Release 1.3.8.

Add 1.3.8 release summary.
[stable-1] no_log: more false-positives (not flagged by sanity tests yet) (#2017 )
2026-04-28 17:36:49 +00:00 · 2021-03-15 07:23:09 +01:00 · 2021-03-15 07:14:50 +01:00 · 2021-03-13 18:21:21 +01:00 · 2021-03-13 17:37:30 +01:00 · 2021-03-13 12:00:21 +01:00
775 changed files with 18737 additions and 8472 deletions
--- a/.azure-pipelines/README.md
+++ b/.azure-pipelines/README.md
@@ -0,0 +1,3 @@
+## Azure Pipelines Configuration
+
+Please see the [Documentation](https://github.com/ansible/community/wiki/Testing:-Azure-Pipelines) for more information.
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -0,0 +1,323 @@
+trigger:
+  batch: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+pr:
+  autoCancel: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+schedules:
+  - cron: 0 8 * * *
+    displayName: Nightly
+    always: true
+    branches:
+      include:
+        - main
+        - stable-*
+
+variables:
+  - name: checkoutPath
+    value: ansible_collections/community/general
+  - name: coverageBranches
+    value: main
+  - name: pipelinesCoverage
+    value: coverage
+  - name: entryPoint
+    value: tests/utils/shippable/shippable.sh
+  - name: fetchDepth
+    value: 0
+
+resources:
+  containers:
+    - container: default
+      image: quay.io/ansible/azure-pipelines-test-container:1.8.0
+
+pool: Standard
+
+stages:
+### Sanity
+  - stage: Sanity_devel
+    displayName: Sanity devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: devel/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+            - test: extra
+  - stage: Sanity_2_10
+    displayName: Sanity 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.10/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+  - stage: Sanity_2_9
+    displayName: Sanity 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.9/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+### Units
+  - stage: Units_devel
+    displayName: Units devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: devel/units/{0}/1
+          targets:
+            - test: 2.6
+            - test: 2.7
+            - test: 3.5
+            - test: 3.6
+            - test: 3.7
+            - test: 3.8
+            - test: 3.9
+  - stage: Units_2_10
+    displayName: Units 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.10/units/{0}/1
+          targets:
+            - test: 2.6
+            - test: 2.7
+            - test: 3.5
+            - test: 3.6
+            - test: 3.7
+            - test: 3.8
+            - test: 3.9
+  - stage: Units_2_9
+    displayName: Units 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.9/units/{0}/1
+          targets:
+            - test: 2.6
+            - test: 2.7
+            - test: 3.5
+            - test: 3.6
+            - test: 3.7
+            - test: 3.8
+
+## Remote
+  - stage: Remote_devel
+    displayName: Remote devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/{0}
+          targets:
+            - name: macOS 11.1
+              test: macos/11.1
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.3
+              test: rhel/8.3
+            - name: FreeBSD 11.4
+              test: freebsd/11.4
+            - name: FreeBSD 12.2
+              test: freebsd/12.2
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+  - stage: Remote_2_10
+    displayName: Remote 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.10/{0}
+          targets:
+            - name: OS X 10.11
+              test: osx/10.11
+            - name: macOS 10.15
+              test: macos/10.15
+            - name: macOS 11.1
+              test: macos/11.1
+            - name: RHEL 7.8
+              test: rhel/7.8
+            - name: RHEL 8.2
+              test: rhel/8.2
+            - name: FreeBSD 12.1
+              test: freebsd/12.1
+          groups:
+            - 1
+            - 2
+  - stage: Remote_2_9
+    displayName: Remote 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.9/{0}
+          targets:
+            - name: RHEL 8.2
+              test: rhel/8.2
+            - name: FreeBSD 12.0
+              test: freebsd/12.0
+          groups:
+            - 1
+            - 2
+
+### Docker
+  - stage: Docker_devel
+    displayName: Docker devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/linux/{0}
+          targets:
+            - name: CentOS 6
+              test: centos6
+            - name: CentOS 7
+              test: centos7
+            - name: CentOS 8
+              test: centos8
+            - name: Fedora 32
+              test: fedora32
+            - name: Fedora 33
+              test: fedora33
+            - name: openSUSE 15 py2
+              test: opensuse15py2
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+          groups:
+            - 1
+            - 2
+            - 3
+            - 4
+            - 5
+  - stage: Docker_2_10
+    displayName: Docker 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.10/linux/{0}
+          targets:
+            - name: CentOS 8
+              test: centos8
+            - name: Fedora 32
+              test: fedora32
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 16.04
+              test: ubuntu1604
+          groups:
+            - 2
+            - 3
+            - 4
+            - 5
+  - stage: Docker_2_9
+    displayName: Docker 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.9/linux/{0}
+          targets:
+            - name: CentOS 8
+              test: centos8
+            - name: Fedora 31
+              test: fedora31
+            - name: openSUSE 15 py3
+              test: opensuse15
+          groups:
+            - 2
+            - 3
+            - 4
+            - 5
+
+### Cloud
+  - stage: Cloud_devel
+    displayName: Cloud devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: devel/cloud/{0}/1
+          targets:
+            - test: 2.7
+            - test: 3.6
+  - stage: Cloud_2_10
+    displayName: Cloud 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.10/cloud/{0}/1
+          targets:
+            - test: 3.6
+  - stage: Cloud_2_9
+    displayName: Cloud 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.9/cloud/{0}/1
+          targets:
+            - test: 3.6
+  - stage: Summary
+    condition: succeededOrFailed()
+    dependsOn:
+      - Sanity_devel
+      - Sanity_2_9
+      - Sanity_2_10
+      - Units_devel
+      - Units_2_9
+      - Units_2_10
+      - Remote_devel
+      - Remote_2_9
+      - Remote_2_10
+      - Docker_devel
+      - Docker_2_9
+      - Docker_2_10
+      - Cloud_devel
+      - Cloud_2_9
+      - Cloud_2_10
+    jobs:
+      - template: templates/coverage.yml
--- a/.azure-pipelines/scripts/aggregate-coverage.sh
+++ b/.azure-pipelines/scripts/aggregate-coverage.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# Aggregate code coverage results for later processing.
+
+set -o pipefail -eu
+
+agent_temp_directory="$1"
+
+PATH="${PWD}/bin:${PATH}"
+
+mkdir "${agent_temp_directory}/coverage/"
+
+options=(--venv --venv-system-site-packages --color -v)
+
+ansible-test coverage combine --export "${agent_temp_directory}/coverage/" "${options[@]}"
+
+if ansible-test coverage analyze targets generate --help >/dev/null 2>&1; then
+    # Only analyze coverage if the installed version of ansible-test supports it.
+    # Doing so allows this script to work unmodified for multiple Ansible versions.
+    ansible-test coverage analyze targets generate "${agent_temp_directory}/coverage/coverage-analyze-targets.json" "${options[@]}"
+fi
--- a/.azure-pipelines/scripts/combine-coverage.py
+++ b/.azure-pipelines/scripts/combine-coverage.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+"""
+Combine coverage data from multiple jobs, keeping the data only from the most recent attempt from each job.
+Coverage artifacts must be named using the format: "Coverage $(System.JobAttempt) {StableUniqueNameForEachJob}"
+The recommended coverage artifact name format is: Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)
+Keep in mind that Azure Pipelines does not enforce unique job display names (only names).
+It is up to pipeline authors to avoid name collisions when deviating from the recommended format.
+"""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import re
+import shutil
+import sys
+
+
+def main():
+    """Main program entry point."""
+    source_directory = sys.argv[1]
+
+    if '/ansible_collections/' in os.getcwd():
+        output_path = "tests/output"
+    else:
+        output_path = "test/results"
+
+    destination_directory = os.path.join(output_path, 'coverage')
+
+    if not os.path.exists(destination_directory):
+        os.makedirs(destination_directory)
+
+    jobs = {}
+    count = 0
+
+    for name in os.listdir(source_directory):
+        match = re.search('^Coverage (?P<attempt>[0-9]+) (?P<label>.+)$', name)
+        label = match.group('label')
+        attempt = int(match.group('attempt'))
+        jobs[label] = max(attempt, jobs.get(label, 0))
+
+    for label, attempt in jobs.items():
+        name = 'Coverage {attempt} {label}'.format(label=label, attempt=attempt)
+        source = os.path.join(source_directory, name)
+        source_files = os.listdir(source)
+
+        for source_file in source_files:
+            source_path = os.path.join(source, source_file)
+            destination_path = os.path.join(destination_directory, source_file + '.' + label)
+            print('"%s" -> "%s"' % (source_path, destination_path))
+            shutil.copyfile(source_path, destination_path)
+            count += 1
+
+    print('Coverage file count: %d' % count)
+    print('##vso[task.setVariable variable=coverageFileCount]%d' % count)
+    print('##vso[task.setVariable variable=outputPath]%s' % output_path)
+
+
+if __name__ == '__main__':
+    main()
--- a/.azure-pipelines/scripts/process-results.sh
+++ b/.azure-pipelines/scripts/process-results.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# Check the test results and set variables for use in later steps.
+
+set -o pipefail -eu
+
+if [[ "$PWD" =~ /ansible_collections/ ]]; then
+    output_path="tests/output"
+else
+    output_path="test/results"
+fi
+
+echo "##vso[task.setVariable variable=outputPath]${output_path}"
+
+if compgen -G "${output_path}"'/junit/*.xml' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveTestResults]true"
+fi
+
+if compgen -G "${output_path}"'/bot/ansible-test-*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveBotResults]true"
+fi
+
+if compgen -G "${output_path}"'/coverage/*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveCoverageData]true"
+fi
--- a/.azure-pipelines/scripts/publish-codecov.sh
+++ b/.azure-pipelines/scripts/publish-codecov.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# Upload code coverage reports to codecov.io.
+# Multiple coverage files from multiple languages are accepted and aggregated after upload.
+# Python coverage, as well as PowerShell and Python stubs can all be uploaded.
+
+set -o pipefail -eu
+
+output_path="$1"
+
+curl --silent --show-error https://codecov.io/bash > codecov.sh
+
+for file in "${output_path}"/reports/coverage*.xml; do
+    name="${file}"
+    name="${name##*/}"  # remove path
+    name="${name##coverage=}"  # remove 'coverage=' prefix if present
+    name="${name%.xml}"  # remove '.xml' suffix
+
+    bash codecov.sh \
+        -f "${file}" \
+        -n "${name}" \
+        -X coveragepy \
+        -X gcov \
+        -X fix \
+        -X search \
+        -X xcode \
+        || echo "Failed to upload code coverage report to codecov.io: ${file}"
+done
--- a/.azure-pipelines/scripts/report-coverage.sh
+++ b/.azure-pipelines/scripts/report-coverage.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+# Generate code coverage reports for uploading to Azure Pipelines and codecov.io.
+
+set -o pipefail -eu
+
+PATH="${PWD}/bin:${PATH}"
+
+if ! ansible-test --help >/dev/null 2>&1; then
+    # Install the devel version of ansible-test for generating code coverage reports.
+    # This is only used by Ansible Collections, which are typically tested against multiple Ansible versions (in separate jobs).
+    # Since a version of ansible-test is required that can work the output from multiple older releases, the devel version is used.
+    pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
+fi
+
+ansible-test coverage xml --stub --venv --venv-system-site-packages --color -v
--- a/.azure-pipelines/scripts/run-tests.sh
+++ b/.azure-pipelines/scripts/run-tests.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# Configure the test environment and run the tests.
+
+set -o pipefail -eu
+
+entry_point="$1"
+test="$2"
+read -r -a coverage_branches <<< "$3"  # space separated list of branches to run code coverage on for scheduled builds
+
+export COMMIT_MESSAGE
+export COMPLETE
+export COVERAGE
+export IS_PULL_REQUEST
+
+if [ "${SYSTEM_PULLREQUEST_TARGETBRANCH:-}" ]; then
+    IS_PULL_REQUEST=true
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD^2)
+else
+    IS_PULL_REQUEST=
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
+fi
+
+COMPLETE=
+COVERAGE=
+
+if [ "${BUILD_REASON}" = "Schedule" ]; then
+    COMPLETE=yes
+
+    if printf '%s\n' "${coverage_branches[@]}" | grep -q "^${BUILD_SOURCEBRANCHNAME}$"; then
+        COVERAGE=yes
+    fi
+fi
+
+"${entry_point}" "${test}" 2>&1 | "$(dirname "$0")/time-command.py"
--- a/.azure-pipelines/scripts/time-command.py
+++ b/.azure-pipelines/scripts/time-command.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+"""Prepends a relative timestamp to each input line from stdin and writes it to stdout."""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import sys
+import time
+
+
+def main():
+    """Main program entry point."""
+    start = time.time()
+
+    sys.stdin.reconfigure(errors='surrogateescape')
+    sys.stdout.reconfigure(errors='surrogateescape')
+
+    for line in sys.stdin:
+        seconds = time.time() - start
+        sys.stdout.write('%02d:%02d %s' % (seconds // 60, seconds % 60, line))
+        sys.stdout.flush()
+
+
+if __name__ == '__main__':
+    main()
--- a/.azure-pipelines/templates/coverage.yml
+++ b/.azure-pipelines/templates/coverage.yml
@@ -0,0 +1,39 @@
+# This template adds a job for processing code coverage data.
+# It will upload results to Azure Pipelines and codecov.io.
+# Use it from a job stage that completes after all other jobs have completed.
+# This can be done by placing it in a separate summary stage that runs after the test stage(s) have completed.
+
+jobs:
+  - job: Coverage
+    displayName: Code Coverage
+    container: default
+    workspace:
+      clean: all
+    steps:
+      - checkout: self
+        fetchDepth: $(fetchDepth)
+        path: $(checkoutPath)
+      - task: DownloadPipelineArtifact@2
+        displayName: Download Coverage Data
+        inputs:
+          path: coverage/
+          patterns: "Coverage */*=coverage.combined"
+      - bash: .azure-pipelines/scripts/combine-coverage.py coverage/
+        displayName: Combine Coverage Data
+      - bash: .azure-pipelines/scripts/report-coverage.sh
+        displayName: Generate Coverage Report
+        condition: gt(variables.coverageFileCount, 0)
+      - task: PublishCodeCoverageResults@1
+        inputs:
+          codeCoverageTool: Cobertura
+          # Azure Pipelines only accepts a single coverage data file.
+          # That means only Python or PowerShell coverage can be uploaded, but not both.
+          # Set the "pipelinesCoverage" variable to determine which type is uploaded.
+          # Use "coverage" for Python and "coverage-powershell" for PowerShell.
+          summaryFileLocation: "$(outputPath)/reports/$(pipelinesCoverage).xml"
+        displayName: Publish to Azure Pipelines
+        condition: gt(variables.coverageFileCount, 0)
+      - bash: .azure-pipelines/scripts/publish-codecov.sh "$(outputPath)"
+        displayName: Publish to codecov.io
+        condition: gt(variables.coverageFileCount, 0)
+        continueOnError: true
--- a/.azure-pipelines/templates/matrix.yml
+++ b/.azure-pipelines/templates/matrix.yml
@@ -0,0 +1,55 @@
+# This template uses the provided targets and optional groups to generate a matrix which is then passed to the test template.
+# If this matrix template does not provide the required functionality, consider using the test template directly instead.
+
+parameters:
+  # A required list of dictionaries, one per test target.
+  # Each item in the list must contain a "test" or "name" key.
+  # Both may be provided. If one is omitted, the other will be used.
+  - name: targets
+    type: object
+
+  # An optional list of values which will be used to multiply the targets list into a matrix.
+  # Values can be strings or numbers.
+  - name: groups
+    type: object
+    default: []
+
+  # An optional format string used to generate the job name.
+  # - {0} is the name of an item in the targets list.
+  - name: nameFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to generate the test name.
+  # - {0} is the name of an item in the targets list.
+  - name: testFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to add the group to the job name.
+  # {0} is the formatted name of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: nameGroupFormat
+    type: string
+    default: "{0} - {{1}}"
+
+  # An optional format string used to add the group to the test name.
+  # {0} is the formatted test of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: testGroupFormat
+    type: string
+    default: "{0}/{{1}}"
+
+jobs:
+  - template: test.yml
+    parameters:
+      jobs:
+        - ${{ if eq(length(parameters.groups), 0) }}:
+          - ${{ each target in parameters.targets }}:
+            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
+              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
+        - ${{ if not(eq(length(parameters.groups), 0)) }}:
+          - ${{ each group in parameters.groups }}:
+            - ${{ each target in parameters.targets }}:
+              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
+                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}
--- a/.azure-pipelines/templates/test.yml
+++ b/.azure-pipelines/templates/test.yml
@@ -0,0 +1,45 @@
+# This template uses the provided list of jobs to create test one or more test jobs.
+# It can be used directly if needed, or through the matrix template.
+
+parameters:
+  # A required list of dictionaries, one per test job.
+  # Each item in the list must contain a "job" and "name" key.
+  - name: jobs
+    type: object
+
+jobs:
+  - ${{ each job in parameters.jobs }}:
+    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
+      displayName: ${{ job.name }}
+      container: default
+      workspace:
+        clean: all
+      steps:
+        - checkout: self
+          fetchDepth: $(fetchDepth)
+          path: $(checkoutPath)
+        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
+          displayName: Run Tests
+        - bash: .azure-pipelines/scripts/process-results.sh
+          condition: succeededOrFailed()
+          displayName: Process Results
+        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Aggregate Coverage Data
+        - task: PublishTestResults@2
+          condition: eq(variables.haveTestResults, 'true')
+          inputs:
+            testResultsFiles: "$(outputPath)/junit/*.xml"
+          displayName: Publish Test Results
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveBotResults, 'true')
+          displayName: Publish Bot Results
+          inputs:
+            targetPath: "$(outputPath)/bot/"
+            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Publish Coverage Data
+          inputs:
+            targetPath: "$(Agent.TempDirectory)/coverage/"
+            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,568 @@ Community General Release Notes
 .. contents:: Topics


+v1.3.8
+======
+
+Release Summary
+---------------
+
+Security bugfix and regular bugfix release.
+
+Minor Changes
+-------------
+
+- bundler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- consul - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- consul_acl - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- consul_session - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- datadog_monitor - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- oneandone_firewall_policy - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- oneandone_load_balancer - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- oneandone_monitoring_policy - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- oneandone_private_network - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- oneandone_server - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- profitbricks - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- profitbricks_volume - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- sensu_check - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- sensu_client - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- sensu_handler - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- webfaction_domain - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+- webfaction_site - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1885).
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- docker_swarm - if ``join_token`` is specified, a returned join token with the same value will be replaced by ``VALUE_SPECIFIED_IN_NO_LOG_PARAMETER``. Make sure that you do not blindly use the join tokens from the return value of this module when the module is invoked with ``join_token`` specified! This breaking change appears in a minor release since it is necessary to fix a security issue (https://github.com/ansible-collections/community.docker/pull/103).
+
+Security Fixes
+--------------
+
+- docker_swarm - the ``join_token`` option is now marked as ``no_log`` so it is no longer written into logs (https://github.com/ansible-collections/community.docker/pull/103).
+- na_cdot_user - mark the ``set_password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018).
+- sf_account_manager - mark the ``initiator_secret`` and ``target_secret`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/2018).
+
+Bugfixes
+--------
+
+- Mark various module options with ``no_log=False`` which have a name that potentially could leak secrets, but which do not (https://github.com/ansible-collections/community.general/pull/2001).
+- bigpanda - actually use the ``deployment_message`` option (https://github.com/ansible-collections/community.general/pull/1928).
+- cloudforms inventory - fixed issue that non-existing (archived) VMs were synced (https://github.com/ansible-collections/community.general/pull/720).
+- docker_container - fix healthcheck disabling idempotency issue with strict comparison (https://github.com/ansible-collections/community.docker/issues/85).
+- docker_image - prevent module failure when removing image that is removed between inspection and removal (https://github.com/ansible-collections/community.docker/pull/87).
+- docker_image - prevent module failure when removing non-existant image by ID (https://github.com/ansible-collections/community.docker/pull/87).
+- docker_image_info - prevent module failure when image vanishes between listing and inspection (https://github.com/ansible-collections/community.docker/pull/87).
+- docker_image_info - prevent module failure when querying non-existant image by ID (https://github.com/ansible-collections/community.docker/pull/87).
+- nmcli - ensure the ``slave-type`` option is passed to ``nmcli`` for type ``bond-slave`` (https://github.com/ansible-collections/community.general/pull/1882).
+- proxmox - removed requirement that root password is provided when containter state is ``present`` (https://github.com/ansible-collections/community.general/pull/1999).
+- proxmox inventory - added handling of extra trailing slashes in the URL (https://github.com/ansible-collections/community.general/pull/1914).
+- proxmox inventory - exclude qemu templates from inclusion to the inventory via pools (https://github.com/ansible-collections/community.general/issues/1986, https://github.com/ansible-collections/community.general/pull/1991).
+- xfs_quota - the feedback for initializing project quota using xfs_quota binary from ``xfsprogs`` has changed since the version it was written for (https://github.com/ansible-collections/community.general/pull/1596).
+- zfs - some ZFS properties could be passed when the dataset/volume did not exist, but would fail if the dataset already existed, even if the property matched what was specified in the ansible task (https://github.com/ansible-collections/community.general/issues/868, https://github.com/ansible-collections/community.general/pull/1833).
+
+v1.3.7
+======
+
+Release Summary
+---------------
+
+Regular maintenance and bugfix release.
+
+Minor Changes
+-------------
+
+- clc_* modules - elements of list parameters are now validated (https://github.com/ansible-collections/community.general/pull/1771).
+- dnsimple - elements of list parameters ``record_ids`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- gitlab_runner - elements of list parameters ``tag_list`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- keycloak_client - elements of list parameters ``default_roles``, ``redirect_uris``, ``web_origins`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- librato_annotation - elements of list parameters ``links`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- lxd_container - elements of list parameter ``profiles`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- mail - elements of list parameters ``to``, ``cc``, ``bcc``, ``attach``, ``headers`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- na_ontap_gather_facts - elements of list parameters ``gather_subset`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- nexmo - elements of list parameters ``dest`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- nsupdate - elements of list parameters ``value`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- omapi_host - elements of list parameters ``statements`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- onepassword_info - elements of list parameters ``search_terms`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- packet_device - elements of list parameters ``device_ids``, ``hostnames`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- pagerduty - elements of list parameters ``service`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- plugins/module_utils/oracle/oci_utils.py - elements of list parameter ``key_by`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- proxmox_kvm module - actually implemented ``vmid`` and ``status`` return values. Updated documentation to reflect current situation (https://github.com/ansible-collections/community.general/issues/1410, https://github.com/ansible-collections/community.general/pull/1715).
+- pubnub_blocks - elements of list parameters ``event_handlers`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- redfish modules - explicitly setting lists' elements to ``str`` (https://github.com/ansible-collections/community.general/pull/1761).
+- redhat_subscription - elements of list parameters ``pool_ids``, ``addons`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- rocketchat - elements of list parameters ``attachments`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- sendgrid - elements of list parameters ``to_addresses``, ``cc``, ``bcc``, ``attachments`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- sl_vm - elements of list parameters ``disks``, ``ssh_keys`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- slack - elements of list parameters ``attachments`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- statusio_maintenance - elements of list parameters ``components``, ``containers`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- twilio - elements of list parameters ``to_numbers`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- vmadm - elements of list parameters ``disks``, ``nics``, ``resolvers``, ``filesystems`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+- xml - elements of list parameters ``add_children``, ``set_children`` are now validated (https://github.com/ansible-collections/community.general/pull/1795).
+
+Bugfixes
+--------
+
+- aerospike_migration - fix typo that caused ``migrate_tx_key`` instead of ``migrate_rx_key`` being used (https://github.com/ansible-collections/community.general/pull/1739).
+- alternatives - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- beadm - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- chef_databag lookup plugin - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- cobbler_sync, cobbler_system - fix SSL/TLS certificate check when ``validate_certs`` set to ``false`` (https://github.com/ansible-collections/community.general/pull/1880).
+- cronvar - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- dconf - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- deploy_helper - allow ``state=clean`` to be used without defining a ``release`` (https://github.com/ansible-collections/community.general/issues/1852).
+- diy callback plugin - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- elasticsearch_plugin - ``state`` parameter choices must use ``list()`` in python3 (https://github.com/ansible-collections/community.general/pull/1830).
+- filesystem - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- filesystem - remove ``swap`` from list of FS supported by ``resizefs=yes`` (https://github.com/ansible-collections/community.general/issues/790).
+- git_config - prevent ``run_command`` from expanding values (https://github.com/ansible-collections/community.general/issues/1776).
+- gitlab_runner - parameter ``registration_token`` was required but is used only when ``state`` is ``present`` (https://github.com/ansible-collections/community.general/issues/1714).
+- hipchat - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- idrac_redfish_command - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- idrac_redfish_config - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- idrac_redfish_info - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- imc_rest - explicitly logging out instead of registering the call in ```atexit``` (https://github.com/ansible-collections/community.general/issues/1735).
+- infoblox inventory script - make sure that the script also works with Ansible 2.9, and returns a more helpful error when community.general is not installed as part of Ansible 2.10/3 (https://github.com/ansible-collections/community.general/pull/1871).
+- interfaces_file - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- iso_extract - use proper alias deprecation mechanism for ``thirsty`` alias of ``force`` (https://github.com/ansible-collections/community.general/pull/1830).
+- java_cert - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- kibana_plugin - ``state`` parameter choices must use ``list()`` in python3 (https://github.com/ansible-collections/community.general/pull/1830).
+- logstash_plugin - wrapped ``dict.keys()`` with ``list`` for use in ``choices`` setting (https://github.com/ansible-collections/community.general/pull/1830).
+- lvg - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- lvol - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- lxc - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- lxc_container - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- lxc_container - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- lxd_container - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- memcached cache plugin - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- net_tools.nios.api module_utils - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- nios_host_record - allow DNS Bypass for views other than default (https://github.com/ansible-collections/community.general/issues/1786).
+- nomad_job_info - fix module failure when nomad client returns no jobs (https://github.com/ansible-collections/community.general/pull/1721).
+- nsot inventory script - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- oci_vcn - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- oneandone_monitoring_policy - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- parted - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- postgresql_info - fix crash caused by wrong PgSQL version parsing (https://github.com/ansible-collections/community.postgresql/issues/40).
+- postgresql_ping - fix crash caused by wrong PgSQL version parsing (https://github.com/ansible-collections/community.postgresql/issues/40).
+- postgresql_query - fix datetime.timedelta type handling (https://github.com/ansible-collections/community.postgresql/issues/47).
+- postgresql_query - fix decimal handling (https://github.com/ansible-collections/community.postgresql/issues/45).
+- postgresql_set - fails in check_mode on non-numeric values containing ``B`` (https://github.com/ansible-collections/community.postgresql/issues/48).
+- postgresql_set - return a message instead of traceback when a passed parameter has not been found (https://github.com/ansible-collections/community.postgresql/issues/41).
+- proxmox* modules - refactored some parameter validation code into use of ``env_fallback``, ``required_if``, ``required_together``, ``required_one_of`` (https://github.com/ansible-collections/community.general/pull/1765).
+- proxmox_kvm - do not add ``args`` if ``proxmox_default_behavior`` is set to no_defaults  (https://github.com/ansible-collections/community.general/issues/1641).
+- proxmox_kvm - fix parameter ``vmid`` passed twice to ``exit_json`` while creating a virtual machine without cloning (https://github.com/ansible-collections/community.general/issues/1875, https://github.com/ansible-collections/community.general/pull/1895).
+- proxmox_kvm - fix undefined local variable ``status`` when the parameter ``state`` is either ``stopped``, ``started``, ``restarted`` or ``absent`` (https://github.com/ansible-collections/community.general/pull/1847).
+- proxmox_kvm - stop implicitly adding ``force`` equal to ``false``. Proxmox API requires not implemented parameters otherwise, and assumes ``force`` to be ``false`` by default anyways (https://github.com/ansible-collections/community.general/pull/1783).
+- redfish_command - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- redfish_config - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- redhat_subscription - ``mutually_exclusive`` was referring to parameter alias instead of name (https://github.com/ansible-collections/community.general/pull/1795).
+- redhat_subscription - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- redis cache plugin - wrapped usages of ``keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- riak - parameters ``wait_for_handoffs`` and ``wait_for_ring`` are ``int`` but the default value was ``false`` (https://github.com/ansible-collections/community.general/pull/1830).
+- rundeck_acl_policy - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- runit - removed unused code, and passing command as ``list`` instead of ``str`` to ``run_command()`` (https://github.com/ansible-collections/community.general/pull/1830).
+- selective callback plugin - adjust import so that the plugin also works with ansible-core 2.11 (https://github.com/ansible-collections/community.general/pull/1807).
+- selective callback plugin - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- sensu_check - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- spotinst_aws_elastigroup - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- statusio_maintenance - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- timezone - internal refactoring: replaced uses of ``_`` with ``dummy`` (https://github.com/ansible-collections/community.general/pull/1819).
+- utm_utils module_utils - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- vdo - wrapped usages of ``dict.keys()`` in ``list()`` for Python 3 compatibility (https://github.com/ansible-collections/community.general/pull/1861).
+- zfs_delegate_admin - the elements of ``users``, ``groups`` and ``permissions`` are now enforced to be strings (https://github.com/ansible-collections/community.general/pull/1766).
+
+v1.3.6
+======
+
+Release Summary
+---------------
+
+Regular bugfix and security bugfix (potential information leaks in multiple modules, CVE-2021-20191) release.
+
+Minor Changes
+-------------
+
+- scaleway modules and inventory plugin - update regions and zones to add the new ones (https://github.com/ansible-collections/community.general/pull/1690).
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- utm_proxy_auth_profile - the ``frontend_cookie_secret`` return value now contains a placeholder string instead of the module's ``frontend_cookie_secret`` parameter (https://github.com/ansible-collections/community.general/pull/1736).
+
+Security Fixes
+--------------
+
+- dnsmadeeasy - mark the ``account_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- docker_swarm - enabled ``no_log`` for the option ``signing_ca_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1728).
+- gitlab_runner - mark the ``registration_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- hwc_ecs_instance - mark the ``admin_pass`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ibm_sa_host - mark the ``iscsi_chap_secret`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- keycloak_* modules - mark the ``auth_client_secret`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- keycloak_client - mark the ``registration_access_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- librato_annotation - mark the ``api_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- logentries_msg - mark the ``token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- module_utils/_netapp, na_ontap_gather_facts - enabled ``no_log`` for the options ``api_key`` and ``secret_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- module_utils/identity/keycloak, keycloak_client, keycloak_clienttemplate, keycloak_group - enabled ``no_log`` for the option ``auth_client_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- nios_nsgroup - mark the ``tsig_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- oneandone_firewall_policy, oneandone_load_balancer, oneandone_monitoring_policy, oneandone_private_network, oneandone_public_ip - mark the ``auth_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ovirt - mark the ``instance_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ovirt - mark the ``instance_rootpw`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pagerduty_alert - mark the ``api_key``, ``service_key`` and ``integration_key`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pagerduty_change - mark the ``integration_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pingdom - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pulp_repo - mark the ``feed_client_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- rax_clb_ssl - mark the ``private_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- redfish_command - mark the ``update_creds.password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- rollbar_deployment - mark the ``token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- spotinst_aws_elastigroup - mark the ``multai_token`` and ``token`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- stackdriver - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- utm_proxy_auth_profile - enabled ``no_log`` for the option ``frontend_cookie_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- utm_proxy_auth_profile - mark the ``frontend_cookie_secret`` parameter as ``no_log`` to avoid leakage of secrets. This causes the ``utm_proxy_auth_profile`` return value to no longer containing the correct value, but a placeholder (https://github.com/ansible-collections/community.general/pull/1736).
+
+Bugfixes
+--------
+
+- docker connection plugin - fix Docker version parsing, as some docker versions have a leading ``v`` in the output of the command ``docker version --format "{{.Server.Version}}"`` (https://github.com/ansible-collections/community.docker/pull/76).
+- filesystem - do not fail when ``resizefs=yes`` and ``fstype=xfs`` if there is nothing to do, even if the filesystem is not mounted. This only covers systems supporting access to unmounted XFS filesystems. Others will still fail (https://github.com/ansible-collections/community.general/issues/1457, https://github.com/ansible-collections/community.general/pull/1478).
+- gitlab_user - make updates to the ``isadmin``, ``password`` and ``confirm`` options of an already existing GitLab user work (https://github.com/ansible-collections/community.general/pull/1724).
+- parted - change the regex that decodes the partition size to better support different formats that parted uses. Change the regex that validates parted's version string (https://github.com/ansible-collections/community.general/pull/1695).
+- redfish_info module, redfish_utils module utils - add ``Name`` and ``Id`` properties to output of Redfish inventory commands (https://github.com/ansible-collections/community.general/issues/1650).
+- sensu-silence module - fix json parsing of sensu API responses on Python 3.5 (https://github.com/ansible-collections/community.general/pull/1703).
+
+v1.3.5
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- dnsmadeeasy - fix HTTP 400 errors when creating a TXT record (https://github.com/ansible-collections/community.general/issues/1237).
+- docker_container - allow IPv6 zones (RFC 4007) in bind IPs (https://github.com/ansible-collections/community.docker/pull/66).
+- docker_image - fix crash on loading images with versions of Docker SDK for Python before 2.5.0 (https://github.com/ansible-collections/community.docker/issues/72, https://github.com/ansible-collections/community.docker/pull/73).
+- homebrew - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- homebrew_cask - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- homebrew_tap - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- lldp - use ``get_bin_path`` to locate the ``lldpctl`` executable (https://github.com/ansible-collections/community.general/pull/1643).
+- onepassword lookup plugin - updated to support password items, which place the password field directly in the payload's ``details`` attribute (https://github.com/ansible-collections/community.general/pull/1610).
+- passwordstore lookup plugin - fix compatibility with gopass when used with ``create=true``. While pass returns 1 on a non-existent password, gopass returns 10, or 11, depending on whether a similar named password was stored. We now just check standard output and that the return code is not zero (https://github.com/ansible-collections/community.general/pull/1589).
+- terraform - improve result code checking when executing terraform commands (https://github.com/ansible-collections/community.general/pull/1632).
+
+v1.3.4
+======
+
+Release Summary
+---------------
+
+Bugfix/security release that addresses CVE-2021-20180.
+
+Security Fixes
+--------------
+
+- bitbucket_pipeline_variable - **CVE-2021-20180** - hide user sensitive information which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635).
+
+Bugfixes
+--------
+
+- npm - handle json decode exception while parsing command line output (https://github.com/ansible-collections/community.general/issues/1614).
+
+v1.3.3
+======
+
+Release Summary
+---------------
+
+Bugfix/security release that addresses CVE-2021-20178.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the kubevirt modules will be moved to the `community.kubevirt <https://galaxy.ansible.com/community/kubevirt>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use kubevirt modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.kubevirt.`` instead of ``community.general.``,
+  for example replace ``community.general.kubevirt_vm`` in a task by ``community.kubevirt.kubevirt_vm``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the kubevirt modules, you have to make sure to install the ``community.kubevirt`` collection as well.
+  If you are using FQCNs, for example ``community.general.kubevirt_vm`` instead of ``kubevirt_vm``, it will continue working, but we still recommend to adjust the FQCNs as well.
+
+Security Fixes
+--------------
+
+- snmp_facts - **CVE-2021-20178** - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).
+
+Bugfixes
+--------
+
+- terraform - fix ``init_reconfigure`` option for proper CLI args (https://github.com/ansible-collections/community.general/pull/1620).
+
+v1.3.2
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the Google modules will be moved to the `community.google <https://galaxy.ansible.com/community/google>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use Google modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.google.`` instead of ``community.general.``,
+  for example replace ``community.general.gcpubsub`` in a task by ``community.google.gcpubsub``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the Google modules, you have to make sure to install the ``community.google`` collection as well.
+  If you are using FQCNs, for example ``community.general.gcpubsub`` instead of ``gcpubsub``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the OC connection plugin will be moved to the `community.okd <https://galaxy.ansible.com/community/okd>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use OC connection plugin from this collection, you will need to adjust your playbooks and roles to use FQCNs ``community.okd.oc`` instead of ``community.general.oc``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the OC connection plugin, you have to make sure to install the ``community.okd`` collection as well.
+  If you are using FQCNs, in other words ``community.general.oc`` instead of ``oc``, it will continue working, but we still recommend to adjust this FQCN as well.
+- For community.general 2.0.0, the hashi_vault lookup plugin will be moved to the `community.hashi_vault <https://galaxy.ansible.com/community/hashi_vault>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use hashi_vault lookup plugin from this collection, you will need to adjust your playbooks and roles to use FQCNs ``community.hashi_vault.hashi_vault`` instead of ``community.general.hashi_vault``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the hashi_vault lookup plugin, you have to make sure to install the ``community.hashi_vault`` collection as well.
+  If you are using FQCNs, in other words ``community.general.hashi_vault`` instead of ``hashi_vault``, it will continue working, but we still recommend to adjust this FQCN as well.
+
+Minor Changes
+-------------
+
+- homebrew_cask - Homebrew will be deprecating use of ``brew cask`` commands as of version 2.6.0, see https://brew.sh/2020/12/01/homebrew-2.6.0/. Added logic to stop using ``brew cask`` for brew version >= 2.6.0 (https://github.com/ansible-collections/community.general/pull/1481).
+- jira - added the traceback output to ``fail_json()`` calls deriving from exceptions (https://github.com/ansible-collections/community.general/pull/1536).
+
+Bugfixes
+--------
+
+- docker_image - if ``push=true`` is used with ``repository``, and the image does not need to be tagged, still push. This can happen if ``repository`` and ``name`` are equal (https://github.com/ansible-collections/community.docker/issues/52, https://github.com/ansible-collections/community.docker/pull/53).
+- docker_image - report error when loading a broken archive that contains no image (https://github.com/ansible-collections/community.docker/issues/46, https://github.com/ansible-collections/community.docker/pull/55).
+- docker_image - report error when the loaded archive does not contain the specified image (https://github.com/ansible-collections/community.docker/issues/41, https://github.com/ansible-collections/community.docker/pull/55).
+- jira - ``fetch`` and ``search`` no longer indicate that something changed (https://github.com/ansible-collections/community.general/pull/1536).
+- jira - ensured parameter ``issue`` is mandatory for operation ``transition`` (https://github.com/ansible-collections/community.general/pull/1536).
+- jira - module no longer incorrectly reports change for information gathering operations (https://github.com/ansible-collections/community.general/pull/1536).
+- jira - replaced custom parameter validation with ``required_if`` (https://github.com/ansible-collections/community.general/pull/1536).
+- launchd - handle deprecated APIs like ``readPlist`` and ``writePlist`` in ``plistlib`` (https://github.com/ansible-collections/community.general/issues/1552).
+- ldap_search - the module no longer incorrectly reports a change (https://github.com/ansible-collections/community.general/issues/1040).
+- make - fixed ``make`` parameter used for check mode when running a non-GNU ``make`` (https://github.com/ansible-collections/community.general/pull/1574).
+- monit - add support for all monit service checks (https://github.com/ansible-collections/community.general/pull/1532).
+- nios_member - fix Python 3 compatibility with nios api ``member_normalize`` function (https://github.com/ansible-collections/community.general/issues/1526).
+- nmcli - remove ``bridge-slave`` from list of IP based connections ((https://github.com/ansible-collections/community.general/issues/1500).
+- pamd - added logic to retain the comment line (https://github.com/ansible-collections/community.general/issues/1394).
+- passwordstore lookup plugin - always use explicit ``show`` command to retrieve password. This ensures compatibility with ``gopass`` and avoids problems when password names equal ``pass`` commands (https://github.com/ansible-collections/community.general/pull/1493).
+- rhn_channel - Python 2.7.5 fails if the certificate should not be validated. Fixed this by creating the correct ``ssl_context`` (https://github.com/ansible-collections/community.general/pull/470).
+- sendgrid - update documentation and warn user about sendgrid Python library version (https://github.com/ansible-collections/community.general/issues/1553).
+- syslogger - update ``syslog.openlog`` API call for older Python versions, and improve error handling (https://github.com/ansible-collections/community.general/issues/953).
+- yaml callback plugin - do not remove non-ASCII Unicode characters from multiline string output (https://github.com/ansible-collections/community.general/issues/1519).
+
+v1.3.1
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- bigpanda - removed the dynamic default for ``host`` param (https://github.com/ansible-collections/community.general/pull/1423).
+- bitbucket_pipeline_variable - change pagination logic for pipeline variable get API (https://github.com/ansible-collections/community.general/issues/1425).
+- cobbler inventory script - add Python 3 support (https://github.com/ansible-collections/community.general/issues/638).
+- docker_container - the validation for ``capabilities`` in ``device_requests`` was incorrect (https://github.com/ansible-collections/community.docker/issues/42, https://github.com/ansible-collections/community.docker/pull/43).
+- git_config - now raises an error for non-existent repository paths (https://github.com/ansible-collections/community.general/issues/630).
+- icinga2_host - fix returning error codes (https://github.com/ansible-collections/community.general/pull/335).
+- jira - provide error message raised from exception (https://github.com/ansible-collections/community.general/issues/1504).
+- json_query - handle ``AnsibleUnicode`` and ``AnsibleUnsafeText`` (https://github.com/ansible-collections/community.general/issues/320).
+- keycloak module_utils - provide meaningful error message to user when auth URL does not start with http or https (https://github.com/ansible-collections/community.general/issues/331).
+- ldap_entry - improvements in documentation, simplifications and replaced code with better ``AnsibleModule`` arguments (https://github.com/ansible-collections/community.general/pull/1516).
+- mas - fix ``invalid literal`` when no app can be found (https://github.com/ansible-collections/community.general/pull/1436).
+- nios_host_record - fix to remove ``aliases`` (CNAMES) for configuration comparison (https://github.com/ansible-collections/community.general/issues/1335).
+- osx_defaults - unquote values and unescape double quotes when reading array values (https://github.com/ansible-collections/community.general/pull/358).
+- profitbricks_nic - removed the dynamic default for ``name`` param (https://github.com/ansible-collections/community.general/pull/1423).
+- profitbricks_nic - replaced code with ``required`` and ``required_if`` (https://github.com/ansible-collections/community.general/pull/1423).
+- redfish_info module, redfish_utils module utils - correct ``PartNumber`` property name in Redfish ``GetMemoryInventory`` command (https://github.com/ansible-collections/community.general/issues/1483).
+- saltstack connection plugin - use ``hashutil.base64_decodefile`` to ensure that the file checksum is preserved (https://github.com/ansible-collections/community.general/pull/1472).
+- udm_user - removed the dynamic default for ``userexpiry`` param (https://github.com/ansible-collections/community.general/pull/1423).
+- utm_network_interface_address - changed param type from invalid 'boolean' to valid 'bool' (https://github.com/ansible-collections/community.general/pull/1423).
+- utm_proxy_exception - four parameters had elements types set as 'string' (invalid), changed to 'str' (https://github.com/ansible-collections/community.general/pull/1399).
+- vmadm - simplification of code (https://github.com/ansible-collections/community.general/pull/1415).
+- xfconf - add in missing return values that are specified in the documentation (https://github.com/ansible-collections/community.general/issues/1418).
+
+v1.3.0
+======
+
+Release Summary
+---------------
+
+This is the last minor 1.x.0 release. The next releases from the stable-1 branch will be 1.3.y patch releases.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the Hetzner Robot modules will be moved to the `community.hrobot <https://galaxy.ansible.com/community/hrobot>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use Hetzner Robot modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.hrobot.`` instead of ``community.general.hetzner_``,
+  for example replace ``community.general.hetzner_firewall_info`` in a task by ``community.hrobot.firewall_info``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the Hetzner Robot modules, you have to make sure to install the ``community.hrobot`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.hetzner_failover_ip`` instead of ``hetzner_failover_ip``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the ``docker`` modules and plugins will be moved to the `community.docker <https://galaxy.ansible.com/community/docker>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use ``docker`` content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.docker.`` instead of ``community.general.``,
+  for example replace ``community.general.docker_container`` in a task by ``community.docker.docker_container``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the ``docker`` content, you have to make sure to install the ``community.docker`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.docker_container`` instead of ``docker_container``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- For community.general 2.0.0, the ``postgresql`` modules and plugins will be moved to the `community.postgresql <https://galaxy.ansible.com/community/postgresql>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use ``postgresql`` content from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.postgresql.`` instead of ``community.general.``,
+  for example replace ``community.general.postgresql_info`` in a task by ``community.postgresql.postgresql_info``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the ``postgresql`` content, you have to make sure to install the ``community.postgresql`` collection as well.
+  If you are using FQCNs, i.e. ``community.general.postgresql_info`` instead of ``postgresql_info``, it will continue working, but we still recommend to adjust the FQCNs as well.
+- The community.general collection no longer depends on the ansible.posix collection (https://github.com/ansible-collections/community.general/pull/1157).
+
+Minor Changes
+-------------
+
+- Add new filter plugin ``dict_kv`` which returns a single key-value pair from two arguments. Useful for generating complex dictionaries without using loops. For example ``'value' | community.general.dict_kv('key'))`` evaluates to ``{'key': 'value'}`` (https://github.com/ansible-collections/community.general/pull/1264).
+- archive - fix paramater types (https://github.com/ansible-collections/community.general/pull/1039).
+- consul - added support for tcp checks (https://github.com/ansible-collections/community.general/issues/1128).
+- datadog - mark ``notification_message`` as ``no_log`` (https://github.com/ansible-collections/community.general/pull/1338).
+- datadog_monitor - add ``include_tags`` option (https://github.com/ansible/ansible/issues/57441).
+- django_manage - renamed parameter ``app_path`` to ``project_path``, adding ``app_path`` and ``chdir`` as aliases (https://github.com/ansible-collections/community.general/issues/1044).
+- docker_container - now supports the ``device_requests`` option, which allows to request additional resources such as GPUs (https://github.com/ansible/ansible/issues/65748, https://github.com/ansible-collections/community.general/pull/1119).
+- docker_image - return docker build output (https://github.com/ansible-collections/community.general/pull/805).
+- docker_secret - add a warning when the secret does not have an ``ansible_key`` label but the ``force`` parameter is not set (https://github.com/ansible-collections/community.docker/issues/30, https://github.com/ansible-collections/community.docker/pull/31).
+- facter - added option for ``arguments`` (https://github.com/ansible-collections/community.general/pull/768).
+- hashi_vault - support ``VAULT_SKIP_VERIFY`` environment variable for determining if to verify certificates (in addition to the ``validate_certs=`` flag supported today) (https://github.com/ansible-collections/community.general/pull/1024).
+- hashi_vault lookup plugin - add support for JWT authentication (https://github.com/ansible-collections/community.general/pull/1213).
+- infoblox inventory script - use stderr for reporting errors, and allow use of environment for configuration (https://github.com/ansible-collections/community.general/pull/436).
+- ipa_host - silence warning about non-secret ``random_password`` option not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+- ipa_user - silence warning about non-secret ``krbpasswordexpiration`` and ``update_password`` options not having ``no_log`` set (https://github.com/ansible-collections/community.general/pull/1339).
+- linode_v4 - added support for Linode StackScript usage when creating instances (https://github.com/ansible-collections/community.general/issues/723).
+- lvol - fix idempotency issue when using lvol with ``%VG`` or ``%PVS`` size options and VG is fully allocated (https://github.com/ansible-collections/community.general/pull/229).
+- maven_artifact - added ``client_cert`` and ``client_key`` parameters to the maven_artifact module (https://github.com/ansible-collections/community.general/issues/1123).
+- module_helper - added ModuleHelper class and a couple of convenience tools for module developers (https://github.com/ansible-collections/community.general/pull/1322).
+- nmcli - refactor internal methods for simplicity and enhance reuse to support existing and future connection types (https://github.com/ansible-collections/community.general/pull/1113).
+- nmcli - remove Python DBus and GTK Object library dependencies (https://github.com/ansible-collections/community.general/issues/1112).
+- nmcli - the ``dns4``, ``dns4_search``, ``dns6``, and ``dns6_search`` arguments are retained internally as lists (https://github.com/ansible-collections/community.general/pull/1113).
+- odbc - added a parameter ``commit`` which allows users to disable the explicit commit after the execute call (https://github.com/ansible-collections/community.general/pull/1139).
+- openbsd_pkg - added ``snapshot`` option (https://github.com/ansible-collections/community.general/pull/965).
+- pacman - improve group expansion speed: query list of pacman groups once (https://github.com/ansible-collections/community.general/pull/349).
+- parted - add ``resize`` option to resize existing partitions (https://github.com/ansible-collections/community.general/pull/773).
+- passwordstore lookup plugin - added ``umask`` option to set the desired file permisions on creation. This is done via the ``PASSWORD_STORE_UMASK`` environment variable (https://github.com/ansible-collections/community.general/pull/1156).
+- pkgin - add support for installation of full versioned package names (https://github.com/ansible-collections/community.general/pull/1256).
+- pkgng - present the ``ignore_osver`` option to pkg (https://github.com/ansible-collections/community.general/pull/1243).
+- portage - add ``getbinpkgonly`` option, remove unnecessary note on internal portage behaviour (getbinpkg=yes), and remove the undocumented exclusiveness of the pkg options as portage makes no such restriction (https://github.com/ansible-collections/community.general/pull/1169).
+- postgresql_info - add ``in_recovery`` return value to show if a service in recovery mode or not (https://github.com/ansible-collections/community.general/issues/1068).
+- postgresql_privs - add ``procedure`` type support (https://github.com/ansible-collections/community.general/issues/1002).
+- postgresql_query - add ``query_list`` and ``query_all_results`` return values (https://github.com/ansible-collections/community.general/issues/838).
+- proxmox - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox - extract common code and documentation (https://github.com/ansible-collections/community.general/pull/1331).
+- proxmox inventory plugin - ignore QEMU templates altogether instead of skipping the creation of the host in the inventory (https://github.com/ansible-collections/community.general/pull/1185).
+- proxmox_kvm - add cloud-init support (new options: ``cicustom``, ``cipassword``, ``citype``, ``ciuser``, ``ipconfig``, ``nameservers``, ``searchdomains``, ``sshkeys``) (https://github.com/ansible-collections/community.general/pull/797).
+- proxmox_kvm - add new ``proxmox_default_behavior`` option (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox_kvm - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox_template - add support for API tokens (https://github.com/ansible-collections/community.general/pull/1206).
+- proxmox_template - download proxmox applicance templates (pveam) (https://github.com/ansible-collections/community.general/pull/1046).
+- redis cache plugin - add redis sentinel functionality to cache plugin (https://github.com/ansible-collections/community.general/pull/1055).
+- redis cache plugin - make the redis cache keyset name configurable (https://github.com/ansible-collections/community.general/pull/1036).
+- terraform - add ``init_reconfigure`` option, which controls the ``-reconfigure`` flag (backend reconfiguration) (https://github.com/ansible-collections/community.general/pull/823).
+- xfconf - removed unnecessary second execution of ``xfconf-query`` (https://github.com/ansible-collections/community.general/pull/1305).
+
+Deprecated Features
+-------------------
+
+- django_manage - the parameter ``liveserver`` relates to a no longer maintained third-party module for django. It is now deprecated, and will be remove in community.general 3.0.0 (https://github.com/ansible-collections/community.general/pull/1154).
+- proxmox - the default of the new ``proxmox_default_behavior`` option will change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0. Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+- proxmox_kvm - the default of the new ``proxmox_default_behavior`` option will change from ``compatibility`` to ``no_defaults`` in community.general 4.0.0. Set the option to an explicit value to avoid a deprecation warning (https://github.com/ansible-collections/community.general/pull/850).
+- syspatch - deprecate the redundant ``apply`` argument (https://github.com/ansible-collections/community.general/pull/360).
+
+Bugfixes
+--------
+
+- apache2_module - amend existing module identifier workaround to also apply to updated Shibboleth modules (https://github.com/ansible-collections/community.general/issues/1379).
+- beadm - fixed issue "list object has no attribute split" (https://github.com/ansible-collections/community.general/issues/791).
+- capabilities - fix for a newer version of libcap release (https://github.com/ansible-collections/community.general/pull/1061).
+- composer - fix bug in command idempotence with composer v2 (https://github.com/ansible-collections/community.general/issues/1179).
+- docker_login - fix internal config file storage to handle credentials for more than one registry (https://github.com/ansible-collections/community.general/issues/1117).
+- filesystem - add option ``state`` with default ``present``. When set to ``absent``, filesystem signatures are removed (https://github.com/ansible-collections/community.general/issues/355).
+- flatpak - use of the ``--non-interactive`` argument instead of ``-y`` when possible (https://github.com/ansible-collections/community.general/pull/1246).
+- gcp_storage_files lookup plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- gitlab_group - added description parameter to ``createGroup()`` call (https://github.com/ansible-collections/community.general/issues/138).
+- gitlab_group_variable - support for GitLab pagination limitation by iterating over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+- gitlab_project_variable - support for GitLab pagination limitation by iterating over GitLab variable pages (https://github.com/ansible-collections/community.general/pull/968).
+- hashi_vault - fix approle authentication without ``secret_id`` (https://github.com/ansible-collections/community.general/pull/1138).
+- homebrew - fix package name validation for packages containing hypen ``-`` (https://github.com/ansible-collections/community.general/issues/1037).
+- homebrew_cask - fix package name validation for casks containing hypen ``-`` (https://github.com/ansible-collections/community.general/issues/1037).
+- influxdb - fix usage of path for older version of python-influxdb (https://github.com/ansible-collections/community.general/issues/997).
+- iptables_state - fix race condition between module and its action plugin (https://github.com/ansible-collections/community.general/issues/1136).
+- linode inventory plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- lxc_container - fix the type of the ``container_config`` parameter. It is now processed as a list and not a string (https://github.com/ansible-collections/community.general/pull/216).
+- macports - fix failure to install a package whose name is contained within an already installed package's name or variant (https://github.com/ansible-collections/community.general/issues/1307).
+- maven_artifact - handle timestamped snapshot version strings properly (https://github.com/ansible-collections/community.general/issues/709).
+- memcached cache plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- monit - fix modules ability to determine the current state of the monitored process (https://github.com/ansible-collections/community.general/pull/1107).
+- nios_fixed_address, nios_host_record, nios_zone - removed redundant parameter aliases causing warning messages to incorrectly appear in task output (https://github.com/ansible-collections/community.general/issues/852).
+- nmcli - cannot modify ``ifname`` after connection creation (https://github.com/ansible-collections/community.general/issues/1089).
+- nmcli - use consistent autoconnect parameters (https://github.com/ansible-collections/community.general/issues/459).
+- omapi_host - fix compatibility with Python 3 (https://github.com/ansible-collections/community.general/issues/787).
+- packet_net.py inventory script - fixed failure w.r.t. operating system retrieval by changing array subscription back to attribute access (https://github.com/ansible-collections/community.general/pull/891).
+- postgresql_ext - fix the module crashes when available ext versions cannot be compared with current version (https://github.com/ansible-collections/community.general/issues/1095).
+- postgresql_ext - fix version selection when ``version=latest`` (https://github.com/ansible-collections/community.general/pull/1078).
+- postgresql_pg_hba - fix a crash when a new rule with an 'options' field replaces a rule without or vice versa (https://github.com/ansible-collections/community.general/issues/1108).
+- postgresql_privs - fix module fails when ``type`` group and passing ``objs`` value containing hyphens (https://github.com/ansible-collections/community.general/issues/1058).
+- proxmox_kvm - fix issue causing linked clones not being create by allowing ``format=unspecified`` (https://github.com/ansible-collections/community.general/issues/1027).
+- proxmox_kvm - ignore unsupported ``pool`` parameter on update (https://github.com/ansible-collections/community.general/pull/1258).
+- redis - fixes parsing of config values which should not be converted to bytes (https://github.com/ansible-collections/community.general/pull/1079).
+- redis cache plugin - make sure that plugin errors out on initialization if the required library is not found, and not on load-time (https://github.com/ansible-collections/community.general/pull/1297).
+- slack - avoid trying to update existing message when sending messages that contain the string "ts" (https://github.com/ansible-collections/community.general/issues/1097).
+- solaris_zone - fixed issue trying to configure zone in Python 3 (https://github.com/ansible-collections/community.general/issues/1081).
+- syspatch - fix bug where not setting ``apply=true`` would result in error (https://github.com/ansible-collections/community.general/pull/360).
+- xfconf - parameter ``value`` no longer required for state ``absent`` (https://github.com/ansible-collections/community.general/issues/1329).
+- xfconf - xfconf no longer passing the command args as a string, but rather as a list (https://github.com/ansible-collections/community.general/issues/1328).
+- zypper - force ``LANG=C`` to as zypper is looking in XML output where attribute could be translated (https://github.com/ansible-collections/community.general/issues/1175).
+
+New Modules
+-----------
+
+Cloud
+~~~~~
+
+misc
+^^^^
+
+- proxmox_domain_info - Retrieve information about one or more Proxmox VE domains
+- proxmox_group_info - Retrieve information about one or more Proxmox VE groups
+- proxmox_user_info - Retrieve information about one or more Proxmox VE users
+
+Clustering
+~~~~~~~~~~
+
+nomad
+^^^^^
+
+- nomad_job - Launch a Nomad Job
+- nomad_job_info - Get Nomad Jobs info
+
+Monitoring
+~~~~~~~~~~
+
+- pagerduty_change - Track a code or infrastructure change as a PagerDuty change event
+- pagerduty_user - Manage a user account on PagerDuty
+
 v1.2.0
 ======

--- a/README.md
+++ b/README.md
@@ -1,9 +1,12 @@
 # Community General Collection

-[![Run Status](https://api.shippable.com/projects/5e664a167c32620006c9fa50/badge?branch=main)](https://app.shippable.com/github/ansible-collections/community.general/dashboard) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
+[![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-1)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)

 This repo contains the `community.general` Ansible Collection. The collection includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.

+You can find [documentation for this collection on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
+
 ## Tested with Ansible

 Tested with the current Ansible 2.9 and 2.10 releases and the current development version of Ansible. Ansible versions before 2.9.10 are not supported.
@@ -14,7 +17,7 @@ Some modules and plugins require external libraries. Please check the requiremen

 ## Included content

-Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/community/general).
+Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/community/general) or the [documentation on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).

 ## Using this collection

@@ -35,6 +38,14 @@ See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_gui

 If you want to develop new content for this collection or improve what is already here, the easiest way to work on the collection is to clone it into one of the configured [`COLLECTIONS_PATH`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), and work on it there.

+For example, if you are working in the `~/dev` directory:
+
+```
+cd ~/dev
+git clone git@github.com:ansible-collections/community.general.git collections/ansible_collections/community/general
+export COLLECTIONS_PATH=$(pwd)/collections:$COLLECTIONS_PATH
+```
+
 You can find more information in the [developer guide for collections](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections), and in the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).

 ### Running tests
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 1.2.0
+version: 1.3.8
 readme: README.md
 authors:
  - Ansible (https://github.com/ansible)
@@ -10,11 +10,10 @@ tags: [community]
 # NOTE: No more dependencies can be added to this list
 dependencies:
  ansible.netcommon: '>=1.0.0'
-  ansible.posix: '>=1.0.0'
  community.kubernetes: '>=1.0.0'
  google.cloud: '>=1.0.0'
 repository: https://github.com/ansible-collections/community.general
-#documentation: https://github.com/ansible-collection-migration/community.general/tree/main/docs
+documentation: https://docs.ansible.com/ansible/latest/collections/community/general/
 homepage: https://github.com/ansible-collections/community.general
 issues: https://github.com/ansible-collections/community.general/issues
 #type: flatmap
--- a/plugins/action/system/iptables_state.py
+++ b/plugins/action/system/iptables_state.py
@@ -125,15 +125,18 @@ class ActionModule(ActionBase):
                    module_args['_back'] = '%s/iptables.state' % async_dir
                    async_status_args = dict(_async_dir=async_dir)
                    confirm_cmd = 'rm -f %s' % module_args['_back']
+                    starter_cmd = 'touch %s.starter' % module_args['_back']
                    remaining_time = max(task_async, max_timeout)

            # do work!
            result = merge_hash(result, self._execute_module(module_args=module_args, task_vars=task_vars, wrap_async=wrap_async))

            # Then the 3-steps "go ahead or rollback":
-            # - reset connection to ensure a persistent one will not be reused
-            # - confirm the restored state by removing the backup on the remote
-            # - retrieve the results of the asynchronous task to return them
+            # 1. Catch early errors of the module (in asynchronous task) if any.
+            #    Touch a file on the target to signal the module to process now.
+            # 2. Reset connection to ensure a persistent one will not be reused.
+            # 3. Confirm the restored state by removing the backup on the remote.
+            #    Retrieve the results of the asynchronous task to return them.
            if '_back' in module_args:
                async_status_args['jid'] = result.get('ansible_job_id', None)
                if async_status_args['jid'] is None:
@@ -143,12 +146,18 @@ class ActionModule(ActionBase):
                # option type/value, missing required system command, etc.
                result = merge_hash(result, self._async_result(async_status_args, task_vars, 0))

+                # The module is aware to not process the main iptables-restore
+                # command before finding (and deleting) the 'starter' cookie on
+                # the host, so the previous query will not reach ssh timeout.
+                garbage = self._low_level_execute_command(starter_cmd, sudoable=self.DEFAULT_SUDOABLE)
+
+                # As the main command is not yet executed on the target, here
+                # 'finished' means 'failed before main command be executed'.
                if not result['finished']:
                    try:
                        self._connection.reset()
-                        display.v("%s: reset connection" % (module_name))
                    except AttributeError:
-                        display.warning("Connection plugin does not allow to reset the connection.")
+                        pass

                    for x in range(max_timeout):
                        time.sleep(1)
--- a/plugins/cache/memcached.py
+++ b/plugins/cache/memcached.py
@@ -57,8 +57,9 @@ from ansible.utils.display import Display

 try:
    import memcache
+    HAS_MEMCACHE = True
 except ImportError:
-    raise AnsibleError("python-memcached is required for the memcached fact cache")
+    HAS_MEMCACHE = False

 display = Display()

@@ -160,7 +161,7 @@ class CacheModuleKeys(MutableSet):
        self._cache.set(self.PREFIX, self._keyset)

    def remove_by_timerange(self, s_min, s_max):
-        for k in self._keyset.keys():
+        for k in list(self._keyset.keys()):
            t = self._keyset[k]
            if s_min < t < s_max:
                del self._keyset[k]
@@ -187,6 +188,9 @@ class CacheModule(BaseCacheModule):
            self._timeout = C.CACHE_PLUGIN_TIMEOUT
            self._prefix = C.CACHE_PLUGIN_PREFIX

+        if not HAS_MEMCACHE:
+            raise AnsibleError("python-memcached is required for the memcached fact cache")
+
        self._cache = {}
        self._db = ProxyClientPool(connection, debug=0)
        self._keys = CacheModuleKeys(self._db, self._db.get(CacheModuleKeys.PREFIX) or [])
--- a/plugins/cache/redis.py
+++ b/plugins/cache/redis.py
@@ -18,6 +18,7 @@ DOCUMENTATION = '''
          - A colon separated string of connection information for Redis.
          - The format is C(host:port:db:password), for example C(localhost:6379:0:changeme).
          - To use encryption in transit, prefix the connection with C(tls://), as in C(tls://localhost:6379:0:changeme).
+          - To use redis sentinel, use separator C(;), for example C(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0.
        required: True
        env:
          - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
@@ -32,6 +33,23 @@ DOCUMENTATION = '''
        ini:
          - key: fact_caching_prefix
            section: defaults
+      _keyset_name:
+        description: User defined name for cache keyset name.
+        default: ansible_cache_keys
+        env:
+          - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME
+        ini:
+          - key: fact_caching_redis_keyset_name
+            section: defaults
+        version_added: 1.3.0
+      _sentinel_service_name:
+        description: The redis sentinel service name (or referenced as cluster name).
+        env:
+          - name: ANSIBLE_CACHE_REDIS_SENTINEL
+        ini:
+          - key: fact_caching_redis_sentinel
+            section: defaults
+        version_added: 1.3.0
      _timeout:
        default: 86400
        description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
@@ -48,14 +66,16 @@ import json

 from ansible import constants as C
 from ansible.errors import AnsibleError
+from ansible.module_utils._text import to_native
 from ansible.parsing.ajson import AnsibleJSONEncoder, AnsibleJSONDecoder
 from ansible.plugins.cache import BaseCacheModule
 from ansible.utils.display import Display

 try:
    from redis import StrictRedis, VERSION
+    HAS_REDIS = True
 except ImportError:
-    raise AnsibleError("The 'redis' python module (version 2.4.5 or newer) is required for the redis fact cache, 'pip install redis'")
+    HAS_REDIS = False

 display = Display()

@@ -69,6 +89,8 @@ class CacheModule(BaseCacheModule):
    to expire keys. This mechanism is used or a pattern matched 'scan' for
    performance.
    """
+    _sentinel_service_name = None
+
    def __init__(self, *args, **kwargs):
        uri = ''

@@ -78,6 +100,8 @@ class CacheModule(BaseCacheModule):
                uri = self.get_option('_uri')
            self._timeout = float(self.get_option('_timeout'))
            self._prefix = self.get_option('_prefix')
+            self._keys_set = self.get_option('_keyset_name')
+            self._sentinel_service_name = self.get_option('_sentinel_service_name')
        except KeyError:
            display.deprecated('Rather than importing CacheModules directly, '
                               'use ansible.plugins.loader.cache_loader',
@@ -86,17 +110,60 @@ class CacheModule(BaseCacheModule):
                uri = C.CACHE_PLUGIN_CONNECTION
            self._timeout = float(C.CACHE_PLUGIN_TIMEOUT)
            self._prefix = C.CACHE_PLUGIN_PREFIX
+            self._keys_set = 'ansible_cache_keys'
+
+        if not HAS_REDIS:
+            raise AnsibleError("The 'redis' python module (version 2.4.5 or newer) is required for the redis fact cache, 'pip install redis'")

        self._cache = {}
        kw = {}
+
+        # tls connection
        tlsprefix = 'tls://'
        if uri.startswith(tlsprefix):
            kw['ssl'] = True
            uri = uri[len(tlsprefix):]

-        connection = uri.split(':')
-        self._db = StrictRedis(*connection, **kw)
-        self._keys_set = 'ansible_cache_keys'
+        # redis sentinel connection
+        if self._sentinel_service_name:
+            self._db = self._get_sentinel_connection(uri, kw)
+        # normal connection
+        else:
+            connection = uri.split(':')
+            self._db = StrictRedis(*connection, **kw)
+
+        display.vv('Redis connection: %s' % self._db)
+
+    def _get_sentinel_connection(self, uri, kw):
+        """
+        get sentinel connection details from _uri
+        """
+        try:
+            from redis.sentinel import Sentinel
+        except ImportError:
+            raise AnsibleError("The 'redis' python module (version 2.9.0 or newer) is required to use redis sentinel.")
+
+        if ';' not in uri:
+            raise AnsibleError('_uri does not have sentinel syntax.')
+
+        # format: "localhost:26379;localhost2:26379;0:changeme"
+        connections = uri.split(';')
+        connection_args = connections.pop(-1)
+        if len(connection_args) > 0:  # hanle if no db nr is given
+            connection_args = connection_args.split(':')
+            kw['db'] = connection_args.pop(0)
+            try:
+                kw['password'] = connection_args.pop(0)
+            except IndexError:
+                pass  # password is optional
+
+        sentinels = [tuple(shost.split(':')) for shost in connections]
+        display.vv('\nUsing redis sentinels: %s' % sentinels)
+        scon = Sentinel(sentinels, **kw)
+        try:
+            return scon.master_for(self._sentinel_service_name, socket_timeout=0.2)
+        except Exception as exc:
+            raise AnsibleError('Could not connect to redis sentinel: %s' % to_native(exc))

    def _make_key(self, key):
        return self._prefix + key
@@ -149,14 +216,12 @@ class CacheModule(BaseCacheModule):
        self._db.zrem(self._keys_set, key)

    def flush(self):
-        for key in self.keys():
+        for key in list(self.keys()):
            self.delete(key)

    def copy(self):
        # TODO: there is probably a better way to do this in redis
-        ret = dict()
-        for key in self.keys():
-            ret[key] = self.get(key)
+        ret = dict([(k, self.get(k)) for k in self.keys()])
        return ret

    def __getstate__(self):
--- a/plugins/callback/diy.py
+++ b/plugins/callback/diy.py
@@ -1013,7 +1013,7 @@ class CallbackModule(Default):
            for attr in _stats_attributes:
                _ret[self.DIY_NS]['stats'].update({attr: _get_value(obj=stats, attr=attr)})

-        _ret[self.DIY_NS].update({'top_level_var_names': _ret.keys()})
+        _ret[self.DIY_NS].update({'top_level_var_names': list(_ret.keys())})

        return _ret

--- a/plugins/callback/hipchat.py
+++ b/plugins/callback/hipchat.py
@@ -173,8 +173,7 @@ class CallbackModule(CallbackBase):
        # Displays info about playbook being started by a person on an
        # inventory, as well as Tags, Skip Tags and Limits
        if not self.printed_playbook:
-            self.playbook_name, _ = os.path.splitext(
-                os.path.basename(self.play.playbook.filename))
+            self.playbook_name, dummy = os.path.splitext(os.path.basename(self.play.playbook.filename))
            host_list = self.play.playbook.inventory.host_list
            inventory = os.path.basename(os.path.realpath(host_list))
            self.send_msg("%s: Playbook initiated by %s against %s" %
--- a/plugins/callback/selective.py
+++ b/plugins/callback/selective.py
@@ -41,7 +41,16 @@ import difflib
 from ansible import constants as C
 from ansible.plugins.callback import CallbackBase
 from ansible.module_utils._text import to_text
-from ansible.utils.color import codeCodes
+
+try:
+    codeCodes = C.COLOR_CODES
+except AttributeError:
+    # This constant was moved to ansible.constants in
+    # https://github.com/ansible/ansible/commit/1202dd000f10b0e8959019484f1c3b3f9628fc67
+    # (will be included in ansible-core 2.11.0). For older Ansible/ansible-base versions,
+    # we include from the original location.
+    from ansible.utils.color import codeCodes
+

 DONT_COLORIZE = False
 COLORS = {
@@ -58,7 +67,7 @@ COLORS = {

 def dict_diff(prv, nxt):
    """Return a dict of keys that differ with another config object."""
-    keys = set(prv.keys() + nxt.keys())
+    keys = set(list(prv.keys()) + list(nxt.keys()))
    result = {}
    for k in keys:
        if prv.get(k) != nxt.get(k):
--- a/plugins/callback/yaml.py
+++ b/plugins/callback/yaml.py
@@ -50,7 +50,7 @@ def my_represent_scalar(self, tag, value, style=None):
            # ...no trailing space
            value = value.rstrip()
            # ...and non-printable characters
-            value = ''.join(x for x in value if x in string.printable)
+            value = ''.join(x for x in value if x in string.printable or ord(x) >= 0xA0)
            # ...tabs prevent blocks from expanding
            value = value.expandtabs()
            # ...and odd bits of whitespace
--- a/plugins/connection/docker.py
+++ b/plugins/connection/docker.py
@@ -116,7 +116,9 @@ class Connection(ConnectionBase):

    @staticmethod
    def _sanitize_version(version):
-        return re.sub(u'[^0-9a-zA-Z.]', u'', version)
+        version = re.sub(u'[^0-9a-zA-Z.]', u'', version)
+        version = re.sub(u'^v', u'', version)
+        return version

    def _old_docker_version(self):
        cmd_args = []
--- a/plugins/connection/lxc.py
+++ b/plugins/connection/lxc.py
@@ -86,7 +86,7 @@ class Connection(ConnectionBase):
            write_fds = []
        while len(read_fds) > 0 or len(write_fds) > 0:
            try:
-                ready_reads, ready_writes, _ = select.select(read_fds, write_fds, [])
+                ready_reads, ready_writes, dummy = select.select(read_fds, write_fds, [])
            except select.error as e:
                if e.args[0] == errno.EINTR:
                    continue
--- a/plugins/connection/saltstack.py
+++ b/plugins/connection/saltstack.py
@@ -19,6 +19,7 @@ DOCUMENTATION = '''
 import re
 import os
 import pty
+import codecs
 import subprocess

 from ansible.module_utils._text import to_bytes, to_text
@@ -85,9 +86,9 @@ class Connection(ConnectionBase):

        out_path = self._normalize_path(out_path, '/')
        self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.host)
-        with open(in_path) as in_fh:
+        with open(in_path, 'rb') as in_fh:
            content = in_fh.read()
-        self.client.cmd(self.host, 'file.write', [out_path, content])
+        self.client.cmd(self.host, 'hashutil.base64_decodefile', [codecs.encode(content, 'base64'), out_path])

    # TODO test it
    def fetch_file(self, in_path, out_path):
--- a/plugins/doc_fragments/dimensiondata.py
+++ b/plugins/doc_fragments/dimensiondata.py
@@ -19,7 +19,6 @@ options:
  region:
    description:
      - The target region.
-    choices:
      - Regions are defined in Apache libcloud project [libcloud/common/dimensiondata.py]
      - They are also listed in U(https://libcloud.readthedocs.io/en/latest/compute/drivers/dimensiondata.html)
      - Note that the default value "na" stands for "North America".
--- a/plugins/doc_fragments/influxdb.py
+++ b/plugins/doc_fragments/influxdb.py
@@ -40,6 +40,7 @@ options:
  path:
    description:
    - The path on which InfluxDB server is accessible
+    - Only available when using python-influxdb >= 5.1.0
    type: str
    version_added: '0.2.0'
  validate_certs:
@@ -52,6 +53,7 @@ options:
    description:
    - Use https instead of http to connect to InfluxDB server.
    type: bool
+    default: false
  timeout:
    description:
    - Number of seconds Requests will wait for client to establish a connection.
@@ -60,12 +62,14 @@ options:
    description:
    - Number of retries client will try before aborting.
    - C(0) indicates try until success.
+    - Only available when using python-influxdb >= 4.1.0
    type: int
    default: 3
  use_udp:
    description:
    - Use UDP to connect to InfluxDB server.
    type: bool
+    default: false
  udp_port:
    description:
    - UDP port to connect to InfluxDB server.
--- a/plugins/doc_fragments/manageiq.py
+++ b/plugins/doc_fragments/manageiq.py
@@ -15,14 +15,14 @@ options:
  manageiq_connection:
    description:
      - ManageIQ connection configuration information.
-    required: true
+    required: false
    type: dict
    suboptions:
      url:
        description:
          - ManageIQ environment url. C(MIQ_URL) env var if set. otherwise, it is required to pass it.
        type: str
-        required: true
+        required: false
      username:
        description:
          - ManageIQ username. C(MIQ_USERNAME) env var if set. otherwise, required if no token is passed in.
@@ -44,7 +44,7 @@ options:
      ca_cert:
        description:
          - The path to a CA bundle file or directory with certificates. defaults to None.
-        type: path
+        type: str
        aliases: [ ca_bundle_path ]

 requirements:
--- a/plugins/doc_fragments/nios.py
+++ b/plugins/doc_fragments/nios.py
@@ -24,7 +24,6 @@ options:
          - Value can also be specified using C(INFOBLOX_HOST) environment
            variable.
        type: str
-        required: true
      username:
        description:
          - Configures the username to use to authenticate the connection to
--- a/plugins/doc_fragments/nomad.py
+++ b/plugins/doc_fragments/nomad.py
@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2020 FERREIRA Christophe <christophe.ferreira@cnaf.fr>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+    # Standard files documentation fragment
+    DOCUMENTATION = r'''
+options:
+    host:
+      description:
+        - FQDN of Nomad server.
+      required: true
+      type: str
+    use_ssl:
+      description:
+        - Use TLS/SSL connection.
+      type: bool
+      default: true
+    timeout:
+      description:
+        - Timeout (in seconds) for the request to Nomad.
+      type: int
+      default: 5
+    validate_certs:
+      description:
+        - Enable TLS/SSL certificate validation.
+      type: bool
+      default: true
+    client_cert:
+      description:
+        - Path of certificate for TLS/SSL.
+      type: path
+    client_key:
+      description:
+        - Path of certificate's private key for TLS/SSL.
+      type: path
+    namespace:
+      description:
+        - Namespace for Nomad.
+      type: str
+    token:
+      description:
+        - ACL token for authentification.
+      type: str
+'''
--- a/plugins/doc_fragments/online.py
+++ b/plugins/doc_fragments/online.py
@@ -15,6 +15,7 @@ options:
    description:
      - Online OAuth token.
    type: str
+    required: true
    aliases: [ oauth_token ]
  api_url:
    description:
--- a/plugins/doc_fragments/oracle_creatable_resource.py
+++ b/plugins/doc_fragments/oracle_creatable_resource.py
@@ -20,4 +20,5 @@ class ModuleDocFragment(object):
                         identify an instance of the resource. By default, all the attributes of a resource except
                         I(freeform_tags) are used to uniquely identify a resource.
            type: list
+            elements: str
    """
--- a/plugins/doc_fragments/ovirt_facts.py
+++ b/plugins/doc_fragments/ovirt_facts.py
@@ -19,6 +19,7 @@ options:
              Only the attributes of the current entity. User can configure to fetch other
              attributes of the nested entities by specifying C(nested_attributes).
        type: bool
+        default: false
    nested_attributes:
        description:
            - Specifies list of the attributes which should be fetched from the API.
--- a/plugins/doc_fragments/proxmox.py
+++ b/plugins/doc_fragments/proxmox.py
@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+    # Common parameters for Proxmox VE modules
+    DOCUMENTATION = r'''
+options:
+  api_host:
+    description:
+      - Specify the target host of the Proxmox VE cluster.
+    type: str
+    required: true
+  api_user:
+    description:
+      - Specify the user to authenticate with.
+    type: str
+    required: true
+  api_password:
+    description:
+      - Specify the password to authenticate with.
+      - You can use C(PROXMOX_PASSWORD) environment variable.
+    type: str
+  api_token_id:
+    description:
+      - Specify the token ID.
+    type: str
+    version_added: 1.3.0
+  api_token_secret:
+    description:
+      - Specify the token secret.
+    type: str
+    version_added: 1.3.0
+  validate_certs:
+    description:
+      - If C(no), SSL certificates will not be validated.
+      - This should only be used on personally controlled sites using self-signed certificates.
+    type: bool
+    default: no
+requirements: [ "proxmoxer", "requests" ]
+'''
--- a/plugins/doc_fragments/rackspace.py
+++ b/plugins/doc_fragments/rackspace.py
@@ -32,7 +32,6 @@ options:
    description:
      - Region to create an instance in.
    type: str
-    default: DFW
  username:
    description:
      - Rackspace username, overrides I(credentials).
@@ -59,37 +58,45 @@ notes:
    OPENSTACK = r'''
 options:
  api_key:
+    type: str
    description:
      - Rackspace API key, overrides I(credentials).
    aliases: [ password ]
  auth_endpoint:
+    type: str
    description:
      - The URI of the authentication service.
-    default: https://identity.api.rackspacecloud.com/v2.0/
+      - If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/)
  credentials:
+    type: path
    description:
      - File to find the Rackspace credentials in. Ignored if I(api_key) and
        I(username) are provided.
    aliases: [ creds_file ]
  env:
+    type: str
    description:
      - Environment as configured in I(~/.pyrax.cfg),
        see U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration).
  identity_type:
+    type: str
    description:
      - Authentication mechanism to use, such as rackspace or keystone.
    default: rackspace
  region:
+    type: str
    description:
      - Region to create an instance in.
-    default: DFW
  tenant_id:
+    type: str
    description:
      - The tenant ID used for authentication.
  tenant_name:
+    type: str
    description:
      - The tenant name used for authentication.
  username:
+    type: str
    description:
      - Rackspace username, overrides I(credentials).
  validate_certs:
--- a/plugins/filter/dict_kv.py
+++ b/plugins/filter/dict_kv.py
@@ -0,0 +1,70 @@
+# Copyright (C) 2020 Stanislav German-Evtushenko (@giner) <ginermail@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+def dict_kv(value, key):
+    '''Return a dictionary with a single key-value pair
+
+    Example:
+
+        - hosts: localhost
+          gather_facts: false
+          vars:
+            myvar: myvalue
+          tasks:
+          - debug:
+              msg: "{{ myvar | dict_kv('thatsmyvar') }}"
+
+        produces:
+
+        ok: [localhost] => {
+            "msg": {
+                "thatsmyvar": "myvalue"
+            }
+        }
+
+    Example 2:
+
+        - hosts: localhost
+          gather_facts: false
+          vars:
+            common_config:
+              type: host
+              database: all
+            myservers:
+            - server1
+            - server2
+          tasks:
+          - debug:
+              msg: "{{ myservers | map('dict_kv', 'server') | map('combine', common_config) }}"
+
+        produces:
+
+        ok: [localhost] => {
+            "msg": [
+                {
+                    "database": "all",
+                    "server": "server1",
+                    "type": "host"
+                },
+                {
+                    "database": "all",
+                    "server": "server2",
+                    "type": "host"
+                }
+            ]
+        }
+    '''
+    return {key: value}
+
+
+class FilterModule(object):
+    ''' Query filter '''
+
+    def filters(self):
+        return {
+            'dict_kv': dict_kv
+        }
--- a/plugins/filter/json_query.py
+++ b/plugins/filter/json_query.py
@@ -35,6 +35,9 @@ def json_query(data, expr):
        raise AnsibleError('You need to install "jmespath" prior to running '
                           'json_query filter')

+    # Hack to handle Ansible String Types
+    # See issue: https://github.com/ansible-collections/community.general/issues/320
+    jmespath.functions.REVERSE_TYPES_MAP['string'] = jmespath.functions.REVERSE_TYPES_MAP['string'] + ('AnsibleUnicode', 'AnsibleUnsafeText', )
    try:
        return jmespath.search(expr, data)
    except jmespath.exceptions.JMESPathError as e:
--- a/plugins/inventory/linode.py
+++ b/plugins/inventory/linode.py
@@ -32,12 +32,10 @@ DOCUMENTATION = r'''
          description: Populate inventory with instances in this region.
          default: []
          type: list
-          required: false
        types:
          description: Populate inventory with instances with this type.
          default: []
          type: list
-          required: false
 '''

 EXAMPLES = r'''
@@ -63,8 +61,9 @@ from ansible.plugins.inventory import BaseInventoryPlugin
 try:
    from linode_api4 import LinodeClient
    from linode_api4.errors import ApiError as LinodeApiError
+    HAS_LINODE = True
 except ImportError:
-    raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
+    HAS_LINODE = False


 class InventoryModule(BaseInventoryPlugin):
@@ -194,6 +193,9 @@ class InventoryModule(BaseInventoryPlugin):
        """Dynamically parse Linode the cloud inventory."""
        super(InventoryModule, self).parse(inventory, loader, path)

+        if not HAS_LINODE:
+            raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
+
        config_data = self._read_config_data(path)
        self._build_client()

--- a/plugins/inventory/online.py
+++ b/plugins/inventory/online.py
@@ -2,18 +2,16 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

 from __future__ import (absolute_import, division, print_function)
-
-
 __metaclass__ = type

-DOCUMENTATION = '''
+DOCUMENTATION = r'''
    name: online
    plugin_type: inventory
    author:
      - Remy Leone (@sieben)
-    short_description: Online inventory source
+    short_description: Scaleway (previously Online SAS or Online.net) inventory source
    description:
-        - Get inventory hosts from Online
+        - Get inventory hosts from Scaleway (previously Online SAS or Online.net).
    options:
        plugin:
            description: token that ensures this is a source file for the 'online' plugin.
@@ -45,7 +43,7 @@ DOCUMENTATION = '''
                - rpn
 '''

-EXAMPLES = '''
+EXAMPLES = r'''
 # online_inventory.yml file in YAML format
 # Example command line: ansible-inventory --list -i online_inventory.yml

--- a/plugins/inventory/proxmox.py
+++ b/plugins/inventory/proxmox.py
@@ -212,10 +212,8 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                if config == 'rootfs' or config.startswith(('virtio', 'sata', 'ide', 'scsi')):
                    value = ('disk_image=' + value)

-                if isinstance(value, int) or ',' not in value:
-                    value = value
-                # split off strings with commas to a dict
-                else:
+                if not (isinstance(value, int) or ',' not in value):
+                    # split off strings with commas to a dict
                    # skip over any keys that cannot be processed
                    try:
                        value = dict(key.split("=") for key in value.split(","))
@@ -300,10 +298,12 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                node_qemu_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), ('%s_qemu' % node['node']).lower()))
                self.inventory.add_group(node_qemu_group)
                for qemu in self._get_qemu_per_node(node['node']):
-                    if not qemu['template']:
-                        self.inventory.add_host(qemu['name'])
-                        self.inventory.add_child(qemu_group, qemu['name'])
-                        self.inventory.add_child(node_qemu_group, qemu['name'])
+                    if qemu['template']:
+                        continue
+
+                    self.inventory.add_host(qemu['name'])
+                    self.inventory.add_child(qemu_group, qemu['name'])
+                    self.inventory.add_child(node_qemu_group, qemu['name'])

                    # get QEMU status
                    self._get_vm_status(node['node'], qemu['vmid'], 'qemu', qemu['name'])
@@ -325,7 +325,8 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):

                for member in self._get_members_per_pool(pool['poolid']):
                    if member.get('name'):
-                        self.inventory.add_child(pool_group, member['name'])
+                        if not member.get('template'):
+                            self.inventory.add_child(pool_group, member['name'])

    def parse(self, inventory, loader, path, cache=True):
        if not HAS_REQUESTS:
@@ -338,7 +339,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
        self._read_config_data(path)

        # get connection host
-        self.proxmox_url = self.get_option('url')
+        self.proxmox_url = self.get_option('url').rstrip('/')
        self.proxmox_user = self.get_option('user')
        self.proxmox_password = self.get_option('password')
        self.cache_key = self.get_cache_key(path)
--- a/plugins/inventory/scaleway.py
+++ b/plugins/inventory/scaleway.py
@@ -24,6 +24,8 @@ DOCUMENTATION = '''
            default:
                - ams1
                - par1
+                - par2
+                - waw1
        tags:
            description: Filter results on a specific tag
            type: list
--- a/plugins/inventory/virtualbox.py
+++ b/plugins/inventory/virtualbox.py
@@ -217,7 +217,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                    yield host not in v
            yield True

-        return all([found_host for found_host in find_host(host, inventory)])
+        return all(find_host(host, inventory))

    def verify_file(self, path):

--- a/plugins/lookup/chef_databag.py
+++ b/plugins/lookup/chef_databag.py
@@ -81,7 +81,7 @@ class LookupModule(LookupBase):
                )
        if args:
            raise AnsibleError(
-                "unrecognized arguments to with_sequence: %r" % args.keys()
+                "unrecognized arguments to with_sequence: %r" % list(args.keys())
            )

    def run(self, terms, variables=None, **kwargs):
--- a/plugins/lookup/gcp_storage_file.py
+++ b/plugins/lookup/gcp_storage_file.py
@@ -48,11 +48,16 @@ import base64
 import json
 import mimetypes
 import os
-import requests
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display

+try:
+    import requests
+    HAS_REQUESTS = True
+except ImportError:
+    HAS_REQUESTS = False
+
 try:
    from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import navigate_hash, GcpSession
    HAS_GOOGLE_CLOUD_COLLECTION = True
@@ -146,4 +151,6 @@ class LookupModule(LookupBase):
    def run(self, terms, variables=None, **kwargs):
        if not HAS_GOOGLE_CLOUD_COLLECTION:
            raise AnsibleError("community.general.gcp_storage_file needs a supported version of the google.cloud collection installed")
+        if not HAS_REQUESTS:
+            raise AnsibleError("community.general.gcp_storage_file needs requests installed. Use `pip install requests` to install it")
        return GcpFileLookup().run(terms, variables=variables, **kwargs)
--- a/plugins/lookup/hashi_vault.py
+++ b/plugins/lookup/hashi_vault.py
@@ -11,7 +11,7 @@ DOCUMENTATION = """
  author:
    - Jonathan Davila (!UNKNOWN) <jdavila(at)ansible.com>
    - Brian Scholer (@briantist)
-  short_description: Retrieve secrets from HashiCorp's vault
+  short_description: Retrieve secrets from HashiCorp's Vault
  requirements:
    - hvac (python library)
    - hvac 0.7.0+ (for namespace support)
@@ -19,7 +19,7 @@ DOCUMENTATION = """
    - botocore (only if inferring aws params from boto)
    - boto3 (only if using a boto profile)
  description:
-    - Retrieve secrets from HashiCorp's vault.
+    - Retrieve secrets from HashiCorp's Vault.
  notes:
    - Due to a current limitation in the HVAC library there won't necessarily be an error if a bad endpoint is specified.
    - As of community.general 0.2.0, only the latest version of a secret is returned when specifying a KV v2 path.
@@ -27,7 +27,7 @@ DOCUMENTATION = """
    - As of community.general 0.2.0, when C(secret) is the first option in the term string, C(secret=) is not required (see examples).
  options:
    secret:
-      description: query you are making.
+      description: Vault path to the secret being requested in the format C(path[:field]).
      required: True
    token:
      description:
@@ -55,7 +55,7 @@ DOCUMENTATION = """
      default: '.vault-token'
      version_added: '0.2.0'
    url:
-      description: URL to vault service.
+      description: URL to the Vault service.
      env:
        - name: VAULT_ADDR
      ini:
@@ -76,7 +76,7 @@ DOCUMENTATION = """
          key: role_id
          version_added: '0.2.0'
    secret_id:
-      description: Secret id for a vault AppRole auth.
+      description: Secret ID to be used for Vault AppRole authentication.
      env:
        - name: VAULT_SECRET_ID
    auth_method:
@@ -84,6 +84,7 @@ DOCUMENTATION = """
        - Authentication method to be used.
        - C(userpass) is added in Ansible 2.8.
        - C(aws_iam_login) is added in community.general 0.2.0.
+        - C(jwt) is added in community.general 1.3.0.
      env:
        - name: VAULT_AUTH_METHOD
      ini:
@@ -96,6 +97,7 @@ DOCUMENTATION = """
        - ldap
        - approle
        - aws_iam_login
+        - jwt
      default: token
    return_format:
      description:
@@ -111,16 +113,27 @@ DOCUMENTATION = """
      aliases: [ as ]
      version_added: '0.2.0'
    mount_point:
-      description: Vault mount point, only required if you have a custom mount point.
+      description: Vault mount point, only required if you have a custom mount point. Does not apply to token authentication.
+    jwt:
+      description: The JSON Web Token (JWT) to use for JWT authentication to Vault.
+      env:
+        - name: ANSIBLE_HASHI_VAULT_JWT
+      version_added: 1.3.0
    ca_cert:
      description: Path to certificate to use for authentication.
      aliases: [ cacert ]
    validate_certs:
-      description: Controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
+      description:
+        - Controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
+        - Will be populated with the inverse of C(VAULT_SKIP_VERIFY) if that is set and I(validate_certs) is not explicitly
+          provided (added in community.general 1.3.0).
+        - Will default to C(true) if neither I(validate_certs) or C(VAULT_SKIP_VERIFY) are set.
      type: boolean
-      default: True
    namespace:
-      description: Namespace where secrets reside. Requires HVAC 0.7.0+ and Vault 0.11+.
+      description:
+        - Vault namespace where secrets reside. This option requires HVAC 0.7.0+ and Vault 0.11+.
+        - Optionally, this may be achieved by prefixing the authentication mount point and/or secret path with the namespace
+          (e.g C(mynamespace/secret/mysecret)).
      env:
        - name: VAULT_NAMESPACE
          version_added: 1.2.0
@@ -183,7 +196,7 @@ EXAMPLES = """
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hello:value auth_method=userpass username=myuser password=psw url=http://myvault:8200') }}"

- name: Using an ssl vault
+- name: Connect to Vault using TLS
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hola:value token=c975b780-d1be-8016-866b-01d0f9b688a5 validate_certs=False') }}"

@@ -191,7 +204,7 @@ EXAMPLES = """
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret/hi:value token=xxxx url=https://myvault:8200 validate_certs=True cacert=/cacert/path/ca.pem') }}"

- name: authenticate with a Vault app role
+- name: Authenticate with a Vault app role
  ansible.builtin.debug:
    msg: "{{ lookup('community.general.hashi_vault', 'secret=secret/hello:value auth_method=approle role_id=myroleid secret_id=mysecretid') }}"

@@ -241,7 +254,13 @@ EXAMPLES = """

 - name: authenticate with aws_iam_login
  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='aws_iam_login' role_id='myroleid', profile=my_boto_profile) }}"
+    msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='aws_iam_login', role_id='myroleid', profile=my_boto_profile) }}"
+
+# The following examples work in collection releases after community.general 1.3.0
+
+- name: Authenticate with a JWT
+  ansible.builtin.debug:
+      msg: "{{ lookup('community.general.hashi_vault', 'secret/hello:value', auth_method='jwt', role_id='myroleid', jwt='myjwt', url='https://myvault:8200')}}"
 """

 RETURN = """
@@ -257,6 +276,7 @@ import os
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display
+from ansible.module_utils.parsing.convert_bool import boolean

 HAS_HVAC = False
 try:
@@ -424,6 +444,17 @@ class HashiVault:
            Display().warning("HVAC should be updated to version 0.9.3 or higher. Deprecated method 'auth_aws_iam' will be used.")
            self.client.auth_aws_iam(**params)

+    def auth_jwt(self):
+        params = self.get_options('role_id', 'jwt', 'mount_point')
+        params['role'] = params.pop('role_id')
+        if self.hvac_has_auth_methods and hasattr(self.client.auth, 'jwt') and hasattr(self.client.auth.jwt, 'jwt_login'):
+            response = self.client.auth.jwt.jwt_login(**params)
+            # must manually set the client token with JWT login
+            # see https://github.com/hvac/hvac/issues/644
+            self.client.token = response['auth']['client_token']
+        else:
+            raise AnsibleError("JWT authentication requires HVAC version 0.10.5 or higher.")
+
    # end auth implementation methods


@@ -486,8 +517,28 @@ class LookupModule(LookupBase):
        #
        '''' return a bool or cacert '''
        ca_cert = self.get_option('ca_cert')
+
        validate_certs = self.get_option('validate_certs')

+        if validate_certs is None:
+            # Validate certs option was not explicitly set
+
+            # Check if VAULT_SKIP_VERIFY is set
+            vault_skip_verify = os.environ.get('VAULT_SKIP_VERIFY')
+
+            if vault_skip_verify is not None:
+                # VAULT_SKIP_VERIFY is set
+                try:
+                    # Check that we have a boolean value
+                    vault_skip_verify = boolean(vault_skip_verify)
+                    # Use the inverse of VAULT_SKIP_VERIFY
+                    validate_certs = not vault_skip_verify
+                except TypeError:
+                    # Not a boolean value fallback to default value (True)
+                    validate_certs = True
+            else:
+                validate_certs = True
+
        if not (validate_certs and ca_cert):
            self.set_option('ca_cert', validate_certs)

@@ -506,7 +557,7 @@ class LookupModule(LookupBase):
    def auth_methods(self):
        # enforce and set the list of available auth methods
        # TODO: can this be read from the choices: field in documentation?
-        avail_auth_methods = ['token', 'approle', 'userpass', 'ldap', 'aws_iam_login']
+        avail_auth_methods = ['token', 'approle', 'userpass', 'ldap', 'aws_iam_login', 'jwt']
        self.set_option('avail_auth_methods', avail_auth_methods)
        auth_method = self.get_option('auth_method')

@@ -537,7 +588,7 @@ class LookupModule(LookupBase):
        self.validate_by_required_fields(auth_method, 'username', 'password')

    def validate_auth_approle(self, auth_method):
-        self.validate_by_required_fields(auth_method, 'role_id', 'secret_id')
+        self.validate_by_required_fields(auth_method, 'role_id')

    def validate_auth_token(self, auth_method):
        if auth_method == 'token':
@@ -593,4 +644,7 @@ class LookupModule(LookupBase):

        self.set_option('iam_login_credentials', params)

+    def validate_auth_jwt(self, auth_method):
+        self.validate_by_required_fields(auth_method, 'role_id', 'jwt')
+
    # end auth method validators
--- a/plugins/lookup/onepassword.py
+++ b/plugins/lookup/onepassword.py
@@ -187,8 +187,63 @@ class OnePass(object):
        return rc, out, err

    def _parse_field(self, data_json, field_name, section_title=None):
+        """
+        Retrieves the desired field from the `op` response payload
+
+        When the item is a `password` type, the password is a key within the `details` key:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "templateUuid": "005",
+          "details": {
+            "notesPlain": "",
+            "password": "foobar",
+            "passwordHistory": [],
+            "sections": [
+              {
+                "name": "linked items",
+                "title": "Related Items"
+              }
+            ]
+          },
+          [...]
+        }
+
+        However, when the item is a `login` type, the password is within a fields array:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "details": {
+            "fields": [
+              {
+                "designation": "username",
+                "name": "username",
+                "type": "T",
+                "value": "foo"
+              },
+              {
+                "designation": "password",
+                "name": "password",
+                "type": "P",
+                "value": "bar"
+              }
+            ],
+            [...]
+          },
+          [...]
+        """
        data = json.loads(data_json)
        if section_title is None:
+            # https://github.com/ansible-collections/community.general/pull/1610:
+            # check the details dictionary for `field_name` and return it immediately if it exists
+            # when the entry is a "password" instead of a "login" item, the password field is a key
+            # in the `details` dictionary:
+            if field_name in data['details']:
+                return data['details'][field_name]
+
+            # when the field is not found above, iterate through the fields list in the object details
            for field_data in data['details'].get('fields', []):
                if field_data.get('name', '').lower() == field_name.lower():
                    return field_data.get('value', '')
--- a/plugins/lookup/passwordstore.py
+++ b/plugins/lookup/passwordstore.py
@@ -32,6 +32,13 @@ DOCUMENTATION = '''
        description: Overwrite the password if it does already exist.
        type: bool
        default: 'no'
+      umask:
+        description:
+          - Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable).
+          - Note pass' default value is C('077').
+        env:
+          - name: PASSWORD_STORE_UMASK
+        version_added: 1.3.0
      returnall:
        description: Return all the content of the password, not only the first line.
        type: bool
@@ -175,17 +182,29 @@ class LookupModule(LookupBase):
                else:
                    raise AnsibleError("{0} is not a correct value for length".format(self.paramvals['length']))

+            # Collect pass environment variables from the plugin's parameters.
+            self.env = os.environ.copy()
+
            # Set PASSWORD_STORE_DIR if directory is set
            if self.paramvals['directory']:
                if os.path.isdir(self.paramvals['directory']):
-                    os.environ['PASSWORD_STORE_DIR'] = self.paramvals['directory']
+                    self.env['PASSWORD_STORE_DIR'] = self.paramvals['directory']
                else:
                    raise AnsibleError('Passwordstore directory \'{0}\' does not exist'.format(self.paramvals['directory']))

+            # Set PASSWORD_STORE_UMASK if umask is set
+            if 'umask' in self.paramvals:
+                if len(self.paramvals['umask']) != 3:
+                    raise AnsibleError('Passwordstore umask must have a length of 3.')
+                elif int(self.paramvals['umask'][0]) > 3:
+                    raise AnsibleError('Passwordstore umask not allowed (password not user readable).')
+                else:
+                    self.env['PASSWORD_STORE_UMASK'] = self.paramvals['umask']
+
    def check_pass(self):
        try:
            self.passoutput = to_text(
-                check_output2(["pass", self.passname]),
+                check_output2(["pass", "show", self.passname], env=self.env),
                errors='surrogate_or_strict'
            ).splitlines()
            self.password = self.passoutput[0]
@@ -195,7 +214,7 @@ class LookupModule(LookupBase):
                    name, value = line.split(':', 1)
                    self.passdict[name.strip()] = value.strip()
        except (subprocess.CalledProcessError) as e:
-            if e.returncode == 1 and 'not in the password store' in e.output:
+            if e.returncode != 0 and 'not in the password store' in e.output:
                # if pass returns 1 and return string contains 'is not in the password store.'
                # We need to determine if this is valid or Error.
                if not self.paramvals['create']:
@@ -228,7 +247,7 @@ class LookupModule(LookupBase):
        if self.paramvals['backup']:
            msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
        try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg)
+            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
        except (subprocess.CalledProcessError) as e:
            raise AnsibleError(e)
        return newpass
@@ -240,7 +259,7 @@ class LookupModule(LookupBase):
        datetime = time.strftime("%d/%m/%Y %H:%M:%S")
        msg = newpass + '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
        try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg)
+            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
        except (subprocess.CalledProcessError) as e:
            raise AnsibleError(e)
        return newpass
--- a/plugins/lookup/tss.py
+++ b/plugins/lookup/tss.py
@@ -75,7 +75,34 @@ EXAMPLES = r"""
  vars:
      secret: "{{ lookup('community.general.tss', 1) }}"
  tasks:
-      - ansible.builtin.debug: msg="the password is {{ (secret['items'] | items2dict(key_name='slug', value_name='itemValue'))['password'] }}"
+      - ansible.builtin.debug:
+          msg: >
+            the password is {{
+              (secret['items']
+                | items2dict(key_name='slug',
+                             value_name='itemValue'))['password']
+            }}
+
+- hosts: localhost
+  vars:
+      secret: >-
+        {{
+            lookup(
+                'community.general.tss',
+                102,
+                base_url='https://secretserver.domain.com/SecretServer/',
+                username='user.name',
+                password='password'
+            )
+        }}
+  tasks:
+      - ansible.builtin.debug:
+          msg: >
+            the password is {{
+              (secret['items']
+                | items2dict(key_name='slug',
+                             value_name='itemValue'))['password']
+            }}
 """

 from ansible.errors import AnsibleError, AnsibleOptionsError
--- a/plugins/module_utils/_mount.py
+++ b/plugins/module_utils/_mount.py
@@ -0,0 +1,90 @@
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is based on
+# Lib/posixpath.py of cpython
+# It is licensed under the PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+#
+# 1. This LICENSE AGREEMENT is between the Python Software Foundation
+# ("PSF"), and the Individual or Organization ("Licensee") accessing and
+# otherwise using this software ("Python") in source or binary form and
+# its associated documentation.
+#
+# 2. Subject to the terms and conditions of this License Agreement, PSF hereby
+# grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+# analyze, test, perform and/or display publicly, prepare derivative works,
+# distribute, and otherwise use Python alone or in any derivative version,
+# provided, however, that PSF's License Agreement and PSF's notice of copyright,
+# i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012, 2013, 2014, 2015 Python Software Foundation; All Rights Reserved"
+# are retained in Python alone or in any derivative version prepared by Licensee.
+#
+# 3. In the event Licensee prepares a derivative work that is based on
+# or incorporates Python or any part thereof, and wants to make
+# the derivative work available to others as provided herein, then
+# Licensee hereby agrees to include in any such work a brief summary of
+# the changes made to Python.
+#
+# 4. PSF is making Python available to Licensee on an "AS IS"
+# basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+# IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+# DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+# FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+# INFRINGE ANY THIRD PARTY RIGHTS.
+#
+# 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+# FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+# A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+# OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+#
+# 6. This License Agreement will automatically terminate upon a material
+# breach of its terms and conditions.
+#
+# 7. Nothing in this License Agreement shall be deemed to create any
+# relationship of agency, partnership, or joint venture between PSF and
+# Licensee.  This License Agreement does not grant permission to use PSF
+# trademarks or trade name in a trademark sense to endorse or promote
+# products or services of Licensee, or any third party.
+#
+# 8. By copying, installing or otherwise using Python, Licensee
+# agrees to be bound by the terms and conditions of this License
+# Agreement.
+
+import os
+
+
+def ismount(path):
+    """Test whether a path is a mount point
+    This is a copy of the upstream version of ismount(). Originally this was copied here as a workaround
+    until Python issue 2466 was fixed. Now it is here so this will work on older versions of Python
+    that may not have the upstream fix.
+    https://github.com/ansible/ansible-modules-core/issues/2186
+    http://bugs.python.org/issue2466
+    """
+    try:
+        s1 = os.lstat(path)
+    except (OSError, ValueError):
+        # It doesn't exist -- so not a mount point. :-)
+        return False
+    else:
+        # A symlink can never be a mount point
+        if os.path.stat.S_ISLNK(s1.st_mode):
+            return False
+
+    if isinstance(path, bytes):
+        parent = os.path.join(path, b'..')
+    else:
+        parent = os.path.join(path, '..')
+    parent = os.path.realpath(parent)
+    try:
+        s2 = os.lstat(parent)
+    except (OSError, ValueError):
+        return False
+
+    dev1 = s1.st_dev
+    dev2 = s2.st_dev
+    if dev1 != dev2:
+        return True     # path/.. on a different device as path
+    ino1 = s1.st_ino
+    ino2 = s2.st_ino
+    if ino1 == ino2:
+        return True     # path/.. is the same i-node as path
+    return False
--- a/plugins/module_utils/_netapp.py
+++ b/plugins/module_utils/_netapp.py
@@ -142,8 +142,8 @@ def aws_cvs_host_argument_spec():
    return dict(
        api_url=dict(required=True, type='str'),
        validate_certs=dict(required=False, type='bool', default=True),
-        api_key=dict(required=True, type='str'),
-        secret_key=dict(required=True, type='str')
+        api_key=dict(required=True, type='str', no_log=True),
+        secret_key=dict(required=True, type='str', no_log=True)
    )


--- a/plugins/module_utils/cloud.py
+++ b/plugins/module_utils/cloud.py
@@ -130,7 +130,7 @@ class CloudRetry(object):
                    try:
                        return f(*args, **kwargs)
                    except Exception as e:
-                        if isinstance(e, cls.base_class):
+                        if isinstance(e, cls.base_class):  # pylint: disable=isinstance-second-argument-not-valid-type
                            response_code = cls.status_code_from_exception(e)
                            if cls.found(response_code, catch_extra_error_codes):
                                msg = "{0}: Retrying in {1} seconds...".format(str(e), delay)
--- a/plugins/module_utils/docker/common.py
+++ b/plugins/module_utils/docker/common.py
@@ -636,6 +636,9 @@ class AnsibleDockerClient(Client):
        if len(images) == 1:
            try:
                inspection = self.inspect_image(images[0]['Id'])
+            except NotFound:
+                self.log("Image %s:%s not found." % (name, tag))
+                return None
            except Exception as exc:
                self.fail("Error inspecting image %s:%s - %s" % (name, tag, str(exc)))
            return inspection
@@ -643,7 +646,7 @@ class AnsibleDockerClient(Client):
        self.log("Image %s:%s not found." % (name, tag))
        return None

-    def find_image_by_id(self, image_id):
+    def find_image_by_id(self, image_id, accept_missing_image=False):
        '''
        Lookup an image (by ID) and return the inspection results.
        '''
@@ -653,6 +656,11 @@ class AnsibleDockerClient(Client):
        self.log("Find image %s (by ID)" % image_id)
        try:
            inspection = self.inspect_image(image_id)
+        except NotFound as exc:
+            if not accept_missing_image:
+                self.fail("Error inspecting image ID %s - %s" % (image_id, str(exc)))
+            self.log("Image %s not found." % image_id)
+            return None
        except Exception as exc:
            self.fail("Error inspecting image ID %s - %s" % (image_id, str(exc)))
        return inspection
--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@@ -55,10 +55,10 @@ def keycloak_argument_spec():
    :return: argument_spec dict
    """
    return dict(
-        auth_keycloak_url=dict(type='str', aliases=['url'], required=True),
+        auth_keycloak_url=dict(type='str', aliases=['url'], required=True, no_log=False),
        auth_client_id=dict(type='str', default='admin-cli'),
        auth_realm=dict(type='str', required=True),
-        auth_client_secret=dict(type='str', default=None),
+        auth_client_secret=dict(type='str', default=None, no_log=True),
        auth_username=dict(type='str', aliases=['username'], required=True),
        auth_password=dict(type='str', aliases=['password'], required=True, no_log=True),
        validate_certs=dict(type='bool', default=True)
@@ -75,6 +75,8 @@ class KeycloakError(Exception):

 def get_token(base_url, validate_certs, auth_realm, client_id,
              auth_username, auth_password, client_secret):
+    if not base_url.lower().startswith(('http', 'https')):
+        raise KeycloakError("auth_url '%s' should either start with 'http' or 'https'." % base_url)
    auth_url = URL_TOKEN.format(url=base_url, realm=auth_realm)
    temp_payload = {
        'grant_type': 'password',
--- a/plugins/module_utils/influxdb.py
+++ b/plugins/module_utils/influxdb.py
@@ -9,6 +9,7 @@ __metaclass__ = type
 import traceback

 from ansible.module_utils.basic import missing_required_lib
+from distutils.version import LooseVersion

 REQUESTS_IMP_ERR = None
 try:
@@ -69,7 +70,6 @@ class InfluxDb():
        args = dict(
            host=self.hostname,
            port=self.port,
-            path=self.path,
            username=self.username,
            password=self.password,
            database=self.database_name,
@@ -80,9 +80,13 @@ class InfluxDb():
            udp_port=self.params['udp_port'],
            proxies=self.params['proxies'],
        )
-        influxdb_api_version = tuple(influxdb_version.split("."))
-        if influxdb_api_version >= ('4', '1', '0'):
+        influxdb_api_version = LooseVersion(influxdb_version)
+        if influxdb_api_version >= LooseVersion('4.1.0'):
            # retries option is added in version 4.1.0
            args.update(retries=self.params['retries'])

+        if influxdb_api_version >= LooseVersion('5.1.0'):
+            # path argument is added in version 5.1.0
+            args.update(path=self.path)
+
        return InfluxDBClient(**args)
--- a/plugins/module_utils/module_helper.py
+++ b/plugins/module_utils/module_helper.py
@@ -0,0 +1,302 @@
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2018, Ansible Project
+# Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from functools import partial, wraps
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule
+
+
+class ArgFormat(object):
+    """
+    Argument formatter
+    """
+    BOOLEAN = 0
+    PRINTF = 1
+    FORMAT = 2
+
+    @staticmethod
+    def stars_deco(num):
+        if num == 1:
+            def deco(f):
+                return lambda v: f(*v)
+            return deco
+        elif num == 2:
+            def deco(f):
+                return lambda v: f(**v)
+            return deco
+
+        return lambda f: f
+
+    def __init__(self, name, fmt=None, style=FORMAT, stars=0):
+        """
+        Creates a new formatter
+        :param name: Name of the argument to be formatted
+        :param fmt: Either a str to be formatted (using or not printf-style) or a callable that does that
+        :param style: Whether arg_format (as str) should use printf-style formatting.
+                             Ignored if arg_format is None or not a str (should be callable).
+        :param stars: A int with 0, 1 or 2 value, indicating to formatting the value as: value, *value or **value
+        """
+        def printf_fmt(_fmt, v):
+            try:
+                return [_fmt % v]
+            except TypeError as e:
+                if e.args[0] != 'not all arguments converted during string formatting':
+                    raise
+                return [_fmt]
+
+        _fmts = {
+            ArgFormat.BOOLEAN: lambda _fmt, v: ([_fmt] if bool(v) else []),
+            ArgFormat.PRINTF: printf_fmt,
+            ArgFormat.FORMAT: lambda _fmt, v: [_fmt.format(v)],
+        }
+
+        self.name = name
+        self.stars = stars
+
+        if fmt is None:
+            fmt = "{0}"
+            style = ArgFormat.FORMAT
+
+        if isinstance(fmt, str):
+            func = _fmts[style]
+            self.arg_format = partial(func, fmt)
+        elif isinstance(fmt, list) or isinstance(fmt, tuple):
+            self.arg_format = lambda v: [_fmts[style](f, v)[0] for f in fmt]
+        elif hasattr(fmt, '__call__'):
+            self.arg_format = fmt
+        else:
+            raise TypeError('Parameter fmt must be either: a string, a list/tuple of '
+                            'strings or a function: type={0}, value={1}'.format(type(fmt), fmt))
+
+        if stars:
+            self.arg_format = (self.stars_deco(stars))(self.arg_format)
+
+    def to_text(self, value):
+        func = self.arg_format
+        return [str(p) for p in func(value)]
+
+
+def cause_changes(func, on_success=True, on_failure=False):
+    @wraps(func)
+    def wrapper(self, *args, **kwargs):
+        try:
+            func(*args, **kwargs)
+            if on_success:
+                self.changed = True
+        except Exception as e:
+            if on_failure:
+                self.changed = True
+            raise
+    return wrapper
+
+
+def module_fails_on_exception(func):
+    @wraps(func)
+    def wrapper(self, *args, **kwargs):
+        try:
+            func(self, *args, **kwargs)
+        except SystemExit:
+            raise
+        except Exception as e:
+            self.vars.msg = "Module failed with exception: {0}".format(str(e).strip())
+            self.vars.exception = traceback.format_exc()
+            self.module.fail_json(changed=False, msg=self.vars.msg, exception=self.vars.exception, output=self.output, vars=self.vars)
+    return wrapper
+
+
+class DependencyCtxMgr(object):
+    def __init__(self, name, msg=None):
+        self.name = name
+        self.msg = msg
+        self.has_it = False
+        self.exc_type = None
+        self.exc_val = None
+        self.exc_tb = None
+
+    def __enter__(self):
+        pass
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        self.has_it = exc_type is None
+        self.exc_type = exc_type
+        self.exc_val = exc_val
+        self.exc_tb = exc_tb
+        return not self.has_it
+
+    @property
+    def text(self):
+        return self.msg or str(self.exc_val)
+
+
+class ModuleHelper(object):
+    _dependencies = []
+    module = {}
+    facts_name = None
+
+    class AttrDict(dict):
+        def __getattr__(self, item):
+            return self[item]
+
+    def __init__(self, module=None):
+        self.vars = ModuleHelper.AttrDict()
+        self.output_dict = dict()
+        self.facts_dict = dict()
+        self._changed = False
+
+        if module:
+            self.module = module
+
+        if not isinstance(module, AnsibleModule):
+            self.module = AnsibleModule(**self.module)
+
+    def update_output(self, **kwargs):
+        if kwargs:
+            self.output_dict.update(kwargs)
+
+    def update_facts(self, **kwargs):
+        if kwargs:
+            self.facts_dict.update(kwargs)
+
+    def __init_module__(self):
+        pass
+
+    def __run__(self):
+        raise NotImplementedError()
+
+    @property
+    def changed(self):
+        return self._changed
+
+    @changed.setter
+    def changed(self, value):
+        self._changed = value
+
+    @property
+    def output(self):
+        result = dict(self.vars)
+        result.update(self.output_dict)
+        if self.facts_name:
+            result['ansible_facts'] = {self.facts_name: self.facts_dict}
+        return result
+
+    @module_fails_on_exception
+    def run(self):
+        self.fail_on_missing_deps()
+        self.__init_module__()
+        self.__run__()
+        self.module.exit_json(changed=self.changed, **self.output_dict)
+
+    @classmethod
+    def dependency(cls, name, msg):
+        cls._dependencies.append(DependencyCtxMgr(name, msg))
+        return cls._dependencies[-1]
+
+    def fail_on_missing_deps(self):
+        for d in self._dependencies:
+            if not d.has_it:
+                self.module.fail_json(changed=False,
+                                      exception=d.exc_val.__traceback__.format_exc(),
+                                      msg=d.text,
+                                      **self.output_dict)
+
+
+class StateMixin(object):
+    state_param = 'state'
+    default_state = None
+
+    def _state(self):
+        state = self.module.params.get(self.state_param)
+        return self.default_state if state is None else state
+
+    def __run__(self):
+        state = self._state()
+        self.vars.state = state
+
+        # resolve aliases
+        if state not in self.module.params:
+            aliased = [name for name, param in self.module.argument_spec.items() if state in param.get('aliases', [])]
+            if aliased:
+                state = aliased[0]
+                self.vars.effective_state = state
+
+        method = "state_{0}".format(state)
+        if not hasattr(self, method):
+            return self.__state_fallback__()
+        func = getattr(self, method)
+        return func()
+
+    def __state_fallback__(self):
+        raise ValueError("Cannot find method for state: {0}".format(self._state()))
+
+
+class CmdMixin(object):
+    """
+    Mixin for mapping module options to running a CLI command with its arguments.
+    """
+    command = None
+    command_args_formats = dict()
+    check_rc = False
+    force_lang = "C"
+
+    @property
+    def module_formats(self):
+        result = {}
+        for param in self.module.params.keys():
+            result[param] = ArgFormat(param)
+        return result
+
+    @property
+    def custom_formats(self):
+        result = {}
+        for param, fmt_spec in self.command_args_formats.items():
+            result[param] = ArgFormat(param, **fmt_spec)
+        return result
+
+    def _calculate_args(self, extra_params=None, params=None):
+        def add_arg_formatted_param(_cmd_args, arg_format, _value):
+            args = list(arg_format.to_text(_value))
+            return _cmd_args + args
+
+        def find_format(_param):
+            return self.custom_formats.get(_param, self.module_formats.get(_param))
+
+        extra_params = extra_params or dict()
+        cmd_args = [self.module.get_bin_path(self.command)]
+        param_list = params if params else self.module.params.keys()
+
+        for param in param_list:
+            if param in self.module.argument_spec:
+                if param not in self.module.params:
+                    continue
+                fmt = find_format(param)
+                value = self.module.params[param]
+            else:
+                if param not in extra_params:
+                    continue
+                fmt = find_format(param)
+                value = extra_params[param]
+            self.cmd_args = cmd_args
+            cmd_args = add_arg_formatted_param(cmd_args, fmt, value)
+
+        return cmd_args
+
+    def process_command_output(self, rc, out, err):
+        return rc, out, err
+
+    def run_command(self, extra_params=None, params=None, *args, **kwargs):
+        self.vars['cmd_args'] = self._calculate_args(extra_params, params)
+        env_update = kwargs.get('environ_update', {})
+        check_rc = kwargs.get('check_rc', self.check_rc)
+        if self.force_lang:
+            env_update.update({'LANGUAGE': self.force_lang})
+            self.update_output(force_lang=self.force_lang)
+        rc, out, err = self.module.run_command(self.vars['cmd_args'],
+                                               environ_update=env_update,
+                                               check_rc=check_rc, *args, **kwargs)
+        self.update_output(rc=rc, stdout=out, stderr=err)
+        return self.process_command_output(rc, out, err)
--- a/plugins/module_utils/net_tools/nios/api.py
+++ b/plugins/module_utils/net_tools/nios/api.py
@@ -144,7 +144,7 @@ def member_normalize(member_spec):
                       'pre_provisioning', 'network_setting', 'v6_network_setting',
                       'ha_port_setting', 'lan_port_setting', 'lan2_physical_setting',
                       'lan_ha_port_setting', 'mgmt_network_setting', 'v6_mgmt_network_setting']
-    for key in member_spec.keys():
+    for key in list(member_spec.keys()):
        if key in member_elements and member_spec[key] is not None:
            member_spec[key] = member_spec[key][0]
        if isinstance(member_spec[key], dict):
@@ -251,13 +251,10 @@ class WapiModule(WapiBase):
                else:
                    proposed_object[key] = self.module.params[key]

-        # If configure_by_dns is set to False, then delete the default dns set in the param else throw exception
+        # If configure_by_dns is set to False and view is 'default', then delete the default dns
        if not proposed_object.get('configure_for_dns') and proposed_object.get('view') == 'default'\
                and ib_obj_type == NIOS_HOST_RECORD:
            del proposed_object['view']
-        elif not proposed_object.get('configure_for_dns') and proposed_object.get('view') != 'default'\
-                and ib_obj_type == NIOS_HOST_RECORD:
-            self.module.fail_json(msg='DNS Bypass is not allowed if DNS view is set other than \'default\'')

        if ib_obj_ref:
            if len(ib_obj_ref) > 1:
@@ -455,6 +452,9 @@ class WapiModule(WapiBase):
                return False

            elif isinstance(proposed_item, list):
+                if key == 'aliases':
+                    if set(current_item) != set(proposed_item):
+                        return False
                for subitem in proposed_item:
                    if not self.issubset(subitem, current_item):
                        return False
@@ -490,12 +490,12 @@ class WapiModule(WapiBase):
                else:
                    test_obj_filter = dict([('name', old_name)])
                # get the object reference
-                ib_obj = self.get_object(ib_obj_type, test_obj_filter, return_fields=ib_spec.keys())
+                ib_obj = self.get_object(ib_obj_type, test_obj_filter, return_fields=list(ib_spec.keys()))
                if ib_obj:
                    obj_filter['name'] = new_name
                else:
                    test_obj_filter['name'] = new_name
-                    ib_obj = self.get_object(ib_obj_type, test_obj_filter, return_fields=ib_spec.keys())
+                    ib_obj = self.get_object(ib_obj_type, test_obj_filter, return_fields=list(ib_spec.keys()))
                update = True
                return ib_obj, update, new_name
            if (ib_obj_type == NIOS_HOST_RECORD):
@@ -529,7 +529,7 @@ class WapiModule(WapiBase):
            # check if test_obj_filter is empty copy passed obj_filter
            else:
                test_obj_filter = obj_filter
-            ib_obj = self.get_object(ib_obj_type, test_obj_filter.copy(), return_fields=ib_spec.keys())
+            ib_obj = self.get_object(ib_obj_type, test_obj_filter.copy(), return_fields=list(ib_spec.keys()))
        elif (ib_obj_type == NIOS_A_RECORD):
            # resolves issue where multiple a_records with same name and different IP address
            test_obj_filter = obj_filter
@@ -539,7 +539,7 @@ class WapiModule(WapiBase):
            except TypeError:
                ipaddr = obj_filter['ipv4addr']
            test_obj_filter['ipv4addr'] = ipaddr
-            ib_obj = self.get_object(ib_obj_type, test_obj_filter.copy(), return_fields=ib_spec.keys())
+            ib_obj = self.get_object(ib_obj_type, test_obj_filter.copy(), return_fields=list(ib_spec.keys()))
        elif (ib_obj_type == NIOS_TXT_RECORD):
            # resolves issue where multiple txt_records with same name and different text
            test_obj_filter = obj_filter
@@ -549,12 +549,12 @@ class WapiModule(WapiBase):
            except TypeError:
                txt = obj_filter['text']
            test_obj_filter['text'] = txt
-            ib_obj = self.get_object(ib_obj_type, test_obj_filter.copy(), return_fields=ib_spec.keys())
+            ib_obj = self.get_object(ib_obj_type, test_obj_filter.copy(), return_fields=list(ib_spec.keys()))
        elif (ib_obj_type == NIOS_ZONE):
            # del key 'restart_if_needed' as nios_zone get_object fails with the key present
            temp = ib_spec['restart_if_needed']
            del ib_spec['restart_if_needed']
-            ib_obj = self.get_object(ib_obj_type, obj_filter.copy(), return_fields=ib_spec.keys())
+            ib_obj = self.get_object(ib_obj_type, obj_filter.copy(), return_fields=list(ib_spec.keys()))
            # reinstate restart_if_needed if ib_obj is none, meaning there's no existing nios_zone ref
            if not ib_obj:
                ib_spec['restart_if_needed'] = temp
@@ -562,12 +562,12 @@ class WapiModule(WapiBase):
            # del key 'create_token' as nios_member get_object fails with the key present
            temp = ib_spec['create_token']
            del ib_spec['create_token']
-            ib_obj = self.get_object(ib_obj_type, obj_filter.copy(), return_fields=ib_spec.keys())
+            ib_obj = self.get_object(ib_obj_type, obj_filter.copy(), return_fields=list(ib_spec.keys()))
            if temp:
                # reinstate 'create_token' key
                ib_spec['create_token'] = temp
        else:
-            ib_obj = self.get_object(ib_obj_type, obj_filter.copy(), return_fields=ib_spec.keys())
+            ib_obj = self.get_object(ib_obj_type, obj_filter.copy(), return_fields=list(ib_spec.keys()))
        return ib_obj, update, new_name

    def on_update(self, proposed_object, ib_spec):
--- a/plugins/module_utils/oracle/oci_utils.py
+++ b/plugins/module_utils/oracle/oci_utils.py
@@ -104,7 +104,7 @@ def get_common_arg_spec(supports_create=False, supports_wait=False):

    if supports_create:
        common_args.update(
-            key_by=dict(type="list"),
+            key_by=dict(type="list", elements="str", no_log=False),
            force_create=dict(type="bool", default=False),
        )

--- a/plugins/module_utils/proxmox.py
+++ b/plugins/module_utils/proxmox.py
@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright: (c) 2020, Tristan Le Guern <tleguern at bouledef.eu>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import atexit
+import time
+import re
+import traceback
+
+PROXMOXER_IMP_ERR = None
+try:
+    from proxmoxer import ProxmoxAPI
+    HAS_PROXMOXER = True
+except ImportError:
+    HAS_PROXMOXER = False
+    PROXMOXER_IMP_ERR = traceback.format_exc()
+
+
+from ansible.module_utils.basic import env_fallback, missing_required_lib
+
+
+def proxmox_auth_argument_spec():
+    return dict(
+        api_host=dict(type='str',
+                      required=True,
+                      fallback=(env_fallback, ['PROXMOX_HOST'])
+                      ),
+        api_user=dict(type='str',
+                      required=True,
+                      fallback=(env_fallback, ['PROXMOX_USER'])
+                      ),
+        api_password=dict(type='str',
+                          no_log=True,
+                          fallback=(env_fallback, ['PROXMOX_PASSWORD'])
+                          ),
+        api_token_id=dict(type='str',
+                          no_log=False
+                          ),
+        api_token_secret=dict(type='str',
+                              no_log=True
+                              ),
+        validate_certs=dict(type='bool',
+                            default=False
+                            ),
+    )
+
+
+def proxmox_to_ansible_bool(value):
+    '''Convert Proxmox representation of a boolean to be ansible-friendly'''
+    return True if value == 1 else False
+
+
+class ProxmoxAnsible(object):
+    """Base class for Proxmox modules"""
+    def __init__(self, module):
+        self.module = module
+        self.proxmox_api = self._connect()
+        # Test token validity
+        try:
+            self.proxmox_api.version.get()
+        except Exception as e:
+            module.fail_json(msg='%s' % e, exception=traceback.format_exc())
+
+    def _connect(self):
+        api_host = self.module.params['api_host']
+        api_user = self.module.params['api_user']
+        api_password = self.module.params['api_password']
+        api_token_id = self.module.params['api_token_id']
+        api_token_secret = self.module.params['api_token_secret']
+        validate_certs = self.module.params['validate_certs']
+
+        auth_args = {'user': api_user}
+        if api_password:
+            auth_args['password'] = api_password
+        else:
+            auth_args['token_name'] = api_token_id
+            auth_args['token_value'] = api_token_secret
+
+        try:
+            return ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
+        except Exception as e:
+            self.module.fail_json(msg='%s' % e, exception=traceback.format_exc())
--- a/plugins/module_utils/redfish_utils.py
+++ b/plugins/module_utils/redfish_utils.py
@@ -469,7 +469,7 @@ class RedfishUtils(object):
        controller_results = []
        # Get these entries, but does not fail if not found
        properties = ['CacheSummary', 'FirmwareVersion', 'Identifiers',
-                      'Location', 'Manufacturer', 'Model', 'Name',
+                      'Location', 'Manufacturer', 'Model', 'Name', 'Id',
                      'PartNumber', 'SerialNumber', 'SpeedGbps', 'Status']
        key = "StorageControllers"

@@ -1700,7 +1700,7 @@ class RedfishUtils(object):
        chassis_results = []

        # Get these entries, but does not fail if not found
-        properties = ['ChassisType', 'PartNumber', 'AssetTag',
+        properties = ['Name', 'Id', 'ChassisType', 'PartNumber', 'AssetTag',
                      'Manufacturer', 'IndicatorLED', 'SerialNumber', 'Model']

        # Go through list
@@ -1724,7 +1724,7 @@ class RedfishUtils(object):
        fan_results = []
        key = "Thermal"
        # Get these entries, but does not fail if not found
-        properties = ['FanName', 'Reading', 'ReadingUnits', 'Status']
+        properties = ['Name', 'FanName', 'Reading', 'ReadingUnits', 'Status']

        # Go through list
        for chassis_uri in self.chassis_uris:
@@ -1836,8 +1836,8 @@ class RedfishUtils(object):
        cpu_results = []
        key = "Processors"
        # Get these entries, but does not fail if not found
-        properties = ['Id', 'Manufacturer', 'Model', 'MaxSpeedMHz', 'TotalCores',
-                      'TotalThreads', 'Status']
+        properties = ['Id', 'Name', 'Manufacturer', 'Model', 'MaxSpeedMHz',
+                      'TotalCores', 'TotalThreads', 'Status']

        # Search for 'key' entry and extract URI from it
        response = self.get_request(self.root_uri + systems_uri)
@@ -1886,7 +1886,7 @@ class RedfishUtils(object):
        memory_results = []
        key = "Memory"
        # Get these entries, but does not fail if not found
-        properties = ['SerialNumber', 'MemoryDeviceType', 'PartNuber',
+        properties = ['Id', 'SerialNumber', 'MemoryDeviceType', 'PartNumber',
                      'MemoryLocation', 'RankCount', 'CapacityMiB', 'OperatingMemoryModes', 'Status', 'Manufacturer', 'Name']

        # Search for 'key' entry and extract URI from it
@@ -1943,7 +1943,7 @@ class RedfishUtils(object):
        nic_results = []
        key = "EthernetInterfaces"
        # Get these entries, but does not fail if not found
-        properties = ['Description', 'FQDN', 'IPv4Addresses', 'IPv6Addresses',
+        properties = ['Name', 'Id', 'Description', 'FQDN', 'IPv4Addresses', 'IPv6Addresses',
                      'NameServers', 'MACAddress', 'PermanentMACAddress',
                      'SpeedMbps', 'MTUSize', 'AutoNeg', 'Status']

@@ -2368,7 +2368,7 @@ class RedfishUtils(object):
        properties = ['Status', 'HostName', 'PowerState', 'Model', 'Manufacturer',
                      'PartNumber', 'SystemType', 'AssetTag', 'ServiceTag',
                      'SerialNumber', 'SKU', 'BiosVersion', 'MemorySummary',
-                      'ProcessorSummary', 'TrustedModules']
+                      'ProcessorSummary', 'TrustedModules', 'Name', 'Id']

        response = self.get_request(self.root_uri + systems_uri)
        if response['ret'] is False:
--- a/plugins/module_utils/scaleway.py
+++ b/plugins/module_utils/scaleway.py
@@ -169,8 +169,14 @@ SCALEWAY_LOCATION = {
    'par1': {'name': 'Paris 1', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-1'},
    'EMEA-FR-PAR1': {'name': 'Paris 1', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-1'},

+    'par2': {'name': 'Paris 2', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-2'},
+    'EMEA-FR-PAR2': {'name': 'Paris 2', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-2'},
+
    'ams1': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'},
-    'EMEA-NL-EVS': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'}
+    'EMEA-NL-EVS': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'},
+
+    'waw1': {'name': 'Warsaw 1', 'country': 'PL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/pl-waw-1'},
+    'EMEA-PL-WAW1': {'name': 'Warsaw 1', 'country': 'PL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/pl-waw-1'},
 }

 SCALEWAY_ENDPOINT = "https://api.scaleway.com"
@@ -178,9 +184,12 @@ SCALEWAY_ENDPOINT = "https://api.scaleway.com"
 SCALEWAY_REGIONS = [
    "fr-par",
    "nl-ams",
+    "pl-waw",
 ]

 SCALEWAY_ZONES = [
    "fr-par-1",
+    "fr-par-2",
    "nl-ams-1",
+    "pl-waw-1",
 ]
--- a/plugins/module_utils/utm_utils.py
+++ b/plugins/module_utils/utm_utils.py
@@ -84,7 +84,7 @@ class UTM:
            raise UTMModuleConfigurationError(
                "The keys " + to_native(
                    self.change_relevant_keys) + " to check are not in the modules keys:\n" + to_native(
-                    module.params.keys()))
+                    list(module.params.keys())))

    def execute(self):
        try:
--- a/plugins/modules/cloud/atomic/atomic_container.py
+++ b/plugins/modules/cloud/atomic/atomic_container.py
@@ -45,14 +45,12 @@ options:
    state:
        description:
          - State of the container.
-        required: True
        choices: ["absent", "latest", "present", "rollback"]
        default: "latest"
        type: str
    mode:
        description:
          - Define if it is an user or a system container.
-        required: True
        choices: ["user", "system"]
        type: str
    values:
--- a/plugins/modules/cloud/centurylink/clc_aa_policy.py
+++ b/plugins/modules/cloud/centurylink/clc_aa_policy.py
@@ -16,14 +16,17 @@ options:
  name:
    description:
      - The name of the Anti Affinity Policy.
+    type: str
    required: True
  location:
    description:
      - Datacenter in which the policy lives/should live.
+    type: str
    required: True
  state:
    description:
      - Whether to create or delete the policy.
+    type: str
    required: False
    default: present
    choices: ['present','absent']
@@ -68,7 +71,6 @@ EXAMPLES = '''
      ansible.builtin.debug:
        var: policy

---
 - name: Delete AA Policy
  hosts: localhost
  gather_facts: False
--- a/plugins/modules/cloud/centurylink/clc_alert_policy.py
+++ b/plugins/modules/cloud/centurylink/clc_alert_policy.py
@@ -17,34 +17,43 @@ options:
  alias:
    description:
      - The alias of your CLC Account
+    type: str
    required: True
  name:
    description:
      - The name of the alert policy. This is mutually exclusive with id
+    type: str
  id:
    description:
      - The alert policy id. This is mutually exclusive with name
+    type: str
  alert_recipients:
    description:
      - A list of recipient email ids to notify the alert.
        This is required for state 'present'
+    type: list
+    elements: str
  metric:
    description:
      - The metric on which to measure the condition that will trigger the alert.
        This is required for state 'present'
+    type: str
    choices: ['cpu','memory','disk']
  duration:
    description:
      - The length of time in minutes that the condition must exceed the threshold.
        This is required for state 'present'
+    type: str
  threshold:
    description:
      - The threshold that will trigger the alert when the metric equals or exceeds it.
        This is required for state 'present'
        This number represents a percentage and must be a value between 5.0 - 95.0 that is a multiple of 5.0
+    type: int
  state:
    description:
      - Whether to create or delete the policy.
+    type: str
    default: present
    choices: ['present','absent']
 requirements:
@@ -89,7 +98,6 @@ EXAMPLES = '''
    - name: Debug
      ansible.builtin.debug: var=policy

---
 - name: Delete Alert Policy Example
  hosts: localhost
  gather_facts: False
@@ -210,18 +218,18 @@ class ClcAlertPolicy:
        :return: argument spec dictionary
        """
        argument_spec = dict(
-            name=dict(default=None),
-            id=dict(default=None),
-            alias=dict(required=True, default=None),
-            alert_recipients=dict(type='list', default=None),
+            name=dict(),
+            id=dict(),
+            alias=dict(required=True),
+            alert_recipients=dict(type='list', elements='str'),
            metric=dict(
                choices=[
                    'cpu',
                    'memory',
                    'disk'],
                default=None),
-            duration=dict(type='str', default=None),
-            threshold=dict(type='int', default=None),
+            duration=dict(type='str'),
+            threshold=dict(type='int'),
            state=dict(default='present', choices=['present', 'absent'])
        )
        mutually_exclusive = [
--- a/plugins/modules/cloud/centurylink/clc_blueprint_package.py
+++ b/plugins/modules/cloud/centurylink/clc_blueprint_package.py
@@ -16,26 +16,31 @@ options:
  server_ids:
    description:
      - A list of server Ids to deploy the blue print package.
+    type: list
    required: True
+    elements: str
  package_id:
    description:
      - The package id of the blue print.
+    type: str
    required: True
  package_params:
    description:
      - The dictionary of arguments required to deploy the blue print.
+    type: dict
    default: {}
    required: False
  state:
    description:
      - Whether to install or uninstall the package. Currently it supports only "present" for install action.
+    type: str
    required: False
    default: present
    choices: ['present']
  wait:
    description:
      - Whether to wait for the tasks to finish before returning.
-    type: bool
+    type: str
    default: True
    required: False
 requirements:
@@ -160,10 +165,10 @@ class ClcBlueprintPackage:
        :return: the package dictionary object
        """
        argument_spec = dict(
-            server_ids=dict(type='list', required=True),
+            server_ids=dict(type='list', elements='str', required=True),
            package_id=dict(required=True),
            package_params=dict(type='dict', default={}),
-            wait=dict(default=True),
+            wait=dict(default=True),   # @FIXME should be bool?
            state=dict(default='present', choices=['present'])
        )
        return argument_spec
--- a/plugins/modules/cloud/centurylink/clc_firewall_policy.py
+++ b/plugins/modules/cloud/centurylink/clc_firewall_policy.py
@@ -16,45 +16,57 @@ options:
  location:
    description:
      - Target datacenter for the firewall policy
+    type: str
    required: True
  state:
    description:
      - Whether to create or delete the firewall policy
+    type: str
    default: present
    choices: ['present', 'absent']
  source:
    description:
      - The list  of source addresses for traffic on the originating firewall.
        This is required when state is 'present'
+    type: list
+    elements: str
  destination:
    description:
      - The list of destination addresses for traffic on the terminating firewall.
        This is required when state is 'present'
+    type: list
+    elements: str
  ports:
    description:
      - The list of ports associated with the policy.
        TCP and UDP can take in single ports or port ranges.
-    choices: ['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456']
+      - "Example: C(['any', 'icmp', 'TCP/123', 'UDP/123', 'TCP/123-456', 'UDP/123-456'])."
+    type: list
+    elements: str
  firewall_policy_id:
    description:
      - Id of the firewall policy. This is required to update or delete an existing firewall policy
+    type: str
  source_account_alias:
    description:
      - CLC alias for the source account
+    type: str
    required: True
  destination_account_alias:
    description:
      - CLC alias for the destination account
+    type: str
  wait:
    description:
      - Whether to wait for the provisioning tasks to finish before returning.
-    type: bool
-    default: 'yes'
+    type: str
+    default: 'True'
  enabled:
    description:
      - Whether the firewall policy is enabled or disabled
+    type: str
    choices: [True, False]
-    default: 'yes'
+    default: True
 requirements:
    - python = 2.7
    - requests >= 2.5.0
@@ -89,7 +101,6 @@ EXAMPLES = '''
        ports: Any
        destination_account_alias: WFAD

---
 - name: Delete Firewall Policy
  hosts: localhost
  gather_facts: False
@@ -206,13 +217,13 @@ class ClcFirewallPolicy:
        """
        argument_spec = dict(
            location=dict(required=True),
-            source_account_alias=dict(required=True, default=None),
-            destination_account_alias=dict(default=None),
-            firewall_policy_id=dict(default=None),
-            ports=dict(default=None, type='list'),
-            source=dict(default=None, type='list'),
-            destination=dict(default=None, type='list'),
-            wait=dict(default=True),
+            source_account_alias=dict(required=True),
+            destination_account_alias=dict(),
+            firewall_policy_id=dict(),
+            ports=dict(type='list', elements='str'),
+            source=dict(type='list', elements='str'),
+            destination=dict(type='list', elements='str'),
+            wait=dict(default=True),   # @FIXME type=bool
            state=dict(default='present', choices=['present', 'absent']),
            enabled=dict(default=True, choices=[True, False])
        )
--- a/plugins/modules/cloud/centurylink/clc_group.py
+++ b/plugins/modules/cloud/centurylink/clc_group.py
@@ -17,23 +17,28 @@ options:
  name:
    description:
      - The name of the Server Group
+    type: str
    required: True
  description:
    description:
      - A description of the Server Group
+    type: str
    required: False
  parent:
    description:
      - The parent group of the server group. If parent is not provided, it creates the group at top level.
+    type: str
    required: False
  location:
    description:
      - Datacenter to create the group in. If location is not provided, the group gets created in the default datacenter
        associated with the account
+    type: str
    required: False
  state:
    description:
      - Whether to create or delete the group
+    type: str
    default: present
    choices: ['present', 'absent']
  wait:
@@ -81,8 +86,6 @@ EXAMPLES = '''
        var: clc

 # Delete a Server Group
-
---
 - name: Delete Server Group
  hosts: localhost
  gather_facts: False
--- a/plugins/modules/cloud/centurylink/clc_loadbalancer.py
+++ b/plugins/modules/cloud/centurylink/clc_loadbalancer.py
@@ -17,42 +17,53 @@ options:
  name:
    description:
      - The name of the loadbalancer
+    type: str
    required: True
  description:
    description:
      - A description for the loadbalancer
+    type: str
  alias:
    description:
      - The alias of your CLC Account
+    type: str
    required: True
  location:
    description:
      - The location of the datacenter where the load balancer resides in
+    type: str
    required: True
  method:
    description:
      -The balancing method for the load balancer pool
+    type: str
    choices: ['leastConnection', 'roundRobin']
  persistence:
    description:
      - The persistence method for the load balancer
+    type: str
    choices: ['standard', 'sticky']
  port:
    description:
      - Port to configure on the public-facing side of the load balancer pool
+    type: str
    choices: [80, 443]
  nodes:
    description:
      - A list of nodes that needs to be added to the load balancer pool
+    type: list
    default: []
+    elements: dict
  status:
    description:
      - The status of the loadbalancer
+    type: str
    default: enabled
    choices: ['enabled', 'disabled']
  state:
    description:
      - Whether to create or delete the load balancer pool
+    type: str
    default: present
    choices: ['present', 'absent', 'port_absent', 'nodes_present', 'nodes_absent']
 requirements:
@@ -859,7 +870,7 @@ class ClcLoadBalancer:
            port=dict(choices=[80, 443]),
            method=dict(choices=['leastConnection', 'roundRobin']),
            persistence=dict(choices=['standard', 'sticky']),
-            nodes=dict(type='list', default=[]),
+            nodes=dict(type='list', default=[], elements='dict'),
            status=dict(default='enabled', choices=['enabled', 'disabled']),
            state=dict(
                default='present',
--- a/plugins/modules/cloud/centurylink/clc_modify_server.py
+++ b/plugins/modules/cloud/centurylink/clc_modify_server.py
@@ -16,32 +16,41 @@ options:
  server_ids:
    description:
      - A list of server Ids to modify.
+    type: list
    required: True
+    elements: str
  cpu:
    description:
      - How many CPUs to update on the server
+    type: str
  memory:
    description:
      - Memory (in GB) to set to the server.
+    type: str
  anti_affinity_policy_id:
    description:
      - The anti affinity policy id to be set for a hyper scale server.
        This is mutually exclusive with 'anti_affinity_policy_name'
+    type: str
  anti_affinity_policy_name:
    description:
      - The anti affinity policy name to be set for a hyper scale server.
        This is mutually exclusive with 'anti_affinity_policy_id'
+    type: str
  alert_policy_id:
    description:
      - The alert policy id to be associated to the server.
        This is mutually exclusive with 'alert_policy_name'
+    type: str
  alert_policy_name:
    description:
      - The alert policy name to be associated to the server.
        This is mutually exclusive with 'alert_policy_id'
+    type: str
  state:
    description:
      - The state to insure that the provided resources are in.
+    type: str
    default: 'present'
    choices: ['present', 'absent']
  wait:
@@ -388,7 +397,7 @@ class ClcModifyServer:
        :return: argument spec dictionary
        """
        argument_spec = dict(
-            server_ids=dict(type='list', required=True),
+            server_ids=dict(type='list', required=True, elements='str'),
            state=dict(default='present', choices=['present', 'absent']),
            cpu=dict(),
            memory=dict(),
--- a/plugins/modules/cloud/centurylink/clc_publicip.py
+++ b/plugins/modules/cloud/centurylink/clc_publicip.py
@@ -16,19 +16,25 @@ options:
  protocol:
    description:
      - The protocol that the public IP will listen for.
+    type: str
    default: TCP
    choices: ['TCP', 'UDP', 'ICMP']
  ports:
    description:
      - A list of ports to expose. This is required when state is 'present'
+    type: list
+    elements: int
  server_ids:
    description:
      - A list of servers to create public ips on.
+    type: list
    required: True
+    elements: str
  state:
    description:
      - Determine whether to create or delete public IPs. If present module will not create a second public ip if one
        already exists.
+    type: str
    default: present
    choices: ['present', 'absent']
  wait:
@@ -189,9 +195,9 @@ class ClcPublicIp(object):
        :return: argument spec dictionary
        """
        argument_spec = dict(
-            server_ids=dict(type='list', required=True),
+            server_ids=dict(type='list', required=True, elements='str'),
            protocol=dict(default='TCP', choices=['TCP', 'UDP', 'ICMP']),
-            ports=dict(type='list'),
+            ports=dict(type='list', elements='int'),
            wait=dict(type='bool', default=True),
            state=dict(default='present', choices=['present', 'absent']),
        )
--- a/plugins/modules/cloud/centurylink/clc_server.py
+++ b/plugins/modules/cloud/centurylink/clc_server.py
@@ -16,6 +16,8 @@ options:
  additional_disks:
    description:
      - The list of additional disks for the server
+    type: list
+    elements: dict
    default: []
  add_public_ip:
    description:
@@ -25,53 +27,69 @@ options:
  alias:
    description:
      - The account alias to provision the servers under.
+    type: str
  anti_affinity_policy_id:
    description:
      - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_name'.
+    type: str
  anti_affinity_policy_name:
    description:
      - The anti-affinity policy to assign to the server. This is mutually exclusive with 'anti_affinity_policy_id'.
+    type: str
  alert_policy_id:
    description:
      - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_name'.
+    type: str
  alert_policy_name:
    description:
      - The alert policy to assign to the server. This is mutually exclusive with 'alert_policy_id'.
+    type: str
  count:
    description:
      - The number of servers to build (mutually exclusive with exact_count)
    default: 1
+    type: int
  count_group:
    description:
      - Required when exact_count is specified.  The Server Group use to determine how many servers to deploy.
+    type: str
  cpu:
    description:
      - How many CPUs to provision on the server
    default: 1
+    type: int
  cpu_autoscale_policy_id:
    description:
      - The autoscale policy to assign to the server.
+    type: str
  custom_fields:
    description:
      - The list of custom fields to set on the server.
+    type: list
    default: []
+    elements: dict
  description:
    description:
      - The description to set for the server.
+    type: str
  exact_count:
    description:
      - Run in idempotent mode.  Will insure that this exact number of servers are running in the provided group,
        creating and deleting them to reach that count.  Requires count_group to be set.
+    type: int
  group:
    description:
      - The Server Group to create servers under.
+    type: str
    default: 'Default Group'
  ip_address:
    description:
      - The IP Address for the server. One is assigned if not provided.
+    type: str
  location:
    description:
      - The Datacenter to create servers in.
+    type: str
  managed_os:
    description:
      - Whether to create the server as 'Managed' or not.
@@ -81,73 +99,94 @@ options:
  memory:
    description:
      - Memory in GB.
+    type: int
    default: 1
  name:
    description:
      - A 1 to 6 character identifier to use for the server. This is required when state is 'present'
+    type: str
  network_id:
    description:
      - The network UUID on which to create servers.
+    type: str
  packages:
    description:
      - The list of blue print packages to run on the server after its created.
+    type: list
+    elements: dict
    default: []
  password:
    description:
      - Password for the administrator / root user
+    type: str
  primary_dns:
    description:
      - Primary DNS used by the server.
+    type: str
  public_ip_protocol:
    description:
      - The protocol to use for the public ip if add_public_ip is set to True.
+    type: str
    default: 'TCP'
    choices: ['TCP', 'UDP', 'ICMP']
  public_ip_ports:
    description:
      - A list of ports to allow on the firewall to the servers public ip, if add_public_ip is set to True.
+    type: list
+    elements: dict
    default: []
  secondary_dns:
    description:
      - Secondary DNS used by the server.
+    type: str
  server_ids:
    description:
      - Required for started, stopped, and absent states.
        A list of server Ids to insure are started, stopped, or absent.
+    type: list
    default: []
+    elements: str
  source_server_password:
    description:
      - The password for the source server if a clone is specified.
+    type: str
  state:
    description:
      - The state to insure that the provided resources are in.
+    type: str
    default: 'present'
    choices: ['present', 'absent', 'started', 'stopped']
  storage_type:
    description:
      - The type of storage to attach to the server.
+    type: str
    default: 'standard'
    choices: ['standard', 'hyperscale']
  template:
    description:
      - The template to use for server creation.  Will search for a template if a partial string is provided.
        This is required when state is 'present'
+    type: str
  ttl:
    description:
      - The time to live for the server in seconds.  The server will be deleted when this time expires.
+    type: str
  type:
    description:
      - The type of server to create.
+    type: str
    default: 'standard'
    choices: ['standard', 'hyperscale', 'bareMetal']
  configuration_id:
    description:
      -  Only required for bare metal servers.
         Specifies the identifier for the specific configuration type of bare metal server to deploy.
+    type: str
  os_type:
    description:
      - Only required for bare metal servers.
        Specifies the OS to provision with the bare metal server.
+    type: str
    choices: ['redHat6_64Bit', 'centOS6_64Bit', 'windows2012R2Standard_64Bit', 'ubuntu14_64Bit']
  wait:
    description:
@@ -541,8 +580,8 @@ class ClcServer:
            type=dict(default='standard', choices=['standard', 'hyperscale', 'bareMetal']),
            primary_dns=dict(default=None),
            secondary_dns=dict(default=None),
-            additional_disks=dict(type='list', default=[]),
-            custom_fields=dict(type='list', default=[]),
+            additional_disks=dict(type='list', default=[], elements='dict'),
+            custom_fields=dict(type='list', default=[], elements='dict'),
            ttl=dict(default=None),
            managed_os=dict(type='bool', default=False),
            description=dict(default=None),
@@ -552,7 +591,7 @@ class ClcServer:
            anti_affinity_policy_name=dict(default=None),
            alert_policy_id=dict(default=None),
            alert_policy_name=dict(default=None),
-            packages=dict(type='list', default=[]),
+            packages=dict(type='list', default=[], elements='dict'),
            state=dict(
                default='present',
                choices=[
@@ -563,7 +602,7 @@ class ClcServer:
            count=dict(type='int', default=1),
            exact_count=dict(type='int', default=None),
            count_group=dict(),
-            server_ids=dict(type='list', default=[]),
+            server_ids=dict(type='list', default=[], elements='str'),
            add_public_ip=dict(type='bool', default=False),
            public_ip_protocol=dict(
                default='TCP',
@@ -571,7 +610,7 @@ class ClcServer:
                    'TCP',
                    'UDP',
                    'ICMP']),
-            public_ip_ports=dict(type='list', default=[]),
+            public_ip_ports=dict(type='list', default=[], elements='dict'),
            configuration_id=dict(default=None),
            os_type=dict(default=None,
                         choices=[
--- a/plugins/modules/cloud/centurylink/clc_server_snapshot.py
+++ b/plugins/modules/cloud/centurylink/clc_server_snapshot.py
@@ -16,15 +16,19 @@ options:
  server_ids:
    description:
      - The list of CLC server Ids.
+    type: list
    required: True
+    elements: str
  expiration_days:
    description:
      - The number of days to keep the server snapshot before it expires.
+    type: int
    default: 7
    required: False
  state:
    description:
      - The state to insure that the provided resources are in.
+    type: str
    default: 'present'
    required: False
    choices: ['present', 'absent', 'restore']
@@ -33,7 +37,7 @@ options:
      - Whether to wait for the provisioning tasks to finish before returning.
    default: True
    required: False
-    type: bool
+    type: str
 requirements:
    - python = 2.7
    - requests >= 2.5.0
@@ -327,7 +331,7 @@ class ClcSnapshot:
        :return: the package dictionary object
        """
        argument_spec = dict(
-            server_ids=dict(type='list', required=True),
+            server_ids=dict(type='list', required=True, elements='str'),
            expiration_days=dict(default=7, type='int'),
            wait=dict(default=True),
            state=dict(
--- a/plugins/modules/cloud/dimensiondata/dimensiondata_network.py
+++ b/plugins/modules/cloud/dimensiondata/dimensiondata_network.py
@@ -29,21 +29,25 @@ options:
    description:
      - The name of the network domain to create.
    required: true
+    type: str
  description:
    description:
      - Additional description of the network domain.
    required: false
+    type: str
  service_plan:
    description:
      - The service plan, either "ESSENTIALS" or "ADVANCED".
      - MCP 2.0 Only.
    choices: [ESSENTIALS, ADVANCED]
    default: ESSENTIALS
+    type: str
  state:
    description:
      - Should the resource be present or absent.
    choices: [present, absent]
    default: present
+    type: str
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/dimensiondata/dimensiondata_vlan.py
+++ b/plugins/modules/cloud/dimensiondata/dimensiondata_vlan.py
@@ -38,27 +38,33 @@ options:
  name:
    description:
      - The name of the target VLAN.
-      - Required if C(state) is C(present).
+    type: str
+    required: true
  description:
    description:
      - A description of the VLAN.
+    type: str
  network_domain:
    description:
      - The Id or name of the target network domain.
    required: true
+    type: str
  private_ipv4_base_address:
    description:
        - The base address for the VLAN's IPv4 network (e.g. 192.168.1.0).
+    type: str
  private_ipv4_prefix_size:
    description:
        - The size of the IPv4 address space, e.g 24.
        - Required, if C(private_ipv4_base_address) is specified.
+    type: int
  state:
    description:
      - The desired state for the target VLAN.
      - C(readonly) ensures that the state is only ever read, not modified (the module will fail if the resource does not exist).
    choices: [present, absent, readonly]
    default: present
+    type: str
  allow_expand:
    description:
      - Permit expansion of the target VLAN's network if the module parameters specify a larger network than the VLAN currently possesses.
--- a/plugins/modules/cloud/docker/docker_container.py
+++ b/plugins/modules/cloud/docker/docker_container.py
@@ -212,6 +212,40 @@ options:
        - "Must be a positive integer."
        type: int
        required: yes
+  device_requests:
+    description:
+      - Allows to request additional resources, such as GPUs.
+    type: list
+    elements: dict
+    suboptions:
+      capabilities:
+        description:
+          - List of lists of strings to request capabilities.
+          - The top-level list entries are combined by OR, and for every list entry,
+            the entries in the list it contains are combined by AND.
+          - The driver tries to satisfy one of the sub-lists.
+          - Available capabilities for the C(nvidia) driver can be found at
+            U(https://github.com/NVIDIA/nvidia-container-runtime).
+        type: list
+        elements: list
+      count:
+        description:
+          - Number or devices to request.
+          - Set to C(-1) to request all available devices.
+        type: int
+      device_ids:
+        description:
+          - List of device IDs.
+        type: list
+        elements: str
+      driver:
+        description:
+          - Which driver to use for this device.
+        type: str
+      options:
+        description:
+          - Driver-specific options.
+        type: dict
  dns_opts:
    description:
      - List of DNS options.
@@ -1047,6 +1081,26 @@ EXAMPLES = '''
      # Limit read rate for /dev/sdb to 300 IO per second
      - path: /dev/sdb
        rate: 300
+
+- name: Start container with GPUs
+  community.general.docker_container:
+    name: test
+    image: ubuntu:18.04
+    state: started
+    device_requests:
+      - # Add some specific devices to this container
+        device_ids:
+          - '0'
+          - 'GPU-3a23c669-1f69-c64e-cf85-44e9b07e7a2a'
+      - # Add nVidia GPUs to this container
+        driver: nvidia
+        count: -1  # this means we want all
+        capabilities:
+          # We have one OR condition: 'gpu' AND 'utility'
+          - - gpu
+            - utility
+          # See https://github.com/NVIDIA/nvidia-container-runtime#supported-driver-capabilities
+          # for a list of capabilities supported by the nvidia driver
 '''

 RETURN = '''
@@ -1230,6 +1284,7 @@ class TaskParameters(DockerBaseClass):
        self.device_write_bps = None
        self.device_read_iops = None
        self.device_write_iops = None
+        self.device_requests = None
        self.dns_servers = None
        self.dns_opts = None
        self.dns_search_domains = None
@@ -1391,6 +1446,21 @@ class TaskParameters(DockerBaseClass):
            if client.module.params.get(param_name):
                self._process_rate_iops(option=param_name)

+        if self.device_requests:
+            for dr_index, dr in enumerate(self.device_requests):
+                # Make sure that capabilities are lists of lists of strings
+                if dr['capabilities']:
+                    for or_index, or_list in enumerate(dr['capabilities']):
+                        for and_index, and_term in enumerate(or_list):
+                            if not isinstance(and_term, string_types):
+                                self.fail(
+                                    "device_requests[{0}].capabilities[{1}][{2}] is not a string".format(
+                                        dr_index, or_index, and_index))
+                            or_list[and_index] = to_native(and_term)
+                # Make sure that options is a dictionary mapping strings to strings
+                if dr['options']:
+                    dr['options'] = clean_dict_booleans_for_docker_api(dr['options'])
+
    def fail(self, msg):
        self.client.fail(msg)

@@ -1594,6 +1664,9 @@ class TaskParameters(DockerBaseClass):
        if 'mounts' in params:
            params['mounts'] = self.mounts_opt

+        if self.device_requests is not None:
+            params['device_requests'] = [dict((k, v) for k, v in dr.items() if v is not None) for dr in self.device_requests]
+
        return self.client.create_host_config(**params)

    @property
@@ -1648,7 +1721,7 @@ class TaskParameters(DockerBaseClass):
            elif p_len == 3:
                # We only allow IPv4 and IPv6 addresses for the bind address
                ipaddr = parts[0]
-                if not re.match(r'^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$', parts[0]) and not re.match(r'^\[[0-9a-fA-F:]+\]$', ipaddr):
+                if not re.match(r'^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$', parts[0]) and not re.match(r'^\[[0-9a-fA-F:]+(?:|%[^\]/]+)\]$', ipaddr):
                    self.fail(('Bind addresses for published ports must be IPv4 or IPv6 addresses, not hostnames. '
                               'Use the dig lookup to resolve hostnames. (Found hostname: {0})').format(ipaddr))
                if re.match(r'^\[[0-9a-fA-F:]+\]$', ipaddr):
@@ -1990,6 +2063,7 @@ class Container(DockerBaseClass):
        self.parameters.expected_sysctls = None
        self.parameters.expected_etc_hosts = None
        self.parameters.expected_env = None
+        self.parameters.expected_device_requests = None
        self.parameters_map = dict()
        self.parameters_map['expected_links'] = 'links'
        self.parameters_map['expected_ports'] = 'expected_ports'
@@ -2005,6 +2079,7 @@ class Container(DockerBaseClass):
        self.parameters_map['expected_devices'] = 'devices'
        self.parameters_map['expected_healthcheck'] = 'healthcheck'
        self.parameters_map['expected_mounts'] = 'mounts'
+        self.parameters_map['expected_device_requests'] = 'device_requests'

    def fail(self, msg):
        self.parameters.client.fail(msg)
@@ -2078,6 +2153,7 @@ class Container(DockerBaseClass):
        self.parameters.expected_cmd = self._get_expected_cmd()
        self.parameters.expected_devices = self._get_expected_devices()
        self.parameters.expected_healthcheck = self._get_expected_healthcheck()
+        self.parameters.expected_device_requests = self._get_expected_device_requests()

        if not self.container.get('HostConfig'):
            self.fail("has_config_diff: Error parsing container properties. HostConfig missing.")
@@ -2155,6 +2231,7 @@ class Container(DockerBaseClass):
            device_write_bps=host_config.get('BlkioDeviceWriteBps'),
            device_read_iops=host_config.get('BlkioDeviceReadIOps'),
            device_write_iops=host_config.get('BlkioDeviceWriteIOps'),
+            expected_device_requests=host_config.get('DeviceRequests'),
            pids_limit=host_config.get('PidsLimit'),
            # According to https://github.com/moby/moby/, support for HostConfig.Mounts
            # has been included at least since v17.03.0-ce, which has API version 1.26.
@@ -2216,6 +2293,12 @@ class Container(DockerBaseClass):
                match = self._compare(getattr(self.parameters, key), value, compare)

                if not match:
+                    if key == 'expected_healthcheck' and config_mapping['disable_healthcheck'] and self.parameters.disable_healthcheck:
+                        # If the healthcheck is disabled (both in parameters and for the current container), and the user
+                        # requested strict comparison for healthcheck, the comparison will fail. That's why we ignore the
+                        # expected_healthcheck comparison in this case.
+                        continue
+
                    # no match. record the differences
                    p = getattr(self.parameters, key)
                    c = value
@@ -2454,6 +2537,20 @@ class Container(DockerBaseClass):
        self.log(result, pretty_print=True)
        return result

+    def _get_expected_device_requests(self):
+        if self.parameters.device_requests is None:
+            return None
+        device_requests = []
+        for dr in self.parameters.device_requests:
+            device_requests.append({
+                'Driver': dr['driver'],
+                'Count': dr['count'],
+                'DeviceIDs': dr['device_ids'],
+                'Capabilities': dr['capabilities'],
+                'Options': dr['options'],
+            })
+        return device_requests
+
    def _get_image_binds(self, volumes):
        '''
        Convert array of binds to array of strings with format host_path:container_path:mode
@@ -3089,6 +3186,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
        explicit_types = dict(
            command='list',
            devices='set(dict)',
+            device_requests='set(dict)',
            dns_search_domains='list',
            dns_servers='list',
            env='set',
@@ -3222,6 +3320,7 @@ class AnsibleDockerClientContainer(AnsibleDockerClient):
            device_read_iops=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
            device_write_bps=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
            device_write_iops=dict(docker_py_version='1.9.0', docker_api_version='1.22'),
+            device_requests=dict(docker_py_version='4.3.0', docker_api_version='1.40'),
            dns_opts=dict(docker_api_version='1.21', docker_py_version='1.10.0'),
            ipc_mode=dict(docker_api_version='1.25'),
            mac_address=dict(docker_api_version='1.25'),
@@ -3320,6 +3419,13 @@ def main():
            path=dict(required=True, type='str'),
            rate=dict(required=True, type='int'),
        )),
+        device_requests=dict(type='list', elements='dict', options=dict(
+            capabilities=dict(type='list', elements='list'),
+            count=dict(type='int'),
+            device_ids=dict(type='list', elements='str'),
+            driver=dict(type='str'),
+            options=dict(type='dict'),
+        )),
        dns_servers=dict(type='list', elements='str'),
        dns_opts=dict(type='list', elements='str'),
        dns_search_domains=dict(type='list', elements='str'),
--- a/plugins/modules/cloud/docker/docker_image.py
+++ b/plugins/modules/cloud/docker/docker_image.py
@@ -400,6 +400,12 @@ image:
    returned: success
    type: dict
    sample: {}
+stdout:
+    description: Docker build output when building an image.
+    returned: success
+    type: str
+    sample: ""
+    version_added: 1.3.0
 '''

 import errno
@@ -427,7 +433,7 @@ if docker_version is not None:
        else:
            from docker.auth.auth import resolve_repository_name
        from docker.utils.utils import parse_repository_tag
-        from docker.errors import DockerException
+        from docker.errors import DockerException, NotFound
    except ImportError:
        # missing Docker SDK for Python handled in module_utils.docker.common
        pass
@@ -506,7 +512,8 @@ class ImageManager(DockerBaseClass):
                self.results['actions'].append("Built image %s from %s" % (image_name, self.build_path))
                self.results['changed'] = True
                if not self.check_mode:
-                    self.results['image'] = self.build_image()
+                    self.results.update(self.build_image())
+
            elif self.source == 'load':
                # Load the image from an archive
                if not os.path.isfile(self.load_path):
@@ -533,6 +540,8 @@ class ImageManager(DockerBaseClass):
                    self.client.fail('Cannot find the image %s locally.' % name)
            if not self.check_mode and image and image['Id'] == self.results['image']['Id']:
                self.results['changed'] = False
+        else:
+            self.results['image'] = image

        if self.archive_path:
            self.archive_image(self.name, self.tag)
@@ -550,7 +559,7 @@ class ImageManager(DockerBaseClass):
        '''
        name = self.name
        if is_image_name_id(name):
-            image = self.client.find_image_by_id(name)
+            image = self.client.find_image_by_id(name, accept_missing_image=True)
        else:
            image = self.client.find_image(name, self.tag)
            if self.tag:
@@ -559,6 +568,9 @@ class ImageManager(DockerBaseClass):
            if not self.check_mode:
                try:
                    self.client.remove_image(name, force=self.force_absent)
+                except NotFound:
+                    # If the image vanished while we were trying to remove it, don't fail
+                    pass
                except Exception as exc:
                    self.fail("Error removing image %s - %s" % (name, str(exc)))

@@ -691,8 +703,8 @@ class ImageManager(DockerBaseClass):
                if image and image['Id'] == self.results['image']['Id']:
                    self.results['changed'] = False

-                if push:
-                    self.push_image(repo, repo_tag)
+        if push:
+            self.push_image(repo, repo_tag)

    def build_image(self):
        '''
@@ -713,7 +725,7 @@ class ImageManager(DockerBaseClass):
        )
        if self.client.docker_py_version < LooseVersion('3.0.0'):
            params['stream'] = True
-        build_output = []
+
        if self.tag:
            params['tag'] = "%s:%s" % (self.name, self.tag)
        if self.container_limits:
@@ -737,11 +749,14 @@ class ImageManager(DockerBaseClass):
        if self.target:
            params['target'] = self.target

+        build_output = []
        for line in self.client.build(**params):
            # line = json.loads(line)
            self.log(line, pretty_print=True)
-            if "stream" in line:
-                build_output.append(line["stream"])
+            if "stream" in line or "status" in line:
+                build_line = line.get("stream") or line.get("status") or ''
+                build_output.append(build_line)
+
            if line.get('error'):
                if line.get('errorDetail'):
                    errorDetail = line.get('errorDetail')
@@ -754,7 +769,9 @@ class ImageManager(DockerBaseClass):
                else:
                    self.fail("Error building %s - message: %s, logs: %s" % (
                        self.name, line.get('error'), build_output))
-        return self.client.find_image(name=self.name, tag=self.tag)
+
+        return {"stdout": "\n".join(build_output),
+                "image": self.client.find_image(name=self.name, tag=self.tag)}

    def load_image(self):
        '''
@@ -762,17 +779,73 @@ class ImageManager(DockerBaseClass):

        :return: image dict
        '''
+        # Load image(s) from file
+        load_output = []
+        has_output = False
        try:
            self.log("Opening image %s" % self.load_path)
            with open(self.load_path, 'rb') as image_tar:
                self.log("Loading image from %s" % self.load_path)
-                self.client.load_image(image_tar)
+                output = self.client.load_image(image_tar)
+                if output is not None:
+                    # Old versions of Docker SDK of Python (before version 2.5.0) do not return anything.
+                    # (See https://github.com/docker/docker-py/commit/7139e2d8f1ea82340417add02090bfaf7794f159)
+                    # Note that before that commit, something else than None was returned, but that was also
+                    # only introduced in a commit that first appeared in 2.5.0 (see
+                    # https://github.com/docker/docker-py/commit/9e793806ff79559c3bc591d8c52a3bbe3cdb7350).
+                    # So the above check works for every released version of Docker SDK for Python.
+                    has_output = True
+                    for line in output:
+                        self.log(line, pretty_print=True)
+                        if "stream" in line or "status" in line:
+                            load_line = line.get("stream") or line.get("status") or ''
+                            load_output.append(load_line)
+                else:
+                    if LooseVersion(docker_version) < LooseVersion('2.5.0'):
+                        self.client.module.warn(
+                            'The installed version of the Docker SDK for Python does not return the loading results'
+                            ' from the Docker daemon. Therefore, we cannot verify whether the expected image was'
+                            ' loaded, whether multiple images where loaded, or whether the load actually succeeded.'
+                            ' If you are not stuck with Python 2.6, *please* upgrade to a version newer than 2.5.0'
+                            ' (2.5.0 was released in August 2017).'
+                        )
+                    else:
+                        self.client.module.warn(
+                            'The API version of your Docker daemon is < 1.23, which does not return the image'
+                            ' loading result from the Docker daemon. Therefore, we cannot verify whether the'
+                            ' expected image was loaded, whether multiple images where loaded, or whether the load'
+                            ' actually succeeded. You should consider upgrading your Docker daemon.'
+                        )
        except EnvironmentError as exc:
            if exc.errno == errno.ENOENT:
-                self.fail("Error opening image %s - %s" % (self.load_path, str(exc)))
-            self.fail("Error loading image %s - %s" % (self.name, str(exc)))
+                self.client.fail("Error opening image %s - %s" % (self.load_path, str(exc)))
+            self.client.fail("Error loading image %s - %s" % (self.name, str(exc)), stdout='\n'.join(load_output))
        except Exception as exc:
-            self.fail("Error loading image %s - %s" % (self.name, str(exc)))
+            self.client.fail("Error loading image %s - %s" % (self.name, str(exc)), stdout='\n'.join(load_output))
+
+        # Collect loaded images
+        if has_output:
+            # We can only do this when we actually got some output from Docker daemon
+            loaded_images = set()
+            for line in load_output:
+                if line.startswith('Loaded image:'):
+                    loaded_images.add(line[len('Loaded image:'):].strip())
+
+            if not loaded_images:
+                self.client.fail("Detected no loaded images. Archive potentially corrupt?", stdout='\n'.join(load_output))
+
+            expected_image = '%s:%s' % (self.name, self.tag)
+            if expected_image not in loaded_images:
+                self.client.fail(
+                    "The archive did not contain image '%s'. Instead, found %s." % (
+                        expected_image, ', '.join(["'%s'" % image for image in sorted(loaded_images)])),
+                    stdout='\n'.join(load_output))
+            loaded_images.remove(expected_image)
+
+            if loaded_images:
+                self.client.module.warn(
+                    "The archive contained more images than specified: %s" % (
+                        ', '.join(["'%s'" % image for image in sorted(loaded_images)]), ))

        return self.client.find_image(self.name, self.tag)

--- a/plugins/modules/cloud/docker/docker_image_info.py
+++ b/plugins/modules/cloud/docker/docker_image_info.py
@@ -167,7 +167,7 @@ import traceback

 try:
    from docker import utils
-    from docker.errors import DockerException
+    from docker.errors import DockerException, NotFound
 except ImportError:
    # missing Docker SDK for Python handled in ansible.module_utils.docker.common
    pass
@@ -215,7 +215,7 @@ class ImageManager(DockerBaseClass):
        for name in names:
            if is_image_name_id(name):
                self.log('Fetching image %s (ID)' % (name))
-                image = self.client.find_image_by_id(name)
+                image = self.client.find_image_by_id(name, accept_missing_image=True)
            else:
                repository, tag = utils.parse_repository_tag(name)
                if not tag:
@@ -232,6 +232,8 @@ class ImageManager(DockerBaseClass):
        for image in images:
            try:
                inspection = self.client.inspect_image(image['Id'])
+            except NotFound:
+                pass
            except Exception as exc:
                self.fail("Error inspecting image %s - %s" % (image['Id'], str(exc)))
            results.append(inspection)
--- a/plugins/modules/cloud/docker/docker_login.py
+++ b/plugins/modules/cloud/docker/docker_login.py
@@ -257,14 +257,13 @@ class DockerFileStore(object):
        auth = to_text(b64auth)

        # build up the auth structure
-        new_auth = dict(
-            auths=dict()
-        )
-        new_auth['auths'][server] = dict(
+        if 'auths' not in self._config:
+            self._config['auths'] = dict()
+
+        self._config['auths'][server] = dict(
            auth=auth
        )

-        self._config.update(new_auth)
        self._write()

    def erase(self, server):
@@ -272,8 +271,9 @@ class DockerFileStore(object):
        Remove credentials for the given server from the configuration.
        '''

-        self._config['auths'].pop(server)
-        self._write()
+        if 'auths' in self._config and server in self._config['auths']:
+            self._config['auths'].pop(server)
+            self._write()


 class LoginManager(DockerBaseClass):
--- a/plugins/modules/cloud/docker/docker_secret.py
+++ b/plugins/modules/cloud/docker/docker_secret.py
@@ -236,6 +236,9 @@ class SecretManager(DockerBaseClass):
            if attrs.get('Labels', {}).get('ansible_key'):
                if attrs['Labels']['ansible_key'] != self.data_key:
                    data_changed = True
+            else:
+                if not self.force:
+                    self.client.module.warn("'ansible_key' label not found. Secret will not be changed unless the force parameter is set to 'yes'")
            labels_changed = not compare_generic(self.labels, attrs.get('Labels'), 'allow_more_present', 'dict')
            if data_changed or labels_changed or self.force:
                # if something changed or force, delete and re-create the secret
--- a/plugins/modules/cloud/docker/docker_stack.py
+++ b/plugins/modules/cloud/docker/docker_stack.py
@@ -36,7 +36,7 @@ options:
        referring to the path of the compose file on the target host
        or the YAML contents of a compose file nested as dictionary.
    type: list
-    # elements: raw
+    elements: raw
    default: []
  prune:
    description:
--- a/plugins/modules/cloud/docker/docker_swarm.py
+++ b/plugins/modules/cloud/docker/docker_swarm.py
@@ -85,6 +85,8 @@ options:
    description:
      - Swarm token used to join a swarm cluster.
      - Used with I(state=join).
+      - If this value is specified, the corresponding value in the return values will be censored by Ansible.
+        This is a side-effect of this value not being logged.
    type: str
  remote_addrs:
    description:
@@ -237,12 +239,20 @@ swarm_facts:
          type: dict
          contains:
              Worker:
-                  description: Token to create a new *worker* node
+                  description:
+                    - Token to join the cluster as a new *worker* node.
+                    - "B(Note:) if this value has been specified as I(join_token), the value here will not
+                       be the token, but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER). If you pass I(join_token),
+                       make sure your playbook/role does not depend on this return value!"
                  returned: success
                  type: str
                  example: SWMTKN-1--xxxxx
              Manager:
-                  description: Token to create a new *manager* node
+                  description:
+                    - Token to join the cluster as a new *manager* node.
+                    - "B(Note:) if this value has been specified as I(join_token), the value here will not
+                       be the token, but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER). If you pass I(join_token),
+                       make sure your playbook/role does not depend on this return value!"
                  returned: success
                  type: str
                  example: SWMTKN-1--xxxxx
@@ -604,7 +614,7 @@ def main():
        force=dict(type='bool', default=False),
        listen_addr=dict(type='str', default='0.0.0.0:2377'),
        remote_addrs=dict(type='list', elements='str'),
-        join_token=dict(type='str'),
+        join_token=dict(type='str', no_log=True),
        snapshot_interval=dict(type='int'),
        task_history_retention_limit=dict(type='int'),
        keep_old_snapshots=dict(type='int'),
@@ -616,7 +626,7 @@ def main():
        name=dict(type='str'),
        labels=dict(type='dict'),
        signing_ca_cert=dict(type='str'),
-        signing_ca_key=dict(type='str'),
+        signing_ca_key=dict(type='str', no_log=True),
        ca_force_rotate=dict(type='int'),
        autolock_managers=dict(type='bool'),
        node_id=dict(type='str'),
--- a/plugins/modules/cloud/docker/docker_swarm_service.py
+++ b/plugins/modules/cloud/docker/docker_swarm_service.py
@@ -2729,9 +2729,9 @@ def main():
            gid=dict(type='str'),
            mode=dict(type='int'),
        )),
-        secrets=dict(type='list', elements='dict', options=dict(
-            secret_id=dict(type='str'),
-            secret_name=dict(type='str', required=True),
+        secrets=dict(type='list', elements='dict', no_log=False, options=dict(
+            secret_id=dict(type='str', no_log=False),
+            secret_name=dict(type='str', required=True, no_log=False),
            filename=dict(type='str'),
            uid=dict(type='str'),
            gid=dict(type='str'),
--- a/plugins/modules/cloud/docker/docker_volume.py
+++ b/plugins/modules/cloud/docker/docker_volume.py
@@ -48,7 +48,6 @@ options:
      - Deprecated. Will be removed in community.general 2.0.0. Set I(recreate) to C(options-changed) instead
        for the same behavior of setting I(force) to C(yes).
    type: bool
-    default: no

  recreate:
    description:
--- a/plugins/modules/cloud/google/gc_storage.py
+++ b/plugins/modules/cloud/google/gc_storage.py
@@ -19,52 +19,66 @@ description:

 options:
  bucket:
+    type: str
    description:
      - Bucket name.
    required: true
  object:
+    type: path
    description:
      - Keyname of the object inside the bucket. Can be also be used to create "virtual directories" (see examples).
  src:
+    type: str
    description:
      - The source file path when performing a PUT operation.
  dest:
+    type: path
    description:
      - The destination file path when downloading an object/key with a GET operation.
-  force:
+  overwrite:
    description:
      - Forces an overwrite either locally on the filesystem or remotely with the object/key. Used with PUT and GET operations.
    type: bool
    default: 'yes'
-    aliases: [ 'overwrite' ]
+    aliases: [ 'force' ]
  permission:
+    type: str
    description:
      - This option let's the user set the canned permissions on the object/bucket that are created. The permissions that can be set are 'private',
        'public-read', 'authenticated-read'.
    default: private
+    choices: ['private', 'public-read', 'authenticated-read']
  headers:
+    type: dict
    description:
      - Headers to attach to object.
    default: {}
  expiration:
+    type: int
+    default: 600
    description:
      - Time limit (in seconds) for the URL generated and returned by GCA when performing a mode=put or mode=get_url operation. This url is only
        available when public-read is the acl for the object.
+    aliases: [expiry]
  mode:
+    type: str
    description:
      - Switches the module behaviour between upload, download, get_url (return download url) , get_str (download object as string), create (bucket) and
        delete (bucket).
    required: true
    choices: [ 'get', 'put', 'get_url', 'get_str', 'delete', 'create' ]
  gs_secret_key:
+    type: str
    description:
      - GS secret key. If not set then the value of the GS_SECRET_ACCESS_KEY environment variable is used.
    required: true
  gs_access_key:
+    type: str
    description:
      - GS access key. If not set then the value of the GS_ACCESS_KEY_ID environment variable is used.
    required: true
  region:
+    type: str
    description:
      - The gs region to use. If not defined then the value 'US' will be used. See U(https://cloud.google.com/storage/docs/bucket-locations)
    default: 'US'
@@ -72,6 +86,7 @@ options:
    description:
      - Whether versioning is enabled or disabled (note that once versioning is enabled, it can only be suspended)
    type: bool
+    default: false

 requirements:
    - "python >= 2.6"
@@ -406,7 +421,7 @@ def main():
            permission=dict(choices=['private', 'public-read', 'authenticated-read'], default='private'),
            headers=dict(type='dict', default={}),
            gs_secret_key=dict(no_log=True, required=True),
-            gs_access_key=dict(required=True),
+            gs_access_key=dict(required=True, no_log=False),
            overwrite=dict(default=True, type='bool', aliases=['force']),
            region=dict(default='US', type='str'),
            versioning=dict(default=False, type='bool')
--- a/plugins/modules/cloud/google/gcdns_record.py
+++ b/plugins/modules/cloud/google/gcdns_record.py
@@ -28,16 +28,19 @@ deprecated:
    alternative: Use M(google.cloud.gcp_dns_resource_record_set) instead.
 options:
    state:
+        type: str
        description:
            - Whether the given resource record should or should not be present.
        choices: ["present", "absent"]
        default: "present"
    record:
+        type: str
        description:
            - The fully-qualified domain name of the resource record.
        required: true
        aliases: ['name']
    zone:
+        type: str
        description:
            - The DNS domain name of the zone (e.g., example.com).
            - One of either I(zone) or I(zone_id) must be specified as an
@@ -45,6 +48,7 @@ options:
            - If both I(zone) and I(zone_id) are specified, I(zone_id) will be
              used.
    zone_id:
+        type: str
        description:
            - The Google Cloud ID of the zone (e.g., example-com).
            - One of either I(zone) or I(zone_id) must be specified as an
@@ -56,11 +60,13 @@ options:
            - If both I(zone) and I(zone_id) are specified, I(zone_id) will be
              used.
    type:
+        type: str
        description:
            - The type of resource record to add.
        required: true
        choices: [ 'A', 'AAAA', 'CNAME', 'SRV', 'TXT', 'SOA', 'NS', 'MX', 'SPF', 'PTR' ]
    record_data:
+        type: list
        description:
            - The record_data to use for the resource record.
            - I(record_data) must be specified if I(state) is C(present) or
@@ -77,6 +83,7 @@ options:
        required: false
        aliases: ['value']
    ttl:
+        type: int
        description:
            - The amount of time in seconds that a resource record will remain
              cached by a caching resolver.
@@ -99,20 +106,24 @@ options:
        type: bool
        default: 'no'
    service_account_email:
+        type: str
        description:
            - The e-mail address for a service account with access to Google
              Cloud DNS.
    pem_file:
+        type: path
        description:
            - The path to the PEM file associated with the service account
              email.
            - This option is deprecated and may be removed in a future release.
              Use I(credentials_file) instead.
    credentials_file:
+        type: path
        description:
            - The path to the JSON file associated with the service account
              email.
    project_id:
+        type: str
        description:
            - The Google Cloud Platform project ID to use.
 notes:
--- a/plugins/modules/cloud/google/gcdns_zone.py
+++ b/plugins/modules/cloud/google/gcdns_zone.py
@@ -27,11 +27,13 @@ deprecated:
    alternative: Use M(google.cloud.gcp_dns_managed_zone) instead.
 options:
    state:
+        type: str
        description:
            - Whether the given zone should or should not be present.
        choices: ["present", "absent"]
        default: "present"
    zone:
+        type: str
        description:
            - The DNS domain name of the zone.
            - This is NOT the Google Cloud DNS zone ID (e.g., example-com). If
@@ -40,24 +42,29 @@ options:
        required: true
        aliases: ['name']
    description:
+        type: str
        description:
            - An arbitrary text string to use for the zone description.
        default: ""
    service_account_email:
+        type: str
        description:
            - The e-mail address for a service account with access to Google
              Cloud DNS.
    pem_file:
+        type: path
        description:
            - The path to the PEM file associated with the service account
              email.
            - This option is deprecated and may be removed in a future release.
              Use I(credentials_file) instead.
    credentials_file:
+        type: path
        description:
            - The path to the JSON file associated with the service account
              email.
    project_id:
+        type: str
        description:
            - The Google Cloud Platform project ID to use.
 notes:
--- a/plugins/modules/cloud/google/gce.py
+++ b/plugins/modules/cloud/google/gce.py
@@ -21,68 +21,83 @@ deprecated:
    alternative: Use M(google.cloud.gcp_compute_instance) instead.
 options:
  image:
+    type: str
    description:
      - image string to use for the instance (default will follow latest
        stable debian image)
    default: "debian-8"
  image_family:
+    type: str
    description:
      - image family from which to select the image.  The most recent
        non-deprecated image in the family will be used.
  external_projects:
+    type: list
    description:
      - A list of other projects (accessible with the provisioning credentials)
        to be searched for the image.
  instance_names:
+    type: str
    description:
      - a comma-separated list of instance names to create or destroy
  machine_type:
+    type: str
    description:
      - machine type to use for the instance, use 'n1-standard-1' by default
    default: "n1-standard-1"
  metadata:
+    type: str
    description:
      - a hash/dictionary of custom data for the instance;
        '{"key":"value", ...}'
  service_account_email:
+    type: str
    description:
      - service account email
  service_account_permissions:
+    type: list
    description:
      - service account permissions (see
        U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
        --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
  name:
+    type: str
    description:
      - either a name of a single instance or when used with 'num_instances',
        the base name of a cluster of nodes
    aliases: ['base_name']
  num_instances:
+    type: int
    description:
      - can be used with 'name', specifies
        the number of nodes to provision using 'name'
        as a base name
  network:
+    type: str
    description:
      - name of the network, 'default' will be used if not specified
    default: "default"
  subnetwork:
+    type: str
    description:
      - name of the subnetwork in which the instance should be created
  persistent_boot_disk:
@@ -91,23 +106,26 @@ options:
    type: bool
    default: 'no'
  disks:
+    type: list
    description:
      - a list of persistent disks to attach to the instance; a string value
        gives the name of the disk; alternatively, a dictionary value can
        define 'name' and 'mode' ('READ_ONLY' or 'READ_WRITE'). The first entry
        will be the boot disk (which must be READ_WRITE).
  state:
+    type: str
    description:
      - desired state of the resource
    default: "present"
    choices: ["active", "present", "absent", "deleted", "started", "stopped", "terminated"]
  tags:
+    type: list
    description:
      - a comma-separated list of tags to associate with the instance
  zone:
+    type: str
    description:
      - the GCE zone to use. The list of available zones is at U(https://cloud.google.com/compute/docs/regions-zones/regions-zones#available).
-    required: true
    default: "us-central1-a"
  ip_forward:
    description:
@@ -116,6 +134,7 @@ options:
    type: bool
    default: 'no'
  external_ip:
+    type: str
    description:
      - type of external ip, ephemeral by default; alternatively, a fixed gce ip or ip name can be given. Specify 'none' if no external ip is desired.
    default: "ephemeral"
@@ -129,8 +148,8 @@ options:
      - if set to C(yes), instances will be preemptible and time-limited.
        (requires libcloud >= 0.20.0)
    type: bool
-    default: 'no'
  disk_size:
+    type: int
    description:
      - The size of the boot disk created for this instance (in GB)
    default: 10
--- a/plugins/modules/cloud/google/gce_eip.py
+++ b/plugins/modules/cloud/google/gce_eip.py
@@ -21,18 +21,42 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  name:
+    type: str
    description:
       - Name of Address.
    required: true
  region:
+    type: str
    description:
       - Region to create the address in. Set to 'global' to create a global address.
    required: true
  state:
+    type: str
    description: The state the address should be in. C(present) or C(absent) are the only valid options.
    default: present
    required: false
    choices: [present, absent]
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: path
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: path
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gce_img.py
+++ b/plugins/modules/cloud/google/gce_img.py
@@ -18,38 +18,48 @@ description:
      disks in any zone. U(https://cloud.google.com/compute/docs/images)
 options:
  name:
+    type: str
    description:
      - the name of the image to create or delete
    required: true
  description:
+    type: str
    description:
      - an optional description
  family:
+    type: str
    description:
      - an optional family name
  source:
+    type: str
    description:
      - the source disk or the Google Cloud Storage URI to create the image from
  state:
+    type: str
    description:
      - desired state of the image
    default: "present"
    choices: ["present", "absent"]
  zone:
+    type: str
    description:
      - the zone of the disk specified by source
    default: "us-central1-a"
  timeout:
+    type: int
    description:
      - timeout for the operation
    default: 180
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
 requirements:
--- a/plugins/modules/cloud/google/gce_instance_template.py
+++ b/plugins/modules/cloud/google/gce_instance_template.py
@@ -17,35 +17,46 @@ description:
       of Compute Engine of Google Cloud Platform.
 options:
  state:
+    type: str
    description:
      - The desired state for the instance template.
    default: "present"
    choices: ["present", "absent"]
  name:
+    type: str
    description:
      - The name of the GCE instance template.
    required: True
+    aliases: [base_name]
  size:
+    type: str
    description:
      - The desired machine type for the instance template.
    default: "f1-micro"
  source:
+    type: str
    description:
      - A source disk to attach to the instance.
        Cannot specify both I(image) and I(source).
  image:
+    type: str
    description:
      - The image to use to create the instance.
        Cannot specify both both I(image) and I(source).
  image_family:
+    type: str
    description:
      - The image family to use to create the instance.
        If I(image) has been used I(image_family) is ignored.
        Cannot specify both I(image) and I(source).
+    default: debian-8
  disk_type:
+    type: str
    description:
-      - Specify a C(pd-standard) disk or C(pd-ssd)
-        for an SSD disk.
+      - Specify a C(pd-standard) disk or C(pd-ssd) for an SSD disk.
+    choices:
+      - pd-standard
+      - pd-ssd
    default: pd-standard
  disk_auto_delete:
    description:
@@ -54,10 +65,12 @@ options:
    default: true
    type: bool
  network:
+    type: str
    description:
      - The network to associate with the instance.
    default: "default"
  subnetwork:
+    type: str
    description:
      - The Subnetwork resource name for this instance.
  can_ip_forward:
@@ -67,6 +80,7 @@ options:
    type: bool
    default: 'no'
  external_ip:
+    type: str
    description:
      - The external IP address to use.
        If C(ephemeral), a new non-static address will be
@@ -75,19 +89,21 @@ options:
        specify address name.
    default: "ephemeral"
  service_account_email:
+    type: str
    description:
      - service account email
  service_account_permissions:
+    type: list
    description:
      - service account permissions (see
        U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create),
        --scopes section for detailed information)
-    choices: [
-      "bigquery", "cloud-platform", "compute-ro", "compute-rw",
-      "useraccounts-ro", "useraccounts-rw", "datastore", "logging-write",
-      "monitoring", "sql-admin", "storage-full", "storage-ro",
-      "storage-rw", "taskqueue", "userinfo-email"
-    ]
+      - >
+        Available choices are:
+        C(bigquery), C(cloud-platform), C(compute-ro), C(compute-rw),
+        C(useraccounts-ro), C(useraccounts-rw), C(datastore), C(logging-write),
+        C(monitoring), C(sql-admin), C(storage-full), C(storage-ro),
+        C(storage-rw), C(taskqueue), C(userinfo-email).
  automatic_restart:
    description:
      - Defines whether the instance should be
@@ -99,6 +115,7 @@ options:
      - Defines whether the instance is preemptible.
    type: bool
  tags:
+    type: list
    description:
      - a comma-separated list of tags to associate with the instance
  metadata:
@@ -106,34 +123,42 @@ options:
      - a hash/dictionary of custom data for the instance;
        '{"key":"value", ...}'
  description:
+    type: str
    description:
      - description of instance template
  disks:
+    type: list
    description:
      - a list of persistent disks to attach to the instance; a string value
        gives the name of the disk; alternatively, a dictionary value can
        define 'name' and 'mode' ('READ_ONLY' or 'READ_WRITE'). The first entry
        will be the boot disk (which must be READ_WRITE).
  nic_gce_struct:
+    type: list
    description:
      - Support passing in the GCE-specific
        formatted networkInterfaces[] structure.
  disks_gce_struct:
+    type: list
    description:
      - Support passing in the GCE-specific
        formatted formatted disks[] structure. Case sensitive.
        see U(https://cloud.google.com/compute/docs/reference/latest/instanceTemplates#resource) for detailed information
  project_id:
+    type: str
    description:
      - your GCE project ID
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  subnetwork_region:
+    type: str
    description:
      - Region that subnetwork resides in. (Required for subnetwork to successfully complete)
 requirements:
--- a/plugins/modules/cloud/google/gce_labels.py
+++ b/plugins/modules/cloud/google/gce_labels.py
@@ -33,25 +33,57 @@ author:
  - 'Eric Johnson (@erjohnso) <erjohnso@google.com>'
 options:
  labels:
+    type: dict
    description:
       - A list of labels (key/value pairs) to add or remove for the resource.
    required: false
  resource_url:
+    type: str
    description:
       - The 'self_link' for the resource (instance, disk, snapshot, etc)
    required: false
  resource_type:
+    type: str
    description:
       - The type of resource (instances, disks, snapshots, images)
    required: false
  resource_location:
+    type: str
    description:
       - The location of resource (global, us-central1-f, etc.)
    required: false
  resource_name:
+    type: str
    description:
       - The name of resource.
    required: false
+  state:
+    type: str
+    description: The state the labels should be in. C(present) or C(absent) are the only valid options.
+    default: present
+    required: false
+    choices: [present, absent]
+  project_id:
+    type: str
+    description:
+      - The Google Cloud Platform project ID to use.
+  pem_file:
+    type: str
+    description:
+      - The path to the PEM file associated with the service account email.
+      - This option is deprecated and may be removed in a future release. Use I(credentials_file) instead.
+  credentials_file:
+    type: str
+    description:
+      - The path to the JSON file associated with the service account email.
+  service_account_email:
+    type: str
+    description:
+      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account email
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gce_lb.py
+++ b/plugins/modules/cloud/google/gce_lb.py
@@ -23,72 +23,90 @@ description:
      be found in the comments of ansible/test/gce_tests.py.
 options:
  httphealthcheck_name:
+    type: str
    description:
      - the name identifier for the HTTP health check
  httphealthcheck_port:
+    type: int
    description:
      - the TCP port to use for HTTP health checking
    default: 80
  httphealthcheck_path:
+    type: str
    description:
      - the url path to use for HTTP health checking
    default: "/"
  httphealthcheck_interval:
+    type: int
    description:
      - the duration in seconds between each health check request
    default: 5
  httphealthcheck_timeout:
+    type: int
    description:
      - the timeout in seconds before a request is considered a failed check
    default: 5
  httphealthcheck_unhealthy_count:
+    type: int
    description:
      - number of consecutive failed checks before marking a node unhealthy
    default: 2
  httphealthcheck_healthy_count:
+    type: int
    description:
      - number of consecutive successful checks before marking a node healthy
    default: 2
  httphealthcheck_host:
+    type: str
    description:
      - host header to pass through on HTTP check requests
  name:
+    type: str
    description:
      - name of the load-balancer resource
  protocol:
+    type: str
    description:
      - the protocol used for the load-balancer packet forwarding, tcp or udp
+      - "the available choices are: C(tcp) or C(udp)."
    default: "tcp"
-    choices: ['tcp', 'udp']
  region:
+    type: str
    description:
      - the GCE region where the load-balancer is defined
  external_ip:
+    type: str
    description:
      - the external static IPv4 (or auto-assigned) address for the LB
  port_range:
+    type: str
    description:
      - the port (range) to forward, e.g. 80 or 8000-8888 defaults to all ports
  members:
+    type: list
    description:
      - a list of zone/nodename pairs, e.g ['us-central1-a/www-a', ...]
-    aliases: ['nodes']
  state:
+    type: str
    description:
      - desired state of the LB
+      - "the available choices are: C(active), C(present), C(absent), C(deleted)."
    default: "present"
-    choices: ["active", "present", "absent", "deleted"]
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID

--- a/plugins/modules/cloud/google/gce_mig.py
+++ b/plugins/modules/cloud/google/gce_mig.py
@@ -26,46 +26,70 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  name:
+    type: str
    description:
       - Name of the Managed Instance Group.
    required: true
  template:
+    type: str
    description:
       - Instance Template to be used in creating the VMs.  See
         U(https://cloud.google.com/compute/docs/instance-templates) to learn more
         about Instance Templates.  Required for creating MIGs.
  size:
+    type: int
    description:
       - Size of Managed Instance Group.  If MIG already exists, it will be
         resized to the number provided here.  Required for creating MIGs.
  service_account_email:
+    type: str
    description:
      - service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
+  pem_file:
+    type: path
+    description:
+      - path to the pem file associated with the service account email
+        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - Path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - GCE project ID
  state:
+    type: str
    description:
      - desired state of the resource
    default: "present"
    choices: ["absent", "present"]
  zone:
+    type: str
    description:
      - The GCE zone to use for this Managed Instance Group.
    required: true
  autoscaling:
+    type: dict
    description:
      - A dictionary of configuration for the autoscaler. 'enabled (bool)', 'name (str)'
        and policy.max_instances (int) are required fields if autoscaling is used. See
        U(https://cloud.google.com/compute/docs/reference/beta/autoscalers) for more information
        on Autoscaling.
  named_ports:
+    type: list
    description:
      - Define named ports that backend services can forward data to.  Format is a a list of
        name:port dictionaries.
+  recreate_instances:
+    type: bool
+    default: no
+    description:
+      - Recreate MIG instances.
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/google/gce_net.py
+++ b/plugins/modules/cloud/google/gce_net.py
@@ -21,54 +21,64 @@ description:
      be found in the comments of ansible/test/gce_tests.py.
 options:
  allowed:
+    type: str
    description:
      - the protocol:ports to allow (I(tcp:80) or I(tcp:80,443) or I(tcp:80-800;udp:1-25))
        this parameter is mandatory when creating or updating a firewall rule
  ipv4_range:
+    type: str
    description:
      - the IPv4 address range in CIDR notation for the network
        this parameter is not mandatory when you specified existing network in name parameter,
        but when you create new network, this parameter is mandatory
-    aliases: ['cidr']
  fwname:
+    type: str
    description:
      - name of the firewall rule
-    aliases: ['fwrule']
  name:
+    type: str
    description:
      - name of the network
  src_range:
+    type: list
    description:
      - the source IPv4 address range in CIDR notation
    default: []
-    aliases: ['src_cidr']
  src_tags:
+    type: list
    description:
      - the source instance tags for creating a firewall rule
    default: []
  target_tags:
+    type: list
    description:
      - the target instance tags for creating a firewall rule
    default: []
  state:
+    type: str
    description:
      - desired state of the network or firewall
+      - "Available choices are: C(active), C(present), C(absent), C(deleted)."
    default: "present"
-    choices: ["active", "present", "absent", "deleted"]
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use C(credentials_file).
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
  mode:
+    type: str
    description:
      - network mode for Google Cloud
        C(legacy) indicates a network with an IP address range;
@@ -78,12 +88,15 @@ options:
    default: "legacy"
    choices: ["legacy", "auto", "custom"]
  subnet_name:
+    type: str
    description:
      - name of subnet to create
  subnet_region:
+    type: str
    description:
      - region of subnet to create
  subnet_desc:
+    type: str
    description:
      - description of subnet to create

--- a/plugins/modules/cloud/google/gce_pd.py
+++ b/plugins/modules/cloud/google/gce_pd.py
@@ -21,61 +21,82 @@ options:
    description:
      - do not destroy the disk, merely detach it from an instance
    type: bool
-    default: 'no'
  instance_name:
+    type: str
    description:
      - instance name if you wish to attach or detach the disk
  mode:
+    type: str
    description:
      - GCE mount mode of disk, READ_ONLY (default) or READ_WRITE
    default: "READ_ONLY"
    choices: ["READ_WRITE", "READ_ONLY"]
  name:
+    type: str
    description:
      - name of the disk
    required: true
  size_gb:
+    type: str
    description:
      - whole integer size of disk (in GB) to create, default is 10 GB
-    default: 10
+    default: "10"
  image:
+    type: str
    description:
      - the source image to use for the disk
  snapshot:
+    type: str
    description:
      - the source snapshot to use for the disk
  state:
+    type: str
    description:
      - desired state of the persistent disk
+      - "Available choices are: C(active), C(present), C(absent), C(deleted)."
    default: "present"
-    choices: ["active", "present", "absent", "deleted"]
  zone:
+    type: str
    description:
      - zone in which to create the disk
    default: "us-central1-b"
  service_account_email:
+    type: str
    description:
      - service account email
  pem_file:
+    type: path
    description:
      - path to the pem file associated with the service account email
        This option is deprecated. Use 'credentials_file'.
  credentials_file:
+    type: path
    description:
      - path to the JSON file associated with the service account email
  project_id:
+    type: str
    description:
      - your GCE project ID
  disk_type:
+    type: str
    description:
-      - type of disk provisioned
+      - Specify a C(pd-standard) disk or C(pd-ssd) for an SSD disk.
    default: "pd-standard"
-    choices: ["pd-standard", "pd-ssd"]
  delete_on_termination:
    description:
      - If C(yes), deletes the volume when instance is terminated
    type: bool
-    default: 'no'
+  image_family:
+    type: str
+    description:
+      - The image family to use to create the instance.
+        If I(image) has been used I(image_family) is ignored.
+        Cannot specify both I(image) and I(source).
+  external_projects:
+    type: list
+    description:
+      - A list of other projects (accessible with the provisioning credentials)
+        to be searched for the image.

 requirements:
    - "python >= 2.6"
--- a/plugins/modules/cloud/google/gce_snapshot.py
+++ b/plugins/modules/cloud/google/gce_snapshot.py
@@ -18,36 +18,40 @@ description:
    volumes, each snapshot will be prepended with the disk name
 options:
  instance_name:
+    type: str
    description:
      - The GCE instance to snapshot
    required: True
  snapshot_name:
+    type: str
    description:
      - The name of the snapshot to manage
+    required: True
  disks:
+    type: list
    description:
      - A list of disks to create snapshots for. If none is provided,
-        all of the volumes will be snapshotted
-    default: all
+        all of the volumes will have snapshots created.
    required: False
  state:
+    type: str
    description:
      - Whether a snapshot should be C(present) or C(absent)
    required: false
    default: present
    choices: [present, absent]
  service_account_email:
+    type: str
    description:
      - GCP service account email for the project where the instance resides
-    required: true
  credentials_file:
+    type: path
    description:
      - The path to the credentials file associated with the service account
-    required: true
  project_id:
+    type: str
    description:
      - The GCP project ID to use
-    required: true
 requirements:
    - "python >= 2.6"
    - "apache-libcloud >= 0.19.0"
--- a/plugins/modules/cloud/google/gce_tag.py
+++ b/plugins/modules/cloud/google/gce_tag.py
@@ -16,34 +16,42 @@ description:
      to/from GCE instances.  Use 'instance_pattern' to update multiple instances in a specify zone.
 options:
  instance_name:
+    type: str
    description:
      - The name of the GCE instance to add/remove tags.
      - Required if C(instance_pattern) is not specified.
  instance_pattern:
+    type: str
    description:
      - The pattern of GCE instance names to match for adding/removing tags.  Full-Python regex is supported.
        See U(https://docs.python.org/2/library/re.html) for details.
      - If C(instance_name) is not specified, this field is required.
  tags:
+    type: list
    description:
      - Comma-separated list of tags to add or remove.
    required: yes
  state:
+    type: str
    description:
      - Desired state of the tags.
    choices: [ absent, present ]
    default: present
  zone:
+    type: str
    description:
      - The zone of the disk specified by source.
    default: us-central1-a
  service_account_email:
+    type: str
    description:
      - Service account email.
  pem_file:
+    type: path
    description:
      - Path to the PEM file associated with the service account email.
  project_id:
+    type: str
    description:
      - Your GCE project ID.
 requirements:
--- a/plugins/modules/cloud/google/gcp_backend_service.py
+++ b/plugins/modules/cloud/google/gcp_backend_service.py
@@ -29,10 +29,12 @@ author:
  - "Tom Melendez (@supertom) <tom@supertom.com>"
 options:
  backend_service_name:
+    type: str
    description:
       - Name of the Backend Service.
    required: true
  backends:
+    type: list
    description:
       - List of backends that make up the backend service. A backend is made up of
         an instance group and optionally several other parameters.  See
@@ -40,6 +42,7 @@ options:
         for details.
    required: true
  healthchecks:
+    type: list
    description:
       - List of healthchecks. Only one healthcheck is supported.
    required: true
@@ -48,29 +51,46 @@ options:
       - If true, enable Cloud CDN for this Backend Service.
    type: bool
  port_name:
+    type: str
    description:
      - Name of the port on the managed instance group (MIG) that backend
        services can forward data to. Required for external load balancing.
  protocol:
+    type: str
    description:
       - The protocol this Backend Service uses to communicate with backends.
-         Possible values are HTTP, HTTPS, TCP, and SSL. The default is HTTP.
+         Possible values are HTTP, HTTPS, TCP, and SSL. The default is TCP.
+    choices: [HTTP, HTTPS, TCP, SSL]
+    default: TCP
    required: false
  timeout:
+    type: int
    description:
       - How many seconds to wait for the backend before considering it a failed
         request. Default is 30 seconds. Valid range is 1-86400.
    required: false
  service_account_email:
+    type: str
    description:
      - Service account email
+  service_account_permissions:
+    type: list
+    description:
+      - service account permissions
  credentials_file:
+    type: str
    description:
      - Path to the JSON file associated with the service account email.
+  pem_file:
+    type: str
+    description:
+      - Path to the PEM file associated with the service account email.
  project_id:
+    type: str
    description:
      - GCE project ID.
  state:
+    type: str
    description:
      - Desired state of the resource
    default: "present"
--- a/Show More
+++ b/Show More