Release 11.4.2.

CONTRIBUTING.md: fixes/improvements (#11216)

* CONTRIBUTING.md: fixes/improvements

* Update CONTRIBUTING.md



---------


(cherry picked from commit 6b4100d70f)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>

.azure-pipelines/azure-pipelines.yml

@@ -30,13 +30,12 @@ schedules:
     branches:
       include:
         - stable-11
-        - stable-10
   - cron: 0 11 * * 0
     displayName: Weekly (old stable branches)
     always: true
     branches:
       include:
-        - stable-9
+        - stable-10
 
 variables:
   - name: checkoutPath
@@ -70,6 +69,19 @@ stages:
             - test: 2
             - test: 3
             - test: 4
+  - stage: Sanity_2_20
+    displayName: Sanity 2.20
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.20/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
   - stage: Sanity_2_19
     displayName: Sanity 2.19
     dependsOn: []
@@ -96,19 +108,6 @@ stages:
             - test: 2
             - test: 3
             - test: 4
-  - stage: Sanity_2_17
-    displayName: Sanity 2.17
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: 2.17/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
 ### Units
   - stage: Units_devel
     displayName: Units devel
@@ -125,6 +124,18 @@ stages:
             - test: '3.12'
             - test: '3.13'
             - test: '3.14'
+  - stage: Units_2_20
+    displayName: Units 2.20
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.20/units/{0}/1
+          targets:
+            - test: 3.9
+            - test: "3.12"
+            - test: "3.14"
   - stage: Units_2_19
     displayName: Units 2.19
     dependsOn: []
@@ -149,18 +160,6 @@ stages:
             - test: 3.8
             - test: "3.11"
             - test: "3.13"
-  - stage: Units_2_17
-    displayName: Units 2.17
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.17/units/{0}/1
-          targets:
-            - test: 3.7
-            - test: "3.10"
-            - test: "3.12"
 
 ## Remote
   - stage: Remote_devel_extra_vms
@@ -203,6 +202,22 @@ stages:
             - 1
             - 2
             - 3
+  - stage: Remote_2_20
+    displayName: Remote 2.20
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.20/{0}
+          targets:
+            - name: RHEL 10.0
+              test: rhel/10.0
+            - name: FreeBSD 14.3
+              test: freebsd/14.3
+          groups:
+            - 1
+            - 2
+            - 3
   - stage: Remote_2_19
     displayName: Remote 2.19
     dependsOn: []
@@ -239,22 +254,6 @@ stages:
             - 1
             - 2
             - 3
-  - stage: Remote_2_17
-    displayName: Remote 2.17
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.17/{0}
-          targets:
-            - name: FreeBSD 13.5
-              test: freebsd/13.5
-            - name: RHEL 9.3
-              test: rhel/9.3
-          groups:
-            - 1
-            - 2
-            - 3
 
 ### Docker
   - stage: Docker_devel
@@ -277,6 +276,22 @@ stages:
             - 1
             - 2
             - 3
+  - stage: Docker_2_20
+    displayName: Docker 2.20
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.20/linux/{0}
+          targets:
+            - name: Fedora 42
+              test: fedora42
+            - name: Alpine 3.22
+              test: alpine322
+          groups:
+            - 1
+            - 2
+            - 3
   - stage: Docker_2_19
     displayName: Docker 2.19
     dependsOn: []
@@ -311,24 +326,6 @@ stages:
             - 1
             - 2
             - 3
-  - stage: Docker_2_17
-    displayName: Docker 2.17
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.17/linux/{0}
-          targets:
-            - name: Fedora 39
-              test: fedora39
-            - name: Alpine 3.19
-              test: alpine319
-            - name: Ubuntu 20.04
-              test: ubuntu2004
-          groups:
-            - 1
-            - 2
-            - 3
 
 ### Community Docker
   - stage: Docker_community_devel
@@ -366,6 +363,17 @@ stages:
 #            - test: '3.9'
 #            - test: '3.12'
 #            - test: '3.14'
+#  - stage: Generic_2_20
+#    displayName: Generic 2.20
+#    dependsOn: []
+#    jobs:
+#      - template: templates/matrix.yml
+#        parameters:
+#          nameFormat: Python {0}
+#          testFormat: 2.20/generic/{0}/1
+#          targets:
+#            - test: '3.10'
+#            - test: '3.14'
 #  - stage: Generic_2_19
 #    displayName: Generic 2.19
 #    dependsOn: []
@@ -388,43 +396,32 @@ stages:
 #          targets:
 #            - test: '3.8'
 #            - test: '3.13'
-#  - stage: Generic_2_17
-#    displayName: Generic 2.17
-#    dependsOn: []
-#    jobs:
-#      - template: templates/matrix.yml
-#        parameters:
-#          nameFormat: Python {0}
-#          testFormat: 2.17/generic/{0}/1
-#          targets:
-#            - test: '3.7'
-#            - test: '3.12'
 
   - stage: Summary
     condition: succeededOrFailed()
     dependsOn:
       - Sanity_devel
+      - Sanity_2_20
       - Sanity_2_19
       - Sanity_2_18
-      - Sanity_2_17
       - Units_devel
+      - Units_2_20
       - Units_2_19
       - Units_2_18
-      - Units_2_17
       - Remote_devel_extra_vms
       - Remote_devel
+      - Remote_2_20
       - Remote_2_19
       - Remote_2_18
-      - Remote_2_17
       - Docker_devel
+      - Docker_2_20
       - Docker_2_19
       - Docker_2_18
-      - Docker_2_17
       - Docker_community_devel
 # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
 #      - Generic_devel
+#      - Generic_2_20
 #      - Generic_2_19
 #      - Generic_2_18
-#      - Generic_2_17
     jobs:
       - template: templates/coverage.yml

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -146,7 +146,7 @@ body:
     attributes:
       label: Code of Conduct
       description: |
-        Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
+        Read the [Ansible Code of Conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
       options:
         - label: I agree to follow the Ansible Code of Conduct
           required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -7,7 +7,7 @@
 blank_issues_enabled: false  # default: true
 contact_links:
   - name: Security bug report
-    url: https://docs.ansible.com/ansible-core/devel/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
+    url: https://docs.ansible.com/projects/ansible-core/devel/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
     about: |
       Please learn how to report security vulnerabilities here.
 
@@ -16,12 +16,12 @@ contact_links:
       a prompt response.
 
       For more information, see
-      https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
+      https://docs.ansible.com/projects/ansible/latest/community/reporting_bugs_and_features.html
   - name: Ansible Code of Conduct
-    url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
+    url: https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
     about: Be nice to other members of the community.
   - name: Talks to the community
-    url: https://docs.ansible.com/ansible/latest/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#mailing-list-information
+    url: https://docs.ansible.com/projects/ansible/latest/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#mailing-list-information
     about: Please ask and answer usage questions here
   - name: Working groups
     url: https://github.com/ansible/community/wiki

.github/ISSUE_TEMPLATE/documentation_report.yml

@@ -122,7 +122,7 @@ body:
     attributes:
       label: Code of Conduct
       description: |
-        Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
+        Read the [Ansible Code of Conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
       options:
         - label: I agree to follow the Ansible Code of Conduct
           required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -66,7 +66,7 @@ body:
     attributes:
       label: Code of Conduct
       description: |
-        Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
+        Read the [Ansible Code of Conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
       options:
         - label: I agree to follow the Ansible Code of Conduct
           required: true

.github/pull_request_template.md

@@ -4,7 +4,7 @@
 <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
 
 <!--- Please do not forget to include a changelog fragment:
-      https://docs.ansible.com/ansible/devel/community/collection_development_process.html#creating-changelog-fragments
+      https://docs.ansible.com/projects/ansible/devel/community/collection_development_process.html#creating-changelog-fragments
       No need to include one for docs-only or test-only PR, and for new plugin/module PRs.
       Read about more details in CONTRIBUTING.md.
       -->

.github/workflows/ansible-test.yml

@@ -30,6 +30,7 @@ jobs:
       matrix:
         ansible:
           - '2.16'
+          - '2.17'
     runs-on: ubuntu-latest
     steps:
       - name: Perform sanity testing
@@ -63,6 +64,12 @@ jobs:
             python: '3.6'
           - ansible: '2.16'
             python: '3.11'
+          - ansible: '2.17'
+            python: '3.7'
+          - ansible: '2.17'
+            python: '3.10'
+          - ansible: '2.17'
+            python: '3.12'
 
     steps:
       - name: >-
@@ -136,19 +143,43 @@ jobs:
             docker: alpine3
             python: ''
             target: azp/posix/3/
-          # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
-          # - ansible: '2.16'
-          #   docker: default
-          #   python: '2.7'
-          #   target: azp/generic/1/
-          # - ansible: '2.16'
-          #   docker: default
-          #   python: '3.6'
-          #   target: azp/generic/1/
-          # - ansible: '2.16'
-          #   docker: default
-          #   python: '3.11'
-          #   target: azp/generic/1/
+          # 2.17
+          - ansible: '2.17'
+            docker: fedora39
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.17'
+            docker: fedora39
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.17'
+            docker: fedora39
+            python: ''
+            target: azp/posix/3/
+          - ansible: '2.17'
+            docker: alpine319
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.17'
+            docker: alpine319
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.17'
+            docker: alpine319
+            python: ''
+            target: azp/posix/3/
+          - ansible: '2.17'
+            docker: ubuntu2004
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.17'
+            docker: ubuntu2004
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.17'
+            docker: ubuntu2004
+            python: ''
+            target: azp/posix/3/
 
     steps:
       - name: >-

.github/workflows/codeql-analysis.yml

@@ -24,15 +24,15 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: python
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4

.github/workflows/nox.yml

@@ -21,7 +21,7 @@ jobs:
     name: "Run extra sanity tests"
     steps:
       - name: Check out collection
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Run nox

CHANGELOG.md

@@ -2,52 +2,61 @@
 
 **Topics**
 
-- <a href="#v11-4-0">v11\.4\.0</a>
+- <a href="#v11-4-2">v11\.4\.2</a>
     - <a href="#release-summary">Release Summary</a>
     - <a href="#minor-changes">Minor Changes</a>
     - <a href="#bugfixes">Bugfixes</a>
-- <a href="#v11-3-0">v11\.3\.0</a>
+- <a href="#v11-4-1">v11\.4\.1</a>
     - <a href="#release-summary-1">Release Summary</a>
     - <a href="#minor-changes-1">Minor Changes</a>
-    - <a href="#deprecated-features">Deprecated Features</a>
+    - <a href="#security-fixes">Security Fixes</a>
     - <a href="#bugfixes-1">Bugfixes</a>
+- <a href="#v11-4-0">v11\.4\.0</a>
+    - <a href="#release-summary-2">Release Summary</a>
+    - <a href="#minor-changes-2">Minor Changes</a>
+    - <a href="#bugfixes-2">Bugfixes</a>
+- <a href="#v11-3-0">v11\.3\.0</a>
+    - <a href="#release-summary-3">Release Summary</a>
+    - <a href="#minor-changes-3">Minor Changes</a>
+    - <a href="#deprecated-features">Deprecated Features</a>
+    - <a href="#bugfixes-3">Bugfixes</a>
     - <a href="#new-plugins">New Plugins</a>
         - <a href="#filter">Filter</a>
     - <a href="#new-modules">New Modules</a>
 - <a href="#v11-2-1">v11\.2\.1</a>
-    - <a href="#release-summary-2">Release Summary</a>
-    - <a href="#bugfixes-2">Bugfixes</a>
+    - <a href="#release-summary-4">Release Summary</a>
+    - <a href="#bugfixes-4">Bugfixes</a>
 - <a href="#v11-2-0">v11\.2\.0</a>
-    - <a href="#release-summary-3">Release Summary</a>
-    - <a href="#minor-changes-2">Minor Changes</a>
+    - <a href="#release-summary-5">Release Summary</a>
+    - <a href="#minor-changes-4">Minor Changes</a>
     - <a href="#deprecated-features-1">Deprecated Features</a>
-    - <a href="#bugfixes-3">Bugfixes</a>
+    - <a href="#bugfixes-5">Bugfixes</a>
     - <a href="#new-plugins-1">New Plugins</a>
         - <a href="#lookup">Lookup</a>
     - <a href="#new-modules-1">New Modules</a>
 - <a href="#v11-1-2">v11\.1\.2</a>
-    - <a href="#release-summary-4">Release Summary</a>
-    - <a href="#minor-changes-3">Minor Changes</a>
-    - <a href="#bugfixes-4">Bugfixes</a>
-- <a href="#v11-1-1">v11\.1\.1</a>
-    - <a href="#release-summary-5">Release Summary</a>
-    - <a href="#minor-changes-4">Minor Changes</a>
-    - <a href="#bugfixes-5">Bugfixes</a>
-- <a href="#v11-1-0">v11\.1\.0</a>
     - <a href="#release-summary-6">Release Summary</a>
     - <a href="#minor-changes-5">Minor Changes</a>
-    - <a href="#deprecated-features-2">Deprecated Features</a>
     - <a href="#bugfixes-6">Bugfixes</a>
+- <a href="#v11-1-1">v11\.1\.1</a>
+    - <a href="#release-summary-7">Release Summary</a>
+    - <a href="#minor-changes-6">Minor Changes</a>
+    - <a href="#bugfixes-7">Bugfixes</a>
+- <a href="#v11-1-0">v11\.1\.0</a>
+    - <a href="#release-summary-8">Release Summary</a>
+    - <a href="#minor-changes-7">Minor Changes</a>
+    - <a href="#deprecated-features-2">Deprecated Features</a>
+    - <a href="#bugfixes-8">Bugfixes</a>
     - <a href="#new-plugins-2">New Plugins</a>
         - <a href="#callback">Callback</a>
     - <a href="#new-modules-2">New Modules</a>
 - <a href="#v11-0-0">v11\.0\.0</a>
-    - <a href="#release-summary-7">Release Summary</a>
-    - <a href="#minor-changes-6">Minor Changes</a>
+    - <a href="#release-summary-9">Release Summary</a>
+    - <a href="#minor-changes-8">Minor Changes</a>
     - <a href="#deprecated-features-3">Deprecated Features</a>
     - <a href="#removed-features-previously-deprecated">Removed Features \(previously deprecated\)</a>
-    - <a href="#security-fixes">Security Fixes</a>
-    - <a href="#bugfixes-7">Bugfixes</a>
+    - <a href="#security-fixes-1">Security Fixes</a>
+    - <a href="#bugfixes-9">Bugfixes</a>
     - <a href="#known-issues">Known Issues</a>
     - <a href="#new-plugins-3">New Plugins</a>
         - <a href="#callback-1">Callback</a>
@@ -58,17 +67,75 @@
     - <a href="#new-modules-3">New Modules</a>
 This changelog describes changes after version 10\.0\.0\.
 
-<a id="v11-4-0"></a>
-## v11\.4\.0
+<a id="v11-4-2"></a>
+## v11\.4\.2
 
 <a id="release-summary"></a>
 ### Release Summary
 
-Regular bugfix and feature release\.
+Regular bugfix release\.
 
 <a id="minor-changes"></a>
 ### Minor Changes
 
+* tss lookup plugin \- fixed <code>AccessTokenAuthorizer</code> initialization to include <code>base\_url</code> parameter for proper token authentication \([https\://github\.com/ansible\-collections/community\.general/pull/11031](https\://github\.com/ansible\-collections/community\.general/pull/11031)\)\.
+
+<a id="bugfixes"></a>
+### Bugfixes
+
+* cobbler\_system \- compare the version as a float which is the type returned by the Cobbler API \([https\://github\.com/ansible\-collections/community\.general/issues/11044](https\://github\.com/ansible\-collections/community\.general/issues/11044)\)\.
+* datetime module utils \- fix bug in <code>fromtimestamp\(\)</code> that caused the function to crash\. This function is not used in community\.general \([https\://github\.com/ansible\-collections/community\.general/pull/11206](https\://github\.com/ansible\-collections/community\.general/pull/11206)\)\.
+* filesystem \- avoid false positive change detection on XFS resize due to unusable slack space \([https\://github\.com/ansible\-collections/community\.general/pull/11033](https\://github\.com/ansible\-collections/community\.general/pull/11033)\)\.
+* mas \- parse CLI output correctly when listing installed apps with mas 3\.0\.0\+ \([https\://github\.com/ansible\-collections/community\.general/pull/11179](https\://github\.com/ansible\-collections/community\.general/pull/11179)\)\.
+* xfconf \- fix handling of empty array properties \([https\://github\.com/ansible\-collections/community\.general/pull/11026](https\://github\.com/ansible\-collections/community\.general/pull/11026)\)\.
+* xfconf\_info \- fix handling of empty array properties \([https\://github\.com/ansible\-collections/community\.general/pull/11026](https\://github\.com/ansible\-collections/community\.general/pull/11026)\)\.
+
+<a id="v11-4-1"></a>
+## v11\.4\.1
+
+<a id="release-summary-1"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="minor-changes-1"></a>
+### Minor Changes
+
+* dependent lookup plugin \- refactor dict initialization\, no impact to users \([https\://github\.com/ansible\-collections/community\.general/pull/10891](https\://github\.com/ansible\-collections/community\.general/pull/10891)\)\.
+* pacemaker\_cluster\.py \- refactor dict initialization\, no impact to users \([https\://github\.com/ansible\-collections/community\.general/pull/10891](https\://github\.com/ansible\-collections/community\.general/pull/10891)\)\.
+* pacemaker\_resource\.py \- refactor dict initialization\, no impact to users \([https\://github\.com/ansible\-collections/community\.general/pull/10891](https\://github\.com/ansible\-collections/community\.general/pull/10891)\)\.
+* pacemaker\_stonith\.py \- refactor dict initialization\, no impact to users \([https\://github\.com/ansible\-collections/community\.general/pull/10891](https\://github\.com/ansible\-collections/community\.general/pull/10891)\)\.
+* scaleway module\_utils \- improve code readability\, no impact to users \([https\://github\.com/ansible\-collections/community\.general/pull/10891](https\://github\.com/ansible\-collections/community\.general/pull/10891)\)\.
+
+<a id="security-fixes"></a>
+### Security Fixes
+
+* keycloak\_user \- the parameter <code>credentials\[\]\.value</code> is now marked as <code>no\_log\=true</code>\. Before it was logged by Ansible\, unless the task was marked as <code>no\_log\: true</code>\. Since this parameter can be used for passwords\, this resulted in credential leaking \([https\://github\.com/ansible\-collections/community\.general/issues/11000](https\://github\.com/ansible\-collections/community\.general/issues/11000)\, [https\://github\.com/ansible\-collections/community\.general/pull/11005](https\://github\.com/ansible\-collections/community\.general/pull/11005)\)\.
+
+<a id="bugfixes-1"></a>
+### Bugfixes
+
+* cloudflare\_dns \- roll back changes to CAA record validation \([https\://github\.com/ansible\-collections/community\.general/issues/10934](https\://github\.com/ansible\-collections/community\.general/issues/10934)\, [https\://github\.com/ansible\-collections/community\.general/pull/10956](https\://github\.com/ansible\-collections/community\.general/pull/10956)\)\.
+* cloudflare\_dns \- roll back changes to SRV record validation \([https\://github\.com/ansible\-collections/community\.general/issues/10934](https\://github\.com/ansible\-collections/community\.general/issues/10934)\, [https\://github\.com/ansible\-collections/community\.general/pull/10937](https\://github\.com/ansible\-collections/community\.general/pull/10937)\)\.
+* gitlab\_runner \- fix exception in check mode when a new runner is created \([https\://github\.com/ansible\-collections/community\.general/issues/8854](https\://github\.com/ansible\-collections/community\.general/issues/8854)\)\.
+* keycloak\_clientsecret\, keycloak\_clientsecret\_info \- make <code>client\_auth</code> work \([https\://github\.com/ansible\-collections/community\.general/issues/10932](https\://github\.com/ansible\-collections/community\.general/issues/10932)\, [https\://github\.com/ansible\-collections/community\.general/pull/10933](https\://github\.com/ansible\-collections/community\.general/pull/10933)\)\.
+* omapi\_host \- make return values compatible with ansible\-core 2\.19 and Python 3 \([https\://github\.com/ansible\-collections/community\.general/pull/11001](https\://github\.com/ansible\-collections/community\.general/pull/11001)\)\.
+* onepassword\_doc and onepassword\_ssh\_key lookup plugins \- ensure that all connection parameters are passed to CLI class \([https\://github\.com/ansible\-collections/community\.general/pull/10965](https\://github\.com/ansible\-collections/community\.general/pull/10965)\)\.
+* pritunl\_user \- improve resilience when comparing user parameters if remote fields are <code>null</code> or missing\. List parameters \(<code>groups</code>\, <code>mac\_addresses</code>\) now safely default to empty lists for comparison and avoids <code>KeyError</code> issues \([https\://github\.com/ansible\-collections/community\.general/issues/10954](https\://github\.com/ansible\-collections/community\.general/issues/10954)\, [https\://github\.com/ansible\-collections/community\.general/pull/10955](https\://github\.com/ansible\-collections/community\.general/pull/10955)\)\.
+* random\_string lookup plugin \- replace <code>random\.SystemRandom\(\)</code> with <code>secrets\.SystemRandom\(\)</code> when generating strings\. This has no practical effect\, as both are the same \([https\://github\.com/ansible\-collections/community\.general/pull/10893](https\://github\.com/ansible\-collections/community\.general/pull/10893)\)\.
+* terraform \- fix bug when <code>null</code> values inside complex vars are throwing error instead of being passed to terraform\. Now terraform can handle <code>null\`\`s in \`\`complex\_vars</code> itself \([https\://github\.com/ansible\-collections/community\.general/pull/10961](https\://github\.com/ansible\-collections/community\.general/pull/10961)\)\.
+
+<a id="v11-4-0"></a>
+## v11\.4\.0
+
+<a id="release-summary-2"></a>
+### Release Summary
+
+Regular bugfix and feature release\.
+
+<a id="minor-changes-2"></a>
+### Minor Changes
+
 * github\_app\_access\_token lookup plugin \- add support for GitHub Enterprise Server \([https\://github\.com/ansible\-collections/community\.general/issues/10879](https\://github\.com/ansible\-collections/community\.general/issues/10879)\, [https\://github\.com/ansible\-collections/community\.general/pull/10880](https\://github\.com/ansible\-collections/community\.general/pull/10880)\)\.
 * gitlab\_group\_variable \- add <code>description</code> option \([https\://github\.com/ansible\-collections/community\.general/pull/10812](https\://github\.com/ansible\-collections/community\.general/pull/10812)\)\.
 * gitlab\_instance\_variable \- add <code>description</code> option \([https\://github\.com/ansible\-collections/community\.general/pull/10812](https\://github\.com/ansible\-collections/community\.general/pull/10812)\)\.
@@ -76,7 +143,7 @@ Regular bugfix and feature release\.
 * keycloak\_client \- add idempotent support for <code>optional\_client\_scopes</code> and <code>optional\_client\_scopes</code>\, and ensure consistent change detection between check mode and live run \([https\://github\.com/ansible\-collections/community\.general/issues/5495](https\://github\.com/ansible\-collections/community\.general/issues/5495)\, [https\://github\.com/ansible\-collections/community\.general/pull/10842](https\://github\.com/ansible\-collections/community\.general/pull/10842)\)\.
 * pipx module\_utils \- use <code>PIPX\_USE\_EMOJI</code> to disable emojis in the output of <code>pipx</code> 1\.8\.0 \([https\://github\.com/ansible\-collections/community\.general/pull/10874](https\://github\.com/ansible\-collections/community\.general/pull/10874)\)\.
 
-<a id="bugfixes"></a>
+<a id="bugfixes-2"></a>
 ### Bugfixes
 
 * Avoid usage of deprecated <code>ansible\.module\_utils\.six</code> in all code that does not have to support Python 2 \([https\://github\.com/ansible\-collections/community\.general/pull/10873](https\://github\.com/ansible\-collections/community\.general/pull/10873)\)\.
@@ -93,12 +160,12 @@ Regular bugfix and feature release\.
 <a id="v11-3-0"></a>
 ## v11\.3\.0
 
-<a id="release-summary-1"></a>
+<a id="release-summary-3"></a>
 ### Release Summary
 
 Regular bugfix and feature release\.
 
-<a id="minor-changes-1"></a>
+<a id="minor-changes-3"></a>
 ### Minor Changes
 
 * android\_sdk \- minor refactor to improve readability \([https\://github\.com/ansible\-collections/community\.general/pull/10712](https\://github\.com/ansible\-collections/community\.general/pull/10712)\)\.
@@ -154,7 +221,7 @@ Regular bugfix and feature release\.
 * oci\_vcn \- module is deprecated and will be removed in community\.general 13\.0\.0 \([https\://github\.com/ansible\-collections/community\.general/issues/10318](https\://github\.com/ansible\-collections/community\.general/issues/10318)\, [https\://github\.com/ansible\-collections/community\.general/pull/10652](https\://github\.com/ansible\-collections/community\.general/pull/10652)\)\.
 * oracle\* doc fragments \- fragments are deprecated and will be removed in community\.general 13\.0\.0 \([https\://github\.com/ansible\-collections/community\.general/issues/10318](https\://github\.com/ansible\-collections/community\.general/issues/10318)\, [https\://github\.com/ansible\-collections/community\.general/pull/10652](https\://github\.com/ansible\-collections/community\.general/pull/10652)\)\.
 
-<a id="bugfixes-1"></a>
+<a id="bugfixes-3"></a>
 ### Bugfixes
 
 * kdeconfig \- <code>kwriteconfig</code> executable could not be discovered automatically on systems with only <code>kwriteconfig6</code> installed\. <code>kwriteconfig6</code> can now be discovered by Ansible \([https\://github\.com/ansible\-collections/community\.general/issues/10746](https\://github\.com/ansible\-collections/community\.general/issues/10746)\, [https\://github\.com/ansible\-collections/community\.general/pull/10751](https\://github\.com/ansible\-collections/community\.general/pull/10751)\)\.
@@ -181,12 +248,12 @@ Regular bugfix and feature release\.
 <a id="v11-2-1"></a>
 ## v11\.2\.1
 
-<a id="release-summary-2"></a>
+<a id="release-summary-4"></a>
 ### Release Summary
 
 Bugfix release\.
 
-<a id="bugfixes-2"></a>
+<a id="bugfixes-4"></a>
 ### Bugfixes
 
 * Avoid deprecated functionality in ansible\-core 2\.20 \([https\://github\.com/ansible\-collections/community\.general/pull/10687](https\://github\.com/ansible\-collections/community\.general/pull/10687)\)\.
@@ -198,12 +265,12 @@ Bugfix release\.
 <a id="v11-2-0"></a>
 ## v11\.2\.0
 
-<a id="release-summary-3"></a>
+<a id="release-summary-5"></a>
 ### Release Summary
 
 Regular bugfix and features release\.
 
-<a id="minor-changes-2"></a>
+<a id="minor-changes-4"></a>
 ### Minor Changes
 
 * apk \- using safer mechanism to run external command \([https\://github\.com/ansible\-collections/community\.general/issues/10479](https\://github\.com/ansible\-collections/community\.general/issues/10479)\, [https\://github\.com/ansible\-collections/community\.general/pull/10520](https\://github\.com/ansible\-collections/community\.general/pull/10520)\)\.
@@ -241,7 +308,7 @@ Regular bugfix and features release\.
 * github\_repo \- deprecate <code>force\_defaults\=true</code> \([https\://github\.com/ansible\-collections/community\.general/pull/10435](https\://github\.com/ansible\-collections/community\.general/pull/10435)\)\.
 * rocketchat \- the default value for <code>is\_pre740</code>\, currently <code>true</code>\, is deprecated and will change to <code>false</code> in community\.general 13\.0\.0 \([https\://github\.com/ansible\-collections/community\.general/pull/10490](https\://github\.com/ansible\-collections/community\.general/pull/10490)\)\.
 
-<a id="bugfixes-3"></a>
+<a id="bugfixes-5"></a>
 ### Bugfixes
 
 * jenkins\_plugin \- install latest compatible version instead of latest \([https\://github\.com/ansible\-collections/community\.general/issues/854](https\://github\.com/ansible\-collections/community\.general/issues/854)\, [https\://github\.com/ansible\-collections/community\.general/pull/10346](https\://github\.com/ansible\-collections/community\.general/pull/10346)\)\.
@@ -265,12 +332,12 @@ Regular bugfix and features release\.
 <a id="v11-1-2"></a>
 ## v11\.1\.2
 
-<a id="release-summary-4"></a>
+<a id="release-summary-6"></a>
 ### Release Summary
 
 Bugfix release\.
 
-<a id="minor-changes-3"></a>
+<a id="minor-changes-5"></a>
 ### Minor Changes
 
 * gem \- remove redundant constructs from argument specs \([https\://github\.com/ansible\-collections/community\.general/pull/10505](https\://github\.com/ansible\-collections/community\.general/pull/10505)\)\.
@@ -404,7 +471,7 @@ Bugfix release\.
 * zypper \- remove redundant constructs from argument specs \([https\://github\.com/ansible\-collections/community\.general/pull/10513](https\://github\.com/ansible\-collections/community\.general/pull/10513)\)\.
 * zypper\_repository \- remove redundant constructs from argument specs \([https\://github\.com/ansible\-collections/community\.general/pull/10513](https\://github\.com/ansible\-collections/community\.general/pull/10513)\)\.
 
-<a id="bugfixes-4"></a>
+<a id="bugfixes-6"></a>
 ### Bugfixes
 
 * apk \- fix check for empty/whitespace\-only package names \([https\://github\.com/ansible\-collections/community\.general/pull/10532](https\://github\.com/ansible\-collections/community\.general/pull/10532)\)\.
@@ -418,12 +485,12 @@ Bugfix release\.
 <a id="v11-1-1"></a>
 ## v11\.1\.1
 
-<a id="release-summary-5"></a>
+<a id="release-summary-7"></a>
 ### Release Summary
 
 Bugfix release for the next Ansible 12 pre\-release\.
 
-<a id="minor-changes-4"></a>
+<a id="minor-changes-6"></a>
 ### Minor Changes
 
 * aerospike\_migrations \- remove redundant constructs from argument specs \([https\://github\.com/ansible\-collections/community\.general/pull/10494](https\://github\.com/ansible\-collections/community\.general/pull/10494)\)\.
@@ -454,7 +521,7 @@ Bugfix release for the next Ansible 12 pre\-release\.
 * filesystem \- remove redundant constructs from argument specs \([https\://github\.com/ansible\-collections/community\.general/pull/10494](https\://github\.com/ansible\-collections/community\.general/pull/10494)\)\.
 * sysrc \- adjustments to the code \([https\://github\.com/ansible\-collections/community\.general/pull/10417](https\://github\.com/ansible\-collections/community\.general/pull/10417)\)\.
 
-<a id="bugfixes-5"></a>
+<a id="bugfixes-7"></a>
 ### Bugfixes
 
 * apache2\_module \- avoid ansible\-core 2\.19 deprecation \([https\://github\.com/ansible\-collections/community\.general/pull/10459](https\://github\.com/ansible\-collections/community\.general/pull/10459)\)\.
@@ -472,12 +539,12 @@ Bugfix release for the next Ansible 12 pre\-release\.
 <a id="v11-1-0"></a>
 ## v11\.1\.0
 
-<a id="release-summary-6"></a>
+<a id="release-summary-8"></a>
 ### Release Summary
 
 Regular bugfix and feature release\.
 
-<a id="minor-changes-5"></a>
+<a id="minor-changes-7"></a>
 ### Minor Changes
 
 * cloudflare\_dns \- adds support for PTR records \([https\://github\.com/ansible\-collections/community\.general/pull/10267](https\://github\.com/ansible\-collections/community\.general/pull/10267)\)\.
@@ -532,7 +599,7 @@ Regular bugfix and feature release\.
 * catapult \- module is deprecated and will be removed in community\.general 13\.0\.0 \([https\://github\.com/ansible\-collections/community\.general/issues/10318](https\://github\.com/ansible\-collections/community\.general/issues/10318)\, [https\://github\.com/ansible\-collections/community\.general/pull/10329](https\://github\.com/ansible\-collections/community\.general/pull/10329)\)\.
 * pacemaker\_cluster \- the parameter <code>state</code> will become a required parameter in community\.general 12\.0\.0 \([https\://github\.com/ansible\-collections/community\.general/pull/10227](https\://github\.com/ansible\-collections/community\.general/pull/10227)\)\.
 
-<a id="bugfixes-6"></a>
+<a id="bugfixes-8"></a>
 ### Bugfixes
 
 * dependent lookup plugin \- avoid deprecated ansible\-core 2\.19 functionality \([https\://github\.com/ansible\-collections/community\.general/pull/10359](https\://github\.com/ansible\-collections/community\.general/pull/10359)\)\.
@@ -558,12 +625,12 @@ Regular bugfix and feature release\.
 <a id="v11-0-0"></a>
 ## v11\.0\.0
 
-<a id="release-summary-7"></a>
+<a id="release-summary-9"></a>
 ### Release Summary
 
 This is release 11\.0\.0 of <code>community\.general</code>\, released on 2025\-06\-16\.
 
-<a id="minor-changes-6"></a>
+<a id="minor-changes-8"></a>
 ### Minor Changes
 
 * CmdRunner module utils \- the convenience method <code>cmd\_runner\_fmt\.as\_fixed\(\)</code> now accepts multiple arguments as a list \([https\://github\.com/ansible\-collections/community\.general/pull/9893](https\://github\.com/ansible\-collections/community\.general/pull/9893)\)\.
@@ -951,13 +1018,13 @@ This is release 11\.0\.0 of <code>community\.general</code>\, released on 2025\-
 * redfish\_utils module utils \- the <code>\_init\_session</code> method has been removed \([https\://github\.com/ansible\-collections/community\.general/pull/10126](https\://github\.com/ansible\-collections/community\.general/pull/10126)\)\.
 * stackpath\_compute inventory plugin \- the plugin was removed since the company and the service were sunset in June 2024 \([https\://github\.com/ansible\-collections/community\.general/pull/10126](https\://github\.com/ansible\-collections/community\.general/pull/10126)\)\.
 
-<a id="security-fixes"></a>
+<a id="security-fixes-1"></a>
 ### Security Fixes
 
 * keycloak\_authentication \- API calls did not properly set the <code>priority</code> during update resulting in incorrectly sorted authentication flows\. This apparently only affects Keycloak 25 or newer \([https\://github\.com/ansible\-collections/community\.general/pull/9263](https\://github\.com/ansible\-collections/community\.general/pull/9263)\)\.
 * keycloak\_client \- Sanitize <code>saml\.encryption\.private\.key</code> so it does not show in the logs \([https\://github\.com/ansible\-collections/community\.general/pull/9621](https\://github\.com/ansible\-collections/community\.general/pull/9621)\)\.
 
-<a id="bugfixes-7"></a>
+<a id="bugfixes-9"></a>
 ### Bugfixes
 
 * apache2\_mod\_proxy \- make compatible with Python 3 \([https\://github\.com/ansible\-collections/community\.general/pull/9762](https\://github\.com/ansible\-collections/community\.general/pull/9762)\)\.

CHANGELOG.rst

@@ -6,6 +6,64 @@ Community General Release Notes
 
 This changelog describes changes after version 10.0.0.
 
+v11.4.2
+=======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Minor Changes
+-------------
+
+- tss lookup plugin - fixed ``AccessTokenAuthorizer`` initialization to include ``base_url`` parameter for proper token authentication (https://github.com/ansible-collections/community.general/pull/11031).
+
+Bugfixes
+--------
+
+- cobbler_system - compare the version as a float which is the type returned by the Cobbler API (https://github.com/ansible-collections/community.general/issues/11044).
+- datetime module utils - fix bug in ``fromtimestamp()`` that caused the function to crash. This function is not used in community.general (https://github.com/ansible-collections/community.general/pull/11206).
+- filesystem - avoid false positive change detection on XFS resize due to unusable slack space (https://github.com/ansible-collections/community.general/pull/11033).
+- mas - parse CLI output correctly when listing installed apps with mas 3.0.0+ (https://github.com/ansible-collections/community.general/pull/11179).
+- xfconf - fix handling of empty array properties (https://github.com/ansible-collections/community.general/pull/11026).
+- xfconf_info - fix handling of empty array properties (https://github.com/ansible-collections/community.general/pull/11026).
+
+v11.4.1
+=======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Minor Changes
+-------------
+
+- dependent lookup plugin - refactor dict initialization, no impact to users (https://github.com/ansible-collections/community.general/pull/10891).
+- pacemaker_cluster.py - refactor dict initialization, no impact to users (https://github.com/ansible-collections/community.general/pull/10891).
+- pacemaker_resource.py - refactor dict initialization, no impact to users (https://github.com/ansible-collections/community.general/pull/10891).
+- pacemaker_stonith.py - refactor dict initialization, no impact to users (https://github.com/ansible-collections/community.general/pull/10891).
+- scaleway module_utils - improve code readability, no impact to users (https://github.com/ansible-collections/community.general/pull/10891).
+
+Security Fixes
+--------------
+
+- keycloak_user - the parameter ``credentials[].value`` is now marked as ``no_log=true``. Before it was logged by Ansible, unless the task was marked as ``no_log: true``. Since this parameter can be used for passwords, this resulted in credential leaking (https://github.com/ansible-collections/community.general/issues/11000, https://github.com/ansible-collections/community.general/pull/11005).
+
+Bugfixes
+--------
+
+- cloudflare_dns - roll back changes to CAA record validation (https://github.com/ansible-collections/community.general/issues/10934, https://github.com/ansible-collections/community.general/pull/10956).
+- cloudflare_dns - roll back changes to SRV record validation (https://github.com/ansible-collections/community.general/issues/10934, https://github.com/ansible-collections/community.general/pull/10937).
+- gitlab_runner - fix exception in check mode when a new runner is created (https://github.com/ansible-collections/community.general/issues/8854).
+- keycloak_clientsecret, keycloak_clientsecret_info - make ``client_auth`` work (https://github.com/ansible-collections/community.general/issues/10932, https://github.com/ansible-collections/community.general/pull/10933).
+- omapi_host - make return values compatible with ansible-core 2.19 and Python 3 (https://github.com/ansible-collections/community.general/pull/11001).
+- onepassword_doc and onepassword_ssh_key lookup plugins - ensure that all connection parameters are passed to CLI class (https://github.com/ansible-collections/community.general/pull/10965).
+- pritunl_user - improve resilience when comparing user parameters if remote fields are ``null`` or missing. List parameters (``groups``, ``mac_addresses``) now safely default to empty lists for comparison and avoids ``KeyError`` issues (https://github.com/ansible-collections/community.general/issues/10954, https://github.com/ansible-collections/community.general/pull/10955).
+- random_string lookup plugin - replace ``random.SystemRandom()`` with ``secrets.SystemRandom()`` when generating strings. This has no practical effect, as both are the same (https://github.com/ansible-collections/community.general/pull/10893).
+- terraform - fix bug when ``null`` values inside complex vars are throwing error instead of being passed to terraform. Now terraform can handle ``null``s in ``complex_vars`` itself (https://github.com/ansible-collections/community.general/pull/10961).
+
 v11.4.0
 =======
 

CONTRIBUTING.md

@@ -6,7 +6,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 # Contributing
 
-We follow [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) in all our contributions and interactions within this repository.
+We follow [Ansible Code of Conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html) in all our contributions and interactions within this repository.
 
 If you are a committer, also refer to the [collection's committer guidelines](https://github.com/ansible-collections/community.general/blob/main/commit-rights.md).
 
@@ -20,33 +20,38 @@ so you can cooperate to create a better solution together.
 * If you are interested in starting with an easy issue, look for [issues with an `easyfix` label](https://github.com/ansible-collections/community.general/labels/easyfix).
 * Often issues that are waiting for contributors to pick up have [the `waiting_on_contributor` label](https://github.com/ansible-collections/community.general/labels/waiting_on_contributor).
 
-## Open pull requests
+## Review pull requests
 
 Look through currently [open pull requests](https://github.com/ansible-collections/community.general/pulls).
+
 You can help by reviewing them. Reviews help move pull requests to merge state. Some good pull requests cannot be merged only due to a lack of reviews. And it is always worth saying that good reviews are often more valuable than pull requests themselves.
-Note that reviewing does not only mean code review, but also offering comments on new interfaces added to existing plugins/modules, interfaces of new plugins/modules, improving language (not everyone is a native english speaker), or testing bugfixes and new features!
+Note that reviewing does not only mean code review, but also offering comments on new interfaces added to existing plugins/modules, interfaces of new plugins/modules, improving language (not everyone is a native English speaker), or testing bugfixes and new features!
 
 Also, consider taking up a valuable, reviewed, but abandoned pull request which you could politely ask the original authors to complete yourself.
 
+## Open pull requests
+
+Please read our ['Contributing to collections'](https://docs.ansible.com/projects/ansible/devel/dev_guide/developing_collections_contributing.html#contributing-to-a-collection-community-general) guide.
+
 * Try committing your changes with an informative but short commit message.
 * Do not squash your commits and force-push to your branch if not needed. Reviews of your pull request are much easier with individual commits to comprehend the pull request history. All commits of your pull request branch will be squashed into one commit by GitHub upon merge.
-* Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the repository checkout.
-* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/collection_development_process.html#creating-a-changelog-fragment).
+* Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/projects/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the repository checkout.
+* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/projects/ansible/devel/community/collection_development_process.html#creating-a-changelog-fragment).
   * You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. (If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
   * Please always include a link to the pull request itself, and if the PR is about an issue, also a link to the issue. Also make sure the fragment ends with a period, and begins with a lower-case letter after `-`. (Again, if you don't do this, we'll add suggestions to fix it, so don't worry too much :) )
 * Avoid reformatting unrelated parts of the codebase in your PR. These types of changes will likely be requested for reversion, create additional work for reviewers, and may cause approval to be delayed.
 
-You can also read [our Quick-start development guide](https://github.com/ansible/community-docs/blob/main/create_pr_quick_start_guide.rst).
+You can also read the Ansible community's [Quick-start development guide](https://docs.ansible.com/projects/ansible/devel/community/create_pr_quick_start.html).
 
 ## Test pull requests
 
-If you want to test a PR locally, refer to [our testing guide](https://github.com/ansible/community-docs/blob/main/test_pr_locally_guide.rst) for instructions on how do it quickly.
+If you want to test a PR locally, refer to [our testing guide](https://docs.ansible.com/projects/ansible/devel/community/collection_contributors/collection_test_pr_locally.html) for instructions on how do it quickly.
 
 If you find any inconsistencies or places in this document which can be improved, feel free to raise an issue or pull request to fix it.
 
 ## Run sanity or unit locally (with antsibull-nox)
 
-The easiest way to run sanity and unit tests locally is to use [antsibull-nox](https://ansible.readthedocs.io/projects/antsibull-nox/).
+The easiest way to run sanity and unit tests locally is to use [antsibull-nox](https://docs.ansible.com/projects/antsibull-nox/).
 (If you have [nox](https://nox.thea.codes/en/stable/) installed, it will automatically install antsibull-nox in a virtual environment for you.)
 
 ### Sanity tests
@@ -88,7 +93,7 @@ If you replace `-Re` with `-e`, then the virtual environments will be re-created
 Instead of using antsibull-nox, you can also run sanity and unit tests with ansible-test directly.
 This also allows you to run integration tests.
 
-You have to check out the repository into a specific path structure to be able to run `ansible-test`. The path to the git checkout must end with `.../ansible_collections/community/general`. Please see [our testing guide](https://github.com/ansible/community-docs/blob/main/test_pr_locally_guide.rst) for instructions on how to check out the repository into a correct path structure. The short version of these instructions is:
+You have to check out the repository into a specific path structure to be able to run `ansible-test`. The path to the git checkout must end with `.../ansible_collections/community/general`. Please see [our testing guide](https://docs.ansible.com/projects/ansible/devel/community/collection_contributors/collection_test_pr_locally.html) for instructions on how to check out the repository into a correct path structure. The short version of these instructions is:
 
 ```.bash
 mkdir -p ~/dev/ansible_collections/community
@@ -188,9 +193,9 @@ Creating new modules and plugins requires a bit more work than other Pull Reques
 
 3. When creating a new module or plugin, please make sure that you follow various guidelines:
 
-   - Follow [development conventions](https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_best_practices.html);
-   - Follow [documentation standards](https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_documenting.html) and
-     the [Ansible style guide](https://docs.ansible.com/ansible/devel/dev_guide/style_guide/index.html#style-guide);
+   - Follow [development conventions](https://docs.ansible.com/projects/ansible/devel/dev_guide/developing_modules_best_practices.html);
+   - Follow [documentation standards](https://docs.ansible.com/projects/ansible/devel/dev_guide/developing_modules_documenting.html) and
+     the [Ansible style guide](https://docs.ansible.com/projects/ansible/devel/dev_guide/style_guide/index.html#style-guide);
    - Make sure your modules and plugins are [GPL-3.0-or-later](https://www.gnu.org/licenses/gpl-3.0-standalone.html) licensed
      (new module_utils can also be [BSD-2-clause](https://opensource.org/licenses/BSD-2-Clause) licensed);
    - Make sure that new plugins and modules have tests (unit tests, integration tests, or both); it is preferable to have some tests

README.md

@@ -6,7 +6,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 # Community General Collection
 
-[![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/ansible/devel/collections/community/general/)
+[![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/projects/ansible/devel/collections/community/general/)
 [![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-11)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
 [![EOL CI](https://github.com/ansible-collections/community.general/actions/workflows/ansible-test.yml/badge.svg?branch=stable-11)](https://github.com/ansible-collections/community.general/actions)
 [![Nox CI](https://github.com/ansible-collections/community.general/actions/workflows/nox.yml/badge.svg?branch=stable-11)](https://github.com/ansible-collections/community.general/actions)
@@ -15,15 +15,15 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 This repository contains the `community.general` Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.
 
-You can find [documentation for this collection on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
+You can find [documentation for this collection on the Ansible docs site](https://docs.ansible.com/projects/ansible/latest/collections/community/general/).
 
 Please note that this collection does **not** support Windows targets. Only connection plugins included in this collection might support Windows targets, and will explicitly mention that in their documentation if they do so.
 
 ## Code of Conduct
 
-We follow [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) in all our interactions within this project.
+We follow [Ansible Code of Conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html) in all our interactions within this project.
 
-If you encounter abusive behavior violating the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html), please refer to the [policy violations](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#policy-violations) section of the Code of Conduct for information on how to raise a complaint.
+If you encounter abusive behavior violating the [Ansible Code of Conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html), please refer to the [policy violations](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html#policy-violations) section of the Code of Conduct for information on how to raise a complaint.
 
 ## Communication
 
@@ -33,13 +33,13 @@ If you encounter abusive behavior violating the [Ansible Code of Conduct](https:
   * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
   * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
 
-* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
+* The Ansible [Bullhorn newsletter](https://docs.ansible.com/projects/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
 
-For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/projects/ansible/devel/community/communication.html).
 
 ## Tested with Ansible
 
-Tested with the current ansible-core 2.16, ansible-core 2.17, ansible-core 2.18, ansible-core 2.19 releases and the current development version of ansible-core. Ansible-core versions before 2.16.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
+Tested with the current ansible-core 2.16, ansible-core 2.17, ansible-core 2.18, ansible-core 2.19, ansible-core 2.20 releases and the current development version of ansible-core. Ansible-core versions before 2.16.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
 
 ## External requirements
 
@@ -47,7 +47,7 @@ Some modules and plugins require external libraries. Please check the requiremen
 
 ## Included content
 
-Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/ui/repo/published/community/general/) or the [documentation on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
+Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/ui/repo/published/community/general/) or the [documentation on the Ansible docs site](https://docs.ansible.com/projects/ansible/latest/collections/community/general/).
 
 ## Using this collection
 
@@ -76,7 +76,7 @@ You can also install a specific version of the collection, for example, if you n
 ansible-galaxy collection install community.general:==X.Y.Z
 ```
 
-See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details.
+See [Ansible Using collections](https://docs.ansible.com/projects/ansible/latest/user_guide/collections_using.html) for more details.
 
 ## Contributing to this collection
 
@@ -90,13 +90,13 @@ You don't know how to start? Refer to our [contribution guide](https://github.co
 
 The current maintainers are listed in the [commit-rights.md](https://github.com/ansible-collections/community.general/blob/main/commit-rights.md#people) file. If you have questions or need help, feel free to mention them in the proposals.
 
-You can find more information in the [developer guide for collections](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections), and in the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).
+You can find more information in the [developer guide for collections](https://docs.ansible.com/projects/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections), and in the [Ansible Community Guide](https://docs.ansible.com/projects/ansible/latest/community/index.html).
 
 Also for some notes specific to this collection see [our CONTRIBUTING documentation](https://github.com/ansible-collections/community.general/blob/main/CONTRIBUTING.md).
 
 ### Running tests
 
-See [here](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#testing-collections).
+See [here](https://docs.ansible.com/projects/ansible/devel/dev_guide/developing_collections.html#testing-collections).
 
 ## Collection maintenance
 
@@ -110,7 +110,7 @@ It is necessary for maintainers of this collection to be subscribed to:
 * The collection itself (the `Watch` button → `All Activity` in the upper right corner of the repository's homepage).
 * The "Changes Impacting Collection Contributors and Maintainers" [issue](https://github.com/ansible-collections/overview/issues/45).
 
-They also should be subscribed to Ansible's [The Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn).
+They also should be subscribed to Ansible's [The Bullhorn newsletter](https://docs.ansible.com/projects/ansible/devel/community/communication.html#the-bullhorn).
 
 ## Publishing New Version
 
@@ -129,9 +129,9 @@ See [this issue](https://github.com/ansible-collections/community.general/issues
 ## More information
 
 - [Ansible Collection overview](https://github.com/ansible-collections/overview)
-- [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html)
-- [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html)
-- [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)
+- [Ansible User guide](https://docs.ansible.com/projects/ansible/latest/user_guide/index.html)
+- [Ansible Developer guide](https://docs.ansible.com/projects/ansible/latest/dev_guide/index.html)
+- [Ansible Community code of conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html)
 
 ## Licensing
 

changelogs/changelog.yaml

@@ -1799,3 +1799,87 @@ releases:
       - 10880-github_app_access_token-lookup.yml
       - 11.4.0.yml
     release_date: '2025-10-06'
+  11.4.1:
+    changes:
+      bugfixes:
+        - cloudflare_dns - roll back changes to CAA record validation (https://github.com/ansible-collections/community.general/issues/10934,
+          https://github.com/ansible-collections/community.general/pull/10956).
+        - cloudflare_dns - roll back changes to SRV record validation (https://github.com/ansible-collections/community.general/issues/10934,
+          https://github.com/ansible-collections/community.general/pull/10937).
+        - gitlab_runner - fix exception in check mode when a new runner is created
+          (https://github.com/ansible-collections/community.general/issues/8854).
+        - keycloak_clientsecret, keycloak_clientsecret_info - make ``client_auth``
+          work (https://github.com/ansible-collections/community.general/issues/10932,
+          https://github.com/ansible-collections/community.general/pull/10933).
+        - omapi_host - make return values compatible with ansible-core 2.19 and Python
+          3 (https://github.com/ansible-collections/community.general/pull/11001).
+        - onepassword_doc and onepassword_ssh_key lookup plugins - ensure that all
+          connection parameters are passed to CLI class (https://github.com/ansible-collections/community.general/pull/10965).
+        - pritunl_user - improve resilience when comparing user parameters if remote
+          fields are ``null`` or missing. List parameters (``groups``, ``mac_addresses``)
+          now safely default to empty lists for comparison and avoids ``KeyError``
+          issues (https://github.com/ansible-collections/community.general/issues/10954,
+          https://github.com/ansible-collections/community.general/pull/10955).
+        - random_string lookup plugin - replace ``random.SystemRandom()`` with ``secrets.SystemRandom()``
+          when generating strings. This has no practical effect, as both are the same
+          (https://github.com/ansible-collections/community.general/pull/10893).
+        - terraform - fix bug when ``null`` values inside complex vars are throwing
+          error instead of being passed to terraform. Now terraform can handle ``null``s
+          in ``complex_vars`` itself (https://github.com/ansible-collections/community.general/pull/10961).
+      minor_changes:
+        - dependent lookup plugin - refactor dict initialization, no impact to users
+          (https://github.com/ansible-collections/community.general/pull/10891).
+        - pacemaker_cluster.py - refactor dict initialization, no impact to users
+          (https://github.com/ansible-collections/community.general/pull/10891).
+        - pacemaker_resource.py - refactor dict initialization, no impact to users
+          (https://github.com/ansible-collections/community.general/pull/10891).
+        - pacemaker_stonith.py - refactor dict initialization, no impact to users
+          (https://github.com/ansible-collections/community.general/pull/10891).
+        - scaleway module_utils - improve code readability, no impact to users (https://github.com/ansible-collections/community.general/pull/10891).
+      release_summary: Regular bugfix release.
+      security_fixes:
+        - 'keycloak_user - the parameter ``credentials[].value`` is now marked as
+          ``no_log=true``. Before it was logged by Ansible, unless the task was marked
+          as ``no_log: true``. Since this parameter can be used for passwords, this
+          resulted in credential leaking (https://github.com/ansible-collections/community.general/issues/11000,
+          https://github.com/ansible-collections/community.general/pull/11005).'
+    fragments:
+      - 10891-dict-refactor.yml
+      - 10918-gitlab-runner-fix-check-mode.yml
+      - 10933-keycloak-add-client-auth-for-clientsecret-modules.yml
+      - 10934-cloudflare-dns-caa-bug.yml
+      - 10934-cloudflare-dns-srv-bug.yml
+      - 10955-pritunl_user-null-missing-params.yaml
+      - 10961-terraform-complexvars-null-bugfix.yaml
+      - 10965-onepassword-bugfix.yml
+      - 11.4.1.yml
+      - 11001-omapi.yml
+      - 11005-keycloak_user.yml
+      - replace-random-with-secrets.yml
+    release_date: '2025-11-02'
+  11.4.2:
+    changes:
+      bugfixes:
+        - cobbler_system - compare the version as a float which is the type returned
+          by the Cobbler API (https://github.com/ansible-collections/community.general/issues/11044).
+        - datetime module utils - fix bug in ``fromtimestamp()`` that caused the function
+          to crash. This function is not used in community.general (https://github.com/ansible-collections/community.general/pull/11206).
+        - filesystem - avoid false positive change detection on XFS resize due to
+          unusable slack space (https://github.com/ansible-collections/community.general/pull/11033).
+        - mas - parse CLI output correctly when listing installed apps with mas 3.0.0+
+          (https://github.com/ansible-collections/community.general/pull/11179).
+        - xfconf - fix handling of empty array properties (https://github.com/ansible-collections/community.general/pull/11026).
+        - xfconf_info - fix handling of empty array properties (https://github.com/ansible-collections/community.general/pull/11026).
+      minor_changes:
+        - tss lookup plugin - fixed ``AccessTokenAuthorizer`` initialization to include
+          ``base_url`` parameter for proper token authentication (https://github.com/ansible-collections/community.general/pull/11031).
+      release_summary: Regular bugfix release.
+    fragments:
+      - 11.4.2.yml
+      - 11026-xfconf-empty-array.yml
+      - 11031-tss-lookup-delinea-rebranding.yml
+      - 11045-check-cobbler-version.yml
+      - 11179-mas-list-parsing.yml
+      - 11206-datetime.yml
+      - filesystem-xfs-resize-slack.yml
+    release_date: '2025-12-01'

commit-rights.md

@@ -7,7 +7,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 Committers Guidelines for community.general
 ===========================================
 
-This document is based on the [Ansible committer guidelines](https://github.com/ansible/ansible/blob/b57444af14062ec96e0af75fdfc2098c74fe2d9a/docs/docsite/rst/community/committer_guidelines.rst) ([latest version](https://docs.ansible.com/ansible/devel/community/committer_guidelines.html)).
+This document is based on the [Ansible committer guidelines](https://github.com/ansible/ansible/blob/b57444af14062ec96e0af75fdfc2098c74fe2d9a/docs/docsite/rst/community/committer_guidelines.rst) ([latest version](https://docs.ansible.com/projects/ansible/devel/community/committer_guidelines.html)).
 
 These are the guidelines for people with commit privileges on the Ansible Community General Collection GitHub repository. Please read the guidelines before you commit.
 
@@ -45,7 +45,7 @@ Individuals with direct commit access to this collection repository are entruste
   - Do not commit directly.
   - Do not merge your own PRs. Someone else should have a chance to review and approve the PR merge. You have a small amount of leeway here for very minor changes.
   - Do not forget about non-standard / alternate environments. Consider the alternatives. Yes, people have bad/unusual/strange environments (like binaries from multiple init systems installed), but they are the ones who need us the most.
-  - Do not drag your community team members down. Discuss the technical merits of any pull requests you review. Avoid negativity and personal comments. For more guidance on being a good community member, read the [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
+  - Do not drag your community team members down. Discuss the technical merits of any pull requests you review. Avoid negativity and personal comments. For more guidance on being a good community member, read the [Ansible Community Code of Conduct](https://docs.ansible.com/projects/ansible/latest/community/code_of_conduct.html).
   - Do not forget about the maintenance burden. High-maintenance features may not be worth adding.
   - Do not break playbooks. Always keep backwards compatibility in mind.
   - Do not forget to keep it simple. Complexity breeds all kinds of problems.

docs/docsite/rst/guide_modulehelper.rst

@@ -21,7 +21,7 @@ That is where ``ModuleHelper`` comes to assistance: a lot of that boilerplate co
 Quickstart
 """"""""""
 
-See the `example from Ansible documentation <https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html#creating-a-module>`_
+See the `example from Ansible documentation <https://docs.ansible.com/projects/ansible/latest/dev_guide/developing_modules_general.html#creating-a-module>`_
 written with ``ModuleHelper``.
 But bear in mind that it does not showcase all of MH's features:
 
@@ -550,9 +550,9 @@ The other option is to use the parameter ``value``, in which case the method wil
 References
 ^^^^^^^^^^
 
-- `Ansible Developer Guide <https://docs.ansible.com/ansible/latest/dev_guide/index.html>`_
-- `Creating a module <https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html#creating-a-module>`_
-- `Returning ansible facts <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#ansible-facts>`_
+- `Ansible Developer Guide <https://docs.ansible.com/projects/ansible/latest/dev_guide/index.html>`_
+- `Creating a module <https://docs.ansible.com/projects/ansible/latest/dev_guide/developing_modules_general.html#creating-a-module>`_
+- `Returning ansible facts <https://docs.ansible.com/projects/ansible/latest/reference_appendices/common_return_values.html#ansible-facts>`_
 - :ref:`ansible_collections.community.general.docsite.guide_vardict`
 
 

galaxy.yml

@@ -5,7 +5,7 @@
 
 namespace: community
 name: general
-version: 11.4.0
+version: 11.4.2
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)
@@ -16,6 +16,6 @@ license_file: COPYING
 tags:
   - community
 repository: https://github.com/ansible-collections/community.general
-documentation: https://docs.ansible.com/ansible/latest/collections/community/general/
+documentation: https://docs.ansible.com/projects/ansible/latest/collections/community/general/
 homepage: https://github.com/ansible-collections/community.general
 issues: https://github.com/ansible-collections/community.general/issues

plugins/callback/diy.py

@@ -39,7 +39,7 @@ notes:
 seealso:
   - name: default – default Ansible screen output
     description: The official documentation on the B(default) callback plugin.
-    link: https://docs.ansible.com/ansible/latest/plugins/callback/default.html
+    link: https://docs.ansible.com/projects/ansible/latest/plugins/callback/default.html
 requirements:
   - set as stdout_callback in configuration
 options:

plugins/lookup/dependent.py

@@ -180,7 +180,7 @@ class LookupModule(LookupBase):
 
         if isinstance(values, Mapping):
             for idx, val in sorted(values.items()):
-                current[key] = dict([('key', idx), ('value', val)])
+                current[key] = dict(key=idx, value=val)
                 self.__process(result, terms, index + 1, current, templar, variables)
         elif isinstance(values, Sequence):
             for elt in values:

plugins/lookup/onepassword.py

@@ -609,7 +609,8 @@ class OnePass(object):
 
     def _get_cli_class(self, cli_class=None):
         if cli_class is not None:
-            return cli_class(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token)
+            return cli_class(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token,
+                             self.account_id, self.connect_host, self.connect_token)
 
         version = OnePassCLIBase.get_current_version()
         for cls in OnePassCLIBase.__subclasses__():

plugins/lookup/random_string.py

@@ -16,7 +16,7 @@ short_description: Generates random string
 version_added: '3.2.0'
 description:
   - Generates random string based upon the given constraints.
-  - Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom), so should be strong enough
+  - Uses L(secrets.SystemRandom,https://docs.python.org/3/library/secrets.html#secrets.SystemRandom), so should be strong enough
     for cryptographic purposes.
 options:
   length:
@@ -169,6 +169,7 @@ _raw:
 
 import base64
 import random
+import secrets
 import string
 
 from ansible.errors import AnsibleLookupError
@@ -209,7 +210,7 @@ class LookupModule(LookupBase):
         seed = self.get_option("seed")
 
         if seed is None:
-            random_generator = random.SystemRandom()
+            random_generator = secrets.SystemRandom()
         else:
             random_generator = random.Random(seed)
 

plugins/lookup/tss.py

@@ -9,7 +9,7 @@ __metaclass__ = type
 DOCUMENTATION = r"""
 name: tss
 author: Adam Migus (@amigus) <adam@migus.org>
-short_description: Get secrets from Thycotic Secret Server
+short_description: Get secrets from Delinea Secret Server
 version_added: 1.0.0
 description:
   - Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with O(username)
@@ -121,14 +121,16 @@ options:
 RETURN = r"""
 _list:
   description:
-    - The JSON responses to C(GET /secrets/{id}).
+    - The JSON responses to C(GET /secrets/{id}) and C(GET /secrets/{path}).
     - See U(https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get).
   type: list
   elements: dict
 """
 
 EXAMPLES = r"""
-- hosts: localhost
+# Using Secret Server Authentication
+- name: Lookup secret using Secret Server user credentials
+  hosts: localhost
   vars:
     secret: >-
       {{
@@ -149,7 +151,8 @@ EXAMPLES = r"""
                            value_name='itemValue'))['password']
           }}
 
-- hosts: localhost
+- name: Lookup secret with domain user
+  hosts: localhost
   vars:
     secret: >-
       {{
@@ -171,7 +174,8 @@ EXAMPLES = r"""
                            value_name='itemValue'))['password']
           }}
 
-- hosts: localhost
+- name: Lookup secret using Secret Server token
+  hosts: localhost
   vars:
     secret_password: >-
       {{
@@ -189,7 +193,8 @@ EXAMPLES = r"""
 # Private key stores into certificate file which is attached with secret.
 # If fetch_attachments=True then private key file will be download on specified path
 # and file content will display in debug message.
-- hosts: localhost
+- name: Lookup secret and fetch attachments using Secret Server token
+  hosts: localhost
   vars:
     secret: >-
       {{
@@ -212,7 +217,8 @@ EXAMPLES = r"""
           }}
 
 # If fetch_secret_ids_from_folder=true then secret IDs are in a folder is fetched based on folder ID
-- hosts: localhost
+- name: Lookup secret IDs by folder ID using Secret Server token
+  hosts: localhost
   vars:
     secret: >-
       {{
@@ -232,7 +238,8 @@ EXAMPLES = r"""
           }}
 
 # If secret ID is 0 and secret_path has value then secret is fetched by secret path
-- hosts: localhost
+- name: Lookup secret by secret path using Secret Server user credentials
+  hosts: localhost
   vars:
     secret: >-
       {{
@@ -253,6 +260,45 @@ EXAMPLES = r"""
               | items2dict(key_name='slug',
                            value_name='itemValue'))['password']
           }}
+
+# Using Platform Authentication
+- name: Lookup secret using Platform service user credentials
+  hosts: localhost
+  vars:
+    secret: >-
+      {{
+        lookup(
+          'community.general.tss',
+          102,
+          base_url='https://platform.delinea.app/',
+          username='platform_service_username',
+          password='platform_service_user_password'
+        )
+      }}
+  tasks:
+    - ansible.builtin.debug:
+        msg: >
+          the password is {{
+            (secret['items']
+              | items2dict(key_name='slug',
+                           value_name='itemValue'))['password']
+          }}
+
+- name: Lookup secret using platform token
+  hosts: localhost
+  vars:
+    secret_password: >-
+      {{
+        ((lookup(
+          'community.general.tss',
+          102,
+          base_url='https://platform.delinea.app/',
+          token='delinea_platform_access_token',
+        ) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password']
+      }}
+  tasks:
+    - ansible.builtin.debug:
+        msg: the password is {{ secret_password }}
 """
 
 import abc
@@ -386,9 +432,7 @@ class TSSClientV1(TSSClient):
     @staticmethod
     def _get_authorizer(**server_parameters):
         if server_parameters.get("token"):
-            return AccessTokenAuthorizer(
-                server_parameters["token"],
-            )
+            return AccessTokenAuthorizer(server_parameters["token"], server_parameters["base_url"])
 
         if server_parameters.get("domain"):
             return DomainPasswordGrantAuthorizer(

plugins/module_utils/datetime.py

@@ -22,8 +22,8 @@ def ensure_timezone_info(value):
 
 def fromtimestamp(value):
     if _USE_TIMEZONE:
-        return _datetime.fromtimestamp(value, tz=_datetime.timezone.utc)
-    return _datetime.utcfromtimestamp(value)
+        return _datetime.datetime.fromtimestamp(value, tz=_datetime.timezone.utc)
+    return _datetime.datetime.utcfromtimestamp(value)
 
 
 def now():

plugins/module_utils/identity/keycloak/keycloak_clientsecret.py

@@ -35,8 +35,8 @@ def keycloak_clientsecret_module():
         argument_spec=argument_spec,
         supports_check_mode=True,
         required_one_of=([['id', 'client_id'],
-                         ['token', 'auth_realm', 'auth_username', 'auth_password']]),
-        required_together=([['auth_realm', 'auth_username', 'auth_password']]),
+                         ['token', 'auth_realm', 'auth_username', 'auth_password', 'auth_client_id', 'auth_client_secret']]),
+        required_together=([['auth_username', 'auth_password']]),
         mutually_exclusive=[
             ['token', 'auth_realm'],
             ['token', 'auth_username'],

plugins/module_utils/scaleway.py

@@ -109,10 +109,7 @@ class SecretVariables(object):
 
     @staticmethod
     def dict_to_list(source_dict):
-        return [
-            dict(key=var[0], value=var[1])
-            for var in source_dict.items()
-        ]
+        return [dict(key=k, value=v) for k, v in source_dict.items()]
 
     @staticmethod
     def list_to_dict(source_list, hashed=False):

plugins/modules/ansible_galaxy_install.py

@@ -23,7 +23,7 @@ notes:
 seealso:
   - name: C(ansible-galaxy) command manual page
     description: Manual page for the command.
-    link: https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html
+    link: https://docs.ansible.com/projects/ansible/latest/cli/ansible-galaxy.html
 
 requirements:
   - ansible-core 2.11 or newer

plugins/modules/cloudflare_dns.py

@@ -929,9 +929,9 @@ def main():
         required_if=[
             ('state', 'present', ['record', 'type', 'value']),
             ('state', 'absent', ['record']),
-            ('type', 'SRV', ['proto', 'service', 'value']),
+            ('type', 'SRV', ['proto', 'service']),
             ('type', 'TLSA', ['proto', 'port']),
-            ('type', 'CAA', ['flag', 'tag', 'value']),
+            ('type', 'CAA', ['flag', 'tag']),
         ],
         required_together=[
             ('account_api_key', 'account_email'),
@@ -942,8 +942,11 @@ def main():
     )
 
     if module.params['type'] == 'SRV':
-        if not module.params['value'] == '':
-            module.fail_json(msg="For SRV records the params weight, port and value all need to be defined.")
+        if not ((module.params['weight'] is not None and module.params['port'] is not None
+                 and not (module.params['value'] is None or module.params['value'] == ''))
+                or (module.params['weight'] is None and module.params['port'] is None
+                    and (module.params['value'] is None or module.params['value'] == ''))):
+            module.fail_json(msg="For SRV records the params weight, port and value all need to be defined, or not at all.")
 
     if module.params['type'] == 'SSHFP':
         if not ((module.params['algorithm'] is not None and module.params['hash_type'] is not None
@@ -960,8 +963,11 @@ def main():
             module.fail_json(msg="For TLSA records the params cert_usage, selector, hash_type and value all need to be defined, or not at all.")
 
     if module.params['type'] == 'CAA':
-        if not module.params['value'] == '':
-            module.fail_json(msg="For CAA records the params flag, tag and value all need to be defined.")
+        if not ((module.params['flag'] is not None and module.params['tag'] is not None
+                 and not (module.params['value'] is None or module.params['value'] == ''))
+                or (module.params['flag'] is None and module.params['tag'] is None
+                    and (module.params['value'] is None or module.params['value'] == ''))):
+            module.fail_json(msg="For CAA records the params flag, tag and value all need to be defined, or not at all.")
 
     if module.params['type'] == 'DS':
         if not ((module.params['key_tag'] is not None and module.params['algorithm'] is not None and module.params['hash_type'] is not None

plugins/modules/cobbler_system.py

@@ -161,7 +161,6 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible_collections.community.general.plugins.module_utils.datetime import (
     now,
 )
-from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
 IFPROPS_MAPPING = dict(
     bondingopts='bonding_opts',
@@ -280,7 +279,8 @@ def main():
         if system:
             # Update existing entry
             system_id = ''
-            if LooseVersion(str(conn.version())) >= LooseVersion('3.4'):
+            # https://github.com/cobbler/cobbler/blame/v3.3.7/cobbler/api.py#L277
+            if float(conn.version()) >= 3.4:
                 system_id = conn.get_system_handle(name)
             else:
                 system_id = conn.get_system_handle(name, token)

plugins/modules/consul_kv.py

@@ -15,7 +15,7 @@ module: consul_kv
 short_description: Manipulate entries in the key/value store of a Consul cluster
 description:
   - Allows the retrieval, addition, modification and deletion of key/value entries in a Consul cluster using the agent. The
-    entire contents of the record, including the indices, flags and session are returned as C(value).
+    entire contents of the record, including the indices, flags and session are returned as RV(ignore:value).
   - If the O(key) represents a prefix then note that when a value is removed, the existing value if any is returned as part
     of the results.
   - See http://www.consul.io/docs/agent/http.html#kv for more details.
@@ -36,11 +36,11 @@ options:
   state:
     description:
       - The action to take with the supplied key and value. If the state is V(present) and O(value) is set, the key contents
-        is set to the value supplied and C(changed) is set to V(true) only if the value was different to the current contents.
+        is set to the value supplied and RV(ignore:changed) is set to V(true) only if the value was different to the current contents.
         If the state is V(present) and O(value) is not set, the existing value associated to the key is returned. The state
-        V(absent) is used to remove the key/value pair, again C(changed) is set to V(true) only if the key actually existed
+        V(absent) is used to remove the key/value pair, again RV(ignore:changed) is set to V(true) only if the key actually existed
         prior to the removal. An attempt can be made to obtain or free the lock associated with a key/value pair with the
-        states V(acquire) or V(release) respectively. A valid session must be supplied to make the attempt C(changed) is V(true)
+        states V(acquire) or V(release) respectively. A valid session must be supplied to make the attempt RV(ignore:changed) is V(true)
         if the attempt is successful, V(false) otherwise.
     type: str
     choices: [absent, acquire, present, release]

plugins/modules/decompress.py

@@ -71,7 +71,7 @@ EXAMPLES = r"""
 - name: Decompress file compressed with bzip2
   community.general.decompress:
     src: /path/to/file.txt.bz2
-    dest: /path/to/file.bz2
+    dest: /path/to/file.txt
     format: bz2
 
 - name: Decompress file and delete the compressed file afterwards

plugins/modules/discord.py

@@ -80,7 +80,7 @@ EXAMPLES = r"""
     webhook_token: "XXXYYY"
     content: "This is a message from ansible"
     username: Ansible
-    avatar_url: "https://docs.ansible.com/ansible/latest/_static/images/logo_invert.png"
+    avatar_url: "https://docs.ansible.com/favicon/favicon-32x32.png"
 
 - name: Send a embedded message to the Discord channel
   community.general.discord:
@@ -92,7 +92,7 @@ EXAMPLES = r"""
         footer:
           text: "Author: Ansible"
         image:
-          url: "https://docs.ansible.com/ansible/latest/_static/images/logo_invert.png"
+          url: "https://docs.ansible.com/favicon/favicon-32x32.png"
 
 - name: Send two embedded messages
   community.general.discord:
@@ -104,12 +104,12 @@ EXAMPLES = r"""
         footer:
           text: "Author: Ansible"
         image:
-          url: "https://docs.ansible.com/ansible/latest/_static/images/logo_invert.png"
+          url: "https://docs.ansible.com/favicon/favicon-32x32.png"
       - title: "Second message"
         description: "This is my first second message"
         footer:
           text: "Author: Ansible"
-          icon_url: "https://docs.ansible.com/ansible/latest/_static/images/logo_invert.png"
+          icon_url: "https://docs.ansible.com/favicon/favicon-32x32.png"
         fields:
           - name: "Field 1"
             value: "Value of my first field"

plugins/modules/filesystem.py

@@ -41,14 +41,14 @@ options:
     choices: [bcachefs, btrfs, ext2, ext3, ext4, ext4dev, f2fs, lvm, ocfs2, reiserfs, xfs, vfat, swap, ufs]
     description:
       - Filesystem type to be created. This option is required with O(state=present) (or if O(state) is omitted).
-      - Ufs support has been added in community.general 3.4.0.
-      - Bcachefs support has been added in community.general 8.6.0.
+      - V(ufs) support has been added in community.general 3.4.0.
+      - V(bcachefs) support has been added in community.general 8.6.0.
     type: str
     aliases: [type]
   dev:
     description:
       - Target path to block device (Linux) or character device (FreeBSD) or regular file (both).
-      - When setting Linux-specific filesystem types on FreeBSD, this module only works when applying to regular files, aka
+      - When setting Linux-specific filesystem types on FreeBSD, this module only works when applying to regular files, also known as
         disk images.
       - Currently V(lvm) (Linux-only) and V(ufs) (FreeBSD-only) do not support a regular file as their target O(dev).
       - Support for character devices on FreeBSD has been added in community.general 3.4.0.
@@ -63,8 +63,9 @@ options:
   resizefs:
     description:
       - If V(true), if the block device and filesystem size differ, grow the filesystem into the space.
-      - Supported for C(bcachefs), C(btrfs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(f2fs), C(lvm), C(xfs), C(ufs) and C(vfat)
-        filesystems. Attempts to resize other filesystem types fail.
+      - >-
+        Supported when O(fstype) is one of: V(bcachefs), V(btrfs), V(ext2), V(ext3), V(ext4), V(ext4dev), V(f2fs), V(lvm), V(xfs), V(ufs) and V(vfat).
+        Attempts to resize other filesystem types fail.
       - XFS only grows if mounted. Currently, the module is based on commands from C(util-linux) package to perform operations,
         so resizing of XFS is not supported on FreeBSD systems.
       - VFAT is likely to fail if C(fatresize < 1.04).
@@ -81,7 +82,7 @@ options:
       - The UUID options specified in O(opts) take precedence over this value.
       - See xfs_admin(8) (C(xfs)), tune2fs(8) (C(ext2), C(ext3), C(ext4), C(ext4dev)) for possible values.
       - For O(fstype=lvm) the value is ignored, it resets the PV UUID if set.
-      - Supported for O(fstype) being one of C(bcachefs), C(ext2), C(ext3), C(ext4), C(ext4dev), C(lvm), or C(xfs).
+      - Supported for O(fstype) being one of V(bcachefs), V(ext2), V(ext3), V(ext4), V(ext4dev), V(lvm), or V(xfs).
       - This is B(not idempotent). Specifying this option always results in a change.
       - Mutually exclusive with O(resizefs).
     type: str
@@ -93,7 +94,7 @@ requirements:
   - On FreeBSD, either C(util-linux) or C(e2fsprogs) package is required.
 notes:
   - Potential filesystems on O(dev) are checked using C(blkid). In case C(blkid) is unable to detect a filesystem (and in
-    case C(fstyp) on FreeBSD is also unable to detect a filesystem), this filesystem is overwritten even if O(force) is V(false).
+    case C(fstyp) on FreeBSD is also unable to detect a filesystem), this filesystem is overwritten even if O(force=false).
   - On FreeBSD systems, both C(e2fsprogs) and C(util-linux) packages provide a C(blkid) command that is compatible with this
     module. However, these packages conflict with each other, and only the C(util-linux) package provides the command required
     to not fail when O(state=absent).
@@ -209,6 +210,7 @@ class Filesystem(object):
     MKFS_SET_UUID_EXTRA_OPTIONS = []
     INFO = None
     GROW = None
+    GROW_SLACK = 0
     GROW_MAX_SPACE_FLAGS = []
     GROW_MOUNTPOINT_ONLY = False
     CHANGE_UUID = None
@@ -277,7 +279,7 @@ class Filesystem(object):
             self.module.warn("unable to process %s output '%s'" % (self.INFO, to_native(err)))
             self.module.fail_json(msg="unable to process %s output for %s" % (self.INFO, dev))
 
-        if not fssize_in_bytes < devsize_in_bytes:
+        if fssize_in_bytes + self.GROW_SLACK >= devsize_in_bytes:
             self.module.exit_json(changed=False, msg="%s filesystem is using the whole device %s" % (self.fstype, dev))
         elif self.module.check_mode:
             self.module.exit_json(changed=True, msg="resizing filesystem %s on device %s" % (self.fstype, dev))
@@ -355,6 +357,10 @@ class XFS(Filesystem):
     MKFS_FORCE_FLAGS = ['-f']
     INFO = 'xfs_info'
     GROW = 'xfs_growfs'
+    # XFS (defaults with 4KiB blocksize) requires at least 64 block of free
+    # space to add a new allocation group, avoid resizing (noop, but shown as
+    # diff) if the difference between the filesystem and the device is less
+    GROW_SLACK = 64 * 4096 - 1
     GROW_MOUNTPOINT_ONLY = True
     CHANGE_UUID = "xfs_admin"
     CHANGE_UUID_OPTION = "-U"

plugins/modules/gitlab_runner.py

@@ -345,7 +345,10 @@ class GitLabRunner(object):
     '''
     def create_runner(self, arguments):
         if self._module.check_mode:
-            return True
+            class MockRunner:
+                def __init__(self):
+                    self._attrs = {}
+            return MockRunner()
 
         try:
             if arguments.get('token') is not None:

plugins/modules/keycloak_clientsecret_info.py

@@ -94,6 +94,16 @@ EXAMPLES = r"""
     token: TOKEN
   delegate_to: localhost
   no_log: true
+
+- name: Get a new Keycloak client secret, authentication with auth_client_id and auth_client_secret
+  community.general.keycloak_clientsecret_info:
+    id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_client_secret: SECRET
+    auth_keycloak_url: https://auth.example.com/auth
+  delegate_to: localhost
+  no_log: true
 """
 
 RETURN = r"""

plugins/modules/keycloak_clientsecret_regenerate.py

@@ -97,6 +97,16 @@ EXAMPLES = r"""
     token: TOKEN
   delegate_to: localhost
   no_log: true
+
+- name: Regenerate a new Keycloak client secret, authentication with auth_client_id and auth_client_secret
+  community.general.keycloak_clientsecret_regenerate:
+    id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_client_secret: SECRET
+    auth_keycloak_url: https://auth.example.com/auth
+  delegate_to: localhost
+  no_log: true
 """
 
 RETURN = r"""

plugins/modules/keycloak_user.py

@@ -357,7 +357,7 @@ def main():
     argument_spec['auth_username']['aliases'] = []
     credential_spec = dict(
         type=dict(type='str', required=True),
-        value=dict(type='str', required=True),
+        value=dict(type='str', required=True, no_log=True),
         temporary=dict(type='bool', default=False)
     )
     client_consents_spec = dict(

plugins/modules/keycloak_user_rolemapping.py

@@ -72,15 +72,17 @@ options:
   client_id:
     type: str
     description:
-      - Name of the client to be mapped (different than O(cid)).
+      - Name of the client (different than O(cid)) whose role is to be mapped.
       - This parameter is required if O(cid) is not provided (can be replaced by O(cid) to reduce the number of API calls
         that must be made).
+      - If neither O(cid) nor O(client_id) is specified, a B(realm) role is mapped instead.
   cid:
     type: str
     description:
-      - ID of the client to be mapped.
+      - ID of the client whose role is to be mapped.
       - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
         calls required.
+      - If neither O(cid) nor O(client_id) is specified, a B(realm) role is mapped instead.
   roles:
     description:
       - Roles to be mapped to the user.
@@ -108,6 +110,23 @@ author:
 """
 
 EXAMPLES = r"""
+- name: Map a realm role to a user, authentication with credentials
+  community.general.keycloak_user_rolemapping:
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_keycloak_url: https://auth.example.com/auth
+    auth_realm: master
+    auth_username: USERNAME
+    auth_password: PASSWORD
+    state: present
+    user_id: user1Id
+    roles:
+      - name: role_name1
+        id: role_id1
+      - name: role_name2
+        id: role_id2
+  delegate_to: localhost
+
 - name: Map a client role to a user, authentication with credentials
   community.general.keycloak_user_rolemapping:
     realm: MyCustomRealm

plugins/modules/mas.py

@@ -201,8 +201,14 @@ class Mas(object):
             rows = []
         apps = []
         for r in rows:
-            # Format: "123456789 App Name"
-            r = r.split(' ', 1)
+            # mas 2.3.0 and older:
+            # 123456789  App Name         (version)
+            # 4567890    App Name Longer  (version)
+            #
+            # mas 3.0.0 and newer:
+            # 123456789  App Name         (version)
+            #   4567890  App Name Longer  (version)
+            r = r.strip().split(' ', 1)
             if len(r) == 2:
                 apps.append(int(r[0]))
 

plugins/modules/omapi_host.py

@@ -146,7 +146,7 @@ except ImportError:
     pureomapi_found = False
 
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
-from ansible.module_utils.common.text.converters import to_bytes, to_native
+from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text
 
 
 class OmapiHostManager:
@@ -178,15 +178,18 @@ class OmapiHostManager:
 
     @staticmethod
     def unpack_facts(obj):
-        result = dict(obj)
+        result = {}
+        for k, v in dict(obj).items():
+            result[to_text(k)] = v
+
         if 'hardware-address' in result:
-            result['hardware-address'] = to_native(unpack_mac(result[to_bytes('hardware-address')]))
+            result['hardware-address'] = to_native(unpack_mac(result['hardware-address']))
 
         if 'ip-address' in result:
-            result['ip-address'] = to_native(unpack_ip(result[to_bytes('ip-address')]))
+            result['ip-address'] = to_native(unpack_ip(result['ip-address']))
 
         if 'hardware-type' in result:
-            result['hardware-type'] = struct.unpack("!I", result[to_bytes('hardware-type')])
+            result['hardware-type'] = struct.unpack("!I", result['hardware-type'])
 
         return result
 
@@ -234,8 +237,8 @@ class OmapiHostManager:
             response_obj = self.unpack_facts(host_response.obj)
             fields_to_update = {}
 
-            if to_bytes('ip-address', errors='surrogate_or_strict') not in response_obj or \
-                    unpack_ip(response_obj[to_bytes('ip-address', errors='surrogate_or_strict')]) != self.module.params['ip']:
+            if 'ip-address' not in response_obj or \
+                    response_obj['ip-address'] != self.module.params['ip']:
                 fields_to_update['ip-address'] = pack_ip(self.module.params['ip'])
 
             # Name cannot be changed

plugins/modules/opendj_backendprop.py

@@ -27,7 +27,6 @@ options:
   opendj_bindir:
     description:
       - The path to the bin directory of OpenDJ.
-    required: false
     default: /opt/opendj/bin
     type: path
   hostname:
@@ -42,21 +41,18 @@ options:
     type: str
   username:
     description:
-      - The username to connect to.
-    required: false
+      - The username to connect with.
     default: cn=Directory Manager
     type: str
   password:
     description:
-      - The password for the C(cn=Directory Manager) user.
-      - Either password or passwordfile is needed.
-    required: false
+      - The password for O(username).
+      - Either O(password) or O(passwordfile) is needed.
     type: str
   passwordfile:
     description:
-      - Location to the password file which holds the password for the C(cn=Directory Manager) user.
-      - Either password or passwordfile is needed.
-    required: false
+      - Location to the password file which holds the password for O(username).
+      - Either O(password) or O(passwordfile) is needed.
     type: path
   backend:
     description:
@@ -76,7 +72,6 @@ options:
   state:
     description:
       - If configuration needs to be added/updated.
-    required: false
     default: "present"
     type: str
 """

plugins/modules/pacemaker_cluster.py

@@ -86,7 +86,7 @@ class PacemakerCluster(StateModuleHelper):
     def __init_module__(self):
         self.runner = pacemaker_runner(self.module)
         self.vars.set('apply_all', True if not self.module.params['name'] else False)
-        get_args = dict([('cli_action', 'cluster'), ('state', 'status'), ('name', None), ('apply_all', self.vars.apply_all)])
+        get_args = dict(cli_action='cluster', state='status', name=None, apply_all=self.vars.apply_all)
         if self.module.params['state'] == "maintenance":
             get_args['cli_action'] = "property"
             get_args['state'] = "config"
@@ -120,9 +120,9 @@ class PacemakerCluster(StateModuleHelper):
     def _get(self):
         with self.runner('cli_action state name') as ctx:
             result = ctx.run(cli_action=self.vars.get_args['cli_action'], state=self.vars.get_args['state'], name=self.vars.get_args['name'])
-            return dict([('rc', result[0]),
-                         ('out', result[1] if result[1] != "" else None),
-                         ('err', result[2])])
+            return dict(rc=result[0],
+                        out=(result[1] if result[1] != "" else None),
+                        err=result[2])
 
     def state_cleanup(self):
         with self.runner('cli_action state name', output_process=self._process_command_output(True, "Fail"), check_mode_skip=True) as ctx:

plugins/modules/pacemaker_resource.py

@@ -205,9 +205,9 @@ class PacemakerResource(StateModuleHelper):
     def _get(self):
         with self.runner('cli_action state name') as ctx:
             result = ctx.run(cli_action="resource", state='status')
-            return dict([('rc', result[0]),
-                         ('out', result[1] if result[1] != "" else None),
-                         ('err', result[2])])
+            return dict(rc=result[0],
+                        out=(result[1] if result[1] != "" else None),
+                        err=result[2])
 
     def fmt_as_stack_argument(self, value, arg):
         if value is not None:

plugins/modules/pacemaker_stonith.py

@@ -183,8 +183,8 @@ class PacemakerStonith(StateModuleHelper):
     def fmt_stonith_operations(self):
         modified_stonith_operations = []
         for stonith_operation in self.vars.stonith_operations:
-            modified_stonith_operations.append(dict([("operation_action", stonith_operation.get('operation_action')),
-                                                     ("operation_option", stonith_operation.get('operation_options'))]))
+            modified_stonith_operations.append(dict(operation_action=stonith_operation.get('operation_action'),
+                                                    operation_option=stonith_operation.get('operation_options')))
         return modified_stonith_operations
 
     def state_absent(self):

plugins/modules/pacman.py

@@ -128,7 +128,8 @@ notes:
   - To use an AUR helper (O(executable) option), a few extra setup steps might be required beforehand. For example, a dedicated
     build user with permissions to install packages could be necessary.
   - 'In the tests, while using C(yay) as the O(executable) option, the module failed to install AUR packages with the error:
-    C(error: target not found: <pkg>).'
+    C(error: target not found: <pkg>). This is caused by an incompatibility of yay with the arguments passed by this module.
+    See L(yay bug #1744 report for details, https://github.com/Jguer/yay/issues/1744).'
   - The common return values `stdout` and `stderr` are returned upon success, when needed, since community.general 4.1.0.
 """
 

plugins/modules/pritunl_user.py

@@ -210,16 +210,18 @@ def add_or_update_pritunl_user(module):
         for key in user_params.keys():
             # When a param is not specified grab existing ones to prevent from changing it with the PUT request
             if user_params[key] is None:
-                user_params[key] = users[0][key]
+                user_params[key] = users[0].get(key)
 
             # 'groups' and 'mac_addresses' are list comparison
             if key == "groups" or key == "mac_addresses":
-                if set(users[0][key]) != set(user_params[key]):
+                remote_list = users[0].get(key) or []
+                local_list = user_params[key] or []
+                if set(remote_list) != set(local_list):
                     user_params_changed = True
 
             # otherwise it is either a boolean or a string
             else:
-                if users[0][key] != user_params[key]:
+                if users[0].get(key) != user_params[key]:
                     user_params_changed = True
 
         # Trigger a PUT on the API to update the current user if settings have changed

plugins/modules/snmp_facts.py

@@ -17,7 +17,7 @@ short_description: Retrieve facts for a device using SNMP
 description:
   - Retrieve facts for a device using SNMP, the facts are inserted to the C(ansible_facts) key.
 requirements:
-  - pysnmp
+  - pysnmp < 6.2.4 - that version removed components used by this module.
 extends_documentation_fragment:
   - community.general.attributes
   - community.general.attributes.facts

plugins/modules/supervisorctl.py

@@ -61,7 +61,7 @@ options:
   signal:
     type: str
     description:
-      - The signal to send to the program/group, when combined with the 'signalled' state. Required when l(state=signalled).
+      - The signal to send to the program/group, when combined with the V(signalled) state. Required when l(state=signalled).
   supervisorctl_path:
     type: path
     description:
@@ -115,6 +115,7 @@ EXAMPLES = r"""
     state: restarted
 """
 
+
 import os
 from ansible.module_utils.basic import AnsibleModule, is_executable
 

plugins/modules/terraform.py

@@ -584,7 +584,9 @@ def main():
         command.append('-parallelism=%d' % module.params.get('parallelism'))
 
     def format_args(vars):
-        if isinstance(vars, str):
+        if vars is None:
+            return 'null'
+        elif isinstance(vars, str):
             return '"{string}"'.format(string=vars.replace('\\', '\\\\').replace('"', '\\"')).replace('\n', '\\n')
         elif isinstance(vars, bool):
             if vars:
@@ -601,7 +603,7 @@ def main():
                     ret_out.append('{0}={{{1}}}'.format(k, process_complex_args(v)))
                 elif isinstance(v, list):
                     ret_out.append("{0}={1}".format(k, process_complex_args(v)))
-                elif isinstance(v, (integer_types, float, str, bool)):
+                elif isinstance(v, (integer_types, float, str, bool)) or v is None:
                     ret_out.append('{0}={1}'.format(k, format_args(v)))
                 else:
                     # only to handle anything unforeseen
@@ -613,7 +615,7 @@ def main():
                     l_out.append("{{{0}}}".format(process_complex_args(item)))
                 elif isinstance(item, list):
                     l_out.append("{0}".format(process_complex_args(item)))
-                elif isinstance(item, (str, integer_types, float, bool)):
+                elif isinstance(item, (str, integer_types, float, bool)) or item is None:
                     l_out.append(format_args(item))
                 else:
                     # only to handle anything unforeseen

plugins/modules/xfconf.py

@@ -25,6 +25,10 @@ seealso:
     description: XFCE documentation for the Xfconf configuration system.
     link: 'https://docs.xfce.org/xfce/xfconf/start'
 
+  - name: xfce4-settings-editor - Settings Editor
+    description: XFCE documentation for the graphical editor for configuration settings.
+    link: https://docs.xfce.org/xfce/xfce4-settings/editor#change_properties
+
 extends_documentation_fragment:
   - community.general.attributes
 
@@ -71,6 +75,10 @@ options:
       - The action to take upon the property/value.
       - The state V(get) has been removed in community.general 5.0.0. Please use the module M(community.general.xfconf_info)
         instead.
+      - Xfce4 may, and usually does, have default values that come with the system packages.
+        You can set new values for these default properties and override the their values.
+        However, whey you use O(state=absent), the module executes the command C(xfconf-query reset) for the specified property and
+        that only removes user-configured properties, so those properties are B(not removed), but rather they go back to the default values.
     choices: [present, absent]
     default: "present"
   force_array:
@@ -206,10 +214,13 @@ class XFConfProperty(StateModuleHelper):
             self.do_raise('xfconf-query failed with error (rc={0}): {1}'.format(rc, err))
 
         result = out.rstrip()
-        if 'Value is an array with' in result:
-            result = result.split('\n')
-            result.pop(0)
-            result.pop(0)
+        if "Value is an array with" in result:
+            result = result.split("\n")
+            if len(result) > 1:
+                result.pop(0)
+                result.pop(0)
+            else:
+                return []
 
         return result
 

plugins/modules/xfconf_info.py

@@ -153,9 +153,12 @@ class XFConfInfo(ModuleHelper):
         result = out.rstrip()
         if "Value is an array with" in result:
             result = result.split("\n")
-            result.pop(0)
-            result.pop(0)
             self.vars.is_array = True
+            if len(result) > 1:
+                result.pop(0)
+                result.pop(0)
+            else:
+                return []
 
         return result
 

tests/integration/targets/supervisorctl/tasks/stop_supervisord.yml

@@ -5,3 +5,10 @@
 
 - name: stop supervisord
   command: "supervisorctl -c {{ remote_dir }}/supervisord.conf {% if credentials.username %}-u {{ credentials.username }} -p {{ credentials.password }}{% endif %} shutdown"
+
+- name: wait_for supervisord to stop
+  ansible.builtin.wait_for:
+    port: 9001
+    host: 127.0.0.1
+    timeout: 15
+    state: stopped

tests/sanity/ignore-2.20.txt

@@ -1,64 +1,14 @@
-plugins/module_utils/csv.py pylint:ansible-bad-import-from
-plugins/module_utils/gitlab.py pylint:ansible-bad-import-from
-plugins/module_utils/homebrew.py pylint:ansible-bad-import-from
-plugins/module_utils/ipa.py pylint:ansible-bad-import-from
-plugins/module_utils/net_tools/pritunl/api.py pylint:ansible-bad-import-from
-plugins/module_utils/opennebula.py pylint:ansible-bad-import-from
-plugins/module_utils/oracle/oci_utils.py pylint:ansible-bad-import-from
-plugins/module_utils/pkg_req.py pylint:ansible-bad-import-from
-plugins/module_utils/redfish_utils.py pylint:ansible-bad-import-from
-plugins/module_utils/saslprep.py pylint:ansible-bad-import-from
 plugins/module_utils/univention_umc.py pylint:use-yield-from  # suggested construct does not work with Python 2
-plugins/modules/apache2_mod_proxy.py pylint:ansible-bad-import-from
-plugins/modules/circonus_annotation.py pylint:ansible-bad-import-from
-plugins/modules/cobbler_system.py pylint:ansible-bad-import-from
 plugins/modules/consul_session.py validate-modules:parameter-state-invalid-choice
-plugins/modules/dnsmadeeasy.py pylint:ansible-bad-import-from
-plugins/modules/homebrew.py pylint:ansible-bad-import-from
-plugins/modules/homebrew_cask.py pylint:ansible-bad-import-from
 plugins/modules/homectl.py import-3.11  # Uses deprecated stdlib library 'crypt'
 plugins/modules/homectl.py import-3.12  # Uses deprecated stdlib library 'crypt'
 plugins/modules/iptables_state.py validate-modules:undocumented-parameter             # params _back and _timeout used by action plugin
-plugins/modules/java_keystore.py pylint:ansible-bad-import-from
-plugins/modules/jenkins_plugin.py pylint:ansible-bad-import-from
-plugins/modules/ldap_search.py pylint:ansible-bad-import-from
 plugins/modules/lxc_container.py validate-modules:use-run-command-not-popen
-plugins/modules/mail.py pylint:ansible-bad-import-from
-plugins/modules/make.py pylint:ansible-bad-import-from
-plugins/modules/monit.py pylint:ansible-bad-import-from
-plugins/modules/osx_defaults.py pylint:ansible-bad-import-from
 plugins/modules/osx_defaults.py validate-modules:parameter-state-invalid-choice
 plugins/modules/parted.py validate-modules:parameter-state-invalid-choice
 plugins/modules/rhevm.py validate-modules:parameter-state-invalid-choice
-plugins/modules/sl_vm.py pylint:ansible-bad-import-from
-plugins/modules/ssh_config.py pylint:ansible-bad-import-from
-plugins/modules/terraform.py pylint:ansible-bad-import-from
-plugins/modules/timezone.py pylint:ansible-bad-import-from
 plugins/modules/udm_user.py import-3.11  # Uses deprecated stdlib library 'crypt'
 plugins/modules/udm_user.py import-3.12  # Uses deprecated stdlib library 'crypt'
 plugins/modules/xfconf.py validate-modules:return-syntax-error
-plugins/modules/xml.py pylint:ansible-bad-import-from
-plugins/modules/zpool_facts.py pylint:ansible-bad-import-from
-plugins/modules/zypper_repository.py pylint:ansible-bad-import-from
-tests/unit/plugins/module_utils/identity/keycloak/test_keycloak_connect.py pylint:ansible-bad-import-from
-tests/unit/plugins/module_utils/net_tools/pritunl/test_api.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/conftest.py pylint:ansible-bad-import-from
 tests/unit/plugins/modules/uthelper.py pylint:use-yield-from  # suggested construct does not work with Python 2
 tests/unit/plugins/modules/test_gio_mime.yaml no-smart-quotes
-tests/unit/plugins/modules/test_keycloak_authentication.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_authentication_required_actions.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_client.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_client_rolemapping.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_clientscope.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_component.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_identity_provider.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_realm.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_realm_info.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_realm_keys.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_realm_keys_metadata_info.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_role.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_user.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_user_federation.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_keycloak_userprofile.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_pritunl_org.py pylint:ansible-bad-import-from
-tests/unit/plugins/modules/test_pritunl_user.py pylint:ansible-bad-import-from

tests/sanity/ignore-2.21.txt

@@ -0,0 +1,71 @@
+plugins/module_utils/csv.py pylint:ansible-bad-import-from
+plugins/module_utils/gitlab.py pylint:ansible-bad-import-from
+plugins/module_utils/homebrew.py pylint:ansible-bad-import-from
+plugins/module_utils/ipa.py pylint:ansible-bad-import-from
+plugins/module_utils/net_tools/pritunl/api.py pylint:ansible-bad-import-from
+plugins/module_utils/opennebula.py pylint:ansible-bad-import-from
+plugins/module_utils/oracle/oci_utils.py pylint:ansible-bad-import-from
+plugins/module_utils/pkg_req.py pylint:ansible-bad-import-from
+plugins/module_utils/redfish_utils.py pylint:ansible-bad-import-from
+plugins/module_utils/saslprep.py pylint:ansible-bad-import-from
+plugins/module_utils/univention_umc.py pylint:use-yield-from  # suggested construct does not work with Python 2
+plugins/modules/ansible_galaxy_install.py validate-modules:bad-return-value-key  # TODO: rename offending return values if possible, or adjust this comment in case the name is OK
+plugins/modules/apache2_mod_proxy.py pylint:ansible-bad-import-from
+plugins/modules/circonus_annotation.py pylint:ansible-bad-import-from
+plugins/modules/cobbler_system.py pylint:ansible-bad-import-from
+plugins/modules/consul_session.py validate-modules:parameter-state-invalid-choice
+plugins/modules/dnsmadeeasy.py pylint:ansible-bad-import-from
+plugins/modules/gandi_livedns.py validate-modules:bad-return-value-key  # TODO: rename offending return values if possible, or adjust this comment in case the name is OK
+plugins/modules/homebrew.py pylint:ansible-bad-import-from
+plugins/modules/homebrew_cask.py pylint:ansible-bad-import-from
+plugins/modules/homectl.py import-3.11  # Uses deprecated stdlib library 'crypt'
+plugins/modules/homectl.py import-3.12  # Uses deprecated stdlib library 'crypt'
+plugins/modules/interfaces_file.py validate-modules:bad-return-value-key  # TODO: rename offending return values if possible, or adjust this comment in case the name is OK
+plugins/modules/iptables_state.py validate-modules:undocumented-parameter             # params _back and _timeout used by action plugin
+plugins/modules/java_keystore.py pylint:ansible-bad-import-from
+plugins/modules/jenkins_plugin.py pylint:ansible-bad-import-from
+plugins/modules/keycloak_realm_info.py validate-modules:bad-return-value-key  # TODO: rename offending return values if possible, or adjust this comment in case the name is OK
+plugins/modules/keycloak_realm_keys_metadata_info.py validate-modules:bad-return-value-key  # TODO: rename offending return values if possible, or adjust this comment in case the name is OK
+plugins/modules/ldap_search.py pylint:ansible-bad-import-from
+plugins/modules/lxc_container.py validate-modules:use-run-command-not-popen
+plugins/modules/mail.py pylint:ansible-bad-import-from
+plugins/modules/make.py pylint:ansible-bad-import-from
+plugins/modules/monit.py pylint:ansible-bad-import-from
+plugins/modules/nosh.py validate-modules:bad-return-value-key  # TODO: rename offending return values if possible, or adjust this comment in case the name is OK
+plugins/modules/omapi_host.py validate-modules:bad-return-value-key  # TODO: rename offending return values if possible, or adjust this comment in case the name is OK
+plugins/modules/osx_defaults.py pylint:ansible-bad-import-from
+plugins/modules/osx_defaults.py validate-modules:parameter-state-invalid-choice
+plugins/modules/parted.py validate-modules:parameter-state-invalid-choice
+plugins/modules/rhevm.py validate-modules:parameter-state-invalid-choice
+plugins/modules/sl_vm.py pylint:ansible-bad-import-from
+plugins/modules/ssh_config.py pylint:ansible-bad-import-from
+plugins/modules/terraform.py pylint:ansible-bad-import-from
+plugins/modules/timezone.py pylint:ansible-bad-import-from
+plugins/modules/udm_user.py import-3.11  # Uses deprecated stdlib library 'crypt'
+plugins/modules/udm_user.py import-3.12  # Uses deprecated stdlib library 'crypt'
+plugins/modules/xfconf.py validate-modules:return-syntax-error
+plugins/modules/xml.py pylint:ansible-bad-import-from
+plugins/modules/zpool_facts.py pylint:ansible-bad-import-from
+plugins/modules/zypper_repository.py pylint:ansible-bad-import-from
+tests/unit/plugins/module_utils/identity/keycloak/test_keycloak_connect.py pylint:ansible-bad-import-from
+tests/unit/plugins/module_utils/net_tools/pritunl/test_api.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/conftest.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/uthelper.py pylint:use-yield-from  # suggested construct does not work with Python 2
+tests/unit/plugins/modules/test_gio_mime.yaml no-smart-quotes
+tests/unit/plugins/modules/test_keycloak_authentication.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_authentication_required_actions.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_client.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_client_rolemapping.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_clientscope.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_component.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_identity_provider.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_realm.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_realm_info.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_realm_keys.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_realm_keys_metadata_info.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_role.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_user.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_user_federation.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_keycloak_userprofile.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_pritunl_org.py pylint:ansible-bad-import-from
+tests/unit/plugins/modules/test_pritunl_user.py pylint:ansible-bad-import-from

tests/sanity/ignore-2.21.txt.license

@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project

tests/unit/plugins/modules/test_composer.yaml

@@ -4,9 +4,6 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 ---
-anchors:
-  environ_true: &env-def-true {environ_update: {LANGUAGE: C, LC_ALL: C}, check_rc: true}
-  environ_false: &env-def-false {environ_update: {LANGUAGE: C, LC_ALL: C}, check_rc: false}
 test_cases:
   - id: composer
     input:

tests/unit/plugins/modules/test_xfconf.yaml

@@ -207,6 +207,55 @@ test_cases:
           rc: 0
           out: ''
           err: ''
+  - id: test_property_array_previously_empty
+    input:
+      channel: xfwm4
+      property: /general/workspace_names
+      state: present
+      value_type: string
+      value: [A, B, C]
+    output:
+      changed: true
+      previous_value: []
+      type: [string, string, string]
+      value: [A, B, C]
+      version: 4.18.1
+    mocks:
+      run_command:
+        - command: [/testbin/xfconf-query, --version]
+          environ: *env-def
+          rc: 0
+          out: *version-output
+          err: ''
+        - command: [/testbin/xfconf-query, --channel, xfwm4, --property, /general/workspace_names]
+          environ: *env-def
+          rc: 0
+          out: "Value is an array with 0 items:\n\n"
+          err: ''
+        - command:
+            - /testbin/xfconf-query
+            - --channel
+            - xfwm4
+            - --property
+            - /general/workspace_names
+            - --create
+            - --force-array
+            - --type
+            - string
+            - --set
+            - A
+            - --type
+            - string
+            - --set
+            - B
+            - --type
+            - string
+            - --set
+            - C
+          environ: *env-def
+          rc: 0
+          out: ''
+          err: ''
   - id: test_property_reset_value
     input:
       channel: xfwm4