Release 2.5.4.

* [nmcli] add connection.slave-type for teamed devices

* [nmcli] add fragment with changes for #2827

* [nmcli] add tests for network team

* [nmcli] fix testing

Co-authored-by: Oriol MULA VALLS <oriol.mula@lxp.lu>
(cherry picked from commit 2d1527a564)

Co-authored-by: omula <joriol.mula@gmail.com>

.azure-pipelines/azure-pipelines.yml

@@ -124,6 +124,7 @@ stages:
             - test: 3.7
             - test: 3.8
             - test: 3.9
+            - test: '3.10'
   - stage: Units_2_11
     displayName: Units 2.11
     dependsOn: []

.github/BOTMETA.yml

@@ -1,17 +1,14 @@
 automerge: true
 files:
   plugins/:
-    supershipit: aminvakil russoz
+    supershipit: quidame Ajpantuso
   changelogs/fragments/:
     support: community
   $actions:
     labels: action
-  $actions/aireos.py:
-    labels: aireos cisco networking
-  $actions/ironware.py:
-    maintainers: paulquack
-    labels: ironware networking
-  $actions/shutdown.py:
+  $actions/system/iptables_state.py:
+    maintainers: quidame
+  $actions/system/shutdown.py:
     maintainers: nitzmahone samdoran aminvakil
   $becomes/:
     labels: become
@@ -711,8 +708,9 @@ files:
     labels: zypper
     ignore: dirtyharrycallahan robinro
   $modules/packaging/os/zypper_repository.py:
-    maintainers: $team_suse matze
+    maintainers: $team_suse
     labels: zypper
+    ignore: matze
   $modules/remote_management/cobbler/:
     maintainers: dagwieers
   $modules/remote_management/dellemc/:
@@ -858,6 +856,8 @@ files:
     labels: interfaces_file
   $modules/system/iptables_state.py:
     maintainers: quidame
+  $modules/system/shutdown.py:
+    maintainers: nitzmahone samdoran aminvakil
   $modules/system/java_cert.py:
     maintainers: haad absynth76
   $modules/system/java_keystore.py:

CHANGELOG.rst

@@ -6,6 +6,61 @@ Community General Release Notes
 
 This changelog describes changes after version 1.0.0.
 
+v2.5.4
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- _mount module utils - fixed the sanity checks (https://github.com/ansible-collections/community.general/pull/2883).
+- gitlab_project - user projects are created using namespace ID now, instead of user ID (https://github.com/ansible-collections/community.general/pull/2881).
+- ipa_sudorule - call ``sudorule_add_allow_command`` method instead of  ``sudorule_add_allow_command_group`` (https://github.com/ansible-collections/community.general/issues/2442).
+- modprobe - added additional checks to ensure module load/unload is effective (https://github.com/ansible-collections/community.general/issues/1608).
+- nmcli - fixes team-slave configuration by adding connection.slave-type (https://github.com/ansible-collections/community.general/issues/766).
+- npm - when the ``version`` option is used the comparison of installed vs missing will use name@version instead of just name, allowing version specific updates (https://github.com/ansible-collections/community.general/issues/2021).
+- proxmox_kvm - fix parsing of Proxmox VM information with device info not containing a comma, like disks backed by ZFS zvols (https://github.com/ansible-collections/community.general/issues/2840).
+- scaleway plugin inventory - fix ``JSON object must be str, not 'bytes'`` with Python 3.5 (https://github.com/ansible-collections/community.general/issues/2769).
+
+v2.5.3
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- consul_acl - update the hcl allowlist to include all supported options (https://github.com/ansible-collections/community.general/pull/2495).
+- consul_kv lookup plugin - allow to set ``recurse``, ``index``, ``datacenter`` and ``token`` as keyword arguments (https://github.com/ansible-collections/community.general/issues/2124).
+- influxdb_user - allow creation of admin users when InfluxDB authentication is enabled but no other user exists on the database. In this scenario, InfluxDB 1.x allows only ``CREATE USER`` queries and rejects any other query (https://github.com/ansible-collections/community.general/issues/2364).
+- influxdb_user - fix bug where an influxdb user has no privileges for 2 or more databases (https://github.com/ansible-collections/community.general/pull/2499).
+- influxdb_user - fix bug which removed current privileges instead of appending them to existing ones (https://github.com/ansible-collections/community.general/issues/2609, https://github.com/ansible-collections/community.general/pull/2614).
+- iptables_state - call ``async_status`` action plugin rather than its module (https://github.com/ansible-collections/community.general/issues/2700).
+- iptables_state - fix a 'FutureWarning' in a regex and do some basic code clean up (https://github.com/ansible-collections/community.general/pull/2525).
+- iptables_state - fix a broken query of ``async_status`` result with current ansible-core development version (https://github.com/ansible-collections/community.general/issues/2627, https://github.com/ansible-collections/community.general/pull/2671).
+- iptables_state - fix initialization of iptables from null state when adressing more than one table (https://github.com/ansible-collections/community.general/issues/2523).
+- java_cert - fix issue with incorrect alias used on PKCS#12 certificate import (https://github.com/ansible-collections/community.general/pull/2560).
+- jenkins_plugin - use POST method for sending request to jenkins API when ``state`` option is one of ``enabled``, ``disabled``, ``pinned``, ``unpinned``, or ``absent`` (https://github.com/ansible-collections/community.general/issues/2510).
+- json_query filter plugin - avoid 'unknown type' errors for more Ansible internal types (https://github.com/ansible-collections/community.general/pull/2607).
+- module_helper module utils - ``CmdMixin`` must also use ``LC_ALL`` to enforce locale choice (https://github.com/ansible-collections/community.general/pull/2731).
+- netcup_dns - use ``str(ex)`` instead of unreliable ``ex.message`` in exception handling to fix ``AttributeError`` in error cases (https://github.com/ansible-collections/community.general/pull/2590).
+- nmap inventory plugin - fix local variable error when cache is disabled (https://github.com/ansible-collections/community.general/issues/2512).
+- ovir4 inventory script - improve configparser creation to avoid crashes for options without values (https://github.com/ansible-collections/community.general/issues/674).
+- proxmox_kvm - fixed ``vmid`` return value when VM with ``name`` already exists (https://github.com/ansible-collections/community.general/issues/2648).
+- redis cache - improved connection string parsing (https://github.com/ansible-collections/community.general/issues/497).
+- rhsm_release - fix the issue that module considers 8, 7Client and 7Workstation as invalid releases (https://github.com/ansible-collections/community.general/pull/2571).
+- ssh_config - reduce stormssh searches based on host (https://github.com/ansible-collections/community.general/pull/2568/).
+- terraform - ensure the workspace is set back to its previous value when the apply fails (https://github.com/ansible-collections/community.general/pull/2634).
+- xfconf - also use ``LC_ALL`` to enforce locale choice (https://github.com/ansible-collections/community.general/issues/2715).
+- zypper_repository - fix idempotency on adding repository with ``$releasever`` and ``$basearch`` variables (https://github.com/ansible-collections/community.general/issues/1985).
+
 v2.5.2
 ======
 

CONTRIBUTING.md

@@ -0,0 +1,36 @@
+# Contributing
+
+We follow [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) in all our contributions and interactions within this repository.
+
+If you are a committer, also refer to the [collection's committer guidelines](https://github.com/ansible-collections/community.general/blob/main/commit-rights.md).
+
+## Issue tracker
+
+Whether you are looking for an opportunity to contribute or you found a bug and already know how to solve it, please go to the [issue tracker](https://github.com/ansible-collections/community.general/issues).
+There you can find feature ideas to implement, reports about bugs to solve, or submit an issue to discuss your idea before implementing it which can help choose a right direction at the beginning of your work and potentially save a lot of time and effort.
+Also somebody may already have started discussing or working on implementing the same or a similar idea,
+so you can cooperate to create a better solution together.
+
+* If you are interested in starting with an easy issue, look for [issues with an `easyfix` label](https://github.com/ansible-collections/community.general/labels/easyfix).
+* Often issues that are waiting for contributors to pick up have [the `waiting_on_contributor` label](https://github.com/ansible-collections/community.general/labels/waiting_on_contributor).
+
+## Open pull requests
+
+Look through currently [open pull requests](https://github.com/ansible-collections/community.general/pulls).
+You can help by reviewing them. Reviews help move pull requests to merge state. Some good pull requests cannot be merged only due to a lack of reviews. And it is always worth saying that good reviews are often more valuable than pull requests themselves.
+Note that reviewing does not only mean code review, but also offering comments on new interfaces added to existing plugins/modules, interfaces of new plugins/modules, improving language (not everyone is a native english speaker), or testing bugfixes and new features!
+
+Also, consider taking up a valuable, reviewed, but abandoned pull request which you could politely ask the original authors to complete yourself.
+
+* Try committing your changes with an informative but short commit message.
+* All commits of a pull request branch will be squashed into one commit at last. That does not mean you must have only one commit on your pull request, though!
+* Please try not to force-push if it is not needed, so reviewers and other users looking at your pull request later can see the pull request commit history.
+* Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the respository checkout.
+
+You can also read [our Quick-start development guide](https://github.com/ansible/community-docs/blob/main/create_pr_quick_start_guide.rst).
+
+## Test pull requests
+
+If you want to test a PR locally, refer to [our testing guide](https://github.com/ansible/community-docs/blob/main/test_pr_locally_guide.rst) for instructions on how do it quickly.
+
+If you find any inconsistencies or places in this document which can be improved, feel free to raise an issue or pull request to fix it.

README.md

@@ -3,12 +3,18 @@
 [![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-2)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
 
-This repo contains the `community.general` Ansible Collection. The collection includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.
+This repository contains the `community.general` Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.
 
 You can find [documentation for this collection on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
 
 Please note that this collection does **not** support Windows targets. Only connection plugins included in this collection might support Windows targets, and will explicitly mention that in their documentation if they do so.
 
+## Code of Conduct
+
+We follow [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) in all our interactions within this project.
+
+If you encounter abusive behavior violating the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html), please refer to the [policy violations](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#policy-violations) section of the Code of Conduct for information on how to raise a complaint.
+
 ## Tested with Ansible
 
 Tested with the current Ansible 2.9, ansible-base 2.10 and ansible-core 2.11 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported.
@@ -23,7 +29,9 @@ Please check the included content on the [Ansible Galaxy page for this collectio
 
 ## Using this collection
 
-Before using the General community collection, you need to install the collection with the `ansible-galaxy` CLI:
+This collection is shipped with the Ansible package. So if you have it installed, no more action is required.
+
+If you have a minimal installation (only Ansible Core installed) or you want to use the latest version of the collection along with the whole Ansible package, you need to install the collection from [Ansible Galaxy](https://galaxy.ansible.com/community/general) manually with the `ansible-galaxy` command-line tool:
 
     ansible-galaxy collection install community.general
 
@@ -34,38 +42,49 @@ collections:
 - name: community.general
 ```
 
+Note that if you install the collection manually, it will not be upgraded automatically when you upgrade the Ansible package. To upgrade the collection to the latest available version, run the following command:
+
+```bash
+ansible-galaxy collection install community.general --upgrade
+```
+
+You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax where `X.Y.Z` can be any [available version](https://galaxy.ansible.com/community/general):
+
+```bash
+ansible-galaxy collection install community.general:==X.Y.Z
+```
+
 See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details.
 
 ## Contributing to this collection
 
-If you want to develop new content for this collection or improve what is already here, the easiest way to work on the collection is to clone it into one of the configured [`COLLECTIONS_PATH`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), and work on it there.
+The content of this collection is made by good people like you, a community of individuals collaborating on making the world better through developing automation software.
 
-For example, if you are working in the `~/dev` directory:
+All types of contributions are very welcome.
 
-```
-cd ~/dev
-git clone git@github.com:ansible-collections/community.general.git collections/ansible_collections/community/general
-export COLLECTIONS_PATH=$(pwd)/collections:$COLLECTIONS_PATH
-```
+You don't know how to start? Refer to our [contribution guide](https://github.com/ansible-collections/community.general/blob/main/CONTRIBUTING.md)!
+
+The current maintainers are listed in the [commit-rights.md](https://github.com/ansible-collections/community.general/blob/main/commit-rights.md#people) file. If you have questions or need help, feel free to mention them in the proposals.
 
 You can find more information in the [developer guide for collections](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections), and in the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).
 
+Also for some notes specific to this collection see [our CONTRIBUTING documentation](https://github.com/ansible-collections/community.general/blob/main/CONTRIBUTING.md).
+
 ### Running tests
 
 See [here](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#testing-collections).
 
 ### Communication
 
-We have a dedicated Working Group for Ansible development.
+We announce important development changes and releases through Ansible's [The Bullhorn newsletter](https://eepurl.com/gZmiEP). If you are a collection developer, be sure you are subscribed.
 
-You can find other people interested on the following Freenode IRC channels -
-- `#ansible` - For general use questions and support.
-- `#ansible-devel` - For discussions on developer topics and code related to features or bugs.
-- `#ansible-community` - For discussions on community topics and community meetings.
+Join us in the `#ansible` (general use questions and support), `#ansible-community` (community and collection development questions), and other [IRC channels](https://docs.ansible.com/ansible/devel/community/communication.html#irc-channels) on [Libera.chat](https://libera.chat).
+
+We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us.
 
 For more information about communities, meetings and agendas see [Community Wiki](https://github.com/ansible/community/wiki/Community).
 
-For more information about [communication](https://docs.ansible.com/ansible/latest/community/communication.html)
+For more information about communication, refer to the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
 
 ### Publishing New Version
 

changelogs/changelog.yaml

@@ -1882,3 +1882,106 @@ releases:
     - 2454-detect_zfs_changed.yml
     - ovirt-fixup.yml
     release_date: '2021-05-11'
+  2.5.3:
+    changes:
+      bugfixes:
+      - consul_acl - update the hcl allowlist to include all supported options (https://github.com/ansible-collections/community.general/pull/2495).
+      - consul_kv lookup plugin - allow to set ``recurse``, ``index``, ``datacenter``
+        and ``token`` as keyword arguments (https://github.com/ansible-collections/community.general/issues/2124).
+      - influxdb_user - allow creation of admin users when InfluxDB authentication
+        is enabled but no other user exists on the database. In this scenario, InfluxDB
+        1.x allows only ``CREATE USER`` queries and rejects any other query (https://github.com/ansible-collections/community.general/issues/2364).
+      - influxdb_user - fix bug where an influxdb user has no privileges for 2 or
+        more databases (https://github.com/ansible-collections/community.general/pull/2499).
+      - influxdb_user - fix bug which removed current privileges instead of appending
+        them to existing ones (https://github.com/ansible-collections/community.general/issues/2609,
+        https://github.com/ansible-collections/community.general/pull/2614).
+      - iptables_state - call ``async_status`` action plugin rather than its module
+        (https://github.com/ansible-collections/community.general/issues/2700).
+      - iptables_state - fix a 'FutureWarning' in a regex and do some basic code clean
+        up (https://github.com/ansible-collections/community.general/pull/2525).
+      - iptables_state - fix a broken query of ``async_status`` result with current
+        ansible-core development version (https://github.com/ansible-collections/community.general/issues/2627,
+        https://github.com/ansible-collections/community.general/pull/2671).
+      - iptables_state - fix initialization of iptables from null state when adressing
+        more than one table (https://github.com/ansible-collections/community.general/issues/2523).
+      - java_cert - fix issue with incorrect alias used on PKCS#12 certificate import
+        (https://github.com/ansible-collections/community.general/pull/2560).
+      - jenkins_plugin - use POST method for sending request to jenkins API when ``state``
+        option is one of ``enabled``, ``disabled``, ``pinned``, ``unpinned``, or ``absent``
+        (https://github.com/ansible-collections/community.general/issues/2510).
+      - json_query filter plugin - avoid 'unknown type' errors for more Ansible internal
+        types (https://github.com/ansible-collections/community.general/pull/2607).
+      - module_helper module utils - ``CmdMixin`` must also use ``LC_ALL`` to enforce
+        locale choice (https://github.com/ansible-collections/community.general/pull/2731).
+      - netcup_dns - use ``str(ex)`` instead of unreliable ``ex.message`` in exception
+        handling to fix ``AttributeError`` in error cases (https://github.com/ansible-collections/community.general/pull/2590).
+      - nmap inventory plugin - fix local variable error when cache is disabled (https://github.com/ansible-collections/community.general/issues/2512).
+      - ovir4 inventory script - improve configparser creation to avoid crashes for
+        options without values (https://github.com/ansible-collections/community.general/issues/674).
+      - proxmox_kvm - fixed ``vmid`` return value when VM with ``name`` already exists
+        (https://github.com/ansible-collections/community.general/issues/2648).
+      - redis cache - improved connection string parsing (https://github.com/ansible-collections/community.general/issues/497).
+      - rhsm_release - fix the issue that module considers 8, 7Client and 7Workstation
+        as invalid releases (https://github.com/ansible-collections/community.general/pull/2571).
+      - ssh_config - reduce stormssh searches based on host (https://github.com/ansible-collections/community.general/pull/2568/).
+      - terraform - ensure the workspace is set back to its previous value when the
+        apply fails (https://github.com/ansible-collections/community.general/pull/2634).
+      - xfconf - also use ``LC_ALL`` to enforce locale choice (https://github.com/ansible-collections/community.general/issues/2715).
+      - zypper_repository - fix idempotency on adding repository with ``$releasever``
+        and ``$basearch`` variables (https://github.com/ansible-collections/community.general/issues/1985).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 1085-consul-acl-hcl-whitelist-update.yml
+    - 2.5.3.yml
+    - 2126-consul_kv-pass-token.yml
+    - 2364-influxdb_user-first_user.yml
+    - 2461-ovirt4-fix-configparser.yml
+    - 2499-influxdb_user-fix-multiple-no-privileges.yml
+    - 2510-jenkins_plugin_use_post_method.yml
+    - 2518-nmap-fix-cache-disabled.yml
+    - 2525-iptables_state-fix-initialization-command.yml
+    - 2560-java_cert-pkcs12-alias-bugfix.yml
+    - 2568-ssh_config-reduce-stormssh-searches-based-on-host.yml
+    - 2571-rhsm_release-fix-release_matcher.yaml
+    - 2579-redis-cache-ipv6.yml
+    - 2590-netcup_dns-exception-no-message-attr.yml
+    - 2614-influxdb_user-fix-issue-introduced-in-PR#2499.yml
+    - 2634-terraform-switch-workspace.yml
+    - 2648-proxmox_kvm-fix-vmid-return-value.yml
+    - 2671-fix-broken-query-of-async_status-result.yml
+    - 2711-fix-iptables_state-2700-async_status-call.yml
+    - 2722-zypper_repository-fix_idempotency_on_adding_repo_with_releasever.yml
+    - 2731-mh-cmd-locale.yml
+    - json_query_more_types.yml
+    release_date: '2021-06-08'
+  2.5.4:
+    changes:
+      bugfixes:
+      - _mount module utils - fixed the sanity checks (https://github.com/ansible-collections/community.general/pull/2883).
+      - gitlab_project - user projects are created using namespace ID now, instead
+        of user ID (https://github.com/ansible-collections/community.general/pull/2881).
+      - ipa_sudorule - call ``sudorule_add_allow_command`` method instead of  ``sudorule_add_allow_command_group``
+        (https://github.com/ansible-collections/community.general/issues/2442).
+      - modprobe - added additional checks to ensure module load/unload is effective
+        (https://github.com/ansible-collections/community.general/issues/1608).
+      - nmcli - fixes team-slave configuration by adding connection.slave-type (https://github.com/ansible-collections/community.general/issues/766).
+      - npm - when the ``version`` option is used the comparison of installed vs missing
+        will use name@version instead of just name, allowing version specific updates
+        (https://github.com/ansible-collections/community.general/issues/2021).
+      - proxmox_kvm - fix parsing of Proxmox VM information with device info not containing
+        a comma, like disks backed by ZFS zvols (https://github.com/ansible-collections/community.general/issues/2840).
+      - scaleway plugin inventory - fix ``JSON object must be str, not 'bytes'`` with
+        Python 3.5 (https://github.com/ansible-collections/community.general/issues/2769).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 2.5.4.yml
+    - 2771-scaleway_inventory_json_accept_byte_array.yml
+    - 2821-ipa_sudorule.yml
+    - 2827-nmcli_fix_team_slave.yml
+    - 2830-npm-version-update.yml
+    - 2841-proxmox_kvm_zfs_devstr.yml
+    - 2843-modprobe-failure-conditions.yml
+    - 2881-gitlab_project-fix_workspace_user.yaml
+    - 2883-_mount-fixed-sanity-checks.yml
+    release_date: '2021-06-29'

commit-rights.md

@@ -67,6 +67,8 @@ Individuals who have been asked to become a part of this group have generally be
 
 | Name                | GitHub ID            | IRC Nick           | Other                |
 | ------------------- | -------------------- | ------------------ | -------------------- |
+| Alexei Znamensky    | russoz               | russoz             |                      |
+| Amin Vakil          | aminvakil            | aminvakil          |                      |
 | Andrew Klychkov     | andersson007         | andersson007_      |                      |
 | Felix Fontein       | felixfontein         | felixfontein       |                      |
 | John R Barker       | gundalow             | gundalow           |                      |

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 2.5.2
+version: 2.5.4
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)

plugins/action/system/iptables_state.py

@@ -7,7 +7,7 @@ __metaclass__ = type
 import time
 
 from ansible.plugins.action import ActionBase
-from ansible.errors import AnsibleError, AnsibleActionFail, AnsibleConnectionFailure
+from ansible.errors import AnsibleActionFail, AnsibleConnectionFailure
 from ansible.utils.vars import merge_hash
 from ansible.utils.display import Display
 
@@ -40,19 +40,27 @@ class ActionModule(ActionBase):
         "(=%s) to 0, and 'async' (=%s) to a value >2 and not greater than "
         "'ansible_timeout' (=%s) (recommended).")
 
-    def _async_result(self, module_args, task_vars, timeout):
+    def _async_result(self, async_status_args, task_vars, timeout):
         '''
         Retrieve results of the asynchonous task, and display them in place of
         the async wrapper results (those with the ansible_job_id key).
         '''
+        async_status = self._task.copy()
+        async_status.args = async_status_args
+        async_status.action = 'ansible.builtin.async_status'
+        async_status.async_val = 0
+        async_action = self._shared_loader_obj.action_loader.get(
+            async_status.action, task=async_status, connection=self._connection,
+            play_context=self._play_context, loader=self._loader, templar=self._templar,
+            shared_loader_obj=self._shared_loader_obj)
+
+        if async_status.args['mode'] == 'cleanup':
+            return async_action.run(task_vars=task_vars)
+
         # At least one iteration is required, even if timeout is 0.
-        for i in range(max(1, timeout)):
-            async_result = self._execute_module(
-                module_name='ansible.builtin.async_status',
-                module_args=module_args,
-                task_vars=task_vars,
-                wrap_async=False)
-            if async_result['finished'] == 1:
+        for dummy in range(max(1, timeout)):
+            async_result = async_action.run(task_vars=task_vars)
+            if async_result.get('finished', 0) == 1:
                 break
             time.sleep(min(1, timeout))
 
@@ -76,7 +84,6 @@ class ActionModule(ActionBase):
             task_async = self._task.async_val
             check_mode = self._play_context.check_mode
             max_timeout = self._connection._play_context.timeout
-            module_name = self._task.action
             module_args = self._task.args
 
             if module_args.get('state', None) == 'restored':
@@ -107,7 +114,7 @@ class ActionModule(ActionBase):
                     # longer on the controller); and set a backup file path.
                     module_args['_timeout'] = task_async
                     module_args['_back'] = '%s/iptables.state' % async_dir
-                    async_status_args = dict(_async_dir=async_dir)
+                    async_status_args = dict(mode='status')
                     confirm_cmd = 'rm -f %s' % module_args['_back']
                     starter_cmd = 'touch %s.starter' % module_args['_back']
                     remaining_time = max(task_async, max_timeout)
@@ -133,7 +140,7 @@ class ActionModule(ActionBase):
                 # The module is aware to not process the main iptables-restore
                 # command before finding (and deleting) the 'starter' cookie on
                 # the host, so the previous query will not reach ssh timeout.
-                garbage = self._low_level_execute_command(starter_cmd, sudoable=self.DEFAULT_SUDOABLE)
+                dummy = self._low_level_execute_command(starter_cmd, sudoable=self.DEFAULT_SUDOABLE)
 
                 # As the main command is not yet executed on the target, here
                 # 'finished' means 'failed before main command be executed'.
@@ -143,7 +150,7 @@ class ActionModule(ActionBase):
                     except AttributeError:
                         pass
 
-                    for x in range(max_timeout):
+                    for dummy in range(max_timeout):
                         time.sleep(1)
                         remaining_time -= 1
                         # - AnsibleConnectionFailure covers rejected requests (i.e.
@@ -151,7 +158,7 @@ class ActionModule(ActionBase):
                         # - ansible_timeout is able to cover dropped requests (due
                         #   to a rule or policy DROP) if not lower than async_val.
                         try:
-                            garbage = self._low_level_execute_command(confirm_cmd, sudoable=self.DEFAULT_SUDOABLE)
+                            dummy = self._low_level_execute_command(confirm_cmd, sudoable=self.DEFAULT_SUDOABLE)
                             break
                         except AnsibleConnectionFailure:
                             continue
@@ -164,16 +171,12 @@ class ActionModule(ActionBase):
                         del result[key]
 
                 if result.get('invocation', {}).get('module_args'):
-                    if '_timeout' in result['invocation']['module_args']:
-                        del result['invocation']['module_args']['_back']
-                        del result['invocation']['module_args']['_timeout']
+                    for key in ('_back', '_timeout', '_async_dir', 'jid'):
+                        if result['invocation']['module_args'].get(key):
+                            del result['invocation']['module_args'][key]
 
                 async_status_args['mode'] = 'cleanup'
-                garbage = self._execute_module(
-                    module_name='ansible.builtin.async_status',
-                    module_args=async_status_args,
-                    task_vars=task_vars,
-                    wrap_async=False)
+                dummy = self._async_result(async_status_args, task_vars, 0)
 
         if not wrap_async:
             # remove a temporary path we created

plugins/cache/redis.py

@@ -61,6 +61,7 @@ DOCUMENTATION = '''
         type: integer
 '''
 
+import re
 import time
 import json
 
@@ -91,6 +92,8 @@ class CacheModule(BaseCacheModule):
     performance.
     """
     _sentinel_service_name = None
+    re_url_conn = re.compile(r'^([^:]+|\[[^]]+\]):(\d+):(\d+)(?::(.*))?$')
+    re_sent_conn = re.compile(r'^(.*):(\d+)$')
 
     def __init__(self, *args, **kwargs):
         uri = ''
@@ -130,11 +133,18 @@ class CacheModule(BaseCacheModule):
             self._db = self._get_sentinel_connection(uri, kw)
         # normal connection
         else:
-            connection = uri.split(':')
+            connection = self._parse_connection(self.re_url_conn, uri)
             self._db = StrictRedis(*connection, **kw)
 
         display.vv('Redis connection: %s' % self._db)
 
+    @staticmethod
+    def _parse_connection(re_patt, uri):
+        match = re_patt.match(uri)
+        if not match:
+            raise AnsibleError("Unable to parse connection string")
+        return match.groups()
+
     def _get_sentinel_connection(self, uri, kw):
         """
         get sentinel connection details from _uri
@@ -158,7 +168,7 @@ class CacheModule(BaseCacheModule):
             except IndexError:
                 pass  # password is optional
 
-        sentinels = [tuple(shost.split(':')) for shost in connections]
+        sentinels = [self._parse_connection(self.re_sent_conn, shost) for shost in connections]
         display.vv('\nUsing redis sentinels: %s' % sentinels)
         scon = Sentinel(sentinels, **kw)
         try:

plugins/filter/json_query.py

@@ -35,9 +35,11 @@ def json_query(data, expr):
         raise AnsibleError('You need to install "jmespath" prior to running '
                            'json_query filter')
 
-    # Hack to handle Ansible String Types
+    # Hack to handle Ansible Unsafe text, AnsibleMapping and AnsibleSequence
     # See issue: https://github.com/ansible-collections/community.general/issues/320
     jmespath.functions.REVERSE_TYPES_MAP['string'] = jmespath.functions.REVERSE_TYPES_MAP['string'] + ('AnsibleUnicode', 'AnsibleUnsafeText', )
+    jmespath.functions.REVERSE_TYPES_MAP['array'] = jmespath.functions.REVERSE_TYPES_MAP['array'] + ('AnsibleSequence', )
+    jmespath.functions.REVERSE_TYPES_MAP['object'] = jmespath.functions.REVERSE_TYPES_MAP['object'] + ('AnsibleMapping', )
     try:
         return jmespath.search(expr, data)
     except jmespath.exceptions.JMESPathError as e:

plugins/inventory/nmap.py

@@ -130,7 +130,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                 # This occurs if the cache_key is not in the cache or if the cache_key expired, so the cache needs to be updated
                 cache_needs_update = True
 
-        if cache_needs_update:
+        if not user_cache_setting or cache_needs_update:
             # setup command
             cmd = [self._nmap]
             if not self._options['ports']:
@@ -207,6 +207,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             except Exception as e:
                 raise AnsibleParserError("failed to parse %s: %s " % (to_native(path), to_native(e)))
 
+        if cache_needs_update:
             self._cache[cache_key] = results
 
         self._populate(results)

plugins/inventory/scaleway.py

@@ -1,24 +1,24 @@
-# Copyright (c) 2017 Ansible Project
+# Copyright: (c) 2017 Ansible Project
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import (absolute_import, division, print_function)
 
 __metaclass__ = type
 
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
     name: scaleway
     author:
       - Remy Leone (@sieben)
     short_description: Scaleway inventory source
     description:
-        - Get inventory hosts from Scaleway
+        - Get inventory hosts from Scaleway.
     options:
         plugin:
-            description: token that ensures this is a source file for the 'scaleway' plugin.
+            description: Token that ensures this is a source file for the 'scaleway' plugin.
             required: True
             choices: ['scaleway', 'community.general.scaleway']
         regions:
-            description: Filter results on a specific Scaleway region
+            description: Filter results on a specific Scaleway region.
             type: list
             default:
                 - ams1
@@ -26,11 +26,13 @@ DOCUMENTATION = '''
                 - par2
                 - waw1
         tags:
-            description: Filter results on a specific tag
+            description: Filter results on a specific tag.
             type: list
         oauth_token:
             required: True
-            description: Scaleway OAuth token.
+            description:
+            - Scaleway OAuth token.
+            - More details on L(how to generate token, https://www.scaleway.com/en/docs/generate-api-keys/).
             env:
                 # in order of precedence
                 - name: SCW_TOKEN
@@ -48,14 +50,14 @@ DOCUMENTATION = '''
                 - hostname
                 - id
         variables:
-            description: 'set individual variables: keys are variable names and
+            description: 'Set individual variables: keys are variable names and
                           values are templates. Any value returned by the
                           L(Scaleway API, https://developer.scaleway.com/#servers-server-get)
                           can be used.'
             type: dict
 '''
 
-EXAMPLES = '''
+EXAMPLES = r'''
 # scaleway_inventory.yml file in YAML format
 # Example command line: ansible-inventory --list -i scaleway_inventory.yml
 
@@ -81,6 +83,15 @@ regions:
   - par1
 variables:
   ansible_host: public_ip.address
+
+# Using static strings as variables
+plugin: community.general.scaleway
+hostnames:
+  - hostname
+variables:
+  ansible_host: public_ip.address
+  ansible_connection: "'ssh'"
+  ansible_user: "'admin'"
 '''
 
 import json
@@ -89,7 +100,7 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible_collections.community.general.plugins.module_utils.scaleway import SCALEWAY_LOCATION, parse_pagination_link
 from ansible.module_utils.urls import open_url
-from ansible.module_utils._text import to_native
+from ansible.module_utils._text import to_native, to_text
 
 import ansible.module_utils.six.moves.urllib.parse as urllib_parse
 
@@ -105,7 +116,7 @@ def _fetch_information(token, url):
         except Exception as e:
             raise AnsibleError("Error while fetching %s: %s" % (url, to_native(e)))
         try:
-            raw_json = json.loads(response.read())
+            raw_json = json.loads(to_text(response.read()))
         except ValueError:
             raise AnsibleError("Incorrect JSON payload")
 
@@ -230,8 +241,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
 
         if not matching_tags:
             return set()
-        else:
-            return matching_tags.union((server_zone,))
+        return matching_tags.union((server_zone,))
 
     def _filter_host(self, host_infos, hostname_preferences):
 

plugins/inventory/stackpath_compute.py

@@ -10,6 +10,8 @@ DOCUMENTATION = '''
     name: stackpath_compute
     short_description: StackPath Edge Computing inventory source
     version_added: 1.2.0
+    author:
+        - UNKNOWN (@shayrybak)
     extends_documentation_fragment:
         - inventory_cache
         - constructed

plugins/lookup/consul_kv.py

@@ -171,10 +171,10 @@ class LookupModule(LookupBase):
 
         paramvals = {
             'key': params[0],
-            'token': None,
-            'recurse': False,
-            'index': None,
-            'datacenter': None
+            'token': self.get_option('token'),
+            'recurse': self.get_option('recurse'),
+            'index': self.get_option('index'),
+            'datacenter': self.get_option('datacenter')
         }
 
         # parameters specified?

plugins/lookup/tss.py

@@ -103,6 +103,14 @@ EXAMPLES = r"""
                 | items2dict(key_name='slug',
                              value_name='itemValue'))['password']
             }}
+
+- hosts: localhost
+  vars:
+      secret_password: >-
+        {{ ((lookup('community.general.tss', 1) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password'] }}"
+  tasks:
+      - ansible.builtin.debug:
+          msg: the password is {{ secret_password }}
 """
 
 from ansible.errors import AnsibleError, AnsibleOptionsError

plugins/module_utils/_mount.py

@@ -48,6 +48,10 @@
 # agrees to be bound by the terms and conditions of this License
 # Agreement.
 
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
 import os
 
 

plugins/module_utils/module_helper.py

@@ -487,13 +487,16 @@ class CmdMixin(object):
     def run_command(self, extra_params=None, params=None, *args, **kwargs):
         self.vars.cmd_args = self._calculate_args(extra_params, params)
         options = dict(self.run_command_fixed_options)
-        env_update = dict(options.get('environ_update', {}))
         options['check_rc'] = options.get('check_rc', self.check_rc)
+        options.update(kwargs)
+        env_update = dict(options.get('environ_update', {}))
         if self.force_lang:
-            env_update.update({'LANGUAGE': self.force_lang})
+            env_update.update({
+                'LANGUAGE': self.force_lang,
+                'LC_ALL': self.force_lang,
+            })
             self.update_output(force_lang=self.force_lang)
             options['environ_update'] = env_update
-        options.update(kwargs)
         rc, out, err = self.module.run_command(self.vars.cmd_args, *args, **options)
         self.update_output(rc=rc, stdout=out, stderr=err)
         return self.process_command_output(rc, out, err)

plugins/modules/cloud/misc/proxmox_kvm.py

@@ -815,26 +815,27 @@ def get_vminfo(module, proxmox, node, vmid, **kwargs):
             del kwargs[k]
 
     # Split information by type
-    for k, v in kwargs.items():
-        if re.match(r'net[0-9]', k) is not None:
-            interface = k
-            k = vm[k]
-            k = re.search('=(.*?),', k).group(1)
-            mac[interface] = k
-        if (re.match(r'virtio[0-9]', k) is not None or
-                re.match(r'ide[0-9]', k) is not None or
-                re.match(r'scsi[0-9]', k) is not None or
-                re.match(r'sata[0-9]', k) is not None):
-            device = k
-            k = vm[k]
-            k = re.search('(.*?),', k).group(1)
-            devices[device] = k
+    re_net = re.compile(r'net[0-9]')
+    re_dev = re.compile(r'(virtio|ide|scsi|sata)[0-9]')
+    for k in kwargs.keys():
+        if re_net.match(k):
+            mac[k] = parse_mac(vm[k])
+        elif re_dev.match(k):
+            devices[k] = parse_dev(vm[k])
 
     results['mac'] = mac
     results['devices'] = devices
     results['vmid'] = int(vmid)
 
 
+def parse_mac(netstr):
+    return re.search('=(.*?),', netstr).group(1)
+
+
+def parse_dev(devstr):
+    return re.search('(.*?)(,|$)', devstr).group(1)
+
+
 def settings(module, proxmox, vmid, node, name, **kwargs):
     proxmox_node = proxmox.nodes(node)
 
@@ -1226,7 +1227,7 @@ def main():
             if get_vm(proxmox, vmid) and not (update or clone):
                 module.exit_json(changed=False, vmid=vmid, msg="VM with vmid <%s> already exists" % vmid)
             elif get_vmid(proxmox, name) and not (update or clone):
-                module.exit_json(changed=False, vmid=vmid, msg="VM with name <%s> already exists" % name)
+                module.exit_json(changed=False, vmid=get_vmid(proxmox, name)[0], msg="VM with name <%s> already exists" % name)
             elif not (node, name):
                 module.fail_json(msg='node, name is mandatory for creating/updating vm')
             elif not node_check(proxmox, node):

plugins/modules/cloud/misc/terraform.py

@@ -398,7 +398,14 @@ def main():
         command.append(plan_file)
 
     if needs_application and not module.check_mode and not state == 'planned':
-        rc, out, err = module.run_command(command, check_rc=True, cwd=project_path)
+        rc, out, err = module.run_command(command, check_rc=False, cwd=project_path)
+        if rc != 0:
+            if workspace_ctx["current"] != workspace:
+                select_workspace(command[0], project_path, workspace_ctx["current"])
+            module.fail_json(msg=err.rstrip(), rc=rc, stdout=out,
+                             stdout_lines=out.splitlines(), stderr=err,
+                             stderr_lines=err.splitlines(),
+                             cmd=' '.join(command))
         # checks out to decide if changes were made during execution
         if ' 0 added, 0 changed' not in out and not state == "absent" or ' 0 destroyed' not in out:
             changed = True

plugins/modules/cloud/softlayer/sl_vm.py

@@ -217,7 +217,7 @@ EXAMPLES = '''
         datacenter: dal09
         tags:
           - ansible-module-test
-          - ansible-module-test-slaves
+          - ansible-module-test-replicas
         hourly: yes
         private: no
         dedicated: no
@@ -235,7 +235,7 @@ EXAMPLES = '''
         datacenter: dal09
         tags:
           - ansible-module-test
-          - ansible-module-test-slaves
+          - ansible-module-test-replicas
         hourly: yes
         private: no
         dedicated: no

plugins/modules/clustering/consul/consul_acl.py

@@ -189,7 +189,24 @@ from collections import defaultdict
 from ansible.module_utils.basic import to_text, AnsibleModule
 
 
-RULE_SCOPES = ["agent", "event", "key", "keyring", "node", "operator", "query", "service", "session"]
+RULE_SCOPES = [
+    "agent",
+    "agent_prefix",
+    "event",
+    "event_prefix",
+    "key",
+    "key_prefix",
+    "keyring",
+    "node",
+    "node_prefix",
+    "operator",
+    "query",
+    "query_prefix",
+    "service",
+    "service_prefix",
+    "session",
+    "session_prefix",
+]
 
 MANAGEMENT_PARAMETER_NAME = "mgmt_token"
 HOST_PARAMETER_NAME = "host"

plugins/modules/database/influxdb/influxdb_user.py

@@ -100,6 +100,8 @@ RETURN = r'''
 #only defaults
 '''
 
+import json
+
 from ansible.module_utils.urls import ConnectionError
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_native
@@ -115,7 +117,7 @@ def find_user(module, client, user_name):
             if user['user'] == user_name:
                 user_result = user
                 break
-    except (ConnectionError, influx.exceptions.InfluxDBClientError) as e:
+    except ConnectionError as e:
         module.fail_json(msg=to_native(e))
     return user_result
 
@@ -166,16 +168,16 @@ def set_user_grants(module, client, user_name, grants):
 
     try:
         current_grants = client.get_list_privileges(user_name)
+        parsed_grants = []
         # Fix privileges wording
         for i, v in enumerate(current_grants):
-            if v['privilege'] == 'ALL PRIVILEGES':
-                v['privilege'] = 'ALL'
-                current_grants[i] = v
-            elif v['privilege'] == 'NO PRIVILEGES':
-                del(current_grants[i])
+            if v['privilege'] != 'NO PRIVILEGES':
+                if v['privilege'] == 'ALL PRIVILEGES':
+                    v['privilege'] = 'ALL'
+                parsed_grants.append(v)
 
         # check if the current grants are included in the desired ones
-        for current_grant in current_grants:
+        for current_grant in parsed_grants:
             if current_grant not in grants:
                 if not module.check_mode:
                     client.revoke_privilege(current_grant['privilege'],
@@ -185,7 +187,7 @@ def set_user_grants(module, client, user_name, grants):
 
         # check if the desired grants are included in the current ones
         for grant in grants:
-            if grant not in current_grants:
+            if grant not in parsed_grants:
                 if not module.check_mode:
                     client.grant_privilege(grant['privilege'],
                                            grant['database'],
@@ -198,6 +200,9 @@ def set_user_grants(module, client, user_name, grants):
     return changed
 
 
+INFLUX_AUTH_FIRST_USER_REQUIRED = "error authorizing query: create admin user first or disable authentication"
+
+
 def main():
     argument_spec = influx.InfluxDb.influxdb_argument_spec()
     argument_spec.update(
@@ -219,7 +224,23 @@ def main():
     grants = module.params['grants']
     influxdb = influx.InfluxDb(module)
     client = influxdb.connect_to_influxdb()
-    user = find_user(module, client, user_name)
+
+    user = None
+    try:
+        user = find_user(module, client, user_name)
+    except influx.exceptions.InfluxDBClientError as e:
+        if e.code == 403:
+            reason = None
+            try:
+                msg = json.loads(e.content)
+                reason = msg["error"]
+            except (KeyError, ValueError):
+                module.fail_json(msg=to_native(e))
+
+            if reason != INFLUX_AUTH_FIRST_USER_REQUIRED:
+                module.fail_json(msg=to_native(e))
+        else:
+            module.fail_json(msg=to_native(e))
 
     changed = False
 

plugins/modules/files/xml.py

@@ -301,6 +301,23 @@ EXAMPLES = r'''
             - floor: Grog storage
             - construction_date: "1990"  # Only strings are valid
       - building: Grog factory
+
+# Consider this XML for following example -
+#
+# <config>
+#   <element name="test1">
+#     <text>part to remove</text>
+#   </element>
+#   <element name="test2">
+#     <text>part to keep</text>
+#   </element>
+# </config>
+
+- name: Delete element node based upon attribute
+  community.general.xml:
+    path: bar.xml
+    xpath: /config/element[@name='test1']
+    state: absent
 '''
 
 RETURN = r'''

plugins/modules/identity/ipa/ipa_sudorule.py

@@ -237,7 +237,7 @@ class SudoRuleIPAClient(IPAClient):
         return self._post_json(method='sudorule_add_allow_command', name=name, item={'sudocmd': item})
 
     def sudorule_add_allow_command_group(self, name, item):
-        return self._post_json(method='sudorule_add_allow_command_group', name=name, item={'sudocmdgroup': item})
+        return self._post_json(method='sudorule_add_allow_command', name=name, item={'sudocmdgroup': item})
 
     def sudorule_remove_allow_command(self, name, item):
         return self._post_json(method='sudorule_remove_allow_command', name=name, item=item)

plugins/modules/net_tools/haproxy.py

@@ -150,7 +150,7 @@ EXAMPLES = r'''
     backend: www
     wait: yes
     drain: yes
-    wait_interval: 1
+    wait_interval: 60
     wait_retries: 60
 
 - name: Disable backend server in 'www' backend pool and drop open sessions to it

plugins/modules/net_tools/netcup_dns.py

@@ -255,7 +255,7 @@ def main():
                 has_changed = True
 
     except Exception as ex:
-        module.fail_json(msg=ex.message)
+        module.fail_json(msg=str(ex))
 
     module.exit_json(changed=has_changed, result={"records": [record_data(r) for r in all_records]})
 

plugins/modules/net_tools/nmcli.py

@@ -757,6 +757,10 @@ class Nmcli(object):
                 'bridge-port.hairpin-mode': self.hairpin,
                 'bridge-port.priority': self.slavepriority,
             })
+        elif self.type == 'team-slave':
+            options.update({
+                'connection.slave-type': 'team',
+            })
         elif self.tunnel_conn_type:
             options.update({
                 'ip-tunnel.local': self.ip_tunnel_local,

plugins/modules/packaging/language/npm.py

@@ -181,7 +181,7 @@ class Npm(object):
                 cmd.append('--ignore-scripts')
             if self.unsafe_perm:
                 cmd.append('--unsafe-perm')
-            if self.name and add_package_name:
+            if self.name_version and add_package_name:
                 cmd.append(self.name_version)
             if self.registry:
                 cmd.append('--registry')
@@ -215,14 +215,17 @@ class Npm(object):
         except (getattr(json, 'JSONDecodeError', ValueError)) as e:
             self.module.fail_json(msg="Failed to parse NPM output with error %s" % to_native(e))
         if 'dependencies' in data:
-            for dep in data['dependencies']:
-                if 'missing' in data['dependencies'][dep] and data['dependencies'][dep]['missing']:
+            for dep, props in data['dependencies'].items():
+                dep_version = dep + '@' + str(props['version'])
+
+                if 'missing' in props and props['missing']:
                     missing.append(dep)
-                elif 'invalid' in data['dependencies'][dep] and data['dependencies'][dep]['invalid']:
+                elif 'invalid' in props and props['invalid']:
                     missing.append(dep)
                 else:
                     installed.append(dep)
-            if self.name and self.name not in installed:
+                    installed.append(dep_version)
+            if self.name_version and self.name_version not in installed:
                 missing.append(self.name)
         # Named dependency not installed
         else:

plugins/modules/packaging/os/pacman.py

@@ -30,9 +30,12 @@ options:
 
     state:
         description:
-            - Desired state of the package.
+          - Whether to install (C(present) or C(installed), C(latest)), or remove (C(absent) or C(removed)) a package.
+          - C(present) and C(installed) will simply ensure that a desired package is installed.
+          - C(latest) will update the specified package if it is not of the latest available version.
+          - C(absent) and C(removed) will remove the specified package.
         default: present
-        choices: [ absent, latest, present, installed, removed ]
+        choices: [ absent, installed, latest, present, removed ]
         type: str
 
     force:

plugins/modules/packaging/os/rhsm_release.py

@@ -56,9 +56,9 @@ from ansible.module_utils.basic import AnsibleModule
 
 import re
 
-# Matches release-like values such as 7.2, 6.10, 10Server,
-# but rejects unlikely values, like 100Server, 100.0, 1.100, etc.
-release_matcher = re.compile(r'\b\d{1,2}(?:\.\d{1,2}|Server)\b')
+# Matches release-like values such as 7.2, 5.10, 6Server, 8
+# but rejects unlikely values, like 100Server, 1.100, 7server etc.
+release_matcher = re.compile(r'\b\d{1,2}(?:\.\d{1,2}|Server|Client|Workstation|)\b')
 
 
 def _sm_release(module, *args):

plugins/modules/packaging/os/zypper_repository.py

@@ -175,7 +175,7 @@ def _parse_repos(module):
         module.fail_json(msg='Failed to execute "%s"' % " ".join(cmd), rc=rc, stdout=stdout, stderr=stderr)
 
 
-def _repo_changes(realrepo, repocmp):
+def _repo_changes(module, realrepo, repocmp):
     "Check whether the 2 given repos have different settings."
     for k in repocmp:
         if repocmp[k] and k not in realrepo:
@@ -186,6 +186,16 @@ def _repo_changes(realrepo, repocmp):
             valold = str(repocmp[k] or "")
             valnew = v or ""
             if k == "url":
+                if '$releasever' in valold or '$releasever' in valnew:
+                    cmd = ['rpm', '-q', '--qf', '%{version}', '-f', '/etc/os-release']
+                    rc, stdout, stderr = module.run_command(cmd, check_rc=True)
+                    valnew = valnew.replace('$releasever', stdout)
+                    valold = valold.replace('$releasever', stdout)
+                if '$basearch' in valold or '$basearch' in valnew:
+                    cmd = ['rpm', '-q', '--qf', '%{arch}', '-f', '/etc/os-release']
+                    rc, stdout, stderr = module.run_command(cmd, check_rc=True)
+                    valnew = valnew.replace('$basearch', stdout)
+                    valold = valold.replace('$basearch', stdout)
                 valold, valnew = valold.rstrip("/"), valnew.rstrip("/")
             if valold != valnew:
                 return True
@@ -215,7 +225,7 @@ def repo_exists(module, repodata, overwrite_multiple):
         return (False, False, None)
     elif len(repos) == 1:
         # Found an existing repo, look for changes
-        has_changes = _repo_changes(repos[0], repodata)
+        has_changes = _repo_changes(module, repos[0], repodata)
         return (True, has_changes, repos)
     elif len(repos) >= 2:
         if overwrite_multiple:

plugins/modules/source_control/gitlab/gitlab_project.py

@@ -345,22 +345,22 @@ def main():
     gitlab_project = GitLabProject(module, gitlab_instance)
 
     namespace = None
-    user_group_id = None
+    namespace_id = None
     if group_identifier:
         group = findGroup(gitlab_instance, group_identifier)
         if group is None:
             module.fail_json(msg="Failed to create project: group %s doesn't exists" % group_identifier)
 
-        user_group_id = group.id
+        namespace_id = group.id
     else:
-        user = gitlab_instance.users.list(username=gitlab_instance.user.username)[0]
-        user_group_id = user.id
+        namespace = gitlab_instance.namespaces.list(search=gitlab_instance.user.username)[0]
+        namespace_id = namespace.id
 
-    if not user_group_id:
-        module.fail_json(msg="Failed to find the user/group id which required to find namespace")
+    if not namespace_id:
+        module.fail_json(msg="Failed to find the namespace or group ID which is required to look up the namespace")
 
     try:
-        namespace = gitlab_instance.namespaces.get(user_group_id)
+        namespace = gitlab_instance.namespaces.get(namespace_id)
     except gitlab.exceptions.GitlabGetError as e:
         module.fail_json(msg="Failed to find the namespace for the given user: %s" % to_native(e))
 

plugins/modules/source_control/gitlab/gitlab_runner.py

@@ -77,7 +77,9 @@ options:
     type: bool
   access_level:
     description:
-      - Determines if a runner can pick up jobs from protected branches.
+      - Determines if a runner can pick up jobs only from protected branches.
+      - If set to C(ref_protected), runner can pick up jobs only from protected branches.
+      - If set to C(not_protected), runner can pick up jobs from both protected and unprotected branches.
     required: False
     default: ref_protected
     choices: ["ref_protected", "not_protected"]

plugins/modules/system/iptables_state.py

@@ -232,7 +232,7 @@ import filecmp
 import shutil
 
 from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils._text import to_bytes, to_native, to_text
+from ansible.module_utils._text import to_bytes, to_native
 
 
 IPTABLES = dict(
@@ -262,7 +262,7 @@ def read_state(b_path):
     lines = text.splitlines()
     while '' in lines:
         lines.remove('')
-    return (lines)
+    return lines
 
 
 def write_state(b_path, lines, changed):
@@ -282,9 +282,9 @@ def write_state(b_path, lines, changed):
         if b_destdir and not os.path.exists(b_destdir) and not module.check_mode:
             try:
                 os.makedirs(b_destdir)
-            except Exception as e:
+            except Exception as err:
                 module.fail_json(
-                    msg='Error creating %s. Error code: %s. Error description: %s' % (destdir, e[0], e[1]),
+                    msg='Error creating %s: %s' % (destdir, to_native(err)),
                     initial_state=lines)
         changed = True
 
@@ -295,16 +295,16 @@ def write_state(b_path, lines, changed):
     if changed and not module.check_mode:
         try:
             shutil.copyfile(tmpfile, b_path)
-        except Exception as e:
+        except Exception as err:
             path = to_native(b_path, errors='surrogate_or_strict')
             module.fail_json(
-                msg='Error saving state into %s. Error code: %s. Error description: %s' % (path, e[0], e[1]),
+                msg='Error saving state into %s: %s' % (path, to_native(err)),
                 initial_state=lines)
 
     return changed
 
 
-def initialize_from_null_state(initializer, initcommand, table):
+def initialize_from_null_state(initializer, initcommand, fallbackcmd, table):
     '''
     This ensures iptables-state output is suitable for iptables-restore to roll
     back to it, i.e. iptables-save output is not empty. This also works for the
@@ -313,14 +313,17 @@ def initialize_from_null_state(initializer, initcommand, table):
     if table is None:
         table = 'filter'
 
-    tmpfd, tmpfile = tempfile.mkstemp()
-    with os.fdopen(tmpfd, 'w') as f:
-        f.write('*%s\nCOMMIT\n' % table)
-
-    initializer.append(tmpfile)
-    (rc, out, err) = module.run_command(initializer, check_rc=True)
+    commandline = list(initializer)
+    commandline += ['-t', table]
+    dummy = module.run_command(commandline, check_rc=True)
     (rc, out, err) = module.run_command(initcommand, check_rc=True)
-    return (rc, out, err)
+    if '*%s' % table not in out.splitlines():
+        # The last resort.
+        iptables_input = '*%s\n:OUTPUT ACCEPT\nCOMMIT\n' % table
+        dummy = module.run_command(fallbackcmd, data=iptables_input, check_rc=True)
+        (rc, out, err) = module.run_command(initcommand, check_rc=True)
+
+    return rc, out, err
 
 
 def filter_and_format_state(string):
@@ -328,13 +331,13 @@ def filter_and_format_state(string):
     Remove timestamps to ensure idempotence between runs. Also remove counters
     by default. And return the result as a list.
     '''
-    string = re.sub('((^|\n)# (Generated|Completed)[^\n]*) on [^\n]*', '\\1', string)
+    string = re.sub(r'((^|\n)# (Generated|Completed)[^\n]*) on [^\n]*', r'\1', string)
     if not module.params['counters']:
-        string = re.sub('[[][0-9]+:[0-9]+[]]', '[0:0]', string)
+        string = re.sub(r'\[[0-9]+:[0-9]+\]', r'[0:0]', string)
     lines = string.splitlines()
     while '' in lines:
         lines.remove('')
-    return (lines)
+    return lines
 
 
 def per_table_state(command, state):
@@ -347,14 +350,14 @@ def per_table_state(command, state):
         COMMAND = list(command)
         if '*%s' % t in state.splitlines():
             COMMAND.extend(['--table', t])
-            (rc, out, err) = module.run_command(COMMAND, check_rc=True)
-            out = re.sub('(^|\n)(# Generated|# Completed|[*]%s|COMMIT)[^\n]*' % t, '', out)
-            out = re.sub(' *[[][0-9]+:[0-9]+[]] *', '', out)
+            dummy, out, dummy = module.run_command(COMMAND, check_rc=True)
+            out = re.sub(r'(^|\n)(# Generated|# Completed|[*]%s|COMMIT)[^\n]*' % t, r'', out)
+            out = re.sub(r' *\[[0-9]+:[0-9]+\] *', r'', out)
             table = out.splitlines()
             while '' in table:
                 table.remove('')
             tables[t] = table
-    return (tables)
+    return tables
 
 
 def main():
@@ -402,8 +405,9 @@ def main():
     changed = False
     COMMANDARGS = []
     INITCOMMAND = [bin_iptables_save]
-    INITIALIZER = [bin_iptables_restore]
+    INITIALIZER = [bin_iptables, '-L', '-n']
     TESTCOMMAND = [bin_iptables_restore, '--test']
+    FALLBACKCMD = [bin_iptables_restore]
 
     if counters:
         COMMANDARGS.append('--counters')
@@ -428,6 +432,7 @@ def main():
         INITIALIZER.extend(['--modprobe', modprobe])
         INITCOMMAND.extend(['--modprobe', modprobe])
         TESTCOMMAND.extend(['--modprobe', modprobe])
+        FALLBACKCMD.extend(['--modprobe', modprobe])
 
     SAVECOMMAND = list(COMMANDARGS)
     SAVECOMMAND.insert(0, bin_iptables_save)
@@ -461,15 +466,15 @@ def main():
             for t in TABLES:
                 if '*%s' % t in state_to_restore:
                     if len(stdout) == 0 or '*%s' % t not in stdout.splitlines():
-                        (rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, t)
+                        (rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, FALLBACKCMD, t)
         elif len(stdout) == 0:
-            (rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, 'filter')
+            (rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, FALLBACKCMD, 'filter')
 
     elif state == 'restored' and '*%s' % table not in state_to_restore:
         module.fail_json(msg="Table %s to restore not defined in %s" % (table, path))
 
     elif len(stdout) == 0 or '*%s' % table not in stdout.splitlines():
-        (rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, table)
+        (rc, stdout, stderr) = initialize_from_null_state(INITIALIZER, INITCOMMAND, FALLBACKCMD, table)
 
     initial_state = filter_and_format_state(stdout)
     if initial_state is None:
@@ -502,7 +507,7 @@ def main():
 
     if _back is not None:
         b_back = to_bytes(_back, errors='surrogate_or_strict')
-        garbage = write_state(b_back, initref_state, changed)
+        dummy = write_state(b_back, initref_state, changed)
         BACKCOMMAND = list(MAINCOMMAND)
         BACKCOMMAND.append(_back)
 
@@ -559,9 +564,7 @@ def main():
                 if os.path.exists(b_starter):
                     os.remove(b_starter)
                     break
-                else:
-                    time.sleep(0.01)
-                    continue
+                time.sleep(0.01)
 
         (rc, stdout, stderr) = module.run_command(MAINCOMMAND)
         if 'Another app is currently holding the xtables lock' in stderr:
@@ -579,7 +582,7 @@ def main():
         (rc, stdout, stderr) = module.run_command(SAVECOMMAND, check_rc=True)
         restored_state = filter_and_format_state(stdout)
 
-    if restored_state != initref_state and restored_state != initial_state:
+    if restored_state not in (initref_state, initial_state):
         if module.check_mode:
             changed = True
         else:
@@ -609,7 +612,7 @@ def main():
     #   timeout
     # * task attribute 'poll' equals 0
     #
-    for x in range(_timeout):
+    for dummy in range(_timeout):
         if os.path.exists(b_back):
             time.sleep(1)
             continue

plugins/modules/system/java_cert.py

@@ -278,7 +278,7 @@ def _export_public_cert_from_pkcs12(module, executable, pkcs_file, alias, passwo
     (export_rc, export_stdout, export_err) = module.run_command(export_cmd, data=password, check_rc=False)
 
     if export_rc != 0:
-        module.fail_json(msg="Internal module failure, cannot extract public certificate from pkcs12, error: %s" % export_err,
+        module.fail_json(msg="Internal module failure, cannot extract public certificate from pkcs12, error: %s" % export_stdout,
                          rc=export_rc)
 
     with open(dest, 'w') as f:
@@ -498,7 +498,7 @@ def main():
 
         if pkcs12_path:
             # Extracting certificate with openssl
-            _export_public_cert_from_pkcs12(module, executable, pkcs12_path, cert_alias, pkcs12_pass, new_certificate)
+            _export_public_cert_from_pkcs12(module, executable, pkcs12_path, pkcs12_alias, pkcs12_pass, new_certificate)
 
         elif path:
             # Extracting the X509 digest is a bit easier. Keytool will print the PEM

plugins/modules/system/modprobe.py

@@ -50,11 +50,90 @@ EXAMPLES = '''
 '''
 
 import os.path
+import platform
 import shlex
 import traceback
 
 from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils._text import to_native
+from ansible.module_utils.common.text.converters import to_native
+
+RELEASE_VER = platform.release()
+
+
+class Modprobe(object):
+    def __init__(self, module):
+        self.module = module
+        self.modprobe_bin = module.get_bin_path('modprobe', True)
+
+        self.check_mode = module.check_mode
+        self.desired_state = module.params['state']
+        self.name = module.params['name']
+        self.params = module.params['params']
+
+        self.changed = False
+
+    def load_module(self):
+        command = [self.modprobe_bin]
+        if self.check_mode:
+            command.append('-n')
+        command.extend([self.name] + shlex.split(self.params))
+
+        rc, out, err = self.module.run_command(command)
+
+        if rc != 0:
+            return self.module.fail_json(msg=err, rc=rc, stdout=out, stderr=err, **self.result)
+
+        if self.check_mode or self.module_loaded():
+            self.changed = True
+        else:
+            rc, stdout, stderr = self.module.run_command(
+                [self.modprobe_bin, '-n', '--first-time', self.name] + shlex.split(self.params)
+            )
+            if rc != 0:
+                self.module.warn(stderr)
+
+    def module_loaded(self):
+        is_loaded = False
+        try:
+            with open('/proc/modules') as modules:
+                module_name = self.name.replace('-', '_') + ' '
+                for line in modules:
+                    if line.startswith(module_name):
+                        is_loaded = True
+                        break
+
+            if not is_loaded:
+                module_file = '/' + self.name + '.ko'
+                builtin_path = os.path.join('/lib/modules/', RELEASE_VER, 'modules.builtin')
+                with open(builtin_path) as builtins:
+                    for line in builtins:
+                        if line.rstrip().endswith(module_file):
+                            is_loaded = True
+                            break
+        except (IOError, OSError) as e:
+            self.module.fail_json(msg=to_native(e), exception=traceback.format_exc(), **self.result)
+
+        return is_loaded
+
+    def unload_module(self):
+        command = [self.modprobe_bin, '-r', self.name]
+        if self.check_mode:
+            command.append('-n')
+
+        rc, out, err = self.module.run_command(command)
+        if rc != 0:
+            return self.module.fail_json(msg=err, rc=rc, stdout=out, stderr=err, **self.result)
+
+        self.changed = True
+
+    @property
+    def result(self):
+        return {
+            'changed': self.changed,
+            'name': self.name,
+            'params': self.params,
+            'state': self.desired_state,
+        }
 
 
 def main():
@@ -67,60 +146,14 @@ def main():
         supports_check_mode=True,
     )
 
-    name = module.params['name']
-    params = module.params['params']
-    state = module.params['state']
+    modprobe = Modprobe(module)
 
-    # FIXME: Adding all parameters as result values is useless
-    result = dict(
-        changed=False,
-        name=name,
-        params=params,
-        state=state,
-    )
+    if modprobe.desired_state == 'present' and not modprobe.module_loaded():
+        modprobe.load_module()
+    elif modprobe.desired_state == 'absent' and modprobe.module_loaded():
+        modprobe.unload_module()
 
-    # Check if module is present
-    try:
-        present = False
-        with open('/proc/modules') as modules:
-            module_name = name.replace('-', '_') + ' '
-            for line in modules:
-                if line.startswith(module_name):
-                    present = True
-                    break
-        if not present:
-            command = [module.get_bin_path('uname', True), '-r']
-            rc, uname_kernel_release, err = module.run_command(command)
-            module_file = '/' + name + '.ko'
-            builtin_path = os.path.join('/lib/modules/', uname_kernel_release.strip(),
-                                        'modules.builtin')
-            with open(builtin_path) as builtins:
-                for line in builtins:
-                    if line.endswith(module_file):
-                        present = True
-                        break
-    except IOError as e:
-        module.fail_json(msg=to_native(e), exception=traceback.format_exc(), **result)
-
-    # Add/remove module as needed
-    if state == 'present':
-        if not present:
-            if not module.check_mode:
-                command = [module.get_bin_path('modprobe', True), name]
-                command.extend(shlex.split(params))
-                rc, out, err = module.run_command(command)
-                if rc != 0:
-                    module.fail_json(msg=err, rc=rc, stdout=out, stderr=err, **result)
-            result['changed'] = True
-    elif state == 'absent':
-        if present:
-            if not module.check_mode:
-                rc, out, err = module.run_command([module.get_bin_path('modprobe', True), '-r', name])
-                if rc != 0:
-                    module.fail_json(msg=err, rc=rc, stdout=out, stderr=err, **result)
-            result['changed'] = True
-
-    module.exit_json(**result)
+    module.exit_json(**modprobe.result)
 
 
 if __name__ == '__main__':

plugins/modules/system/pamd.py

@@ -16,7 +16,9 @@ short_description: Manage PAM Modules
 description:
   - Edit PAM service's type, control, module path and module arguments.
   - In order for a PAM rule to be modified, the type, control and
-    module_path must match an existing rule.  See man(5) pam.d for details.
+    module_path must match an existing rule. See man(5) pam.d for details.
+notes:
+  - This module does not handle authselect profiles.
 options:
   name:
     description:

plugins/modules/system/parted.py

@@ -100,7 +100,7 @@ options:
   fs_type:
     description:
      - If specified and the partition does not exist, will set filesystem type to given partition.
-     - Parameter optional, but see notes below about negative negative C(part_start) values.
+     - Parameter optional, but see notes below about negative C(part_start) values.
     type: str
     version_added: '0.2.0'
   resize:

plugins/modules/system/ssh_config.py

@@ -209,6 +209,8 @@ class SSHConfig():
         hosts_removed = []
         hosts_added = []
 
+        hosts_result = [host for host in hosts_result if host['host'] == self.host]
+
         if hosts_result:
             for host in hosts_result:
                 if state == 'absent':

plugins/modules/web_infrastructure/jenkins_plugin.py

@@ -696,7 +696,8 @@ class JenkinsPlugin(object):
         self._get_url_data(
             url,
             msg_status="Plugin not found. %s" % url,
-            msg_exception="%s has failed." % msg)
+            msg_exception="%s has failed." % msg,
+            method="POST")
 
 
 def main():

scripts/inventory/ovirt4.py

@@ -56,6 +56,7 @@ import sys
 from collections import defaultdict
 
 from ansible.module_utils.six.moves import configparser
+from ansible.module_utils.six import PY2
 
 import json
 
@@ -106,14 +107,24 @@ def create_connection():
     config_path = os.environ.get('OVIRT_INI_PATH', default_path)
 
     # Create parser and add ovirt section if it doesn't exist:
-    config = configparser.SafeConfigParser(
-        defaults={
-            'ovirt_url': os.environ.get('OVIRT_URL'),
-            'ovirt_username': os.environ.get('OVIRT_USERNAME'),
-            'ovirt_password': os.environ.get('OVIRT_PASSWORD'),
-            'ovirt_ca_file': os.environ.get('OVIRT_CAFILE', ''),
-        }
-    )
+    if PY2:
+        config = configparser.SafeConfigParser(
+            defaults={
+                'ovirt_url': os.environ.get('OVIRT_URL'),
+                'ovirt_username': os.environ.get('OVIRT_USERNAME'),
+                'ovirt_password': os.environ.get('OVIRT_PASSWORD'),
+                'ovirt_ca_file': os.environ.get('OVIRT_CAFILE', ''),
+            }, allow_no_value=True
+        )
+    else:
+        config = configparser.ConfigParser(
+            defaults={
+                'ovirt_url': os.environ.get('OVIRT_URL'),
+                'ovirt_username': os.environ.get('OVIRT_USERNAME'),
+                'ovirt_password': os.environ.get('OVIRT_PASSWORD'),
+                'ovirt_ca_file': os.environ.get('OVIRT_CAFILE', ''),
+            }, allow_no_value=True
+        )
     if not config.has_section('ovirt'):
         config.add_section('ovirt')
     config.read(config_path)

tests/integration/targets/archive/tasks/main.yml

@@ -174,7 +174,7 @@
 - name: Test that the file modes were changed
   assert:
     that:
-      - "archive_02_gz_stat.changed == False "
+      - archive_02_gz_stat is not changed
       - "archive_02_gz_stat.stat.mode == '0600'"
       - "'archived' in archive_bz2_result_02"
       - "{{ archive_bz2_result_02['archived']| length}} == 3"
@@ -199,7 +199,7 @@
 - name: Test that the file modes were changed
   assert:
     that:
-      - "archive_02_zip_stat.changed == False"
+      - archive_02_zip_stat is not changed
       - "archive_02_zip_stat.stat.mode == '0600'"
       - "'archived' in archive_zip_result_02"
       - "{{ archive_zip_result_02['archived']| length}} == 3"
@@ -224,7 +224,7 @@
 - name: Test that the file modes were changed
   assert:
     that:
-      - "archive_02_bz2_stat.changed == False"
+      - archive_02_bz2_stat is not changed
       - "archive_02_bz2_stat.stat.mode == '0600'"
       - "'archived' in archive_bz2_result_02"
       - "{{ archive_bz2_result_02['archived']| length}} == 3"
@@ -248,7 +248,7 @@
 - name: Test that the file modes were changed
   assert:
     that:
-      - "archive_02_xz_stat.changed == False"
+      - archive_02_xz_stat is not changed
       - "archive_02_xz_stat.stat.mode == '0600'"
       - "'archived' in archive_xz_result_02"
       - "{{ archive_xz_result_02['archived']| length}} == 3"
@@ -294,7 +294,7 @@
 - name: Assert that nonascii tests succeeded
   assert:
     that:
-      - "nonascii_result_0.changed == true"
+      - nonascii_result_0 is changed
       - "nonascii_stat0.stat.exists == true"
 
 - name: remove nonascii test
@@ -315,7 +315,7 @@
 - name: Assert that nonascii tests succeeded
   assert:
     that:
-      - "nonascii_result_1.changed == true"
+      - nonascii_result_1 is changed
       - "nonascii_stat_1.stat.exists == true"
 
 - name: remove nonascii test
@@ -336,7 +336,7 @@
 - name: Assert that nonascii tests succeeded
   assert:
     that:
-      - "nonascii_result_1.changed == true"
+      - nonascii_result_1 is changed
       - "nonascii_stat_1.stat.exists == true"
 
 - name: remove nonascii test
@@ -357,7 +357,7 @@
 - name: Assert that nonascii tests succeeded
   assert:
     that:
-      - "nonascii_result_2.changed == true"
+      - nonascii_result_2 is changed
       - "nonascii_stat_2.stat.exists == true"
 
 - name: remove nonascii test

tests/integration/targets/flatpak/tasks/check_mode.yml

@@ -13,7 +13,7 @@
 - name: Verify addition of absent flatpak test result (check mode)
   assert:
     that:
-      - "addition_result.changed == true"
+      - addition_result is changed
     msg: "Adding an absent flatpak shall mark module execution as changed"
 
 - name: Test non-existent idempotency of addition of absent flatpak (check mode)
@@ -27,7 +27,7 @@
 - name: Verify non-existent idempotency of addition of absent flatpak test result (check mode)
   assert:
     that:
-      - "double_addition_result.changed == true"
+      - double_addition_result is changed
     msg: |
         Adding an absent flatpak a second time shall still mark module execution
         as changed in check mode
@@ -44,7 +44,7 @@
 - name: Verify removal of absent flatpak test result (check mode)
   assert:
     that:
-      - "removal_result.changed == false"
+      - removal_result is not changed
     msg: "Removing an absent flatpak shall mark module execution as not changed"
 
 # state=present with url on absent flatpak
@@ -60,7 +60,7 @@
 - name: Verify addition of absent flatpak with url test result (check mode)
   assert:
     that:
-      - "url_addition_result.changed == true"
+      - url_addition_result is changed
     msg: "Adding an absent flatpak from URL shall mark module execution as changed"
 
 - name: Test non-existent idempotency of addition of absent flatpak with url (check mode)
@@ -76,7 +76,7 @@
       result (check mode)
   assert:
     that:
-      - "double_url_addition_result.changed == true"
+      - double_url_addition_result is changed
     msg: |
         Adding an absent flatpak from URL a second time shall still mark module execution
         as changed in check mode
@@ -93,7 +93,7 @@
 - name: Verify removal of absent flatpak with url test result (check mode)
   assert:
     that:
-      - "url_removal_result.changed == false"
+      - url_removal_result is not changed
     msg: "Removing an absent flatpak shall mark module execution as not changed"
 
 
@@ -112,7 +112,7 @@
 - name: Verify addition test result of present flatpak (check mode)
   assert:
     that:
-      - "addition_present_result.changed == false"
+      - addition_present_result is not changed
     msg: "Adding an present flatpak shall mark module execution as not changed"
 
 # state=absent on present flatpak
@@ -127,7 +127,7 @@
 - name: Verify removal of present flatpak test result (check mode)
   assert:
     that:
-      - "removal_present_result.changed == true"
+      - removal_present_result is changed
     msg: "Removing a present flatpak shall mark module execution as changed"
 
 - name: Test non-existent idempotency of removal (check mode)
@@ -140,7 +140,7 @@
 - name: Verify non-existent idempotency of removal (check mode)
   assert:
     that:
-      - "double_removal_present_result.changed == true"
+      - double_removal_present_result is changed
     msg: |
         Removing a present flatpak a second time shall still mark module execution
         as changed in check mode
@@ -158,7 +158,7 @@
 - name: Verify addition with url of present flatpak test result (check mode)
   assert:
     that:
-      - "url_addition_present_result.changed == false"
+      - url_addition_present_result is not changed
     msg: "Adding a present flatpak from URL shall mark module execution as not changed"
 
 # state=absent with url on present flatpak
@@ -173,7 +173,7 @@
 - name: Verify removal with url of present flatpak test result (check mode)
   assert:
     that:
-      - "url_removal_present_result.changed == true"
+      - url_removal_present_result is changed
     msg: "Removing an absent flatpak shall mark module execution as not changed"
 
 - name: Test non-existent idempotency of removal with url of present flatpak (check mode)
@@ -189,5 +189,5 @@
       flatpak test result (check mode)
   assert:
     that:
-      - "double_url_removal_present_result.changed == true"
+      - double_url_removal_present_result is changed
     msg: Removing an absent flatpak a second time shall still mark module execution as changed

tests/integration/targets/flatpak/tasks/main.yml

@@ -40,8 +40,8 @@
   - name: Verify executable override test result
     assert:
       that:
-        - "executable_override_result.failed == true"
-        - "executable_override_result.changed == false"
+        - executable_override_result is failed
+        - executable_override_result is not changed
       msg: "Specifying non-existing executable shall fail module execution"
 
   - import_tasks: check_mode.yml

tests/integration/targets/flatpak/tasks/test.yml

@@ -11,7 +11,7 @@
 - name: Verify addition test result - {{ method }}
   assert:
     that:
-      - "addition_result.changed == true"
+      - addition_result is changed
     msg: "state=present shall add flatpak when absent"
 
 - name: Test idempotency of addition - {{ method }}
@@ -25,7 +25,7 @@
 - name: Verify idempotency of addition test result - {{ method }}
   assert:
     that:
-      - "double_addition_result.changed == false"
+      - double_addition_result is not changed
     msg: "state=present shall not do anything when flatpak is already present"
 
 # state=absent
@@ -40,7 +40,7 @@
 - name: Verify removal test result - {{ method }}
   assert:
     that:
-      - "removal_result.changed == true"
+      - removal_result is changed
     msg: "state=absent shall remove flatpak when present"
 
 - name: Test idempotency of removal - {{ method }}
@@ -53,7 +53,7 @@
 - name: Verify idempotency of removal test result - {{ method }}
   assert:
     that:
-      - "double_removal_result.changed == false"
+      - double_removal_result is not changed
     msg: "state=absent shall not do anything when flatpak is not present"
 
 # state=present with url as name
@@ -69,7 +69,7 @@
 - name: Verify addition test result - {{ method }}
   assert:
     that:
-      - "url_addition_result.changed == true"
+      - url_addition_result is changed
     msg: "state=present with url as name shall add flatpak when absent"
 
 - name: Test idempotency of addition with url - {{ method }}
@@ -83,7 +83,7 @@
 - name: Verify idempotency of addition with url test result - {{ method }}
   assert:
     that:
-      - "double_url_addition_result.changed == false"
+      - double_url_addition_result is not changed
     msg: "state=present with url as name shall not do anything when flatpak is already present"
 
 # state=absent with url as name
@@ -98,7 +98,7 @@
 - name: Verify removal test result - {{ method }}
   assert:
     that:
-      - "url_removal_result.changed == true"
+      - url_removal_result is changed
     msg: "state=absent with url as name shall remove flatpak when present"
 
 - name: Test idempotency of removal with url - {{ method }}
@@ -111,5 +111,5 @@
 - name: Verify idempotency of removal with url test result - {{ method }}
   assert:
     that:
-      - "double_url_removal_result.changed == false"
+      - double_url_removal_result is not changed
     msg: "state=absent with url as name shall not do anything when flatpak is not present"

tests/integration/targets/flatpak_remote/aliases

@@ -6,4 +6,3 @@ skip/osx
 skip/macos
 skip/rhel
 needs/root
-disabled  # FIXME

tests/integration/targets/flatpak_remote/tasks/check_mode.yml

@@ -13,7 +13,7 @@
 - name: Verify addition of absent flatpak remote test result (check mode)
   assert:
     that:
-      - "addition_result.changed == true"
+      - addition_result is changed
     msg: "Adding an absent flatpak remote shall mark module execution as changed"
 
 - name: Test non-existent idempotency of addition of absent flatpak remote (check mode)
@@ -29,7 +29,7 @@
       test result (check mode)
   assert:
     that:
-      - "double_addition_result.changed == true"
+      - double_addition_result is changed
     msg: |
         Adding an absent flatpak remote a second time shall still mark module execution
         as changed in check mode
@@ -46,7 +46,7 @@
 - name: Verify removal of absent flatpak remote test result (check mode)
   assert:
     that:
-      - "removal_result.changed == false"
+      - removal_result is not changed
     msg: "Removing an absent flatpak remote shall mark module execution as not changed"
 
 
@@ -65,7 +65,7 @@
 - name: Verify addition of present flatpak remote test result (check mode)
   assert:
     that:
-      - "addition_result.changed == false"
+      - addition_result is not changed
     msg: "Adding a present flatpak remote shall mark module execution as not changed"
 
 # state=absent
@@ -80,7 +80,7 @@
 - name: Verify removal of present flatpak remote test result (check mode)
   assert:
     that:
-      - "removal_result.changed == true"
+      - removal_result is changed
     msg: "Removing a present flatpak remote shall mark module execution as changed"
 
 - name: Test non-existent idempotency of removal of present flatpak remote (check mode)
@@ -95,7 +95,7 @@
       test result (check mode)
   assert:
     that:
-      - "double_removal_result.changed == true"
+      - double_removal_result is changed
     msg: |
         Removing a present flatpak remote a second time shall still mark module execution
         as changed in check mode

tests/integration/targets/flatpak_remote/tasks/main.yml

@@ -40,8 +40,8 @@
   - name: Verify executable override test result
     assert:
       that:
-        - "executable_override_result.failed == true"
-        - "executable_override_result.changed == false"
+        - executable_override_result is failed
+        - executable_override_result is not changed
       msg: "Specifying non-existing executable shall fail module execution"
 
   - import_tasks: check_mode.yml

tests/integration/targets/flatpak_remote/tasks/test.yml

@@ -11,7 +11,7 @@
 - name: Verify addition test result - {{ method }}
   assert:
     that:
-      - "addition_result.changed == true"
+      - addition_result is changed
     msg: "state=present shall add flatpak when absent"
 
 - name: Test idempotency of addition - {{ method }}
@@ -25,7 +25,7 @@
 - name: Verify idempotency of addition test result - {{ method }}
   assert:
     that:
-      - "double_addition_result.changed == false"
+      - double_addition_result is not changed
     msg: "state=present shall not do anything when flatpak is already present"
 
 - name: Test updating remote url does not do anything - {{ method }}
@@ -39,7 +39,7 @@
 - name: Verify updating remote url does not do anything - {{ method }}
   assert:
     that:
-      - "url_update_result.changed == false"
+      - url_update_result is not changed
     msg: "Trying to update the URL of an existing flatpak remote shall not do anything"
 
 
@@ -55,7 +55,7 @@
 - name: Verify removal test result - {{ method }}
   assert:
     that:
-      - "removal_result.changed == true"
+      - removal_result is changed
     msg: "state=absent shall remove flatpak when present"
 
 - name: Test idempotency of removal - {{ method }}
@@ -68,5 +68,5 @@
 - name: Verify idempotency of removal test result - {{ method }}
   assert:
     that:
-      - "double_removal_result.changed == false"
+      - double_removal_result is not changed
     msg: "state=absent shall not do anything when flatpak is not present"

tests/integration/targets/git_config/tasks/get_set_no_state.yml

@@ -17,9 +17,9 @@
 - name: assert set changed and value is correct
   assert:
     that:
-      - set_result.changed == true
+      - set_result is changed
       - set_result.diff.before == "\n"
       - set_result.diff.after == option_value + "\n"
-      - get_result.changed == false
+      - get_result is not changed
       - get_result.config_value == option_value
 ...

tests/integration/targets/git_config/tasks/get_set_state_present.yml

@@ -19,9 +19,9 @@
 - name: assert set changed and value is correct with state=present
   assert:
     that:
-      - set_result.changed == true
+      - set_result is changed
       - set_result.diff.before == "\n"
       - set_result.diff.after == option_value + "\n"
-      - get_result.changed == false
+      - get_result is not changed
       - get_result.config_value == option_value
 ...

tests/integration/targets/git_config/tasks/precedence_between_unset_and_value.yml

@@ -18,7 +18,7 @@
 - name: assert unset changed and deleted value
   assert:
     that:
-      - unset_result.changed == true
+      - unset_result is changed
       - unset_result.diff.before == option_value + "\n"
       - unset_result.diff.after == "\n"
       - get_result.config_value == ''

tests/integration/targets/git_config/tasks/unset_check_mode.yml

@@ -18,7 +18,7 @@
 - name: assert unset changed but dit not delete value
   assert:
     that:
-      - unset_result.changed == true
+      - unset_result is changed
       - unset_result.diff.before == option_value + "\n"
       - unset_result.diff.after == "\n"
       - get_result.config_value == option_value

tests/integration/targets/git_config/tasks/unset_no_value.yml

@@ -17,7 +17,7 @@
 - name: assert unsetting didn't change
   assert:
     that:
-      - unset_result.changed == false
+      - unset_result is not changed
       - unset_result.msg == 'no setting to unset'
       - get_result.config_value == ''
 ...

tests/integration/targets/git_config/tasks/unset_value.yml

@@ -17,7 +17,7 @@
 - name: assert unset changed and deleted value
   assert:
     that:
-      - unset_result.changed == true
+      - unset_result is changed
       - unset_result.diff.before == option_value + "\n"
       - unset_result.diff.after == "\n"
       - get_result.config_value == ''

tests/integration/targets/github_issue/tasks/main.yml

@@ -18,8 +18,8 @@
 
 - assert:
     that:
-      - "{{ get_status_0002.changed == True }}"
-      - "{{ get_status_0002.issue_status == 'closed' }}"
+      - get_status_0002 is changed
+      - get_status_0002.issue_status == 'closed'
 
 - name: Check if GitHub issue is closed or not
   github_issue:
@@ -32,6 +32,6 @@
 
 - assert:
     that:
-      - "{{ get_status_0003.changed == False }}"
-      - "{{ get_status_0003.failed == True }}"
-      - "{{ 'Failed' in get_status_0003.msg }}"
+      - get_status_0003 is not changed
+      - get_status_0003 is failed
+      - "'Failed' in get_status_0003.msg"

tests/integration/targets/hwc_ecs_instance/tasks/main.yml

@@ -167,8 +167,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a instance (check mode)
   hwc_ecs_instance:
@@ -277,8 +277,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a disk

tests/integration/targets/hwc_evs_disk/tasks/main.yml

@@ -50,8 +50,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a disk (check mode)
   hwc_evs_disk:
@@ -92,7 +92,7 @@
 - name: assert changed is false
   assert:
     that:
-      - result.changed == false
+      - result is not changed
 # ----------------------------------------------------------------------------
 - name: delete a disk that does not exist
   hwc_evs_disk:
@@ -105,5 +105,5 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed

tests/integration/targets/hwc_network_vpc/tasks/main.yml

@@ -62,8 +62,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a vpc
   hwc_network_vpc:
@@ -97,5 +97,5 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed

tests/integration/targets/hwc_smn_topic/tasks/main.yml

@@ -44,8 +44,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a smn topic
   hwc_smn_topic:
@@ -77,5 +77,5 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed

tests/integration/targets/hwc_vpc_eip/tasks/main.yml

@@ -96,8 +96,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a eip (check mode)
   hwc_vpc_eip:
@@ -159,8 +159,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a port

tests/integration/targets/hwc_vpc_peering_connect/tasks/main.yml

@@ -78,8 +78,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a peering connect (check mode)
   hwc_vpc_peering_connect:
@@ -133,8 +133,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a vpc

tests/integration/targets/hwc_vpc_port/tasks/main.yml

@@ -69,8 +69,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a port (check mode)
   hwc_vpc_port:
@@ -116,8 +116,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a subnet

tests/integration/targets/hwc_vpc_private_ip/tasks/main.yml

@@ -70,8 +70,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a private ip (check mode)
   hwc_vpc_private_ip:
@@ -117,8 +117,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a subnet

tests/integration/targets/hwc_vpc_route/tasks/main.yml

@@ -81,8 +81,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a route (check mode)
   hwc_vpc_route:
@@ -127,8 +127,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a peering connect

tests/integration/targets/hwc_vpc_security_group/tasks/main.yml

@@ -51,8 +51,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a security group (check mode)
   hwc_vpc_security_group:
@@ -83,5 +83,5 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed

tests/integration/targets/hwc_vpc_security_group_rule/tasks/main.yml

@@ -85,8 +85,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a security group rule (check mode)
   hwc_vpc_security_group_rule:
@@ -151,8 +151,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a security group

tests/integration/targets/hwc_vpc_subnet/tasks/main.yml

@@ -77,8 +77,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #----------------------------------------------------------
 - name: delete a subnet (check mode)
   hwc_vpc_subnet:
@@ -136,8 +136,8 @@
 - name: assert changed is false
   assert:
     that:
-      - result.failed == 0
-      - result.changed == false
+      - result is not failed
+      - result is not changed
 #---------------------------------------------------------
 # Post-test teardown
 - name: delete a vpc

tests/integration/targets/influxdb_user/tasks/tests.yml

@@ -13,7 +13,7 @@
     - name: Check that admin user adding succeeds with a change
       assert:
         that:
-          - add_admin_user.changed == true
+          - add_admin_user is changed
 
 - name: Test add admin user
   block:
@@ -24,7 +24,7 @@
     - name: Check that admin user adding succeeds with a change
       assert:
         that:
-          - add_admin_user.changed == true
+          - add_admin_user is changed
 
 - name: Test add admin user idempotence
   block:
@@ -35,7 +35,7 @@
     - name: Check that admin user adding succeeds without a change
       assert:
         that:
-          - add_admin_user.changed == false
+          - add_admin_user is not changed
 
 - name: Enable authentication and restart service
   block:
@@ -58,7 +58,7 @@
     - name: Check that adding user with enabled authentication succeeds with a change
       assert:
         that:
-          - add_user_with_auth_enabled.changed == true
+          - add_user_with_auth_enabled is changed
 
 - name: Test add user when authentication enabled
   block:
@@ -69,7 +69,7 @@
     - name: Check that adding user with enabled authentication succeeds with a change
       assert:
         that:
-          - add_user_with_auth_enabled.changed == true
+          - add_user_with_auth_enabled is changed
 
 - name: Test add user when authentication enabled idempotence
   block:
@@ -80,7 +80,7 @@
     - name: Check that adding same user succeeds without a change
       assert:
         that:
-          - same_user.changed == false
+          - same_user is not changed
 
 - name: Test change user password in check mode
   block:
@@ -92,7 +92,7 @@
     - name: Check that password changing succeeds with a change
       assert:
         that:
-          - change_password.changed == true
+          - change_password is changed
 
 - name: Test change user password
   block:
@@ -103,7 +103,7 @@
     - name: Check that password changing succeeds with a change
       assert:
         that:
-          - change_password.changed == true
+          - change_password is changed
 
 - name: Test remove user in check mode
   block:
@@ -115,7 +115,7 @@
     - name: Check that removing user succeeds with a change
       assert:
         that:
-          - remove_user.changed == true
+          - remove_user is changed
 
 - name: Test remove user
   block:
@@ -126,7 +126,7 @@
     - name: Check that removing user succeeds with a change
       assert:
         that:
-          - remove_user.changed == true
+          - remove_user is changed
 
 - name: Test remove user idempotence
   block:
@@ -137,4 +137,4 @@
     - name: Check that removing user succeeds without a change
       assert:
         that:
-          - remove_user.changed == false
+          - remove_user is not changed

tests/integration/targets/ipify_facts/tasks/main.yml

@@ -41,6 +41,6 @@
 - name: check if task was successful
   assert:
     that:
-      - "{{ external_ip.changed == false }}"
-      - "{{ external_ip['ansible_facts'] is defined }}"
-      - "{{ external_ip['ansible_facts']['ipify_public_ip'] is defined }}"
+      - external_ip is not changed
+      - external_ip.ansible_facts is defined
+      - external_ip.ansible_facts.ipify_public_ip is defined

tests/integration/targets/iso_create/tasks/main.yml

@@ -35,7 +35,7 @@
 - debug: var=iso_file
 - assert:
     that:
-    - iso_result.changed == True
+    - iso_result is changed
     - iso_file.stat.exists == False
 
 - name: Create iso file with a specified file
@@ -54,7 +54,7 @@
 
 - assert:
     that:
-    - iso_result.changed == True
+    - iso_result is changed
     - iso_file.stat.exists == True
 
 - name: Create iso file with a specified file and folder
@@ -74,10 +74,10 @@
 
 - assert:
     that:
-    - iso_result.changed == True
+    - iso_result is changed
     - iso_file.stat.exists == True
 
-- name: Create iso file with volume identification string 
+- name: Create iso file with volume identification string
   iso_create:
     src_files:
       - "{{ role_path }}/files/test1.cfg"
@@ -93,7 +93,7 @@
 
 - assert:
     that:
-    - iso_result.changed == True
+    - iso_result is changed
     - iso_file.stat.exists == True
 
 - name: Create iso file with Rock Ridge extention
@@ -112,7 +112,7 @@
 
 - assert:
     that:
-    - iso_result.changed == True
+    - iso_result is changed
     - iso_file.stat.exists == True
 
 - name: Create iso file with Joliet extention
@@ -131,7 +131,7 @@
 
 - assert:
     that:
-    - iso_result.changed == True
+    - iso_result is changed
     - iso_file.stat.exists == True
 
 - name: Create iso file with UDF enabled
@@ -150,5 +150,5 @@
 
 - assert:
     that:
-    - iso_result.changed == True
+    - iso_result is changed
     - iso_file.stat.exists == True

tests/integration/targets/iso_extract/tasks/tests.yml

@@ -28,7 +28,7 @@
 
 - assert:
     that:
-    - iso_extract_test0 is changed == true
+    - iso_extract_test0 is changed
 
 - name: Extract the iso again
   iso_extract:
@@ -42,11 +42,11 @@
 - name: Test iso_extract_test0_again (normal mode)
   assert:
     that:
-    - iso_extract_test0_again is changed == false
+    - iso_extract_test0_again is not changed
   when: not in_check_mode
 
 - name: Test iso_extract_test0_again (check-mode)
   assert:
     that:
-    - iso_extract_test0_again is changed == true
+    - iso_extract_test0_again is changed
   when: in_check_mode

tests/integration/targets/java_cert/tasks/state_change.yml

@@ -4,52 +4,11 @@
   args:
     creates: "{{ test_key_path }}"
 
-- name: Create the test keystore
-  java_keystore:
-    name: placeholder
-    dest: "{{ test_keystore2_path }}"
-    password: "{{ test_keystore2_password }}"
-    private_key: "{{ lookup('file', '{{ test_key_path }}') }}"
-    certificate: "{{ lookup('file', '{{ test_cert_path }}') }}"
-
 - name: Generate the self signed cert we will use for testing
   command: openssl req -x509 -newkey rsa:4096 -keyout '{{ test_key2_path }}' -out '{{ test_cert2_path }}' -days 365 -nodes -subj '/CN=localhost'
   args:
     creates: "{{ test_key2_path }}"
 
-- name: |
-    Import the newly created certificate. This is our main test.
-    If the java_cert has been updated properly, then this task will report changed each time
-    since the module will be comparing the hash of the certificate instead of validating that the alias
-    simply exists
-  java_cert:
-    cert_alias: test_cert
-    cert_path: "{{ test_cert2_path }}"
-    keystore_path: "{{ test_keystore2_path }}"
-    keystore_pass: "{{ test_keystore2_password }}"
-    state: present
-  register: result_x509_changed
-
-- name: Verify the x509 status has changed
-  assert:
-    that:
-      - result_x509_changed is changed
-
-- name: |
-    We also want to make sure that the status doesnt change if we import the same cert
-  java_cert:
-    cert_alias: test_cert
-    cert_path: "{{ test_cert2_path }}"
-    keystore_path: "{{ test_keystore2_path }}"
-    keystore_pass: "{{ test_keystore2_password }}"
-    state: present
-  register: result_x509_succeeded
-
-- name: Verify the x509 status is ok
-  assert:
-    that:
-      - result_x509_succeeded is succeeded
-
 - name: Create the pkcs12 archive from the test x509 cert
   command: >
     openssl pkcs12
@@ -70,6 +29,97 @@
     -out {{ test_pkcs2_path }}
     -passout pass:"{{ test_keystore2_password }}"
 
+- name: try to create the test keystore based on the just created pkcs12, keystore_create flag not enabled
+  java_cert:
+    cert_alias: test_pkcs12_cert
+    pkcs12_alias: test_pkcs12_cert
+    pkcs12_path: "{{ test_pkcs_path }}"
+    pkcs12_password: "{{ test_keystore2_password }}"
+    keystore_path: "{{ test_keystore2_path }}"
+    keystore_pass: "{{ test_keystore2_password }}"
+  ignore_errors: true
+  register: result_x509_changed
+
+- name: Verify the x509 status is failed
+  assert:
+    that:
+      - result_x509_changed is failed
+
+- name: Create the test keystore based on the just created pkcs12
+  java_cert:
+    cert_alias: test_pkcs12_cert
+    pkcs12_alias: test_pkcs12_cert
+    pkcs12_path: "{{ test_pkcs_path }}"
+    pkcs12_password: "{{ test_keystore2_password }}"
+    keystore_path: "{{ test_keystore2_path }}"
+    keystore_pass: "{{ test_keystore2_password }}"
+    keystore_create: yes
+
+- name: try to import from pkcs12 a non existing alias
+  java_cert:
+    cert_alias: test_pkcs12_cert
+    pkcs12_alias: non_existing_alias
+    pkcs12_path: "{{ test_pkcs_path }}"
+    pkcs12_password: "{{ test_keystore2_password }}"
+    keystore_path: "{{ test_keystore2_path }}"
+    keystore_pass: "{{ test_keystore2_password }}"
+    keystore_create: yes
+  ignore_errors: yes
+  register: result_x509_changed
+
+- name: Verify the x509 status is failed
+  assert:
+    that:
+      - result_x509_changed is failed
+
+- name:  import initial test certificate from file path
+  java_cert:
+    cert_alias: test_cert
+    cert_path: "{{ test_cert_path }}"
+    keystore_path: "{{ test_keystore2_path }}"
+    keystore_pass: "{{ test_keystore2_password }}"
+    keystore_create: yes
+    state: present
+  register: result_x509_changed
+
+- name: Verify the x509 status is changed
+  assert:
+    that:
+      - result_x509_changed is changed
+
+- name: |
+    Import the newly created certificate. This is our main test.
+    If the java_cert has been updated properly, then this task will report changed each time
+    since the module will be comparing the hash of the certificate instead of validating that the alias
+    simply exists
+  java_cert:
+    cert_alias: test_cert
+    cert_path: "{{ test_cert2_path }}"
+    keystore_path: "{{ test_keystore2_path }}"
+    keystore_pass: "{{ test_keystore2_password }}"
+    state: present
+  register: result_x509_changed
+
+- name: Verify the x509 status is changed
+  assert:
+    that:
+      - result_x509_changed is changed
+
+- name: |
+    We also want to make sure that the status doesnt change if we import the same cert
+  java_cert:
+    cert_alias: test_cert
+    cert_path: "{{ test_cert2_path }}"
+    keystore_path: "{{ test_keystore2_path }}"
+    keystore_pass: "{{ test_keystore2_password }}"
+    state: present
+  register: result_x509_succeeded
+
+- name: Verify the x509 status is ok
+  assert:
+    that:
+      - result_x509_succeeded is succeeded
+
 - name: >
     Ensure the original pkcs12 cert is in the keystore
   java_cert:
@@ -83,7 +133,7 @@
 
 - name: |
     Perform the same test, but we will now be testing the pkcs12 functionality
-    If we add a different pkcs12 cert with the same alias, we should have a chnaged result, NOT the same
+    If we add a different pkcs12 cert with the same alias, we should have a changed result, NOT the same
   java_cert:
     cert_alias: test_pkcs12_cert
     pkcs12_alias: test_pkcs12_cert
@@ -94,7 +144,7 @@
     state: present
   register: result_pkcs12_changed
 
-- name: Verify the pkcs12 status has changed
+- name: Verify the pkcs12 status is changed
   assert:
     that:
       - result_pkcs12_changed is changed
@@ -155,7 +205,7 @@
     that:
       - result_x509_absent is changed
 
-- name: Ensure we can remove the pkcs12 archive
+- name: Ensure we can remove the certificate imported from pkcs12 archive
   java_cert:
     cert_alias: test_pkcs12_cert
     keystore_path: "{{ test_keystore2_path }}"