
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gcp_url_map.py
+++ b/plugins/modules/cloud/google/gcp_url_map.py
@@ -31,14 +31,17 @@ deprecated:
    alternative: Use M(google.cloud.gcp_compute_url_map) instead.
 options:
  url_map_name:
+    type: str
    description:
       - Name of the Url_Map.
    required: true
  default_service:
+    type: str
    description:
       - Default Backend Service if no host rules match.
    required: true
  host_rules:
+    type: list
    description:
       - The list of HostRules to use against the URL. Contains
         a list of hosts and an associated path_matcher.
@@ -51,6 +54,7 @@ options:
         host portion.
    required: false
  path_matchers:
+    type: list
    description:
       - The list of named PathMatchers to use against the URL. Contains
         path_rules, which is a list of paths and an associated service. A
@@ -66,6 +70,33 @@ options:
         a /. The string fed to the path matcher does not include any text after
         the first ? or #, and those chars are not allowed here.
    required: false
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: str
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: str
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  state:
+    type: str
+    description: The state the URL map should be in. C(present) or C(absent) are the only valid options.
+    default: present
+    required: false
+    choices: [present, absent]
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gcpubsub.py
+++ b/plugins/modules/cloud/google/gcpubsub.py
@@ -23,33 +23,42 @@ author:
  - Tom Melendez (@supertom) <tom@supertom.com>
 options:
  topic:
+    type: str
    description:
       - GCP pubsub topic name.
       - Only the name, not the full path, is required.
    required: yes
  subscription:
+    type: dict
    description:
       - Dictionary containing a subscription name associated with a topic (required), along with optional ack_deadline, push_endpoint and pull.
         For pulling from a subscription, message_ack (bool), max_messages (int) and return_immediate are available as subfields.
         See subfields name, push_endpoint and ack_deadline for more information.
-  name:
-    description: Subfield of subscription. Required if subscription is specified. See examples.
-  ack_deadline:
-    description: Subfield of subscription. Not required. Default deadline for subscriptions to ACK the message before it is resent. See examples.
-  pull:
-    description:
-        - Subfield of subscription. Not required. If specified, messages will be retrieved from topic via the provided subscription name.
-          max_messages (int; default None; max number of messages to pull), message_ack (bool; default False; acknowledge the message) and return_immediately
-          (bool; default True, don't wait for messages to appear). If the messages are acknowledged, changed is set to True, otherwise, changed is False.
-  push_endpoint:
-    description:
-        - Subfield of subscription.  Not required.  If specified, message will be sent to an endpoint.
-          See U(https://cloud.google.com/pubsub/docs/advanced#push_endpoints) for more information.
+    suboptions:
+      name:
+        description:
+          - Subfield of subscription. Required if subscription is specified. See examples.
+      ack_deadline:
+        description:
+          - Subfield of subscription. Not required. Default deadline for subscriptions to ACK the message before it is resent. See examples.
+      pull:
+        description:
+          - Subfield of subscription. Not required. If specified, messages will be retrieved from topic via the
+            provided subscription name. max_messages (int; default None; max number of messages to pull),
+            message_ack (bool; default False; acknowledge the message) and return_immediately
+            (bool; default True, don't wait for messages to appear). If the messages are acknowledged,
+            changed is set to True, otherwise, changed is False.
+      push_endpoint:
+        description:
+          - Subfield of subscription.  Not required.  If specified, message will be sent to an endpoint.
+            See U(https://cloud.google.com/pubsub/docs/advanced#push_endpoints) for more information.
  publish:
+    type: list
    description:
        - List of dictionaries describing messages and attributes to be published.  Dictionary is in message(str):attributes(dict) format.
          Only message is required.
  state:
+    type: str
    description:
        - State of the topic or queue.
        - Applies to the most granular resource.
@@ -58,6 +67,18 @@ options:
        - NOTE - A topic can be removed without first removing the subscription.
    choices: [ absent, present ]
    default: present
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gcpubsub_info.py
+++ b/plugins/modules/cloud/google/gcpubsub_info.py
@@ -25,17 +25,35 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  topic:
+    type: str
    description:
       - GCP pubsub topic name.  Only the name, not the full path, is required.
    required: False
  view:
+    type: str
    description:
       - Choices are 'topics' or 'subscriptions'
-    required: True
+    choices: [topics, subscriptions]
+    default: topics
  state:
+    type: str
    description:
       - list is the only valid option.
    required: False
+    choices: [list]
+    default: list
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gcspanner.py
+++ b/plugins/modules/cloud/google/gcspanner.py
@@ -28,15 +28,18 @@ author:
  - Tom Melendez (@supertom) <tom@supertom.com>
 options:
  configuration:
+    type: str
    description:
       - Configuration the instance should use.
       - Examples are us-central1, asia-east1 and europe-west1.
    required: yes
  instance_id:
+    type: str
    description:
       - GCP spanner instance name.
    required: yes
  database_name:
+    type: str
    description:
       - Name of database contained on the instance.
  force_instance_delete:
@@ -45,20 +48,35 @@ options:
    type: bool
    default: 'no'
  instance_display_name:
+    type: str
    description:
       - Name of Instance to display.
       - If not specified, instance_id will be used instead.
  node_count:
+    type: int
    description:
       - Number of nodes in the instance.
    default: 1
  state:
+    type: str
    description:
    - State of the instance or database. Applies to the most granular resource.
    - If a C(database_name) is specified we remove it.
    - If only C(instance_id) is specified, that is what is removed.
    choices: [ absent, present ]
    default: present
+  project_id:
+    type: str
+    description:
+      - your GCE project ID
+  credentials_file:
+    type: str
+    description:
+      - path to the JSON file associated with the service account email
+  service_account_email:
+    type: str
+    description:
+      - service account email
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/heroku/heroku_collaborator.py
+++ b/plugins/modules/cloud/heroku/heroku_collaborator.py
@@ -21,9 +21,11 @@ requirements:
  - heroku3
 options:
  api_key:
+    type: str
    description:
      - Heroku API key
  apps:
+    type: list
    description:
      - List of Heroku App names
    required: true
@@ -33,10 +35,12 @@ options:
    type: bool
    default: "no"
  user:
+    type: str
    description:
      - User ID or e-mail
    required: true
  state:
+    type: str
    description:
      - Create or remove the heroku collaborator
    choices: ["present", "absent"]
--- a/plugins/modules/cloud/huawei/hwc_ecs_instance.py
+++ b/plugins/modules/cloud/huawei/hwc_ecs_instance.py
@@ -77,6 +77,7 @@ options:
              network of the NIC must belong to the VPC specified by vpc_id. A
              maximum of 12 NICs can be attached to an ECS.
        type: list
+        elements: dict
        required: true
        suboptions:
            ip_address:
@@ -150,6 +151,7 @@ options:
        description:
            - Specifies the data disks of ECS instance.
        type: list
+        elements: dict
        required: false
        suboptions:
            volume_id:
@@ -193,6 +195,7 @@ options:
              parameter is left blank, the default security group is bound to
              the ECS by default.
        type: list
+        elements: str
        required: false
    server_metadata:
        description:
--- a/plugins/modules/cloud/huawei/hwc_vpc_port.py
+++ b/plugins/modules/cloud/huawei/hwc_vpc_port.py
@@ -54,6 +54,7 @@ options:
            - Specifies a set of zero or more allowed address pairs.
        required: false
        type: list
+        elements: dict
        suboptions:
            ip_address:
                description:
@@ -72,6 +73,7 @@ options:
        description:
            - Specifies the extended option of DHCP.
        type: list
+        elements: dict
        required: false
        suboptions:
            name:
@@ -99,6 +101,7 @@ options:
        description:
            - Specifies the ID of the security group.
        type: list
+        elements: str
        required: false
 extends_documentation_fragment:
 - community.general.hwc
--- a/plugins/modules/cloud/huawei/hwc_vpc_subnet.py
+++ b/plugins/modules/cloud/huawei/hwc_vpc_subnet.py
@@ -90,6 +90,7 @@ options:
            - Specifies the DNS server addresses for subnet. The address
              in the head will be used first.
        type: list
+        elements: str
        required: false
 extends_documentation_fragment:
 - community.general.hwc
--- a/plugins/modules/cloud/linode/linode.py
+++ b/plugins/modules/cloud/linode/linode.py
@@ -18,17 +18,21 @@ options:
     - Indicate desired state of the resource
    choices: [ absent, active, deleted, present, restarted, started, stopped ]
    default: present
+    type: str
  api_key:
    description:
     - Linode API key
+    type: str
  name:
    description:
     - Name to give the instance (alphanumeric, dashes, underscore).
     - To keep sanity on the Linode Web Console, name is prepended with C(LinodeID-).
    required: true
+    type: str
  displaygroup:
    description:
     - Add the instance to a Display Group in Linode Manager.
+    type: str
  linode_id:
    description:
     - Unique ID of a linode server. This value is read-only in the sense that
@@ -36,10 +40,12 @@ options:
       Linode API generates these IDs and we can those generated value here to
       reference a Linode more specifically. This is useful for idempotence.
    aliases: [ lid ]
+    type: int
  additional_disks:
    description:
      - List of dictionaries for creating additional disks that are added to the Linode configuration settings.
      - Dictionary takes Size, Label, Type. Size is in MB.
+    type: list
  alert_bwin_enabled:
    description:
    - Set status of bandwidth in alerts.
@@ -47,6 +53,7 @@ options:
  alert_bwin_threshold:
    description:
    - Set threshold in MB of bandwidth in alerts.
+    type: int
  alert_bwout_enabled:
    description:
    - Set status of bandwidth out alerts.
@@ -54,6 +61,7 @@ options:
  alert_bwout_threshold:
    description:
    - Set threshold in MB of bandwidth out alerts.
+    type: int
  alert_bwquota_enabled:
    description:
    - Set status of bandwidth quota alerts as percentage of network transfer quota.
@@ -61,6 +69,7 @@ options:
  alert_bwquota_threshold:
    description:
    - Set threshold in MB of bandwidth quota alerts.
+    type: int
  alert_cpu_enabled:
    description:
    - Set status of receiving CPU usage alerts.
@@ -68,6 +77,7 @@ options:
  alert_cpu_threshold:
    description:
    - Set percentage threshold for receiving CPU usage alerts. Each CPU core adds 100% to total.
+    type: int
  alert_diskio_enabled:
    description:
    - Set status of receiving disk IO alerts.
@@ -75,20 +85,25 @@ options:
  alert_diskio_threshold:
    description:
    - Set threshold for average IO ops/sec over 2 hour period.
+    type: int
  backupweeklyday:
    description:
    - Integer value for what day of the week to store weekly backups.
+    type: int
  plan:
    description:
     - plan to use for the instance (Linode plan)
+    type: int
  payment_term:
    description:
     - payment term to use for the instance (payment term in months)
    default: 1
    choices: [ 1, 12, 24 ]
+    type: int
  password:
    description:
     - root password to apply to a new server (auto generated if missing)
+    type: str
  private_ip:
    description:
    - Add private IPv4 address when Linode is created.
@@ -97,28 +112,34 @@ options:
  ssh_pub_key:
    description:
     - SSH public key applied to root user
+    type: str
  swap:
    description:
     - swap size in MB
    default: 512
+    type: int
  distribution:
    description:
     - distribution to use for the instance (Linode Distribution)
+    type: int
  datacenter:
    description:
     - datacenter to create an instance in (Linode Datacenter)
+    type: int
  kernel_id:
    description:
     - kernel to use for the instance (Linode Kernel)
+    type: int
  wait:
    description:
     - wait for the instance to be in state C(running) before returning
    type: bool
-    default: "no"
+    default: true
  wait_timeout:
    description:
     - how long before wait gives up, in seconds
    default: 300
+    type: int
  watchdog:
    description:
    - Set status of Lassie watchdog.
@@ -337,7 +358,7 @@ def linodeServers(module, api, state, name,
        if not servers:
            for arg in (name, plan, distribution, datacenter):
                if not arg:
-                    module.fail_json(msg='%s is required for %s state' % (arg, state))
+                    module.fail_json(msg='%s is required for %s state' % (arg, state))  # @TODO use required_if instead
            # Create linode entity
            new_server = True

--- a/plugins/modules/cloud/linode/linode_v4.py
+++ b/plugins/modules/cloud/linode/linode_v4.py
@@ -27,21 +27,21 @@ options:
    description:
      - The region of the instance. This is a required parameter only when
        creating Linode instances. See
-        U(https://developers.linode.com/api/v4#tag/Regions).
+        U(https://www.linode.com/docs/api/regions/).
    required: false
    type: str
  image:
    description:
      - The image of the instance. This is a required parameter only when
        creating Linode instances. See
-        U(https://developers.linode.com/api/v4#tag/Images).
+        U(https://www.linode.com/docs/api/images/).
    type: str
    required: false
  type:
    description:
      - The type of the instance. This is a required parameter only when
        creating Linode instances. See
-        U(https://developers.linode.com/api/v4#tag/Linode-Types).
+        U(https://www.linode.com/docs/api/linode-types/).
    type: str
    required: false
  label:
@@ -60,7 +60,7 @@ options:
  tags:
    description:
      - The tags that the instance should be marked under. See
-        U(https://developers.linode.com/api/v4#tag/Tags).
+        U(https://www.linode.com/docs/api/tags/).
    required: false
    type: list
  root_pass:
@@ -87,8 +87,23 @@ options:
    description:
      - The Linode API v4 access token. It may also be specified by exposing
        the C(LINODE_ACCESS_TOKEN) environment variable. See
-        U(https://developers.linode.com/api/v4#section/Access-and-Authentication).
+        U(https://www.linode.com/docs/api#access-and-authentication).
    required: true
+    type: str
+  stackscript_id:
+    description:
+      - The numeric ID of the StackScript to use when creating the instance.
+        See U(https://www.linode.com/docs/api/stackscripts/).
+    type: int
+    version_added: 1.3.0
+  stackscript_data:
+    description:
+      - An object containing arguments to any User Defined Fields present in
+        the StackScript used when creating the instance.
+        Only valid when a stackscript_id is provided.
+        See U(https://www.linode.com/docs/api/stackscripts/).
+    type: dict
+    version_added: 1.3.0
 '''

 EXAMPLES = """
@@ -101,6 +116,9 @@ EXAMPLES = """
    root_pass: passw0rd
    authorized_keys:
      - "ssh-rsa ..."
+    stackscript_id: 1337
+    stackscript_data:
+      variable: value
    state: present

 - name: Delete that new Linode.
@@ -229,6 +247,8 @@ def initialise_module():
            root_pass=dict(type='str', required=False, no_log=True),
            tags=dict(type='list', required=False),
            type=dict(type='str', required=False),
+            stackscript_id=dict(type='int', required=False),
+            stackscript_data=dict(type='dict', required=False),
        ),
        supports_check_mode=False,
        required_one_of=(
@@ -272,6 +292,8 @@ def main():
            root_pass=module.params['root_pass'],
            tags=module.params['tags'],
            ltype=module.params['type'],
+            stackscript=module.params['stackscript_id'],
+            stackscript_data=module.params['stackscript_data'],
        )
        module.exit_json(changed=True, instance=instance_json)

--- a/plugins/modules/cloud/lxc/lxc_container.py
+++ b/plugins/modules/cloud/lxc/lxc_container.py
@@ -143,6 +143,8 @@ options:
    container_config:
        description:
          - list of 'key=value' options to use when configuring a container.
+        type: list
+        elements: str
 requirements:
  - 'lxc >= 1.0 # OS package'
  - 'python >= 2.6 # OS Package'
@@ -701,14 +703,7 @@ class LxcContainerManagement(object):
        with open(container_config_file, 'rb') as f:
            container_config = to_text(f.read(), errors='surrogate_or_strict').splitlines(True)

-        # Note used ast literal_eval because AnsibleModule does not provide for
-        # adequate dictionary parsing.
-        # Issue: https://github.com/ansible/ansible/issues/7679
-        # TODO(cloudnull) adjust import when issue has been resolved.
-        import ast
-        options_dict = ast.literal_eval(_container_config)
-        parsed_options = [i.split('=', 1) for i in options_dict]
-
+        parsed_options = [i.split('=', 1) for i in _container_config]
        config_change = False
        for key, value in parsed_options:
            key = key.strip()
@@ -1695,7 +1690,8 @@ def main():
                type='str'
            ),
            container_config=dict(
-                type='str'
+                type='list',
+                elements='str'
            ),
            container_log=dict(
                type='bool',
--- a/plugins/modules/cloud/memset/memset_dns_reload.py
+++ b/plugins/modules/cloud/memset/memset_dns_reload.py
@@ -24,6 +24,7 @@ description:
 options:
    api_key:
        required: true
+        type: str
        description:
            - The API key obtained from the Memset control panel.
    poll:
--- a/plugins/modules/cloud/memset/memset_memstore_info.py
+++ b/plugins/modules/cloud/memset/memset_memstore_info.py
@@ -21,10 +21,12 @@ description:
 options:
    api_key:
        required: true
+        type: str
        description:
            - The API key obtained from the Memset control panel.
    name:
        required: true
+        type: str
        description:
            - The Memstore product name (i.e. C(mstestyaa1)).
 '''
--- a/plugins/modules/cloud/memset/memset_server_info.py
+++ b/plugins/modules/cloud/memset/memset_server_info.py
@@ -21,10 +21,12 @@ description:
 options:
    api_key:
        required: true
+        type: str
        description:
            - The API key obtained from the Memset control panel.
    name:
        required: true
+        type: str
        description:
            - The server product name (i.e. C(testyaa1)).
 '''
--- a/plugins/modules/cloud/memset/memset_zone.py
+++ b/plugins/modules/cloud/memset/memset_zone.py
@@ -24,21 +24,25 @@ options:
        required: true
        description:
            - Indicates desired state of resource.
+        type: str
        choices: [ absent, present ]
    api_key:
        required: true
        description:
            - The API key obtained from the Memset control panel.
+        type: str
    name:
        required: true
        description:
            - The zone nickname; usually the same as the main domain. Ensure this
              value has at most 250 characters.
+        type: str
        aliases: [ nickname ]
    ttl:
        description:
            - The default TTL for all records created in the zone. This must be a
              valid int from U(https://www.memset.com/apidocs/methods_dns.html#dns.zone_create).
+        type: int
        choices: [ 0, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400 ]
    force:
        required: false
--- a/plugins/modules/cloud/memset/memset_zone_domain.py
+++ b/plugins/modules/cloud/memset/memset_zone_domain.py
@@ -26,20 +26,24 @@ options:
        default: present
        description:
            - Indicates desired state of resource.
+        type: str
        choices: [ absent, present ]
    api_key:
        required: true
        description:
            - The API key obtained from the Memset control panel.
+        type: str
    domain:
        required: true
        description:
            - The zone domain name. Ensure this value has at most 250 characters.
+        type: str
        aliases: ['name']
    zone:
        required: true
        description:
            - The zone to add the domain to (this must already exist).
+        type: str
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/memset/memset_zone_record.py
+++ b/plugins/modules/cloud/memset/memset_zone_record.py
@@ -26,30 +26,37 @@ options:
        default: present
        description:
            - Indicates desired state of resource.
+        type: str
        choices: [ absent, present ]
    api_key:
        required: true
        description:
            - The API key obtained from the Memset control panel.
+        type: str
    address:
        required: true
        description:
            - The address for this record (can be IP or text string depending on record type).
+        type: str
        aliases: [ ip, data ]
    priority:
        description:
            - C(SRV) and C(TXT) record priority, in the range 0 > 999 (inclusive).
+        type: int
    record:
        required: false
        description:
            - The subdomain to create.
+        type: str
    type:
        required: true
        description:
            - The type of DNS record to create.
        choices: [ A, AAAA, CNAME, MX, NS, SRV, TXT ]
+        type: str
    relative:
        type: bool
+        default: false
        description:
            - If set then the current domain is added onto the address field for C(CNAME), C(MX), C(NS)
              and C(SRV)record types.
@@ -58,10 +65,12 @@ options:
            - The record's TTL in seconds (will inherit zone's TTL if not explicitly set). This must be a
              valid int from U(https://www.memset.com/apidocs/methods_dns.html#dns.zone_record_create).
        choices: [ 0, 300, 600, 900, 1800, 3600, 7200, 10800, 21600, 43200, 86400 ]
+        type: int
    zone:
        required: true
        description:
            - The name of the zone to which to add the record to.
+        type: str
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/misc/proxmox.py
+++ b/plugins/modules/cloud/misc/proxmox.py
@@ -12,6 +12,7 @@ short_description: management of instances in Proxmox VE cluster
 description:
  - allows you to create/delete/stop instances in Proxmox VE cluster
  - Starting in Ansible 2.1, it automatically detects containerization type (lxc for PVE 4, openvz for older)
+  - From community.general 4.0.0 on, there will be no default values, see I(proxmox_default_behavior).
 options:
  api_host:
    description:
@@ -28,6 +29,16 @@ options:
      - the password to authenticate with
      - you can use PROXMOX_PASSWORD environment variable
    type: str
+  api_token_id:
+    description:
+      - Specify the token ID.
+    type: str
+    version_added: 1.3.0
+  api_token_secret:
+    description:
+      - Specify the token secret.
+    type: str
+    version_added: 1.3.0
  vmid:
    description:
      - the instance id
@@ -68,28 +79,38 @@ options:
  disk:
    description:
      - hard disk size in GB for instance
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(3). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: str
-    default: 3
  cores:
    description:
      - Specify number of cores per socket.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(1). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 1
  cpus:
    description:
      - numbers of allocated cpus for instance
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(1). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 1
  memory:
    description:
      - memory size in MB for instance
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(512). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 512
  swap:
    description:
      - swap memory size in MB for instance
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(0). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 0
  netif:
    description:
      - specifies network interfaces for the container. As a hash/dictionary defining interfaces.
@@ -105,8 +126,10 @@ options:
  onboot:
    description:
      - specifies whether a VM will be started during system bootup
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(no). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
-    default: 'no'
  storage:
    description:
      - target storage
@@ -115,8 +138,10 @@ options:
  cpuunits:
    description:
      - CPU weight for a VM
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(1000). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 1000
  nameserver:
    description:
      - sets DNS server IP address for a container
@@ -164,6 +189,22 @@ options:
      - Script that will be executed during various steps in the containers lifetime.
    type: str
    version_added: '0.2.0'
+  proxmox_default_behavior:
+    description:
+      - Various module options used to have default values. This cause problems when
+        user expects different behavior from proxmox by default or fill options which cause
+        problems when they have been set.
+      - The default value is C(compatibility), which will ensure that the default values
+        are used when the values are not explicitly specified by the user.
+      - From community.general 4.0.0 on, the default value will switch to C(no_defaults). To avoid
+        deprecation warnings, please set I(proxmox_default_behavior) to an explicit
+        value.
+      - This affects the I(disk), I(cores), I(cpus), I(memory), I(onboot), I(swap), I(cpuunits) options.
+    type: str
+    choices:
+      - compatibility
+      - no_defaults
+    version_added: "1.3.0"

 notes:
  - Requires proxmoxer and requests modules on host. This modules can be installed with pip.
@@ -465,8 +506,10 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            api_host=dict(required=True),
-            api_user=dict(required=True),
            api_password=dict(no_log=True),
+            api_token_id=dict(no_log=True),
+            api_token_secret=dict(no_log=True),
+            api_user=dict(required=True),
            vmid=dict(required=False),
            validate_certs=dict(type='bool', default=False),
            node=dict(),
@@ -474,17 +517,17 @@ def main():
            password=dict(no_log=True),
            hostname=dict(),
            ostemplate=dict(),
-            disk=dict(type='str', default='3'),
-            cores=dict(type='int', default=1),
-            cpus=dict(type='int', default=1),
-            memory=dict(type='int', default=512),
-            swap=dict(type='int', default=0),
+            disk=dict(type='str'),
+            cores=dict(type='int'),
+            cpus=dict(type='int'),
+            memory=dict(type='int'),
+            swap=dict(type='int'),
            netif=dict(type='dict'),
            mounts=dict(type='dict'),
            ip_address=dict(),
-            onboot=dict(type='bool', default=False),
+            onboot=dict(type='bool'),
            storage=dict(default='local'),
-            cpuunits=dict(type='int', default=1000),
+            cpuunits=dict(type='int'),
            nameserver=dict(),
            searchdomain=dict(),
            timeout=dict(type='int', default=30),
@@ -494,6 +537,7 @@ def main():
            unprivileged=dict(type='bool', default=False),
            description=dict(type='str'),
            hookscript=dict(type='str'),
+            proxmox_default_behavior=dict(type='str', choices=['compatibility', 'no_defaults']),
        )
    )

@@ -501,9 +545,11 @@ def main():
        module.fail_json(msg='proxmoxer required for this module')

    state = module.params['state']
-    api_user = module.params['api_user']
    api_host = module.params['api_host']
    api_password = module.params['api_password']
+    api_token_id = module.params['api_token_id']
+    api_token_secret = module.params['api_token_secret']
+    api_user = module.params['api_user']
    vmid = module.params['vmid']
    validate_certs = module.params['validate_certs']
    node = module.params['node']
@@ -517,18 +563,44 @@ def main():
        template_store = module.params['ostemplate'].split(":")[0]
    timeout = module.params['timeout']

-    # If password not set get it from PROXMOX_PASSWORD env
-    if not api_password:
-        try:
-            api_password = os.environ['PROXMOX_PASSWORD']
-        except KeyError as e:
-            module.fail_json(msg='You should set api_password param or use PROXMOX_PASSWORD environment variable')
+    if module.params['proxmox_default_behavior'] is None:
+        module.params['proxmox_default_behavior'] = 'compatibility'
+        module.deprecate(
+            'The proxmox_default_behavior option will change its default value from "compatibility" to '
+            '"no_defaults" in community.general 4.0.0. To remove this warning, please specify an explicit value for it now',
+            version='4.0.0', collection_name='community.general'
+        )
+    if module.params['proxmox_default_behavior'] == 'compatibility':
+        old_default_values = dict(
+            disk="3",
+            cores=1,
+            cpus=1,
+            memory=512,
+            swap=0,
+            onboot=False,
+            cpuunits=1000,
+        )
+        for param, value in old_default_values.items():
+            if module.params[param] is None:
+                module.params[param] = value
+
+    auth_args = {'user': api_user}
+    if not (api_token_id and api_token_secret):
+        # If password not set get it from PROXMOX_PASSWORD env
+        if not api_password:
+            try:
+                api_password = os.environ['PROXMOX_PASSWORD']
+            except KeyError as e:
+                module.fail_json(msg='You should set api_password param or use PROXMOX_PASSWORD environment variable')
+        auth_args['password'] = api_password
+    else:
+        auth_args['token_name'] = api_token_id
+        auth_args['token_value'] = api_token_secret

    try:
-        proxmox = ProxmoxAPI(api_host, user=api_user, password=api_password, verify_ssl=validate_certs)
+        proxmox = ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
        global VZ_TYPE
        VZ_TYPE = 'openvz' if proxmox_version(proxmox) < LooseVersion('4.0') else 'lxc'
-
    except Exception as e:
        module.fail_json(msg='authorization on proxmox cluster failed with exception: %s' % e)

--- a/plugins/modules/cloud/misc/proxmox_domain_info.py
+++ b/plugins/modules/cloud/misc/proxmox_domain_info.py
@@ -0,0 +1,133 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright: Tristan Le Guern (@Aversiste) <tleguern at bouledef.eu>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+DOCUMENTATION = '''
+---
+module: proxmox_domain_info
+short_description: Retrieve information about one or more Proxmox VE domains
+version_added: 1.3.0
+description:
+  - Retrieve information about one or more Proxmox VE domains.
+options:
+  domain:
+    description:
+      - Restrict results to a specific authentication realm.
+    aliases: ['realm', 'name']
+    type: str
+author: Tristan Le Guern (@Aversiste)
+extends_documentation_fragment: community.general.proxmox.documentation
+'''
+
+
+EXAMPLES = '''
+- name: List existing domains
+  community.general.proxmox_domain_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+  register: proxmox_domains
+
+- name: Retrieve information about the pve domain
+  community.general.proxmox_domain_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+    domain: pve
+  register: proxmox_domain_pve
+'''
+
+
+RETURN = '''
+proxmox_domains:
+    description: List of authentication domains.
+    returned: always, but can be empty
+    type: list
+    elements: dict
+    contains:
+      comment:
+        description: Short description of the realm.
+        returned: on success
+        type: str
+      realm:
+        description: Realm name.
+        returned: on success
+        type: str
+      type:
+        description: Realm type.
+        returned: on success
+        type: str
+      digest:
+        description: Realm hash.
+        returned: on success, can be absent
+        type: str
+'''
+
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+from ansible_collections.community.general.plugins.module_utils.proxmox import (
+    proxmox_auth_argument_spec, ProxmoxAnsible, HAS_PROXMOXER, PROXMOXER_IMP_ERR)
+
+
+class ProxmoxDomainInfoAnsible(ProxmoxAnsible):
+    def get_domain(self, realm):
+        try:
+            domain = self.proxmox_api.access.domains.get(realm)
+        except Exception:
+            self.module.fail_json(msg="Domain '%s' does not exist" % realm)
+        domain['realm'] = realm
+        return domain
+
+    def get_domains(self):
+        domains = self.proxmox_api.access.domains.get()
+        return domains
+
+
+def proxmox_domain_info_argument_spec():
+    return dict(
+        domain=dict(type='str', aliases=['realm', 'name']),
+    )
+
+
+def main():
+    module_args = proxmox_auth_argument_spec()
+    domain_info_args = proxmox_domain_info_argument_spec()
+    module_args.update(domain_info_args)
+
+    module = AnsibleModule(
+        argument_spec=module_args,
+        required_one_of=[('api_password', 'api_token_id')],
+        required_together=[('api_token_id', 'api_token_secret')],
+        supports_check_mode=True
+    )
+    result = dict(
+        changed=False
+    )
+
+    if not HAS_PROXMOXER:
+        module.fail_json(msg=missing_required_lib('proxmoxer'), exception=PROXMOXER_IMP_ERR)
+
+    proxmox = ProxmoxDomainInfoAnsible(module)
+    domain = module.params['domain']
+
+    if domain:
+        domains = [proxmox.get_domain(realm=domain)]
+    else:
+        domains = proxmox.get_domains()
+    result['proxmox_domains'] = domains
+
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()
--- a/plugins/modules/cloud/misc/proxmox_group_info.py
+++ b/plugins/modules/cloud/misc/proxmox_group_info.py
@@ -0,0 +1,143 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright: Tristan Le Guern <tleguern at bouledef.eu>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+DOCUMENTATION = '''
+---
+module: proxmox_group_info
+short_description: Retrieve information about one or more Proxmox VE groups
+version_added: 1.3.0
+description:
+  - Retrieve information about one or more Proxmox VE groups
+options:
+  group:
+    description:
+      - Restrict results to a specific group.
+    aliases: ['groupid', 'name']
+    type: str
+author: Tristan Le Guern (@Aversiste)
+extends_documentation_fragment: community.general.proxmox.documentation
+'''
+
+
+EXAMPLES = '''
+- name: List existing groups
+  community.general.proxmox_group_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+  register: proxmox_groups
+
+- name: Retrieve information about the admin group
+  community.general.proxmox_group_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+    group: admin
+  register: proxmox_group_admin
+'''
+
+
+RETURN = '''
+proxmox_groups:
+    description: List of groups.
+    returned: always, but can be empty
+    type: list
+    elements: dict
+    contains:
+      comment:
+        description: Short description of the group.
+        returned: on success, can be absent
+        type: str
+      groupid:
+        description: Group name.
+        returned: on success
+        type: str
+      users:
+        description: List of users in the group.
+        returned: on success
+        type: list
+        elements: str
+'''
+
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+from ansible_collections.community.general.plugins.module_utils.proxmox import (
+    proxmox_auth_argument_spec, ProxmoxAnsible, HAS_PROXMOXER, PROXMOXER_IMP_ERR)
+
+
+class ProxmoxGroupInfoAnsible(ProxmoxAnsible):
+    def get_group(self, groupid):
+        try:
+            group = self.proxmox_api.access.groups.get(groupid)
+        except Exception:
+            self.module.fail_json(msg="Group '%s' does not exist" % groupid)
+        group['groupid'] = groupid
+        return ProxmoxGroup(group)
+
+    def get_groups(self):
+        groups = self.proxmox_api.access.groups.get()
+        return [ProxmoxGroup(group) for group in groups]
+
+
+class ProxmoxGroup:
+    def __init__(self, group):
+        self.group = dict()
+        # Data representation is not the same depending on API calls
+        for k, v in group.items():
+            if k == 'users' and type(v) == str:
+                self.group['users'] = v.split(',')
+            elif k == 'members':
+                self.group['users'] = group['members']
+            else:
+                self.group[k] = v
+
+
+def proxmox_group_info_argument_spec():
+    return dict(
+        group=dict(type='str', aliases=['groupid', 'name']),
+    )
+
+
+def main():
+    module_args = proxmox_auth_argument_spec()
+    group_info_args = proxmox_group_info_argument_spec()
+    module_args.update(group_info_args)
+
+    module = AnsibleModule(
+        argument_spec=module_args,
+        required_one_of=[('api_password', 'api_token_id')],
+        required_together=[('api_token_id', 'api_token_secret')],
+        supports_check_mode=True
+    )
+    result = dict(
+        changed=False
+    )
+
+    if not HAS_PROXMOXER:
+        module.fail_json(msg=missing_required_lib('proxmoxer'), exception=PROXMOXER_IMP_ERR)
+
+    proxmox = ProxmoxGroupInfoAnsible(module)
+    group = module.params['group']
+
+    if group:
+        groups = [proxmox.get_group(group=group)]
+    else:
+        groups = proxmox.get_groups()
+    result['proxmox_groups'] = [group.group for group in groups]
+
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()
--- a/plugins/modules/cloud/misc/proxmox_kvm.py
+++ b/plugins/modules/cloud/misc/proxmox_kvm.py
@@ -13,13 +13,16 @@ module: proxmox_kvm
 short_description: Management of Qemu(KVM) Virtual Machines in Proxmox VE cluster.
 description:
  - Allows you to create/delete/stop Qemu(KVM) Virtual Machines in Proxmox VE cluster.
+  - From community.general 4.0.0 on, there will be no default values, see I(proxmox_default_behavior).
 author: "Abdoul Bah (@helldorado) <bahabdoul at gmail.com>"
 options:
  acpi:
    description:
      - Specify if ACPI should be enabled/disabled.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(yes). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
-    default: 'yes'
  agent:
    description:
      - Specify if the QEMU Guest Agent should be enabled/disabled.
@@ -29,7 +32,6 @@ options:
      - Pass arbitrary arguments to kvm.
      - This option is for experts only!
    type: str
-    default: "-serial unix:/var/run/qemu-server/VMID.serial,server,nowait"
  api_host:
    description:
      - Specify the target host of the Proxmox VE cluster.
@@ -45,17 +47,31 @@ options:
      - Specify the password to authenticate with.
      - You can use C(PROXMOX_PASSWORD) environment variable.
    type: str
+  api_token_id:
+    description:
+      - Specify the token ID.
+    type: str
+    version_added: 1.3.0
+  api_token_secret:
+    description:
+      - Specify the token secret.
+    type: str
+    version_added: 1.3.0
  autostart:
    description:
      - Specify if the VM should be automatically restarted after crash (currently ignored in PVE API).
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(no). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
-    default: 'no'
  balloon:
    description:
      - Specify the amount of RAM for the VM in MB.
      - Using zero disables the balloon driver.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(0). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 0
  bios:
    description:
      - Specify the BIOS implementation.
@@ -65,12 +81,37 @@ options:
    description:
      - Specify the boot order -> boot on floppy C(a), hard disk C(c), CD-ROM C(d), or network C(n).
      - You can combine to set order.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(cnd). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: str
-    default: cnd
  bootdisk:
    description:
      - Enable booting from specified disk. C((ide|sata|scsi|virtio)\d+)
    type: str
+  cicustom:
+    description:
+      - 'cloud-init: Specify custom files to replace the automatically generated ones at start.'
+    type: str
+    version_added: 1.3.0
+  cipassword:
+    description:
+      - 'cloud-init: password of default user to create.'
+    type: str
+    version_added: 1.3.0
+  citype:
+    description:
+      - 'cloud-init: Specifies the cloud-init configuration format.'
+      - The default depends on the configured operating system type (C(ostype)).
+      - We use the C(nocloud) format for Linux, and C(configdrive2) for Windows.
+    type: str
+    choices: ['nocloud', 'configdrive2']
+    version_added: 1.3.0
+  ciuser:
+    description:
+      - 'cloud-init: username of default user to create.'
+    type: str
+    version_added: 1.3.0
  clone:
    description:
      - Name of VM to be cloned. If C(vmid) is setted, C(clone) can take arbitrary value but required for initiating the clone.
@@ -78,13 +119,17 @@ options:
  cores:
    description:
      - Specify number of cores per socket.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(1). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 1
  cpu:
    description:
      - Specify emulated CPU type.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(kvm64). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: str
-    default: kvm64
  cpulimit:
    description:
      - Specify if CPU usage will be limited. Value 0 indicates no CPU limit.
@@ -94,8 +139,10 @@ options:
    description:
      - Specify CPU weight for a VM.
      - You can disable fair-scheduler configuration by setting this to 0
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(1000). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 1000
  delete:
    description:
      - Specify a list of settings you want to delete.
@@ -114,15 +161,21 @@ options:
    description:
      - Allow to force stop VM.
      - Can be used with states C(stopped) and C(restarted).
-    default: no
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(no). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
  format:
    description:
      - Target drive's backing file's data format.
      - Used only with clone
+      - Use I(format=unspecified) and I(full=false) for a linked clone.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(qcow2). If I(proxmox_default_behavior) is set to C(no_defaults),
+        not specifying this option is equivalent to setting it to C(unspecified).
+        Note that the default value of I(proxmox_default_behavior) changes in community.general 4.0.0.
    type: str
-    default: qcow2
-    choices: [ "cloop", "cow", "qcow", "qcow2", "qed", "raw", "vmdk" ]
+    choices: [ "cloop", "cow", "qcow", "qcow2", "qed", "raw", "vmdk", "unspecified" ]
  freeze:
    description:
      - Specify if PVE should freeze CPU at startup (use 'c' monitor command to start execution).
@@ -165,6 +218,19 @@ options:
      - C(size) is the size of the disk in GB.
      - C(format) is the drive's backing file's data format. C(qcow2|raw|subvol).
    type: dict
+  ipconfig:
+    description:
+      - 'cloud-init: Set the IP configuration.'
+      - A hash/dictionary of network ip configurations. C(ipconfig='{"key":"value", "key":"value"}').
+      - Keys allowed are - C(ipconfig[n]) where 0 ≤ n ≤ network interfaces.
+      - Values allowed are -  C("[gw=<GatewayIPv4>] [,gw6=<GatewayIPv6>] [,ip=<IPv4Format/CIDR>] [,ip6=<IPv6Format/CIDR>]").
+      - 'cloud-init: Specify IP addresses and gateways for the corresponding interface.'
+      - IP addresses use CIDR notation, gateways are optional but they should be in the same subnet of specified IP address.
+      - The special string 'dhcp' can be used for IP addresses to use DHCP, in which case no explicit gateway should be provided.
+      - For IPv6 the special string 'auto' can be used to use stateless autoconfiguration.
+      - If cloud-init is enabled and neither an IPv4 nor an IPv6 address is specified, it defaults to using dhcp on IPv4.
+    type: dict
+    version_added: 1.3.0
  keyboard:
    description:
      - Sets the keyboard layout for VNC server.
@@ -172,8 +238,10 @@ options:
  kvm:
    description:
      - Enable/disable KVM hardware virtualization.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(yes). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
-    default: 'yes'
  localtime:
    description:
      - Sets the real time clock to local time.
@@ -192,8 +260,10 @@ options:
  memory:
    description:
      - Memory size in MB for instance.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(512). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 512
  migrate_downtime:
    description:
      - Sets maximum tolerated downtime (in seconds) for migrations.
@@ -208,6 +278,13 @@ options:
      - Specifies the VM name. Only used on the configuration web interface.
      - Required only for C(state=present).
    type: str
+  nameservers:
+    description:
+      - 'cloud-init: DNS server IP address(es).'
+      - If unset, PVE host settings are used.
+    type: list
+    elements: str
+    version_added: 1.3.0
  net:
    description:
      - A hash/dictionary of network interfaces for the VM. C(net='{"key":"value", "key":"value"}').
@@ -240,18 +317,26 @@ options:
      - C(memory) Amount of memory this NUMA node provides.
      - C(policy) NUMA allocation policy.
    type: dict
+  numa_enabled:
+    description:
+      - Enables NUMA.
+    type: bool
  onboot:
    description:
      - Specifies whether a VM will be started during system bootup.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(yes). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
-    default: 'yes'
  ostype:
    description:
      - Specifies guest operating system. This is used to enable special optimization/features for specific operating systems.
      - The l26 is Linux 2.6/3.X Kernel.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(l26). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: str
    choices: ['other', 'wxp', 'w2k', 'w2k3', 'w2k8', 'wvista', 'win7', 'win8', 'win10', 'l24', 'l26', 'solaris']
-    default: l26
  parallel:
    description:
      - A hash/dictionary of map host parallel devices. C(parallel='{"key":"value", "key":"value"}').
@@ -297,6 +382,13 @@ options:
      - Specifies the SCSI controller model.
    type: str
    choices: ['lsi', 'lsi53c810', 'virtio-scsi-pci', 'virtio-scsi-single', 'megasas', 'pvscsi']
+  searchdomains:
+    description:
+      - 'cloud-init: Sets DNS search domain(s).'
+      - If unset, PVE host settings are used.
+    type: list
+    elements: str
+    version_added: 1.3.0
  serial:
    description:
      - A hash/dictionary of serial device to create inside the VM. C('{"key":"value", "key":"value"}').
@@ -327,8 +419,15 @@ options:
  sockets:
    description:
      - Sets the number of CPU sockets. (1 - N).
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(1). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: int
-    default: 1
+  sshkeys:
+    description:
+      - 'cloud-init: SSH key to assign to the default user. NOT TESTED with multiple keys but a multi-line value should work.'
+    type: str
+    version_added: 1.3.0
  startdate:
    description:
      - Sets the initial date of the real time clock.
@@ -354,8 +453,10 @@ options:
  tablet:
    description:
      - Enables/disables the USB tablet device.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(no). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
-    default: 'no'
  target:
    description:
      - Target node. Only allowed if the original VM is on shared storage.
@@ -368,8 +469,10 @@ options:
  template:
    description:
      - Enables/disables the template.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(no). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: bool
-    default: 'no'
  timeout:
    description:
      - Timeout for operations.
@@ -380,6 +483,7 @@ options:
      - If C(yes), the VM will be updated with new value.
      - Cause of the operations of the API and security reasons, I have disabled the update of the following parameters
      - C(net, virtio, ide, sata, scsi). Per example updating C(net) update the MAC address and C(virtio) create always new disk...
+      - Update of C(pool) is disabled. It needs an additional API endpoint not covered by this module.
    type: bool
    default: 'no'
  validate_certs:
@@ -394,9 +498,11 @@ options:
  vga:
    description:
      - Select VGA type. If you want to use high resolution modes (>= 1280x1024x16) then you should use option 'std' or 'vmware'.
+      - If I(proxmox_default_behavior) is set to C(compatiblity) (the default value), this
+        option has a default of C(std). Note that the default value of I(proxmox_default_behavior)
+        changes in community.general 4.0.0.
    type: str
    choices: ['std', 'cirrus', 'vmware', 'qxl', 'serial0', 'serial1', 'serial2', 'serial3', 'qxl2', 'qxl3', 'qxl4']
-    default: std
  virtio:
    description:
      - A hash/dictionary of volume used as VIRTIO hard disk. C(virtio='{"key":"value", "key":"value"}').
@@ -415,6 +521,25 @@ options:
    description:
      - Creates a virtual hardware watchdog device.
    type: str
+  proxmox_default_behavior:
+    description:
+      - Various module options used to have default values. This cause problems when
+        user expects different behavior from proxmox by default or fill options which cause
+        problems when they have been set.
+      - The default value is C(compatibility), which will ensure that the default values
+        are used when the values are not explicitly specified by the user.
+      - From community.general 4.0.0 on, the default value will switch to C(no_defaults). To avoid
+        deprecation warnings, please set I(proxmox_default_behavior) to an explicit
+        value.
+      - This affects the I(acpi), I(autostart), I(balloon), I(boot), I(cores), I(cpu),
+        I(cpuunits), I(force), I(format), I(kvm), I(memory), I(onboot), I(ostype), I(sockets),
+        I(tablet), I(template), I(vga), options.
+    type: str
+    choices:
+      - compatibility
+      - no_defaults
+    version_added: "1.3.0"
+
 requirements: [ "proxmoxer", "requests" ]
 '''

@@ -443,7 +568,9 @@ EXAMPLES = '''
    api_host: helldorado
    name: spynal
    node: sabrewulf
-    net: '{"net0":"virtio,bridge=vmbr1,rate=200", "net1":"e1000,bridge=vmbr2,"}'
+    net:
+      net0: 'virtio,bridge=vmbr1,rate=200'
+      net1: 'e1000,bridge=vmbr2'

 - name: Create new VM with one network interface, three virto hard disk, 4 cores, and 2 vcpus
  community.general.proxmox_kvm:
@@ -452,8 +579,12 @@ EXAMPLES = '''
    api_host: helldorado
    name: spynal
    node: sabrewulf
-    net: '{"net0":"virtio,bridge=vmbr1,rate=200"}'
-    virtio: '{"virtio0":"VMs_LVM:10", "virtio1":"VMs:2,format=qcow2", "virtio2":"VMs:5,format=raw"}'
+    net:
+      net0: 'virtio,bridge=vmbr1,rate=200'
+    virtio:
+      virtio0: 'VMs_LVM:10'
+      virtio1: 'VMs:2,format=qcow2'
+      virtio2: 'VMs:5,format=raw'
    cores: 4
    vcpus: 2

@@ -472,6 +603,22 @@ EXAMPLES = '''
    format: qcow2
    timeout: 500

+- name: >
+    Create linked clone VM with only source VM name.
+    The VM source is spynal.
+    The target VM name is zavala
+  community.general.proxmox_kvm:
+    api_user: root@pam
+    api_password: secret
+    api_host: helldorado
+    clone: spynal
+    name: zavala
+    node: sabrewulf
+    storage: VMs
+    full: no
+    format: unspecified
+    timeout: 500
+
 - name: Clone VM with source vmid and target newid and raw format
  community.general.proxmox_kvm:
    api_user: root@pam
@@ -486,7 +633,7 @@ EXAMPLES = '''
    format: raw
    timeout: 300

- name: Create new VM and lock it for snapashot
+- name: Create new VM and lock it for snapshot
  community.general.proxmox_kvm:
    api_user: root@pam
    api_password: secret
@@ -504,6 +651,43 @@ EXAMPLES = '''
    node: sabrewulf
    protection: yes

+- name: Create new VM using cloud-init with a username and password
+  community.general.proxmox_kvm:
+    node: sabrewulf
+    api_user: root@pam
+    api_password: secret
+    api_host: helldorado
+    name: spynal
+    ide:
+      ide2: 'local:cloudinit,format=qcow2'
+    ciuser: mylinuxuser
+    cipassword: supersecret
+    searchdomains: 'mydomain.internal'
+    nameservers: 1.1.1.1
+    net:
+      net0: 'virtio,bridge=vmbr1,tag=77'
+    ipconfig:
+      ipconfig0: 'ip=192.168.1.1/24,gw=192.168.1.1'
+
+- name: Create new VM using Cloud-Init with an ssh key
+  community.general.proxmox_kvm:
+    node: sabrewulf
+    api_user: root@pam
+    api_password: secret
+    api_host: helldorado
+    name: spynal
+    ide:
+      ide2: 'local:cloudinit,format=qcow2'
+    sshkeys: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJkVm98B71lD5XHfihwcYHE9TVpsJmK1vR1JcaU82L+'
+    searchdomains: 'mydomain.internal'
+    nameservers:
+      - '1.1.1.1'
+      - '8.8.8.8'
+    net:
+      net0: 'virtio,bridge=vmbr1,tag=77'
+    ipconfig:
+      ipconfig0: 'ip=192.168.1.1/24'
+
 - name: Start VM
  community.general.proxmox_kvm:
    api_user: root@pam
@@ -634,6 +818,7 @@ import re
 import time
 import traceback
 from distutils.version import LooseVersion
+from ansible.module_utils.six.moves.urllib.parse import quote

 try:
    from proxmoxer import ProxmoxAPI
@@ -737,6 +922,7 @@ def wait_for_task(module, proxmox, node, taskid):
 def create_vm(module, proxmox, vmid, newid, node, name, memory, cpu, cores, sockets, update, **kwargs):
    # Available only in PVE 4
    only_v4 = ['force', 'protection', 'skiplock']
+    only_v6 = ['ciuser', 'cipassword', 'sshkeys', 'ipconfig']

    # valide clone parameters
    valid_clone_params = ['format', 'full', 'pool', 'snapname', 'storage', 'target']
@@ -750,13 +936,25 @@ def create_vm(module, proxmox, vmid, newid, node, name, memory, cpu, cores, sock
    kwargs = dict((k, v) for k, v in kwargs.items() if v is not None)
    kwargs.update(dict([k, int(v)] for k, v in kwargs.items() if isinstance(v, bool)))

-    # The features work only on PVE 4
+    # The features work only on PVE 4+
    if PVE_MAJOR_VERSION < 4:
        for p in only_v4:
            if p in kwargs:
                del kwargs[p]

+    # The features work only on PVE 6
+    if PVE_MAJOR_VERSION < 6:
+        for p in only_v6:
+            if p in kwargs:
+                del kwargs[p]
+
+    # 'sshkeys' param expects an urlencoded string
+    if 'sshkeys' in kwargs:
+        urlencoded_ssh_keys = quote(kwargs['sshkeys'], safe='')
+        kwargs['sshkeys'] = str(urlencoded_ssh_keys)
+
    # If update, don't update disk (virtio, ide, sata, scsi) and network interface
+    # pool parameter not supported by qemu/<vmid>/config endpoint on "update" (PVE 6.2) - only with "create"
    if update:
        if 'virtio' in kwargs:
            del kwargs['virtio']
@@ -770,18 +968,30 @@ def create_vm(module, proxmox, vmid, newid, node, name, memory, cpu, cores, sock
            del kwargs['net']
        if 'force' in kwargs:
            del kwargs['force']
+        if 'pool' in kwargs:
+            del kwargs['pool']

-    # Convert all dict in kwargs to elements. For hostpci[n], ide[n], net[n], numa[n], parallel[n], sata[n], scsi[n], serial[n], virtio[n]
+    # Convert all dict in kwargs to elements. For hostpci[n], ide[n], net[n], numa[n], parallel[n], sata[n], scsi[n], serial[n], virtio[n], ipconfig[n]
    for k in list(kwargs.keys()):
        if isinstance(kwargs[k], dict):
            kwargs.update(kwargs[k])
            del kwargs[k]

-    # Rename numa_enabled  to numa. According the API documentation
+    # Rename numa_enabled to numa. According the API documentation
    if 'numa_enabled' in kwargs:
        kwargs['numa'] = kwargs['numa_enabled']
        del kwargs['numa_enabled']

+    # PVE api expects strings for the following params
+    if 'nameservers' in module.params:
+        nameservers = module.params.pop('nameservers')
+        if nameservers:
+            kwargs['nameserver'] = ' '.join(nameservers)
+    if 'searchdomains' in module.params:
+        searchdomains = module.params.pop('searchdomains')
+        if searchdomains:
+            kwargs['searchdomain'] = ' '.join(searchdomains)
+
    # -args and skiplock require root@pam user
    if module.params['api_user'] == "root@pam" and module.params['args'] is None:
        if not update:
@@ -845,79 +1055,90 @@ def proxmox_version(proxmox):
 def main():
    module = AnsibleModule(
        argument_spec=dict(
-            acpi=dict(type='bool', default=True),
+            acpi=dict(type='bool'),
            agent=dict(type='bool'),
-            args=dict(type='str', default=None),
+            args=dict(type='str'),
            api_host=dict(required=True),
-            api_user=dict(required=True),
            api_password=dict(no_log=True),
-            autostart=dict(type='bool', default=False),
-            balloon=dict(type='int', default=0),
+            api_token_id=dict(no_log=True),
+            api_token_secret=dict(no_log=True),
+            api_user=dict(required=True),
+            autostart=dict(type='bool'),
+            balloon=dict(type='int'),
            bios=dict(choices=['seabios', 'ovmf']),
-            boot=dict(type='str', default='cnd'),
+            boot=dict(type='str'),
            bootdisk=dict(type='str'),
+            cicustom=dict(type='str'),
+            cipassword=dict(type='str', no_log=True),
+            citype=dict(type='str', choices=['nocloud', 'configdrive2']),
+            ciuser=dict(type='str'),
            clone=dict(type='str', default=None),
-            cores=dict(type='int', default=1),
-            cpu=dict(type='str', default='kvm64'),
+            cores=dict(type='int'),
+            cpu=dict(type='str'),
            cpulimit=dict(type='int'),
-            cpuunits=dict(type='int', default=1000),
+            cpuunits=dict(type='int'),
            delete=dict(type='str', default=None),
            description=dict(type='str'),
            digest=dict(type='str'),
-            force=dict(type='bool', default=False),
-            format=dict(type='str', default='qcow2', choices=['cloop', 'cow', 'qcow', 'qcow2', 'qed', 'raw', 'vmdk']),
+            force=dict(type='bool'),
+            format=dict(type='str', choices=['cloop', 'cow', 'qcow', 'qcow2', 'qed', 'raw', 'vmdk', 'unspecified']),
            freeze=dict(type='bool'),
            full=dict(type='bool', default=True),
            hostpci=dict(type='dict'),
            hotplug=dict(type='str'),
            hugepages=dict(choices=['any', '2', '1024']),
-            ide=dict(type='dict', default=None),
+            ide=dict(type='dict'),
+            ipconfig=dict(type='dict'),
            keyboard=dict(type='str'),
-            kvm=dict(type='bool', default=True),
+            kvm=dict(type='bool'),
            localtime=dict(type='bool'),
            lock=dict(choices=['migrate', 'backup', 'snapshot', 'rollback']),
            machine=dict(type='str'),
-            memory=dict(type='int', default=512),
+            memory=dict(type='int'),
            migrate_downtime=dict(type='int'),
            migrate_speed=dict(type='int'),
            name=dict(type='str'),
+            nameservers=dict(type='list', elements='str'),
            net=dict(type='dict'),
            newid=dict(type='int', default=None),
            node=dict(),
            numa=dict(type='dict'),
            numa_enabled=dict(type='bool'),
-            onboot=dict(type='bool', default=True),
-            ostype=dict(default='l26', choices=['other', 'wxp', 'w2k', 'w2k3', 'w2k8', 'wvista', 'win7', 'win8', 'win10', 'l24', 'l26', 'solaris']),
+            onboot=dict(type='bool'),
+            ostype=dict(choices=['other', 'wxp', 'w2k', 'w2k3', 'w2k8', 'wvista', 'win7', 'win8', 'win10', 'l24', 'l26', 'solaris']),
            parallel=dict(type='dict'),
            pool=dict(type='str'),
            protection=dict(type='bool'),
            reboot=dict(type='bool'),
-            revert=dict(type='str', default=None),
+            revert=dict(type='str'),
            sata=dict(type='dict'),
            scsi=dict(type='dict'),
            scsihw=dict(choices=['lsi', 'lsi53c810', 'virtio-scsi-pci', 'virtio-scsi-single', 'megasas', 'pvscsi']),
            serial=dict(type='dict'),
+            searchdomains=dict(type='list', elements='str'),
            shares=dict(type='int'),
            skiplock=dict(type='bool'),
            smbios=dict(type='str'),
            snapname=dict(type='str'),
-            sockets=dict(type='int', default=1),
+            sockets=dict(type='int'),
+            sshkeys=dict(type='str'),
            startdate=dict(type='str'),
            startup=dict(),
            state=dict(default='present', choices=['present', 'absent', 'stopped', 'started', 'restarted', 'current']),
            storage=dict(type='str'),
-            tablet=dict(type='bool', default=False),
+            tablet=dict(type='bool'),
            target=dict(type='str'),
            tdf=dict(type='bool'),
-            template=dict(type='bool', default=False),
+            template=dict(type='bool'),
            timeout=dict(type='int', default=30),
            update=dict(type='bool', default=False),
            validate_certs=dict(type='bool', default=False),
-            vcpus=dict(type='int', default=None),
-            vga=dict(default='std', choices=['std', 'cirrus', 'vmware', 'qxl', 'serial0', 'serial1', 'serial2', 'serial3', 'qxl2', 'qxl3', 'qxl4']),
-            virtio=dict(type='dict', default=None),
+            vcpus=dict(type='int'),
+            vga=dict(choices=['std', 'cirrus', 'vmware', 'qxl', 'serial0', 'serial1', 'serial2', 'serial3', 'qxl2', 'qxl3', 'qxl4']),
+            virtio=dict(type='dict'),
            vmid=dict(type='int', default=None),
            watchdog=dict(),
+            proxmox_default_behavior=dict(type='str', choices=['compatibility', 'no_defaults']),
        ),
        mutually_exclusive=[('delete', 'revert'), ('delete', 'update'), ('revert', 'update'), ('clone', 'update'), ('clone', 'delete'), ('clone', 'revert')],
        required_one_of=[('name', 'vmid',)],
@@ -927,9 +1148,11 @@ def main():
    if not HAS_PROXMOXER:
        module.fail_json(msg='proxmoxer required for this module')

-    api_user = module.params['api_user']
    api_host = module.params['api_host']
    api_password = module.params['api_password']
+    api_token_id = module.params['api_token_id']
+    api_token_secret = module.params['api_token_secret']
+    api_user = module.params['api_user']
    clone = module.params['clone']
    cpu = module.params['cpu']
    cores = module.params['cores']
@@ -945,17 +1168,57 @@ def main():
    vmid = module.params['vmid']
    validate_certs = module.params['validate_certs']

-    # If password not set get it from PROXMOX_PASSWORD env
-    if not api_password:
-        try:
-            api_password = os.environ['PROXMOX_PASSWORD']
-        except KeyError as e:
-            module.fail_json(msg='You should set api_password param or use PROXMOX_PASSWORD environment variable')
+    if module.params['proxmox_default_behavior'] is None:
+        module.params['proxmox_default_behavior'] = 'compatibility'
+        module.deprecate(
+            'The proxmox_default_behavior option will change its default value from "compatibility" to '
+            '"no_defaults" in community.general 4.0.0. To remove this warning, please specify an explicit value for it now',
+            version='4.0.0', collection_name='community.general'
+        )
+    if module.params['proxmox_default_behavior'] == 'compatibility':
+        old_default_values = dict(
+            acpi=True,
+            autostart=False,
+            balloon=0,
+            boot='cnd',
+            cores=1,
+            cpu='kvm64',
+            cpuunits=1000,
+            force=False,
+            format='qcow2',
+            kvm=True,
+            memory=512,
+            ostype='l26',
+            sockets=1,
+            tablet=False,
+            template=False,
+            vga='std',
+        )
+        for param, value in old_default_values.items():
+            if module.params[param] is None:
+                module.params[param] = value
+
+    if module.params['format'] == 'unspecified':
+        module.params['format'] = None
+
+    auth_args = {'user': api_user}
+    if not (api_token_id and api_token_secret):
+        # If password not set get it from PROXMOX_PASSWORD env
+        if not api_password:
+            try:
+                api_password = os.environ['PROXMOX_PASSWORD']
+            except KeyError:
+                module.fail_json(msg='You should set api_password param or use PROXMOX_PASSWORD environment variable')
+        auth_args['password'] = api_password
+    else:
+        auth_args['token_name'] = api_token_id
+        auth_args['token_value'] = api_token_secret

    try:
-        proxmox = ProxmoxAPI(api_host, user=api_user, password=api_password, verify_ssl=validate_certs)
+        proxmox = ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
        global PVE_MAJOR_VERSION
-        PVE_MAJOR_VERSION = 3 if proxmox_version(proxmox) < LooseVersion('4.0') else 4
+        version = proxmox_version(proxmox)
+        PVE_MAJOR_VERSION = 3 if version < LooseVersion('4.0') else version.version[0]
    except Exception as e:
        module.fail_json(msg='authorization on proxmox cluster failed with exception: %s' % e)

@@ -965,13 +1228,13 @@ def main():
        if state == 'present' and not update and not clone and not delete and not revert:
            try:
                vmid = get_nextvmid(module, proxmox)
-            except Exception as e:
+            except Exception:
                module.fail_json(msg="Can't get the next vmid for VM {0} automatically. Ensure your cluster state is good".format(name))
        else:
            clone_target = clone or name
            try:
                vmid = get_vmid(proxmox, clone_target)[0]
-            except Exception as e:
+            except Exception:
                vmid = -1

    if clone is not None:
@@ -979,7 +1242,7 @@ def main():
        if not newid:
            try:
                newid = get_nextvmid(module, proxmox)
-            except Exception as e:
+            except Exception:
                module.fail_json(msg="Can't get the next vmid for VM {0} automatically. Ensure your cluster state is good".format(name))

        # Ensure source VM name exists when cloning
@@ -1031,6 +1294,10 @@ def main():
                      bios=module.params['bios'],
                      boot=module.params['boot'],
                      bootdisk=module.params['bootdisk'],
+                      cicustom=module.params['cicustom'],
+                      cipassword=module.params['cipassword'],
+                      citype=module.params['citype'],
+                      ciuser=module.params['ciuser'],
                      cpulimit=module.params['cpulimit'],
                      cpuunits=module.params['cpuunits'],
                      description=module.params['description'],
@@ -1041,6 +1308,7 @@ def main():
                      hotplug=module.params['hotplug'],
                      hugepages=module.params['hugepages'],
                      ide=module.params['ide'],
+                      ipconfig=module.params['ipconfig'],
                      keyboard=module.params['keyboard'],
                      kvm=module.params['kvm'],
                      localtime=module.params['localtime'],
@@ -1065,6 +1333,7 @@ def main():
                      skiplock=module.params['skiplock'],
                      smbios1=module.params['smbios'],
                      snapname=module.params['snapname'],
+                      sshkeys=module.params['sshkeys'],
                      startdate=module.params['startdate'],
                      startup=module.params['startup'],
                      tablet=module.params['tablet'],
--- a/plugins/modules/cloud/misc/proxmox_template.py
+++ b/plugins/modules/cloud/misc/proxmox_template.py
@@ -30,6 +30,16 @@ options:
      - the password to authenticate with
      - you can use PROXMOX_PASSWORD environment variable
    type: str
+  api_token_id:
+    description:
+      - Specify the token ID.
+    type: str
+    version_added: 1.3.0
+  api_token_secret:
+    description:
+      - Specify the token secret.
+    type: str
+    version_added: 1.3.0
  validate_certs:
    description:
      - enable / disable https certificate verification
@@ -39,7 +49,6 @@ options:
    description:
      - Proxmox VE node, when you will operate with template
    type: str
-    required: true
  src:
    description:
      - path to uploaded file
@@ -48,7 +57,8 @@ options:
  template:
    description:
      - the template name
-      - required only for states C(absent), C(info)
+      - Required for state C(absent) to delete a template.
+      - Required for state C(present) to download an appliance container template (pveam).
    type: str
  content_type:
    description:
@@ -121,6 +131,16 @@ EXAMPLES = '''
    api_host: node1
    template: ubuntu-14.04-x86_64.tar.gz
    state: absent
+
+- name: Download proxmox appliance container template
+  community.general.proxmox_template:
+    node: uk-mc02
+    api_user: root@pam
+    api_password: 1q2w3e
+    api_host: node1
+    storage: local
+    content_type: vztmpl
+    template: ubuntu-20.04-standard_20.04-1_amd64.tar.gz
 '''

 import os
@@ -140,21 +160,33 @@ def get_template(proxmox, node, storage, content_type, template):
            if tmpl['volid'] == '%s:%s/%s' % (storage, content_type, template)]


-def upload_template(module, proxmox, api_host, node, storage, content_type, realpath, timeout):
-    taskid = proxmox.nodes(node).storage(storage).upload.post(content=content_type, filename=open(realpath, 'rb'))
+def task_status(module, proxmox, node, taskid, timeout):
+    """
+    Check the task status and wait until the task is completed or the timeout is reached.
+    """
    while timeout:
-        task_status = proxmox.nodes(api_host.split('.')[0]).tasks(taskid).status.get()
+        task_status = proxmox.nodes(node).tasks(taskid).status.get()
        if task_status['status'] == 'stopped' and task_status['exitstatus'] == 'OK':
            return True
        timeout = timeout - 1
        if timeout == 0:
-            module.fail_json(msg='Reached timeout while waiting for uploading template. Last line in task before timeout: %s'
-                             % proxmox.node(node).tasks(taskid).log.get()[:1])
+            module.fail_json(msg='Reached timeout while waiting for uploading/downloading template. Last line in task before timeout: %s'
+                                 % proxmox.node(node).tasks(taskid).log.get()[:1])

        time.sleep(1)
    return False


+def upload_template(module, proxmox, node, storage, content_type, realpath, timeout):
+    taskid = proxmox.nodes(node).storage(storage).upload.post(content=content_type, filename=open(realpath, 'rb'))
+    return task_status(module, proxmox, node, taskid, timeout)
+
+
+def download_template(module, proxmox, node, storage, template, timeout):
+    taskid = proxmox.nodes(node).aplinfo.post(storage=storage, template=template)
+    return task_status(module, proxmox, node, taskid, timeout)
+
+
 def delete_template(module, proxmox, node, storage, content_type, template, timeout):
    volid = '%s:%s/%s' % (storage, content_type, template)
    proxmox.nodes(node).storage(storage).content.delete(volid)
@@ -173,8 +205,10 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            api_host=dict(required=True),
-            api_user=dict(required=True),
            api_password=dict(no_log=True),
+            api_token_id=dict(no_log=True),
+            api_token_secret=dict(no_log=True),
+            api_user=dict(required=True),
            validate_certs=dict(type='bool', default=False),
            node=dict(),
            src=dict(type='path'),
@@ -191,23 +225,33 @@ def main():
        module.fail_json(msg='proxmoxer required for this module')

    state = module.params['state']
-    api_user = module.params['api_user']
    api_host = module.params['api_host']
    api_password = module.params['api_password']
+    api_token_id = module.params['api_token_id']
+    api_token_secret = module.params['api_token_secret']
+    api_user = module.params['api_user']
    validate_certs = module.params['validate_certs']
    node = module.params['node']
    storage = module.params['storage']
    timeout = module.params['timeout']

-    # If password not set get it from PROXMOX_PASSWORD env
-    if not api_password:
-        try:
-            api_password = os.environ['PROXMOX_PASSWORD']
-        except KeyError as e:
-            module.fail_json(msg='You should set api_password param or use PROXMOX_PASSWORD environment variable')
+    auth_args = {'user': api_user}
+    if not (api_token_id and api_token_secret):
+        # If password not set get it from PROXMOX_PASSWORD env
+        if not api_password:
+            try:
+                api_password = os.environ['PROXMOX_PASSWORD']
+            except KeyError as e:
+                module.fail_json(msg='You should set api_password param or use PROXMOX_PASSWORD environment variable')
+        auth_args['password'] = api_password
+    else:
+        auth_args['token_name'] = api_token_id
+        auth_args['token_value'] = api_token_secret

    try:
-        proxmox = ProxmoxAPI(api_host, user=api_user, password=api_password, verify_ssl=validate_certs)
+        proxmox = ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
+        # Used to test the validity of the token if given
+        proxmox.version.get()
    except Exception as e:
        module.fail_json(msg='authorization on proxmox cluster failed with exception: %s' % e)

@@ -216,6 +260,19 @@ def main():
            content_type = module.params['content_type']
            src = module.params['src']

+            # download appliance template
+            if content_type == 'vztmpl' and not src:
+                template = module.params['template']
+
+                if not template:
+                    module.fail_json(msg='template param for downloading appliance template is mandatory')
+
+                if get_template(proxmox, node, storage, content_type, template) and not module.params['force']:
+                    module.exit_json(changed=False, msg='template with volid=%s:%s/%s already exists' % (storage, content_type, template))
+
+                if download_template(module, proxmox, node, storage, template, timeout):
+                    module.exit_json(changed=True, msg='template with volid=%s:%s/%s downloaded' % (storage, content_type, template))
+
            template = os.path.basename(src)
            if get_template(proxmox, node, storage, content_type, template) and not module.params['force']:
                module.exit_json(changed=False, msg='template with volid=%s:%s/%s is already exists' % (storage, content_type, template))
@@ -224,10 +281,10 @@ def main():
            elif not (os.path.exists(src) and os.path.isfile(src)):
                module.fail_json(msg='template file on path %s not exists' % src)

-            if upload_template(module, proxmox, api_host, node, storage, content_type, src, timeout):
+            if upload_template(module, proxmox, node, storage, content_type, src, timeout):
                module.exit_json(changed=True, msg='template with volid=%s:%s/%s uploaded' % (storage, content_type, template))
        except Exception as e:
-            module.fail_json(msg="uploading of template %s failed with exception: %s" % (template, e))
+            module.fail_json(msg="uploading/downloading of template %s failed with exception: %s" % (template, e))

    elif state == 'absent':
        try:
--- a/plugins/modules/cloud/misc/proxmox_user_info.py
+++ b/plugins/modules/cloud/misc/proxmox_user_info.py
@@ -0,0 +1,256 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright: Tristan Le Guern <tleguern at bouledef.eu>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+DOCUMENTATION = '''
+---
+module: proxmox_user_info
+short_description: Retrieve information about one or more Proxmox VE users
+version_added: 1.3.0
+description:
+  - Retrieve information about one or more Proxmox VE users
+options:
+  domain:
+    description:
+      - Restrict results to a specific authentication realm.
+    aliases: ['realm']
+    type: str
+  user:
+    description:
+      - Restrict results to a specific user.
+    aliases: ['name']
+    type: str
+  userid:
+    description:
+      - Restrict results to a specific user ID, which is a concatenation of a user and domain parts.
+    type: str
+author: Tristan Le Guern (@Aversiste)
+extends_documentation_fragment: community.general.proxmox.documentation
+'''
+
+EXAMPLES = '''
+- name: List existing users
+  community.general.proxmox_user_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+  register: proxmox_users
+
+- name: List existing users in the pve authentication realm
+  community.general.proxmox_user_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+    domain: pve
+  register: proxmox_users_pve
+
+- name: Retrieve information about admin@pve
+  community.general.proxmox_user_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+    userid: admin@pve
+  register: proxmox_user_admin
+
+- name: Alternative way to retrieve information about admin@pve
+  community.general.proxmox_user_info:
+    api_host: helldorado
+    api_user: root@pam
+    api_password: "{{ password | default(omit) }}"
+    api_token_id: "{{ token_id | default(omit) }}"
+    api_token_secret: "{{ token_secret | default(omit) }}"
+    user: admin
+    domain: pve
+  register: proxmox_user_admin
+'''
+
+
+RETURN = '''
+proxmox_users:
+    description: List of users.
+    returned: always, but can be empty
+    type: list
+    elements: dict
+    contains:
+      comment:
+        description: Short description of the user.
+        returned: on success
+        type: str
+      domain:
+        description: User's authentication realm, also the right part of the user ID.
+        returned: on success
+        type: str
+      email:
+        description: User's email address.
+        returned: on success
+        type: str
+      enabled:
+        description: User's account state.
+        returned: on success
+        type: bool
+      expire:
+        description: Expiration date in seconds since EPOCH. Zero means no expiration.
+        returned: on success
+        type: int
+      firstname:
+        description: User's first name.
+        returned: on success
+        type: str
+      groups:
+        description: List of groups which the user is a member of.
+        returned: on success
+        type: list
+        elements: str
+      keys:
+        description: User's two factor authentication keys.
+        returned: on success
+        type: str
+      lastname:
+        description: User's last name.
+        returned: on success
+        type: str
+      tokens:
+        description: List of API tokens associated to the user.
+        returned: on success
+        type: list
+        elements: dict
+        contains:
+          comment:
+            description: Short description of the token.
+            returned: on success
+            type: str
+          expire:
+            description: Expiration date in seconds since EPOCH. Zero means no expiration.
+            returned: on success
+            type: int
+          privsep:
+            description: Describe if the API token is further restricted with ACLs or is fully privileged.
+            returned: on success
+            type: bool
+          tokenid:
+            description: Token name.
+            returned: on success
+            type: str
+      user:
+        description: User's login name, also the left part of the user ID.
+        returned: on success
+        type: str
+      userid:
+        description: Proxmox user ID, represented as user@realm.
+        returned: on success
+        type: str
+'''
+
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+from ansible_collections.community.general.plugins.module_utils.proxmox import (
+    proxmox_auth_argument_spec, ProxmoxAnsible, proxmox_to_ansible_bool, HAS_PROXMOXER, PROXMOXER_IMP_ERR)
+
+
+class ProxmoxUserInfoAnsible(ProxmoxAnsible):
+    def get_user(self, userid):
+        try:
+            user = self.proxmox_api.access.users.get(userid)
+        except Exception:
+            self.module.fail_json(msg="User '%s' does not exist" % userid)
+        user['userid'] = userid
+        return ProxmoxUser(user)
+
+    def get_users(self, domain=None):
+        users = self.proxmox_api.access.users.get(full=1)
+        users = [ProxmoxUser(user) for user in users]
+        if domain:
+            return [user for user in users if user.user['domain'] == domain]
+        return users
+
+
+class ProxmoxUser:
+    def __init__(self, user):
+        self.user = dict()
+        # Data representation is not the same depending on API calls
+        for k, v in user.items():
+            if k == 'enable':
+                self.user['enabled'] = proxmox_to_ansible_bool(user['enable'])
+            elif k == 'userid':
+                self.user['user'] = user['userid'].split('@')[0]
+                self.user['domain'] = user['userid'].split('@')[1]
+                self.user[k] = v
+            elif k in ['groups', 'tokens'] and (v == '' or v is None):
+                self.user[k] = []
+            elif k == 'groups' and type(v) == str:
+                self.user['groups'] = v.split(',')
+            elif k == 'tokens' and type(v) == list:
+                for token in v:
+                    if 'privsep' in token:
+                        token['privsep'] = proxmox_to_ansible_bool(token['privsep'])
+                self.user['tokens'] = v
+            elif k == 'tokens' and type(v) == dict:
+                self.user['tokens'] = list()
+                for tokenid, tokenvalues in v.items():
+                    t = tokenvalues
+                    t['tokenid'] = tokenid
+                    if 'privsep' in tokenvalues:
+                        t['privsep'] = proxmox_to_ansible_bool(tokenvalues['privsep'])
+                    self.user['tokens'].append(t)
+            else:
+                self.user[k] = v
+
+
+def proxmox_user_info_argument_spec():
+    return dict(
+        domain=dict(type='str', aliases=['realm']),
+        user=dict(type='str', aliases=['name']),
+        userid=dict(type='str'),
+    )
+
+
+def main():
+    module_args = proxmox_auth_argument_spec()
+    user_info_args = proxmox_user_info_argument_spec()
+    module_args.update(user_info_args)
+
+    module = AnsibleModule(
+        argument_spec=module_args,
+        required_one_of=[('api_password', 'api_token_id')],
+        required_together=[('api_token_id', 'api_token_secret')],
+        mutually_exclusive=[('user', 'userid'), ('domain', 'userid')],
+        supports_check_mode=True
+    )
+    result = dict(
+        changed=False
+    )
+
+    if not HAS_PROXMOXER:
+        module.fail_json(msg=missing_required_lib('proxmoxer'), exception=PROXMOXER_IMP_ERR)
+
+    proxmox = ProxmoxUserInfoAnsible(module)
+    domain = module.params['domain']
+    user = module.params['user']
+    if user and domain:
+        userid = user + '@' + domain
+    else:
+        userid = module.params['userid']
+
+    if userid:
+        users = [proxmox.get_user(userid=userid)]
+    else:
+        users = proxmox.get_users(domain=domain)
+    result['proxmox_users'] = [user.user for user in users]
+
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()
--- a/plugins/modules/cloud/misc/terraform.py
+++ b/plugins/modules/cloud/misc/terraform.py
@@ -105,6 +105,12 @@ options:
    type: list
    elements: path
    version_added: '0.2.0'
+  init_reconfigure:
+    description:
+      - Forces backend reconfiguration during init.
+    default: false
+    type: bool
+    version_added: '1.3.0'
 notes:
   - To just run a `terraform plan`, use check mode.
 requirements: [ "terraform" ]
@@ -153,6 +159,7 @@ outputs:
      returned: always
      description: The type of the value (string, int, etc)
    value:
+      type: str
      returned: always
      description: The value of the output as interpolated by Terraform
 stdout:
@@ -170,7 +177,6 @@ command:
 import os
 import json
 import tempfile
-import traceback
 from ansible.module_utils.six.moves import shlex_quote

 from ansible.module_utils.basic import AnsibleModule
@@ -201,7 +207,7 @@ def _state_args(state_file):
    return []


-def init_plugins(bin_path, project_path, backend_config, backend_config_files):
+def init_plugins(bin_path, project_path, backend_config, backend_config_files, init_reconfigure):
    command = [bin_path, 'init', '-input=false']
    if backend_config:
        for key, val in backend_config.items():
@@ -212,6 +218,8 @@ def init_plugins(bin_path, project_path, backend_config, backend_config_files):
    if backend_config_files:
        for f in backend_config_files:
            command.extend(['-backend-config', f])
+    if init_reconfigure:
+        command.extend('-reconfigure')
    rc, out, err = module.run_command(command, cwd=project_path)
    if rc != 0:
        module.fail_json(msg="Failed to initialize Terraform modules:\r\n{0}".format(err))
@@ -299,6 +307,7 @@ def main():
            force_init=dict(type='bool', default=False),
            backend_config=dict(type='dict', default=None),
            backend_config_files=dict(type='list', elements='path', default=None),
+            init_reconfigure=dict(required=False, type='bool', default=False),
        ),
        required_if=[('state', 'planned', ['plan_file'])],
        supports_check_mode=True,
@@ -316,6 +325,7 @@ def main():
    force_init = module.params.get('force_init')
    backend_config = module.params.get('backend_config')
    backend_config_files = module.params.get('backend_config_files')
+    init_reconfigure = module.params.get('init_reconfigure')

    if bin_path is not None:
        command = [bin_path]
@@ -323,7 +333,7 @@ def main():
        command = [module.get_bin_path('terraform', required=True)]

    if force_init:
-        init_plugins(command[0], project_path, backend_config, backend_config_files)
+        init_plugins(command[0], project_path, backend_config, backend_config_files, init_reconfigure)

    workspace_ctx = get_workspace_context(command[0], project_path)
    if workspace_ctx["current"] != workspace:
--- a/plugins/modules/cloud/oneandone/oneandone_firewall_policy.py
+++ b/plugins/modules/cloud/oneandone/oneandone_firewall_policy.py
@@ -29,52 +29,60 @@ options:
    description:
      - Define a firewall policy state to create, remove, or update.
    required: false
+    type: str
    default: 'present'
    choices: [ "present", "absent", "update" ]
  auth_token:
    description:
      - Authenticating API token provided by 1&1.
-    required: true
+    type: str
  api_url:
    description:
      - Custom API URL. Overrides the
        ONEANDONE_API_URL environment variable.
+    type: str
    required: false
  name:
    description:
      - Firewall policy name used with present state. Used as identifier (id or name) when used with absent state.
        maxLength=128
-    required: true
+    type: str
  firewall_policy:
    description:
      - The identifier (id or name) of the firewall policy used with update state.
-    required: true
+    type: str
  rules:
    description:
      - A list of rules that will be set for the firewall policy.
        Each rule must contain protocol parameter, in addition to three optional parameters
        (port_from, port_to, and source)
+    type: list
  add_server_ips:
    description:
      - A list of server identifiers (id or name) to be assigned to a firewall policy.
        Used in combination with update state.
+    type: list
    required: false
  remove_server_ips:
    description:
      - A list of server IP ids to be unassigned from a firewall policy. Used in combination with update state.
+    type: list
    required: false
  add_rules:
    description:
      - A list of rules that will be added to an existing firewall policy.
        It is syntax is the same as the one used for rules parameter. Used in combination with update state.
+    type: list
    required: false
  remove_rules:
    description:
      - A list of rule ids that will be removed from an existing firewall policy. Used in combination with update state.
+    type: list
    required: false
  description:
    description:
      - Firewall policy description. maxLength=256
+    type: str
    required: false
  wait:
    description:
@@ -85,10 +93,12 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  wait_interval:
    description:
      - Defines the number of seconds to wait when using the _wait_for methods
+    type: int
    default: 5

 requirements:
--- a/plugins/modules/cloud/oneandone/oneandone_load_balancer.py
+++ b/plugins/modules/cloud/oneandone/oneandone_load_balancer.py
@@ -28,90 +28,99 @@ options:
  state:
    description:
      - Define a load balancer state to create, remove, or update.
+    type: str
    required: false
    default: 'present'
    choices: [ "present", "absent", "update" ]
  auth_token:
    description:
      - Authenticating API token provided by 1&1.
-    required: true
+    type: str
  load_balancer:
    description:
      - The identifier (id or name) of the load balancer used with update state.
-    required: true
+    type: str
  api_url:
    description:
      - Custom API URL. Overrides the
        ONEANDONE_API_URL environment variable.
+    type: str
    required: false
  name:
    description:
      - Load balancer name used with present state. Used as identifier (id or name) when used with absent state.
        maxLength=128
-    required: true
+    type: str
  health_check_test:
    description:
      - Type of the health check. At the moment, HTTP is not allowed.
+    type: str
    choices: [ "NONE", "TCP", "HTTP", "ICMP" ]
-    required: true
  health_check_interval:
    description:
      - Health check period in seconds. minimum=5, maximum=300, multipleOf=1
-    required: true
+    type: str
  health_check_path:
    description:
      - Url to call for checking. Required for HTTP health check. maxLength=1000
+    type: str
    required: false
  health_check_parse:
    description:
      - Regular expression to check. Required for HTTP health check. maxLength=64
+    type: str
    required: false
  persistence:
    description:
      - Persistence.
-    required: true
    type: bool
  persistence_time:
    description:
      - Persistence time in seconds. Required if persistence is enabled. minimum=30, maximum=1200, multipleOf=1
-    required: true
+    type: str
  method:
    description:
      - Balancing procedure.
+    type: str
    choices: [ "ROUND_ROBIN", "LEAST_CONNECTIONS" ]
-    required: true
  datacenter:
    description:
      - ID or country code of the datacenter where the load balancer will be created.
-    default: US
+      - If not specified, it defaults to I(US).
+    type: str
    choices: [ "US", "ES", "DE", "GB" ]
    required: false
  rules:
    description:
      - A list of rule objects that will be set for the load balancer. Each rule must contain protocol,
        port_balancer, and port_server parameters, in addition to source parameter, which is optional.
-    required: true
+    type: list
  description:
    description:
      - Description of the load balancer. maxLength=256
+    type: str
    required: false
  add_server_ips:
    description:
      - A list of server identifiers (id or name) to be assigned to a load balancer.
        Used in combination with update state.
+    type: list
    required: false
  remove_server_ips:
    description:
      - A list of server IP ids to be unassigned from a load balancer. Used in combination with update state.
+    type: list
    required: false
  add_rules:
    description:
      - A list of rules that will be added to an existing load balancer.
        It is syntax is the same as the one used for rules parameter. Used in combination with update state.
+    type: list
    required: false
  remove_rules:
    description:
      - A list of rule ids that will be removed from an existing load balancer. Used in combination with update state.
+    type: list
    required: false
  wait:
    description:
@@ -122,10 +131,12 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  wait_interval:
    description:
      - Defines the number of seconds to wait when using the _wait_for methods
+    type: int
    default: 5

 requirements:
--- a/plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py
+++ b/plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py
@@ -29,37 +29,40 @@ options:
  state:
    description:
      - Define a monitoring policy's state to create, remove, update.
+    type: str
    required: false
    default: present
    choices: [ "present", "absent", "update" ]
  auth_token:
    description:
      - Authenticating API token provided by 1&1.
-    required: true
+    type: str
  api_url:
    description:
      - Custom API URL. Overrides the
        ONEANDONE_API_URL environment variable.
+    type: str
    required: false
  name:
    description:
      - Monitoring policy name used with present state. Used as identifier (id or name) when used with absent state. maxLength=128
-    required: true
+    type: str
  monitoring_policy:
    description:
      - The identifier (id or name) of the monitoring policy used with update state.
-    required: true
+    type: str
  agent:
    description:
      - Set true for using agent.
-    required: true
+    type: str
  email:
    description:
      - User's email. maxLength=128
-    required: true
+    type: str
  description:
    description:
      - Monitoring policy description. maxLength=256
+    type: str
    required: false
  thresholds:
    description:
@@ -67,7 +70,7 @@ options:
        which both have alert and value suboptions. Warning is used to set limits for
        warning alerts, critical is used to set critical alerts. alert enables alert,
        and value is used to advise when the value is exceeded.
-    required: true
+    type: list
    suboptions:
      cpu:
        description:
@@ -92,7 +95,7 @@ options:
  ports:
    description:
      - Array of ports that will be monitoring.
-    required: true
+    type: list
    suboptions:
      protocol:
        description:
@@ -115,7 +118,7 @@ options:
  processes:
    description:
      - Array of processes that will be monitoring.
-    required: true
+    type: list
    suboptions:
      process:
        description:
@@ -129,34 +132,42 @@ options:
  add_ports:
    description:
      - Ports to add to the monitoring policy.
+    type: list
    required: false
  add_processes:
    description:
      - Processes to add to the monitoring policy.
+    type: list
    required: false
  add_servers:
    description:
      - Servers to add to the monitoring policy.
+    type: list
    required: false
  remove_ports:
    description:
      - Ports to remove from the monitoring policy.
+    type: list
    required: false
  remove_processes:
    description:
      - Processes to remove from the monitoring policy.
+    type: list
    required: false
  remove_servers:
    description:
      - Servers to remove from the monitoring policy.
+    type: list
    required: false
  update_ports:
    description:
      - Ports to be updated on the monitoring policy.
+    type: list
    required: false
  update_processes:
    description:
      - Processes to be updated on the monitoring policy.
+    type: list
    required: false
  wait:
    description:
@@ -167,10 +178,12 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  wait_interval:
    description:
      - Defines the number of seconds to wait when using the _wait_for methods
+    type: int
    default: 5

 requirements:
--- a/plugins/modules/cloud/oneandone/oneandone_private_network.py
+++ b/plugins/modules/cloud/oneandone/oneandone_private_network.py
@@ -28,44 +28,53 @@ options:
  state:
    description:
      - Define a network's state to create, remove, or update.
+    type: str
    required: false
    default: 'present'
    choices: [ "present", "absent", "update" ]
  auth_token:
    description:
      - Authenticating API token provided by 1&1.
-    required: true
+    type: str
  private_network:
    description:
      - The identifier (id or name) of the network used with update state.
-    required: true
+    type: str
  api_url:
    description:
      - Custom API URL. Overrides the
        ONEANDONE_API_URL environment variable.
+    type: str
    required: false
  name:
    description:
      - Private network name used with present state. Used as identifier (id or name) when used with absent state.
-    required: true
+    type: str
  description:
    description:
      - Set a description for the network.
+    type: str
  datacenter:
    description:
      - The identifier of the datacenter where the private network will be created
+    type: str
+    choices: [US, ES, DE, GB]
  network_address:
    description:
      - Set a private network space, i.e. 192.168.1.0
+    type: str
  subnet_mask:
    description:
      - Set the netmask for the private network, i.e. 255.255.255.0
+    type: str
  add_members:
    description:
      - List of server identifiers (name or id) to be added to the private network.
+    type: list
  remove_members:
    description:
      - List of server identifiers (name or id) to be removed from the private network.
+    type: list
  wait:
    description:
      - wait for the instance to be in state 'running' before returning
@@ -75,10 +84,12 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  wait_interval:
    description:
      - Defines the number of seconds to wait when using the _wait_for methods
+    type: int
    default: 5

 requirements:
--- a/plugins/modules/cloud/oneandone/oneandone_public_ip.py
+++ b/plugins/modules/cloud/oneandone/oneandone_public_ip.py
@@ -28,36 +28,43 @@ options:
  state:
    description:
      - Define a public ip state to create, remove, or update.
+    type: str
    required: false
    default: 'present'
    choices: [ "present", "absent", "update" ]
  auth_token:
    description:
      - Authenticating API token provided by 1&1.
-    required: true
+    type: str
  api_url:
    description:
      - Custom API URL. Overrides the
        ONEANDONE_API_URL environment variable.
+    type: str
    required: false
  reverse_dns:
    description:
      - Reverse DNS name. maxLength=256
+    type: str
    required: false
  datacenter:
    description:
      - ID of the datacenter where the IP will be created (only for unassigned IPs).
+    type: str
+    choices: [US, ES, DE, GB]
+    default: US
    required: false
  type:
    description:
      - Type of IP. Currently, only IPV4 is available.
+    type: str
    choices: ["IPV4", "IPV6"]
    default: 'IPV4'
    required: false
  public_ip_id:
    description:
      - The ID of the public IP used with update and delete states.
-    required: true
+    type: str
  wait:
    description:
      - wait for the instance to be in state 'running' before returning
@@ -67,10 +74,12 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  wait_interval:
    description:
      - Defines the number of seconds to wait when using the _wait_for methods
+    type: int
    default: 5

 requirements:
--- a/plugins/modules/cloud/oneandone/oneandone_server.py
+++ b/plugins/modules/cloud/oneandone/oneandone_server.py
@@ -28,80 +28,98 @@ options:
  state:
    description:
      - Define a server's state to create, remove, start or stop it.
+    type: str
    default: present
    choices: [ "present", "absent", "running", "stopped" ]
  auth_token:
    description:
      - Authenticating API token provided by 1&1. Overrides the
        ONEANDONE_AUTH_TOKEN environment variable.
-    required: true
+    type: str
  api_url:
    description:
      - Custom API URL. Overrides the
        ONEANDONE_API_URL environment variable.
+    type: str
  datacenter:
    description:
      - The datacenter location.
+    type: str
    default: US
    choices: [ "US", "ES", "DE", "GB" ]
  hostname:
    description:
      - The hostname or ID of the server. Only used when state is 'present'.
+    type: str
  description:
    description:
      - The description of the server.
+    type: str
  appliance:
    description:
      - The operating system name or ID for the server.
        It is required only for 'present' state.
+    type: str
  fixed_instance_size:
    description:
      - The instance size name or ID of the server.
        It is required only for 'present' state, and it is mutually exclusive with
        vcore, cores_per_processor, ram, and hdds parameters.
-    required: true
-    choices: [ "S", "M", "L", "XL", "XXL", "3XL", "4XL", "5XL" ]
+      - 'The available choices are: C(S), C(M), C(L), C(XL), C(XXL), C(3XL), C(4XL), C(5XL)'
+    type: str
  vcore:
    description:
      - The total number of processors.
        It must be provided with cores_per_processor, ram, and hdds parameters.
+    type: int
  cores_per_processor:
    description:
      - The number of cores per processor.
        It must be provided with vcore, ram, and hdds parameters.
+    type: int
  ram:
    description:
      - The amount of RAM memory.
        It must be provided with with vcore, cores_per_processor, and hdds parameters.
+    type: float
  hdds:
    description:
      - A list of hard disks with nested "size" and "is_main" properties.
        It must be provided with vcore, cores_per_processor, and ram parameters.
+    type: list
  private_network:
    description:
      - The private network name or ID.
+    type: str
  firewall_policy:
    description:
      - The firewall policy name or ID.
+    type: str
  load_balancer:
    description:
      - The load balancer name or ID.
+    type: str
  monitoring_policy:
    description:
      - The monitoring policy name or ID.
+    type: str
  server:
    description:
      - Server identifier (ID or hostname). It is required for all states except 'running' and 'present'.
+    type: str
  count:
    description:
      - The number of servers to create.
+    type: int
    default: 1
  ssh_key:
    description:
      - User's public SSH key (contents, not path).
+    type: raw
  server_type:
    description:
      - The type of server to be built.
+    type: str
    default: "cloud"
    choices: [ "cloud", "baremetal", "k8s_node" ]
  wait:
@@ -115,10 +133,12 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  wait_interval:
    description:
      - Defines the number of seconds to wait when using the wait_for methods
+    type: int
    default: 5
  auto_increment:
    description:
--- a/plugins/modules/cloud/oracle/oci_vcn.py
+++ b/plugins/modules/cloud/oracle/oci_vcn.py
@@ -17,6 +17,7 @@ description:
 options:
    cidr_block:
        description: The CIDR IP address block of the VCN. Required when creating a VCN with I(state=present).
+        type: str
        required: false
    compartment_id:
        description: The OCID of the compartment to contain the VCN. Required when creating a VCN with I(state=present).
--- a/plugins/modules/cloud/ovh/ovh_ip_failover.py
+++ b/plugins/modules/cloud/ovh/ovh_ip_failover.py
@@ -27,14 +27,17 @@ options:
        description:
            - The IP address to manage (can be a single IP like 1.1.1.1
              or a block like 1.1.1.1/28 )
+        type: str
    service:
        required: true
        description:
            - The name of the OVH service this IP address should be routed
+        type: str
    endpoint:
        required: true
        description:
            - The endpoint to use ( for instance ovh-eu)
+        type: str
    wait_completion:
        required: false
        default: true
@@ -52,24 +55,29 @@ options:
              completion of a previously executed task with
              wait_completion=false. You can execute this module repeatedly on
              a list of failover IPs using wait_completion=false (see examples)
+        type: int
    application_key:
        required: true
        description:
            - The applicationKey to use
+        type: str
    application_secret:
        required: true
        description:
            - The application secret to use
+        type: str
    consumer_key:
        required: true
        description:
            - The consumer key to use
+        type: str
    timeout:
        required: false
        default: 120
        description:
            - The timeout in seconds used to wait for a task to be
              completed. Default is 120 seconds.
+        type: int

 '''

--- a/plugins/modules/cloud/ovh/ovh_ip_loadbalancing_backend.py
+++ b/plugins/modules/cloud/ovh/ovh_ip_loadbalancing_backend.py
@@ -25,46 +25,56 @@ options:
        required: true
        description:
            - Name of the LoadBalancing internal name (ip-X.X.X.X)
+        type: str
    backend:
        required: true
        description:
            - The IP address of the backend to update / modify / delete
+        type: str
    state:
        default: present
        choices: ['present', 'absent']
        description:
            - Determines whether the backend is to be created/modified
              or deleted
+        type: str
    probe:
        default: 'none'
        choices: ['none', 'http', 'icmp' , 'oco']
        description:
            - Determines the type of probe to use for this backend
+        type: str
    weight:
        default: 8
        description:
            - Determines the weight for this backend
+        type: int
    endpoint:
        required: true
        description:
            - The endpoint to use ( for instance ovh-eu)
+        type: str
    application_key:
        required: true
        description:
            - The applicationKey to use
+        type: str
    application_secret:
        required: true
        description:
            - The application secret to use
+        type: str
    consumer_key:
        required: true
        description:
            - The consumer key to use
+        type: str
    timeout:
        default: 120
        description:
            - The timeout in seconds used to wait for a task to be
              completed.
+        type: int

 '''

--- a/plugins/modules/cloud/ovirt/ovirt_vm_facts.py
+++ b/plugins/modules/cloud/ovirt/ovirt_vm_facts.py
@@ -48,6 +48,7 @@ options:
        - "If I(true) all the attributes of the virtual machines should be
           included in the response."
      type: bool
+      default: false
    case_sensitive:
      description:
        - "If I(true) performed search will take case into account."
--- a/plugins/modules/cloud/profitbricks/profitbricks.py
+++ b/plugins/modules/cloud/profitbricks/profitbricks.py
@@ -22,52 +22,63 @@ options:
  name:
    description:
      - The name of the virtual machine.
-    required: true
+    type: str
  image:
    description:
      - The system image ID for creating the virtual machine, e.g. a3eae284-a2fe-11e4-b187-5f1f641608c8.
-    required: true
+    type: str
  image_password:
    description:
      - Password set for the administrative user.
+    type: str
  ssh_keys:
    description:
      - Public SSH keys allowing access to the virtual machine.
+    type: list
  datacenter:
    description:
      - The datacenter to provision this virtual machine.
+    type: str
  cores:
    description:
      - The number of CPU cores to allocate to the virtual machine.
    default: 2
+    type: int
  ram:
    description:
      - The amount of memory to allocate to the virtual machine.
    default: 2048
+    type: int
  cpu_family:
    description:
      - The CPU family type to allocate to the virtual machine.
+    type: str
    default: AMD_OPTERON
    choices: [ "AMD_OPTERON", "INTEL_XEON" ]
  volume_size:
    description:
      - The size in GB of the boot volume.
+    type: int
    default: 10
  bus:
    description:
      - The bus type for the volume.
+    type: str
    default: VIRTIO
    choices: [ "IDE", "VIRTIO"]
  instance_ids:
    description:
      - list of instance ids, currently only used when state='absent' to remove instances.
+    type: list
  count:
    description:
      - The number of virtual machines to create.
+    type: int
    default: 1
  location:
    description:
      - The datacenter location. Use only if you want to create the Datacenter or else this value is ignored.
+    type: str
    default: us/las
    choices: [ "us/las", "de/fra", "de/fkb" ]
  assign_public_ip:
@@ -78,13 +89,16 @@ options:
  lan:
    description:
      - The ID of the LAN you wish to add the servers to.
+    type: int
    default: 1
  subscription_user:
    description:
      - The ProfitBricks username. Overrides the PB_SUBSCRIPTION_ID environment variable.
+    type: str
  subscription_password:
    description:
      - THe ProfitBricks password. Overrides the PB_PASSWORD environment variable.
+    type: str
  wait:
    description:
      - wait for the instance to be in state 'running' before returning
@@ -93,6 +107,7 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  remove_boot_volume:
    description:
@@ -102,8 +117,15 @@ options:
  state:
    description:
      - create or terminate instances
+      - 'The choices available are: C(running), C(stopped), C(absent), C(present).'
+    type: str
    default: 'present'
-    choices: [ "running", "stopped", "absent", "present" ]
+  disk_type:
+    description:
+      - the type of disk to be allocated.
+    type: str
+    choices: [SSD, HDD]
+    default: HDD

 requirements:
     - "profitbricks"
--- a/plugins/modules/cloud/profitbricks/profitbricks_datacenter.py
+++ b/plugins/modules/cloud/profitbricks/profitbricks_datacenter.py
@@ -17,24 +17,28 @@ options:
  name:
    description:
      - The name of the virtual datacenter.
-    required: true
+    type: str
  description:
    description:
      - The description of the virtual datacenter.
+    type: str
    required: false
  location:
    description:
      - The datacenter location.
+    type: str
    required: false
    default: us/las
    choices: [ "us/las", "de/fra", "de/fkb" ]
  subscription_user:
    description:
      - The ProfitBricks username. Overrides the PB_SUBSCRIPTION_ID environment variable.
+    type: str
    required: false
  subscription_password:
    description:
      - THe ProfitBricks password. Overrides the PB_PASSWORD environment variable.
+    type: str
    required: false
  wait:
    description:
@@ -45,13 +49,15 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  state:
    description:
-      - create or terminate datacenters
+      - Create or terminate datacenters.
+      - "The available choices are: C(present), C(absent)."
+    type: str
    required: false
    default: 'present'
-    choices: [ "present", "absent" ]

 requirements: [ "profitbricks" ]
 author: Matt Baldwin (@baldwinSPC) <baldwin@stackpointcloud.com>
@@ -203,7 +209,7 @@ def main():
            subscription_password=dict(no_log=True),
            wait=dict(type='bool', default=True),
            wait_timeout=dict(default=600, type='int'),
-            state=dict(default='present'),
+            state=dict(default='present'),   # @TODO add choices
        )
    )
    if not HAS_PB_SDK:
--- a/plugins/modules/cloud/profitbricks/profitbricks_nic.py
+++ b/plugins/modules/cloud/profitbricks/profitbricks_nic.py
@@ -16,26 +16,28 @@ options:
  datacenter:
    description:
      - The datacenter in which to operate.
-    required: true
+    type: str
  server:
    description:
      - The server name or ID.
-    required: true
+    type: str
  name:
    description:
      - The name or ID of the NIC. This is only required on deletes, but not on create.
-    required: true
+    type: str
  lan:
    description:
      - The LAN to place the NIC on. You can pass a LAN that doesn't exist and it will be created. Required on create.
-    required: true
+    type: str
  subscription_user:
    description:
      - The ProfitBricks username. Overrides the PB_SUBSCRIPTION_ID environment variable.
+    type: str
    required: false
  subscription_password:
    description:
      - THe ProfitBricks password. Overrides the PB_PASSWORD environment variable.
+    type: str
    required: false
  wait:
    description:
@@ -46,13 +48,15 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  state:
    description:
      - Indicate desired state of the resource
+      - "The available choices are: C(present), C(absent)."
+    type: str
    required: false
    default: 'present'
-    choices: ["present", "absent"]

 requirements: [ "profitbricks" ]
 author: Matt Baldwin (@baldwinSPC) <baldwin@stackpointcloud.com>
@@ -228,7 +232,7 @@ def main():
        argument_spec=dict(
            datacenter=dict(),
            server=dict(),
-            name=dict(default=str(uuid.uuid4()).replace('-', '')[:10]),
+            name=dict(default=str(uuid.uuid4()).replace('-', '')[:10]),  # @FIXME please do not do that
            lan=dict(),
            subscription_user=dict(),
            subscription_password=dict(no_log=True),
@@ -241,7 +245,7 @@ def main():
    if not HAS_PB_SDK:
        module.fail_json(msg='profitbricks required for this module')

-    if not module.params.get('subscription_user'):
+    if not module.params.get('subscription_user'):   # @ FIXME use required in argument_spec, same for lines below
        module.fail_json(msg='subscription_user parameter is required')
    if not module.params.get('subscription_password'):
        module.fail_json(msg='subscription_password parameter is required')
@@ -275,7 +279,7 @@ def main():

        try:
            (nic_dict) = create_nic(module, profitbricks)
-            module.exit_json(nics=nic_dict)
+            module.exit_json(nics=nic_dict)  # @FIXME changed not calculated?
        except Exception as e:
            module.fail_json(msg='failed to set nic state: %s' % str(e))

--- a/plugins/modules/cloud/profitbricks/profitbricks_volume.py
+++ b/plugins/modules/cloud/profitbricks/profitbricks_volume.py
@@ -16,49 +16,56 @@ options:
  datacenter:
    description:
      - The datacenter in which to create the volumes.
-    required: true
+    type: str
  name:
    description:
      - The name of the volumes. You can enumerate the names using auto_increment.
-    required: true
+    type: str
  size:
    description:
      - The size of the volume.
+    type: int
    required: false
    default: 10
  bus:
    description:
      - The bus type.
+    type: str
    required: false
    default: VIRTIO
    choices: [ "IDE", "VIRTIO"]
  image:
    description:
      - The system image ID for the volume, e.g. a3eae284-a2fe-11e4-b187-5f1f641608c8. This can also be a snapshot image ID.
-    required: true
+    type: str
  image_password:
    description:
      - Password set for the administrative user.
+    type: str
    required: false
  ssh_keys:
    description:
      - Public SSH keys allowing access to the virtual machine.
+    type: list
    required: false
  disk_type:
    description:
      - The disk type of the volume.
+    type: str
    required: false
    default: HDD
    choices: [ "HDD", "SSD" ]
  licence_type:
    description:
      - The licence type for the volume. This is used when the image is non-standard.
+      - "The available choices are: C(LINUX), C(WINDOWS), C(UNKNOWN), C(OTHER)."
+    type: str
    required: false
    default: UNKNOWN
-    choices: ["LINUX", "WINDOWS", "UNKNOWN" , "OTHER"]
  count:
    description:
      - The number of volumes you wish to create.
+    type: int
    required: false
    default: 1
  auto_increment:
@@ -69,14 +76,17 @@ options:
  instance_ids:
    description:
      - list of instance ids, currently only used when state='absent' to remove instances.
+    type: list
    required: false
  subscription_user:
    description:
      - The ProfitBricks username. Overrides the PB_SUBSCRIPTION_ID environment variable.
+    type: str
    required: false
  subscription_password:
    description:
      - THe ProfitBricks password. Overrides the PB_PASSWORD environment variable.
+    type: str
    required: false
  wait:
    description:
@@ -87,13 +97,15 @@ options:
  wait_timeout:
    description:
      - how long before wait gives up, in seconds
+    type: int
    default: 600
  state:
    description:
      - create or terminate datacenters
+      - "The available choices are: C(present), C(absent)."
+    type: str
    required: false
    default: 'present'
-    choices: ["present", "absent"]

 requirements: [ "profitbricks" ]
 author: Matt Baldwin (@baldwinSPC) <baldwin@stackpointcloud.com>
--- a/Show More
+++ b/Show More