Release 2.0.1.

Revert "datadog_monitor: Add missing monitor types query alert, trace-analytics alert, rum alert (#1723) (#1733)"
Revert "homebrew_tap: Add support for brew search path (#1708) (#1709)"

This reverts commits f613983cb4 and 646ca74810.

.azure-pipelines/azure-pipelines.yml

@@ -206,10 +206,10 @@ stages:
               test: centos7
             - name: CentOS 8
               test: centos8
-            - name: Fedora 31
-              test: fedora31
             - name: Fedora 32
               test: fedora32
+            - name: Fedora 33
+              test: fedora33
             - name: openSUSE 15 py2
               test: opensuse15py2
             - name: openSUSE 15 py3

.github/BOTMETA.yml

@@ -15,6 +15,8 @@ files:
     labels: become
   $callbacks/:
     labels: callbacks
+  $callbacks/logstash.py:
+    maintainers: ujenmr
   $callbacks/say.py:
     notify: chris-short
     maintainers: $team_macos

CHANGELOG.rst

@@ -6,6 +6,69 @@ Community General Release Notes
 
 This changelog describes changes after version 1.0.0.
 
+v2.0.1
+======
+
+Release Summary
+---------------
+
+Bugfix and security bugfix (potential information leaks in multiple modules, CVE-2021-20191) release.
+
+Major Changes
+-------------
+
+- For community.general 3.0.0, the ``ome_device_info``, ``idrac_firmware`` and ``idrac_server_config_profile`` modules will be moved to the `dellemc.openmanage <https://galaxy.ansible.com/dellemc/openmanage>`_ collection.
+  A redirection will be inserted so that users using ansible-base 2.10 or newer do not have to change anything.
+
+  If you use Ansible 2.9 and explicitly use the DellEMC modules mentioned above from this collection, you will need to adjust your playbooks and roles to use FQCNs starting with ``dellemc.openmanage.`` instead of ``community.general.``,
+  for example replace ``community.general.ome_device_info`` in a task by ``dellemc.openmanage.ome_device_info``.
+
+  If you use ansible-base and installed ``community.general`` manually and rely on the DellEMC modules mentioned above, you have to make sure to install the ``dellemc.openmanage`` collection as well.
+  If you are using FQCNs, for example ``community.general.ome_device_info`` instead of ``ome_device_info``, it will continue working, but we still recommend to adjust the FQCNs as well.
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- utm_proxy_auth_profile - the ``frontend_cookie_secret`` return value now contains a placeholder string instead of the module's ``frontend_cookie_secret`` parameter (https://github.com/ansible-collections/community.general/pull/1736).
+
+Security Fixes
+--------------
+
+- dnsmadeeasy - mark the ``account_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- gitlab_runner - mark the ``registration_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- hwc_ecs_instance - mark the ``admin_pass`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ibm_sa_host - mark the ``iscsi_chap_secret`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- keycloak_* modules - mark the ``auth_client_secret`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- keycloak_client - mark the ``registration_access_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- librato_annotation - mark the ``api_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- logentries_msg - mark the ``token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- module_utils/_netapp, na_ontap_gather_facts - enabled ``no_log`` for the options ``api_key`` and ``secret_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- module_utils/identity/keycloak, keycloak_client, keycloak_clienttemplate, keycloak_group - enabled ``no_log`` for the option ``auth_client_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- nios_nsgroup - mark the ``tsig_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- oneandone_firewall_policy, oneandone_load_balancer, oneandone_monitoring_policy, oneandone_private_network, oneandone_public_ip - mark the ``auth_token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ovirt - mark the ``instance_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- ovirt - mark the ``instance_rootpw`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pagerduty_alert - mark the ``api_key``, ``service_key`` and ``integration_key`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pagerduty_change - mark the ``integration_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pingdom - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- pulp_repo - mark the ``feed_client_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- rax_clb_ssl - mark the ``private_key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- redfish_command - mark the ``update_creds.password`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- rollbar_deployment - mark the ``token`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- spotinst_aws_elastigroup - mark the ``multai_token`` and ``token`` parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- stackdriver - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+- utm_proxy_auth_profile - enabled ``no_log`` for the option ``frontend_cookie_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+- utm_proxy_auth_profile - mark the ``frontend_cookie_secret`` parameter as ``no_log`` to avoid leakage of secrets. This causes the ``utm_proxy_auth_profile`` return value to no longer containing the correct value, but a placeholder (https://github.com/ansible-collections/community.general/pull/1736).
+
+Bugfixes
+--------
+
+- filesystem - do not fail when ``resizefs=yes`` and ``fstype=xfs`` if there is nothing to do, even if the filesystem is not mounted. This only covers systems supporting access to unmounted XFS filesystems. Others will still fail (https://github.com/ansible-collections/community.general/issues/1457, https://github.com/ansible-collections/community.general/pull/1478).
+- gitlab_user - make updates to the ``isadmin``, ``password`` and ``confirm`` options of an already existing GitLab user work (https://github.com/ansible-collections/community.general/pull/1724).
+- parted - change the regex that decodes the partition size to better support different formats that parted uses. Change the regex that validates parted's version string (https://github.com/ansible-collections/community.general/pull/1695).
+- redfish_info module, redfish_utils module utils - add ``Name`` and ``Id`` properties to output of Redfish inventory commands (https://github.com/ansible-collections/community.general/issues/1650).
+- sensu-silence module - fix json parsing of sensu API responses on Python 3.5 (https://github.com/ansible-collections/community.general/pull/1703).
+
 v2.0.0
 ======
 

changelogs/changelog.yaml

@@ -1000,3 +1000,118 @@ releases:
       name: yum_versionlock
       namespace: packaging.os
     release_date: '2021-01-28'
+  2.0.1:
+    changes:
+      breaking_changes:
+      - utm_proxy_auth_profile - the ``frontend_cookie_secret`` return value now contains
+        a placeholder string instead of the module's ``frontend_cookie_secret`` parameter
+        (https://github.com/ansible-collections/community.general/pull/1736).
+      bugfixes:
+      - filesystem - do not fail when ``resizefs=yes`` and ``fstype=xfs`` if there
+        is nothing to do, even if the filesystem is not mounted. This only covers
+        systems supporting access to unmounted XFS filesystems. Others will still
+        fail (https://github.com/ansible-collections/community.general/issues/1457,
+        https://github.com/ansible-collections/community.general/pull/1478).
+      - gitlab_user - make updates to the ``isadmin``, ``password`` and ``confirm``
+        options of an already existing GitLab user work (https://github.com/ansible-collections/community.general/pull/1724).
+      - parted - change the regex that decodes the partition size to better support
+        different formats that parted uses. Change the regex that validates parted's
+        version string (https://github.com/ansible-collections/community.general/pull/1695).
+      - redfish_info module, redfish_utils module utils - add ``Name`` and ``Id``
+        properties to output of Redfish inventory commands (https://github.com/ansible-collections/community.general/issues/1650).
+      - sensu-silence module - fix json parsing of sensu API responses on Python 3.5
+        (https://github.com/ansible-collections/community.general/pull/1703).
+      major_changes:
+      - 'For community.general 3.0.0, the ``ome_device_info``, ``idrac_firmware``
+        and ``idrac_server_config_profile`` modules will be moved to the `dellemc.openmanage
+        <https://galaxy.ansible.com/dellemc/openmanage>`_ collection.
+
+        A redirection will be inserted so that users using ansible-base 2.10 or newer
+        do not have to change anything.
+
+
+        If you use Ansible 2.9 and explicitly use the DellEMC modules mentioned above
+        from this collection, you will need to adjust your playbooks and roles to
+        use FQCNs starting with ``dellemc.openmanage.`` instead of ``community.general.``,
+
+        for example replace ``community.general.ome_device_info`` in a task by ``dellemc.openmanage.ome_device_info``.
+
+
+        If you use ansible-base and installed ``community.general`` manually and rely
+        on the DellEMC modules mentioned above, you have to make sure to install the
+        ``dellemc.openmanage`` collection as well.
+
+        If you are using FQCNs, for example ``community.general.ome_device_info``
+        instead of ``ome_device_info``, it will continue working, but we still recommend
+        to adjust the FQCNs as well.
+
+        '
+      release_summary: Bugfix and security bugfix (potential information leaks in
+        multiple modules, CVE-2021-20191) release.
+      security_fixes:
+      - dnsmadeeasy - mark the ``account_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - gitlab_runner - mark the ``registration_token`` parameter as ``no_log`` to
+        avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - hwc_ecs_instance - mark the ``admin_pass`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - ibm_sa_host - mark the ``iscsi_chap_secret`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - keycloak_* modules - mark the ``auth_client_secret`` parameter as ``no_log``
+        to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - keycloak_client - mark the ``registration_access_token`` parameter as ``no_log``
+        to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - librato_annotation - mark the ``api_key`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - logentries_msg - mark the ``token`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - module_utils/_netapp, na_ontap_gather_facts - enabled ``no_log`` for the options
+        ``api_key`` and ``secret_key`` to prevent accidental disclosure (CVE-2021-20191,
+        https://github.com/ansible-collections/community.general/pull/1725).
+      - module_utils/identity/keycloak, keycloak_client, keycloak_clienttemplate,
+        keycloak_group - enabled ``no_log`` for the option ``auth_client_secret``
+        to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+      - nios_nsgroup - mark the ``tsig_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - oneandone_firewall_policy, oneandone_load_balancer, oneandone_monitoring_policy,
+        oneandone_private_network, oneandone_public_ip - mark the ``auth_token`` parameter
+        as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - ovirt - mark the ``instance_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - ovirt - mark the ``instance_rootpw`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - pagerduty_alert - mark the ``api_key``, ``service_key`` and ``integration_key``
+        parameters as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - pagerduty_change - mark the ``integration_key`` parameter as ``no_log`` to
+        avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - pingdom - mark the ``key`` parameter as ``no_log`` to avoid leakage of secrets
+        (https://github.com/ansible-collections/community.general/pull/1736).
+      - pulp_repo - mark the ``feed_client_key`` parameter as ``no_log`` to avoid
+        leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - rax_clb_ssl - mark the ``private_key`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - redfish_command - mark the ``update_creds.password`` parameter as ``no_log``
+        to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - rollbar_deployment - mark the ``token`` parameter as ``no_log`` to avoid leakage
+        of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - spotinst_aws_elastigroup - mark the ``multai_token`` and ``token`` parameters
+        as ``no_log`` to avoid leakage of secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - stackdriver - mark the ``key`` parameter as ``no_log`` to avoid leakage of
+        secrets (https://github.com/ansible-collections/community.general/pull/1736).
+      - utm_proxy_auth_profile - enabled ``no_log`` for the option ``frontend_cookie_secret``
+        to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
+      - utm_proxy_auth_profile - mark the ``frontend_cookie_secret`` parameter as
+        ``no_log`` to avoid leakage of secrets. This causes the ``utm_proxy_auth_profile``
+        return value to no longer containing the correct value, but a placeholder
+        (https://github.com/ansible-collections/community.general/pull/1736).
+    fragments:
+    - 1478-filesystem-fix-1457-resizefs-idempotency.yml
+    - 1691-add-name-and-id-props-to-redfish-inventory-output.yml
+    - 1695-parted-updatedregex.yaml
+    - 1703-sensu_silence-fix_json_parsing.yml
+    - 1724-various-fixes-for-updating-existing-gitlab-user.yml
+    - 2.0.1.yml
+    - CVE-2021-20191_no_log.yml
+    - dellemc-migration.yml
+    - no_log-fixes.yml
+    release_date: '2021-02-09'

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 2.0.0
+version: 2.0.1
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)

plugins/module_utils/_netapp.py

@@ -142,8 +142,8 @@ def aws_cvs_host_argument_spec():
     return dict(
         api_url=dict(required=True, type='str'),
         validate_certs=dict(required=False, type='bool', default=True),
-        api_key=dict(required=True, type='str'),
-        secret_key=dict(required=True, type='str')
+        api_key=dict(required=True, type='str', no_log=True),
+        secret_key=dict(required=True, type='str', no_log=True)
     )
 
 

plugins/module_utils/identity/keycloak/keycloak.py

@@ -58,7 +58,7 @@ def keycloak_argument_spec():
         auth_keycloak_url=dict(type='str', aliases=['url'], required=True),
         auth_client_id=dict(type='str', default='admin-cli'),
         auth_realm=dict(type='str', required=True),
-        auth_client_secret=dict(type='str', default=None),
+        auth_client_secret=dict(type='str', default=None, no_log=True),
         auth_username=dict(type='str', aliases=['username'], required=True),
         auth_password=dict(type='str', aliases=['password'], required=True, no_log=True),
         validate_certs=dict(type='bool', default=True)

plugins/module_utils/redfish_utils.py

@@ -469,7 +469,7 @@ class RedfishUtils(object):
         controller_results = []
         # Get these entries, but does not fail if not found
         properties = ['CacheSummary', 'FirmwareVersion', 'Identifiers',
-                      'Location', 'Manufacturer', 'Model', 'Name',
+                      'Location', 'Manufacturer', 'Model', 'Name', 'Id',
                       'PartNumber', 'SerialNumber', 'SpeedGbps', 'Status']
         key = "StorageControllers"
 
@@ -1700,7 +1700,7 @@ class RedfishUtils(object):
         chassis_results = []
 
         # Get these entries, but does not fail if not found
-        properties = ['ChassisType', 'PartNumber', 'AssetTag',
+        properties = ['Name', 'Id', 'ChassisType', 'PartNumber', 'AssetTag',
                       'Manufacturer', 'IndicatorLED', 'SerialNumber', 'Model']
 
         # Go through list
@@ -1724,7 +1724,7 @@ class RedfishUtils(object):
         fan_results = []
         key = "Thermal"
         # Get these entries, but does not fail if not found
-        properties = ['FanName', 'Reading', 'ReadingUnits', 'Status']
+        properties = ['Name', 'FanName', 'Reading', 'ReadingUnits', 'Status']
 
         # Go through list
         for chassis_uri in self.chassis_uris:
@@ -1836,8 +1836,8 @@ class RedfishUtils(object):
         cpu_results = []
         key = "Processors"
         # Get these entries, but does not fail if not found
-        properties = ['Id', 'Manufacturer', 'Model', 'MaxSpeedMHz', 'TotalCores',
-                      'TotalThreads', 'Status']
+        properties = ['Id', 'Name', 'Manufacturer', 'Model', 'MaxSpeedMHz',
+                      'TotalCores', 'TotalThreads', 'Status']
 
         # Search for 'key' entry and extract URI from it
         response = self.get_request(self.root_uri + systems_uri)
@@ -1886,7 +1886,7 @@ class RedfishUtils(object):
         memory_results = []
         key = "Memory"
         # Get these entries, but does not fail if not found
-        properties = ['SerialNumber', 'MemoryDeviceType', 'PartNumber',
+        properties = ['Id', 'SerialNumber', 'MemoryDeviceType', 'PartNumber',
                       'MemoryLocation', 'RankCount', 'CapacityMiB', 'OperatingMemoryModes', 'Status', 'Manufacturer', 'Name']
 
         # Search for 'key' entry and extract URI from it
@@ -1943,7 +1943,7 @@ class RedfishUtils(object):
         nic_results = []
         key = "EthernetInterfaces"
         # Get these entries, but does not fail if not found
-        properties = ['Description', 'FQDN', 'IPv4Addresses', 'IPv6Addresses',
+        properties = ['Name', 'Id', 'Description', 'FQDN', 'IPv4Addresses', 'IPv6Addresses',
                       'NameServers', 'MACAddress', 'PermanentMACAddress',
                       'SpeedMbps', 'MTUSize', 'AutoNeg', 'Status']
 
@@ -2368,7 +2368,7 @@ class RedfishUtils(object):
         properties = ['Status', 'HostName', 'PowerState', 'Model', 'Manufacturer',
                       'PartNumber', 'SystemType', 'AssetTag', 'ServiceTag',
                       'SerialNumber', 'SKU', 'BiosVersion', 'MemorySummary',
-                      'ProcessorSummary', 'TrustedModules']
+                      'ProcessorSummary', 'TrustedModules', 'Name', 'Id']
 
         response = self.get_request(self.root_uri + systems_uri)
         if response['ret'] is False:

plugins/modules/cloud/huawei/hwc_ecs_instance.py

@@ -543,7 +543,7 @@ def build_module():
                 snapshot_id=dict(type='str')
             )),
             vpc_id=dict(type='str', required=True),
-            admin_pass=dict(type='str'),
+            admin_pass=dict(type='str', no_log=True),
             data_volumes=dict(type='list', elements='dict', options=dict(
                 volume_id=dict(type='str', required=True),
                 device=dict(type='str')

plugins/modules/cloud/misc/ovirt.py

@@ -405,8 +405,8 @@ def main():
             instance_gateway=dict(type='str', aliases=['gateway']),
             instance_domain=dict(type='str', aliases=['domain']),
             instance_dns=dict(type='str', aliases=['dns']),
-            instance_rootpw=dict(type='str', aliases=['rootpw']),
-            instance_key=dict(type='str', aliases=['key']),
+            instance_rootpw=dict(type='str', aliases=['rootpw'], no_log=True),
+            instance_key=dict(type='str', aliases=['key'], no_log=True),
             sdomain=dict(type='str'),
             region=dict(type='str'),
         ),

plugins/modules/cloud/oneandone/oneandone_firewall_policy.py

@@ -500,7 +500,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                 default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
             api_url=dict(
                 type='str',

plugins/modules/cloud/oneandone/oneandone_load_balancer.py

@@ -594,7 +594,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                 default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
             api_url=dict(
                 type='str',

plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py

@@ -947,7 +947,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                 default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
             api_url=dict(
                 type='str',

plugins/modules/cloud/oneandone/oneandone_private_network.py

@@ -384,7 +384,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                 default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
             api_url=dict(
                 type='str',

plugins/modules/cloud/oneandone/oneandone_public_ip.py

@@ -274,7 +274,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             auth_token=dict(
-                type='str',
+                type='str', no_log=True,
                 default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
             api_url=dict(
                 type='str',

plugins/modules/cloud/rackspace/rax_clb_ssl.py

@@ -238,7 +238,7 @@ def main():
         loadbalancer=dict(required=True),
         state=dict(default='present', choices=['present', 'absent']),
         enabled=dict(type='bool', default=True),
-        private_key=dict(),
+        private_key=dict(no_log=True),
         certificate=dict(),
         intermediate_certificate=dict(),
         secure_port=dict(type='int', default=443),

plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py

@@ -1459,7 +1459,7 @@ def main():
         min_size=dict(type='int', required=True),
         monitoring=dict(type='str'),
         multai_load_balancers=dict(type='list'),
-        multai_token=dict(type='str'),
+        multai_token=dict(type='str', no_log=True),
         name=dict(type='str', required=True),
         network_interfaces=dict(type='list'),
         on_demand_count=dict(type='int'),
@@ -1483,7 +1483,7 @@ def main():
         target_group_arns=dict(type='list'),
         tenancy=dict(type='str'),
         terminate_at_end_of_billing_hour=dict(type='bool'),
-        token=dict(type='str'),
+        token=dict(type='str', no_log=True),
         unit=dict(type='str'),
         user_data=dict(type='str'),
         utilize_reserved_instances=dict(type='bool'),

plugins/modules/identity/keycloak/keycloak_client.py

@@ -707,7 +707,7 @@ def main():
         enabled=dict(type='bool'),
         client_authenticator_type=dict(type='str', choices=['client-secret', 'client-jwt'], aliases=['clientAuthenticatorType']),
         secret=dict(type='str', no_log=True),
-        registration_access_token=dict(type='str', aliases=['registrationAccessToken']),
+        registration_access_token=dict(type='str', aliases=['registrationAccessToken'], no_log=True),
         default_roles=dict(type='list', aliases=['defaultRoles']),
         redirect_uris=dict(type='list', aliases=['redirectUris']),
         web_origins=dict(type='list', aliases=['webOrigins']),

plugins/modules/monitoring/librato_annotation.py

@@ -148,7 +148,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             user=dict(required=True),
-            api_key=dict(required=True),
+            api_key=dict(required=True, no_log=True),
             name=dict(required=False),
             title=dict(required=True),
             source=dict(required=False),

plugins/modules/monitoring/pagerduty_alert.py

@@ -197,9 +197,9 @@ def main():
         argument_spec=dict(
             name=dict(required=False),
             service_id=dict(required=True),
-            service_key=dict(required=False),
-            integration_key=dict(required=False),
-            api_key=dict(required=True),
+            service_key=dict(required=False, no_log=True),
+            integration_key=dict(required=False, no_log=True),
+            api_key=dict(required=True, no_log=True),
             state=dict(required=True,
                        choices=['triggered', 'acknowledged', 'resolved']),
             client=dict(required=False, default=None),

plugins/modules/monitoring/pagerduty_change.py

@@ -108,7 +108,7 @@ from datetime import datetime
 def main():
     module = AnsibleModule(
         argument_spec=dict(
-            integration_key=dict(required=True, type='str'),
+            integration_key=dict(required=True, type='str', no_log=True),
             summary=dict(required=True, type='str'),
             source=dict(required=False, default='Ansible', type='str'),
             user=dict(required=False, type='str'),

plugins/modules/monitoring/pingdom.py

@@ -112,7 +112,7 @@ def main():
             checkid=dict(required=True),
             uid=dict(required=True),
             passwd=dict(required=True, no_log=True),
-            key=dict(required=True)
+            key=dict(required=True, no_log=True),
         )
     )
 

plugins/modules/monitoring/rollbar_deployment.py

@@ -92,7 +92,7 @@ def main():
 
     module = AnsibleModule(
         argument_spec=dict(
-            token=dict(required=True),
+            token=dict(required=True, no_log=True),
             environment=dict(required=True),
             revision=dict(required=True),
             user=dict(required=False),

plugins/modules/monitoring/sensu/sensu_silence.py

@@ -97,6 +97,7 @@ RETURN = '''
 
 import json
 
+from ansible.module_utils._text import to_native
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.urls import fetch_url
 
@@ -129,7 +130,7 @@ def query(module, url, check, subscription):
         )
 
     try:
-        json_out = json.loads(response.read())
+        json_out = json.loads(to_native(response.read()))
     except Exception:
         json_out = ""
 
@@ -181,7 +182,7 @@ def clear(module, url, check, subscription):
             )
 
         try:
-            json_out = json.loads(response.read())
+            json_out = json.loads(to_native(response.read()))
         except Exception:
             json_out = ""
 
@@ -246,7 +247,7 @@ def create(
             )
 
         try:
-            json_out = json.loads(response.read())
+            json_out = json.loads(to_native(response.read()))
         except Exception:
             json_out = ""
 

plugins/modules/monitoring/stackdriver.py

@@ -152,7 +152,7 @@ def main():
 
     module = AnsibleModule(
         argument_spec=dict(  # @TODO add types
-            key=dict(required=True),
+            key=dict(required=True, no_log=True),
             event=dict(required=True, choices=['deploy', 'annotation']),
             msg=dict(),
             revision_id=dict(),

plugins/modules/net_tools/dnsmadeeasy.py

@@ -546,7 +546,7 @@ def main():
 
     module = AnsibleModule(
         argument_spec=dict(
-            account_key=dict(required=True),
+            account_key=dict(required=True, no_log=True),
             account_secret=dict(required=True, no_log=True),
             domain=dict(required=True),
             sandbox=dict(default=False, type='bool'),

plugins/modules/net_tools/nios/nios_nsgroup.py

@@ -398,7 +398,7 @@ def main():
         address=dict(required=True),
         name=dict(required=True),
         stealth=dict(type='bool', default=False),
-        tsig_key=dict(),
+        tsig_key=dict(no_log=True),
         tsig_key_alg=dict(choices=['HMAC-MD5', 'HMAC-SHA256'], default='HMAC-MD5'),
         tsig_key_name=dict(required=True)
     )

plugins/modules/notification/logentries_msg.py

@@ -73,7 +73,7 @@ def send_msg(module, token, msg, api, port):
 def main():
     module = AnsibleModule(
         argument_spec=dict(
-            token=dict(type='str', required=True),
+            token=dict(type='str', required=True, no_log=True),
             msg=dict(type='str', required=True),
             api=dict(type='str', default="data.logentries.com"),
             port=dict(type='int', default=80)),

plugins/modules/packaging/os/pulp_repo.py

@@ -545,7 +545,7 @@ def main():
                           deprecated_aliases=[dict(name='ca_cert', version='3.0.0',
                                                    collection_name='community.general')]),  # was Ansible 2.14
         feed_client_cert=dict(aliases=['importer_ssl_client_cert']),
-        feed_client_key=dict(aliases=['importer_ssl_client_key']),
+        feed_client_key=dict(aliases=['importer_ssl_client_key'], no_log=True),
         name=dict(required=True, aliases=['repo']),
         proxy_host=dict(),
         proxy_port=dict(),

plugins/modules/remote_management/redfish/redfish_command.py

@@ -572,7 +572,7 @@ def main():
                 type='dict',
                 options=dict(
                     username=dict(),
-                    password=dict()
+                    password=dict(no_log=True)
                 )
             ),
             virtual_media=dict(

plugins/modules/source_control/gitlab/gitlab_runner.py

@@ -309,7 +309,7 @@ def main():
         locked=dict(type='bool', default=False),
         access_level=dict(type='str', default='ref_protected', choices=["not_protected", "ref_protected"]),
         maximum_timeout=dict(type='int', default=3600),
-        registration_token=dict(type='str', required=True),
+        registration_token=dict(type='str', required=True, no_log=True),
         state=dict(type='str', default="present", choices=["absent", "present"]),
     ))
 

plugins/modules/source_control/gitlab/gitlab_user.py

@@ -205,6 +205,7 @@ class GitLabUser(object):
     '''
     def createOrUpdateUser(self, username, options):
         changed = False
+        potentionally_changed = False
 
         # Because we have already call userExists in main()
         if self.userObject is None:
@@ -218,11 +219,36 @@ class GitLabUser(object):
                 'external': options['external']})
             changed = True
         else:
-            changed, user = self.updateUser(self.userObject, {
-                'name': options['name'],
-                'email': options['email'],
-                'is_admin': options['isadmin'],
-                'external': options['external']})
+            changed, user = self.updateUser(
+                self.userObject, {
+                    # add "normal" parameters here, put uncheckable
+                    # params in the dict below
+                    'name': {'value': options['name']},
+                    'email': {'value': options['email']},
+
+                    # note: for some attributes like this one the key
+                    #   from reading back from server is unfortunately
+                    #   different to the one needed for pushing/writing,
+                    #   in that case use the optional setter key
+                    'is_admin': {
+                        'value': options['isadmin'], 'setter': 'admin'
+                    },
+                    'external': {'value': options['external']},
+                },
+                {
+                    # put "uncheckable" params here, this means params
+                    # which the gitlab does accept for setting but does
+                    # not return any information about it
+                    'skip_reconfirmation': {'value': not options['confirm']},
+                    'password': {'value': options['password']},
+                }
+            )
+
+            # note: as we unfortunately have some uncheckable parameters
+            #   where it is not possible to determine if the update
+            #   changed something or not, we must assume here that a
+            #   changed happend and that an user object update is needed
+            potentionally_changed = True
 
         # Assign ssh keys
         if options['sshkey_name'] and options['sshkey_file']:
@@ -237,14 +263,15 @@ class GitLabUser(object):
             changed = changed or group_changed
 
         self.userObject = user
-        if changed:
-            if self._module.check_mode:
-                self._module.exit_json(changed=True, msg="Successfully created or updated the user %s" % username)
-
+        if (changed or potentionally_changed) and not self._module.check_mode:
             try:
                 user.save()
             except Exception as e:
                 self._module.fail_json(msg="Failed to update user: %s " % to_native(e))
+
+        if changed:
+            if self._module.check_mode:
+                self._module.exit_json(changed=True, msg="Successfully created or updated the user %s" % username)
             return True
         else:
             return False
@@ -348,15 +375,23 @@ class GitLabUser(object):
     @param user User object
     @param arguments User attributes
     '''
-    def updateUser(self, user, arguments):
+    def updateUser(self, user, arguments, uncheckable_args):
         changed = False
 
         for arg_key, arg_value in arguments.items():
-            if arguments[arg_key] is not None:
-                if getattr(user, arg_key) != arguments[arg_key]:
-                    setattr(user, arg_key, arguments[arg_key])
+            av = arg_value['value']
+
+            if av is not None:
+                if getattr(user, arg_key) != av:
+                    setattr(user, arg_value.get('setter', arg_key), av)
                     changed = True
 
+        for arg_key, arg_value in uncheckable_args.items():
+            av = arg_value['value']
+
+            if av is not None:
+                setattr(user, arg_value.get('setter', arg_key), av)
+
         return (changed, user)
 
     '''

plugins/modules/storage/ibm/ibm_sa_host.py

@@ -90,7 +90,7 @@ def main():
             cluster=dict(),
             domain=dict(),
             iscsi_chap_name=dict(),
-            iscsi_chap_secret=dict()
+            iscsi_chap_secret=dict(no_log=True),
         )
     )
 

plugins/modules/system/filesystem.py

@@ -240,26 +240,35 @@ class XFS(Filesystem):
     GROW = 'xfs_growfs'
 
     def get_fs_size(self, dev):
-        cmd = self.module.get_bin_path('xfs_growfs', required=True)
+        cmd = self.module.get_bin_path('xfs_info', required=True)
+
         mountpoint = dev.get_mountpoint()
+        if mountpoint:
+            rc, out, err = self.module.run_command([cmd, str(mountpoint)], environ_update=self.LANG_ENV)
+        else:
+            # Recent GNU/Linux distros support access to unmounted XFS filesystems
+            rc, out, err = self.module.run_command([cmd, str(dev)], environ_update=self.LANG_ENV)
+        if rc != 0:
+            self.module.fail_json(msg="Error while attempting to query size of XFS filesystem: %s" % err)
 
-        if not mountpoint:
-            # xfs filesystem needs to be mounted
-            self.module.fail_json(msg="%s needs to be mounted for xfs operations" % dev)
-
-        _, size, _ = self.module.run_command([cmd, '-n', str(mountpoint)], check_rc=True, environ_update=self.LANG_ENV)
-        for line in size.splitlines():
+        for line in out.splitlines():
             col = line.split('=')
             if col[0].strip() == 'data':
                 if col[1].strip() != 'bsize':
-                    self.module.fail_json(msg='Unexpected output format from xfs_growfs (could not locate "bsize")')
+                    self.module.fail_json(msg='Unexpected output format from xfs_info (could not locate "bsize")')
                 if col[2].split()[1] != 'blocks':
-                    self.module.fail_json(msg='Unexpected output format from xfs_growfs (could not locate "blocks")')
+                    self.module.fail_json(msg='Unexpected output format from xfs_info (could not locate "blocks")')
                 block_size = int(col[2].split()[0])
                 block_count = int(col[3].split(',')[0])
                 return block_size * block_count
 
     def grow_cmd(self, dev):
+        # Check first if growing is needed, and then if it is doable or not.
+        devsize_in_bytes = dev.size()
+        fssize_in_bytes = self.get_fs_size(dev)
+        if not fssize_in_bytes < devsize_in_bytes:
+            self.module.exit_json(changed=False, msg="%s filesystem is using the whole device %s" % (self.fstype, dev))
+
         mountpoint = dev.get_mountpoint()
         if not mountpoint:
             # xfs filesystem needs to be mounted

plugins/modules/system/parted.py

@@ -241,7 +241,7 @@ def parse_unit(size_str, unit=''):
     """
     Parses a string containing a size or boundary information
     """
-    matches = re.search(r'^(-?[\d.]+)([\w%]+)?$', size_str)
+    matches = re.search(r'^(-?[\d.]+) *([\w%]+)?$', size_str)
     if matches is None:
         # "<cylinder>,<head>,<sector>" format
         matches = re.search(r'^(\d+),(\d+),(\d+)$', size_str)
@@ -500,6 +500,33 @@ def check_parted_label(device):
     return False
 
 
+def parse_parted_version(out):
+    """
+    Returns version tuple from the output of "parted --version" command
+    """
+    lines = [x for x in out.split('\n') if x.strip() != '']
+    if len(lines) == 0:
+        return None, None, None
+
+    # Sample parted versions (see as well test unit):
+    # parted (GNU parted) 3.3
+    # parted (GNU parted) 3.4.5
+    # parted (GNU parted) 3.3.14-dfc61
+    matches = re.search(r'^parted.+\s(\d+)\.(\d+)(?:\.(\d+))?', lines[0].strip())
+
+    if matches is None:
+        return None, None, None
+
+    # Convert version to numbers
+    major = int(matches.group(1))
+    minor = int(matches.group(2))
+    rev = 0
+    if matches.group(3) is not None:
+        rev = int(matches.group(3))
+
+    return major, minor, rev
+
+
 def parted_version():
     """
     Returns the major and minor version of parted installed on the system.
@@ -512,21 +539,10 @@ def parted_version():
             msg="Failed to get parted version.", rc=rc, out=out, err=err
         )
 
-    lines = [x for x in out.split('\n') if x.strip() != '']
-    if len(lines) == 0:
+    (major, minor, rev) = parse_parted_version(out)
+    if major is None:
         module.fail_json(msg="Failed to get parted version.", rc=0, out=out)
 
-    matches = re.search(r'^parted.+(\d+)\.(\d+)(?:\.(\d+))?$', lines[0])
-    if matches is None:
-        module.fail_json(msg="Failed to get parted version.", rc=0, out=out)
-
-    # Convert version to numbers
-    major = int(matches.group(1))
-    minor = int(matches.group(2))
-    rev = 0
-    if matches.group(3) is not None:
-        rev = int(matches.group(3))
-
     return major, minor, rev
 
 

plugins/modules/web_infrastructure/sophos_utm/utm_proxy_auth_profile.py

@@ -256,9 +256,6 @@ result:
         frontend_cookie:
             description: Frontend cookie name
             type: str
-        frontend_cookie_secret:
-            description: Frontend cookie secret
-            type: str
         frontend_form:
             description: Frontend authentication form name
             type: str
@@ -336,7 +333,7 @@ def main():
             backend_user_suffix=dict(type='str', required=False, default=""),
             comment=dict(type='str', required=False, default=""),
             frontend_cookie=dict(type='str', required=False),
-            frontend_cookie_secret=dict(type='str', required=False),
+            frontend_cookie_secret=dict(type='str', required=False, no_log=True),
             frontend_form=dict(type='str', required=False),
             frontend_form_template=dict(type='str', required=False, default=""),
             frontend_login=dict(type='str', required=False),

tests/integration/targets/filesystem/defaults/main.yml

@@ -1,3 +1,4 @@
+---
 tested_filesystems:
   # key: fstype
   #   fssize: size (Mo)

tests/integration/targets/filesystem/meta/main.yml

@@ -1,3 +1,4 @@
+---
 dependencies:
   - setup_pkg_mgr
   - setup_remote_tmp_dir

tests/integration/targets/filesystem/tasks/create_device.yml

@@ -1,3 +1,4 @@
+---
 - name: 'Create a "disk" file'
   command: 'dd if=/dev/zero of={{ image_file }} bs=1M count={{ fssize }}'
 

tests/integration/targets/filesystem/tasks/create_fs.yml

@@ -43,40 +43,45 @@
       - 'fs3_result is success'
       - 'uuid.stdout != uuid3.stdout'
 
-- name: increase fake device
-  shell: 'dd if=/dev/zero bs=1M count=1 >> {{ image_file }}'
-
-- when: fstype == 'lvm'
-  block:
-    - name: Resize loop device for LVM
-      command: losetup -c {{ dev }}
 
 - when: 'grow|bool and (fstype != "vfat" or resize_vfat)'
   block:
-  - name: Expand filesystem
-    filesystem:
-      dev: '{{ dev }}'
-      fstype: '{{ fstype }}'
-      resizefs: yes
-    register: fs4_result
+    - name: increase fake device
+      shell: 'dd if=/dev/zero bs=1M count=1 >> {{ image_file }}'
 
-  - command: 'blkid -c /dev/null -o value -s UUID {{ dev }}'
-    register: uuid4
+    - name: Resize loop device for LVM
+      command: losetup -c {{ dev }}
+      when: fstype == 'lvm'
 
-  - assert:
-      that:
-        - 'fs4_result is changed'
-        - 'fs4_result is success'
-        - 'uuid3.stdout == uuid4.stdout' # unchanged
+    - name: Expand filesystem
+      filesystem:
+        dev: '{{ dev }}'
+        fstype: '{{ fstype }}'
+        resizefs: yes
+      register: fs4_result
 
-  - name: Try to expand filesystem again
-    filesystem:
-      dev: '{{ dev }}'
-      fstype: '{{ fstype }}'
-      resizefs: yes
-    register: fs5_result
+    - command: 'blkid -c /dev/null -o value -s UUID {{ dev }}'
+      register: uuid4
 
-  - assert:
-      that:
-        - 'not (fs5_result is changed)'
-        - 'fs5_result is successful'
+    - assert:
+        that:
+          - 'fs4_result is changed'
+          - 'fs4_result is success'
+          - 'uuid3.stdout == uuid4.stdout' # unchanged
+
+- when:
+    - (grow | bool and (fstype != "vfat" or resize_vfat)) or
+      (fstype == "xfs" and ansible_system == "Linux" and
+      ansible_distribution not in ["CentOS", "Ubuntu"])
+  block:
+    - name: Check that resizefs does nothing if device size is not changed
+      filesystem:
+        dev: '{{ dev }}'
+        fstype: '{{ fstype }}'
+        resizefs: yes
+      register: fs5_result
+
+    - assert:
+        that:
+          - 'fs5_result is not changed'
+          - 'fs5_result is succeeded'

tests/integration/targets/filesystem/tasks/main.yml

@@ -1,3 +1,4 @@
+---
 ####################################################################
 # WARNING: These are designed specifically for Ansible tests       #
 # and should not be used as examples of how to write Ansible roles #

tests/integration/targets/filesystem/tasks/overwrite_another_fs.yml

@@ -1,3 +1,4 @@
+---
 - name: 'Recreate "disk" file'
   command: 'dd if=/dev/zero of={{ image_file }} bs=1M count={{ fssize }}'
 

tests/integration/targets/filesystem/tasks/setup.yml

@@ -1,3 +1,4 @@
+---
 - name: install filesystem tools
   package:
     name: '{{ item }}'

tests/integration/targets/gitlab_user/tasks/main.yml

@@ -10,25 +10,25 @@
 
 - name: Clean up gitlab user
   gitlab_user:
-    server_url: "{{ gitlab_host }}"
+    api_url: "{{ gitlab_host }}"
     name: ansible_test_user
     username: ansible_test_user
     password: Secr3tPassw00rd
     email: root@localhost
     validate_certs: false
-    login_token: "{{ gitlab_login_token }}"
+    api_token: "{{ gitlab_login_token }}"
     state: absent
 
 
 - name: Create gitlab user
   gitlab_user:
-    server_url: "{{ gitlab_host }}"
+    api_url: "{{ gitlab_host }}"
     email: "{{ gitlab_user_email }}"
     name: "{{ gitlab_user }}"
     username: "{{ gitlab_user }}"
     password: "{{ gitlab_user_pass }}"
     validate_certs: False
-    login_token: "{{ gitlab_login_token }}"
+    api_token: "{{ gitlab_login_token }}"
     state: present
   register: gitlab_user_state
 
@@ -39,13 +39,13 @@
 
 - name: Create gitlab user again
   gitlab_user:
-    server_url: "{{ gitlab_host }}"
+    api_url: "{{ gitlab_host }}"
     email: root@localhost
     name: ansible_test_user
     username: ansible_test_user
     password: Secr3tPassw00rd
     validate_certs: False
-    login_token: "{{ gitlab_login_token }}"
+    api_token: "{{ gitlab_login_token }}"
     state: present
   register: gitlab_user_state_again
 
@@ -53,3 +53,198 @@
   assert:
     that:
       - gitlab_user_state_again is not changed
+      - gitlab_user_state_again.user.is_admin == False
+
+
+- name: Update User Test => Make User Admin 
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    isadmin: true
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check if user is admin now
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.is_admin == True
+
+- name: Update User Test => Make User Admin (Again)
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    isadmin: true
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check state is not changed
+  assert:
+    that:
+      - gitlab_user_state is not changed
+      - gitlab_user_state.user.is_admin == True
+
+- name: Update User Test => Remove Admin Rights
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    isadmin: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check if user is not admin anymore
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.is_admin == False
+
+
+- name: Update User Test => Try Changing Mail without Confirmation Skipping
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: foo@bar.baz
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: True
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check that eMail is unchanged (Only works with confirmation skipping)
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.email == gitlab_user_email
+
+- name: Update User Test => Change Mail with Confirmation Skip
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: foo@bar.baz
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check that mail has changed now
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.email == 'foo@bar.baz'
+
+- name: Update User Test => Change Mail with Confirmation Skip (Again)
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: foo@bar.baz
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check state is not changed
+  assert:
+    that:
+      - gitlab_user_state is not changed
+      - gitlab_user_state.user.email == 'foo@bar.baz'
+
+- name: Update User Test => Revert to original Mail Address
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    confirm: false
+    validate_certs: False
+    api_token: "{{ gitlab_login_token }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check that reverting mail back to original has worked
+  assert:
+    that:
+      - gitlab_user_state is changed
+      - gitlab_user_state.user.email == gitlab_user_email
+
+
+- name: Update User Test => Change User Password
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    validate_certs: False
+
+    # note: the only way to check if a password really is what it is expected 
+    #   to be is to use it for login, so we use it here instead of the 
+    #   default token assuming that a user can always change its own password
+    api_username: "{{ gitlab_user }}"
+    api_password: "{{ gitlab_user_pass }}"
+
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: new-super-password
+    state: present
+  register: gitlab_user_state
+
+- name: Check PW setting return state
+  assert:
+    that:
+        # note: there is no way to determine if a password has changed or 
+        #   not, so it can only be always yellow or always green, we 
+        #   decided for always green for now
+      - gitlab_user_state is not changed
+
+- name: Update User Test => Reset User Password
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    validate_certs: False
+
+    api_username: "{{ gitlab_user }}"
+    api_password: new-super-password
+
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: "{{ gitlab_user_pass }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check PW setting return state (Again)
+  assert:
+    that:
+      - gitlab_user_state is not changed
+
+- name: Update User Test => Check that password was reset
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    validate_certs: False
+
+    api_username: "{{ gitlab_user }}"
+    api_password: "{{ gitlab_user_pass }}"
+
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    state: present
+  register: gitlab_user_state
+
+- name: Check PW setting return state (Reset)
+  assert:
+    that:
+      - gitlab_user_state is not changed

tests/integration/targets/hg/tasks/install.yml

@@ -36,6 +36,11 @@
     name: mercurial
   when: ansible_facts.pkg_mgr in ['pkgng', 'community.general.pkgng']
 
+- name: install mercurial (zypper)
+  package:
+    name: mercurial
+  when: ansible_facts.pkg_mgr in ['zypper', 'community.general.zypper']
+
 - name: preserve the updated python
   command: cp -av "{{ which_python.stdout }}" "{{ which_python.stdout }}.updated"
 

tests/integration/targets/hg/tasks/uninstall.yml

@@ -35,6 +35,12 @@
     autoremove: yes
   when: ansible_facts.pkg_mgr in ['pkgng', 'community.general.pkgng']
 
+- name: uninstall packages which were not originally installed (zypper)
+  package:
+    name: mercurial
+    state: absent
+  when: ansible_facts.pkg_mgr in ['zypper', 'community.general.zypper']
+
 - name: restore the default python
   raw: mv "{{ which_python.stdout }}.default" "{{ which_python.stdout }}"
 

tests/integration/targets/ssh_config/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_remote_constraints

tests/integration/targets/ssh_config/tasks/main.yml

@@ -6,6 +6,7 @@
   pip:
     name: stormssh
     state: present
+    extra_args: "-c {{ remote_constraints }}"
 
 - set_fact:
     output_dir_test: '{{ output_dir }}/test_ssh_config'

tests/unit/plugins/modules/source_control/gitlab/test_gitlab_user.py

@@ -88,16 +88,33 @@ class TestGitlabUser(GitlabModuleTestCase):
     @with_httmock(resp_get_user)
     def test_update_user(self):
         user = self.gitlab_instance.users.get(1)
-        changed, newUser = self.moduleUtil.updateUser(user, {'name': "Jack Smith", "is_admin": "true"})
+
+        changed, newUser = self.moduleUtil.updateUser(
+            user,
+            {'name': {'value': "Jack Smith"}, "is_admin": {'value': "true", 'setter': 'admin'}}, {}
+        )
 
         self.assertEqual(changed, True)
         self.assertEqual(newUser.name, "Jack Smith")
-        self.assertEqual(newUser.is_admin, "true")
+        self.assertEqual(newUser.admin, "true")
 
-        changed, newUser = self.moduleUtil.updateUser(user, {'name': "Jack Smith"})
+        changed, newUser = self.moduleUtil.updateUser(user, {'name': {'value': "Jack Smith"}}, {})
 
         self.assertEqual(changed, False)
 
+        changed, newUser = self.moduleUtil.updateUser(
+            user,
+            {}, {
+                'skip_reconfirmation': {'value': True},
+                'password': {'value': 'super_secret-super_secret'},
+            }
+        )
+
+        # note: uncheckable parameters dont set changed state
+        self.assertEqual(changed, False)
+        self.assertEqual(newUser.skip_reconfirmation, True)
+        self.assertEqual(newUser.password, 'super_secret-super_secret')
+
     @with_httmock(resp_find_user)
     @with_httmock(resp_delete_user)
     def test_delete_user(self):

tests/unit/plugins/modules/system/test_parted.py

@@ -6,6 +6,7 @@ __metaclass__ = type
 
 from ansible_collections.community.general.tests.unit.compat.mock import patch, call
 from ansible_collections.community.general.plugins.modules.system import parted as parted_module
+from ansible_collections.community.general.plugins.modules.system.parted import parse_parted_version
 from ansible_collections.community.general.plugins.modules.system.parted import parse_partition_info
 from ansible_collections.community.general.tests.unit.plugins.modules.utils import AnsibleExitJson, AnsibleFailJson, ModuleTestCase, set_module_args
 
@@ -17,6 +18,32 @@ BYT;
 2:106MB:368MB:262MB:ext2::;
 3:368MB:256061MB:255692MB:::;"""
 
+parted_version_info = {"""
+        parted (GNU parted) 3.3
+        Copyright (C) 2019 Free Software Foundation, Inc.
+        License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
+        This is free software: you are free to change and redistribute it.
+        There is NO WARRANTY, to the extent permitted by law.
+
+        Written by <http://git.debian.org/?p=parted/parted.git;a=blob_plain;f=AUTHORS>.
+        """: (3, 3, 0), """
+        parted (GNU parted) 3.4.5
+        Copyright (C) 2019 Free Software Foundation, Inc.
+        License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
+        This is free software: you are free to change and redistribute it.
+        There is NO WARRANTY, to the extent permitted by law.
+
+        Written by <http://git.debian.org/?p=parted/parted.git;a=blob_plain;f=AUTHORS>.
+        """: (3, 4, 5), """
+        parted (GNU parted) 3.3.14-dfc61
+        Copyright (C) 2019 Free Software Foundation, Inc.
+        License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
+        This is free software: you are free to change and redistribute it.
+        There is NO WARRANTY, to the extent permitted by law.
+
+        Written by <http://git.debian.org/?p=parted/parted.git;a=blob_plain;f=AUTHORS>.
+        """: (3, 3, 14)}
+
 # corresponding dictionary after parsing by parse_partition_info
 parted_dict1 = {
     "generic": {
@@ -311,3 +338,8 @@ class TestParted(ModuleTestCase):
         })
         with patch('ansible_collections.community.general.plugins.modules.system.parted.get_device_info', return_value=parted_dict3):
             self.execute_module(changed=True)
+
+    def test_version_info(self):
+        """Test that the parse_parted_version returns the expected tuple"""
+        for key, value in parted_version_info.items():
+            self.assertEqual(parse_parted_version(key), value)

tests/utils/constraints.txt

@@ -1,6 +1,8 @@
 coverage >= 4.2, < 5.0.0, != 4.3.2 ; python_version <= '3.7' # features in 4.2+ required, avoid known bug in 4.3.2 on python 2.6, coverage 5.0+ incompatible
 coverage >= 4.5.4, < 5.0.0 ; python_version > '3.7' # coverage had a bug in < 4.5.4 that would cause unit tests to hang in Python 3.8, coverage 5.0+ incompatible
 cryptography < 2.2 ; python_version < '2.7' # cryptography 2.2 drops support for python 2.6
+cryptography >= 3.0, < 3.4 ; python_version < '3.6' # cryptography 3.4 drops support for python 2.7
+cryptography >= 3.3, < 3.4 # FIXME: the upper limit is needed for RHEL8.2, CentOS 8, Ubuntu 18.04, and OpenSuSE 15
 deepdiff < 4.0.0 ; python_version < '3' # deepdiff 4.0.0 and later require python 3
 jinja2 < 2.11 ; python_version < '2.7' # jinja2 2.11 and later require python 2.7 or later
 urllib3 < 1.24 ; python_version < '2.7' # urllib3 1.24 and later require python 2.7 or later