Release 1.3.6.

Various fixes for updating existing gitlab users (#1724 ) (#1756 )
* fixes various issues related to updating an ... ... existing gitlab user, in detail: - fixes updating admin status not working - fixes user passwords not updated - fixes confirmation skipping param ignored for user updates - added tests for code changes * fixing sanity issues * fixing sanity issues 02 * fixing sanity issues 03 * fixing sanity issues 04 * fixing unit test failures * fixing unit test failures 02 * add changelog fragment * fixing unit test failures 03 * forgot to add changelog fragment * fix changelog sanity issues * fix changelog sanity issues 02 * incorporate review suggestions Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de> (cherry picked from commit c03ae754d2) Co-authored-by: morco <thegreatwiper@web.de>
2026-04-28 09:26:44 +00:00 · 2021-02-09 13:09:36 +01:00 · 2021-02-09 12:01:59 +01:00 · 2021-02-09 08:17:25 +01:00 · 2021-02-08 22:22:45 +01:00 · 2021-02-08 16:22:39 +00:00
107 changed files with 1383 additions and 420 deletions
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -212,10 +212,10 @@ stages:
              test: centos7
            - name: CentOS 8
              test: centos8
-            - name: Fedora 31
-              test: fedora31
            - name: Fedora 32
              test: fedora32
+            - name: Fedora 33
+              test: fedora33
            - name: openSUSE 15 py2
              test: opensuse15py2
            - name: openSUSE 15 py3
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@@ -576,7 +576,7 @@ files:
  $modules/net_tools/nmcli.py:
    maintainers: alcamie101
  $modules/net_tools/snmp_facts.py:
-    maintainers: ogenstad bigmstone ujwalkomarla
+    maintainers: ogenstad ujwalkomarla
  $modules/notification/osx_say.py:
    maintainers: ansible mpdehaan
    labels: _osx_say
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,134 @@ Community General Release Notes
 .. contents:: Topics


+v1.3.6
+======
+
+Release Summary
+---------------
+
+Regular bugfix and security bugfix (potential information leaks in multiple modules, CVE-2021-20191) release.
+
+Minor Changes
+-------------
+
+- scaleway modules and inventory plugin - update regions and zones to add the new ones (https://github.com/ansible-collections/community.general/pull/1690).
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- utm_proxy_auth_profile - the ``frontend_cookie_secret`` return value now contains a placeholder string instead of the module's ``frontend_cookie_secret`` parameter (https://github.com/ansible-collections/community.general/pull/1736).
+
+Security Fixes
+--------------
+
+- dnsmadeeasy - mark the ``account_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- docker_swarm - enabled ``no_log`` for the option ``signing_ca_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1728).
+- gitlab_runner - mark the ``registration_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- hwc_ecs_instance - mark the ``admin_pass`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ibm_sa_host - mark the ``iscsi_chap_secret`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- keycloak_* modules - mark the ``auth_client_secret`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- keycloak_client - mark the ``registration_access_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- librato_annotation - mark the ``api_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- logentries_msg - mark the ``token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- module_utils/_netapp, na_ontap_gather_facts - enabled ``no_log`` for the options ``api_key`` and ``secret_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- module_utils/identity/keycloak, keycloak_client, keycloak_clienttemplate, keycloak_group - enabled ``no_log`` for the option ``auth_client_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- nios_nsgroup - mark the ``tsig_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- oneandone_firewall_policy, oneandone_load_balancer, oneandone_monitoring_policy, oneandone_private_network, oneandone_public_ip - mark the ``auth_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ovirt - mark the ``instance_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ovirt - mark the ``instance_rootpw`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pagerduty_alert - mark the ``api_key``, ``service_key`` and ``integration_key`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pagerduty_change - mark the ``integration_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pingdom - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pulp_repo - mark the ``feed_client_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- rax_clb_ssl - mark the ``private_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- redfish_command - mark the ``update_creds.password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- rollbar_deployment - mark the ``token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- spotinst_aws_elastigroup - mark the ``multai_token`` and ``token`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- stackdriver - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- utm_proxy_auth_profile - enabled ``no_log`` for the option ``frontend_cookie_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- utm_proxy_auth_profile - mark the ``frontend_cookie_secret`` parameter as ``no_log`` to avoid leakage of secrets. This causes the ``utm_proxy_auth_profile`` return value to no longer containing the correct value, but a placeholder (https://github.com/ansible-collections/community.general/pull/1736).
+
+Bugfixes
+--------
+
+- docker connection plugin - fix Docker version parsing, as some docker versions have a leading ``v`` in the output of the command ``docker version --format "{{.Server.Version}}"`` (https://github.com/ansible-collections/community.docker/pull/76).
+- filesystem - do not fail when ``resizefs=yes`` and ``fstype=xfs`` if there is nothing to do, even if the filesystem is not mounted. This only covers systems supporting access to unmounted XFS filesystems. Others will still fail (https://github.com/ansible-collections/community.general/issues/1457, https://github.com/ansible-collections/community.general/pull/1478).
+- gitlab_user - make updates to the ``isadmin``, ``password`` and ``confirm`` options of an already existing GitLab user work (https://github.com/ansible-collections/community.general/pull/1724).
+- parted - change the regex that decodes the partition size to better support different formats that parted uses. Change the regex that validates parted's version string (https://github.com/ansible-collections/community.general/pull/1695).
+- redfish_info module, redfish_utils module utils - add ``Name`` and ``Id`` properties to output of Redfish inventory commands (https://github.com/ansible-collections/community.general/issues/1650).
+- sensu-silence module - fix json parsing of sensu API responses on Python 3.5 (https://github.com/ansible-collections/community.general/pull/1703).
+
+v1.3.5
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- dnsmadeeasy - fix HTTP 400 errors when creating a TXT record (https://github.com/ansible-collections/community.general/issues/1237).
+- docker_container - allow IPv6 zones (RFC 4007) in bind IPs (https://github.com/ansible-collections/community.docker/pull/66).
+- docker_image - fix crash on loading images with versions of Docker SDK for Python before 2.5.0 (https://github.com/ansible-collections/community.docker/issues/72, https://github.com/ansible-collections/community.docker/pull/73).
+- homebrew - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- homebrew_cask - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- homebrew_tap - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- lldp - use ``get_bin_path`` to locate the ``lldpctl`` executable (https://github.com/ansible-collections/community.general/pull/1643).
+- onepassword lookup plugin - updated to support password items, which place the password field directly in the payload's ``details`` attribute (https://github.com/ansible-collections/community.general/pull/1610).
+- passwordstore lookup plugin - fix compatibility with gopass when used with ``create=true``. While pass returns 1 on a non-existent password, gopass returns 10, or 11, depending on whether a similar named password was stored. We now just check standard output and that the return code is not zero (https://github.com/ansible-collections/community.general/pull/1589).
+- terraform - improve result code checking when executing terraform commands (https://github.com/ansible-collections/community.general/pull/1632).
+
+v1.3.4
+======
+
+Release Summary
+---------------
+
+Bugfix/security release that addresses CVE-2021-20180.
+
+Security Fixes
+--------------
+
+- bitbucket_pipeline_variable - **CVE-2021-20180** - hide user sensitive information which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635).
+
+Bugfixes
+--------
+
+- npm - handle json decode exception while parsing command line output (https://github.com/ansible-collections/community.general/issues/1614).
+
+v1.3.3
+======
+
+Release Summary
+---------------
+
+Bugfix/security release that addresses CVE-2021-20178.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the kubevirt modules will be moved to the `community.kubevirt <https://galaxy.ansible.com/community/kubevirt>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use kubevirt modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.kubevirt.`` instead of ``community.general.``,
+  for example replace ``community.general.kubevirt_vm`` in a task by ``community.kubevirt.kubevirt_vm``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the kubevirt modules, you have to make sure to install the ``community.kubevirt`` collection as well.
+  If you are using FQCNs, for example ``community.general.kubevirt_vm`` instead of ``kubevirt_vm``, it will continue working, but we still recommend to adjust the FQCNs as well.
+
+Security Fixes
+--------------
+
+- snmp_facts - **CVE-2021-20178** - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).
+
+Bugfixes
+--------
+
+- terraform - fix ``init_reconfigure`` option for proper CLI args (https://github.com/ansible-collections/community.general/pull/1620).
+
 v1.3.2
 ======

--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -1764,3 +1764,189 @@ releases:
    - jira_improvements.yaml
    - oc-migration.yml
    release_date: '2021-01-04'
+  1.3.3:
+    changes:
+      bugfixes:
+      - terraform - fix ``init_reconfigure`` option for proper CLI args (https://github.com/ansible-collections/community.general/pull/1620).
+      major_changes:
+      - 'For community.general 2.0.0, the kubevirt modules will be moved to the `community.kubevirt
+        <https://galaxy.ansible.com/community/kubevirt>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use kubevirt modules from this collection,
+        you will need to adjust your playbooks and roles to use FQCNs starting with
+        ``community.kubevirt.`` instead of ``community.general.``,
+
+        for example replace ``community.general.kubevirt_vm`` in a task by ``community.kubevirt.kubevirt_vm``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the kubevirt modules, you have to make sure to install the ``community.kubevirt``
+        collection as well.
+
+        If you are using FQCNs, for example ``community.general.kubevirt_vm`` instead
+        of ``kubevirt_vm``, it will continue working, but we still recommend to adjust
+        the FQCNs as well.
+
+        '
+      release_summary: Bugfix/security release that addresses CVE-2021-20178.
+      security_fixes:
+      - snmp_facts - **CVE-2021-20178** - hide user sensitive information such as
+        ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).
+    fragments:
+    - 1.3.3.yml
+    - 1620-terraform_init_reconfigure_fix.yml
+    - kubevirt-migration.yml
+    - snmp_facts.yml
+    release_date: '2021-01-13'
+  1.3.4:
+    changes:
+      bugfixes:
+      - npm - handle json decode exception while parsing command line output (https://github.com/ansible-collections/community.general/issues/1614).
+      release_summary: Bugfix/security release that addresses CVE-2021-20180.
+      security_fixes:
+      - bitbucket_pipeline_variable - **CVE-2021-20180** - hide user sensitive information
+        which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635).
+    fragments:
+    - 1.3.4.yml
+    - 1614_npm.yml
+    - cve_bitbucket_pipeline_variable.yml
+    release_date: '2021-01-14'
+  1.3.5:
+    changes:
+      bugfixes:
+      - dnsmadeeasy - fix HTTP 400 errors when creating a TXT record (https://github.com/ansible-collections/community.general/issues/1237).
+      - docker_container - allow IPv6 zones (RFC 4007) in bind IPs (https://github.com/ansible-collections/community.docker/pull/66).
+      - docker_image - fix crash on loading images with versions of Docker SDK for
+        Python before 2.5.0 (https://github.com/ansible-collections/community.docker/issues/72,
+        https://github.com/ansible-collections/community.docker/pull/73).
+      - homebrew - add default search path for ``brew`` on Apple silicon hardware
+        (https://github.com/ansible-collections/community.general/pull/1679).
+      - homebrew_cask - add default search path for ``brew`` on Apple silicon hardware
+        (https://github.com/ansible-collections/community.general/pull/1679).
+      - homebrew_tap - add default search path for ``brew`` on Apple silicon hardware
+        (https://github.com/ansible-collections/community.general/pull/1679).
+      - lldp - use ``get_bin_path`` to locate the ``lldpctl`` executable (https://github.com/ansible-collections/community.general/pull/1643).
+      - onepassword lookup plugin - updated to support password items, which place
+        the password field directly in the payload's ``details`` attribute (https://github.com/ansible-collections/community.general/pull/1610).
+      - passwordstore lookup plugin - fix compatibility with gopass when used with
+        ``create=true``. While pass returns 1 on a non-existent password, gopass returns
+        10, or 11, depending on whether a similar named password was stored. We now
+        just check standard output and that the return code is not zero (https://github.com/ansible-collections/community.general/pull/1589).
+      - terraform - improve result code checking when executing terraform commands
+        (https://github.com/ansible-collections/community.general/pull/1632).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 1.3.5.yml
+    - 1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml
+    - 1610-bugfix-onepassword-lookup-plugin.yaml
+    - 1632-using_check_rc_in_terraform.yml
+    - 1654-dnsmadeeasy-http-400-fixes.yaml
+    - 1679-homebrew_search_path.yml
+    - community.docker-66-ipv6-zones.yml
+    - community.docker-73-docker_image-fix-old-docker-py-version.yml
+    - lldp-use-get_bin_path-to-locate-the-lldpctl-executable.yaml
+    release_date: '2021-01-26'
+  1.3.6:
+    changes:
+      breaking_changes:
+      - utm_proxy_auth_profile - the ``frontend_cookie_secret`` return value now contains
+        a placeholder string instead of the module's ``frontend_cookie_secret`` parameter
+        (https://github.com/ansible-collections/community.general/pull/1736).
+      bugfixes:
+      - docker connection plugin - fix Docker version parsing, as some docker versions
+        have a leading ``v`` in the output of the command ``docker version --format
+        "{{.Server.Version}}"`` (https://github.com/ansible-collections/community.docker/pull/76).
+      - filesystem - do not fail when ``resizefs=yes`` and ``fstype=xfs`` if there
+        is nothing to do, even if the filesystem is not mounted. This only covers
+        systems supporting access to unmounted XFS filesystems. Others will still
+        fail (https://github.com/ansible-collections/community.general/issues/1457,
+        https://github.com/ansible-collections/community.general/pull/1478).
+      - gitlab_user - make updates to the ``isadmin``, ``password`` and ``confirm``
+        options of an already existing GitLab user work (https://github.com/ansible-collections/community.general/pull/1724).
+      - parted - change the regex that decodes the partition size to better support
+        different formats that parted uses. Change the regex that validates parted's
+        version string (https://github.com/ansible-collections/community.general/pull/1695).
+      - redfish_info module, redfish_utils module utils - add ``Name`` and ``Id``
+        properties to output of Redfish inventory commands (https://github.com/ansible-collections/community.general/issues/1650).
+      - sensu-silence module - fix json parsing of sensu API responses on Python 3.5
+        (https://github.com/ansible-collections/community.general/pull/1703).
+      minor_changes:
+      - scaleway modules and inventory plugin - update regions and zones to add the
+        new ones (https://github.com/ansible-collections/community.general/pull/1690).
+      release_summary: Regular bugfix and security bugfix (potential information leaks
+        in multiple modules, CVE-2021-20191) release.
+      security_fixes:
+      - dnsmadeeasy - mark the ``account_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - docker_swarm - enabled ``no_log`` for the option ``signing_ca_key`` to prevent
+        accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1728).
+      - gitlab_runner - mark the ``registration_token`` parameter as ``no_log`` to
+        avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - hwc_ecs_instance - mark the ``admin_pass`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - ibm_sa_host - mark the ``iscsi_chap_secret`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - keycloak_* modules - mark the ``auth_client_secret`` parameter as ``no_log``
+        to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - keycloak_client - mark the ``registration_access_token`` parameter as ``no_log``
+        to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - librato_annotation - mark the ``api_key`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - logentries_msg - mark the ``token`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - module_utils/_netapp, na_ontap_gather_facts - enabled ``no_log`` for the options
+        ``api_key`` and ``secret_key`` to prevent accidental disclosure (CVE-2021-20191,
+        https://github.com/ansible-collections/community.general/pull/1725).
+      - module_utils/identity/keycloak, keycloak_client, keycloak_clienttemplate,
+        keycloak_group - enabled ``no_log`` for the option ``auth_client_secret``
+        to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+      - nios_nsgroup - mark the ``tsig_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - oneandone_firewall_policy, oneandone_load_balancer, oneandone_monitoring_policy,
+        oneandone_private_network, oneandone_public_ip - mark the ``auth_token`` parameter
+        as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - ovirt - mark the ``instance_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - ovirt - mark the ``instance_rootpw`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - pagerduty_alert - mark the ``api_key``, ``service_key`` and ``integration_key``
+        parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - pagerduty_change - mark the ``integration_key`` parameter as ``no_log`` to
+        avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - pingdom - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets
+        (https://github.com/ansible-collections/community.general/pull/1736).
+      - pulp_repo - mark the ``feed_client_key`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - rax_clb_ssl - mark the ``private_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - redfish_command - mark the ``update_creds.password`` parameter as ``no_log``
+        to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - rollbar_deployment - mark the ``token`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - spotinst_aws_elastigroup - mark the ``multai_token`` and ``token`` parameters
+        as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - stackdriver - mark the ``key`` parameter as ``no_log`` to avoid leakage of
+        secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - utm_proxy_auth_profile - enabled ``no_log`` for the option ``frontend_cookie_secret``
+        to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+      - utm_proxy_auth_profile - mark the ``frontend_cookie_secret`` parameter as
+        ``no_log`` to avoid leakage of secrets. This causes the ``utm_proxy_auth_profile``
+        return value to no longer containing the correct value, but a placeholder
+        (https://github.com/ansible-collections/community.general/pull/1736).
+    fragments:
+    - 1.3.6.yml
+    - 1478-filesystem-fix-1457-resizefs-idempotency.yml
+    - 1690-scaleway-regions.yaml
+    - 1691-add-name-and-id-props-to-redfish-inventory-output.yml
+    - 1695-parted-updatedregex.yaml
+    - 1703-sensu_silence-fix_json_parsing.yml
+    - 1724-various-fixes-for-updating-existing-gitlab-user.yml
+    - CVE-2021-20191_no_log.yml
+    - CVE-2021-20191_no_log_docker.yml
+    - community.docker-76-leading-v-support-in-docker-version.yml
+    - no_log-fixes.yml
+    release_date: '2021-02-09'
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 1.3.2
+version: 1.3.6
 readme: README.md
 authors:
  - Ansible (https://github.com/ansible)
--- a/plugins/connection/docker.py
+++ b/plugins/connection/docker.py
@@ -116,7 +116,9 @@ class Connection(ConnectionBase):

    @staticmethod
    def _sanitize_version(version):
-        return re.sub(u'[^0-9a-zA-Z.]', u'', version)
+        version = re.sub(u'[^0-9a-zA-Z.]', u'', version)
+        version = re.sub(u'^v', u'', version)
+        return version

    def _old_docker_version(self):
        cmd_args = []
--- a/plugins/inventory/scaleway.py
+++ b/plugins/inventory/scaleway.py
@@ -24,6 +24,8 @@ DOCUMENTATION = '''
            default:
                - ams1
                - par1
+                - par2
+                - waw1
        tags:
            description: Filter results on a specific tag
            type: list
--- a/plugins/lookup/onepassword.py
+++ b/plugins/lookup/onepassword.py
@@ -187,8 +187,63 @@ class OnePass(object):
        return rc, out, err

    def _parse_field(self, data_json, field_name, section_title=None):
+        """
+        Retrieves the desired field from the `op` response payload
+
+        When the item is a `password` type, the password is a key within the `details` key:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "templateUuid": "005",
+          "details": {
+            "notesPlain": "",
+            "password": "foobar",
+            "passwordHistory": [],
+            "sections": [
+              {
+                "name": "linked items",
+                "title": "Related Items"
+              }
+            ]
+          },
+          [...]
+        }
+
+        However, when the item is a `login` type, the password is within a fields array:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "details": {
+            "fields": [
+              {
+                "designation": "username",
+                "name": "username",
+                "type": "T",
+                "value": "foo"
+              },
+              {
+                "designation": "password",
+                "name": "password",
+                "type": "P",
+                "value": "bar"
+              }
+            ],
+            [...]
+          },
+          [...]
+        """
        data = json.loads(data_json)
        if section_title is None:
+            # https://github.com/ansible-collections/community.general/pull/1610:
+            # check the details dictionary for `field_name` and return it immediately if it exists
+            # when the entry is a "password" instead of a "login" item, the password field is a key
+            # in the `details` dictionary:
+            if field_name in data['details']:
+                return data['details'][field_name]
+
+            # when the field is not found above, iterate through the fields list in the object details
            for field_data in data['details'].get('fields', []):
                if field_data.get('name', '').lower() == field_name.lower():
                    return field_data.get('value', '')
--- a/plugins/lookup/passwordstore.py
+++ b/plugins/lookup/passwordstore.py
@@ -214,7 +214,7 @@ class LookupModule(LookupBase):
                    name, value = line.split(':', 1)
                    self.passdict[name.strip()] = value.strip()
        except (subprocess.CalledProcessError) as e:
-            if e.returncode == 1 and 'not in the password store' in e.output:
+            if e.returncode != 0 and 'not in the password store' in e.output:
                # if pass returns 1 and return string contains 'is not in the password store.'
                # We need to determine if this is valid or Error.
                if not self.paramvals['create']:
--- a/plugins/lookup/tss.py
+++ b/plugins/lookup/tss.py
@@ -75,7 +75,13 @@ EXAMPLES = r"""
  vars:
      secret: "{{ lookup('community.general.tss', 1) }}"
  tasks:
-      - ansible.builtin.debug: msg="the password is {{ (secret['items'] | items2dict(key_name='slug', value_name='itemValue'))['password'] }}"
+      - ansible.builtin.debug:
+          msg: >
+            the password is {{
+              (secret['items']
+                | items2dict(key_name='slug',
+                             value_name='itemValue'))['password']
+            }}
 """

 from ansible.errors import AnsibleError, AnsibleOptionsError
--- a/plugins/module_utils/_netapp.py
+++ b/plugins/module_utils/_netapp.py
@@ -142,8 +142,8 @@ def aws_cvs_host_argument_spec():
    return dict(
        api_url=dict(required=True, type='str'),
        validate_certs=dict(required=False, type='bool', default=True),
-        api_key=dict(required=True, type='str'),
-        secret_key=dict(required=True, type='str')
+        api_key=dict(required=True, type='str', no_log=True),
+        secret_key=dict(required=True, type='str', no_log=True)
    )


--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@@ -58,7 +58,7 @@ def keycloak_argument_spec():
        auth_keycloak_url=dict(type='str', aliases=['url'], required=True),
        auth_client_id=dict(type='str', default='admin-cli'),
        auth_realm=dict(type='str', required=True),
-        auth_client_secret=dict(type='str', default=None),
+        auth_client_secret=dict(type='str', default=None, no_log=True),
        auth_username=dict(type='str', aliases=['username'], required=True),
        auth_password=dict(type='str', aliases=['password'], required=True, no_log=True),
        validate_certs=dict(type='bool', default=True)
--- a/plugins/module_utils/redfish_utils.py
+++ b/plugins/module_utils/redfish_utils.py
@@ -469,7 +469,7 @@ class RedfishUtils(object):
        controller_results = []
        # Get these entries, but does not fail if not found
        properties = ['CacheSummary', 'FirmwareVersion', 'Identifiers',
-                      'Location', 'Manufacturer', 'Model', 'Name',
+                      'Location', 'Manufacturer', 'Model', 'Name', 'Id',
                      'PartNumber', 'SerialNumber', 'SpeedGbps', 'Status']
        key = "StorageControllers"

@@ -1700,7 +1700,7 @@ class RedfishUtils(object):
        chassis_results = []

        # Get these entries, but does not fail if not found
-        properties = ['ChassisType', 'PartNumber', 'AssetTag',
+        properties = ['Name', 'Id', 'ChassisType', 'PartNumber', 'AssetTag',
                      'Manufacturer', 'IndicatorLED', 'SerialNumber', 'Model']

        # Go through list
@@ -1724,7 +1724,7 @@ class RedfishUtils(object):
        fan_results = []
        key = "Thermal"
        # Get these entries, but does not fail if not found
-        properties = ['FanName', 'Reading', 'ReadingUnits', 'Status']
+        properties = ['Name', 'FanName', 'Reading', 'ReadingUnits', 'Status']

        # Go through list
        for chassis_uri in self.chassis_uris:
@@ -1836,8 +1836,8 @@ class RedfishUtils(object):
        cpu_results = []
        key = "Processors"
        # Get these entries, but does not fail if not found
-        properties = ['Id', 'Manufacturer', 'Model', 'MaxSpeedMHz', 'TotalCores',
-                      'TotalThreads', 'Status']
+        properties = ['Id', 'Name', 'Manufacturer', 'Model', 'MaxSpeedMHz',
+                      'TotalCores', 'TotalThreads', 'Status']

        # Search for 'key' entry and extract URI from it
        response = self.get_request(self.root_uri + systems_uri)
@@ -1886,7 +1886,7 @@ class RedfishUtils(object):
        memory_results = []
        key = "Memory"
        # Get these entries, but does not fail if not found
-        properties = ['SerialNumber', 'MemoryDeviceType', 'PartNumber',
+        properties = ['Id', 'SerialNumber', 'MemoryDeviceType', 'PartNumber',
                      'MemoryLocation', 'RankCount', 'CapacityMiB', 'OperatingMemoryModes', 'Status', 'Manufacturer', 'Name']

        # Search for 'key' entry and extract URI from it
@@ -1943,7 +1943,7 @@ class RedfishUtils(object):
        nic_results = []
        key = "EthernetInterfaces"
        # Get these entries, but does not fail if not found
-        properties = ['Description', 'FQDN', 'IPv4Addresses', 'IPv6Addresses',
+        properties = ['Name', 'Id', 'Description', 'FQDN', 'IPv4Addresses', 'IPv6Addresses',
                      'NameServers', 'MACAddress', 'PermanentMACAddress',
                      'SpeedMbps', 'MTUSize', 'AutoNeg', 'Status']

@@ -2368,7 +2368,7 @@ class RedfishUtils(object):
        properties = ['Status', 'HostName', 'PowerState', 'Model', 'Manufacturer',
                      'PartNumber', 'SystemType', 'AssetTag', 'ServiceTag',
                      'SerialNumber', 'SKU', 'BiosVersion', 'MemorySummary',
-                      'ProcessorSummary', 'TrustedModules']
+                      'ProcessorSummary', 'TrustedModules', 'Name', 'Id']

        response = self.get_request(self.root_uri + systems_uri)
        if response['ret'] is False:
--- a/plugins/module_utils/scaleway.py
+++ b/plugins/module_utils/scaleway.py
@@ -169,8 +169,14 @@ SCALEWAY_LOCATION = {
    'par1': {'name': 'Paris 1', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-1'},
    'EMEA-FR-PAR1': {'name': 'Paris 1', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-1'},

+    'par2': {'name': 'Paris 2', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-2'},
+    'EMEA-FR-PAR2': {'name': 'Paris 2', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-2'},
+
    'ams1': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'},
-    'EMEA-NL-EVS': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'}
+    'EMEA-NL-EVS': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'},
+
+    'waw1': {'name': 'Warsaw 1', 'country': 'PL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/pl-waw-1'},
+    'EMEA-PL-WAW1': {'name': 'Warsaw 1', 'country': 'PL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/pl-waw-1'},
 }

 SCALEWAY_ENDPOINT = "https://api.scaleway.com"
@@ -178,9 +184,12 @@ SCALEWAY_ENDPOINT = "https://api.scaleway.com"
 SCALEWAY_REGIONS = [
    "fr-par",
    "nl-ams",
+    "pl-waw",
 ]

 SCALEWAY_ZONES = [
    "fr-par-1",
+    "fr-par-2",
    "nl-ams-1",
+    "pl-waw-1",
 ]
--- a/plugins/modules/cloud/docker/docker_container.py
+++ b/plugins/modules/cloud/docker/docker_container.py
@@ -1721,7 +1721,7 @@ class TaskParameters(DockerBaseClass):
            elif p_len == 3:
                # We only allow IPv4 and IPv6 addresses for the bind address
                ipaddr = parts[0]
-                if not re.match(r'^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$', parts[0]) and not re.match(r'^\[[0-9a-fA-F:]+\]$', ipaddr):
+                if not re.match(r'^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$', parts[0]) and not re.match(r'^\[[0-9a-fA-F:]+(?:|%[^\]/]+)\]$', ipaddr):
                    self.fail(('Bind addresses for published ports must be IPv4 or IPv6 addresses, not hostnames. '
                               'Use the dig lookup to resolve hostnames. (Found hostname: {0})').format(ipaddr))
                if re.match(r'^\[[0-9a-fA-F:]+\]$', ipaddr):
--- a/plugins/modules/cloud/docker/docker_image.py
+++ b/plugins/modules/cloud/docker/docker_image.py
@@ -776,15 +776,41 @@ class ImageManager(DockerBaseClass):
        '''
        # Load image(s) from file
        load_output = []
+        has_output = False
        try:
            self.log("Opening image %s" % self.load_path)
            with open(self.load_path, 'rb') as image_tar:
                self.log("Loading image from %s" % self.load_path)
-                for line in self.client.load_image(image_tar):
-                    self.log(line, pretty_print=True)
-                    if "stream" in line or "status" in line:
-                        load_line = line.get("stream") or line.get("status") or ''
-                        load_output.append(load_line)
+                output = self.client.load_image(image_tar)
+                if output is not None:
+                    # Old versions of Docker SDK of Python (before version 2.5.0) do not return anything.
+                    # (See https://github.com/docker/docker-py/commit/7139e2d8f1ea82340417add02090bfaf7794f159)
+                    # Note that before that commit, something else than None was returned, but that was also
+                    # only introduced in a commit that first appeared in 2.5.0 (see
+                    # https://github.com/docker/docker-py/commit/9e793806ff79559c3bc591d8c52a3bbe3cdb7350).
+                    # So the above check works for every released version of Docker SDK for Python.
+                    has_output = True
+                    for line in output:
+                        self.log(line, pretty_print=True)
+                        if "stream" in line or "status" in line:
+                            load_line = line.get("stream") or line.get("status") or ''
+                            load_output.append(load_line)
+                else:
+                    if LooseVersion(docker_version) < LooseVersion('2.5.0'):
+                        self.client.module.warn(
+                            'The installed version of the Docker SDK for Python does not return the loading results'
+                            ' from the Docker daemon. Therefore, we cannot verify whether the expected image was'
+                            ' loaded, whether multiple images where loaded, or whether the load actually succeeded.'
+                            ' If you are not stuck with Python 2.6, *please* upgrade to a version newer than 2.5.0'
+                            ' (2.5.0 was released in August 2017).'
+                        )
+                    else:
+                        self.client.module.warn(
+                            'The API version of your Docker daemon is < 1.23, which does not return the image'
+                            ' loading result from the Docker daemon. Therefore, we cannot verify whether the'
+                            ' expected image was loaded, whether multiple images where loaded, or whether the load'
+                            ' actually succeeded. You should consider upgrading your Docker daemon.'
+                        )
        except EnvironmentError as exc:
            if exc.errno == errno.ENOENT:
                self.client.fail("Error opening image %s - %s" % (self.load_path, str(exc)))
@@ -793,26 +819,28 @@ class ImageManager(DockerBaseClass):
            self.client.fail("Error loading image %s - %s" % (self.name, str(exc)), stdout='\n'.join(load_output))

        # Collect loaded images
-        loaded_images = set()
-        for line in load_output:
-            if line.startswith('Loaded image:'):
-                loaded_images.add(line[len('Loaded image:'):].strip())
+        if has_output:
+            # We can only do this when we actually got some output from Docker daemon
+            loaded_images = set()
+            for line in load_output:
+                if line.startswith('Loaded image:'):
+                    loaded_images.add(line[len('Loaded image:'):].strip())

-        if not loaded_images:
-            self.client.fail("Detected no loaded images. Archive potentially corrupt?", stdout='\n'.join(load_output))
+            if not loaded_images:
+                self.client.fail("Detected no loaded images. Archive potentially corrupt?", stdout='\n'.join(load_output))

-        expected_image = '%s:%s' % (self.name, self.tag)
-        if expected_image not in loaded_images:
-            self.client.fail(
-                "The archive did not contain image '%s'. Instead, found %s." % (
-                    expected_image, ', '.join(["'%s'" % image for image in sorted(loaded_images)])),
-                stdout='\n'.join(load_output))
-        loaded_images.remove(expected_image)
+            expected_image = '%s:%s' % (self.name, self.tag)
+            if expected_image not in loaded_images:
+                self.client.fail(
+                    "The archive did not contain image '%s'. Instead, found %s." % (
+                        expected_image, ', '.join(["'%s'" % image for image in sorted(loaded_images)])),
+                    stdout='\n'.join(load_output))
+            loaded_images.remove(expected_image)

-        if loaded_images:
-            self.client.module.warn(
-                "The archive contained more images than specified: %s" % (
-                    ', '.join(["'%s'" % image for image in sorted(loaded_images)]), ))
+            if loaded_images:
+                self.client.module.warn(
+                    "The archive contained more images than specified: %s" % (
+                        ', '.join(["'%s'" % image for image in sorted(loaded_images)]), ))

        return self.client.find_image(self.name, self.tag)

--- a/plugins/modules/cloud/docker/docker_swarm.py
+++ b/plugins/modules/cloud/docker/docker_swarm.py
@@ -616,7 +616,7 @@ def main():
        name=dict(type='str'),
        labels=dict(type='dict'),
        signing_ca_cert=dict(type='str'),
-        signing_ca_key=dict(type='str'),
+        signing_ca_key=dict(type='str', no_log=True),
        ca_force_rotate=dict(type='int'),
        autolock_managers=dict(type='bool'),
        node_id=dict(type='str'),
--- a/plugins/modules/cloud/huawei/hwc_ecs_instance.py
+++ b/plugins/modules/cloud/huawei/hwc_ecs_instance.py
@@ -543,7 +543,7 @@ def build_module():
                snapshot_id=dict(type='str')
            )),
            vpc_id=dict(type='str', required=True),
-            admin_pass=dict(type='str'),
+            admin_pass=dict(type='str', no_log=True),
            data_volumes=dict(type='list', elements='dict', options=dict(
                volume_id=dict(type='str', required=True),
                device=dict(type='str')
--- a/plugins/modules/cloud/misc/ovirt.py
+++ b/plugins/modules/cloud/misc/ovirt.py
@@ -405,8 +405,8 @@ def main():
            instance_gateway=dict(type='str', aliases=['gateway']),
            instance_domain=dict(type='str', aliases=['domain']),
            instance_dns=dict(type='str', aliases=['dns']),
-            instance_rootpw=dict(type='str', aliases=['rootpw']),
-            instance_key=dict(type='str', aliases=['key']),
+            instance_rootpw=dict(type='str', aliases=['rootpw'], no_log=True),
+            instance_key=dict(type='str', aliases=['key'], no_log=True),
            sdomain=dict(type='str'),
            region=dict(type='str'),
        ),
--- a/plugins/modules/cloud/misc/terraform.py
+++ b/plugins/modules/cloud/misc/terraform.py
@@ -194,9 +194,7 @@ def preflight_validation(bin_path, project_path, variables_args=None, plan_file=
    if not os.path.isdir(project_path):
        module.fail_json(msg="Path for Terraform project '{0}' doesn't exist on this host - check the path and try again please.".format(project_path))

-    rc, out, err = module.run_command([bin_path, 'validate'] + variables_args, cwd=project_path, use_unsafe_shell=True)
-    if rc != 0:
-        module.fail_json(msg="Failed to validate Terraform configuration files:\r\n{0}".format(err))
+    rc, out, err = module.run_command([bin_path, 'validate'] + variables_args, check_rc=True, cwd=project_path, use_unsafe_shell=True)


 def _state_args(state_file):
@@ -219,10 +217,8 @@ def init_plugins(bin_path, project_path, backend_config, backend_config_files, i
        for f in backend_config_files:
            command.extend(['-backend-config', f])
    if init_reconfigure:
-        command.extend('-reconfigure')
-    rc, out, err = module.run_command(command, cwd=project_path)
-    if rc != 0:
-        module.fail_json(msg="Failed to initialize Terraform modules:\r\n{0}".format(err))
+        command.extend(['-reconfigure'])
+    rc, out, err = module.run_command(command, check_rc=True, cwd=project_path)


 def get_workspace_context(bin_path, project_path):
@@ -244,9 +240,7 @@ def get_workspace_context(bin_path, project_path):

 def _workspace_cmd(bin_path, project_path, action, workspace):
    command = [bin_path, 'workspace', action, workspace, '-no-color']
-    rc, out, err = module.run_command(command, cwd=project_path)
-    if rc != 0:
-        module.fail_json(msg="Failed to {0} workspace:\r\n{1}".format(action, err))
+    rc, out, err = module.run_command(command, check_rc=True, cwd=project_path)
    return rc, out, err


@@ -388,15 +382,10 @@ def main():
        command.append(plan_file)

    if needs_application and not module.check_mode and not state == 'planned':
-        rc, out, err = module.run_command(command, cwd=project_path)
+        rc, out, err = module.run_command(command, check_rc=True, cwd=project_path)
        # checks out to decide if changes were made during execution
        if ' 0 added, 0 changed' not in out and not state == "absent" or ' 0 destroyed' not in out:
            changed = True
-        if rc != 0:
-            module.fail_json(
-                msg="Failure when executing Terraform command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(rc, out, err),
-                command=' '.join(command)
-            )

    outputs_command = [command[0], 'output', '-no-color', '-json'] + _state_args(state_file)
    rc, outputs_text, outputs_err = module.run_command(outputs_command, cwd=project_path)
--- a/plugins/modules/cloud/oneandone/oneandone_firewall_policy.py
+++ b/plugins/modules/cloud/oneandone/oneandone_firewall_policy.py
@@ -500,7 +500,7 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
            api_url=dict(
                type='str',
--- a/plugins/modules/cloud/oneandone/oneandone_load_balancer.py
+++ b/plugins/modules/cloud/oneandone/oneandone_load_balancer.py
@@ -594,7 +594,7 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
            api_url=dict(
                type='str',
--- a/plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py
+++ b/plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py
@@ -947,7 +947,7 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
            api_url=dict(
                type='str',
--- a/plugins/modules/cloud/oneandone/oneandone_private_network.py
+++ b/plugins/modules/cloud/oneandone/oneandone_private_network.py
@@ -384,7 +384,7 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
            api_url=dict(
                type='str',
--- a/plugins/modules/cloud/oneandone/oneandone_public_ip.py
+++ b/plugins/modules/cloud/oneandone/oneandone_public_ip.py
@@ -274,7 +274,7 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
            api_url=dict(
                type='str',
--- a/plugins/modules/cloud/rackspace/rax_clb_ssl.py
+++ b/plugins/modules/cloud/rackspace/rax_clb_ssl.py
@@ -238,7 +238,7 @@ def main():
        loadbalancer=dict(required=True),
        state=dict(default='present', choices=['present', 'absent']),
        enabled=dict(type='bool', default=True),
-        private_key=dict(),
+        private_key=dict(no_log=True),
        certificate=dict(),
        intermediate_certificate=dict(),
        secure_port=dict(type='int', default=443),
--- a/plugins/modules/cloud/scaleway/scaleway_compute.py
+++ b/plugins/modules/cloud/scaleway/scaleway_compute.py
@@ -85,6 +85,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1

  commercial_type:
    type: str
--- a/plugins/modules/cloud/scaleway/scaleway_database_backup.py
+++ b/plugins/modules/cloud/scaleway/scaleway_database_backup.py
@@ -44,6 +44,7 @@ options:
    choices:
        - fr-par
        - nl-ams
+        - pl-waw

  id:
    description:
--- a/plugins/modules/cloud/scaleway/scaleway_image_facts.py
+++ b/plugins/modules/cloud/scaleway/scaleway_image_facts.py
@@ -35,6 +35,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_image_info.py
+++ b/plugins/modules/cloud/scaleway/scaleway_image_info.py
@@ -32,6 +32,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_ip.py
+++ b/plugins/modules/cloud/scaleway/scaleway_ip.py
@@ -46,6 +46,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1

  id:
    type: str
--- a/plugins/modules/cloud/scaleway/scaleway_ip_facts.py
+++ b/plugins/modules/cloud/scaleway/scaleway_ip_facts.py
@@ -34,6 +34,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_ip_info.py
+++ b/plugins/modules/cloud/scaleway/scaleway_ip_info.py
@@ -30,6 +30,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_lb.py
+++ b/plugins/modules/cloud/scaleway/scaleway_lb.py
@@ -59,6 +59,7 @@ options:
    choices:
      - nl-ams
      - fr-par
+      - pl-waw

  tags:
    type: list
--- a/plugins/modules/cloud/scaleway/scaleway_security_group.py
+++ b/plugins/modules/cloud/scaleway/scaleway_security_group.py
@@ -46,6 +46,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1

  name:
    description:
--- a/plugins/modules/cloud/scaleway/scaleway_security_group_facts.py
+++ b/plugins/modules/cloud/scaleway/scaleway_security_group_facts.py
@@ -31,6 +31,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 extends_documentation_fragment:
 - community.general.scaleway

--- a/plugins/modules/cloud/scaleway/scaleway_security_group_info.py
+++ b/plugins/modules/cloud/scaleway/scaleway_security_group_info.py
@@ -27,6 +27,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 extends_documentation_fragment:
 - community.general.scaleway

--- a/plugins/modules/cloud/scaleway/scaleway_security_group_rule.py
+++ b/plugins/modules/cloud/scaleway/scaleway_security_group_rule.py
@@ -43,6 +43,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1

  protocol:
    type: str
--- a/plugins/modules/cloud/scaleway/scaleway_server_facts.py
+++ b/plugins/modules/cloud/scaleway/scaleway_server_facts.py
@@ -34,6 +34,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_server_info.py
+++ b/plugins/modules/cloud/scaleway/scaleway_server_info.py
@@ -30,6 +30,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_snapshot_facts.py
+++ b/plugins/modules/cloud/scaleway/scaleway_snapshot_facts.py
@@ -34,6 +34,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_snapshot_info.py
+++ b/plugins/modules/cloud/scaleway/scaleway_snapshot_info.py
@@ -30,6 +30,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_user_data.py
+++ b/plugins/modules/cloud/scaleway/scaleway_user_data.py
@@ -48,6 +48,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = '''
--- a/plugins/modules/cloud/scaleway/scaleway_volume.py
+++ b/plugins/modules/cloud/scaleway/scaleway_volume.py
@@ -41,6 +41,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
  name:
    type: str
    description:
--- a/plugins/modules/cloud/scaleway/scaleway_volume_facts.py
+++ b/plugins/modules/cloud/scaleway/scaleway_volume_facts.py
@@ -34,6 +34,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/scaleway/scaleway_volume_info.py
+++ b/plugins/modules/cloud/scaleway/scaleway_volume_info.py
@@ -30,6 +30,10 @@ options:
      - EMEA-NL-EVS
      - par1
      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
 '''

 EXAMPLES = r'''
--- a/plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py
+++ b/plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py
@@ -1459,7 +1459,7 @@ def main():
        min_size=dict(type='int', required=True),
        monitoring=dict(type='str'),
        multai_load_balancers=dict(type='list'),
-        multai_token=dict(type='str'),
+        multai_token=dict(type='str', no_log=True),
        name=dict(type='str', required=True),
        network_interfaces=dict(type='list'),
        on_demand_count=dict(type='int'),
@@ -1483,7 +1483,7 @@ def main():
        target_group_arns=dict(type='list'),
        tenancy=dict(type='str'),
        terminate_at_end_of_billing_hour=dict(type='bool'),
-        token=dict(type='str'),
+        token=dict(type='str', no_log=True),
        unit=dict(type='str'),
        user_data=dict(type='str'),
        utilize_reserved_instances=dict(type='bool'),
--- a/plugins/modules/identity/keycloak/keycloak_client.py
+++ b/plugins/modules/identity/keycloak/keycloak_client.py
@@ -707,7 +707,7 @@ def main():
        enabled=dict(type='bool'),
        client_authenticator_type=dict(type='str', choices=['client-secret', 'client-jwt'], aliases=['clientAuthenticatorType']),
        secret=dict(type='str', no_log=True),
-        registration_access_token=dict(type='str', aliases=['registrationAccessToken']),
+        registration_access_token=dict(type='str', aliases=['registrationAccessToken'], no_log=True),
        default_roles=dict(type='list', aliases=['defaultRoles']),
        redirect_uris=dict(type='list', aliases=['redirectUris']),
        web_origins=dict(type='list', aliases=['webOrigins']),
--- a/plugins/modules/monitoring/librato_annotation.py
+++ b/plugins/modules/monitoring/librato_annotation.py
@@ -148,7 +148,7 @@ def main():
    module = AnsibleModule(
        argument_spec=dict(
            user=dict(required=True),
-            api_key=dict(required=True),
+            api_key=dict(required=True, no_log=True),
            name=dict(required=False),
            title=dict(required=True),
            source=dict(required=False),
--- a/plugins/modules/monitoring/nagios.py
+++ b/plugins/modules/monitoring/nagios.py
@@ -19,6 +19,7 @@ module: nagios
 short_description: Perform common tasks in Nagios related to downtime and notifications.
 description:
  - "The C(nagios) module has two basic functions: scheduling downtime and toggling alerts for services or hosts."
+  - The C(nagios) module is not idempotent.
  - All actions require the I(host) parameter to be given explicitly. In playbooks you can use the C({{inventory_hostname}}) variable to refer
    to the host the playbook is currently running on.
  - You can specify multiple services at once by separating them with commas, .e.g., C(services=httpd,nfs,puppet).
@@ -26,7 +27,6 @@ description:
    e.g., C(service=host). This keyword may not be given with other services at the same time.
    I(Setting alerts/downtime/acknowledge for a host does not affect alerts/downtime/acknowledge for any of the services running on it.)
    To schedule downtime for all services on particular host use keyword "all", e.g., C(service=all).
-  - When using the C(nagios) module you will need to specify your Nagios server using the C(delegate_to) parameter.
 options:
  action:
    description:
--- a/plugins/modules/monitoring/pagerduty_alert.py
+++ b/plugins/modules/monitoring/pagerduty_alert.py
@@ -197,9 +197,9 @@ def main():
        argument_spec=dict(
            name=dict(required=False),
            service_id=dict(required=True),
-            service_key=dict(required=False),
-            integration_key=dict(required=False),
-            api_key=dict(required=True),
+            service_key=dict(required=False, no_log=True),
+            integration_key=dict(required=False, no_log=True),
+            api_key=dict(required=True, no_log=True),
            state=dict(required=True,
                       choices=['triggered', 'acknowledged', 'resolved']),
            client=dict(required=False, default=None),
--- a/plugins/modules/monitoring/pagerduty_change.py
+++ b/plugins/modules/monitoring/pagerduty_change.py
@@ -108,7 +108,7 @@ from datetime import datetime
 def main():
    module = AnsibleModule(
        argument_spec=dict(
-            integration_key=dict(required=True, type='str'),
+            integration_key=dict(required=True, type='str', no_log=True),
            summary=dict(required=True, type='str'),
            source=dict(required=False, default='Ansible', type='str'),
            user=dict(required=False, type='str'),
--- a/plugins/modules/monitoring/pingdom.py
+++ b/plugins/modules/monitoring/pingdom.py
@@ -112,7 +112,7 @@ def main():
            checkid=dict(required=True),
            uid=dict(required=True),
            passwd=dict(required=True, no_log=True),
-            key=dict(required=True)
+            key=dict(required=True, no_log=True),
        )
    )

--- a/plugins/modules/monitoring/rollbar_deployment.py
+++ b/plugins/modules/monitoring/rollbar_deployment.py
@@ -92,7 +92,7 @@ def main():

    module = AnsibleModule(
        argument_spec=dict(
-            token=dict(required=True),
+            token=dict(required=True, no_log=True),
            environment=dict(required=True),
            revision=dict(required=True),
            user=dict(required=False),
--- a/plugins/modules/monitoring/sensu/sensu_silence.py
+++ b/plugins/modules/monitoring/sensu/sensu_silence.py
@@ -97,6 +97,7 @@ RETURN = '''

 import json

+from ansible.module_utils._text import to_native
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.urls import fetch_url

@@ -129,7 +130,7 @@ def query(module, url, check, subscription):
        )

    try:
-        json_out = json.loads(response.read())
+        json_out = json.loads(to_native(response.read()))
    except Exception:
        json_out = ""

@@ -181,7 +182,7 @@ def clear(module, url, check, subscription):
            )

        try:
-            json_out = json.loads(response.read())
+            json_out = json.loads(to_native(response.read()))
        except Exception:
            json_out = ""

@@ -246,7 +247,7 @@ def create(
            )

        try:
-            json_out = json.loads(response.read())
+            json_out = json.loads(to_native(response.read()))
        except Exception:
            json_out = ""

--- a/plugins/modules/monitoring/stackdriver.py
+++ b/plugins/modules/monitoring/stackdriver.py
@@ -152,7 +152,7 @@ def main():

    module = AnsibleModule(
        argument_spec=dict(  # @TODO add types
-            key=dict(required=True),
+            key=dict(required=True, no_log=True),
            event=dict(required=True, choices=['deploy', 'annotation']),
            msg=dict(),
            revision_id=dict(),
--- a/plugins/modules/net_tools/dnsmadeeasy.py
+++ b/plugins/modules/net_tools/dnsmadeeasy.py
@@ -467,6 +467,9 @@ class DME2(object):
            for result in self.all_records:
                if record_type == "MX":
                    value = record_value.split(" ")[1]
+                # Note that TXT records are surrounded by quotes in the API response.
+                elif record_type == "TXT":
+                    value = '"{0}"'.format(record_value)
                elif record_type == "SRV":
                    value = record_value.split(" ")[3]
                else:
@@ -543,7 +546,7 @@ def main():

    module = AnsibleModule(
        argument_spec=dict(
-            account_key=dict(required=True),
+            account_key=dict(required=True, no_log=True),
            account_secret=dict(required=True, no_log=True),
            domain=dict(required=True),
            sandbox=dict(default=False, type='bool'),
@@ -651,7 +654,9 @@ def main():
    record_changed = False
    if current_record:
        for i in new_record:
-            if str(current_record[i]) != str(new_record[i]):
+            # Remove leading and trailing quote character from values because TXT records
+            # are surrounded by quotes.
+            if str(current_record[i]).strip('"') != str(new_record[i]):
                record_changed = True
        new_record['id'] = str(current_record['id'])

@@ -673,8 +678,11 @@ def main():
        # create record and monitor as the record does not exist
        if not current_record:
            record = DME.createRecord(DME.prepareRecord(new_record))
-            monitor = DME.updateMonitor(record['id'], DME.prepareMonitor(new_monitor))
-            module.exit_json(changed=True, result=dict(record=record, monitor=monitor))
+            if new_monitor.get('monitor') and record_type == "A":
+                monitor = DME.updateMonitor(record['id'], DME.prepareMonitor(new_monitor))
+                module.exit_json(changed=True, result=dict(record=record, monitor=monitor))
+            else:
+                module.exit_json(changed=True, result=dict(record=record, monitor=current_monitor))

        # update the record
        updated = False
--- a/plugins/modules/net_tools/lldp.py
+++ b/plugins/modules/net_tools/lldp.py
@@ -41,7 +41,7 @@ from ansible.module_utils.basic import AnsibleModule


 def gather_lldp(module):
-    cmd = ['lldpctl', '-f', 'keyvalue']
+    cmd = [module.get_bin_path('lldpctl'), '-f', 'keyvalue']
    rc, output, err = module.run_command(cmd)
    if output:
        output_dict = {}
--- a/plugins/modules/net_tools/nios/nios_nsgroup.py
+++ b/plugins/modules/net_tools/nios/nios_nsgroup.py
@@ -317,7 +317,7 @@ def main():
        address=dict(required=True, ib_req=True),
        name=dict(required=True, ib_req=True),
        stealth=dict(type='bool', default=False),
-        tsig_key=dict(),
+        tsig_key=dict(no_log=True),
        tsig_key_alg=dict(choices=['HMAC-MD5', 'HMAC-SHA256'], default='HMAC-MD5'),
        tsig_key_name=dict(required=True)
    )
--- a/plugins/modules/net_tools/snmp_facts.py
+++ b/plugins/modules/net_tools/snmp_facts.py
@@ -269,8 +269,8 @@ def main():
            level=dict(type='str', choices=['authNoPriv', 'authPriv']),
            integrity=dict(type='str', choices=['md5', 'sha']),
            privacy=dict(type='str', choices=['aes', 'des']),
-            authkey=dict(type='str'),
-            privkey=dict(type='str'),
+            authkey=dict(type='str', no_log=True),
+            privkey=dict(type='str', no_log=True),
        ),
        required_together=(
            ['username', 'level', 'integrity', 'authkey'],
--- a/plugins/modules/notification/logentries_msg.py
+++ b/plugins/modules/notification/logentries_msg.py
@@ -73,7 +73,7 @@ def send_msg(module, token, msg, api, port):
 def main():
    module = AnsibleModule(
        argument_spec=dict(
-            token=dict(type='str', required=True),
+            token=dict(type='str', required=True, no_log=True),
            msg=dict(type='str', required=True),
            api=dict(type='str', default="data.logentries.com"),
            port=dict(type='int', default=80)),
--- a/plugins/modules/packaging/language/npm.py
+++ b/plugins/modules/packaging/language/npm.py
@@ -7,39 +7,39 @@ from __future__ import absolute_import, division, print_function
 __metaclass__ = type


-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: npm
 short_description: Manage node.js packages with npm
 description:
-  - Manage node.js packages with Node Package Manager (npm)
+  - Manage node.js packages with Node Package Manager (npm).
 author: "Chris Hoffman (@chrishoffman)"
 options:
  name:
    description:
-      - The name of a node.js library to install
+      - The name of a node.js library to install.
    type: str
    required: false
  path:
    description:
-      - The base path where to install the node.js libraries
+      - The base path where to install the node.js libraries.
    type: path
    required: false
  version:
    description:
-      - The version to be installed
+      - The version to be installed.
    type: str
    required: false
  global:
    description:
-      - Install the node.js library globally
+      - Install the node.js library globally.
    required: false
    default: no
    type: bool
  executable:
    description:
      - The executable location for npm.
-      - This is useful if you are using a version manager, such as nvm
+      - This is useful if you are using a version manager, such as nvm.
    type: path
    required: false
  ignore_scripts:
@@ -55,12 +55,12 @@ options:
    default: no
  ci:
    description:
-      - Install packages based on package-lock file, same as running npm ci
+      - Install packages based on package-lock file, same as running C(npm ci).
    type: bool
    default: no
  production:
    description:
-      - Install dependencies in production mode, excluding devDependencies
+      - Install dependencies in production mode, excluding devDependencies.
    required: false
    type: bool
    default: no
@@ -71,7 +71,7 @@ options:
    type: str
  state:
    description:
-      - The state of the node.js library
+      - The state of the node.js library.
    required: false
    type: str
    default: present
@@ -80,7 +80,7 @@ requirements:
    - npm installed in bin path (recommended /usr/local/bin)
 '''

-EXAMPLES = '''
+EXAMPLES = r'''
 - name: Install "coffee-script" node.js package.
  community.general.npm:
    name: coffee-script
@@ -124,12 +124,12 @@ EXAMPLES = '''
    state: present
 '''

+import json
 import os
 import re

 from ansible.module_utils.basic import AnsibleModule
-
-import json
+from ansible.module_utils._text import to_native


 class Npm(object):
@@ -155,7 +155,7 @@ class Npm(object):
        else:
            self.name_version = self.name

-    def _exec(self, args, run_in_check_mode=False, check_rc=True):
+    def _exec(self, args, run_in_check_mode=False, check_rc=True, add_package_name=True):
        if not self.module.check_mode or (self.module.check_mode and run_in_check_mode):
            cmd = self.executable + args

@@ -167,7 +167,7 @@ class Npm(object):
                cmd.append('--ignore-scripts')
            if self.unsafe_perm:
                cmd.append('--unsafe-perm')
-            if self.name:
+            if self.name and add_package_name:
                cmd.append(self.name_version)
            if self.registry:
                cmd.append('--registry')
@@ -191,7 +191,11 @@ class Npm(object):

        installed = list()
        missing = list()
-        data = json.loads(self._exec(cmd, True, False))
+        data = {}
+        try:
+            data = json.loads(self._exec(cmd, True, False, False) or '{}')
+        except (getattr(json, 'JSONDecodeError', ValueError)) as e:
+            self.module.fail_json(msg="Failed to parse NPM output with error %s" % to_native(e))
        if 'dependencies' in data:
            for dep in data['dependencies']:
                if 'missing' in data['dependencies'][dep] and data['dependencies'][dep]['missing']:
--- a/plugins/modules/packaging/os/homebrew.py
+++ b/plugins/modules/packaging/os/homebrew.py
@@ -38,7 +38,7 @@ options:
            - "A ':' separated list of paths to search for 'brew' executable.
              Since a package (I(formula) in homebrew parlance) location is prefixed relative to the actual path of I(brew) command,
              providing an alternative I(brew) path enables managing different set of packages in an alternative location in the system."
-        default: '/usr/local/bin'
+        default: '/usr/local/bin:/opt/homebrew/bin'
        type: path
    state:
        description:
@@ -76,7 +76,7 @@ notes:
 '''

 EXAMPLES = '''
-# Install formula foo with 'brew' in default path (C(/usr/local/bin))
+# Install formula foo with 'brew' in default path
 - community.general.homebrew:
    name: foo
    state: present
@@ -871,7 +871,7 @@ def main():
                elements='str',
            ),
            path=dict(
-                default="/usr/local/bin",
+                default="/usr/local/bin:/opt/homebrew/bin",
                required=False,
                type='path',
            ),
--- a/plugins/modules/packaging/os/homebrew_cask.py
+++ b/plugins/modules/packaging/os/homebrew_cask.py
@@ -32,7 +32,7 @@ options:
  path:
    description:
    - "':' separated list of paths to search for 'brew' executable."
-    default: '/usr/local/bin'
+    default: '/usr/local/bin:/opt/homebrew/bin'
    type: path
  state:
    description:
@@ -779,7 +779,7 @@ def main():
                elements='str',
            ),
            path=dict(
-                default="/usr/local/bin",
+                default="/usr/local/bin:/opt/homebrew/bin",
                required=False,
                type='path',
            ),
--- a/plugins/modules/packaging/os/homebrew_tap.py
+++ b/plugins/modules/packaging/os/homebrew_tap.py
@@ -218,7 +218,7 @@ def main():
    brew_path = module.get_bin_path(
        'brew',
        required=True,
-        opt_dirs=['/usr/local/bin']
+        opt_dirs=['/usr/local/bin', '/opt/homebrew/bin']
    )

    taps = module.params['name']
--- a/plugins/modules/packaging/os/pulp_repo.py
+++ b/plugins/modules/packaging/os/pulp_repo.py
@@ -545,7 +545,7 @@ def main():
                          deprecated_aliases=[dict(name='ca_cert', version='3.0.0',
                                                   collection_name='community.general')]),  # was Ansible 2.14
        feed_client_cert=dict(aliases=['importer_ssl_client_cert']),
-        feed_client_key=dict(aliases=['importer_ssl_client_key']),
+        feed_client_key=dict(aliases=['importer_ssl_client_key'], no_log=True),
        name=dict(required=True, aliases=['repo']),
        proxy_host=dict(),
        proxy_port=dict(),
--- a/plugins/modules/remote_management/redfish/redfish_command.py
+++ b/plugins/modules/remote_management/redfish/redfish_command.py
@@ -572,7 +572,7 @@ def main():
                type='dict',
                options=dict(
                    username=dict(),
-                    password=dict()
+                    password=dict(no_log=True)
                )
            ),
            virtual_media=dict(
--- a/plugins/modules/source_control/bitbucket/bitbucket_pipeline_variable.py
+++ b/plugins/modules/source_control/bitbucket/bitbucket_pipeline_variable.py
@@ -85,7 +85,7 @@ EXAMPLES = r'''

 RETURN = r''' # '''

-from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.basic import AnsibleModule, _load_params
 from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper

 error_messages = {
@@ -211,6 +211,14 @@ def delete_pipeline_variable(module, bitbucket, variable_uuid):
        ))


+class BitBucketPipelineVariable(AnsibleModule):
+    def __init__(self, *args, **kwargs):
+        params = _load_params() or {}
+        if params.get('secured'):
+            kwargs['argument_spec']['value'].update({'no_log': True})
+        super(BitBucketPipelineVariable, self).__init__(*args, **kwargs)
+
+
 def main():
    argument_spec = BitbucketHelper.bitbucket_argument_spec()
    argument_spec.update(
@@ -221,7 +229,7 @@ def main():
        secured=dict(type='bool', default=False),
        state=dict(type='str', choices=['present', 'absent'], required=True),
    )
-    module = AnsibleModule(
+    module = BitBucketPipelineVariable(
        argument_spec=argument_spec,
        supports_check_mode=True,
    )
--- a/plugins/modules/source_control/gitlab/gitlab_runner.py
+++ b/plugins/modules/source_control/gitlab/gitlab_runner.py
@@ -284,7 +284,7 @@ def main():
        locked=dict(type='bool', default=False),
        access_level=dict(type='str', default='ref_protected', choices=["not_protected", "ref_protected"]),
        maximum_timeout=dict(type='int', default=3600),
-        registration_token=dict(type='str', required=True),
+        registration_token=dict(type='str', required=True, no_log=True),
        state=dict(type='str', default="present", choices=["absent", "present"]),
    ))

--- a/plugins/modules/source_control/gitlab/gitlab_user.py
+++ b/plugins/modules/source_control/gitlab/gitlab_user.py
@@ -205,6 +205,7 @@ class GitLabUser(object):
    '''
    def createOrUpdateUser(self, username, options):
        changed = False
+        potentionally_changed = False

        # Because we have already call userExists in main()
        if self.userObject is None:
@@ -218,11 +219,36 @@ class GitLabUser(object):
                'external': options['external']})
            changed = True
        else:
-            changed, user = self.updateUser(self.userObject, {
-                'name': options['name'],
-                'email': options['email'],
-                'is_admin': options['isadmin'],
-                'external': options['external']})
+            changed, user = self.updateUser(
+                self.userObject, {
+                    # add "normal" parameters here, put uncheckable
+                    # params in the dict below
+                    'name': {'value': options['name']},
+                    'email': {'value': options['email']},
+
+                    # note: for some attributes like this one the key
+                    #   from reading back from server is unfortunately
+                    #   different to the one needed for pushing/writing,
+                    #   in that case use the optional setter key
+                    'is_admin': {
+                        'value': options['isadmin'], 'setter': 'admin'
+                    },
+                    'external': {'value': options['external']},
+                },
+                {
+                    # put "uncheckable" params here, this means params
+                    # which the gitlab does accept for setting but does
+                    # not return any information about it
+                    'skip_reconfirmation': {'value': not options['confirm']},
+                    'password': {'value': options['password']},
+                }
+            )
+
+            # note: as we unfortunately have some uncheckable parameters
+            #   where it is not possible to determine if the update
+            #   changed something or not, we must assume here that a
+            #   changed happend and that an user object update is needed
+            potentionally_changed = True

        # Assign ssh keys
        if options['sshkey_name'] and options['sshkey_file']:
@@ -237,14 +263,15 @@ class GitLabUser(object):
            changed = changed or group_changed

        self.userObject = user
-        if changed:
-            if self._module.check_mode:
-                self._module.exit_json(changed=True, msg="Successfully created or updated the user %s" % username)
-
+        if (changed or potentionally_changed) and not self._module.check_mode:
            try:
                user.save()
            except Exception as e:
                self._module.fail_json(msg="Failed to update user: %s " % to_native(e))
+
+        if changed:
+            if self._module.check_mode:
+                self._module.exit_json(changed=True, msg="Successfully created or updated the user %s" % username)
            return True
        else:
            return False
@@ -348,15 +375,23 @@ class GitLabUser(object):
    @param user User object
    @param arguments User attributes
    '''
-    def updateUser(self, user, arguments):
+    def updateUser(self, user, arguments, uncheckable_args):
        changed = False

        for arg_key, arg_value in arguments.items():
-            if arguments[arg_key] is not None:
-                if getattr(user, arg_key) != arguments[arg_key]:
-                    setattr(user, arg_key, arguments[arg_key])
+            av = arg_value['value']
+
+            if av is not None:
+                if getattr(user, arg_key) != av:
+                    setattr(user, arg_value.get('setter', arg_key), av)
                    changed = True

+        for arg_key, arg_value in uncheckable_args.items():
+            av = arg_value['value']
+
+            if av is not None:
+                setattr(user, arg_value.get('setter', arg_key), av)
+
        return (changed, user)

    '''
--- a/plugins/modules/storage/ibm/ibm_sa_host.py
+++ b/plugins/modules/storage/ibm/ibm_sa_host.py
@@ -90,7 +90,7 @@ def main():
            cluster=dict(),
            domain=dict(),
            iscsi_chap_name=dict(),
-            iscsi_chap_secret=dict()
+            iscsi_chap_secret=dict(no_log=True),
        )
    )

--- a/plugins/modules/system/filesystem.py
+++ b/plugins/modules/system/filesystem.py
@@ -240,26 +240,35 @@ class XFS(Filesystem):
    GROW = 'xfs_growfs'

    def get_fs_size(self, dev):
-        cmd = self.module.get_bin_path('xfs_growfs', required=True)
+        cmd = self.module.get_bin_path('xfs_info', required=True)
+
        mountpoint = dev.get_mountpoint()
+        if mountpoint:
+            rc, out, err = self.module.run_command([cmd, str(mountpoint)], environ_update=self.LANG_ENV)
+        else:
+            # Recent GNU/Linux distros support access to unmounted XFS filesystems
+            rc, out, err = self.module.run_command([cmd, str(dev)], environ_update=self.LANG_ENV)
+        if rc != 0:
+            self.module.fail_json(msg="Error while attempting to query size of XFS filesystem: %s" % err)

-        if not mountpoint:
-            # xfs filesystem needs to be mounted
-            self.module.fail_json(msg="%s needs to be mounted for xfs operations" % dev)
-
-        _, size, _ = self.module.run_command([cmd, '-n', str(mountpoint)], check_rc=True, environ_update=self.LANG_ENV)
-        for line in size.splitlines():
+        for line in out.splitlines():
            col = line.split('=')
            if col[0].strip() == 'data':
                if col[1].strip() != 'bsize':
-                    self.module.fail_json(msg='Unexpected output format from xfs_growfs (could not locate "bsize")')
+                    self.module.fail_json(msg='Unexpected output format from xfs_info (could not locate "bsize")')
                if col[2].split()[1] != 'blocks':
-                    self.module.fail_json(msg='Unexpected output format from xfs_growfs (could not locate "blocks")')
+                    self.module.fail_json(msg='Unexpected output format from xfs_info (could not locate "blocks")')
                block_size = int(col[2].split()[0])
                block_count = int(col[3].split(',')[0])
                return block_size * block_count

    def grow_cmd(self, dev):
+        # Check first if growing is needed, and then if it is doable or not.
+        devsize_in_bytes = dev.size()
+        fssize_in_bytes = self.get_fs_size(dev)
+        if not fssize_in_bytes < devsize_in_bytes:
+            self.module.exit_json(changed=False, msg="%s filesystem is using the whole device %s" % (self.fstype, dev))
+
        mountpoint = dev.get_mountpoint()
        if not mountpoint:
            # xfs filesystem needs to be mounted
--- a/plugins/modules/system/parted.py
+++ b/plugins/modules/system/parted.py
@@ -217,10 +217,11 @@ EXAMPLES = r'''

 - name: Extend an existing partition to fill all available space
  community.general.parted:
-    decice: /dev/sdb
+    device: /dev/sdb
    number: "{{ sdb_info.partitions | length }}"
    part_end: "100%"
    resize: true
+    state: present
 '''


@@ -240,7 +241,7 @@ def parse_unit(size_str, unit=''):
    """
    Parses a string containing a size or boundary information
    """
-    matches = re.search(r'^(-?[\d.]+)([\w%]+)?$', size_str)
+    matches = re.search(r'^(-?[\d.]+) *([\w%]+)?$', size_str)
    if matches is None:
        # "<cylinder>,<head>,<sector>" format
        matches = re.search(r'^(\d+),(\d+),(\d+)$', size_str)
@@ -499,6 +500,33 @@ def check_parted_label(device):
    return False


+def parse_parted_version(out):
+    """
+    Returns version tuple from the output of "parted --version" command
+    """
+    lines = [x for x in out.split('\n') if x.strip() != '']
+    if len(lines) == 0:
+        return None, None, None
+
+    # Sample parted versions (see as well test unit):
+    # parted (GNU parted) 3.3
+    # parted (GNU parted) 3.4.5
+    # parted (GNU parted) 3.3.14-dfc61
+    matches = re.search(r'^parted.+\s(\d+)\.(\d+)(?:\.(\d+))?', lines[0].strip())
+
+    if matches is None:
+        return None, None, None
+
+    # Convert version to numbers
+    major = int(matches.group(1))
+    minor = int(matches.group(2))
+    rev = 0
+    if matches.group(3) is not None:
+        rev = int(matches.group(3))
+
+    return major, minor, rev
+
+
 def parted_version():
    """
    Returns the major and minor version of parted installed on the system.
@@ -511,21 +539,10 @@ def parted_version():
            msg="Failed to get parted version.", rc=rc, out=out, err=err
        )

-    lines = [x for x in out.split('\n') if x.strip() != '']
-    if len(lines) == 0:
+    (major, minor, rev) = parse_parted_version(out)
+    if major is None:
        module.fail_json(msg="Failed to get parted version.", rc=0, out=out)

-    matches = re.search(r'^parted.+(\d+)\.(\d+)(?:\.(\d+))?$', lines[0])
-    if matches is None:
-        module.fail_json(msg="Failed to get parted version.", rc=0, out=out)
-
-    # Convert version to numbers
-    major = int(matches.group(1))
-    minor = int(matches.group(2))
-    rev = 0
-    if matches.group(3) is not None:
-        rev = int(matches.group(3))
-
    return major, minor, rev


--- a/plugins/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py
+++ b/plugins/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py
@@ -256,9 +256,6 @@ result:
        frontend_cookie:
            description: Frontend cookie name
            type: str
-        frontend_cookie_secret:
-            description: Frontend cookie secret
-            type: str
        frontend_form:
            description: Frontend authentication form name
            type: str
@@ -336,7 +333,7 @@ def main():
            backend_user_suffix=dict(type='str', required=False, default=""),
            comment=dict(type='str', required=False, default=""),
            frontend_cookie=dict(type='str', required=False),
-            frontend_cookie_secret=dict(type='str', required=False),
+            frontend_cookie_secret=dict(type='str', required=False, no_log=True),
            frontend_form=dict(type='str', required=False),
            frontend_form_template=dict(type='str', required=False, default=""),
            frontend_login=dict(type='str', required=False),
--- a/shippable.yml
+++ b/shippable.yml
@@ -24,135 +24,6 @@ matrix:
    - env: T=2.9/sanity/3
    - env: T=2.9/sanity/4

-    - env: T=devel/units/2.6/1
-    - env: T=devel/units/2.7/1
-    - env: T=devel/units/3.5/1
-    - env: T=devel/units/3.6/1
-    - env: T=devel/units/3.7/1
-    - env: T=devel/units/3.8/1
-    - env: T=devel/units/3.9/1
-
-    - env: T=2.10/units/2.6/1
-    - env: T=2.10/units/2.7/1
-    - env: T=2.10/units/3.5/1
-    - env: T=2.10/units/3.6/1
-    - env: T=2.10/units/3.7/1
-    - env: T=2.10/units/3.8/1
-    - env: T=2.10/units/3.9/1
-
-    - env: T=2.9/units/2.6/1
-    - env: T=2.9/units/2.7/1
-    - env: T=2.9/units/3.5/1
-    - env: T=2.9/units/3.6/1
-    - env: T=2.9/units/3.7/1
-    - env: T=2.9/units/3.8/1
-
-    #- env: T=devel/aix/7.2/1
-    - env: T=devel/osx/10.11/1
-    - env: T=devel/macos/10.15/1
-    - env: T=devel/rhel/7.8/1
-    - env: T=devel/rhel/8.2/1
-    - env: T=devel/freebsd/11.1/1
-    - env: T=devel/freebsd/12.1/1
-    - env: T=devel/linux/centos6/1
-    - env: T=devel/linux/centos7/1
-    - env: T=devel/linux/centos8/1
-    - env: T=devel/linux/fedora31/1
-    - env: T=devel/linux/fedora32/1
-    - env: T=devel/linux/opensuse15py2/1
-    - env: T=devel/linux/opensuse15/1
-    - env: T=devel/linux/ubuntu1604/1
-    - env: T=devel/linux/ubuntu1804/1
-
-    #- env: T=devel/aix/7.2/2
-    - env: T=devel/osx/10.11/2
-    - env: T=devel/macos/10.15/2
-    - env: T=devel/rhel/7.8/2
-    - env: T=devel/rhel/8.2/2
-    - env: T=devel/freebsd/11.1/2
-    - env: T=devel/freebsd/12.1/2
-    - env: T=devel/linux/centos6/2
-    - env: T=devel/linux/centos7/2
-    - env: T=devel/linux/centos8/2
-    - env: T=devel/linux/fedora31/2
-    - env: T=devel/linux/fedora32/2
-    - env: T=devel/linux/opensuse15py2/2
-    - env: T=devel/linux/opensuse15/2
-    - env: T=devel/linux/ubuntu1604/2
-    - env: T=devel/linux/ubuntu1804/2
-
-    #- env: T=devel/aix/7.2/3
-    - env: T=devel/osx/10.11/3
-    - env: T=devel/macos/10.15/3
-    - env: T=devel/rhel/7.8/3
-    - env: T=devel/rhel/8.2/3
-    - env: T=devel/freebsd/11.1/3
-    - env: T=devel/freebsd/12.1/3
-    - env: T=devel/linux/centos6/3
-    - env: T=devel/linux/centos7/3
-    - env: T=devel/linux/centos8/3
-    - env: T=devel/linux/fedora31/3
-    - env: T=devel/linux/fedora32/3
-    - env: T=devel/linux/opensuse15py2/3
-    - env: T=devel/linux/opensuse15/3
-    - env: T=devel/linux/ubuntu1604/3
-    - env: T=devel/linux/ubuntu1804/3
-
-    #- env: T=devel/aix/7.2/4
-    - env: T=devel/osx/10.11/4
-    - env: T=devel/macos/10.15/4
-    - env: T=devel/rhel/7.8/4
-    - env: T=devel/rhel/8.2/4
-    - env: T=devel/freebsd/11.1/4
-    - env: T=devel/freebsd/12.1/4
-    - env: T=devel/linux/centos6/4
-    - env: T=devel/linux/centos7/4
-    - env: T=devel/linux/centos8/4
-    - env: T=devel/linux/fedora31/4
-    - env: T=devel/linux/fedora32/4
-    - env: T=devel/linux/opensuse15py2/4
-    - env: T=devel/linux/opensuse15/4
-    - env: T=devel/linux/ubuntu1604/4
-    - env: T=devel/linux/ubuntu1804/4
-
-    #- env: T=devel/aix/7.2/5
-    - env: T=devel/osx/10.11/5
-    - env: T=devel/macos/10.15/5
-    - env: T=devel/rhel/7.8/5
-    - env: T=devel/rhel/8.2/5
-    - env: T=devel/freebsd/11.1/5
-    - env: T=devel/freebsd/12.1/5
-    - env: T=devel/linux/centos6/5
-    - env: T=devel/linux/centos7/5
-    - env: T=devel/linux/centos8/5
-    - env: T=devel/linux/fedora31/5
-    - env: T=devel/linux/fedora32/5
-    - env: T=devel/linux/opensuse15py2/5
-    - env: T=devel/linux/opensuse15/5
-    - env: T=devel/linux/ubuntu1604/5
-    - env: T=devel/linux/ubuntu1804/5
-
-    - env: T=devel/cloud/2.7/1
-    - env: T=devel/cloud/3.6/1
-
-    - env: T=2.10/osx/10.11/1
-    - env: T=2.10/rhel/8.2/1
-    - env: T=2.10/freebsd/12.1/2
-    - env: T=2.10/linux/centos8/2
-    - env: T=2.10/linux/fedora32/3
-    - env: T=2.10/linux/opensuse15/3
-    - env: T=2.10/linux/ubuntu1804/4
-    - env: T=2.10/cloud/3.6/1
-
-    #- env: T=2.9/osx/10.11/1
-    - env: T=2.9/rhel/8.2/1
-    - env: T=2.9/freebsd/12.0/2
-    - env: T=2.9/linux/centos8/2
-    - env: T=2.9/linux/fedora31/3
-    - env: T=2.9/linux/opensuse15/3
-    - env: T=2.9/linux/ubuntu1804/4
-    - env: T=2.9/cloud/3.6/1
-
 branches:
  except:
    - "*-patch-*"
--- a/tests/integration/targets/connection_chroot/aliases
+++ b/tests/integration/targets/connection_chroot/aliases
@@ -1,3 +1,3 @@
 needs/root
 shippable/posix/group3
-skip/macos  # FIXME
+skip/macos # Skipped due to limitation of macOS 10.15 SIP, please read https://github.com/ansible-collections/community.general/issues/1017#issuecomment-755088895
--- a/tests/integration/targets/docker_container/tasks/tests/options.yml
+++ b/tests/integration/targets/docker_container/tasks/tests/options.yml
@@ -2914,9 +2914,22 @@ avoid such warnings, please quote the value.' in log_options_2.warnings"
    published_ports:
    - '127.0.0.1:9002:9002/tcp'
    - '[::1]:9003:9003/tcp'
+    - '[fe80::1%test]:90:90/tcp'
    force_kill: yes
  register: published_ports_5

+- name: published_ports (ports with IP addresses, idempotent)
+  docker_container:
+    image: "{{ docker_test_image_alpine }}"
+    command: '/bin/sh -c "sleep 10m"'
+    name: "{{ cname }}"
+    state: started
+    published_ports:
+    - '127.0.0.1:9002:9002/tcp'
+    - '[::1]:9003:9003/tcp'
+    - '[fe80::1%test]:90:90/tcp'
+  register: published_ports_6
+
 - name: published_ports (no published ports)
  docker_container:
    image: "{{ docker_test_image_alpine }}"
@@ -2927,7 +2940,7 @@ avoid such warnings, please quote the value.' in log_options_2.warnings"
    comparisons:
      published_ports: strict
    force_kill: yes
-  register: published_ports_6
+  register: published_ports_7

 - name: cleanup
  docker_container:
@@ -2943,7 +2956,8 @@ avoid such warnings, please quote the value.' in log_options_2.warnings"
    - published_ports_3 is not changed
    - published_ports_4 is changed
    - published_ports_5 is changed
-    - published_ports_6 is changed
+    - published_ports_6 is not changed
+    - published_ports_7 is changed

 ####################################################################
 ## pull ############################################################
--- a/tests/integration/targets/docker_image/tasks/tests/options.yml
+++ b/tests/integration/targets/docker_image/tasks/tests/options.yml
@@ -230,6 +230,14 @@
  register: load_image_3
  ignore_errors: true

+- name: load image (invalid image, old API version)
+  docker_image:
+    name: foo:bar
+    load_path: "{{ output_dir }}/image-invalid.tar"
+    source: load
+    api_version: "1.22"
+  register: load_image_4
+
 - assert:
    that:
    - load_image is changed
@@ -240,6 +248,8 @@
      "The archive did not contain image 'foo:bar'. Instead, found '" ~ docker_test_image_hello_world ~ "'." == load_image_2.msg
    - load_image_3 is failed
    - '"Detected no loaded images. Archive potentially corrupt?" == load_image_3.msg'
+    - load_image_4 is changed
+    - "'The API version of your Docker daemon is < 1.23, which does not return the image loading result from the Docker daemon. Therefore, we cannot verify whether the expected image was loaded, whether multiple images where loaded, or whether the load actually succeeded. You should consider upgrading your Docker daemon.' in load_image_4.warnings"

 ####################################################################
 ## path ############################################################
--- a/tests/integration/targets/filesystem/defaults/main.yml
+++ b/tests/integration/targets/filesystem/defaults/main.yml
@@ -1,3 +1,4 @@
+---
 tested_filesystems:
  # key: fstype
  #   fssize: size (Mo)
--- a/tests/integration/targets/filesystem/meta/main.yml
+++ b/tests/integration/targets/filesystem/meta/main.yml
@@ -1,3 +1,4 @@
+---
 dependencies:
  - setup_pkg_mgr
  - setup_remote_tmp_dir
--- a/tests/integration/targets/filesystem/tasks/create_device.yml
+++ b/tests/integration/targets/filesystem/tasks/create_device.yml
@@ -1,3 +1,4 @@
+---
 - name: 'Create a "disk" file'
  command: 'dd if=/dev/zero of={{ image_file }} bs=1M count={{ fssize }}'

--- a/tests/integration/targets/filesystem/tasks/create_fs.yml
+++ b/tests/integration/targets/filesystem/tasks/create_fs.yml
@@ -43,40 +43,45 @@
      - 'fs3_result is success'
      - 'uuid.stdout != uuid3.stdout'

- name: increase fake device
-  shell: 'dd if=/dev/zero bs=1M count=1 >> {{ image_file }}'
-
- when: fstype == 'lvm'
-  block:
-    - name: Resize loop device for LVM
-      command: losetup -c {{ dev }}

 - when: 'grow|bool and (fstype != "vfat" or resize_vfat)'
  block:
-  - name: Expand filesystem
-    filesystem:
-      dev: '{{ dev }}'
-      fstype: '{{ fstype }}'
-      resizefs: yes
-    register: fs4_result
+    - name: increase fake device
+      shell: 'dd if=/dev/zero bs=1M count=1 >> {{ image_file }}'

-  - command: 'blkid -c /dev/null -o value -s UUID {{ dev }}'
-    register: uuid4
+    - name: Resize loop device for LVM
+      command: losetup -c {{ dev }}
+      when: fstype == 'lvm'

-  - assert:
-      that:
-        - 'fs4_result is changed'
-        - 'fs4_result is success'
-        - 'uuid3.stdout == uuid4.stdout' # unchanged
+    - name: Expand filesystem
+      filesystem:
+        dev: '{{ dev }}'
+        fstype: '{{ fstype }}'
+        resizefs: yes
+      register: fs4_result

-  - name: Try to expand filesystem again
-    filesystem:
-      dev: '{{ dev }}'
-      fstype: '{{ fstype }}'
-      resizefs: yes
-    register: fs5_result
+    - command: 'blkid -c /dev/null -o value -s UUID {{ dev }}'
+      register: uuid4

-  - assert:
-      that:
-        - 'not (fs5_result is changed)'
-        - 'fs5_result is successful'
+    - assert:
+        that:
+          - 'fs4_result is changed'
+          - 'fs4_result is success'
+          - 'uuid3.stdout == uuid4.stdout' # unchanged
+
+- when:
+    - (grow | bool and (fstype != "vfat" or resize_vfat)) or
+      (fstype == "xfs" and ansible_system == "Linux" and
+      ansible_distribution not in ["CentOS", "Ubuntu"])
+  block:
+    - name: Check that resizefs does nothing if device size is not changed
+      filesystem:
+        dev: '{{ dev }}'
+        fstype: '{{ fstype }}'
+        resizefs: yes
+      register: fs5_result
+
+    - assert:
+        that:
+          - 'fs5_result is not changed'
+          - 'fs5_result is succeeded'
--- a/tests/integration/targets/filesystem/tasks/main.yml
+++ b/tests/integration/targets/filesystem/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 ####################################################################
 # WARNING: These are designed specifically for Ansible tests       #
 # and should not be used as examples of how to write Ansible roles #
--- a/tests/integration/targets/filesystem/tasks/overwrite_another_fs.yml
+++ b/tests/integration/targets/filesystem/tasks/overwrite_another_fs.yml
@@ -1,3 +1,4 @@
+---
 - name: 'Recreate "disk" file'
  command: 'dd if=/dev/zero of={{ image_file }} bs=1M count={{ fssize }}'

--- a/tests/integration/targets/filesystem/tasks/setup.yml
+++ b/tests/integration/targets/filesystem/tasks/setup.yml
@@ -1,3 +1,4 @@
+---
 - name: install filesystem tools
  package:
    name: '{{ item }}'
--- a/tests/integration/targets/gitlab_user/tasks/main.yml
+++ b/tests/integration/targets/gitlab_user/tasks/main.yml
@@ -10,25 +10,25 @@

 - name: Clean up gitlab user
  gitlab_user:
-    server_url: "{{ gitlab_host }}"
+    api_url: "{{ gitlab_host }}"
    name: ansible_test_user
    username: ansible_test_user
    password: Secr3tPassw00rd
    email: root@localhost
    validate_certs: false
-    login_token: "{{ gitlab_login_token }}"
+    api_token: "{{ gitlab_login_token }}"
    state: absent


 - name: Create gitlab user
  gitlab_user:
-    server_url: "{{ gitlab_host }}"
+    api_url: "{{ gitlab_host }}"
    email: "{{ gitlab_user_email }}"
    name: "{{ gitlab_user }}"
    username: "{{ gitlab_user }}"
    password: "{{ gitlab_user_pass }}"
    validate_certs: False
-    login_token: "{{ gitlab_login_token }}"
+    api_token: "{{ gitlab_login_token }}"
    state: present
  register: gitlab_user_state

@@ -39,13 +39,13 @@

 - name: Create gitlab user again
  gitlab_user:
-    server_url: "{{ gitlab_host }}"
+    api_url: "{{ gitlab_host }}"
    email: root@localhost
    name: ansible_test_user
    username: ansible_test_user
    password: Secr3tPassw00rd
    validate_certs: False
-    login_token: "{{ gitlab_login_token }}"
+    api_token: "{{ gitlab_login_token }}"
    state: present
  register: gitlab_user_state_again

@@ -53,3 +53,198 @@
  assert:
    that:
      - gitlab_user_state_again is not changed
+      - gitlab_user_state_again.user.is_admin == False
+
+
+- name: Update User Test => Make User Admin 
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    isadmin: true
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check if user is admin now
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.is_admin == True
+
+- name: Update User Test => Make User Admin (Again)
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    isadmin: true
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check state is not changed
+  assert:
+    that:
+      - gitlab_user_state is not changed
+      - gitlab_user_state.user.is_admin == True
+
+- name: Update User Test => Remove Admin Rights
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    isadmin: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check if user is not admin anymore
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.is_admin == False
+
+
+- name: Update User Test => Try Changing Mail without Confirmation Skipping
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: foo@bar.baz
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: True
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check that eMail is unchanged (Only works with confirmation skipping)
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.email == gitlab_user_email
+
+- name: Update User Test => Change Mail with Confirmation Skip
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: foo@bar.baz
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check that mail has changed now
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.email == 'foo@bar.baz'
+
+- name: Update User Test => Change Mail with Confirmation Skip (Again)
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: foo@bar.baz
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check state is not changed
+  assert:
+    that:
+      - gitlab_user_state is not changed
+      - gitlab_user_state.user.email == 'foo@bar.baz'
+
+- name: Update User Test => Revert to original Mail Address
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check that reverting mail back to original has worked
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.email == gitlab_user_email
+
+
+- name: Update User Test => Change User Password
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    validate_certs: False
+
+    # note: the only way to check if a password really is what it is expected 
+    #   to be is to use it for login, so we use it here instead of the 
+    #   default token assuming that a user can always change its own password
+    api_username: "{{ gitlab_user }}"
+    api_password: "{{ gitlab_user_pass }}"
+
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: new-super-password
+    state: present
+  register: gitlab_user_state
+
+- name: Check PW setting return state
+  assert:
+    that:
+        # note: there is no way to determine if a password has changed or 
+        #   not, so it can only be always yellow or always green, we 
+        #   decided for always green for now
+      - gitlab_user_state is not changed
+
+- name: Update User Test => Reset User Password
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    validate_certs: False
+
+    api_username: "{{ gitlab_user }}"
+    api_password: new-super-password
+
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: "{{ gitlab_user_pass }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check PW setting return state (Again)
+  assert:
+    that:
+      - gitlab_user_state is not changed
+
+- name: Update User Test => Check that password was reset
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    validate_certs: False
+
+    api_username: "{{ gitlab_user }}"
+    api_password: "{{ gitlab_user_pass }}"
+
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check PW setting return state (Reset)
+  assert:
+    that:
+      - gitlab_user_state is not changed
--- a/tests/integration/targets/hg/aliases
+++ b/tests/integration/targets/hg/aliases
@@ -1,4 +1,3 @@
 shippable/posix/group2
 skip/python3
 skip/aix
-disabled  # tests use bitbucket, which dropped mercurial support on 2020-08-26 (https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket)
--- a/tests/integration/targets/hg/tasks/install.yml
+++ b/tests/integration/targets/hg/tasks/install.yml
@@ -36,6 +36,11 @@
    name: mercurial
  when: ansible_facts.pkg_mgr in ['pkgng', 'community.general.pkgng']

+- name: install mercurial (zypper)
+  package:
+    name: mercurial
+  when: ansible_facts.pkg_mgr in ['zypper', 'community.general.zypper']
+
 - name: preserve the updated python
  command: cp -av "{{ which_python.stdout }}" "{{ which_python.stdout }}.updated"

--- a/tests/integration/targets/hg/tasks/main.yml
+++ b/tests/integration/targets/hg/tasks/main.yml
@@ -4,22 +4,9 @@
 ####################################################################

 # test code for the hg module
-# (c) 2014, James Tanner <tanner.jc@gmail.com>
-
-# This file is part of Ansible
+# Copyright: (c) 2014, James Tanner <tanner.jc@gmail.com>
 #
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

 - name: determine if mercurial is already installed
  command: which hg
--- a/tests/integration/targets/hg/tasks/run-tests.yml
+++ b/tests/integration/targets/hg/tasks/run-tests.yml
@@ -1,27 +1,16 @@
 # test code for the hg module
-# (c) 2018, Ansible Project
-
-# This file is part of Ansible
+# Copyright: (c) 2018, Ansible Project
 #
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)


 - name: set where to extract the repo
-  set_fact: checkout_dir={{ output_dir }}/epdb
+  set_fact:
+    checkout_dir: "{{ output_dir }}/hg_project_test"

 - name: set what repo to use
-  set_fact: repo=https://bitbucket.org/rpathsync/epdb
+  set_fact:
+    repo: "http://hg.pf.osdn.net/view/a/ak/akasurde/hg_project_test"

 - name: clean out the output_dir
  shell: rm -rf {{ output_dir }}/*
@@ -30,7 +19,9 @@
  shell: which hg

 - name: initial checkout
-  hg: repo={{ repo }} dest={{ checkout_dir }}
+  hg:
+    repo: "{{ repo }}"
+    dest: "{{ checkout_dir }}"
  register: hg_result

 - debug: var=hg_result
@@ -46,17 +37,21 @@
      - "hg_result.changed"

 - name: repeated checkout
-  hg: repo={{ repo }} dest={{ checkout_dir }}
+  hg:
+    repo: "{{ repo }}"
+    dest: "{{ checkout_dir }}"
  register: hg_result2

 - debug: var=hg_result2

 - name: check for tags
-  stat: path={{ checkout_dir }}/.hgtags
+  stat:
+    path: "{{ checkout_dir }}/.hgtags"
  register: tags

 - name: check for remotes
-  stat: path={{ checkout_dir }}/.hg/branch
+  stat:
+    path: "{{ checkout_dir }}/.hg/branch"
  register: branches

 - debug: var=tags
@@ -68,13 +63,16 @@
      - "tags.stat.isreg"
      - "branches.stat.isreg"

- name: verify on a reclone things are marked unchanged
+- name: verify on a re-clone things are marked unchanged
  assert:
    that:
      - "not hg_result2.changed"

 - name: Checkout non-existent repo clone
-  hg: repo=https://bitbucket.org/pyro46/pythonscript_1 clone=no update=no
+  hg:
+    repo: "http://hg.pf.osdn.net/view/a/ak/akasurde/hg_project_test_1"
+    clone: no
+    update: no
  register: hg_result3
  ignore_errors: true

--- a/tests/integration/targets/hg/tasks/uninstall.yml
+++ b/tests/integration/targets/hg/tasks/uninstall.yml
@@ -35,6 +35,12 @@
    autoremove: yes
  when: ansible_facts.pkg_mgr in ['pkgng', 'community.general.pkgng']

+- name: uninstall packages which were not originally installed (zypper)
+  package:
+    name: mercurial
+    state: absent
+  when: ansible_facts.pkg_mgr in ['zypper', 'community.general.zypper']
+
 - name: restore the default python
  raw: mv "{{ which_python.stdout }}.default" "{{ which_python.stdout }}"

--- a/tests/integration/targets/java_cert/aliases
+++ b/tests/integration/targets/java_cert/aliases
@@ -1 +1,7 @@
-unsupported
+destructive
+shippable/posix/group3
+skip/aix
+skip/osx
+skip/macos
+skip/freebsd
+needs/root
--- a/tests/integration/targets/java_cert/meta/main.yml
+++ b/tests/integration/targets/java_cert/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - setup_java_keytool
--- a/tests/integration/targets/java_cert/tasks/main.yml
+++ b/tests/integration/targets/java_cert/tasks/main.yml
@@ -3,56 +3,58 @@
 # WARNING: These are designed specifically for Ansible tests       #
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
+- when: has_java_keytool
+  block:

- name: prep pkcs12 file
-  copy: src="{{ test_pkcs12_path }}" dest="{{output_dir}}/{{ test_pkcs12_path }}"
+    - name: prep pkcs12 file
+      copy: src="{{ test_pkcs12_path }}" dest="{{output_dir}}/{{ test_pkcs12_path }}"

- name: import pkcs12
-  java_cert:
-     pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
-     pkcs12_password: changeit
-     pkcs12_alias: default
-     cert_alias: default
-     keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
-     keystore_pass: changeme_keystore
-     keystore_create: yes
-     state: present
-  register: result_success
- name: verify success
-  assert:
-    that:
-    - result_success is successful
+    - name: import pkcs12
+      java_cert:
+         pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
+         pkcs12_password: changeit
+         pkcs12_alias: default
+         cert_alias: default
+         keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
+         keystore_pass: changeme_keystore
+         keystore_create: yes
+         state: present
+      register: result_success
+    - name: verify success
+      assert:
+        that:
+        - result_success is successful

- name: import pkcs12 with wrong password
-  java_cert:
-     pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
-     pkcs12_password: wrong_pass
-     pkcs12_alias: default
-     cert_alias: default_new
-     keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
-     keystore_pass: changeme_keystore
-     keystore_create: yes
-     state: present
-  ignore_errors: true
-  register: result_wrong_pass
+    - name: import pkcs12 with wrong password
+      java_cert:
+         pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
+         pkcs12_password: wrong_pass
+         pkcs12_alias: default
+         cert_alias: default_new
+         keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
+         keystore_pass: changeme_keystore
+         keystore_create: yes
+         state: present
+      ignore_errors: true
+      register: result_wrong_pass

- name: verify fail with wrong import password
-  assert:
-    that:
-    - result_wrong_pass is failed
+    - name: verify fail with wrong import password
+      assert:
+        that:
+        - result_wrong_pass is failed

- name: test fail on mutually exclusive params
-  java_cert:
-     cert_path: ca.crt
-     pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
-     cert_alias: default
-     keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
-     keystore_pass: changeme_keystore
-     keystore_create: yes
-     state: present
-  ignore_errors: true
-  register: result_excl_params
- name: verify failed exclusive params
-  assert:
-    that:
-    - result_excl_params is failed
+    - name: test fail on mutually exclusive params
+      java_cert:
+         cert_path: ca.crt
+         pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
+         cert_alias: default
+         keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
+         keystore_pass: changeme_keystore
+         keystore_create: yes
+         state: present
+      ignore_errors: true
+      register: result_excl_params
+    - name: verify failed exclusive params
+      assert:
+        that:
+        - result_excl_params is failed
--- a/tests/integration/targets/java_keystore/aliases
+++ b/tests/integration/targets/java_keystore/aliases
@@ -0,0 +1,7 @@
+destructive
+shippable/posix/group3
+skip/aix
+skip/osx
+skip/macos
+skip/freebsd
+needs/root
--- a/tests/integration/targets/java_keystore/meta/main.yml
+++ b/tests/integration/targets/java_keystore/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+  - setup_java_keytool
+  - setup_openssl
--- a/tests/integration/targets/java_keystore/tasks/main.yml
+++ b/tests/integration/targets/java_keystore/tasks/main.yml
@@ -0,0 +1,137 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+- when: has_java_keytool
+  block:
+    - name: Create private keys
+      community.crypto.openssl_privatekey:
+        path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
+        size: 2048  # this should work everywhere
+        # The following is more efficient, but might not work everywhere:
+        # type: ECC
+        # curve: secp384r1
+        cipher: "{{ 'auto' if item.passphrase is defined else omit }}"
+        passphrase: "{{ item.passphrase | default(omit) }}"
+      loop:
+        - name: cert
+        - name: cert-pw
+          passphrase: hunter2
+
+    - name: Create CSRs
+      community.crypto.openssl_csr:
+        path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
+        privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
+        privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
+        commonName: "{{ item.commonName }}"
+      loop:
+        - name: cert
+          commonName: example.com
+        - name: cert-pw
+          passphrase: hunter2
+          commonName: example.com
+        - name: cert2
+          keyname: cert
+          commonName: example.org
+        - name: cert2-pw
+          keyname: cert-pw
+          passphrase: hunter2
+          commonName: example.org
+
+    - name: Create certificates
+      community.crypto.x509_certificate:
+        path: "{{ output_dir ~ '/' ~ item.name ~ '.pem' }}"
+        csr_path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
+        privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
+        privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
+        provider: selfsigned
+      loop:
+        - name: cert
+          commonName: example.com
+        - name: cert-pw
+          passphrase: hunter2
+          commonName: example.com
+        - name: cert2
+          keyname: cert
+          commonName: example.org
+        - name: cert2-pw
+          keyname: cert-pw
+          passphrase: hunter2
+          commonName: example.org
+
+    - name: Create a Java key store for the given certificates (check mode)
+      community.general.java_keystore: &create_key_store_data
+        name: example
+        certificate: "{{lookup('file', output_dir ~ '/' ~ item.name ~ '.pem') }}"
+        private_key: "{{lookup('file', output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key') }}"
+        private_key_passphrase: "{{ item.passphrase | default(omit) }}"
+        password: changeit
+        dest: "{{ output_dir ~ '/' ~ item.name ~ '.jks' }}"
+      loop: &create_key_store_loop
+        - name: cert
+        - name: cert-pw
+          passphrase: hunter2
+      check_mode: yes
+      register: result_check
+
+    - name: Create a Java key store for the given certificates
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop
+      register: result
+
+    - name: Create a Java key store for the given certificates (idempotency, check mode)
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop
+      check_mode: yes
+      register: result_idem_check
+
+    - name: Create a Java key store for the given certificates (idempotency)
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop
+      register: result_idem
+
+    - name: Create a Java key store for the given certificates (certificate changed, check mode)
+      community.general.java_keystore: *create_key_store_data
+      loop: &create_key_store_loop_new_certs
+        - name: cert2
+          keyname: cert
+        - name: cert2-pw
+          keyname: cert-pw
+          passphrase: hunter2
+      check_mode: yes
+      register: result_change_check
+
+    - name: Create a Java key store for the given certificates (certificate changed)
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop_new_certs
+      register: result_change
+
+    - name: Create a Java key store for the given certificates (password changed, check mode)
+      community.general.java_keystore:
+        <<: *create_key_store_data
+        password: hunter2
+      loop: *create_key_store_loop_new_certs
+      check_mode: yes
+      register: result_pw_change_check
+      when: false  # FIXME: module currently crashes
+
+    - name: Create a Java key store for the given certificates (password changed)
+      community.general.java_keystore:
+        <<: *create_key_store_data
+        password: hunter2
+      loop: *create_key_store_loop_new_certs
+      register: result_pw_change
+      when: false  # FIXME: module currently crashes
+
+    - name: Validate results
+      assert:
+        that:
+          - result is changed
+          - result_check is changed
+          - result_idem is not changed
+          - result_idem_check is not changed
+          - result_change is changed
+          - result_change_check is changed
+          # - result_pw_change is changed        # FIXME: module currently crashes
+          # - result_pw_change_check is changed  # FIXME: module currently crashes
--- a/tests/integration/targets/monit/aliases
+++ b/tests/integration/targets/monit/aliases
@@ -6,3 +6,4 @@ skip/macos
 skip/freebsd
 skip/aix
 skip/python2.6  # python-daemon package used in integration tests requires >=2.7
+skip/rhel  # FIXME
--- a/tests/integration/targets/setup_java_keytool/meta/main.yml
+++ b/tests/integration/targets/setup_java_keytool/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+  - setup_remote_constraints
+  - setup_pkg_mgr
--- a/tests/integration/targets/setup_java_keytool/tasks/main.yml
+++ b/tests/integration/targets/setup_java_keytool/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+- set_fact:
+    has_java_keytool: >-
+      {{
+        ansible_os_family not in ['Darwin', 'FreeBSD']
+        and not (ansible_distribution == "CentOS" and ansible_distribution_version is version("7.0", "<"))
+      }}
+
+- name: Include OS-specific variables
+  include_vars: '{{ ansible_os_family }}.yml'
+  when: has_java_keytool
+
+- name: Install keytool
+  package:
+    name: '{{ keytool_package_name }}'
+  become: true
+  when: has_java_keytool
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Felix Fontein	b81ba747ba	Release 1.3.6.	2021-02-09 13:09:36 +01:00
patchback[bot]	7ab1aa8894	Various fixes for updating existing gitlab users (#1724 ) (#1756 ) * fixes various issues related to updating an ... ... existing gitlab user, in detail: - fixes updating admin status not working - fixes user passwords not updated - fixes confirmation skipping param ignored for user updates - added tests for code changes * fixing sanity issues * fixing sanity issues 02 * fixing sanity issues 03 * fixing sanity issues 04 * fixing unit test failures * fixing unit test failures 02 * add changelog fragment * fixing unit test failures 03 * forgot to add changelog fragment * fix changelog sanity issues * fix changelog sanity issues 02 * incorporate review suggestions Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de> (cherry picked from commit `c03ae754d2`) Co-authored-by: morco <thegreatwiper@web.de>	2021-02-09 12:01:59 +01:00
Felix Fontein	d272f7731c	Fix CI (#1752 ) (#1755 ) * Limit cryptography to < 3.4 for Python < 3.6. * Work around old pip versions. * Use constraints file when installing stormssh. * Work around old pip in RHEL8.2, CentOS 8, Ubuntu 18.04, and OpenSuSE 15 (cherry picked from commit `909ac92fe2`)	2021-02-09 08:17:25 +01:00
Felix Fontein	d58472ec39	Add 1.3.6 release summary.	2021-02-08 22:22:45 +01:00
patchback[bot]	25d5574089	Fix a bunch of potential security issues (secret leaking) (#1736 ) (#1750 ) * Fix a bunch of potential security issues (secret leaking). * oneandone_server was already ok. * Add more parameters for pagerduty_alert. * Add more no_log=True. (cherry picked from commit `29bd5a9486`) Co-authored-by: Felix Fontein <felix@fontein.de>	2021-02-08 16:22:39 +00:00
patchback[bot]	ab43b88d95	Make sure mercurial is also installed on OpenSuSE. (#1734 ) (#1737 ) (cherry picked from commit `701a89eb1c`) Co-authored-by: Felix Fontein <felix@fontein.de>	2021-02-05 08:29:21 +01:00
patchback[bot]	0b13c1eb45	parted: fix regex for version match and partition size output (#1695 ) (#1731 ) * Fix 2 regex in parted related to parted version string and to parsing partition size output. * Added changelog fragment. * Updated changelog as per recommendation. * Fix the regex matching the parted version. The space character at the end of the string may or may not be always present * provided sample version output and corrected regex to match * add/correct changelog fragment * split parted_version function to allow creating a test unit * test unit for parted version info * ansible-test sanity fixes * review fix * Update changelogs/fragments/1695-parted-updatedregex.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * comment fixes * better function name * Update plugins/modules/system/parted.py Co-authored-by: Felix Fontein <felix@fontein.de> * comment fixes Co-authored-by: Claude Robitaille <claude@cbcr.me> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `43da5b88db`) Co-authored-by: Anatoly Pugachev <matorola@gmail.com>	2021-02-05 07:46:15 +01:00
patchback[bot]	ad5b8a813f	Add no_log to some module arguments (#1725 ) (#1729 ) * Add no_log to some module arguments This will prevent potentially sensitive information from being printed to the console. See: CVE-2021-20191 * Update changelogs/fragments/CVE-2021-20191_no_log.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `ae8edc02e1`) Co-authored-by: David Moreau Simard <dmsimard@redhat.com>	2021-02-04 21:54:09 +01:00
David Moreau Simard	9cccc9f0cd	docker swarm - Add no_log to the signing_ca_key argument (#1728 ) This will prevent accidental disclosure. See: CVE-2021-20191	2021-02-04 21:17:43 +01:00
patchback[bot]	b7368b9802	module filesystem: partially fix idempotency issue #1457 (resizefs) (#1478 ) (#1719 ) * Use 'xfs_info' to query fs size, that doesn't always require the device be mounted. Although still query mountpoint first for backward compatibility. * Do not fail whith fstype=xfs and resizefs=yes if filesystem already fills its underlying device. * Include xfs in the tasks that test idempotency of resizefs option * Add changelogs/fragments/1478-filesystem-fix-1457-resizefs-idempotency.yml (cherry picked from commit `aa95d8a5b7`) Co-authored-by: quidame <quidame@poivron.org>	2021-02-03 10:42:21 +01:00
patchback[bot]	be54f11a7d	sensu-silence: fix json parsing of sensu API response (#1703 ) (#1717 ) * sensu-silence: fix json parsing of sensu API response * use ansible helper function to decode bytestream * add changelog fragment * Update changelogs, link to PR Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `b40a5ef09a`) Co-authored-by: Stefan Walluhn <stefan.walluhn@aboutsource.net>	2021-02-02 18:06:35 +01:00
patchback[bot]	07b147d90f	Fedora 30 and 31 are EOL and will eventually be removed from devel. (#1705 ) (#1710 ) (cherry picked from commit `6af3c96d8e`) Co-authored-by: Felix Fontein <felix@fontein.de>	2021-02-01 19:07:30 +01:00
patchback[bot]	8f0f6ffc43	Add Name and/or Id properties to resource inventory output (#1691 ) (#1697 ) * add Name and/or Id properties to resource inventory output * add changelog fragment (cherry picked from commit `00f5f7dfe7`) Co-authored-by: Bill Dodd <billdodd@gmail.com>	2021-01-29 07:40:25 +01:00
patchback[bot]	30622754a9	update scaleway zones (#1690 ) (#1694 ) (cherry picked from commit `db656705b0`) Co-authored-by: Nicolas Karolak <nikaro@users.noreply.github.com>	2021-01-28 13:22:19 +01:00
Felix Fontein	6f1e585da5	Backport of https://github.com/ansible-collections/community.docker/pull/76 to stable-1. (#1689 )	2021-01-27 19:56:10 +01:00
Felix Fontein	65861d3482	Next planned release is 1.3.6.	2021-01-26 13:39:20 +01:00
Felix Fontein	5a54ddfab9	Release 1.3.5.	2021-01-26 12:40:00 +01:00
Felix Fontein	e1576ca00d	Add 1.3.5 release summary.	2021-01-26 09:55:43 +01:00
patchback[bot]	1aa26662ef	Add default `brew` search path for non-Intel / Apple silicon hardware (#1679 ) (#1680 ) * Add default brew search path for non-Intel / Apple silicon hardware * add changelog fragment * Update 1679-homebrew_search_path.yml fix for double-ticks in yaml/rst format * missing dots and brackets (cherry picked from commit `2a53edd9bc`) Co-authored-by: Anatoly Pugachev <matorola@gmail.com>	2021-01-26 07:55:56 +01:00
Felix Fontein	4b9696023a	Backport of https://github.com/ansible-collections/community.docker/pull/73 to stable-1. (#1678 )	2021-01-25 18:03:12 +01:00
Felix Fontein	8a95fe8b00	Backport of https://github.com/ansible-collections/community.docker/pull/66 to stable-1. (#1677 )	2021-01-25 17:02:54 +00:00
patchback[bot]	a389969ace	dnsmadeeasy: Fix HTTP 400 errors when creating a TXT record (#1654 ) (#1675 ) * dnsmadeeasy: Fix HTTP 400 errors when creating a TXT record * When creating a record the module fails on monitor API call * TXT records are surrounded by quotes in the API response Fixes: #1237 * dnsmadeeasy: Add changelog fragment * dnsmadeeasy: Fix pylint error * Update changelogs/fragments/1654-dnsmadeeasy-http-400-fixes.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/net_tools/dnsmadeeasy.py The dictionary might be empty Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `ebaa17f59f`) Co-authored-by: Orosz Dávid <idawko@gmail.com>	2021-01-25 13:28:02 +01:00
patchback[bot]	3221b25393	fix passwordstore.py to be compatible with gopass. (#1589 ) (#1674 ) * fix passwordstore.py to be compatible with gopass. ...even when used with create=true. The same output snippet matches for both, `pass` and `gopass`, but while `pass` returns `1` on a non-existant password, `gopass` returns `10`, or `11`, depending on whether a similar named password was stored. So I'd propose to change `e.returncode == 1` to `e.returncode != 0` to cover both cases here. What do you think? * Update passwordstore.py, fix typo * Add changelog fragment. * Update changelogs/fragments/1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update changelogs/fragments/1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `73b3ec09e5`) Co-authored-by: Paul Haerle <hello@phaer.org>	2021-01-25 12:59:22 +01:00
patchback[bot]	cc3fefd325	Add CI tests for java_cert and java_keystore (#1666 ) (#1672 ) * Try to run java_cert tests in CI. * Forgot to add meta/ * Exclude CentOS 6. * Add basic java_keystore tests. * Forgot that. * Without a CN, keytool always claims 'keystore password was incorrect' (sigh). * Improve/fix tests. Apparently the module cannot handle changed passwords. * Update tests/integration/targets/java_keystore/tasks/main.yml Co-authored-by: Tadej Borovšak <70951+tadeboro@users.noreply.github.com> * More simpliications. * Fix typo. Co-authored-by: Tadej Borovšak <70951+tadeboro@users.noreply.github.com> (cherry picked from commit `b3d3b108bf`) Co-authored-by: Felix Fontein <felix@fontein.de>	2021-01-24 17:46:20 +01:00
patchback[bot]	90c278ad87	lldp - use get_bin_path to locate the lldpctl executable (#1643 ) (#1663 ) * lldp - use get_bin_path to locate the lldpctl executable * This prevents failed executions FAILED! => {"changed": false, "cmd": "lldpctl -f keyvalue", "msg": "[Errno 2] No such file or directory", "rc": 2} on hosts (servers and switches) with lldpd installed and running. * Update changelogs/fragments/lldp-use-get_bin_path-to-locate-the-lldpctl-executable.yaml Specify pull request id and minor formatting tweaks Co-authored-by: Felix Fontein <felix@fontein.de> * Update changelogs/fragments/lldp-use-get_bin_path-to-locate-the-lldpctl-executable.yaml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `1dd5e71cff`) Co-authored-by: José Pedro Oliveira <jose.p.oliveira.oss@gmail.com>	2021-01-23 12:15:33 +01:00
patchback[bot]	5ece46c56e	Fixing return code not showing the command that fails in terraform. (#1632 ) (#1662 ) * Fixing return code not showing the command that fails in terraform. * Update changelogs/fragments/1632-using_check_rc_in_terraform.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `dd0d460132`) Co-authored-by: Saqib Rokadia <saqib@saqibr.com>	2021-01-23 12:15:17 +01:00
John R Barker	f158b6e6c1	Shippable: Disable no-sanity We have AZP for testing. As collection_bot doesn't currently support AZP keep that with Shippable (cherry picked from commit `a207298260`)	2021-01-22 17:05:09 +01:00
patchback[bot]	2d84387d84	Fix parted resize example in docs (#1653 ) (#1655 ) (#1656 ) (cherry picked from commit `144855e820`) Co-authored-by: jake2184 <jake2184@users.noreply.github.com>	2021-01-21 14:43:11 +01:00
patchback[bot]	12618ddbd4	onepassword: find the password field out of the fields list (#1610 ) (#1651 ) * Find the password field out of the fields list With the command line utility `op` version 1.8, the password field exists, while the fields list is empty. This will look for the desired field without it being listed in the fields list. * Add changelog fragment * Update changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `5b1bede4cb`) Co-authored-by: Roberto Aguilar <r@rreboto.com>	2021-01-20 23:12:41 +01:00
patchback[bot]	7fac03ec56	Improve readability of example. (#1648 ) (#1649 ) (cherry picked from commit `25e246bdc2`) Co-authored-by: Felix Fontein <felix@fontein.de>	2021-01-19 08:05:57 +00:00
Joe Louthan	199e53112c	Update tss.py - multiline for an example (#1639 ) * Update tss.py - multiline for an example Extended line runs past the side of the browser window * Moved multiline to after the msg. Cannot believe I missed that again. * Updated tss.py Using > as multiline joiner with spaces	2021-01-19 07:00:14 +01:00
Felix Fontein	f8237ce76d	Next release will be 1.3.5.	2021-01-14 18:22:59 +01:00
Felix Fontein	8a9d18cc86	Release 1.3.4.	2021-01-14 16:07:29 +01:00
Felix Fontein	b7b69d918a	Add release summary.	2021-01-14 16:06:02 +01:00
patchback[bot]	a3f08377b2	bitbucket_pipeline_variable: Hide secured values in console log (#1635 ) (#1637 ) SECURITY - CVE-2021-20180 Hide user sensitive information which is marked as ``secured`` while logging in console. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit `1d0c5e2ba4`) Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>	2021-01-14 16:04:27 +01:00
patchback[bot]	4c9c8e0514	npm - handle json decode exception (#1625 ) (#1636 ) * Provide a user friendly message by handling json decode exception rather than providing a stacktrace Fixes: #1614 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit `a9c64655de`) Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>	2021-01-14 14:40:33 +01:00
Felix Fontein	3911b83145	Next release will be 1.3.4.	2021-01-13 13:19:40 +01:00
Felix Fontein	20e1d7c08b	Release 1.3.3.	2021-01-13 12:31:11 +01:00
Felix Fontein	24aa8afde8	Add release summary.	2021-01-13 12:28:33 +01:00
patchback[bot]	71c6ec0b00	init_reconfigure fails on module cloud/misc/terraform.py (#1620 ) (#1629 ) * fix reconfigure option If `init_reconfigure` is true, the init fails because it is run as: `terraform init -input=false - r e c o n f i g u r e` * changelog fragment * typo Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `9f4fd4c899`) Co-authored-by: christophemorio <49184206+christophemorio@users.noreply.github.com>	2021-01-13 11:12:50 +01:00
patchback[bot]	469e32e15b	Remove bigmstone (#1626 ) (#1627 ) Removing bigmstone from BOTMETA. (cherry picked from commit `19fdb29db7`) Co-authored-by: Matthew Stone <dev@mattstone.io>	2021-01-12 17:52:50 +01:00
patchback[bot]	ebfb46aa78	Updated doc. Module not idempotent. delegate_to not needed. (#1587 ) (#1622 ) (cherry picked from commit `63817f7c1b`) Co-authored-by: Vladimir Botka <vbotka@gmail.com>	2021-01-12 12:08:17 +01:00
patchback[bot]	fa2d2d6971	snmp_facts: Hide user sensitive information in console (#1621 ) (#1623 ) SECURITY - CVE-2021-20178 Hide user sensitive information like `privkey` and `authkey` while logging in console. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit `3560aeb12f`) Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>	2021-01-12 12:08:03 +01:00
patchback[bot]	a1429d0266	Skip monit tests on RHEL. (#1615 ) (#1617 ) (cherry picked from commit `637571993a`) Co-authored-by: Felix Fontein <felix@fontein.de>	2021-01-12 07:09:04 +01:00
Felix Fontein	3077ac770f	chroot: re-enable connection chroot tests (#1591 ) (#1602 ) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit `e7b16a96b9`) Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>	2021-01-07 12:20:28 +01:00
patchback[bot]	7813cd751a	hg: Re-enable tests (#1599 ) (#1600 ) * Update license boilerplate * Change mercurial repository links Fixes: #840 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit `126c397d6c`) Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>	2021-01-07 07:44:20 +01:00
Felix Fontein	4461c18957	Add kubevirt removal announcement. (#1594 )	2021-01-05 18:41:02 -05:00
Felix Fontein	34cf93a538	Next release will be 1.3.3.	2021-01-04 18:26:38 +01:00