Release 1.3.5.

* Add default brew search path for non-Intel / Apple silicon hardware

* add changelog fragment

* Update 1679-homebrew_search_path.yml

fix for double-ticks in yaml/rst format

* missing dots and brackets

(cherry picked from commit 2a53edd9bc)

Co-authored-by: Anatoly Pugachev <matorola@gmail.com>

.github/BOTMETA.yml

@@ -576,7 +576,7 @@ files:
   $modules/net_tools/nmcli.py:
     maintainers: alcamie101
   $modules/net_tools/snmp_facts.py:
-    maintainers: ogenstad bigmstone ujwalkomarla
+    maintainers: ogenstad ujwalkomarla
   $modules/notification/osx_say.py:
     maintainers: ansible mpdehaan
     labels: _osx_say

CHANGELOG.rst

@@ -5,6 +5,76 @@ Community General Release Notes
 .. contents:: Topics
 
 
+v1.3.5
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- dnsmadeeasy - fix HTTP 400 errors when creating a TXT record (https://github.com/ansible-collections/community.general/issues/1237).
+- docker_container - allow IPv6 zones (RFC 4007) in bind IPs (https://github.com/ansible-collections/community.docker/pull/66).
+- docker_image - fix crash on loading images with versions of Docker SDK for Python before 2.5.0 (https://github.com/ansible-collections/community.docker/issues/72, https://github.com/ansible-collections/community.docker/pull/73).
+- homebrew - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- homebrew_cask - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- homebrew_tap - add default search path for ``brew`` on Apple silicon hardware (https://github.com/ansible-collections/community.general/pull/1679).
+- lldp - use ``get_bin_path`` to locate the ``lldpctl`` executable (https://github.com/ansible-collections/community.general/pull/1643).
+- onepassword lookup plugin - updated to support password items, which place the password field directly in the payload's ``details`` attribute (https://github.com/ansible-collections/community.general/pull/1610).
+- passwordstore lookup plugin - fix compatibility with gopass when used with ``create=true``. While pass returns 1 on a non-existent password, gopass returns 10, or 11, depending on whether a similar named password was stored. We now just check standard output and that the return code is not zero (https://github.com/ansible-collections/community.general/pull/1589).
+- terraform - improve result code checking when executing terraform commands (https://github.com/ansible-collections/community.general/pull/1632).
+
+v1.3.4
+======
+
+Release Summary
+---------------
+
+Bugfix/security release that addresses CVE-2021-20180.
+
+Security Fixes
+--------------
+
+- bitbucket_pipeline_variable - **CVE-2021-20180** - hide user sensitive information which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635).
+
+Bugfixes
+--------
+
+- npm - handle json decode exception while parsing command line output (https://github.com/ansible-collections/community.general/issues/1614).
+
+v1.3.3
+======
+
+Release Summary
+---------------
+
+Bugfix/security release that addresses CVE-2021-20178.
+
+Major Changes
+-------------
+
+- For community.general 2.0.0, the kubevirt modules will be moved to the `community.kubevirt <https://galaxy.ansible.com/community/kubevirt>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use kubevirt modules from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``community.kubevirt.`` instead of ``community.general.``,
+  for example replace ``community.general.kubevirt_vm`` in a task by ``community.kubevirt.kubevirt_vm``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the kubevirt modules, you have to make sure to install the ``community.kubevirt`` collection as well.
+  If you are using FQCNs, for example ``community.general.kubevirt_vm`` instead of ``kubevirt_vm``, it will continue working, but we still recommend to adjust the FQCNs as well.
+
+Security Fixes
+--------------
+
+- snmp_facts - **CVE-2021-20178** - hide user sensitive information such as ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).
+
+Bugfixes
+--------
+
+- terraform - fix ``init_reconfigure`` option for proper CLI args (https://github.com/ansible-collections/community.general/pull/1620).
+
 v1.3.2
 ======
 

changelogs/changelog.yaml

@@ -1764,3 +1764,89 @@ releases:
     - jira_improvements.yaml
     - oc-migration.yml
     release_date: '2021-01-04'
+  1.3.3:
+    changes:
+      bugfixes:
+      - terraform - fix ``init_reconfigure`` option for proper CLI args (https://github.com/ansible-collections/community.general/pull/1620).
+      major_changes:
+      - 'For community.general 2.0.0, the kubevirt modules will be moved to the `community.kubevirt
+        <https://galaxy.ansible.com/community/kubevirt>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use kubevirt modules from this collection,
+        you will need to adjust your playbooks and roles to use FQCNs starting with
+        ``community.kubevirt.`` instead of ``community.general.``,
+
+        for example replace ``community.general.kubevirt_vm`` in a task by ``community.kubevirt.kubevirt_vm``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the kubevirt modules, you have to make sure to install the ``community.kubevirt``
+        collection as well.
+
+        If you are using FQCNs, for example ``community.general.kubevirt_vm`` instead
+        of ``kubevirt_vm``, it will continue working, but we still recommend to adjust
+        the FQCNs as well.
+
+        '
+      release_summary: Bugfix/security release that addresses CVE-2021-20178.
+      security_fixes:
+      - snmp_facts - **CVE-2021-20178** - hide user sensitive information such as
+        ``privkey`` and ``authkey`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1621).
+    fragments:
+    - 1.3.3.yml
+    - 1620-terraform_init_reconfigure_fix.yml
+    - kubevirt-migration.yml
+    - snmp_facts.yml
+    release_date: '2021-01-13'
+  1.3.4:
+    changes:
+      bugfixes:
+      - npm - handle json decode exception while parsing command line output (https://github.com/ansible-collections/community.general/issues/1614).
+      release_summary: Bugfix/security release that addresses CVE-2021-20180.
+      security_fixes:
+      - bitbucket_pipeline_variable - **CVE-2021-20180** - hide user sensitive information
+        which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635).
+    fragments:
+    - 1.3.4.yml
+    - 1614_npm.yml
+    - cve_bitbucket_pipeline_variable.yml
+    release_date: '2021-01-14'
+  1.3.5:
+    changes:
+      bugfixes:
+      - dnsmadeeasy - fix HTTP 400 errors when creating a TXT record (https://github.com/ansible-collections/community.general/issues/1237).
+      - docker_container - allow IPv6 zones (RFC 4007) in bind IPs (https://github.com/ansible-collections/community.docker/pull/66).
+      - docker_image - fix crash on loading images with versions of Docker SDK for
+        Python before 2.5.0 (https://github.com/ansible-collections/community.docker/issues/72,
+        https://github.com/ansible-collections/community.docker/pull/73).
+      - homebrew - add default search path for ``brew`` on Apple silicon hardware
+        (https://github.com/ansible-collections/community.general/pull/1679).
+      - homebrew_cask - add default search path for ``brew`` on Apple silicon hardware
+        (https://github.com/ansible-collections/community.general/pull/1679).
+      - homebrew_tap - add default search path for ``brew`` on Apple silicon hardware
+        (https://github.com/ansible-collections/community.general/pull/1679).
+      - lldp - use ``get_bin_path`` to locate the ``lldpctl`` executable (https://github.com/ansible-collections/community.general/pull/1643).
+      - onepassword lookup plugin - updated to support password items, which place
+        the password field directly in the payload's ``details`` attribute (https://github.com/ansible-collections/community.general/pull/1610).
+      - passwordstore lookup plugin - fix compatibility with gopass when used with
+        ``create=true``. While pass returns 1 on a non-existent password, gopass returns
+        10, or 11, depending on whether a similar named password was stored. We now
+        just check standard output and that the return code is not zero (https://github.com/ansible-collections/community.general/pull/1589).
+      - terraform - improve result code checking when executing terraform commands
+        (https://github.com/ansible-collections/community.general/pull/1632).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 1.3.5.yml
+    - 1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml
+    - 1610-bugfix-onepassword-lookup-plugin.yaml
+    - 1632-using_check_rc_in_terraform.yml
+    - 1654-dnsmadeeasy-http-400-fixes.yaml
+    - 1679-homebrew_search_path.yml
+    - community.docker-66-ipv6-zones.yml
+    - community.docker-73-docker_image-fix-old-docker-py-version.yml
+    - lldp-use-get_bin_path-to-locate-the-lldpctl-executable.yaml
+    release_date: '2021-01-26'

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 1.3.2
+version: 1.3.5
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)

plugins/lookup/onepassword.py

@@ -187,8 +187,63 @@ class OnePass(object):
         return rc, out, err
 
     def _parse_field(self, data_json, field_name, section_title=None):
+        """
+        Retrieves the desired field from the `op` response payload
+
+        When the item is a `password` type, the password is a key within the `details` key:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "templateUuid": "005",
+          "details": {
+            "notesPlain": "",
+            "password": "foobar",
+            "passwordHistory": [],
+            "sections": [
+              {
+                "name": "linked items",
+                "title": "Related Items"
+              }
+            ]
+          },
+          [...]
+        }
+
+        However, when the item is a `login` type, the password is within a fields array:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "details": {
+            "fields": [
+              {
+                "designation": "username",
+                "name": "username",
+                "type": "T",
+                "value": "foo"
+              },
+              {
+                "designation": "password",
+                "name": "password",
+                "type": "P",
+                "value": "bar"
+              }
+            ],
+            [...]
+          },
+          [...]
+        """
         data = json.loads(data_json)
         if section_title is None:
+            # https://github.com/ansible-collections/community.general/pull/1610:
+            # check the details dictionary for `field_name` and return it immediately if it exists
+            # when the entry is a "password" instead of a "login" item, the password field is a key
+            # in the `details` dictionary:
+            if field_name in data['details']:
+                return data['details'][field_name]
+
+            # when the field is not found above, iterate through the fields list in the object details
             for field_data in data['details'].get('fields', []):
                 if field_data.get('name', '').lower() == field_name.lower():
                     return field_data.get('value', '')

plugins/lookup/passwordstore.py

@@ -214,7 +214,7 @@ class LookupModule(LookupBase):
                     name, value = line.split(':', 1)
                     self.passdict[name.strip()] = value.strip()
         except (subprocess.CalledProcessError) as e:
-            if e.returncode == 1 and 'not in the password store' in e.output:
+            if e.returncode != 0 and 'not in the password store' in e.output:
                 # if pass returns 1 and return string contains 'is not in the password store.'
                 # We need to determine if this is valid or Error.
                 if not self.paramvals['create']:

plugins/lookup/tss.py

@@ -75,7 +75,13 @@ EXAMPLES = r"""
   vars:
       secret: "{{ lookup('community.general.tss', 1) }}"
   tasks:
-      - ansible.builtin.debug: msg="the password is {{ (secret['items'] | items2dict(key_name='slug', value_name='itemValue'))['password'] }}"
+      - ansible.builtin.debug:
+          msg: >
+            the password is {{
+              (secret['items']
+                | items2dict(key_name='slug',
+                             value_name='itemValue'))['password']
+            }}
 """
 
 from ansible.errors import AnsibleError, AnsibleOptionsError

plugins/modules/cloud/docker/docker_container.py

@@ -1721,7 +1721,7 @@ class TaskParameters(DockerBaseClass):
             elif p_len == 3:
                 # We only allow IPv4 and IPv6 addresses for the bind address
                 ipaddr = parts[0]
-                if not re.match(r'^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$', parts[0]) and not re.match(r'^\[[0-9a-fA-F:]+\]$', ipaddr):
+                if not re.match(r'^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$', parts[0]) and not re.match(r'^\[[0-9a-fA-F:]+(?:|%[^\]/]+)\]$', ipaddr):
                     self.fail(('Bind addresses for published ports must be IPv4 or IPv6 addresses, not hostnames. '
                                'Use the dig lookup to resolve hostnames. (Found hostname: {0})').format(ipaddr))
                 if re.match(r'^\[[0-9a-fA-F:]+\]$', ipaddr):

plugins/modules/cloud/docker/docker_image.py

@@ -776,15 +776,41 @@ class ImageManager(DockerBaseClass):
         '''
         # Load image(s) from file
         load_output = []
+        has_output = False
         try:
             self.log("Opening image %s" % self.load_path)
             with open(self.load_path, 'rb') as image_tar:
                 self.log("Loading image from %s" % self.load_path)
-                for line in self.client.load_image(image_tar):
+                output = self.client.load_image(image_tar)
-                    self.log(line, pretty_print=True)
+                if output is not None:
-                    if "stream" in line or "status" in line:
+                    # Old versions of Docker SDK of Python (before version 2.5.0) do not return anything.
-                        load_line = line.get("stream") or line.get("status") or ''
+                    # (See https://github.com/docker/docker-py/commit/7139e2d8f1ea82340417add02090bfaf7794f159)
-                        load_output.append(load_line)
+                    # Note that before that commit, something else than None was returned, but that was also
+                    # only introduced in a commit that first appeared in 2.5.0 (see
+                    # https://github.com/docker/docker-py/commit/9e793806ff79559c3bc591d8c52a3bbe3cdb7350).
+                    # So the above check works for every released version of Docker SDK for Python.
+                    has_output = True
+                    for line in output:
+                        self.log(line, pretty_print=True)
+                        if "stream" in line or "status" in line:
+                            load_line = line.get("stream") or line.get("status") or ''
+                            load_output.append(load_line)
+                else:
+                    if LooseVersion(docker_version) < LooseVersion('2.5.0'):
+                        self.client.module.warn(
+                            'The installed version of the Docker SDK for Python does not return the loading results'
+                            ' from the Docker daemon. Therefore, we cannot verify whether the expected image was'
+                            ' loaded, whether multiple images where loaded, or whether the load actually succeeded.'
+                            ' If you are not stuck with Python 2.6, *please* upgrade to a version newer than 2.5.0'
+                            ' (2.5.0 was released in August 2017).'
+                        )
+                    else:
+                        self.client.module.warn(
+                            'The API version of your Docker daemon is < 1.23, which does not return the image'
+                            ' loading result from the Docker daemon. Therefore, we cannot verify whether the'
+                            ' expected image was loaded, whether multiple images where loaded, or whether the load'
+                            ' actually succeeded. You should consider upgrading your Docker daemon.'
+                        )
         except EnvironmentError as exc:
             if exc.errno == errno.ENOENT:
                 self.client.fail("Error opening image %s - %s" % (self.load_path, str(exc)))
@@ -793,26 +819,28 @@ class ImageManager(DockerBaseClass):
             self.client.fail("Error loading image %s - %s" % (self.name, str(exc)), stdout='\n'.join(load_output))
 
         # Collect loaded images
-        loaded_images = set()
+        if has_output:
-        for line in load_output:
+            # We can only do this when we actually got some output from Docker daemon
-            if line.startswith('Loaded image:'):
+            loaded_images = set()
-                loaded_images.add(line[len('Loaded image:'):].strip())
+            for line in load_output:
+                if line.startswith('Loaded image:'):
+                    loaded_images.add(line[len('Loaded image:'):].strip())
 
-        if not loaded_images:
+            if not loaded_images:
-            self.client.fail("Detected no loaded images. Archive potentially corrupt?", stdout='\n'.join(load_output))
+                self.client.fail("Detected no loaded images. Archive potentially corrupt?", stdout='\n'.join(load_output))
 
-        expected_image = '%s:%s' % (self.name, self.tag)
+            expected_image = '%s:%s' % (self.name, self.tag)
-        if expected_image not in loaded_images:
+            if expected_image not in loaded_images:
-            self.client.fail(
+                self.client.fail(
-                "The archive did not contain image '%s'. Instead, found %s." % (
+                    "The archive did not contain image '%s'. Instead, found %s." % (
-                    expected_image, ', '.join(["'%s'" % image for image in sorted(loaded_images)])),
+                        expected_image, ', '.join(["'%s'" % image for image in sorted(loaded_images)])),
-                stdout='\n'.join(load_output))
+                    stdout='\n'.join(load_output))
-        loaded_images.remove(expected_image)
+            loaded_images.remove(expected_image)
 
-        if loaded_images:
+            if loaded_images:
-            self.client.module.warn(
+                self.client.module.warn(
-                "The archive contained more images than specified: %s" % (
+                    "The archive contained more images than specified: %s" % (
-                    ', '.join(["'%s'" % image for image in sorted(loaded_images)]), ))
+                        ', '.join(["'%s'" % image for image in sorted(loaded_images)]), ))
 
         return self.client.find_image(self.name, self.tag)
 

plugins/modules/cloud/misc/terraform.py

@@ -194,9 +194,7 @@ def preflight_validation(bin_path, project_path, variables_args=None, plan_file=
     if not os.path.isdir(project_path):
         module.fail_json(msg="Path for Terraform project '{0}' doesn't exist on this host - check the path and try again please.".format(project_path))
 
-    rc, out, err = module.run_command([bin_path, 'validate'] + variables_args, cwd=project_path, use_unsafe_shell=True)
+    rc, out, err = module.run_command([bin_path, 'validate'] + variables_args, check_rc=True, cwd=project_path, use_unsafe_shell=True)
-    if rc != 0:
-        module.fail_json(msg="Failed to validate Terraform configuration files:\r\n{0}".format(err))
 
 
 def _state_args(state_file):
@@ -219,10 +217,8 @@ def init_plugins(bin_path, project_path, backend_config, backend_config_files, i
         for f in backend_config_files:
             command.extend(['-backend-config', f])
     if init_reconfigure:
-        command.extend('-reconfigure')
+        command.extend(['-reconfigure'])
-    rc, out, err = module.run_command(command, cwd=project_path)
+    rc, out, err = module.run_command(command, check_rc=True, cwd=project_path)
-    if rc != 0:
-        module.fail_json(msg="Failed to initialize Terraform modules:\r\n{0}".format(err))
 
 
 def get_workspace_context(bin_path, project_path):
@@ -244,9 +240,7 @@ def get_workspace_context(bin_path, project_path):
 
 def _workspace_cmd(bin_path, project_path, action, workspace):
     command = [bin_path, 'workspace', action, workspace, '-no-color']
-    rc, out, err = module.run_command(command, cwd=project_path)
+    rc, out, err = module.run_command(command, check_rc=True, cwd=project_path)
-    if rc != 0:
-        module.fail_json(msg="Failed to {0} workspace:\r\n{1}".format(action, err))
     return rc, out, err
 
 
@@ -388,15 +382,10 @@ def main():
         command.append(plan_file)
 
     if needs_application and not module.check_mode and not state == 'planned':
-        rc, out, err = module.run_command(command, cwd=project_path)
+        rc, out, err = module.run_command(command, check_rc=True, cwd=project_path)
         # checks out to decide if changes were made during execution
         if ' 0 added, 0 changed' not in out and not state == "absent" or ' 0 destroyed' not in out:
             changed = True
-        if rc != 0:
-            module.fail_json(
-                msg="Failure when executing Terraform command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(rc, out, err),
-                command=' '.join(command)
-            )
 
     outputs_command = [command[0], 'output', '-no-color', '-json'] + _state_args(state_file)
     rc, outputs_text, outputs_err = module.run_command(outputs_command, cwd=project_path)

plugins/modules/monitoring/nagios.py

@@ -19,6 +19,7 @@ module: nagios
 short_description: Perform common tasks in Nagios related to downtime and notifications.
 description:
   - "The C(nagios) module has two basic functions: scheduling downtime and toggling alerts for services or hosts."
+  - The C(nagios) module is not idempotent.
   - All actions require the I(host) parameter to be given explicitly. In playbooks you can use the C({{inventory_hostname}}) variable to refer
     to the host the playbook is currently running on.
   - You can specify multiple services at once by separating them with commas, .e.g., C(services=httpd,nfs,puppet).
@@ -26,7 +27,6 @@ description:
     e.g., C(service=host). This keyword may not be given with other services at the same time.
     I(Setting alerts/downtime/acknowledge for a host does not affect alerts/downtime/acknowledge for any of the services running on it.)
     To schedule downtime for all services on particular host use keyword "all", e.g., C(service=all).
-  - When using the C(nagios) module you will need to specify your Nagios server using the C(delegate_to) parameter.
 options:
   action:
     description:

plugins/modules/net_tools/dnsmadeeasy.py

@@ -467,6 +467,9 @@ class DME2(object):
             for result in self.all_records:
                 if record_type == "MX":
                     value = record_value.split(" ")[1]
+                # Note that TXT records are surrounded by quotes in the API response.
+                elif record_type == "TXT":
+                    value = '"{0}"'.format(record_value)
                 elif record_type == "SRV":
                     value = record_value.split(" ")[3]
                 else:
@@ -651,7 +654,9 @@ def main():
     record_changed = False
     if current_record:
         for i in new_record:
-            if str(current_record[i]) != str(new_record[i]):
+            # Remove leading and trailing quote character from values because TXT records
+            # are surrounded by quotes.
+            if str(current_record[i]).strip('"') != str(new_record[i]):
                 record_changed = True
         new_record['id'] = str(current_record['id'])
 
@@ -673,8 +678,11 @@ def main():
         # create record and monitor as the record does not exist
         if not current_record:
             record = DME.createRecord(DME.prepareRecord(new_record))
-            monitor = DME.updateMonitor(record['id'], DME.prepareMonitor(new_monitor))
+            if new_monitor.get('monitor') and record_type == "A":
-            module.exit_json(changed=True, result=dict(record=record, monitor=monitor))
+                monitor = DME.updateMonitor(record['id'], DME.prepareMonitor(new_monitor))
+                module.exit_json(changed=True, result=dict(record=record, monitor=monitor))
+            else:
+                module.exit_json(changed=True, result=dict(record=record, monitor=current_monitor))
 
         # update the record
         updated = False

plugins/modules/net_tools/lldp.py

@@ -41,7 +41,7 @@ from ansible.module_utils.basic import AnsibleModule
 
 
 def gather_lldp(module):
-    cmd = ['lldpctl', '-f', 'keyvalue']
+    cmd = [module.get_bin_path('lldpctl'), '-f', 'keyvalue']
     rc, output, err = module.run_command(cmd)
     if output:
         output_dict = {}

plugins/modules/net_tools/snmp_facts.py

@@ -269,8 +269,8 @@ def main():
             level=dict(type='str', choices=['authNoPriv', 'authPriv']),
             integrity=dict(type='str', choices=['md5', 'sha']),
             privacy=dict(type='str', choices=['aes', 'des']),
-            authkey=dict(type='str'),
+            authkey=dict(type='str', no_log=True),
-            privkey=dict(type='str'),
+            privkey=dict(type='str', no_log=True),
         ),
         required_together=(
             ['username', 'level', 'integrity', 'authkey'],

plugins/modules/packaging/language/npm.py

@@ -7,39 +7,39 @@ from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
 
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: npm
 short_description: Manage node.js packages with npm
 description:
-  - Manage node.js packages with Node Package Manager (npm)
+  - Manage node.js packages with Node Package Manager (npm).
 author: "Chris Hoffman (@chrishoffman)"
 options:
   name:
     description:
-      - The name of a node.js library to install
+      - The name of a node.js library to install.
     type: str
     required: false
   path:
     description:
-      - The base path where to install the node.js libraries
+      - The base path where to install the node.js libraries.
     type: path
     required: false
   version:
     description:
-      - The version to be installed
+      - The version to be installed.
     type: str
     required: false
   global:
     description:
-      - Install the node.js library globally
+      - Install the node.js library globally.
     required: false
     default: no
     type: bool
   executable:
     description:
       - The executable location for npm.
-      - This is useful if you are using a version manager, such as nvm
+      - This is useful if you are using a version manager, such as nvm.
     type: path
     required: false
   ignore_scripts:
@@ -55,12 +55,12 @@ options:
     default: no
   ci:
     description:
-      - Install packages based on package-lock file, same as running npm ci
+      - Install packages based on package-lock file, same as running C(npm ci).
     type: bool
     default: no
   production:
     description:
-      - Install dependencies in production mode, excluding devDependencies
+      - Install dependencies in production mode, excluding devDependencies.
     required: false
     type: bool
     default: no
@@ -71,7 +71,7 @@ options:
     type: str
   state:
     description:
-      - The state of the node.js library
+      - The state of the node.js library.
     required: false
     type: str
     default: present
@@ -80,7 +80,7 @@ requirements:
     - npm installed in bin path (recommended /usr/local/bin)
 '''
 
-EXAMPLES = '''
+EXAMPLES = r'''
 - name: Install "coffee-script" node.js package.
   community.general.npm:
     name: coffee-script
@@ -124,12 +124,12 @@ EXAMPLES = '''
     state: present
 '''
 
+import json
 import os
 import re
 
 from ansible.module_utils.basic import AnsibleModule
-
+from ansible.module_utils._text import to_native
-import json
 
 
 class Npm(object):
@@ -155,7 +155,7 @@ class Npm(object):
         else:
             self.name_version = self.name
 
-    def _exec(self, args, run_in_check_mode=False, check_rc=True):
+    def _exec(self, args, run_in_check_mode=False, check_rc=True, add_package_name=True):
         if not self.module.check_mode or (self.module.check_mode and run_in_check_mode):
             cmd = self.executable + args
 
@@ -167,7 +167,7 @@ class Npm(object):
                 cmd.append('--ignore-scripts')
             if self.unsafe_perm:
                 cmd.append('--unsafe-perm')
-            if self.name:
+            if self.name and add_package_name:
                 cmd.append(self.name_version)
             if self.registry:
                 cmd.append('--registry')
@@ -191,7 +191,11 @@ class Npm(object):
 
         installed = list()
         missing = list()
-        data = json.loads(self._exec(cmd, True, False))
+        data = {}
+        try:
+            data = json.loads(self._exec(cmd, True, False, False) or '{}')
+        except (getattr(json, 'JSONDecodeError', ValueError)) as e:
+            self.module.fail_json(msg="Failed to parse NPM output with error %s" % to_native(e))
         if 'dependencies' in data:
             for dep in data['dependencies']:
                 if 'missing' in data['dependencies'][dep] and data['dependencies'][dep]['missing']:

plugins/modules/packaging/os/homebrew.py

@@ -38,7 +38,7 @@ options:
             - "A ':' separated list of paths to search for 'brew' executable.
               Since a package (I(formula) in homebrew parlance) location is prefixed relative to the actual path of I(brew) command,
               providing an alternative I(brew) path enables managing different set of packages in an alternative location in the system."
-        default: '/usr/local/bin'
+        default: '/usr/local/bin:/opt/homebrew/bin'
         type: path
     state:
         description:
@@ -76,7 +76,7 @@ notes:
 '''
 
 EXAMPLES = '''
-# Install formula foo with 'brew' in default path (C(/usr/local/bin))
+# Install formula foo with 'brew' in default path
 - community.general.homebrew:
     name: foo
     state: present
@@ -871,7 +871,7 @@ def main():
                 elements='str',
             ),
             path=dict(
-                default="/usr/local/bin",
+                default="/usr/local/bin:/opt/homebrew/bin",
                 required=False,
                 type='path',
             ),

plugins/modules/packaging/os/homebrew_cask.py

@@ -32,7 +32,7 @@ options:
   path:
     description:
     - "':' separated list of paths to search for 'brew' executable."
-    default: '/usr/local/bin'
+    default: '/usr/local/bin:/opt/homebrew/bin'
     type: path
   state:
     description:
@@ -779,7 +779,7 @@ def main():
                 elements='str',
             ),
             path=dict(
-                default="/usr/local/bin",
+                default="/usr/local/bin:/opt/homebrew/bin",
                 required=False,
                 type='path',
             ),

plugins/modules/packaging/os/homebrew_tap.py

@@ -218,7 +218,7 @@ def main():
     brew_path = module.get_bin_path(
         'brew',
         required=True,
-        opt_dirs=['/usr/local/bin']
+        opt_dirs=['/usr/local/bin', '/opt/homebrew/bin']
     )
 
     taps = module.params['name']

plugins/modules/source_control/bitbucket/bitbucket_pipeline_variable.py

@@ -85,7 +85,7 @@ EXAMPLES = r'''
 
 RETURN = r''' # '''
 
-from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.basic import AnsibleModule, _load_params
 from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper
 
 error_messages = {
@@ -211,6 +211,14 @@ def delete_pipeline_variable(module, bitbucket, variable_uuid):
         ))
 
 
+class BitBucketPipelineVariable(AnsibleModule):
+    def __init__(self, *args, **kwargs):
+        params = _load_params() or {}
+        if params.get('secured'):
+            kwargs['argument_spec']['value'].update({'no_log': True})
+        super(BitBucketPipelineVariable, self).__init__(*args, **kwargs)
+
+
 def main():
     argument_spec = BitbucketHelper.bitbucket_argument_spec()
     argument_spec.update(
@@ -221,7 +229,7 @@ def main():
         secured=dict(type='bool', default=False),
         state=dict(type='str', choices=['present', 'absent'], required=True),
     )
-    module = AnsibleModule(
+    module = BitBucketPipelineVariable(
         argument_spec=argument_spec,
         supports_check_mode=True,
     )

plugins/modules/system/parted.py

@@ -217,10 +217,11 @@ EXAMPLES = r'''
 
 - name: Extend an existing partition to fill all available space
   community.general.parted:
-    decice: /dev/sdb
+    device: /dev/sdb
     number: "{{ sdb_info.partitions | length }}"
     part_end: "100%"
     resize: true
+    state: present
 '''
 
 

shippable.yml

@@ -24,135 +24,6 @@ matrix:
     - env: T=2.9/sanity/3
     - env: T=2.9/sanity/4
 
-    - env: T=devel/units/2.6/1
-    - env: T=devel/units/2.7/1
-    - env: T=devel/units/3.5/1
-    - env: T=devel/units/3.6/1
-    - env: T=devel/units/3.7/1
-    - env: T=devel/units/3.8/1
-    - env: T=devel/units/3.9/1
-
-    - env: T=2.10/units/2.6/1
-    - env: T=2.10/units/2.7/1
-    - env: T=2.10/units/3.5/1
-    - env: T=2.10/units/3.6/1
-    - env: T=2.10/units/3.7/1
-    - env: T=2.10/units/3.8/1
-    - env: T=2.10/units/3.9/1
-
-    - env: T=2.9/units/2.6/1
-    - env: T=2.9/units/2.7/1
-    - env: T=2.9/units/3.5/1
-    - env: T=2.9/units/3.6/1
-    - env: T=2.9/units/3.7/1
-    - env: T=2.9/units/3.8/1
-
-    #- env: T=devel/aix/7.2/1
-    - env: T=devel/osx/10.11/1
-    - env: T=devel/macos/10.15/1
-    - env: T=devel/rhel/7.8/1
-    - env: T=devel/rhel/8.2/1
-    - env: T=devel/freebsd/11.1/1
-    - env: T=devel/freebsd/12.1/1
-    - env: T=devel/linux/centos6/1
-    - env: T=devel/linux/centos7/1
-    - env: T=devel/linux/centos8/1
-    - env: T=devel/linux/fedora31/1
-    - env: T=devel/linux/fedora32/1
-    - env: T=devel/linux/opensuse15py2/1
-    - env: T=devel/linux/opensuse15/1
-    - env: T=devel/linux/ubuntu1604/1
-    - env: T=devel/linux/ubuntu1804/1
-
-    #- env: T=devel/aix/7.2/2
-    - env: T=devel/osx/10.11/2
-    - env: T=devel/macos/10.15/2
-    - env: T=devel/rhel/7.8/2
-    - env: T=devel/rhel/8.2/2
-    - env: T=devel/freebsd/11.1/2
-    - env: T=devel/freebsd/12.1/2
-    - env: T=devel/linux/centos6/2
-    - env: T=devel/linux/centos7/2
-    - env: T=devel/linux/centos8/2
-    - env: T=devel/linux/fedora31/2
-    - env: T=devel/linux/fedora32/2
-    - env: T=devel/linux/opensuse15py2/2
-    - env: T=devel/linux/opensuse15/2
-    - env: T=devel/linux/ubuntu1604/2
-    - env: T=devel/linux/ubuntu1804/2
-
-    #- env: T=devel/aix/7.2/3
-    - env: T=devel/osx/10.11/3
-    - env: T=devel/macos/10.15/3
-    - env: T=devel/rhel/7.8/3
-    - env: T=devel/rhel/8.2/3
-    - env: T=devel/freebsd/11.1/3
-    - env: T=devel/freebsd/12.1/3
-    - env: T=devel/linux/centos6/3
-    - env: T=devel/linux/centos7/3
-    - env: T=devel/linux/centos8/3
-    - env: T=devel/linux/fedora31/3
-    - env: T=devel/linux/fedora32/3
-    - env: T=devel/linux/opensuse15py2/3
-    - env: T=devel/linux/opensuse15/3
-    - env: T=devel/linux/ubuntu1604/3
-    - env: T=devel/linux/ubuntu1804/3
-
-    #- env: T=devel/aix/7.2/4
-    - env: T=devel/osx/10.11/4
-    - env: T=devel/macos/10.15/4
-    - env: T=devel/rhel/7.8/4
-    - env: T=devel/rhel/8.2/4
-    - env: T=devel/freebsd/11.1/4
-    - env: T=devel/freebsd/12.1/4
-    - env: T=devel/linux/centos6/4
-    - env: T=devel/linux/centos7/4
-    - env: T=devel/linux/centos8/4
-    - env: T=devel/linux/fedora31/4
-    - env: T=devel/linux/fedora32/4
-    - env: T=devel/linux/opensuse15py2/4
-    - env: T=devel/linux/opensuse15/4
-    - env: T=devel/linux/ubuntu1604/4
-    - env: T=devel/linux/ubuntu1804/4
-
-    #- env: T=devel/aix/7.2/5
-    - env: T=devel/osx/10.11/5
-    - env: T=devel/macos/10.15/5
-    - env: T=devel/rhel/7.8/5
-    - env: T=devel/rhel/8.2/5
-    - env: T=devel/freebsd/11.1/5
-    - env: T=devel/freebsd/12.1/5
-    - env: T=devel/linux/centos6/5
-    - env: T=devel/linux/centos7/5
-    - env: T=devel/linux/centos8/5
-    - env: T=devel/linux/fedora31/5
-    - env: T=devel/linux/fedora32/5
-    - env: T=devel/linux/opensuse15py2/5
-    - env: T=devel/linux/opensuse15/5
-    - env: T=devel/linux/ubuntu1604/5
-    - env: T=devel/linux/ubuntu1804/5
-
-    - env: T=devel/cloud/2.7/1
-    - env: T=devel/cloud/3.6/1
-
-    - env: T=2.10/osx/10.11/1
-    - env: T=2.10/rhel/8.2/1
-    - env: T=2.10/freebsd/12.1/2
-    - env: T=2.10/linux/centos8/2
-    - env: T=2.10/linux/fedora32/3
-    - env: T=2.10/linux/opensuse15/3
-    - env: T=2.10/linux/ubuntu1804/4
-    - env: T=2.10/cloud/3.6/1
-
-    #- env: T=2.9/osx/10.11/1
-    - env: T=2.9/rhel/8.2/1
-    - env: T=2.9/freebsd/12.0/2
-    - env: T=2.9/linux/centos8/2
-    - env: T=2.9/linux/fedora31/3
-    - env: T=2.9/linux/opensuse15/3
-    - env: T=2.9/linux/ubuntu1804/4
-    - env: T=2.9/cloud/3.6/1
-
 branches:
   except:
     - "*-patch-*"

tests/integration/targets/connection_chroot/aliases

@@ -1,3 +1,3 @@
 needs/root
 shippable/posix/group3
-skip/macos  # FIXME
+skip/macos # Skipped due to limitation of macOS 10.15 SIP, please read https://github.com/ansible-collections/community.general/issues/1017#issuecomment-755088895

tests/integration/targets/docker_container/tasks/tests/options.yml

@@ -2914,9 +2914,22 @@ avoid such warnings, please quote the value.' in log_options_2.warnings"
     published_ports:
     - '127.0.0.1:9002:9002/tcp'
     - '[::1]:9003:9003/tcp'
+    - '[fe80::1%test]:90:90/tcp'
     force_kill: yes
   register: published_ports_5
 
+- name: published_ports (ports with IP addresses, idempotent)
+  docker_container:
+    image: "{{ docker_test_image_alpine }}"
+    command: '/bin/sh -c "sleep 10m"'
+    name: "{{ cname }}"
+    state: started
+    published_ports:
+    - '127.0.0.1:9002:9002/tcp'
+    - '[::1]:9003:9003/tcp'
+    - '[fe80::1%test]:90:90/tcp'
+  register: published_ports_6
+
 - name: published_ports (no published ports)
   docker_container:
     image: "{{ docker_test_image_alpine }}"
@@ -2927,7 +2940,7 @@ avoid such warnings, please quote the value.' in log_options_2.warnings"
     comparisons:
       published_ports: strict
     force_kill: yes
-  register: published_ports_6
+  register: published_ports_7
 
 - name: cleanup
   docker_container:
@@ -2943,7 +2956,8 @@ avoid such warnings, please quote the value.' in log_options_2.warnings"
     - published_ports_3 is not changed
     - published_ports_4 is changed
     - published_ports_5 is changed
-    - published_ports_6 is changed
+    - published_ports_6 is not changed
+    - published_ports_7 is changed
 
 ####################################################################
 ## pull ############################################################

tests/integration/targets/docker_image/tasks/tests/options.yml

@@ -230,6 +230,14 @@
   register: load_image_3
   ignore_errors: true
 
+- name: load image (invalid image, old API version)
+  docker_image:
+    name: foo:bar
+    load_path: "{{ output_dir }}/image-invalid.tar"
+    source: load
+    api_version: "1.22"
+  register: load_image_4
+
 - assert:
     that:
     - load_image is changed
@@ -240,6 +248,8 @@
       "The archive did not contain image 'foo:bar'. Instead, found '" ~ docker_test_image_hello_world ~ "'." == load_image_2.msg
     - load_image_3 is failed
     - '"Detected no loaded images. Archive potentially corrupt?" == load_image_3.msg'
+    - load_image_4 is changed
+    - "'The API version of your Docker daemon is < 1.23, which does not return the image loading result from the Docker daemon. Therefore, we cannot verify whether the expected image was loaded, whether multiple images where loaded, or whether the load actually succeeded. You should consider upgrading your Docker daemon.' in load_image_4.warnings"
 
 ####################################################################
 ## path ############################################################

tests/integration/targets/hg/aliases

@@ -1,4 +1,3 @@
 shippable/posix/group2
 skip/python3
 skip/aix
-disabled  # tests use bitbucket, which dropped mercurial support on 2020-08-26 (https://bitbucket.org/blog/sunsetting-mercurial-support-in-bitbucket)

tests/integration/targets/hg/tasks/main.yml

@@ -4,22 +4,9 @@
 ####################################################################
 
 # test code for the hg module
-# (c) 2014, James Tanner <tanner.jc@gmail.com>
+# Copyright: (c) 2014, James Tanner <tanner.jc@gmail.com>
-
-# This file is part of Ansible
 #
-# Ansible is free software: you can redistribute it and/or modify
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
 - name: determine if mercurial is already installed
   command: which hg

tests/integration/targets/hg/tasks/run-tests.yml

@@ -1,27 +1,16 @@
 # test code for the hg module
-# (c) 2018, Ansible Project
+# Copyright: (c) 2018, Ansible Project
-
-# This file is part of Ansible
 #
-# Ansible is free software: you can redistribute it and/or modify
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
 
 - name: set where to extract the repo
-  set_fact: checkout_dir={{ output_dir }}/epdb
+  set_fact:
+    checkout_dir: "{{ output_dir }}/hg_project_test"
 
 - name: set what repo to use
-  set_fact: repo=https://bitbucket.org/rpathsync/epdb
+  set_fact:
+    repo: "http://hg.pf.osdn.net/view/a/ak/akasurde/hg_project_test"
 
 - name: clean out the output_dir
   shell: rm -rf {{ output_dir }}/*
@@ -30,7 +19,9 @@
   shell: which hg
 
 - name: initial checkout
-  hg: repo={{ repo }} dest={{ checkout_dir }}
+  hg:
+    repo: "{{ repo }}"
+    dest: "{{ checkout_dir }}"
   register: hg_result
 
 - debug: var=hg_result
@@ -46,17 +37,21 @@
       - "hg_result.changed"
 
 - name: repeated checkout
-  hg: repo={{ repo }} dest={{ checkout_dir }}
+  hg:
+    repo: "{{ repo }}"
+    dest: "{{ checkout_dir }}"
   register: hg_result2
 
 - debug: var=hg_result2
 
 - name: check for tags
-  stat: path={{ checkout_dir }}/.hgtags
+  stat:
+    path: "{{ checkout_dir }}/.hgtags"
   register: tags
 
 - name: check for remotes
-  stat: path={{ checkout_dir }}/.hg/branch
+  stat:
+    path: "{{ checkout_dir }}/.hg/branch"
   register: branches
 
 - debug: var=tags
@@ -68,13 +63,16 @@
       - "tags.stat.isreg"
       - "branches.stat.isreg"
 
-- name: verify on a reclone things are marked unchanged
+- name: verify on a re-clone things are marked unchanged
   assert:
     that:
       - "not hg_result2.changed"
 
 - name: Checkout non-existent repo clone
-  hg: repo=https://bitbucket.org/pyro46/pythonscript_1 clone=no update=no
+  hg:
+    repo: "http://hg.pf.osdn.net/view/a/ak/akasurde/hg_project_test_1"
+    clone: no
+    update: no
   register: hg_result3
   ignore_errors: true
 

tests/integration/targets/java_cert/aliases

@@ -1 +1,7 @@
-unsupported
+destructive
+shippable/posix/group3
+skip/aix
+skip/osx
+skip/macos
+skip/freebsd
+needs/root

tests/integration/targets/java_cert/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_java_keytool

tests/integration/targets/java_cert/tasks/main.yml

@@ -3,56 +3,58 @@
 # WARNING: These are designed specifically for Ansible tests       #
 # and should not be used as examples of how to write Ansible roles #
 ####################################################################
+- when: has_java_keytool
+  block:
 
-- name: prep pkcs12 file
+    - name: prep pkcs12 file
-  copy: src="{{ test_pkcs12_path }}" dest="{{output_dir}}/{{ test_pkcs12_path }}"
+      copy: src="{{ test_pkcs12_path }}" dest="{{output_dir}}/{{ test_pkcs12_path }}"
 
-- name: import pkcs12
+    - name: import pkcs12
-  java_cert:
+      java_cert:
-     pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
+         pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
-     pkcs12_password: changeit
+         pkcs12_password: changeit
-     pkcs12_alias: default
+         pkcs12_alias: default
-     cert_alias: default
+         cert_alias: default
-     keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
+         keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
-     keystore_pass: changeme_keystore
+         keystore_pass: changeme_keystore
-     keystore_create: yes
+         keystore_create: yes
-     state: present
+         state: present
-  register: result_success
+      register: result_success
-- name: verify success
+    - name: verify success
-  assert:
+      assert:
-    that:
+        that:
-    - result_success is successful
+        - result_success is successful
 
-- name: import pkcs12 with wrong password
+    - name: import pkcs12 with wrong password
-  java_cert:
+      java_cert:
-     pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
+         pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
-     pkcs12_password: wrong_pass
+         pkcs12_password: wrong_pass
-     pkcs12_alias: default
+         pkcs12_alias: default
-     cert_alias: default_new
+         cert_alias: default_new
-     keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
+         keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
-     keystore_pass: changeme_keystore
+         keystore_pass: changeme_keystore
-     keystore_create: yes
+         keystore_create: yes
-     state: present
+         state: present
-  ignore_errors: true
+      ignore_errors: true
-  register: result_wrong_pass
+      register: result_wrong_pass
 
-- name: verify fail with wrong import password
+    - name: verify fail with wrong import password
-  assert:
+      assert:
-    that:
+        that:
-    - result_wrong_pass is failed
+        - result_wrong_pass is failed
 
-- name: test fail on mutually exclusive params
+    - name: test fail on mutually exclusive params
-  java_cert:
+      java_cert:
-     cert_path: ca.crt
+         cert_path: ca.crt
-     pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
+         pkcs12_path: "{{output_dir}}/{{ test_pkcs12_path }}"
-     cert_alias: default
+         cert_alias: default
-     keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
+         keystore_path: "{{output_dir}}/{{ test_keystore_path }}"
-     keystore_pass: changeme_keystore
+         keystore_pass: changeme_keystore
-     keystore_create: yes
+         keystore_create: yes
-     state: present
+         state: present
-  ignore_errors: true
+      ignore_errors: true
-  register: result_excl_params
+      register: result_excl_params
-- name: verify failed exclusive params
+    - name: verify failed exclusive params
-  assert:
+      assert:
-    that:
+        that:
-    - result_excl_params is failed
+        - result_excl_params is failed

tests/integration/targets/java_keystore/aliases

@@ -0,0 +1,7 @@
+destructive
+shippable/posix/group3
+skip/aix
+skip/osx
+skip/macos
+skip/freebsd
+needs/root

tests/integration/targets/java_keystore/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - setup_java_keytool
+  - setup_openssl

tests/integration/targets/java_keystore/tasks/main.yml

@@ -0,0 +1,137 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+- when: has_java_keytool
+  block:
+    - name: Create private keys
+      community.crypto.openssl_privatekey:
+        path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
+        size: 2048  # this should work everywhere
+        # The following is more efficient, but might not work everywhere:
+        # type: ECC
+        # curve: secp384r1
+        cipher: "{{ 'auto' if item.passphrase is defined else omit }}"
+        passphrase: "{{ item.passphrase | default(omit) }}"
+      loop:
+        - name: cert
+        - name: cert-pw
+          passphrase: hunter2
+
+    - name: Create CSRs
+      community.crypto.openssl_csr:
+        path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
+        privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
+        privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
+        commonName: "{{ item.commonName }}"
+      loop:
+        - name: cert
+          commonName: example.com
+        - name: cert-pw
+          passphrase: hunter2
+          commonName: example.com
+        - name: cert2
+          keyname: cert
+          commonName: example.org
+        - name: cert2-pw
+          keyname: cert-pw
+          passphrase: hunter2
+          commonName: example.org
+
+    - name: Create certificates
+      community.crypto.x509_certificate:
+        path: "{{ output_dir ~ '/' ~ item.name ~ '.pem' }}"
+        csr_path: "{{ output_dir ~ '/' ~ item.name ~ '.csr' }}"
+        privatekey_path: "{{ output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key' }}"
+        privatekey_passphrase: "{{ item.passphrase | default(omit) }}"
+        provider: selfsigned
+      loop:
+        - name: cert
+          commonName: example.com
+        - name: cert-pw
+          passphrase: hunter2
+          commonName: example.com
+        - name: cert2
+          keyname: cert
+          commonName: example.org
+        - name: cert2-pw
+          keyname: cert-pw
+          passphrase: hunter2
+          commonName: example.org
+
+    - name: Create a Java key store for the given certificates (check mode)
+      community.general.java_keystore: &create_key_store_data
+        name: example
+        certificate: "{{lookup('file', output_dir ~ '/' ~ item.name ~ '.pem') }}"
+        private_key: "{{lookup('file', output_dir ~ '/' ~ (item.keyname | default(item.name)) ~ '.key') }}"
+        private_key_passphrase: "{{ item.passphrase | default(omit) }}"
+        password: changeit
+        dest: "{{ output_dir ~ '/' ~ item.name ~ '.jks' }}"
+      loop: &create_key_store_loop
+        - name: cert
+        - name: cert-pw
+          passphrase: hunter2
+      check_mode: yes
+      register: result_check
+
+    - name: Create a Java key store for the given certificates
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop
+      register: result
+
+    - name: Create a Java key store for the given certificates (idempotency, check mode)
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop
+      check_mode: yes
+      register: result_idem_check
+
+    - name: Create a Java key store for the given certificates (idempotency)
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop
+      register: result_idem
+
+    - name: Create a Java key store for the given certificates (certificate changed, check mode)
+      community.general.java_keystore: *create_key_store_data
+      loop: &create_key_store_loop_new_certs
+        - name: cert2
+          keyname: cert
+        - name: cert2-pw
+          keyname: cert-pw
+          passphrase: hunter2
+      check_mode: yes
+      register: result_change_check
+
+    - name: Create a Java key store for the given certificates (certificate changed)
+      community.general.java_keystore: *create_key_store_data
+      loop: *create_key_store_loop_new_certs
+      register: result_change
+
+    - name: Create a Java key store for the given certificates (password changed, check mode)
+      community.general.java_keystore:
+        <<: *create_key_store_data
+        password: hunter2
+      loop: *create_key_store_loop_new_certs
+      check_mode: yes
+      register: result_pw_change_check
+      when: false  # FIXME: module currently crashes
+
+    - name: Create a Java key store for the given certificates (password changed)
+      community.general.java_keystore:
+        <<: *create_key_store_data
+        password: hunter2
+      loop: *create_key_store_loop_new_certs
+      register: result_pw_change
+      when: false  # FIXME: module currently crashes
+
+    - name: Validate results
+      assert:
+        that:
+          - result is changed
+          - result_check is changed
+          - result_idem is not changed
+          - result_idem_check is not changed
+          - result_change is changed
+          - result_change_check is changed
+          # - result_pw_change is changed        # FIXME: module currently crashes
+          # - result_pw_change_check is changed  # FIXME: module currently crashes

tests/integration/targets/monit/aliases

@@ -6,3 +6,4 @@ skip/macos
 skip/freebsd
 skip/aix
 skip/python2.6  # python-daemon package used in integration tests requires >=2.7
+skip/rhel  # FIXME

tests/integration/targets/setup_java_keytool/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - setup_remote_constraints
+  - setup_pkg_mgr

tests/integration/targets/setup_java_keytool/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+- set_fact:
+    has_java_keytool: >-
+      {{
+        ansible_os_family not in ['Darwin', 'FreeBSD']
+        and not (ansible_distribution == "CentOS" and ansible_distribution_version is version("7.0", "<"))
+      }}
+
+- name: Include OS-specific variables
+  include_vars: '{{ ansible_os_family }}.yml'
+  when: has_java_keytool
+
+- name: Install keytool
+  package:
+    name: '{{ keytool_package_name }}'
+  become: true
+  when: has_java_keytool

tests/integration/targets/setup_java_keytool/vars/Debian.yml

@@ -0,0 +1,2 @@
+---
+keytool_package_name: ca-certificates-java

tests/integration/targets/setup_java_keytool/vars/RedHat.yml

@@ -0,0 +1,2 @@
+---
+keytool_package_name: java-11-openjdk-headless

tests/integration/targets/setup_java_keytool/vars/Suse.yml

@@ -0,0 +1,2 @@
+---
+keytool_package_name: java-11-openjdk-headless

tests/unit/plugins/modules/packaging/language/test_npm.py

@@ -0,0 +1,70 @@
+#
+# Copyright: (c) 2021, Abhijeet Kasurde <akasurde@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible_collections.community.general.tests.unit.compat.mock import call, patch
+from ansible_collections.community.general.plugins.modules.packaging.language import npm
+from ansible_collections.community.general.tests.unit.plugins.modules.utils import (
+    AnsibleExitJson, AnsibleFailJson, ModuleTestCase, set_module_args)
+
+
+class NPMModuleTestCase(ModuleTestCase):
+    module = npm
+
+    def setUp(self):
+        super(NPMModuleTestCase, self).setUp()
+        ansible_module_path = "ansible_collections.community.general.plugins.modules.packaging.language.npm.AnsibleModule"
+        self.mock_run_command = patch('%s.run_command' % ansible_module_path)
+        self.module_main_command = self.mock_run_command.start()
+        self.mock_get_bin_path = patch('%s.get_bin_path' % ansible_module_path)
+        self.get_bin_path = self.mock_get_bin_path.start()
+        self.get_bin_path.return_value = '/testbin/npm'
+
+    def tearDown(self):
+        self.mock_run_command.stop()
+        self.mock_get_bin_path.stop()
+        super(NPMModuleTestCase, self).tearDown()
+
+    def module_main(self, exit_exc):
+        with self.assertRaises(exit_exc) as exc:
+            self.module.main()
+        return exc.exception.args[0]
+
+    def test_present(self):
+        set_module_args({
+            'name': 'coffee-script',
+            'global': 'true',
+            'state': 'present'
+        })
+        self.module_main_command.side_effect = [
+            (0, '{}', ''),
+            (0, '{}', ''),
+        ]
+
+        result = self.module_main(AnsibleExitJson)
+
+        self.assertTrue(result['changed'])
+        self.module_main_command.assert_has_calls([
+            call(['/testbin/npm', 'list', '--json', '--long', '--global'], check_rc=False, cwd=None),
+        ])
+
+    def test_absent(self):
+        set_module_args({
+            'name': 'coffee-script',
+            'global': 'true',
+            'state': 'absent'
+        })
+        self.module_main_command.side_effect = [
+            (0, '{"dependencies": {"coffee-script": {}}}', ''),
+            (0, '{}', ''),
+        ]
+
+        result = self.module_main(AnsibleExitJson)
+
+        self.assertTrue(result['changed'])
+        self.module_main_command.assert_has_calls([
+            call(['/testbin/npm', 'uninstall', '--global', 'coffee-script'], check_rc=True, cwd=None),
+        ])