Release 4.8.0.

* Add 'activate' parameter for alternatives

Allow alternatives to be installed without being set as the current
selection.

* add changelog fragment

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* rename 'activate' -> 'selected'

* rework 'selected' parameter -> 'state'

* handle unsetting of currently selected alternative

* add integration tests for 'state' parameter

* fix linting issues

* fix for Python 2.7 compatibility

* Remove alternatives file.

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 29c49febd9)

Co-authored-by: Tanner Prestegard <tprestegard@users.noreply.github.com>

.azure-pipelines/azure-pipelines.yml

@@ -69,6 +69,19 @@ stages:
             - test: 3
             - test: 4
             - test: extra
+  - stage: Sanity_2_13
+    displayName: Sanity 2.13
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.13/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
   - stage: Sanity_2_12
     displayName: Sanity 2.12
     dependsOn: []
@@ -138,6 +151,19 @@ stages:
             - test: 3.8
             - test: 3.9
             - test: '3.10'
+  - stage: Units_2_13
+    displayName: Units 2.13
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.13/units/{0}/1
+          targets:
+            - test: 2.7
+            - test: 3.6
+            - test: 3.8
+            - test: 3.9
   - stage: Units_2_12
     displayName: Units 2.12
     dependsOn: []
@@ -148,12 +174,8 @@ stages:
           testFormat: 2.12/units/{0}/1
           targets:
             - test: 2.6
-            - test: 2.7
             - test: 3.5
-            - test: 3.6
-            - test: 3.7
             - test: 3.8
-            - test: '3.10'
   - stage: Units_2_11
     displayName: Units 2.11
     dependsOn: []
@@ -166,9 +188,6 @@ stages:
             - test: 2.6
             - test: 2.7
             - test: 3.5
-            - test: 3.6
-            - test: 3.7
-            - test: 3.8
             - test: 3.9
   - stage: Units_2_10
     displayName: Units 2.10
@@ -191,11 +210,7 @@ stages:
           testFormat: 2.9/units/{0}/1
           targets:
             - test: 2.6
-            - test: 2.7
             - test: 3.5
-            - test: 3.6
-            - test: 3.7
-            - test: 3.8
 
 ## Remote
   - stage: Remote_devel
@@ -220,6 +235,22 @@ stages:
             - 1
             - 2
             - 3
+  - stage: Remote_2_13
+    displayName: Remote 2.13
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.13/{0}
+          targets:
+            - name: macOS 12.0
+              test: macos/12.0
+            - name: RHEL 8.5
+              test: rhel/8.5
+          groups:
+            - 1
+            - 2
+            - 3
   - stage: Remote_2_12
     displayName: Remote 2.12
     dependsOn: []
@@ -249,8 +280,8 @@ stages:
               test: rhel/7.9
             - name: RHEL 8.3
               test: rhel/8.3
-            - name: FreeBSD 12.2
-              test: freebsd/12.2
+            #- name: FreeBSD 12.2
+            #  test: freebsd/12.2
           groups:
             - 1
             - 2
@@ -281,8 +312,8 @@ stages:
               test: rhel/8.2
             - name: RHEL 7.8
               test: rhel/7.8
-            - name: FreeBSD 12.0
-              test: freebsd/12.0
+            #- name: FreeBSD 12.0
+            #  test: freebsd/12.0
           groups:
             - 1
             - 2
@@ -302,14 +333,32 @@ stages:
               test: fedora34
             - name: Fedora 35
               test: fedora35
-            - name: openSUSE 15 py2
-              test: opensuse15py2
-            - name: openSUSE 15 py3
+            - name: openSUSE 15
               test: opensuse15
             - name: Ubuntu 18.04
               test: ubuntu1804
             - name: Ubuntu 20.04
               test: ubuntu2004
+            - name: Alpine 3
+              test: alpine3
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Docker_2_13
+    displayName: Docker 2.13
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.13/linux/{0}
+          targets:
+            - name: Fedora 35
+              test: fedora35
+            - name: openSUSE 15 py2
+              test: opensuse15py2
+            - name: Alpine 3
+              test: alpine3
           groups:
             - 1
             - 2
@@ -324,12 +373,8 @@ stages:
           targets:
             - name: CentOS 6
               test: centos6
-            - name: CentOS 8
-              test: centos8
             - name: Fedora 34
               test: fedora34
-            - name: openSUSE 15 py3
-              test: opensuse15
             - name: Ubuntu 20.04
               test: ubuntu2004
           groups:
@@ -344,12 +389,10 @@ stages:
         parameters:
           testFormat: 2.11/linux/{0}
           targets:
-            - name: CentOS 7
-              test: centos7
             - name: Fedora 33
               test: fedora33
-            - name: openSUSE 15 py2
-              test: opensuse15py2
+            - name: Alpine 3
+              test: alpine3
           groups:
             - 2
             - 3
@@ -378,12 +421,30 @@ stages:
           targets:
             - name: Fedora 31
               test: fedora31
-            - name: openSUSE 15 py3
-              test: opensuse15
           groups:
             - 2
             - 3
 
+### Community Docker
+  - stage: Docker_community_devel
+    displayName: Docker (community images) devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/linux-community/{0}
+          targets:
+            - name: Debian Bullseye
+              test: debian-bullseye/3.9
+            - name: ArchLinux
+              test: archlinux/3.10
+            - name: CentOS Stream 8
+              test: centos-stream8/3.8
+          groups:
+            - 1
+            - 2
+            - 3
+
 ### Cloud
   - stage: Cloud_devel
     displayName: Cloud devel
@@ -395,6 +456,16 @@ stages:
           testFormat: devel/cloud/{0}/1
           targets:
             - test: 2.7
+            - test: '3.10'
+  - stage: Cloud_2_13
+    displayName: Cloud 2.13
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.13/cloud/{0}/1
+          targets:
             - test: 3.9
   - stage: Cloud_2_12
     displayName: Cloud 2.12
@@ -444,25 +515,31 @@ stages:
       - Sanity_2_10
       - Sanity_2_11
       - Sanity_2_12
+      - Sanity_2_13
       - Units_devel
       - Units_2_9
       - Units_2_10
       - Units_2_11
       - Units_2_12
+      - Units_2_13
       - Remote_devel
       - Remote_2_9
       - Remote_2_10
       - Remote_2_11
       - Remote_2_12
+      - Remote_2_13
       - Docker_devel
       - Docker_2_9
       - Docker_2_10
       - Docker_2_11
       - Docker_2_12
+      - Docker_2_13
+      - Docker_community_devel
       - Cloud_devel
       - Cloud_2_9
       - Cloud_2_10
       - Cloud_2_11
       - Cloud_2_12
+      - Cloud_2_13
     jobs:
       - template: templates/coverage.yml

.github/BOTMETA.yml

@@ -260,6 +260,8 @@ files:
   $module_utils/module_helper.py:
     maintainers: russoz
     labels: module_helper
+  $module_utils/net_tools/pritunl/:
+    maintainers: Lowess
   $module_utils/oracle/oci_utils.py:
     maintainers: $team_oracle
     labels: cloud
@@ -310,6 +312,8 @@ files:
     ignore: hnakamur
   $modules/cloud/lxd/lxd_profile.py:
     maintainers: conloos
+  $modules/cloud/lxd/lxd_project.py:
+    maintainers: we10710aa
   $modules/cloud/memset/:
     maintainers: glitchcrab
   $modules/cloud/misc/cloud_init_data_facts.py:
@@ -418,6 +422,8 @@ files:
     maintainers: Spredzy
   $modules/cloud/scaleway/scaleway_organization_info.py:
     maintainers: Spredzy
+  $modules/cloud/scaleway/scaleway_private_network.py:
+    maintainers: pastral
   $modules/cloud/scaleway/scaleway_security_group.py:
     maintainers: DenBeke
   $modules/cloud/scaleway/scaleway_security_group_info.py:
@@ -556,6 +562,8 @@ files:
     maintainers: phumpal
     labels: airbrake_deployment
     ignore: bpennypacker
+  $modules/monitoring/alerta_customer.py:
+    maintainers: cwollinger
   $modules/monitoring/bigpanda.py:
     maintainers: hkariti
   $modules/monitoring/circonus_annotation.py:
@@ -819,7 +827,7 @@ files:
   $modules/packaging/os/opkg.py:
     maintainers: skinp
   $modules/packaging/os/pacman.py:
-    maintainers: elasticdog indrajitr tchernomax
+    maintainers: elasticdog indrajitr tchernomax jraby
     labels: pacman
     ignore: elasticdog
   $modules/packaging/os/pacman_key.py:
@@ -977,6 +985,8 @@ files:
     maintainers: farhan7500 gautamphegde
   $modules/storage/ibm/:
     maintainers: tzure
+  $modules/storage/pmem/pmem.py:
+    maintainers: mizumm
   $modules/storage/vexata/:
     maintainers: vexata
   $modules/storage/zfs/:
@@ -1164,7 +1174,8 @@ files:
   $modules/web_infrastructure/jenkins_script.py:
     maintainers: hogarthj
   $modules/web_infrastructure/jira.py:
-    maintainers: Slezhuk tarka pertoft DWSR
+    maintainers: Slezhuk tarka pertoft
+    ignore: DWSR
     labels: jira
   $modules/web_infrastructure/nginx_status_info.py:
     maintainers: resmo
@@ -1233,7 +1244,7 @@ macros:
   team_cyberark_conjur: jvanderhoof ryanprior
   team_e_spirit: MatrixCrawler getjack
   team_flatpak: JayKayy oolongbrothers
-  team_gitlab: Lunik Shaps dj-wasabi marwatk waheedi zanssa scodeman metanovii sh0shin
+  team_gitlab: Lunik Shaps dj-wasabi marwatk waheedi zanssa scodeman metanovii sh0shin nejch lgatellier suukit
   team_hpux: bcoca davx8342
   team_huawei: QijunPan TommyLike edisonxiang freesky-edward hwDCN niuzhenguo xuxiaowei0512 yanzhangi zengchen1024 zhongjun2
   team_ipa: Akasurde Nosmoht fxfitz justchris1

CHANGELOG.rst

@@ -6,6 +6,248 @@ Community General Release Notes
 
 This changelog describes changes after version 3.0.0.
 
+v4.8.0
+======
+
+Release Summary
+---------------
+
+Regular feature and bugfix release. Please note that this is the last minor 4.x.0 release. Further releases with major version 4 will be bugfix releases 4.8.y.
+
+Minor Changes
+-------------
+
+- alternatives - add ``state`` parameter, which provides control over whether the alternative should be set as the active selection for its alternatives group (https://github.com/ansible-collections/community.general/issues/4543, https://github.com/ansible-collections/community.general/pull/4557).
+- atomic_container - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- clc_alert_policy - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+- clc_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+- clc_loadbalancer - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+- clc_server - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+- cmd_runner module util - reusable command runner with consistent argument formatting and sensible defaults (https://github.com/ansible-collections/community.general/pull/4476).
+- datadog_monitor - support new datadog event monitor of type `event-v2 alert` (https://github.com/ansible-collections/community.general/pull/4457)
+- filesystem - add support for resizing btrfs (https://github.com/ansible-collections/community.general/issues/4465).
+- lxd_container - adds ``project`` option to allow selecting project for LXD instance (https://github.com/ansible-collections/community.general/pull/4479).
+- lxd_profile - adds ``project`` option to allow selecting project for LXD profile (https://github.com/ansible-collections/community.general/pull/4479).
+- nmap inventory plugin - add ``sudo`` option in plugin in order to execute ``sudo nmap`` so that ``nmap`` runs with elevated privileges (https://github.com/ansible-collections/community.general/pull/4506).
+- nomad_job - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- nomad_job_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- packet_device - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- packet_sshkey - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- packet_volume - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- profitbricks - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- proxmox - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- proxmox inventory plugin - add token authentication as an alternative to username/password (https://github.com/ansible-collections/community.general/pull/4540).
+- proxmox inventory plugin - parse LXC configs returned by the proxmox API (https://github.com/ansible-collections/community.general/pull/4472).
+- proxmox_snap - add restore snapshot option (https://github.com/ansible-collections/community.general/pull/4377).
+- proxmox_snap - fixed timeout value to correctly reflect time in seconds. The timeout was off by one second (https://github.com/ansible-collections/community.general/pull/4377).
+- redfish_command - add ``IndicatorLedOn``, ``IndicatorLedOff``, and ``IndicatorLedBlink`` commands to the Systems category for controling system LEDs (https://github.com/ansible-collections/community.general/issues/4084).
+- seport - minor refactoring (https://github.com/ansible-collections/community.general/pull/4471).
+- smartos_image_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- terraform - adds ``terraform_upgrade`` parameter which allows ``terraform init`` to satisfy new provider constraints in an existing Terraform project (https://github.com/ansible-collections/community.general/issues/4333).
+- udm_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+- udm_share - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+- vmadm - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- webfaction_app - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- webfaction_db - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+- xfconf - added missing value types ``char``, ``uchar``, ``int64`` and ``uint64`` (https://github.com/ansible-collections/community.general/pull/4534).
+
+Deprecated Features
+-------------------
+
+- nmcli - deprecate default hairpin mode for a bridge. This so we can change it to ``false`` in community.general 7.0.0, as this is also the default in ``nmcli`` (https://github.com/ansible-collections/community.general/pull/4334).
+- proxmox inventory plugin - the current default ``true`` of the ``want_proxmox_nodes_ansible_host`` option has been deprecated. The default will change to ``false`` in community.general 6.0.0. To keep the current behavior, explicitly set ``want_proxmox_nodes_ansible_host`` to ``true`` in your inventory configuration. We suggest to already switch to the new behavior by explicitly setting it to ``false``, and by using ``compose:`` to set ``ansible_host`` to the correct value. See the examples in the plugin documentation for details (https://github.com/ansible-collections/community.general/pull/4466).
+
+Bugfixes
+--------
+
+- dnsmadeeasy - fix failure on deleting DNS entries when API response does not contain monitor value (https://github.com/ansible-collections/community.general/issues/3620).
+- git_branch - remove deprecated and unnecessary branch ``unprotect`` method (https://github.com/ansible-collections/community.general/pull/4496).
+- gitlab_group - improve searching for projects inside group on deletion (https://github.com/ansible-collections/community.general/pull/4491).
+- gitlab_group_members - handle more than 20 groups when finding a group (https://github.com/ansible-collections/community.general/pull/4491, https://github.com/ansible-collections/community.general/issues/4460, https://github.com/ansible-collections/community.general/issues/3729).
+- gitlab_hook - handle more than 20 hooks when finding a hook (https://github.com/ansible-collections/community.general/pull/4491).
+- gitlab_project - handle more than 20 namespaces when finding a namespace (https://github.com/ansible-collections/community.general/pull/4491).
+- gitlab_project_members - handle more than 20 projects and users when finding a project resp. user (https://github.com/ansible-collections/community.general/pull/4491).
+- gitlab_user - handle more than 20 users and SSH keys when finding a user resp. SSH key (https://github.com/ansible-collections/community.general/pull/4491).
+- keycloak - fix parameters types for ``defaultDefaultClientScopes`` and ``defaultOptionalClientScopes`` from list of dictionaries to list of strings (https://github.com/ansible-collections/community.general/pull/4526).
+- opennebula inventory plugin - complete the implementation of ``constructable`` for opennebula inventory plugin. Now ``keyed_groups``, ``compose``, ``groups`` actually work (https://github.com/ansible-collections/community.general/issues/4497).
+- pacman - fixed bug where ``absent`` state did not work for locally installed packages (https://github.com/ansible-collections/community.general/pull/4464).
+- pritunl - fixed bug where pritunl plugin api add unneeded data in ``auth_string`` parameter (https://github.com/ansible-collections/community.general/issues/4527).
+- proxmox inventory plugin - fix error when parsing container with LXC configs (https://github.com/ansible-collections/community.general/issues/4472, https://github.com/ansible-collections/community.general/pull/4472).
+- proxmox_kvm - fix a bug when getting a state of VM without name will fail (https://github.com/ansible-collections/community.general/pull/4508).
+- xbps - fix error message that is reported when installing packages fails (https://github.com/ansible-collections/community.general/pull/4438).
+
+New Modules
+-----------
+
+Cloud
+~~~~~
+
+lxd
+^^^
+
+- lxd_project - Manage LXD projects
+
+Monitoring
+~~~~~~~~~~
+
+- alerta_customer - Manage customers in Alerta
+
+v4.7.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- ipa_service - add ``skip_host_check`` parameter. (https://github.com/ansible-collections/community.general/pull/4417).
+- keycloak_client - add ``always_display_in_console`` parameter (https://github.com/ansible-collections/community.general/issues/4390).
+- keycloak_client - add ``default_client_scopes`` and ``optional_client_scopes`` parameters. (https://github.com/ansible-collections/community.general/pull/4385).
+- proxmox inventory plugin - add support for templating the ``url``, ``user``, and ``password`` options (https://github.com/ansible-collections/community.general/pull/4418).
+- sudoers - add support for ``runas`` parameter (https://github.com/ansible-collections/community.general/issues/4379).
+
+Bugfixes
+--------
+
+- dsv lookup plugin - raise an Ansible error if the wrong ``python-dsv-sdk`` version is installed (https://github.com/ansible-collections/community.general/pull/4422).
+- keycloak_* - the documented ``validate_certs`` parameter was not taken into account when calling the ``open_url`` function in some cases, thus enforcing certificate validation even when ``validate_certs`` was set to ``false``. (https://github.com/ansible-collections/community.general/pull/4382)
+- nmcli - fix returning "changed" when routes parameters set, also suggest new routes4 and routes6 format (https://github.com/ansible-collections/community.general/issues/4131).
+- proxmox inventory plugin - fixed the ``tags_parsed`` field when Proxmox returns a single space for the ``tags`` entry (https://github.com/ansible-collections/community.general/pull/4378).
+- zypper - fixed bug that caused zypper to always report [ok] and do nothing on ``state=present`` when all packages in ``name`` had a version specification (https://github.com/ansible-collections/community.general/issues/4371, https://github.com/ansible-collections/community.general/pull/4421).
+
+v4.6.1
+======
+
+Release Summary
+---------------
+
+Extraordinary bugfix release to fix a breaking change in ``terraform``.
+
+Bugfixes
+--------
+
+- lxd inventory plugin - do not crash if OS and release metadata are not present
+  (https://github.com/ansible-collections/community.general/pull/4351).
+- terraform - revert bugfix https://github.com/ansible-collections/community.general/pull/4281 that tried to fix ``variable`` handling to allow complex values. It turned out that this was breaking several valid use-cases (https://github.com/ansible-collections/community.general/issues/4367, https://github.com/ansible-collections/community.general/pull/4370).
+
+v4.6.0
+======
+
+Release Summary
+---------------
+
+Regular feature and bugfix release.
+
+Minor Changes
+-------------
+
+- jira - when creating a comment, ``fields`` now is used for additional data (https://github.com/ansible-collections/community.general/pull/4304).
+- ldap_entry - add support for recursive deletion (https://github.com/ansible-collections/community.general/issues/3613).
+- mksysb - revamped the module using ``ModuleHelper`` (https://github.com/ansible-collections/community.general/pull/3295).
+- nmcli - add missing connection aliases ``802-3-ethernet`` and ``802-11-wireless`` (https://github.com/ansible-collections/community.general/pull/4108).
+- nmcli - remove nmcli modify dependency on ``type`` parameter (https://github.com/ansible-collections/community.general/issues/2858).
+- npm - add ability to use ``production`` flag when ``ci`` is set (https://github.com/ansible-collections/community.general/pull/4299).
+- pacman - add ``remove_nosave`` parameter to avoid saving modified configuration files as ``.pacsave`` files. (https://github.com/ansible-collections/community.general/pull/4316, https://github.com/ansible-collections/community.general/issues/4315).
+- pacman - now implements proper change detection for ``update_cache=true``. Adds ``cache_updated`` return value to when ``update_cache=true`` to report this result independently of the module's overall changed return value (https://github.com/ansible-collections/community.general/pull/4337).
+- pipx - added options ``editable`` and ``pip_args`` (https://github.com/ansible-collections/community.general/issues/4300).
+- proxmox inventory plugin - add support for client-side jinja filters (https://github.com/ansible-collections/community.general/issues/3553).
+- redis - add authentication parameters ``login_user``, ``tls``, ``validate_certs``, and ``ca_certs`` (https://github.com/ansible-collections/community.general/pull/4207).
+- syslog_json - add option to skip logging of ``gather_facts`` playbook tasks; use v2 callback API (https://github.com/ansible-collections/community.general/pull/4223).
+- zypper - add support for ``--clean-deps`` option to remove packages that depend on a package being removed (https://github.com/ansible-collections/community.general/pull/4195).
+
+Deprecated Features
+-------------------
+
+- pacman - from community.general 5.0.0 on, the ``changed`` status of ``update_cache`` will no longer be ignored if ``name`` or ``upgrade`` is specified. To keep the old behavior, add something like ``register: result`` and ``changed_when: result.packages | length > 0`` to your task (https://github.com/ansible-collections/community.general/pull/4329).
+
+Bugfixes
+--------
+
+- filesize - add support for busybox dd implementation, that is used by default on Alpine linux (https://github.com/ansible-collections/community.general/pull/4288, https://github.com/ansible-collections/community.general/issues/4259).
+- linode inventory plugin - fix configuration handling relating to inventory filtering (https://github.com/ansible-collections/community.general/pull/4336).
+- mksysb - fixed bug for parameter ``backup_dmapi_fs`` was passing the wrong CLI argument (https://github.com/ansible-collections/community.general/pull/3295).
+- pacman - Use ``--groups`` instead of ``--group`` (https://github.com/ansible-collections/community.general/pull/4312).
+- pacman - fix URL based package installation (https://github.com/ansible-collections/community.general/pull/4286, https://github.com/ansible-collections/community.general/issues/4285).
+- pacman - fix ``upgrade=yes`` (https://github.com/ansible-collections/community.general/pull/4275, https://github.com/ansible-collections/community.general/issues/4274).
+- pacman - make sure that ``packages`` is always returned when ``name`` or ``upgrade`` is specified, also if nothing is done (https://github.com/ansible-collections/community.general/pull/4329).
+- pacman - when the ``update_cache`` option is combined with another option such as ``upgrade``, report ``changed`` based on the actions performed by the latter option. This was the behavior in community.general 4.4.0 and before. In community.general 4.5.0, a task combining these options would always report ``changed`` (https://github.com/ansible-collections/community.general/pull/4318).
+- proxmox inventory plugin - always convert strings that follow the ``key=value[,key=value[...]]`` form into dictionaries (https://github.com/ansible-collections/community.general/pull/4349).
+- proxmox inventory plugin - fixed the ``description`` field being ignored if it contained a comma (https://github.com/ansible-collections/community.general/issues/4348).
+- proxmox_kvm - fix error in check when creating or cloning (https://github.com/ansible-collections/community.general/pull/4306).
+- proxmox_kvm - fix error when checking whether Proxmox VM exists (https://github.com/ansible-collections/community.general/pull/4287).
+- terraform - fix ``variable`` handling to allow complex values (https://github.com/ansible-collections/community.general/pull/4281).
+
+Known Issues
+------------
+
+- pacman - ``update_cache`` cannot differentiate between up to date and outdated package lists and will report ``changed`` in both situations (https://github.com/ansible-collections/community.general/pull/4318).
+- pacman - binaries specified in the ``executable`` parameter must support ``--print-format`` in order to be used by this module. In particular, AUR helper ``yay`` is known not to currently support it (https://github.com/ansible-collections/community.general/pull/4312).
+
+v4.5.0
+======
+
+Release Summary
+---------------
+
+Regular feature and bugfix release.
+
+Minor Changes
+-------------
+
+- Avoid internal ansible-core module_utils in favor of equivalent public API available since at least Ansible 2.9. This fixes some instances added since the last time this was fixed (https://github.com/ansible-collections/community.general/pull/4232).
+- ansible_galaxy_install - added option ``no_deps`` to the module (https://github.com/ansible-collections/community.general/issues/4174).
+- gitlab_group_variable - new ``variables`` parameter (https://github.com/ansible-collections/community.general/pull/4038 and https://github.com/ansible-collections/community.general/issues/4074).
+- keycloak_* modules - added connection timeout parameter when calling server (https://github.com/ansible-collections/community.general/pull/4168).
+- linode inventory plugin - add support for caching inventory results (https://github.com/ansible-collections/community.general/pull/4179).
+- opentelemetry_plugin - enrich service when using the ``jenkins``, ``hetzner`` or ``jira`` modules (https://github.com/ansible-collections/community.general/pull/4105).
+- pacman - the module has been rewritten and is now much faster when using ``state=latest``. Operations are now done all packages at once instead of package per package and the configured output format of ``pacman`` no longer affect the module's operation. (https://github.com/ansible-collections/community.general/pull/3907, https://github.com/ansible-collections/community.general/issues/3783, https://github.com/ansible-collections/community.general/issues/4079)
+- passwordstore lookup plugin - add configurable ``lock`` and ``locktimeout`` options to avoid race conditions in itself and in the ``pass`` utility it calls. By default, the plugin now locks on write operations (https://github.com/ansible-collections/community.general/pull/4194).
+- proxmox modules - move common code into ``module_utils`` (https://github.com/ansible-collections/community.general/pull/4029).
+- proxmox_kvm - added EFI disk support when creating VM with OVMF UEFI BIOS with new ``efidisk0`` option (https://github.com/ansible-collections/community.general/pull/4106, https://github.com/ansible-collections/community.general/issues/1638).
+- proxmox_kwm - add ``win11`` to ``ostype`` parameter for Windows 11 and Windows Server 2022 support (https://github.com/ansible-collections/community.general/issues/4023, https://github.com/ansible-collections/community.general/pull/4191).
+
+Bugfixes
+--------
+
+- dconf - skip processes that disappeared while we inspected them (https://github.com/ansible-collections/community.general/issues/4151).
+- gitlab_group_variable - add missing documentation about GitLab versions that support ``environment_scope`` and ``variable_type`` (https://github.com/ansible-collections/community.general/pull/4038).
+- gitlab_group_variable - allow to set same variable name under different environment scopes. Due this change, the return value ``group_variable`` differs from previous version in check mode. It was counting ``updated`` values, because it was accidentally overwriting environment scopes (https://github.com/ansible-collections/community.general/pull/4038).
+- gitlab_group_variable - fix idempotent change behaviour for float and integer variables (https://github.com/ansible-collections/community.general/pull/4038).
+- gitlab_project_variable - ``value`` is not necessary when deleting variables (https://github.com/ansible-collections/community.general/pull/4150).
+- gitlab_runner - make ``project`` and ``owned`` mutually exclusive (https://github.com/ansible-collections/community.general/pull/4136).
+- homebrew_cask - fix force install operation (https://github.com/ansible-collections/community.general/issues/3703).
+- imc_rest - fixes the module failure due to the usage of ``itertools.izip_longest`` which is not available in Python 3 (https://github.com/ansible-collections/community.general/issues/4206).
+- ini_file - when removing nothing do not report changed (https://github.com/ansible-collections/community.general/issues/4154).
+- keycloak_user_federation - creating a user federation while specifying an ID (that does not exist yet) no longer fail with a 404 Not Found (https://github.com/ansible-collections/community.general/pull/4212).
+- keycloak_user_federation - mappers auto-created by keycloak are matched and merged by their name and no longer create duplicated entries (https://github.com/ansible-collections/community.general/pull/4212).
+- mail callback plugin - fix encoding of the name of sender and recipient (https://github.com/ansible-collections/community.general/issues/4060, https://github.com/ansible-collections/community.general/pull/4061).
+- passwordstore lookup plugin - fix error detection for non-English locales (https://github.com/ansible-collections/community.general/pull/4219).
+- passwordstore lookup plugin - prevent returning path names as passwords by accident (https://github.com/ansible-collections/community.general/issues/4185, https://github.com/ansible-collections/community.general/pull/4192).
+- vdo - fix options error (https://github.com/ansible-collections/community.general/pull/4163).
+- yum_versionlock - fix matching of existing entries with names passed to the module. Match yum and dnf lock format (https://github.com/ansible-collections/community.general/pull/4183).
+
+New Modules
+-----------
+
+Cloud
+~~~~~
+
+scaleway
+^^^^^^^^
+
+- scaleway_private_network - Scaleway private network management
+
+Storage
+~~~~~~~
+
+pmem
+^^^^
+
+- pmem - Configure Intel Optane Persistent Memory modules
+
 v4.4.0
 ======
 

README.md

@@ -17,7 +17,7 @@ If you encounter abusive behavior violating the [Ansible Code of Conduct](https:
 
 ## Tested with Ansible
 
-Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported.
+Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported.
 
 ## External requirements
 

changelogs/changelog.yaml

@@ -1399,3 +1399,386 @@ releases:
       name: homectl
       namespace: system
     release_date: '2022-02-01'
+  4.5.0:
+    changes:
+      bugfixes:
+      - dconf - skip processes that disappeared while we inspected them (https://github.com/ansible-collections/community.general/issues/4151).
+      - gitlab_group_variable - add missing documentation about GitLab versions that
+        support ``environment_scope`` and ``variable_type`` (https://github.com/ansible-collections/community.general/pull/4038).
+      - 'gitlab_group_variable - allow to set same variable name under different environment
+        scopes. Due this change, the return value ``group_variable`` differs from
+        previous version in check mode. It was counting ``updated`` values, because
+        it was accidentally overwriting environment scopes (https://github.com/ansible-collections/community.general/pull/4038).
+
+        '
+      - gitlab_group_variable - fix idempotent change behaviour for float and integer
+        variables (https://github.com/ansible-collections/community.general/pull/4038).
+      - gitlab_project_variable - ``value`` is not necessary when deleting variables
+        (https://github.com/ansible-collections/community.general/pull/4150).
+      - gitlab_runner - make ``project`` and ``owned`` mutually exclusive (https://github.com/ansible-collections/community.general/pull/4136).
+      - homebrew_cask - fix force install operation (https://github.com/ansible-collections/community.general/issues/3703).
+      - imc_rest - fixes the module failure due to the usage of ``itertools.izip_longest``
+        which is not available in Python 3 (https://github.com/ansible-collections/community.general/issues/4206).
+      - ini_file - when removing nothing do not report changed (https://github.com/ansible-collections/community.general/issues/4154).
+      - keycloak_user_federation - creating a user federation while specifying an
+        ID (that does not exist yet) no longer fail with a 404 Not Found (https://github.com/ansible-collections/community.general/pull/4212).
+      - keycloak_user_federation - mappers auto-created by keycloak are matched and
+        merged by their name and no longer create duplicated entries (https://github.com/ansible-collections/community.general/pull/4212).
+      - mail callback plugin - fix encoding of the name of sender and recipient (https://github.com/ansible-collections/community.general/issues/4060,
+        https://github.com/ansible-collections/community.general/pull/4061).
+      - passwordstore lookup plugin - fix error detection for non-English locales
+        (https://github.com/ansible-collections/community.general/pull/4219).
+      - passwordstore lookup plugin - prevent returning path names as passwords by
+        accident (https://github.com/ansible-collections/community.general/issues/4185,
+        https://github.com/ansible-collections/community.general/pull/4192).
+      - vdo - fix options error (https://github.com/ansible-collections/community.general/pull/4163).
+      - yum_versionlock - fix matching of existing entries with names passed to the
+        module. Match yum and dnf lock format (https://github.com/ansible-collections/community.general/pull/4183).
+      minor_changes:
+      - Avoid internal ansible-core module_utils in favor of equivalent public API
+        available since at least Ansible 2.9. This fixes some instances added since
+        the last time this was fixed (https://github.com/ansible-collections/community.general/pull/4232).
+      - ansible_galaxy_install - added option ``no_deps`` to the module (https://github.com/ansible-collections/community.general/issues/4174).
+      - gitlab_group_variable - new ``variables`` parameter (https://github.com/ansible-collections/community.general/pull/4038
+        and https://github.com/ansible-collections/community.general/issues/4074).
+      - keycloak_* modules - added connection timeout parameter when calling server
+        (https://github.com/ansible-collections/community.general/pull/4168).
+      - linode inventory plugin - add support for caching inventory results (https://github.com/ansible-collections/community.general/pull/4179).
+      - opentelemetry_plugin - enrich service when using the ``jenkins``, ``hetzner``
+        or ``jira`` modules (https://github.com/ansible-collections/community.general/pull/4105).
+      - pacman - the module has been rewritten and is now much faster when using ``state=latest``.
+        Operations are now done all packages at once instead of package per package
+        and the configured output format of ``pacman`` no longer affect the module's
+        operation. (https://github.com/ansible-collections/community.general/pull/3907,
+        https://github.com/ansible-collections/community.general/issues/3783, https://github.com/ansible-collections/community.general/issues/4079)
+      - passwordstore lookup plugin - add configurable ``lock`` and ``locktimeout``
+        options to avoid race conditions in itself and in the ``pass`` utility it
+        calls. By default, the plugin now locks on write operations (https://github.com/ansible-collections/community.general/pull/4194).
+      - proxmox modules - move common code into ``module_utils`` (https://github.com/ansible-collections/community.general/pull/4029).
+      - proxmox_kvm - added EFI disk support when creating VM with OVMF UEFI BIOS
+        with new ``efidisk0`` option (https://github.com/ansible-collections/community.general/pull/4106,
+        https://github.com/ansible-collections/community.general/issues/1638).
+      - proxmox_kwm - add ``win11`` to ``ostype`` parameter for Windows 11 and Windows
+        Server 2022 support (https://github.com/ansible-collections/community.general/issues/4023,
+        https://github.com/ansible-collections/community.general/pull/4191).
+      release_summary: Regular feature and bugfix release.
+    fragments:
+    - 3703-force-install-homebrew-cask.yml
+    - 3907-pacman-speedup.yml
+    - 3916-fix-vdo-options-type.yml
+    - 4.5.0.yml
+    - 4029-proxmox-refactor.yml
+    - 4061-fix-mail-recipient-encoding.yml
+    - 4086-rework_of_gitlab_proyect_variable_over_gitlab_group_variable.yml
+    - 4105-opentelemetry_plugin-enrich_jira_hetzner_jenkins_services.yaml
+    - 4106-proxmox-efidisk0-support.yaml
+    - 4136-gitlab_runner-make-project-owned-mutually-exclusive.yml
+    - 4150-gitlab-project-variable-absent-fix.yml
+    - 4151-dconf-catch-psutil-nosuchprocess.yaml
+    - 4154-ini_file_changed.yml
+    - 4168-add-keycloak-url-timeout.yml
+    - 4179-linode-inventory-cache.yaml
+    - 4183-fix-yum_versionlock.yaml
+    - 4191-proxmox-add-win11.yml
+    - 4192-improve-passwordstore-consistency.yml
+    - 4194-configurable-passwordstore-locking.yml
+    - 4206-imc-rest-module.yaml
+    - 4212-fixes-for-keycloak-user-federation.yml
+    - 4219-passwordstore-locale-fix.yml
+    - 4232-text-converter-import.yml
+    - 4240-ansible_galaxy_install-no_deps.yml
+    modules:
+    - description: Configure Intel Optane Persistent Memory modules
+      name: pmem
+      namespace: storage.pmem
+    - description: Scaleway private network management
+      name: scaleway_private_network
+      namespace: cloud.scaleway
+    release_date: '2022-02-22'
+  4.6.0:
+    changes:
+      bugfixes:
+      - filesize - add support for busybox dd implementation, that is used by default
+        on Alpine linux (https://github.com/ansible-collections/community.general/pull/4288,
+        https://github.com/ansible-collections/community.general/issues/4259).
+      - linode inventory plugin - fix configuration handling relating to inventory
+        filtering (https://github.com/ansible-collections/community.general/pull/4336).
+      - mksysb - fixed bug for parameter ``backup_dmapi_fs`` was passing the wrong
+        CLI argument (https://github.com/ansible-collections/community.general/pull/3295).
+      - pacman - Use ``--groups`` instead of ``--group`` (https://github.com/ansible-collections/community.general/pull/4312).
+      - pacman - fix URL based package installation (https://github.com/ansible-collections/community.general/pull/4286,
+        https://github.com/ansible-collections/community.general/issues/4285).
+      - pacman - fix ``upgrade=yes`` (https://github.com/ansible-collections/community.general/pull/4275,
+        https://github.com/ansible-collections/community.general/issues/4274).
+      - pacman - make sure that ``packages`` is always returned when ``name`` or ``upgrade``
+        is specified, also if nothing is done (https://github.com/ansible-collections/community.general/pull/4329).
+      - pacman - when the ``update_cache`` option is combined with another option
+        such as ``upgrade``, report ``changed`` based on the actions performed by
+        the latter option. This was the behavior in community.general 4.4.0 and before.
+        In community.general 4.5.0, a task combining these options would always report
+        ``changed`` (https://github.com/ansible-collections/community.general/pull/4318).
+      - proxmox inventory plugin - always convert strings that follow the ``key=value[,key=value[...]]``
+        form into dictionaries (https://github.com/ansible-collections/community.general/pull/4349).
+      - proxmox inventory plugin - fixed the ``description`` field being ignored if
+        it contained a comma (https://github.com/ansible-collections/community.general/issues/4348).
+      - proxmox_kvm - fix error in check when creating or cloning (https://github.com/ansible-collections/community.general/pull/4306).
+      - proxmox_kvm - fix error when checking whether Proxmox VM exists (https://github.com/ansible-collections/community.general/pull/4287).
+      - terraform - fix ``variable`` handling to allow complex values (https://github.com/ansible-collections/community.general/pull/4281).
+      deprecated_features:
+      - 'pacman - from community.general 5.0.0 on, the ``changed`` status of ``update_cache``
+        will no longer be ignored if ``name`` or ``upgrade`` is specified. To keep
+        the old behavior, add something like ``register: result`` and ``changed_when:
+        result.packages | length > 0`` to your task (https://github.com/ansible-collections/community.general/pull/4329).'
+      known_issues:
+      - pacman - ``update_cache`` cannot differentiate between up to date and outdated
+        package lists and will report ``changed`` in both situations (https://github.com/ansible-collections/community.general/pull/4318).
+      - pacman - binaries specified in the ``executable`` parameter must support ``--print-format``
+        in order to be used by this module. In particular, AUR helper ``yay`` is known
+        not to currently support it (https://github.com/ansible-collections/community.general/pull/4312).
+      minor_changes:
+      - jira - when creating a comment, ``fields`` now is used for additional data
+        (https://github.com/ansible-collections/community.general/pull/4304).
+      - ldap_entry - add support for recursive deletion (https://github.com/ansible-collections/community.general/issues/3613).
+      - mksysb - revamped the module using ``ModuleHelper`` (https://github.com/ansible-collections/community.general/pull/3295).
+      - nmcli - add missing connection aliases ``802-3-ethernet`` and ``802-11-wireless``
+        (https://github.com/ansible-collections/community.general/pull/4108).
+      - nmcli - remove nmcli modify dependency on ``type`` parameter (https://github.com/ansible-collections/community.general/issues/2858).
+      - npm - add ability to use ``production`` flag when ``ci`` is set (https://github.com/ansible-collections/community.general/pull/4299).
+      - pacman - add ``remove_nosave`` parameter to avoid saving modified configuration
+        files as ``.pacsave`` files. (https://github.com/ansible-collections/community.general/pull/4316,
+        https://github.com/ansible-collections/community.general/issues/4315).
+      - pacman - now implements proper change detection for ``update_cache=true``.
+        Adds ``cache_updated`` return value to when ``update_cache=true`` to report
+        this result independently of the module's overall changed return value (https://github.com/ansible-collections/community.general/pull/4337).
+      - pipx - added options ``editable`` and ``pip_args`` (https://github.com/ansible-collections/community.general/issues/4300).
+      - proxmox inventory plugin - add support for client-side jinja filters (https://github.com/ansible-collections/community.general/issues/3553).
+      - redis - add authentication parameters ``login_user``, ``tls``, ``validate_certs``,
+        and ``ca_certs`` (https://github.com/ansible-collections/community.general/pull/4207).
+      - syslog_json - add option to skip logging of ``gather_facts`` playbook tasks;
+        use v2 callback API (https://github.com/ansible-collections/community.general/pull/4223).
+      - zypper - add support for ``--clean-deps`` option to remove packages that depend
+        on a package being removed (https://github.com/ansible-collections/community.general/pull/4195).
+      release_summary: Regular feature and bugfix release.
+    fragments:
+    - 3295-mksysb-revamp.yaml
+    - 4.6.0.yml
+    - 4108-nmcli-support-modifcation-without-type-param.yml
+    - 4192-zypper-add-clean-deps.yml
+    - 4207-add-redis-tls-support.yml
+    - 4223-syslog-json-skip-syslog-option.yml
+    - 4275-pacman-sysupgrade.yml
+    - 4281-terraform-complex-variables.yml
+    - 4286-pacman-url-pkgs.yml
+    - 4287-fix-proxmox-vm-chek.yml
+    - 4288-fix-4259-support-busybox-dd.yml
+    - 4299-npm-add-production-with-ci-flag.yml
+    - 4303-pipx-editable.yml
+    - 4304-jira-fields-in-comment.yml
+    - 4306-proxmox-fix-error-on-vm-clone.yml
+    - 4312-pacman-groups.yml
+    - 4316-pacman-remove-nosave.yml
+    - 4318-pacman-restore-old-changed-behavior.yml
+    - 4330-pacman-packages-update_cache.yml
+    - 4336-linode-inventory-filtering.yaml
+    - 4337-pacman-update_cache.yml
+    - 4349-proxmox-inventory-dict-facts.yml
+    - 4352-proxmox-inventory-filters.yml
+    - 4355-ldap-recursive-delete.yml
+    release_date: '2022-03-15'
+  4.6.1:
+    changes:
+      bugfixes:
+      - 'lxd inventory plugin - do not crash if OS and release metadata are not present
+
+        (https://github.com/ansible-collections/community.general/pull/4351).
+
+        '
+      - terraform - revert bugfix https://github.com/ansible-collections/community.general/pull/4281
+        that tried to fix ``variable`` handling to allow complex values. It turned
+        out that this was breaking several valid use-cases (https://github.com/ansible-collections/community.general/issues/4367,
+        https://github.com/ansible-collections/community.general/pull/4370).
+      release_summary: Extraordinary bugfix release to fix a breaking change in ``terraform``.
+    fragments:
+    - 4.6.1.yml
+    - 4351-inventory-lxd-handling_metadata_wo_os_and_release.yml
+    - 4368-reverts-4281.yml
+    release_date: '2022-03-16'
+  4.7.0:
+    changes:
+      bugfixes:
+      - dsv lookup plugin - raise an Ansible error if the wrong ``python-dsv-sdk``
+        version is installed (https://github.com/ansible-collections/community.general/pull/4422).
+      - keycloak_* - the documented ``validate_certs`` parameter was not taken into
+        account when calling the ``open_url`` function in some cases, thus enforcing
+        certificate validation even when ``validate_certs`` was set to ``false``.
+        (https://github.com/ansible-collections/community.general/pull/4382)
+      - nmcli - fix returning "changed" when routes parameters set, also suggest new
+        routes4 and routes6 format (https://github.com/ansible-collections/community.general/issues/4131).
+      - proxmox inventory plugin - fixed the ``tags_parsed`` field when Proxmox returns
+        a single space for the ``tags`` entry (https://github.com/ansible-collections/community.general/pull/4378).
+      - zypper - fixed bug that caused zypper to always report [ok] and do nothing
+        on ``state=present`` when all packages in ``name`` had a version specification
+        (https://github.com/ansible-collections/community.general/issues/4371, https://github.com/ansible-collections/community.general/pull/4421).
+      minor_changes:
+      - ipa_service - add ``skip_host_check`` parameter. (https://github.com/ansible-collections/community.general/pull/4417).
+      - keycloak_client - add ``always_display_in_console`` parameter (https://github.com/ansible-collections/community.general/issues/4390).
+      - keycloak_client - add ``default_client_scopes`` and ``optional_client_scopes``
+        parameters. (https://github.com/ansible-collections/community.general/pull/4385).
+      - proxmox inventory plugin - add support for templating the ``url``, ``user``,
+        and ``password`` options (https://github.com/ansible-collections/community.general/pull/4418).
+      - sudoers - add support for ``runas`` parameter (https://github.com/ansible-collections/community.general/issues/4379).
+      release_summary: Regular bugfix and feature release.
+    fragments:
+    - 4.7.0.yml
+    - 4131-nmcli_fix_reports_changed_for_routes4_parameter.yml
+    - 4378-proxmox-inventory-tags.yml
+    - 4380-sudoers-runas-parameter.yml
+    - 4382-keycloak-add-missing-validate_certs-parameters.yml
+    - 4385-keycloak-client-default-optional-scopes.yml
+    - 4386-proxmox-support-templating-in-inventory-file.yml
+    - 4417-ipa_service-add-skip_host_check.yml
+    - 4421-zypper_package_version_handling_fix.yml
+    - 4422-warn-user-if-incorrect-SDK-version-is-installed.yaml
+    - 4429-keycloak-client-add-always-display-in-console.yml
+    release_date: '2022-04-05'
+  4.8.0:
+    changes:
+      bugfixes:
+      - dnsmadeeasy - fix failure on deleting DNS entries when API response does not
+        contain monitor value (https://github.com/ansible-collections/community.general/issues/3620).
+      - git_branch - remove deprecated and unnecessary branch ``unprotect`` method
+        (https://github.com/ansible-collections/community.general/pull/4496).
+      - 'gitlab_group - improve searching for projects inside group on deletion (https://github.com/ansible-collections/community.general/pull/4491).
+
+        '
+      - 'gitlab_group_members - handle more than 20 groups when finding a group (https://github.com/ansible-collections/community.general/pull/4491,
+        https://github.com/ansible-collections/community.general/issues/4460, https://github.com/ansible-collections/community.general/issues/3729).
+
+        '
+      - 'gitlab_hook - handle more than 20 hooks when finding a hook (https://github.com/ansible-collections/community.general/pull/4491).
+
+        '
+      - 'gitlab_project - handle more than 20 namespaces when finding a namespace
+        (https://github.com/ansible-collections/community.general/pull/4491).
+
+        '
+      - 'gitlab_project_members - handle more than 20 projects and users when finding
+        a project resp. user (https://github.com/ansible-collections/community.general/pull/4491).
+
+        '
+      - 'gitlab_user - handle more than 20 users and SSH keys when finding a user
+        resp. SSH key (https://github.com/ansible-collections/community.general/pull/4491).
+
+        '
+      - keycloak - fix parameters types for ``defaultDefaultClientScopes`` and ``defaultOptionalClientScopes``
+        from list of dictionaries to list of strings (https://github.com/ansible-collections/community.general/pull/4526).
+      - opennebula inventory plugin - complete the implementation of ``constructable``
+        for opennebula inventory plugin. Now ``keyed_groups``, ``compose``, ``groups``
+        actually work (https://github.com/ansible-collections/community.general/issues/4497).
+      - pacman - fixed bug where ``absent`` state did not work for locally installed
+        packages (https://github.com/ansible-collections/community.general/pull/4464).
+      - pritunl - fixed bug where pritunl plugin api add unneeded data in ``auth_string``
+        parameter (https://github.com/ansible-collections/community.general/issues/4527).
+      - proxmox inventory plugin - fix error when parsing container with LXC configs
+        (https://github.com/ansible-collections/community.general/issues/4472, https://github.com/ansible-collections/community.general/pull/4472).
+      - proxmox_kvm - fix a bug when getting a state of VM without name will fail
+        (https://github.com/ansible-collections/community.general/pull/4508).
+      - xbps - fix error message that is reported when installing packages fails (https://github.com/ansible-collections/community.general/pull/4438).
+      deprecated_features:
+      - nmcli - deprecate default hairpin mode for a bridge. This so we can change
+        it to ``false`` in community.general 7.0.0, as this is also the default in
+        ``nmcli`` (https://github.com/ansible-collections/community.general/pull/4334).
+      - proxmox inventory plugin - the current default ``true`` of the ``want_proxmox_nodes_ansible_host``
+        option has been deprecated. The default will change to ``false`` in community.general
+        6.0.0. To keep the current behavior, explicitly set ``want_proxmox_nodes_ansible_host``
+        to ``true`` in your inventory configuration. We suggest to already switch
+        to the new behavior by explicitly setting it to ``false``, and by using ``compose:``
+        to set ``ansible_host`` to the correct value. See the examples in the plugin
+        documentation for details (https://github.com/ansible-collections/community.general/pull/4466).
+      minor_changes:
+      - alternatives - add ``state`` parameter, which provides control over whether
+        the alternative should be set as the active selection for its alternatives
+        group (https://github.com/ansible-collections/community.general/issues/4543,
+        https://github.com/ansible-collections/community.general/pull/4557).
+      - atomic_container - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - clc_alert_policy - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+      - clc_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+      - clc_loadbalancer - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+      - clc_server - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+      - cmd_runner module util - reusable command runner with consistent argument
+        formatting and sensible defaults (https://github.com/ansible-collections/community.general/pull/4476).
+      - datadog_monitor - support new datadog event monitor of type `event-v2 alert`
+        (https://github.com/ansible-collections/community.general/pull/4457)
+      - filesystem - add support for resizing btrfs (https://github.com/ansible-collections/community.general/issues/4465).
+      - lxd_container - adds ``project`` option to allow selecting project for LXD
+        instance (https://github.com/ansible-collections/community.general/pull/4479).
+      - lxd_profile - adds ``project`` option to allow selecting project for LXD profile
+        (https://github.com/ansible-collections/community.general/pull/4479).
+      - nmap inventory plugin - add ``sudo`` option in plugin in order to execute
+        ``sudo nmap`` so that ``nmap`` runs with elevated privileges (https://github.com/ansible-collections/community.general/pull/4506).
+      - nomad_job - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - nomad_job_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - packet_device - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - packet_sshkey - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - packet_volume - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - profitbricks - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - proxmox - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - proxmox inventory plugin - add token authentication as an alternative to username/password
+        (https://github.com/ansible-collections/community.general/pull/4540).
+      - proxmox inventory plugin - parse LXC configs returned by the proxmox API (https://github.com/ansible-collections/community.general/pull/4472).
+      - proxmox_snap - add restore snapshot option (https://github.com/ansible-collections/community.general/pull/4377).
+      - proxmox_snap - fixed timeout value to correctly reflect time in seconds. The
+        timeout was off by one second (https://github.com/ansible-collections/community.general/pull/4377).
+      - redfish_command - add ``IndicatorLedOn``, ``IndicatorLedOff``, and ``IndicatorLedBlink``
+        commands to the Systems category for controling system LEDs (https://github.com/ansible-collections/community.general/issues/4084).
+      - seport - minor refactoring (https://github.com/ansible-collections/community.general/pull/4471).
+      - smartos_image_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - terraform - adds ``terraform_upgrade`` parameter which allows ``terraform
+        init`` to satisfy new provider constraints in an existing Terraform project
+        (https://github.com/ansible-collections/community.general/issues/4333).
+      - udm_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+      - udm_share - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
+      - vmadm - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - webfaction_app - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - webfaction_db - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
+      - xfconf - added missing value types ``char``, ``uchar``, ``int64`` and ``uint64``
+        (https://github.com/ansible-collections/community.general/pull/4534).
+      release_summary: Regular feature and bugfix release. Please note that this is
+        the last minor 4.x.0 release. Further releases with major version 4 will be
+        bugfix releases 4.8.y.
+    fragments:
+    - 4.8.0.yml
+    - 4084-add-redfish-system-indicator-led.yml
+    - 4320-nmcli-hairpin.yml
+    - 4377-allow-proxmox-snapshot-restoring.yml
+    - 4438-fix-error-message.yaml
+    - 4455-terraform-provider-upgrade.yml
+    - 4457-support-datadog-monitors-type-event-v2.yaml
+    - 4459-only-get-monitor-if-it-is-not-null-api-response.yaml
+    - 4464-pacman-fix-local-remove.yaml
+    - 4465-btrfs-resize.yml
+    - 4466-proxmox-ansible_host-deprecation.yml
+    - 4471-seport-refactor.yaml
+    - 4476-cmd_runner.yml
+    - 4479-add-project-support-for-lxd_container-and-lxd_profile.yml
+    - 4491-specify_all_in_list_calls.yaml
+    - 4492-proxmox_kvm_fix_vm_without_name.yaml
+    - 4496-remove-deprecated-method-in-gitlab-branch-module.yml
+    - 4506-sudo-in-nmap-inv-plugin.yaml
+    - 4524-update-opennebula-inventory-plugin-to-match-documentation.yaml
+    - 4526-keycloak-realm-types.yaml
+    - 4530-fix-unauthorized-pritunl-request.yaml
+    - 4534-xfconf-added-value-types.yaml
+    - 4540-proxmox-inventory-token-auth.yml
+    - 4555-proxmox-lxc-key.yml
+    - 4556-remove-default-none-1.yml
+    - 4557-alternatives-add-state-parameter.yml
+    - 4567-remove-default-none-2.yml
+    modules:
+    - description: Manage customers in Alerta
+      name: alerta_customer
+      namespace: monitoring
+    - description: Manage LXD projects
+      name: lxd_project
+      namespace: cloud.lxd
+    release_date: '2022-04-26'

docs/docsite/helper/lists_mergeby/default-common.yml

@@ -0,0 +1,13 @@
+list1:
+  - name: foo
+    extra: true
+  - name: bar
+    extra: false
+  - name: meh
+    extra: true
+
+list2:
+  - name: foo
+    path: /foo
+  - name: baz
+    path: /baz

docs/docsite/helper/lists_mergeby/default-recursive-true.yml

@@ -0,0 +1,19 @@
+list1:
+  - name: myname01
+    param01:
+      x: default_value
+      y: default_value
+      list:
+        - default_value
+  - name: myname02
+    param01: [1, 1, 2, 3]
+
+list2:
+  - name: myname01
+    param01:
+      y: patch_value
+      z: patch_value
+      list:
+        - patch_value
+  - name: myname02
+    param01: [3, 4, 4, {key: value}]

docs/docsite/helper/lists_mergeby/example-001.yml

@@ -0,0 +1,10 @@
+---
+- name: 1. Merge two lists by common attribute 'name'
+  include_vars:
+    dir: example-001_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-001.out

docs/docsite/helper/lists_mergeby/example-001_vars/default-common.yml

@@ -0,0 +1 @@
+../default-common.yml

docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml

@@ -0,0 +1,2 @@
+list3: "{{ list1|
+           community.general.lists_mergeby(list2, 'name') }}"

docs/docsite/helper/lists_mergeby/example-002.yml

@@ -0,0 +1,10 @@
+---
+- name: 2. Merge two lists by common attribute 'name'
+  include_vars:
+    dir: example-002_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-002.out

docs/docsite/helper/lists_mergeby/example-002_vars/default-common.yml

@@ -0,0 +1 @@
+../default-common.yml

docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml

@@ -0,0 +1,2 @@
+list3: "{{ [list1, list2]|
+           community.general.lists_mergeby('name') }}"

docs/docsite/helper/lists_mergeby/example-003.yml

@@ -0,0 +1,10 @@
+---
+- name: 3. Merge recursive by 'name', replace lists (default)
+  include_vars:
+    dir: example-003_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-003.out

docs/docsite/helper/lists_mergeby/example-003_vars/default-recursive-true.yml

@@ -0,0 +1 @@
+../default-recursive-true.yml

docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml

@@ -0,0 +1,3 @@
+list3: "{{ [list1, list2]|
+           community.general.lists_mergeby('name',
+                                           recursive=true) }}"

docs/docsite/helper/lists_mergeby/example-004.yml

@@ -0,0 +1,10 @@
+---
+- name: 4. Merge recursive by 'name', keep lists
+  include_vars:
+    dir: example-004_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-004.out

docs/docsite/helper/lists_mergeby/example-004_vars/default-recursive-true.yml

@@ -0,0 +1 @@
+../default-recursive-true.yml

docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml

@@ -0,0 +1,4 @@
+list3: "{{ [list1, list2]|
+           community.general.lists_mergeby('name',
+                                           recursive=true,
+                                           list_merge='keep') }}"

docs/docsite/helper/lists_mergeby/example-005.yml

@@ -0,0 +1,10 @@
+---
+- name: 5. Merge recursive by 'name', append lists
+  include_vars:
+    dir: example-005_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-005.out

docs/docsite/helper/lists_mergeby/example-005_vars/default-recursive-true.yml

@@ -0,0 +1 @@
+../default-recursive-true.yml

docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml

@@ -0,0 +1,4 @@
+list3: "{{ [list1, list2]|
+           community.general.lists_mergeby('name',
+                                           recursive=true,
+                                           list_merge='append') }}"

docs/docsite/helper/lists_mergeby/example-006.yml

@@ -0,0 +1,10 @@
+---
+- name: 6. Merge recursive by 'name', prepend lists
+  include_vars:
+    dir: example-006_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-006.out

docs/docsite/helper/lists_mergeby/example-006_vars/default-recursive-true.yml

@@ -0,0 +1 @@
+../default-recursive-true.yml

docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml

@@ -0,0 +1,4 @@
+list3: "{{ [list1, list2]|
+           community.general.lists_mergeby('name',
+                                           recursive=true,
+                                           list_merge='prepend') }}"

docs/docsite/helper/lists_mergeby/example-007.yml

@@ -0,0 +1,10 @@
+---
+- name: 7. Merge recursive by 'name', append lists 'remove present'
+  include_vars:
+    dir: example-007_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-007.out

docs/docsite/helper/lists_mergeby/example-007_vars/default-recursive-true.yml

@@ -0,0 +1 @@
+../default-recursive-true.yml

docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml

@@ -0,0 +1,4 @@
+list3: "{{ [list1, list2]|
+           community.general.lists_mergeby('name',
+                                           recursive=true,
+                                           list_merge='append_rp') }}"

docs/docsite/helper/lists_mergeby/example-008.yml

@@ -0,0 +1,10 @@
+---
+- name: 8. Merge recursive by 'name', prepend lists 'remove present'
+  include_vars:
+    dir: example-008_vars
+- debug:
+    var: list3
+  when: debug|d(false)|bool
+- template:
+    src: list3.out.j2
+    dest: example-008.out

docs/docsite/helper/lists_mergeby/example-008_vars/default-recursive-true.yml

@@ -0,0 +1 @@
+../default-recursive-true.yml

docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml

@@ -0,0 +1,4 @@
+list3: "{{ [list1, list2]|
+           community.general.lists_mergeby('name',
+                                           recursive=true,
+                                           list_merge='prepend_rp') }}"

docs/docsite/helper/lists_mergeby/examples.yml

@@ -1,37 +1,49 @@
 ---
 examples:
+  - label: 'In the example below the lists are merged by the attribute ``name``:'
+    file: example-001_vars/list3.yml
+    lang: 'yaml+jinja'
+  - label: 'This produces:'
+    file: example-001.out
+    lang: 'yaml'
+  - label: 'It is possible to use a list of lists as an input of the filter:'
+    file: example-002_vars/list3.yml
+    lang: 'yaml+jinja'
+  - label: 'This produces the same result as in the previous example:'
+    file: example-002.out
+    lang: 'yaml'
   - label: 'Example ``list_merge=replace`` (default):'
-    file: example-003.yml
+    file: example-003_vars/list3.yml
     lang: 'yaml+jinja'
   - label: 'This produces:'
     file: example-003.out
     lang: 'yaml'
   - label: 'Example ``list_merge=keep``:'
-    file: example-004.yml
+    file: example-004_vars/list3.yml
     lang: 'yaml+jinja'
   - label: 'This produces:'
     file: example-004.out
     lang: 'yaml'
   - label: 'Example ``list_merge=append``:'
-    file: example-005.yml
+    file: example-005_vars/list3.yml
     lang: 'yaml+jinja'
   - label: 'This produces:'
     file: example-005.out
     lang: 'yaml'
   - label: 'Example ``list_merge=prepend``:'
-    file: example-006.yml
+    file: example-006_vars/list3.yml
     lang: 'yaml+jinja'
   - label: 'This produces:'
     file: example-006.out
     lang: 'yaml'
   - label: 'Example ``list_merge=append_rp``:'
-    file: example-007.yml
+    file: example-007_vars/list3.yml
     lang: 'yaml+jinja'
   - label: 'This produces:'
     file: example-007.out
     lang: 'yaml'
   - label: 'Example ``list_merge=prepend_rp``:'
-    file: example-008.yml
+    file: example-008_vars/list3.yml
     lang: 'yaml+jinja'
   - label: 'This produces:'
     file: example-008.out

docs/docsite/helper/lists_mergeby/examples_all.rst.j2

@@ -3,6 +3,6 @@
 
 .. code-block:: {{ i.lang }}
 
-  {{ lookup('file', source_path ~ i.file)|indent(2) }}
+  {{ lookup('file', i.file)|indent(2) }}
 
 {% endfor %}

docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2

@@ -0,0 +1,57 @@
+Merging lists of dictionaries
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the ``lists_mergeby`` filter.
+
+.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin <ansible_collections.community.general.yaml_callback>`.
+
+Let us use the lists below in the following examples:
+
+.. code-block:: yaml
+
+  {{ lookup('file', 'default-common.yml')|indent(2) }}
+
+{% for i in examples[0:2] %}
+{{ i.label }}
+
+.. code-block:: {{ i.lang }}
+
+  {{ lookup('file', i.file)|indent(2) }}
+
+{% endfor %}
+
+.. versionadded:: 2.0.0
+
+{% for i in examples[2:4] %}
+{{ i.label }}
+
+.. code-block:: {{ i.lang }}
+
+  {{ lookup('file', i.file)|indent(2) }}
+
+{% endfor %}
+
+The filter also accepts two optional parameters: ``recursive`` and ``list_merge``. These parameters are only supported when used with ansible-base 2.10 or ansible-core, but not with Ansible 2.9. This is available since community.general 4.4.0.
+
+**recursive**
+    Is a boolean, default to ``False``. Should the ``community.general.lists_mergeby`` recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``.
+
+**list_merge**
+    Is a string, its possible values are ``replace`` (default), ``keep``, ``append``, ``prepend``, ``append_rp`` or ``prepend_rp``. It modifies the behaviour of ``community.general.lists_mergeby`` when the hashes to merge contain arrays/lists.
+
+The examples below set ``recursive=true`` and display the differences among all six options of ``list_merge``. Functionality of the parameters is exactly the same as in the filter ``combine``. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.
+
+Let us use the lists below in the following examples
+
+.. code-block:: yaml
+
+  {{ lookup('file', 'default-recursive-true.yml')|indent(2) }}
+
+{% for i in examples[4:16] %}
+{{ i.label }}
+
+.. code-block:: {{ i.lang }}
+
+  {{ lookup('file', i.file)|indent(2) }}
+
+{% endfor %}

docs/docsite/helper/lists_mergeby/list3.out.j2

@@ -0,0 +1,2 @@
+list3:
+{{ list3|to_nice_yaml(indent=0) }}

docs/docsite/helper/lists_mergeby/playbook.yml

@@ -1,41 +1,59 @@
 ---
-# The following runs all examples:
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# 1) Run all examples and create example-XXX.out
+# shell> ansible-playbook playbook.yml -e examples=true
 #
-#    ANSIBLE_STDOUT_CALLBACK=community.general.yaml ansible-playbook playbook.yml -e examples=true
+# 2) Optionally, for testing, create examples_all.rst
+# shell> ansible-playbook playbook.yml -e examples_all=true
 #
-# You need to copy the YAML output of example-XXX.yml into example-XXX.out.
+# 3) Create docs REST files
+# shell> ansible-playbook playbook.yml -e merging_lists_of_dictionaries=true
 #
-# The following generates examples.rst out of the .out files:
+# Notes:
+# * Use YAML callback, e.g. set ANSIBLE_STDOUT_CALLBACK=community.general.yaml
+# * Use sphinx-view to render and review the REST files
+#   shell> sphinx-view <path_to_helper>/examples_all.rst
+# * Proofread and copy completed docs *.rst files into the directory rst.
+# * Then delete the *.rst and *.out files from this directory. Do not
+#   add *.rst and *.out in this directory to the version control.
 #
-#    ansible-playbook playbook.yml -e template=true
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# community.general/docs/docsite/helper/lists_mergeby/playbook.yml
+
 - hosts: localhost
   gather_facts: false
-  vars:
-    source_path: ../../rst/examples/lists_mergeby/
   tasks:
 
     - block:
-        - import_tasks: '{{ source_path }}example-001.yml'
+        - import_tasks: example-001.yml
           tags: t001
-        - import_tasks: '{{ source_path }}example-002.yml'
+        - import_tasks: example-002.yml
           tags: t002
-        - import_tasks: '{{ source_path }}example-003.yml'
+        - import_tasks: example-003.yml
           tags: t003
-        - import_tasks: '{{ source_path }}example-004.yml'
+        - import_tasks: example-004.yml
           tags: t004
-        - import_tasks: '{{ source_path }}example-005.yml'
+        - import_tasks: example-005.yml
           tags: t005
-        - import_tasks: '{{ source_path }}example-006.yml'
+        - import_tasks: example-006.yml
           tags: t006
-        - import_tasks: '{{ source_path }}example-007.yml'
+        - import_tasks: example-007.yml
           tags: t007
-        - import_tasks: '{{ source_path }}example-008.yml'
+        - import_tasks: example-008.yml
           tags: t008
       when: examples|d(false)|bool
 
     - block:
         - include_vars: examples.yml
         - template:
-            src: examples.rst.j2
-            dest: examples.rst
-      when: template|d(false)|bool
+            src: examples_all.rst.j2
+            dest: examples_all.rst
+      when: examples_all|d(false)|bool
+
+    - block:
+        - include_vars: examples.yml
+        - template:
+            src: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
+            dest: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
+      when: merging_lists_of_dictionaries|d(false)|bool

docs/docsite/links.yml

@@ -0,0 +1,23 @@
+---
+edit_on_github:
+  repository: ansible-collections/community.general
+  branch: main
+  path_prefix: ''
+
+extra_links:
+  - description: Submit a bug report
+    url: https://github.com/ansible-collections/community.general/issues/new?assignees=&labels=&template=bug_report.yml
+  - description: Request a feature
+    url: https://github.com/ansible-collections/community.general/issues/new?assignees=&labels=&template=feature_request.yml
+
+communication:
+  matrix_rooms:
+    - topic: General usage and support questions
+      room: '#users:ansible.im'
+  irc_channels:
+    - topic: General usage and support questions
+      network: Libera
+      channel: '#ansible'
+  mailing_lists:
+    - topic: Ansible Project List
+      url: https://groups.google.com/g/ansible-project

docs/docsite/rst/examples/lists_mergeby/example-001.out

@@ -1,10 +0,0 @@
-  list3:
-  - extra: false
-    name: bar
-  - name: baz
-    path: /baz
-  - extra: true
-    name: foo
-    path: /foo
-  - extra: true
-    name: meh

docs/docsite/rst/examples/lists_mergeby/example-001.yml

@@ -1,20 +0,0 @@
----
-- name: Merge two lists by common attribute 'name'
-  set_fact:
-    list3: "{{ list1|
-               community.general.lists_mergeby(list2, 'name') }}"
-  vars:
-    list1:
-      - name: foo
-        extra: true
-      - name: bar
-        extra: false
-      - name: meh
-        extra: true
-    list2:
-      - name: foo
-        path: /foo
-      - name: baz
-        path: /baz
-- debug:
-    var: list3

docs/docsite/rst/examples/lists_mergeby/example-002.out

@@ -1,10 +0,0 @@
-  list3:
-  - extra: false
-    name: bar
-  - name: baz
-    path: /baz
-  - extra: true
-    name: foo
-    path: /foo
-  - extra: true
-    name: meh

docs/docsite/rst/examples/lists_mergeby/example-002.yml

@@ -1,20 +0,0 @@
----
-- name: Merge two lists by common attribute 'name'
-  set_fact:
-    list3: "{{ [list1, list2]|
-               community.general.lists_mergeby('name') }}"
-  vars:
-    list1:
-      - name: foo
-        extra: true
-      - name: bar
-        extra: false
-      - name: meh
-        extra: true
-    list2:
-      - name: foo
-        path: /foo
-      - name: baz
-        path: /baz
-- debug:
-    var: list3

docs/docsite/rst/examples/lists_mergeby/example-003.out

@@ -1,14 +0,0 @@
-  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value

docs/docsite/rst/examples/lists_mergeby/example-003.yml

@@ -1,28 +0,0 @@
----
-- name: Merge recursive by 'name', replace lists (default)
-  set_fact:
-    list3: "{{ [list1, list2]|
-               community.general.lists_mergeby('name',
-                                               recursive=true) }}"
-  vars:
-    list1:
-      - name: myname01
-        param01:
-          x: default_value
-          y: default_value
-          list:
-            - default_value
-      - name: myname02
-        param01: [1, 1, 2, 3]
-
-    list2:
-      - name: myname01
-        param01:
-          y: patch_value
-          z: patch_value
-          list:
-            - patch_value
-      - name: myname02
-        param01: [3, 4, 4, {key: value}]
-- debug:
-    var: list3

docs/docsite/rst/examples/lists_mergeby/example-004.out

@@ -1,14 +0,0 @@
-  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3

docs/docsite/rst/examples/lists_mergeby/example-004.yml

@@ -1,29 +0,0 @@
----
-- name: Merge recursive by 'name', keep lists
-  set_fact:
-    list3: "{{ [list1, list2]|
-               community.general.lists_mergeby('name',
-                                               recursive=true,
-                                               list_merge='keep') }}"
-  vars:
-    list1:
-      - name: myname01
-        param01:
-          x: default_value
-          y: default_value
-          list:
-            - default_value
-      - name: myname02
-        param01: [1, 1, 2, 3]
-
-    list2:
-      - name: myname01
-        param01:
-          y: patch_value
-          z: patch_value
-          list:
-            - patch_value
-      - name: myname02
-        param01: [3, 4, 4, {key: value}]
-- debug:
-    var: list3

docs/docsite/rst/examples/lists_mergeby/example-005.out

@@ -1,19 +0,0 @@
-  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
-    - 3
-    - 4
-    - 4
-    - key: value

docs/docsite/rst/examples/lists_mergeby/example-005.yml

@@ -1,29 +0,0 @@
----
-- name: Merge recursive by 'name', append lists
-  set_fact:
-    list3: "{{ [list1, list2]|
-               community.general.lists_mergeby('name',
-                                               recursive=true,
-                                               list_merge='append') }}"
-  vars:
-    list1:
-      - name: myname01
-        param01:
-          x: default_value
-          y: default_value
-          list:
-            - default_value
-      - name: myname02
-        param01: [1, 1, 2, 3]
-
-    list2:
-      - name: myname01
-        param01:
-          y: patch_value
-          z: patch_value
-          list:
-            - patch_value
-      - name: myname02
-        param01: [3, 4, 4, {key: value}]
-- debug:
-    var: list3

docs/docsite/rst/examples/lists_mergeby/example-006.out

@@ -1,19 +0,0 @@
-  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
-    - 1
-    - 1
-    - 2
-    - 3

docs/docsite/rst/examples/lists_mergeby/example-006.yml

@@ -1,29 +0,0 @@
----
-- name: Merge recursive by 'name', prepend lists
-  set_fact:
-    list3: "{{ [list1, list2]|
-               community.general.lists_mergeby('name',
-                                               recursive=true,
-                                               list_merge='prepend') }}"
-  vars:
-    list1:
-      - name: myname01
-        param01:
-          x: default_value
-          y: default_value
-          list:
-            - default_value
-      - name: myname02
-        param01: [1, 1, 2, 3]
-
-    list2:
-      - name: myname01
-        param01:
-          y: patch_value
-          z: patch_value
-          list:
-            - patch_value
-      - name: myname02
-        param01: [3, 4, 4, {key: value}]
-- debug:
-    var: list3

docs/docsite/rst/examples/lists_mergeby/example-007.out

@@ -1,18 +0,0 @@
-  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
-    - 4
-    - 4
-    - key: value

docs/docsite/rst/examples/lists_mergeby/example-007.yml

@@ -1,29 +0,0 @@
----
-- name: Merge recursive by 'name', append lists 'remove present'
-  set_fact:
-    list3: "{{ [list1, list2]|
-               community.general.lists_mergeby('name',
-                                               recursive=true,
-                                               list_merge='append_rp') }}"
-  vars:
-    list1:
-      - name: myname01
-        param01:
-          x: default_value
-          y: default_value
-          list:
-            - default_value
-      - name: myname02
-        param01: [1, 1, 2, 3]
-
-    list2:
-      - name: myname01
-        param01:
-          y: patch_value
-          z: patch_value
-          list:
-            - patch_value
-      - name: myname02
-        param01: [3, 4, 4, {key: value}]
-- debug:
-    var: list3

docs/docsite/rst/examples/lists_mergeby/example-008.out

@@ -1,18 +0,0 @@
-  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
-    - 1
-    - 1
-    - 2

docs/docsite/rst/examples/lists_mergeby/example-008.yml

@@ -1,29 +0,0 @@
----
-- name: Merge recursive by 'name', prepend lists 'remove present'
-  set_fact:
-    list3: "{{ [list1, list2]|
-               community.general.lists_mergeby('name',
-                                               recursive=true,
-                                               list_merge='prepend_rp') }}"
-  vars:
-    list1:
-      - name: myname01
-        param01:
-          x: default_value
-          y: default_value
-          list:
-            - default_value
-      - name: myname02
-        param01: [1, 1, 2, 3]
-
-    list2:
-      - name: myname01
-        param01:
-          y: patch_value
-          z: patch_value
-          list:
-            - patch_value
-      - name: myname02
-        param01: [3, 4, 4, {key: value}]
-- debug:
-    var: list3

docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst

@@ -5,30 +5,30 @@ If you have two or more lists of dictionaries and want to combine them into a li
 
 .. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin <ansible_collections.community.general.yaml_callback>`.
 
+Let us use the lists below in the following examples:
+
+.. code-block:: yaml
+
+  list1:
+    - name: foo
+      extra: true
+    - name: bar
+      extra: false
+    - name: meh
+      extra: true
+
+  list2:
+    - name: foo
+      path: /foo
+    - name: baz
+      path: /baz
+
 In the example below the lists are merged by the attribute ``name``:
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge two lists by common attribute 'name'
-    set_fact:
-      list3: "{{ list1|
-                 community.general.lists_mergeby(list2, 'name') }}"
-    vars:
-      list1:
-        - name: foo
-          extra: true
-        - name: bar
-          extra: false
-        - name: meh
-          extra: true
-      list2:
-        - name: foo
-          path: /foo
-        - name: baz
-          path: /baz
-  - debug:
-      var: list3
+  list3: "{{ list1|
+             community.general.lists_mergeby(list2, 'name') }}"
 
 This produces:
 
@@ -45,32 +45,15 @@ This produces:
   - extra: true
     name: meh
 
+
 .. versionadded:: 2.0.0
 
 It is possible to use a list of lists as an input of the filter:
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge two lists by common attribute 'name'
-    set_fact:
-      list3: "{{ [list1, list2]|
-                 community.general.lists_mergeby('name') }}"
-    vars:
-      list1:
-        - name: foo
-          extra: true
-        - name: bar
-          extra: false
-        - name: meh
-          extra: true
-      list2:
-        - name: foo
-          path: /foo
-        - name: baz
-          path: /baz
-  - debug:
-      var: list3
+  list3: "{{ [list1, list2]|
+             community.general.lists_mergeby('name') }}"
 
 This produces the same result as in the previous example:
 
@@ -87,6 +70,7 @@ This produces the same result as in the previous example:
   - extra: true
     name: meh
 
+
 The filter also accepts two optional parameters: ``recursive`` and ``list_merge``. These parameters are only supported when used with ansible-base 2.10 or ansible-core, but not with Ansible 2.9. This is available since community.general 4.4.0.
 
 **recursive**
@@ -97,337 +81,212 @@ The filter also accepts two optional parameters: ``recursive`` and ``list_merge`
 
 The examples below set ``recursive=true`` and display the differences among all six options of ``list_merge``. Functionality of the parameters is exactly the same as in the filter ``combine``. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.
 
+Let us use the lists below in the following examples
+
+.. code-block:: yaml
+
+  list1:
+    - name: myname01
+      param01:
+        x: default_value
+        y: default_value
+        list:
+          - default_value
+    - name: myname02
+      param01: [1, 1, 2, 3]
+
+  list2:
+    - name: myname01
+      param01:
+        y: patch_value
+        z: patch_value
+        list:
+          - patch_value
+    - name: myname02
+      param01: [3, 4, 4, {key: value}]
+
 Example ``list_merge=replace`` (default):
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge recursive by 'name', replace lists (default)
-    set_fact:
-      list3: "{{ [list1, list2]|
-                 community.general.lists_mergeby('name',
-                                                 recursive=true) }}"
-    vars:
-      list1:
-        - name: myname01
-          param01:
-            x: default_value
-            y: default_value
-            list:
-              - default_value
-        - name: myname02
-          param01: [1, 1, 2, 3]
-
-      list2:
-        - name: myname01
-          param01:
-            y: patch_value
-            z: patch_value
-            list:
-              - patch_value
-        - name: myname02
-          param01: [3, 4, 4, {key: value}]
-  - debug:
-      var: list3
+  list3: "{{ [list1, list2]|
+             community.general.lists_mergeby('name',
+                                             recursive=true) }}"
 
 This produces:
 
 .. code-block:: yaml
 
-    list3:
-    - name: myname01
-      param01:
-        list:
-        - patch_value
-        x: default_value
-        y: patch_value
-        z: patch_value
-    - name: myname02
-      param01:
-      - 3
-      - 4
-      - 4
-      - key: value
+  list3:
+  - name: myname01
+    param01:
+      list:
+      - patch_value
+      x: default_value
+      y: patch_value
+      z: patch_value
+  - name: myname02
+    param01:
+    - 3
+    - 4
+    - 4
+    - key: value
 
 Example ``list_merge=keep``:
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge recursive by 'name', keep lists
-    set_fact:
-      list3: "{{ [list1, list2]|
-                 community.general.lists_mergeby('name',
-                                                 recursive=true,
-                                                 list_merge='keep') }}"
-    vars:
-      list1:
-        - name: myname01
-          param01:
-            x: default_value
-            y: default_value
-            list:
-              - default_value
-        - name: myname02
-          param01: [1, 1, 2, 3]
-
-      list2:
-        - name: myname01
-          param01:
-            y: patch_value
-            z: patch_value
-            list:
-              - patch_value
-        - name: myname02
-          param01: [3, 4, 4, {key: value}]
-  - debug:
-      var: list3
+  list3: "{{ [list1, list2]|
+             community.general.lists_mergeby('name',
+                                             recursive=true,
+                                             list_merge='keep') }}"
 
 This produces:
 
 .. code-block:: yaml
 
-    list3:
-    - name: myname01
-      param01:
-        list:
-        - default_value
-        x: default_value
-        y: patch_value
-        z: patch_value
-    - name: myname02
-      param01:
-      - 1
-      - 1
-      - 2
-      - 3
+  list3:
+  - name: myname01
+    param01:
+      list:
+      - default_value
+      x: default_value
+      y: patch_value
+      z: patch_value
+  - name: myname02
+    param01:
+    - 1
+    - 1
+    - 2
+    - 3
 
 Example ``list_merge=append``:
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge recursive by 'name', append lists
-    set_fact:
-      list3: "{{ [list1, list2]|
-                 community.general.lists_mergeby('name',
-                                                 recursive=true,
-                                                 list_merge='append') }}"
-    vars:
-      list1:
-        - name: myname01
-          param01:
-            x: default_value
-            y: default_value
-            list:
-              - default_value
-        - name: myname02
-          param01: [1, 1, 2, 3]
-
-      list2:
-        - name: myname01
-          param01:
-            y: patch_value
-            z: patch_value
-            list:
-              - patch_value
-        - name: myname02
-          param01: [3, 4, 4, {key: value}]
-  - debug:
-      var: list3
+  list3: "{{ [list1, list2]|
+             community.general.lists_mergeby('name',
+                                             recursive=true,
+                                             list_merge='append') }}"
 
 This produces:
 
 .. code-block:: yaml
 
-    list3:
-    - name: myname01
-      param01:
-        list:
-        - default_value
-        - patch_value
-        x: default_value
-        y: patch_value
-        z: patch_value
-    - name: myname02
-      param01:
-      - 1
-      - 1
-      - 2
-      - 3
-      - 3
-      - 4
-      - 4
-      - key: value
+  list3:
+  - name: myname01
+    param01:
+      list:
+      - default_value
+      - patch_value
+      x: default_value
+      y: patch_value
+      z: patch_value
+  - name: myname02
+    param01:
+    - 1
+    - 1
+    - 2
+    - 3
+    - 3
+    - 4
+    - 4
+    - key: value
 
 Example ``list_merge=prepend``:
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge recursive by 'name', prepend lists
-    set_fact:
-      list3: "{{ [list1, list2]|
-                 community.general.lists_mergeby('name',
-                                                 recursive=true,
-                                                 list_merge='prepend') }}"
-    vars:
-      list1:
-        - name: myname01
-          param01:
-            x: default_value
-            y: default_value
-            list:
-              - default_value
-        - name: myname02
-          param01: [1, 1, 2, 3]
-
-      list2:
-        - name: myname01
-          param01:
-            y: patch_value
-            z: patch_value
-            list:
-              - patch_value
-        - name: myname02
-          param01: [3, 4, 4, {key: value}]
-  - debug:
-      var: list3
+  list3: "{{ [list1, list2]|
+             community.general.lists_mergeby('name',
+                                             recursive=true,
+                                             list_merge='prepend') }}"
 
 This produces:
 
 .. code-block:: yaml
 
-    list3:
-    - name: myname01
-      param01:
-        list:
-        - patch_value
-        - default_value
-        x: default_value
-        y: patch_value
-        z: patch_value
-    - name: myname02
-      param01:
-      - 3
-      - 4
-      - 4
-      - key: value
-      - 1
-      - 1
-      - 2
-      - 3
+  list3:
+  - name: myname01
+    param01:
+      list:
+      - patch_value
+      - default_value
+      x: default_value
+      y: patch_value
+      z: patch_value
+  - name: myname02
+    param01:
+    - 3
+    - 4
+    - 4
+    - key: value
+    - 1
+    - 1
+    - 2
+    - 3
 
 Example ``list_merge=append_rp``:
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge recursive by 'name', append lists 'remove present'
-    set_fact:
-      list3: "{{ [list1, list2]|
-                 community.general.lists_mergeby('name',
-                                                 recursive=true,
-                                                 list_merge='append_rp') }}"
-    vars:
-      list1:
-        - name: myname01
-          param01:
-            x: default_value
-            y: default_value
-            list:
-              - default_value
-        - name: myname02
-          param01: [1, 1, 2, 3]
-
-      list2:
-        - name: myname01
-          param01:
-            y: patch_value
-            z: patch_value
-            list:
-              - patch_value
-        - name: myname02
-          param01: [3, 4, 4, {key: value}]
-  - debug:
-      var: list3
+  list3: "{{ [list1, list2]|
+             community.general.lists_mergeby('name',
+                                             recursive=true,
+                                             list_merge='append_rp') }}"
 
 This produces:
 
 .. code-block:: yaml
 
-    list3:
-    - name: myname01
-      param01:
-        list:
-        - default_value
-        - patch_value
-        x: default_value
-        y: patch_value
-        z: patch_value
-    - name: myname02
-      param01:
-      - 1
-      - 1
-      - 2
-      - 3
-      - 4
-      - 4
-      - key: value
+  list3:
+  - name: myname01
+    param01:
+      list:
+      - default_value
+      - patch_value
+      x: default_value
+      y: patch_value
+      z: patch_value
+  - name: myname02
+    param01:
+    - 1
+    - 1
+    - 2
+    - 3
+    - 4
+    - 4
+    - key: value
 
 Example ``list_merge=prepend_rp``:
 
 .. code-block:: yaml+jinja
 
-  ---
-  - name: Merge recursive by 'name', prepend lists 'remove present'
-    set_fact:
-      list3: "{{ [list1, list2]|
-                 community.general.lists_mergeby('name',
-                                                 recursive=true,
-                                                 list_merge='prepend_rp') }}"
-    vars:
-      list1:
-        - name: myname01
-          param01:
-            x: default_value
-            y: default_value
-            list:
-              - default_value
-        - name: myname02
-          param01: [1, 1, 2, 3]
-
-      list2:
-        - name: myname01
-          param01:
-            y: patch_value
-            z: patch_value
-            list:
-              - patch_value
-        - name: myname02
-          param01: [3, 4, 4, {key: value}]
-  - debug:
-      var: list3
+  list3: "{{ [list1, list2]|
+             community.general.lists_mergeby('name',
+                                             recursive=true,
+                                             list_merge='prepend_rp') }}"
 
 This produces:
 
 .. code-block:: yaml
 
-    list3:
-    - name: myname01
-      param01:
-        list:
-        - patch_value
-        - default_value
-        x: default_value
-        y: patch_value
-        z: patch_value
-    - name: myname02
-      param01:
-      - 3
-      - 4
-      - 4
-      - key: value
-      - 1
-      - 1
-      - 2
+  list3:
+  - name: myname01
+    param01:
+      list:
+      - patch_value
+      - default_value
+      x: default_value
+      y: patch_value
+      z: patch_value
+  - name: myname02
+    param01:
+    - 3
+    - 4
+    - 4
+    - key: value
+    - 1
+    - 1
+    - 2
+

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 4.4.0
+version: 4.8.0
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)

plugins/cache/memcached.py

@@ -20,6 +20,7 @@ DOCUMENTATION = '''
           - List of connection information for the memcached DBs
         default: ['127.0.0.1:11211']
         type: list
+        elements: string
         env:
           - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
         ini:

plugins/callback/mail.py

@@ -120,27 +120,34 @@ class CallbackModule(CallbackBase):
 
         smtp = smtplib.SMTP(self.smtphost, port=self.smtpport)
 
-        content = 'Date: %s\n' % email.utils.formatdate()
-        content += 'From: %s\n' % self.sender
+        sender_address = email.utils.parseaddr(self.sender)
         if self.to:
-            content += 'To: %s\n' % ','.join(self.to)
+            to_addresses = email.utils.getaddresses(self.to)
         if self.cc:
-            content += 'Cc: %s\n' % ','.join(self.cc)
+            cc_addresses = email.utils.getaddresses(self.cc)
+        if self.bcc:
+            bcc_addresses = email.utils.getaddresses(self.bcc)
+
+        content = 'Date: %s\n' % email.utils.formatdate()
+        content += 'From: %s\n' % email.utils.formataddr(sender_address)
+        if self.to:
+            content += 'To: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in to_addresses])
+        if self.cc:
+            content += 'Cc: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in cc_addresses])
         content += 'Message-ID: %s\n' % email.utils.make_msgid()
         content += 'Subject: %s\n\n' % subject.strip()
         content += body
 
-        addresses = self.to
+        addresses = to_addresses
         if self.cc:
-            addresses += self.cc
+            addresses += cc_addresses
         if self.bcc:
-            addresses += self.bcc
+            addresses += bcc_addresses
 
         if not addresses:
             self._display.warning('No receiver has been specified for the mail callback plugin.')
 
-        for address in addresses:
-            smtp.sendmail(self.sender, address, to_bytes(content))
+        smtp.sendmail(self.sender, [address for name, address in addresses], to_bytes(content))
 
         smtp.quit()
 

plugins/callback/opentelemetry.py

@@ -319,7 +319,7 @@ class OpenTelemetrySource(object):
     @staticmethod
     def url_from_args(args):
         # the order matters
-        url_args = ("url", "api_url", "baseurl", "repo", "server_url", "chart_repo_url", "registry_url")
+        url_args = ("url", "api_url", "baseurl", "repo", "server_url", "chart_repo_url", "registry_url", "endpoint", "uri", "updates_url")
         for arg in url_args:
             if args is not None and args.get(arg):
                 return args.get(arg)

plugins/callback/syslog_json.py

@@ -41,6 +41,16 @@ DOCUMENTATION = '''
         ini:
           - section: callback_syslog_json
             key: syslog_facility
+      setup:
+        description: Log setup tasks.
+        env:
+          - name: ANSIBLE_SYSLOG_SETUP
+        type: bool
+        default: true
+        ini:
+          - section: callback_syslog_json
+            key: syslog_setup
+        version_added: 4.5.0
 '''
 
 import os
@@ -86,23 +96,36 @@ class CallbackModule(CallbackBase):
         self.logger.addHandler(self.handler)
         self.hostname = socket.gethostname()
 
-    def runner_on_failed(self, host, res, ignore_errors=False):
+    def v2_runner_on_failed(self, result, ignore_errors=False):
+        res = result._result
+        host = result._host.get_name()
         self.logger.error('%s ansible-command: task execution FAILED; host: %s; message: %s', self.hostname, host, self._dump_results(res))
 
-    def runner_on_ok(self, host, res):
-        self.logger.info('%s ansible-command: task execution OK; host: %s; message: %s', self.hostname, host, self._dump_results(res))
+    def v2_runner_on_ok(self, result):
+        res = result._result
+        host = result._host.get_name()
+        if result._task.action != "gather_facts" or self.get_option("setup"):
+            self.logger.info('%s ansible-command: task execution OK; host: %s; message: %s', self.hostname, host, self._dump_results(res))
 
-    def runner_on_skipped(self, host, item=None):
+    def v2_runner_on_skipped(self, result):
+        host = result._host.get_name()
         self.logger.info('%s ansible-command: task execution SKIPPED; host: %s; message: %s', self.hostname, host, 'skipped')
 
-    def runner_on_unreachable(self, host, res):
+    def v2_runner_on_unreachable(self, result):
+        res = result._result
+        host = result._host.get_name()
         self.logger.error('%s ansible-command: task execution UNREACHABLE; host: %s; message: %s', self.hostname, host, self._dump_results(res))
 
-    def runner_on_async_failed(self, host, res, jid):
+    def v2_runner_on_async_failed(self, result):
+        res = result._result
+        host = result._host.get_name()
+        jid = result._result.get('ansible_job_id')
         self.logger.error('%s ansible-command: task execution FAILED; host: %s; message: %s', self.hostname, host, self._dump_results(res))
 
-    def playbook_on_import_for_host(self, host, imported_file):
+    def v2_playbook_on_import_for_host(self, result, imported_file):
+        host = result._host.get_name()
         self.logger.info('%s ansible-command: playbook IMPORTED; host: %s; message: imported file %s', self.hostname, host, imported_file)
 
-    def playbook_on_not_import_for_host(self, host, missing_file):
+    def v2_playbook_on_not_import_for_host(self, result, missing_file):
+        host = result._host.get_name()
         self.logger.info('%s ansible-command: playbook NOT IMPORTED; host: %s; message: missing file %s', self.hostname, host, missing_file)

plugins/doc_fragments/keycloak.py

@@ -61,4 +61,11 @@ options:
             - Verify TLS certificates (do not disable this in production).
         type: bool
         default: yes
+
+    connection_timeout:
+        description:
+            - Controls the HTTP connections timeout period (in seconds) to Keycloak API.
+        type: int
+        default: 10
+        version_added: 4.5.0
 '''

plugins/doc_fragments/ldap.py

@@ -38,8 +38,10 @@ options:
     version_added: 2.0.0
   server_uri:
     description:
-      - A URI to the LDAP server.
+      - The I(server_uri) parameter may be a comma- or whitespace-separated list of URIs containing only the schema, the host, and the port fields.
       - The default value lets the underlying LDAP client library look for a UNIX domain socket in its default location.
+      - Note that when using multiple URIs you cannot determine to which URI your client gets connected.
+      - For URIs containing additional fields, particularly when using commas, behavior is undefined.
     type: str
     default: ldapi:///
   start_tls:

plugins/inventory/cobbler.py

@@ -58,6 +58,7 @@ DOCUMENTATION = '''
       group_by:
         description: Keys to group hosts by
         type: list
+        elements: string
         default: [ 'mgmt_classes', 'owners', 'status' ]
       group:
         description: Group to place all hosts into

plugins/inventory/gitlab_runners.py

@@ -35,7 +35,6 @@ DOCUMENTATION = '''
                 version_added: 1.0.0
             type: str
             required: true
-            default: https://gitlab.com
         api_token:
             description: GitLab token for logging in.
             env:

plugins/inventory/linode.py

@@ -21,7 +21,18 @@ DOCUMENTATION = r'''
           Linode) and not tags.
     extends_documentation_fragment:
         - constructed
+        - inventory_cache
     options:
+        cache:
+            version_added: 4.5.0
+        cache_plugin:
+            version_added: 4.5.0
+        cache_timeout:
+            version_added: 4.5.0
+        cache_connection:
+            version_added: 4.5.0
+        cache_prefix:
+            version_added: 4.5.0
         plugin:
             description: Marks this as an instance of the 'linode' plugin.
             required: true
@@ -43,15 +54,18 @@ DOCUMENTATION = r'''
           description: Populate inventory with instances in this region.
           default: []
           type: list
+          elements: string
         tags:
           description: Populate inventory only with instances which have at least one of the tags listed here.
           default: []
           type: list
+          elements: string
           version_added: 2.0.0
         types:
           description: Populate inventory with instances with this type.
           default: []
           type: list
+          elements: string
         strict:
           version_added: 2.0.0
         compose:
@@ -110,19 +124,20 @@ import os
 
 from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.six import string_types
-from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
+from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.template import Templar
 
 
 try:
     from linode_api4 import LinodeClient
+    from linode_api4.objects.linode import Instance
     from linode_api4.errors import ApiError as LinodeApiError
     HAS_LINODE = True
 except ImportError:
     HAS_LINODE = False
 
 
-class InventoryModule(BaseInventoryPlugin, Constructable):
+class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
     NAME = 'community.general.linode'
 
@@ -169,20 +184,23 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
         for linode_group in self.linode_groups:
             self.inventory.add_group(linode_group)
 
-    def _filter_by_config(self, regions, types, tags):
+    def _filter_by_config(self):
         """Filter instances by user specified configuration."""
+        regions = self.get_option('regions')
         if regions:
             self.instances = [
                 instance for instance in self.instances
                 if instance.region.id in regions
             ]
 
+        types = self.get_option('types')
         if types:
             self.instances = [
                 instance for instance in self.instances
                 if instance.type.id in types
             ]
 
+        tags = self.get_option('tags')
         if tags:
             self.instances = [
                 instance for instance in self.instances
@@ -235,76 +253,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
             )
         return data
 
-    def _validate_option(self, name, desired_type, option_value):
-        """Validate user specified configuration data against types."""
-        if isinstance(option_value, string_types) and desired_type == list:
-            option_value = [option_value]
-
-        if option_value is None:
-            option_value = desired_type()
-
-        if not isinstance(option_value, desired_type):
-            raise AnsibleParserError(
-                'The option %s (%s) must be a %s' % (
-                    name, option_value, desired_type
-                )
-            )
-
-        return option_value
-
-    def _get_query_options(self, config_data):
-        """Get user specified query options from the configuration."""
-        options = {
-            'regions': {
-                'type_to_be': list,
-                'value': config_data.get('regions', [])
-            },
-            'types': {
-                'type_to_be': list,
-                'value': config_data.get('types', [])
-            },
-            'tags': {
-                'type_to_be': list,
-                'value': config_data.get('tags', [])
-            },
-        }
-
-        for name in options:
-            options[name]['value'] = self._validate_option(
-                name,
-                options[name]['type_to_be'],
-                options[name]['value']
-            )
-
-        regions = options['regions']['value']
-        types = options['types']['value']
-        tags = options['tags']['value']
-
-        return regions, types, tags
-
-    def verify_file(self, path):
-        """Verify the Linode configuration file."""
-        if super(InventoryModule, self).verify_file(path):
-            endings = ('linode.yaml', 'linode.yml')
-            if any((path.endswith(ending) for ending in endings)):
-                return True
-        return False
-
-    def parse(self, inventory, loader, path, cache=True):
-        """Dynamically parse Linode the cloud inventory."""
-        super(InventoryModule, self).parse(inventory, loader, path)
-
-        if not HAS_LINODE:
-            raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
-
-        config_data = self._read_config_data(path)
-        self._build_client(loader)
-
-        self._get_instances_inventory()
+    def _cacheable_inventory(self):
+        return [i._raw_json for i in self.instances]
 
+    def populate(self):
         strict = self.get_option('strict')
-        regions, types, tags = self._get_query_options(config_data)
-        self._filter_by_config(regions, types, tags)
+
+        self._filter_by_config()
 
         self._add_groups()
         self._add_instances_to_groups()
@@ -326,3 +281,44 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
                 variables,
                 instance.label,
                 strict=strict)
+
+    def verify_file(self, path):
+        """Verify the Linode configuration file."""
+        if super(InventoryModule, self).verify_file(path):
+            endings = ('linode.yaml', 'linode.yml')
+            if any((path.endswith(ending) for ending in endings)):
+                return True
+        return False
+
+    def parse(self, inventory, loader, path, cache=True):
+        """Dynamically parse Linode the cloud inventory."""
+        super(InventoryModule, self).parse(inventory, loader, path)
+        self.instances = None
+
+        if not HAS_LINODE:
+            raise AnsibleError('the Linode dynamic inventory plugin requires linode_api4.')
+
+        self._read_config_data(path)
+
+        cache_key = self.get_cache_key(path)
+
+        if cache:
+            cache = self.get_option('cache')
+
+        update_cache = False
+        if cache:
+            try:
+                self.instances = [Instance(None, i["id"], i) for i in self._cache[cache_key]]
+            except KeyError:
+                update_cache = True
+
+        # Check for None rather than False in order to allow
+        # for empty sets of cached instances
+        if self.instances is None:
+            self._build_client(loader)
+            self._get_instances_inventory()
+
+        if update_cache:
+            self._cache[cache_key] = self._cacheable_inventory()
+
+        self.populate()

plugins/inventory/lxd.py

@@ -666,9 +666,13 @@ class InventoryModule(BaseInventoryPlugin):
             # add network informations
             self.build_inventory_network(instance_name)
             # add os
-            self.inventory.set_variable(instance_name, 'ansible_lxd_os', self._get_data_entry('inventory/{0}/os'.format(instance_name)).lower())
+            v = self._get_data_entry('inventory/{0}/os'.format(instance_name))
+            if v:
+                self.inventory.set_variable(instance_name, 'ansible_lxd_os', v.lower())
             # add release
-            self.inventory.set_variable(instance_name, 'ansible_lxd_release', self._get_data_entry('inventory/{0}/release'.format(instance_name)).lower())
+            v = self._get_data_entry('inventory/{0}/release'.format(instance_name))
+            if v:
+                self.inventory.set_variable(instance_name, 'ansible_lxd_release', v.lower())
             # add profile
             self.inventory.set_variable(instance_name, 'ansible_lxd_profile', self._get_data_entry('inventory/{0}/profile'.format(instance_name)))
             # add state

plugins/inventory/nmap.py

@@ -21,12 +21,18 @@ DOCUMENTATION = '''
             description: token that ensures this is a source file for the 'nmap' plugin.
             required: True
             choices: ['nmap', 'community.general.nmap']
+        sudo:
+            description: Set to C(true) to execute a C(sudo nmap) plugin scan.
+            version_added: 4.8.0
+            default: false
+            type: boolean
         address:
             description: Network IP or range of IPs to scan, you can use a simple range (10.2.2.15-25) or CIDR notation.
             required: True
         exclude:
             description: list of addresses to exclude
             type: list
+            elements: string
         ports:
             description: Enable/disable scanning for open ports
             type: boolean
@@ -48,6 +54,13 @@ EXAMPLES = '''
 plugin: community.general.nmap
 strict: False
 address: 192.168.0.0/24
+
+
+# a sudo nmap scan to fully use nmap scan power.
+plugin: community.general.nmap
+sudo: true
+strict: False
+address: 192.168.0.0/24
 '''
 
 import os
@@ -134,6 +147,10 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         if not user_cache_setting or cache_needs_update:
             # setup command
             cmd = [self._nmap]
+
+            if self._options['sudo']:
+                cmd.insert(0, 'sudo')
+
             if not self._options['ports']:
                 cmd.append('-sP')
 

plugins/inventory/online.py

@@ -28,6 +28,7 @@ DOCUMENTATION = r'''
         hostnames:
             description: List of preference about what to use as an hostname.
             type: list
+            elements: string
             default:
                 - public_ipv4
             choices:
@@ -37,6 +38,7 @@ DOCUMENTATION = r'''
         groups:
             description: List of groups.
             type: list
+            elements: string
             choices:
                 - location
                 - offer

plugins/inventory/opennebula.py

@@ -95,7 +95,7 @@ except ImportError:
 
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
-from ansible.module_utils._text import to_native
+from ansible.module_utils.common.text.converters import to_native
 
 from collections import namedtuple
 import os
@@ -206,28 +206,40 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
     def _populate(self):
         hostname_preference = self.get_option('hostname')
         group_by_labels = self.get_option('group_by_labels')
+        strict = self.get_option('strict')
 
         # Add a top group 'one'
         self.inventory.add_group(group='all')
 
         filter_by_label = self.get_option('filter_by_label')
-        for server in self._retrieve_servers(filter_by_label):
+        servers = self._retrieve_servers(filter_by_label)
+        for server in servers:
+            hostname = server['name']
             # check for labels
             if group_by_labels and server['LABELS']:
                 for label in server['LABELS']:
                     self.inventory.add_group(group=label)
-                    self.inventory.add_host(host=server['name'], group=label)
+                    self.inventory.add_host(host=hostname, group=label)
 
-            self.inventory.add_host(host=server['name'], group='all')
+            self.inventory.add_host(host=hostname, group='all')
 
             for attribute, value in server.items():
-                self.inventory.set_variable(server['name'], attribute, value)
+                self.inventory.set_variable(hostname, attribute, value)
 
             if hostname_preference != 'name':
-                self.inventory.set_variable(server['name'], 'ansible_host', server[hostname_preference])
+                self.inventory.set_variable(hostname, 'ansible_host', server[hostname_preference])
 
             if server.get('SSH_PORT'):
-                self.inventory.set_variable(server['name'], 'ansible_port', server['SSH_PORT'])
+                self.inventory.set_variable(hostname, 'ansible_port', server['SSH_PORT'])
+
+            # handle construcable implementation: get composed variables if any
+            self._set_composite_vars(self.get_option('compose'), server, hostname, strict=strict)
+
+            # groups based on jinja conditionals get added to specific groups
+            self._add_host_to_composed_groups(self.get_option('groups'), server, hostname, strict=strict)
+
+            # groups based on variables associated with them in the inventory
+            self._add_host_to_keyed_groups(self.get_option('keyed_groups'), server, hostname, strict=strict)
 
     def parse(self, inventory, loader, path, cache=True):
         if not HAS_PYONE:

plugins/inventory/proxmox.py

@@ -3,6 +3,7 @@
 # Copyright (c) 2018 Ansible Project
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import (absolute_import, division, print_function)
+
 __metaclass__ = type
 
 DOCUMENTATION = '''
@@ -31,6 +32,7 @@ DOCUMENTATION = '''
         description:
           - URL to Proxmox cluster.
           - If the value is not specified in the inventory configuration, the value of environment variable C(PROXMOX_URL) will be used instead.
+          - Since community.general 4.7.0 you can also use templating to specify the value of the I(url).
         default: 'http://localhost:8006'
         type: str
         env:
@@ -40,6 +42,7 @@ DOCUMENTATION = '''
         description:
           - Proxmox authentication user.
           - If the value is not specified in the inventory configuration, the value of environment variable C(PROXMOX_USER) will be used instead.
+          - Since community.general 4.7.0 you can also use templating to specify the value of the I(user).
         required: yes
         type: str
         env:
@@ -49,11 +52,33 @@ DOCUMENTATION = '''
         description:
           - Proxmox authentication password.
           - If the value is not specified in the inventory configuration, the value of environment variable C(PROXMOX_PASSWORD) will be used instead.
-        required: yes
+          - Since community.general 4.7.0 you can also use templating to specify the value of the I(password).
+          - If you do not specify a password, you must set I(token_id) and I(token_secret) instead.
         type: str
         env:
           - name: PROXMOX_PASSWORD
             version_added: 2.0.0
+      token_id:
+        description:
+          - Proxmox authentication token ID.
+          - If the value is not specified in the inventory configuration, the value of environment variable C(PROXMOX_TOKEN_ID) will be used instead.
+          - To use token authentication, you must also specify I(token_secret). If you do not specify I(token_id) and I(token_secret),
+            you must set a password instead.
+          - Make sure to grant explicit pve permissions to the token or disable 'privilege separation' to use the users' privileges instead.
+        version_added: 4.8.0
+        type: str
+        env:
+          - name: PROXMOX_TOKEN_ID
+      token_secret:
+        description:
+          - Proxmox authentication token secret.
+          - If the value is not specified in the inventory configuration, the value of environment variable C(PROXMOX_TOKEN_SECRET) will be used instead.
+          - To use token authentication, you must also specify I(token_id). If you do not specify I(token_id) and I(token_secret),
+            you must set a password instead.
+        version_added: 4.8.0
+        type: str
+        env:
+          - name: PROXMOX_TOKEN_SECRET
       validate_certs:
         description: Verify SSL certificate if using HTTPS.
         type: boolean
@@ -75,8 +100,16 @@ DOCUMENTATION = '''
         description:
           - Whether to set C(ansbile_host) for proxmox nodes.
           - When set to C(true) (default), will use the first available interface. This can be different from what you expect.
-        default: true
+          - This currently defaults to C(true), but the default is deprecated since community.general 4.8.0.
+            The default will change to C(false) in community.general 6.0.0. To avoid a deprecation warning, please
+            set this parameter explicitly.
         type: bool
+      filters:
+        version_added: 4.6.0
+        description: A list of Jinja templates that allow filtering hosts.
+        type: list
+        elements: str
+        default: []
       strict:
         version_added: 2.5.0
       compose:
@@ -94,6 +127,25 @@ EXAMPLES = '''
 plugin: community.general.proxmox
 user: ansible@pve
 password: secure
+# Note that this can easily give you wrong values as ansible_host. See further below for
+# an example where this is set to `false` and where ansible_host is set with `compose`.
+want_proxmox_nodes_ansible_host: true
+
+# Instead of login with password, proxmox supports api token authentication since release 6.2.
+plugin: community.general.proxmox
+user: ci@pve
+token_id: gitlab-1
+token_secret: fa256e9c-26ab-41ec-82da-707a2c079829
+
+# The secret can also be a vault string or passed via the environment variable TOKEN_SECRET.
+token_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62353634333163633336343265623632626339313032653563653165313262343931643431656138
+          6134333736323265656466646539663134306166666237630a653363623262636663333762316136
+          34616361326263383766366663393837626437316462313332663736623066656237386531663731
+          3037646432383064630a663165303564623338666131353366373630656661333437393937343331
+          32643131386134396336623736393634373936356332623632306561356361323737313663633633
+          6231313333666361656537343562333337323030623732323833
 
 # More complete example demonstrating the use of 'want_facts' and the constructed options
 # Note that using facts returned by 'want_facts' in constructed options requires 'want_facts=true'
@@ -114,15 +166,51 @@ groups:
   mailservers: "'mail' in (proxmox_tags_parsed|list)"
 compose:
   ansible_port: 2222
+# Note that this can easily give you wrong values as ansible_host. See further below for
+# an example where this is set to `false` and where ansible_host is set with `compose`.
+want_proxmox_nodes_ansible_host: true
+
+# Using the inventory to allow ansible to connect via the first IP address of the VM / Container
+# (Default is connection by name of QEMU/LXC guests)
+# Note: my_inv_var demonstrates how to add a string variable to every host used by the inventory.
+# my.proxmox.yml
+plugin: community.general.proxmox
+url: http://pve.domain.com:8006
+user: ansible@pve
+password: secure
+validate_certs: false
+want_facts: true
+want_proxmox_nodes_ansible_host: false
+compose:
+  ansible_host: proxmox_ipconfig0.ip | default(proxmox_net0.ip) | ipaddr('address')
+  my_inv_var_1: "'my_var1_value'"
+  my_inv_var_2: >
+    "my_var_2_value"
+
+# Specify the url, user and password using templating
+# my.proxmox.yml
+plugin: community.general.proxmox
+url: "{{ lookup('ansible.builtin.ini', 'url', section='proxmox', file='file.ini') }}"
+user: "{{ lookup('ansible.builtin.env','PM_USER') | default('ansible@pve') }}"
+password: "{{ lookup('community.general.random_string', base64=True) }}"
+# Note that this can easily give you wrong values as ansible_host. See further up for
+# an example where this is set to `false` and where ansible_host is set with `compose`.
+want_proxmox_nodes_ansible_host: true
+
 '''
 
+import itertools
 import re
 
 from ansible.module_utils.common._collections_compat import MutableMapping
 
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
+from ansible.module_utils.common.text.converters import to_native
+from ansible.module_utils.six import string_types
 from ansible.module_utils.six.moves.urllib.parse import urlencode
+from ansible.utils.display import Display
+from ansible.template import Templar
 
 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
@@ -135,6 +223,8 @@ try:
 except ImportError:
     HAS_REQUESTS = False
 
+display = Display()
+
 
 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
     ''' Host inventory parser for ansible using Proxmox as source. '''
@@ -171,15 +261,24 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
     def _get_auth(self):
         credentials = urlencode({'username': self.proxmox_user, 'password': self.proxmox_password, })
 
-        a = self._get_session()
-        ret = a.post('%s/api2/json/access/ticket' % self.proxmox_url, data=credentials)
+        if self.proxmox_password:
 
-        json = ret.json()
+            credentials = urlencode({'username': self.proxmox_user, 'password': self.proxmox_password, })
 
-        self.credentials = {
-            'ticket': json['data']['ticket'],
-            'CSRFPreventionToken': json['data']['CSRFPreventionToken'],
-        }
+            a = self._get_session()
+            ret = a.post('%s/api2/json/access/ticket' % self.proxmox_url, data=credentials)
+
+            json = ret.json()
+
+            self.headers = {
+                # only required for POST/PUT/DELETE methods, which we are not using currently
+                # 'CSRFPreventionToken': json['data']['CSRFPreventionToken'],
+                'Cookie': 'PVEAuthCookie={0}'.format(json['data']['ticket'])
+            }
+
+        else:
+
+            self.headers = {'Authorization': 'PVEAPIToken={0}!{1}={2}'.format(self.proxmox_user, self.proxmox_token_id, self.proxmox_token_secret)}
 
     def _get_json(self, url, ignore_errors=None):
 
@@ -191,8 +290,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             data = []
             s = self._get_session()
             while True:
-                headers = {'Cookie': 'PVEAuthCookie={0}'.format(self.credentials['ticket'])}
-                ret = s.get(url, headers=headers)
+                ret = s.get(url, headers=self.headers)
                 if ignore_errors and ret.status_code in ignore_errors:
                     break
                 ret.raise_for_status()
@@ -275,28 +373,19 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
         return result
 
-    def _get_vm_config(self, node, vmid, vmtype, name):
+    def _get_vm_config(self, properties, node, vmid, vmtype, name):
         ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/config" % (self.proxmox_url, node, vmtype, vmid))
 
-        node_key = 'node'
-        node_key = self.to_safe('%s%s' % (self.get_option('facts_prefix'), node_key.lower()))
-        self.inventory.set_variable(name, node_key, node)
-
-        vmid_key = 'vmid'
-        vmid_key = self.to_safe('%s%s' % (self.get_option('facts_prefix'), vmid_key.lower()))
-        self.inventory.set_variable(name, vmid_key, vmid)
-
-        vmtype_key = 'vmtype'
-        vmtype_key = self.to_safe('%s%s' % (self.get_option('facts_prefix'), vmtype_key.lower()))
-        self.inventory.set_variable(name, vmtype_key, vmtype)
+        properties[self._fact('node')] = node
+        properties[self._fact('vmid')] = vmid
+        properties[self._fact('vmtype')] = vmtype
 
         plaintext_configs = [
-            'tags',
+            'description',
         ]
 
         for config in ret:
-            key = config
-            key = self.to_safe('%s%s' % (self.get_option('facts_prefix'), key.lower()))
+            key = self._fact(config)
             value = ret[config]
             try:
                 # fixup disk images as they have no key
@@ -305,46 +394,48 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
                 # Additional field containing parsed tags as list
                 if config == 'tags':
-                    parsed_key = self.to_safe('%s%s' % (key, "_parsed"))
-                    parsed_value = [tag.strip() for tag in value.split(",")]
-                    self.inventory.set_variable(name, parsed_key, parsed_value)
+                    stripped_value = value.strip()
+                    if stripped_value:
+                        parsed_key = key + "_parsed"
+                        properties[parsed_key] = [tag.strip() for tag in stripped_value.split(",")]
 
                 # The first field in the agent string tells you whether the agent is enabled
                 # the rest of the comma separated string is extra config for the agent
                 if config == 'agent' and int(value.split(',')[0]):
-                    agent_iface_key = self.to_safe('%s%s' % (key, "_interfaces"))
                     agent_iface_value = self._get_agent_network_interfaces(node, vmid, vmtype)
                     if agent_iface_value:
-                        self.inventory.set_variable(name, agent_iface_key, agent_iface_value)
+                        agent_iface_key = self.to_safe('%s%s' % (key, "_interfaces"))
+                        properties[agent_iface_key] = agent_iface_value
 
-                if not (isinstance(value, int) or ',' not in value):
+                if config == 'lxc':
+                    out_val = {}
+                    for k, v in value:
+                        if k.startswith('lxc.'):
+                            k = k[len('lxc.'):]
+                        out_val[k] = v
+                    value = out_val
+
+                if config not in plaintext_configs and isinstance(value, string_types) \
+                        and all("=" in v for v in value.split(",")):
                     # split off strings with commas to a dict
                     # skip over any keys that cannot be processed
                     try:
-                        value = dict(key.split("=") for key in value.split(","))
+                        value = dict(key.split("=", 1) for key in value.split(","))
                     except Exception:
                         continue
 
-                self.inventory.set_variable(name, key, value)
+                properties[key] = value
             except NameError:
                 return None
 
-    def _get_vm_status(self, node, vmid, vmtype, name):
+    def _get_vm_status(self, properties, node, vmid, vmtype, name):
         ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/status/current" % (self.proxmox_url, node, vmtype, vmid))
+        properties[self._fact('status')] = ret['status']
 
-        status = ret['status']
-        status_key = 'status'
-        status_key = self.to_safe('%s%s' % (self.get_option('facts_prefix'), status_key.lower()))
-        self.inventory.set_variable(name, status_key, status)
-
-    def _get_vm_snapshots(self, node, vmid, vmtype, name):
+    def _get_vm_snapshots(self, properties, node, vmid, vmtype, name):
         ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/snapshot" % (self.proxmox_url, node, vmtype, vmid))
-
-        snapshots_key = 'snapshots'
-        snapshots_key = self.to_safe('%s%s' % (self.get_option('facts_prefix'), snapshots_key.lower()))
-
         snapshots = [snapshot['name'] for snapshot in ret if snapshot['name'] != 'current']
-        self.inventory.set_variable(name, snapshots_key, snapshots)
+        properties[self._fact('snapshots')] = snapshots
 
     def to_safe(self, word):
         '''Converts 'bad' characters in a string to underscores so they can be used as Ansible groups
@@ -354,109 +445,140 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         regex = r"[^A-Za-z0-9\_]"
         return re.sub(regex, "_", word.replace(" ", ""))
 
-    def _apply_constructable(self, name, variables):
-        strict = self.get_option('strict')
-        self._add_host_to_composed_groups(self.get_option('groups'), variables, name, strict=strict)
-        self._add_host_to_keyed_groups(self.get_option('keyed_groups'), variables, name, strict=strict)
-        self._set_composite_vars(self.get_option('compose'), variables, name, strict=strict)
+    def _fact(self, name):
+        '''Generate a fact's full name from the common prefix and a name.'''
+        return self.to_safe('%s%s' % (self.facts_prefix, name.lower()))
+
+    def _group(self, name):
+        '''Generate a group's full name from the common prefix and a name.'''
+        return self.to_safe('%s%s' % (self.group_prefix, name.lower()))
+
+    def _can_add_host(self, name, properties):
+        '''Ensure that a host satisfies all defined hosts filters. If strict mode is
+        enabled, any error during host filter compositing will lead to an AnsibleError
+        being raised, otherwise the filter will be ignored.
+        '''
+        for host_filter in self.host_filters:
+            try:
+                if not self._compose(host_filter, properties):
+                    return False
+            except Exception as e:  # pylint: disable=broad-except
+                message = "Could not evaluate host filter %s for host %s - %s" % (host_filter, name, to_native(e))
+                if self.strict:
+                    raise AnsibleError(message)
+                display.warning(message)
+        return True
+
+    def _add_host(self, name, variables):
+        self.inventory.add_host(name)
+        for k, v in variables.items():
+            self.inventory.set_variable(name, k, v)
+        variables = self.inventory.get_host(name).get_vars()
+        self._set_composite_vars(self.get_option('compose'), variables, name, strict=self.strict)
+        self._add_host_to_composed_groups(self.get_option('groups'), variables, name, strict=self.strict)
+        self._add_host_to_keyed_groups(self.get_option('keyed_groups'), variables, name, strict=self.strict)
+
+    def _handle_item(self, node, ittype, item):
+        '''Handle an item from the list of LXC containers and Qemu VM. The
+        return value will be either None if the item was skipped or the name of
+        the item if it was added to the inventory.'''
+        if item.get('template'):
+            return None
+
+        properties = dict()
+        name, vmid = item['name'], item['vmid']
+
+        # get status, config and snapshots if want_facts == True
+        if self.get_option('want_facts'):
+            self._get_vm_status(properties, node, vmid, ittype, name)
+            self._get_vm_config(properties, node, vmid, ittype, name)
+            self._get_vm_snapshots(properties, node, vmid, ittype, name)
+
+        # ensure the host satisfies filters
+        if not self._can_add_host(name, properties):
+            return None
+
+        # add the host to the inventory
+        self._add_host(name, properties)
+        node_type_group = self._group('%s_%s' % (node, ittype))
+        self.inventory.add_child(self._group('all_' + ittype), name)
+        self.inventory.add_child(node_type_group, name)
+        if item['status'] == 'stopped':
+            self.inventory.add_child(self._group('all_stopped'), name)
+        elif item['status'] == 'running':
+            self.inventory.add_child(self._group('all_running'), name)
+
+        return name
+
+    def _populate_pool_groups(self, added_hosts):
+        '''Generate groups from Proxmox resource pools, ignoring VMs and
+        containers that were skipped.'''
+        for pool in self._get_pools():
+            poolid = pool.get('poolid')
+            if not poolid:
+                continue
+            pool_group = self._group('pool_' + poolid)
+            self.inventory.add_group(pool_group)
+
+            for member in self._get_members_per_pool(poolid):
+                name = member.get('name')
+                if name and name in added_hosts:
+                    self.inventory.add_child(pool_group, name)
 
     def _populate(self):
 
-        self._get_auth()
+        # create common groups
+        self.inventory.add_group(self._group('all_lxc'))
+        self.inventory.add_group(self._group('all_qemu'))
+        self.inventory.add_group(self._group('all_running'))
+        self.inventory.add_group(self._group('all_stopped'))
+        nodes_group = self._group('nodes')
+        self.inventory.add_group(nodes_group)
+
+        want_proxmox_nodes_ansible_host = self.get_option("want_proxmox_nodes_ansible_host")
+        if want_proxmox_nodes_ansible_host is None:
+            display.deprecated(
+                'The want_proxmox_nodes_ansible_host option of the community.general.proxmox inventory plugin'
+                ' currently defaults to `true`, but this default has been deprecated and will change to `false`'
+                ' in community.general 6.0.0. To keep the current behavior and remove this deprecation warning,'
+                ' explicitly set `want_proxmox_nodes_ansible_host` to `true` in your inventory configuration',
+                version='6.0.0', collection_name='community.general')
+            want_proxmox_nodes_ansible_host = True
 
         # gather vm's on nodes
+        self._get_auth()
+        hosts = []
         for node in self._get_nodes():
-            # FIXME: this can probably be cleaner
-            # create groups
-            lxc_group = 'all_lxc'
-            lxc_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), lxc_group.lower()))
-            self.inventory.add_group(lxc_group)
-            qemu_group = 'all_qemu'
-            qemu_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), qemu_group.lower()))
-            self.inventory.add_group(qemu_group)
-            nodes_group = 'nodes'
-            nodes_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), nodes_group.lower()))
-            self.inventory.add_group(nodes_group)
-            running_group = 'all_running'
-            running_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), running_group.lower()))
-            self.inventory.add_group(running_group)
-            stopped_group = 'all_stopped'
-            stopped_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), stopped_group.lower()))
-            self.inventory.add_group(stopped_group)
+            if not node.get('node'):
+                continue
 
-            if node.get('node'):
-                self.inventory.add_host(node['node'])
+            self.inventory.add_host(node['node'])
+            if node['type'] == 'node':
+                self.inventory.add_child(nodes_group, node['node'])
 
-                if node['type'] == 'node':
-                    self.inventory.add_child(nodes_group, node['node'])
+            if node['status'] == 'offline':
+                continue
 
-                if node['status'] == 'offline':
-                    continue
+            # get node IP address
+            if want_proxmox_nodes_ansible_host:
+                ip = self._get_node_ip(node['node'])
+                self.inventory.set_variable(node['node'], 'ansible_host', ip)
 
-                # get node IP address
-                if self.get_option("want_proxmox_nodes_ansible_host"):
-                    ip = self._get_node_ip(node['node'])
-                    self.inventory.set_variable(node['node'], 'ansible_host', ip)
+            # add LXC/Qemu groups for the node
+            for ittype in ('lxc', 'qemu'):
+                node_type_group = self._group('%s_%s' % (node['node'], ittype))
+                self.inventory.add_group(node_type_group)
 
-                # get LXC containers for this node
-                node_lxc_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), ('%s_lxc' % node['node']).lower()))
-                self.inventory.add_group(node_lxc_group)
-                for lxc in self._get_lxc_per_node(node['node']):
-                    self.inventory.add_host(lxc['name'])
-                    self.inventory.add_child(lxc_group, lxc['name'])
-                    self.inventory.add_child(node_lxc_group, lxc['name'])
-
-                    # get LXC status when want_facts == True
-                    if self.get_option('want_facts'):
-                        self._get_vm_status(node['node'], lxc['vmid'], 'lxc', lxc['name'])
-                        if lxc['status'] == 'stopped':
-                            self.inventory.add_child(stopped_group, lxc['name'])
-                        elif lxc['status'] == 'running':
-                            self.inventory.add_child(running_group, lxc['name'])
-
-                    # get LXC config and snapshots for facts
-                    if self.get_option('want_facts'):
-                        self._get_vm_config(node['node'], lxc['vmid'], 'lxc', lxc['name'])
-                        self._get_vm_snapshots(node['node'], lxc['vmid'], 'lxc', lxc['name'])
-
-                    self._apply_constructable(lxc["name"], self.inventory.get_host(lxc['name']).get_vars())
-
-                # get QEMU vm's for this node
-                node_qemu_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), ('%s_qemu' % node['node']).lower()))
-                self.inventory.add_group(node_qemu_group)
-                for qemu in self._get_qemu_per_node(node['node']):
-                    if qemu.get('template'):
-                        continue
-
-                    self.inventory.add_host(qemu['name'])
-                    self.inventory.add_child(qemu_group, qemu['name'])
-                    self.inventory.add_child(node_qemu_group, qemu['name'])
-
-                    # get QEMU status
-                    self._get_vm_status(node['node'], qemu['vmid'], 'qemu', qemu['name'])
-                    if qemu['status'] == 'stopped':
-                        self.inventory.add_child(stopped_group, qemu['name'])
-                    elif qemu['status'] == 'running':
-                        self.inventory.add_child(running_group, qemu['name'])
-
-                    # get QEMU config and snapshots for facts
-                    if self.get_option('want_facts'):
-                        self._get_vm_config(node['node'], qemu['vmid'], 'qemu', qemu['name'])
-                        self._get_vm_snapshots(node['node'], qemu['vmid'], 'qemu', qemu['name'])
-
-                    self._apply_constructable(qemu["name"], self.inventory.get_host(qemu['name']).get_vars())
+            # get LXC containers and Qemu VMs for this node
+            lxc_objects = zip(itertools.repeat('lxc'), self._get_lxc_per_node(node['node']))
+            qemu_objects = zip(itertools.repeat('qemu'), self._get_qemu_per_node(node['node']))
+            for ittype, item in itertools.chain(lxc_objects, qemu_objects):
+                name = self._handle_item(node['node'], ittype, item)
+                if name is not None:
+                    hosts.append(name)
 
         # gather vm's in pools
-        for pool in self._get_pools():
-            if pool.get('poolid'):
-                pool_group = 'pool_' + pool['poolid']
-                pool_group = self.to_safe('%s%s' % (self.get_option('group_prefix'), pool_group.lower()))
-                self.inventory.add_group(pool_group)
-
-                for member in self._get_members_per_pool(pool['poolid']):
-                    if member.get('name'):
-                        if not member.get('template'):
-                            self.inventory.add_child(pool_group, member['name'])
+        self._populate_pool_groups(hosts)
 
     def parse(self, inventory, loader, path, cache=True):
         if not HAS_REQUESTS:
@@ -468,12 +590,43 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         # read config from file, this sets 'options'
         self._read_config_data(path)
 
-        # get connection host
-        self.proxmox_url = self.get_option('url').rstrip('/')
-        self.proxmox_user = self.get_option('user')
-        self.proxmox_password = self.get_option('password')
+        t = Templar(loader=loader)
+
+        # read options
+        proxmox_url = self.get_option('url')
+        if t.is_template(proxmox_url):
+            proxmox_url = t.template(variable=proxmox_url, disable_lookups=False)
+        self.proxmox_url = proxmox_url.rstrip('/')
+
+        proxmox_user = self.get_option('user')
+        if t.is_template(proxmox_user):
+            proxmox_user = t.template(variable=proxmox_user, disable_lookups=False)
+        self.proxmox_user = proxmox_user
+
+        proxmox_password = self.get_option('password')
+        if t.is_template(proxmox_password):
+            proxmox_password = t.template(variable=proxmox_password, disable_lookups=False)
+        self.proxmox_password = proxmox_password
+
+        proxmox_token_id = self.get_option('token_id')
+        if t.is_template(proxmox_token_id):
+            proxmox_token_id = t.template(variable=proxmox_token_id, disable_lookups=False)
+        self.proxmox_token_id = proxmox_token_id
+
+        proxmox_token_secret = self.get_option('token_secret')
+        if t.is_template(proxmox_token_secret):
+            proxmox_token_secret = t.template(variable=proxmox_token_secret, disable_lookups=False)
+        self.proxmox_token_secret = proxmox_token_secret
+
+        if proxmox_password is None and (proxmox_token_id is None or proxmox_token_secret is None):
+            raise AnsibleError('You must specify either a password or both token_id and token_secret.')
+
         self.cache_key = self.get_cache_key(path)
         self.use_cache = cache and self.get_option('cache')
+        self.host_filters = self.get_option('filters')
+        self.group_prefix = self.get_option('group_prefix')
+        self.facts_prefix = self.get_option('facts_prefix')
+        self.strict = self.get_option('strict')
 
         # actually populate inventory
         self._populate()

plugins/inventory/scaleway.py

@@ -23,6 +23,7 @@ DOCUMENTATION = r'''
         regions:
             description: Filter results on a specific Scaleway region.
             type: list
+            elements: string
             default:
                 - ams1
                 - par1
@@ -31,6 +32,7 @@ DOCUMENTATION = r'''
         tags:
             description: Filter results on a specific tag.
             type: list
+            elements: string
         scw_profile:
             description:
             - The config profile to use in config file.
@@ -51,6 +53,7 @@ DOCUMENTATION = r'''
         hostnames:
             description: List of preference about what to use as an hostname.
             type: list
+            elements: string
             default:
                 - public_ipv4
             choices:

plugins/lookup/consul_kv.py

@@ -20,6 +20,7 @@ DOCUMENTATION = '''
       _raw:
         description: List of key(s) to retrieve.
         type: list
+        elements: string
       recurse:
         type: boolean
         description: If true, will retrieve all the values that have the given key as prefix.

plugins/lookup/credstash.py

@@ -17,11 +17,11 @@ DOCUMENTATION = '''
       _terms:
         description: term or list of terms to lookup in the credit store
         type: list
-        required: True
+        elements: string
+        required: true
       table:
         description: name of the credstash table to query
         default: 'credential-store'
-        required: True
       version:
         description: Credstash version
       region:

plugins/lookup/dnstxt.py

@@ -18,6 +18,7 @@ DOCUMENTATION = '''
         description: domain or list of domains to query TXT records from
         required: True
         type: list
+        elements: string
 '''
 
 EXAMPLES = """

plugins/lookup/dsv.py

@@ -105,11 +105,15 @@ display = Display()
 class LookupModule(LookupBase):
     @staticmethod
     def Client(vault_parameters):
-        return SecretsVault(**vault_parameters)
+        try:
+            vault = SecretsVault(**vault_parameters)
+            return vault
+        except TypeError:
+            raise AnsibleError("python-dsv-sdk==0.0.1 must be installed to use this plugin")
 
     def run(self, terms, variables, **kwargs):
         if sdk_is_missing:
-            raise AnsibleError("python-dsv-sdk must be installed to use this plugin")
+            raise AnsibleError("python-dsv-sdk==0.0.1 must be installed to use this plugin")
 
         self.set_options(var_options=variables, direct=kwargs)
 

plugins/lookup/passwordstore.py

@@ -14,6 +14,8 @@ DOCUMENTATION = '''
     description:
       - Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility.
         It also retrieves YAML style keys stored as multilines in the passwordfile.
+      - To avoid problems when accessing multiple secrets at once, add C(auto-expand-secmem) to
+        C(~/.gnupg/gpg-agent.conf). Where this is not possible, consider using I(lock=readwrite) instead.
     options:
       _terms:
         description: query key.
@@ -77,54 +79,89 @@ DOCUMENTATION = '''
           - warn
           - empty
           - create
+      lock:
+        description:
+          - How to synchronize operations.
+          - The default of C(write) only synchronizes write operations.
+          - C(readwrite) synchronizes all operations (including read). This makes sure that gpg-agent is never called in parallel.
+          - C(none) does not do any synchronization.
+        ini:
+          - section: passwordstore_lookup
+            key: lock
+        type: str
+        default: write
+        choices:
+          - readwrite
+          - write
+          - none
+        version_added: 4.5.0
+      locktimeout:
+        description:
+          - Lock timeout applied when I(lock) is not C(none).
+          - Time with a unit suffix, C(s), C(m), C(h) for seconds, minutes, and hours, respectively. For example, C(900s) equals C(15m).
+          - Correlates with C(pinentry-timeout) in C(~/.gnupg/gpg-agent.conf), see C(man gpg-agent) for details.
+        ini:
+          - section: passwordstore_lookup
+            key: locktimeout
+        type: str
+        default: 15m
+        version_added: 4.5.0
 '''
 EXAMPLES = """
-# Debug is used for examples, BAD IDEA to show passwords on screen
-- name: Basic lookup. Fails if example/test doesn't exist
-  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.passwordstore', 'example/test')}}"
+ansible.cfg: |
+  [passwordstore_lookup]
+  lock=readwrite
+  locktimeout=45s
 
-- name: Basic lookup. Warns if example/test does not exist and returns empty string
-  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.passwordstore', 'example/test missing=warn')}}"
+playbook.yml: |
+  ---
 
-- name: Create pass with random 16 character password. If password exists just give the password
-  ansible.builtin.debug:
-    var: mypassword
-  vars:
-    mypassword: "{{ lookup('community.general.passwordstore', 'example/test create=true')}}"
+  # Debug is used for examples, BAD IDEA to show passwords on screen
+  - name: Basic lookup. Fails if example/test does not exist
+    ansible.builtin.debug:
+      msg: "{{ lookup('community.general.passwordstore', 'example/test')}}"
 
-- name: Create pass with random 16 character password. If password exists just give the password
-  ansible.builtin.debug:
-    var: mypassword
-  vars:
-    mypassword: "{{ lookup('community.general.passwordstore', 'example/test missing=create')}}"
+  - name: Basic lookup. Warns if example/test does not exist and returns empty string
+    ansible.builtin.debug:
+      msg: "{{ lookup('community.general.passwordstore', 'example/test missing=warn')}}"
 
-- name: Prints 'abc' if example/test does not exist, just give the password otherwise
-  ansible.builtin.debug:
-    var: mypassword
-  vars:
-    mypassword: "{{ lookup('community.general.passwordstore', 'example/test missing=empty') | default('abc', true) }}"
+  - name: Create pass with random 16 character password. If password exists just give the password
+    ansible.builtin.debug:
+      var: mypassword
+    vars:
+      mypassword: "{{ lookup('community.general.passwordstore', 'example/test create=true')}}"
 
-- name: Different size password
-  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.passwordstore', 'example/test create=true length=42')}}"
+  - name: Create pass with random 16 character password. If password exists just give the password
+    ansible.builtin.debug:
+      var: mypassword
+    vars:
+      mypassword: "{{ lookup('community.general.passwordstore', 'example/test missing=create')}}"
 
-- name: Create password and overwrite the password if it exists. As a bonus, this module includes the old password inside the pass file
-  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.passwordstore', 'example/test create=true overwrite=true')}}"
+  - name: Prints 'abc' if example/test does not exist, just give the password otherwise
+    ansible.builtin.debug:
+      var: mypassword
+    vars:
+      mypassword: "{{ lookup('community.general.passwordstore', 'example/test missing=empty') | default('abc', true) }}"
 
-- name: Create an alphanumeric password
-  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.passwordstore', 'example/test create=true nosymbols=true') }}"
+  - name: Different size password
+    ansible.builtin.debug:
+      msg: "{{ lookup('community.general.passwordstore', 'example/test create=true length=42')}}"
 
-- name: Return the value for user in the KV pair user, username
-  ansible.builtin.debug:
-    msg: "{{ lookup('community.general.passwordstore', 'example/test subkey=user')}}"
+  - name: Create password and overwrite the password if it exists. As a bonus, this module includes the old password inside the pass file
+    ansible.builtin.debug:
+      msg: "{{ lookup('community.general.passwordstore', 'example/test create=true overwrite=true')}}"
 
-- name: Return the entire password file content
-  ansible.builtin.set_fact:
-    passfilecontent: "{{ lookup('community.general.passwordstore', 'example/test returnall=true')}}"
+  - name: Create an alphanumeric password
+    ansible.builtin.debug:
+      msg: "{{ lookup('community.general.passwordstore', 'example/test create=true nosymbols=true') }}"
+
+  - name: Return the value for user in the KV pair user, username
+    ansible.builtin.debug:
+      msg: "{{ lookup('community.general.passwordstore', 'example/test subkey=user')}}"
+
+  - name: Return the entire password file content
+    ansible.builtin.set_fact:
+      passfilecontent: "{{ lookup('community.general.passwordstore', 'example/test returnall=true')}}"
 """
 
 RETURN = """
@@ -135,13 +172,15 @@ _raw:
   elements: str
 """
 
+from contextlib import contextmanager
 import os
+import re
 import subprocess
 import time
 import yaml
 
-
 from ansible.errors import AnsibleError, AnsibleAssertionError
+from ansible.module_utils.common.file import FileLock
 from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text
 from ansible.module_utils.parsing.convert_bool import boolean
 from ansible.utils.display import Display
@@ -154,6 +193,7 @@ display = Display()
 
 # backhacked check_output with input for python 2.7
 # http://stackoverflow.com/questions/10103551/passing-data-to-subprocess-check-output
+# note: contains special logic for calling 'pass', so not a drop-in replacement for check_output
 def check_output2(*popenargs, **kwargs):
     if 'stdout' in kwargs:
         raise ValueError('stdout argument not allowed, it will be overridden.')
@@ -175,9 +215,10 @@ def check_output2(*popenargs, **kwargs):
         process.wait()
         raise
     retcode = process.poll()
-    if retcode != 0 or \
-            b'encryption failed: Unusable public key' in b_out or \
-            b'encryption failed: Unusable public key' in b_err:
+    if retcode == 0 and (b'encryption failed: Unusable public key' in b_out or
+                         b'encryption failed: Unusable public key' in b_err):
+        retcode = 78  # os.EX_CONFIG
+    if retcode != 0:
         cmd = kwargs.get("args")
         if cmd is None:
             cmd = popenargs[0]
@@ -227,13 +268,13 @@ class LookupModule(LookupBase):
 
             # Collect pass environment variables from the plugin's parameters.
             self.env = os.environ.copy()
+            self.env['LANGUAGE'] = 'C'  # make sure to get errors in English as required by check_output2
 
-            # Set PASSWORD_STORE_DIR if directory is set
-            if self.paramvals['directory']:
-                if os.path.isdir(self.paramvals['directory']):
-                    self.env['PASSWORD_STORE_DIR'] = self.paramvals['directory']
-                else:
-                    raise AnsibleError('Passwordstore directory \'{0}\' does not exist'.format(self.paramvals['directory']))
+            # Set PASSWORD_STORE_DIR
+            if os.path.isdir(self.paramvals['directory']):
+                self.env['PASSWORD_STORE_DIR'] = self.paramvals['directory']
+            else:
+                raise AnsibleError('Passwordstore directory \'{0}\' does not exist'.format(self.paramvals['directory']))
 
             # Set PASSWORD_STORE_UMASK if umask is set
             if 'umask' in self.paramvals:
@@ -261,19 +302,20 @@ class LookupModule(LookupBase):
                     if ':' in line:
                         name, value = line.split(':', 1)
                         self.passdict[name.strip()] = value.strip()
+            if os.path.isfile(os.path.join(self.paramvals['directory'], self.passname + ".gpg")):
+                # Only accept password as found, if there a .gpg file for it (might be a tree node otherwise)
+                return True
         except (subprocess.CalledProcessError) as e:
-            if e.returncode != 0 and 'not in the password store' in e.output:
-                # if pass returns 1 and return string contains 'is not in the password store.'
-                # We need to determine if this is valid or Error.
-                if self.paramvals['missing'] == 'error':
-                    raise AnsibleError('passwordstore: passname {0} not found and missing=error is set'.format(self.passname))
-                else:
-                    if self.paramvals['missing'] == 'warn':
-                        display.warning('passwordstore: passname {0} not found'.format(self.passname))
-                    return False
-            else:
+            # 'not in password store' is the expected error if a password wasn't found
+            if 'not in the password store' not in e.output:
                 raise AnsibleError(e)
-        return True
+
+        if self.paramvals['missing'] == 'error':
+            raise AnsibleError('passwordstore: passname {0} not found and missing=error is set'.format(self.passname))
+        elif self.paramvals['missing'] == 'warn':
+            display.warning('passwordstore: passname {0} not found'.format(self.passname))
+
+        return False
 
     def get_newpass(self):
         if self.paramvals['nosymbols']:
@@ -325,11 +367,30 @@ class LookupModule(LookupBase):
             else:
                 return None
 
-    def run(self, terms, variables, **kwargs):
-        result = []
+    @contextmanager
+    def opt_lock(self, type):
+        if self.get_option('lock') == type:
+            tmpdir = os.environ.get('TMPDIR', '/tmp')
+            lockfile = os.path.join(tmpdir, '.passwordstore.lock')
+            with FileLock().lock_file(lockfile, tmpdir, self.lock_timeout):
+                self.locked = type
+                yield
+            self.locked = None
+        else:
+            yield
+
+    def setup(self, variables):
+        self.locked = None
+        timeout = self.get_option('locktimeout')
+        if not re.match('^[0-9]+[smh]$', timeout):
+            raise AnsibleError("{0} is not a correct value for locktimeout".format(timeout))
+        unit_to_seconds = {"s": 1, "m": 60, "h": 3600}
+        self.lock_timeout = int(timeout[:-1]) * unit_to_seconds[timeout[-1]]
         self.paramvals = {
             'subkey': 'password',
-            'directory': variables.get('passwordstore'),
+            'directory': variables.get('passwordstore', os.environ.get(
+                                       'PASSWORD_STORE_DIR',
+                                       os.path.expanduser('~/.password-store'))),
             'create': False,
             'returnall': False,
             'overwrite': False,
@@ -340,17 +401,27 @@ class LookupModule(LookupBase):
             'missing': 'error',
         }
 
+    def run(self, terms, variables, **kwargs):
+        self.setup(variables)
+        result = []
+
         for term in terms:
             self.parse_params(term)   # parse the input into paramvals
-            if self.check_pass():     # password exists
-                if self.paramvals['overwrite'] and self.paramvals['subkey'] == 'password':
-                    result.append(self.update_password())
-                else:
-                    result.append(self.get_passresult())
-            else:                     # password does not exist
-                if self.paramvals['missing'] == 'create':
-                    result.append(self.generate_password())
-                else:
-                    result.append(None)
+            with self.opt_lock('readwrite'):
+                if self.check_pass():     # password exists
+                    if self.paramvals['overwrite'] and self.paramvals['subkey'] == 'password':
+                        with self.opt_lock('write'):
+                            result.append(self.update_password())
+                    else:
+                        result.append(self.get_passresult())
+                else:                     # password does not exist
+                    if self.paramvals['missing'] == 'create':
+                        with self.opt_lock('write'):
+                            if self.locked == 'write' and self.check_pass():  # lookup password again if under write lock
+                                result.append(self.get_passresult())
+                            else:
+                                result.append(self.generate_password())
+                    else:
+                        result.append(None)
 
         return result

plugins/lookup/tss.py

@@ -14,6 +14,10 @@ description:
     - Uses the Thycotic Secret Server Python SDK to get Secrets from Secret
       Server using token authentication with I(username) and I(password) on
       the REST API at I(base_url).
+    - When using self-signed certificates the environment variable
+      C(REQUESTS_CA_BUNDLE) can be set to a file containing the trusted certificates
+      (in C(.pem) format).
+    - For example, C(export REQUESTS_CA_BUNDLE='/etc/ssl/certs/ca-bundle.trust.crt').
 requirements:
     - python-tss-sdk - https://pypi.org/project/python-tss-sdk/
 options:

plugins/module_utils/cmd_runner.py

@@ -0,0 +1,291 @@
+# -*- coding: utf-8 -*-
+# (c) 2022, Alexei Znamensky <russoz@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from functools import wraps
+
+from ansible.module_utils.common.collections import is_sequence
+from ansible.module_utils.six import iteritems
+
+
+def _ensure_list(value):
+    return list(value) if is_sequence(value) else [value]
+
+
+def _process_as_is(rc, out, err):
+    return rc, out, err
+
+
+class CmdRunnerException(Exception):
+    pass
+
+
+class MissingArgumentFormat(CmdRunnerException):
+    def __init__(self, arg, args_order, args_formats):
+        self.args_order = args_order
+        self.arg = arg
+        self.args_formats = args_formats
+
+    def __repr__(self):
+        return "MissingArgumentFormat({0!r}, {1!r}, {2!r})".format(
+            self.arg,
+            self.args_order,
+            self.args_formats,
+        )
+
+    def __str__(self):
+        return "Cannot find format for parameter {0} {1} in: {2}".format(
+            self.arg,
+            self.args_order,
+            self.args_formats,
+        )
+
+
+class MissingArgumentValue(CmdRunnerException):
+    def __init__(self, args_order, arg):
+        self.args_order = args_order
+        self.arg = arg
+
+    def __repr__(self):
+        return "MissingArgumentValue({0!r}, {1!r})".format(
+            self.args_order,
+            self.arg,
+        )
+
+    def __str__(self):
+        return "Cannot find value for parameter {0} in {1}".format(
+            self.arg,
+            self.args_order,
+        )
+
+
+class FormatError(CmdRunnerException):
+    def __init__(self, name, value, args_formats, exc):
+        self.name = name
+        self.value = value
+        self.args_formats = args_formats
+        self.exc = exc
+        super(FormatError, self).__init__()
+
+    def __repr__(self):
+        return "FormatError({0!r}, {1!r}, {2!r}, {3!r})".format(
+            self.name,
+            self.value,
+            self.args_formats,
+            self.exc,
+        )
+
+    def __str__(self):
+        return "Failed to format parameter {0} with value {1}: {2}".format(
+            self.name,
+            self.value,
+            self.exc,
+        )
+
+
+class _ArgFormat(object):
+    def __init__(self, func, ignore_none=None):
+        self.func = func
+        self.ignore_none = ignore_none
+
+    def __call__(self, value, ctx_ignore_none):
+        ignore_none = self.ignore_none if self.ignore_none is not None else ctx_ignore_none
+        if value is None and ignore_none:
+            return []
+        f = self.func
+        return [str(x) for x in f(value)]
+
+
+class _Format(object):
+    @staticmethod
+    def as_bool(args):
+        return _ArgFormat(lambda value: _ensure_list(args) if value else [])
+
+    @staticmethod
+    def as_bool_not(args):
+        return _ArgFormat(lambda value: [] if value else _ensure_list(args), ignore_none=False)
+
+    @staticmethod
+    def as_optval(arg, ignore_none=None):
+        return _ArgFormat(lambda value: ["{0}{1}".format(arg, value)], ignore_none=ignore_none)
+
+    @staticmethod
+    def as_opt_val(arg, ignore_none=None):
+        return _ArgFormat(lambda value: [arg, value], ignore_none=ignore_none)
+
+    @staticmethod
+    def as_opt_eq_val(arg, ignore_none=None):
+        return _ArgFormat(lambda value: ["{0}={1}".format(arg, value)], ignore_none=ignore_none)
+
+    @staticmethod
+    def as_list(ignore_none=None):
+        return _ArgFormat(_ensure_list, ignore_none=ignore_none)
+
+    @staticmethod
+    def as_fixed(args):
+        return _ArgFormat(lambda value: _ensure_list(args), ignore_none=False)
+
+    @staticmethod
+    def as_func(func, ignore_none=None):
+        return _ArgFormat(func, ignore_none=ignore_none)
+
+    @staticmethod
+    def as_map(_map, default=None, ignore_none=None):
+        return _ArgFormat(lambda value: _ensure_list(_map.get(value, default)), ignore_none=ignore_none)
+
+    @staticmethod
+    def as_default_type(_type, arg="", ignore_none=None):
+        fmt = _Format
+        if _type == "dict":
+            return fmt.as_func(lambda d: ["--{0}={1}".format(*a) for a in iteritems(d)],
+                               ignore_none=ignore_none)
+        if _type == "list":
+            return fmt.as_func(lambda value: ["--{0}".format(x) for x in value], ignore_none=ignore_none)
+        if _type == "bool":
+            return fmt.as_bool("--{0}".format(arg))
+
+        return fmt.as_opt_val("--{0}".format(arg), ignore_none=ignore_none)
+
+    @staticmethod
+    def unpack_args(func):
+        @wraps(func)
+        def wrapper(v):
+            return func(*v)
+        return wrapper
+
+    @staticmethod
+    def unpack_kwargs(func):
+        @wraps(func)
+        def wrapper(v):
+            return func(**v)
+        return wrapper
+
+
+class CmdRunner(object):
+    """
+    Wrapper for ``AnsibleModule.run_command()``.
+
+    It aims to provide a reusable runner with consistent argument formatting
+    and sensible defaults.
+    """
+
+    @staticmethod
+    def _prepare_args_order(order):
+        return tuple(order) if is_sequence(order) else tuple(order.split())
+
+    def __init__(self, module, command, arg_formats=None, default_args_order=(),
+                 check_rc=False, force_lang="C", path_prefix=None, environ_update=None):
+        self.module = module
+        self.command = _ensure_list(command)
+        self.default_args_order = self._prepare_args_order(default_args_order)
+        if arg_formats is None:
+            arg_formats = {}
+        self.arg_formats = dict(arg_formats)
+        self.check_rc = check_rc
+        self.force_lang = force_lang
+        self.path_prefix = path_prefix
+        if environ_update is None:
+            environ_update = {}
+        self.environ_update = environ_update
+
+        self.command[0] = module.get_bin_path(command[0], opt_dirs=path_prefix, required=True)
+
+        for mod_param_name, spec in iteritems(module.argument_spec):
+            if mod_param_name not in self.arg_formats:
+                self.arg_formats[mod_param_name] = _Format.as_default_type(spec['type'], mod_param_name)
+
+    def context(self, args_order=None, output_process=None, ignore_value_none=True, **kwargs):
+        if output_process is None:
+            output_process = _process_as_is
+        if args_order is None:
+            args_order = self.default_args_order
+        args_order = self._prepare_args_order(args_order)
+        for p in args_order:
+            if p not in self.arg_formats:
+                raise MissingArgumentFormat(p, args_order, tuple(self.arg_formats.keys()))
+        return _CmdRunnerContext(runner=self,
+                                 args_order=args_order,
+                                 output_process=output_process,
+                                 ignore_value_none=ignore_value_none, **kwargs)
+
+    def has_arg_format(self, arg):
+        return arg in self.arg_formats
+
+
+class _CmdRunnerContext(object):
+    def __init__(self, runner, args_order, output_process, ignore_value_none, **kwargs):
+        self.runner = runner
+        self.args_order = tuple(args_order)
+        self.output_process = output_process
+        self.ignore_value_none = ignore_value_none
+        self.run_command_args = dict(kwargs)
+
+        self.environ_update = runner.environ_update
+        self.environ_update.update(self.run_command_args.get('environ_update', {}))
+        if runner.force_lang:
+            self.environ_update.update({
+                'LANGUAGE': runner.force_lang,
+                'LC_ALL': runner.force_lang,
+            })
+        self.run_command_args['environ_update'] = self.environ_update
+
+        if 'check_rc' not in self.run_command_args:
+            self.run_command_args['check_rc'] = runner.check_rc
+        self.check_rc = self.run_command_args['check_rc']
+
+        self.cmd = None
+        self.results_rc = None
+        self.results_out = None
+        self.results_err = None
+        self.results_processed = None
+
+    def run(self, **kwargs):
+        runner = self.runner
+        module = self.runner.module
+        self.cmd = list(runner.command)
+        self.context_run_args = dict(kwargs)
+
+        named_args = dict(module.params)
+        named_args.update(kwargs)
+        for arg_name in self.args_order:
+            value = None
+            try:
+                value = named_args[arg_name]
+                self.cmd.extend(runner.arg_formats[arg_name](value, ctx_ignore_none=self.ignore_value_none))
+            except KeyError:
+                raise MissingArgumentValue(self.args_order, arg_name)
+            except Exception as e:
+                raise FormatError(arg_name, value, runner.arg_formats[arg_name], e)
+
+        results = module.run_command(self.cmd, **self.run_command_args)
+        self.results_rc, self.results_out, self.results_err = results
+        self.results_processed = self.output_process(*results)
+        return self.results_processed
+
+    @property
+    def run_info(self):
+        return dict(
+            ignore_value_none=self.ignore_value_none,
+            check_rc=self.check_rc,
+            environ_update=self.environ_update,
+            args_order=self.args_order,
+            cmd=self.cmd,
+            run_command_args=self.run_command_args,
+            context_run_args=self.context_run_args,
+            results_rc=self.results_rc,
+            results_out=self.results_out,
+            results_err=self.results_err,
+            results_processed=self.results_processed,
+        )
+
+    def __enter__(self):
+        return self
+
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        return False
+
+
+fmt = _Format()

plugins/module_utils/identity/keycloak/keycloak.py

@@ -102,6 +102,7 @@ def keycloak_argument_spec():
         auth_username=dict(type='str', aliases=['username']),
         auth_password=dict(type='str', aliases=['password'], no_log=True),
         validate_certs=dict(type='bool', default=True),
+        connection_timeout=dict(type='int', default=10),
         token=dict(type='str', no_log=True),
     )
 
@@ -134,6 +135,7 @@ def get_token(module_params):
         auth_username = module_params.get('auth_username')
         auth_password = module_params.get('auth_password')
         client_secret = module_params.get('auth_client_secret')
+        connection_timeout = module_params.get('connection_timeout')
         auth_url = URL_TOKEN.format(url=base_url, realm=auth_realm)
         temp_payload = {
             'grant_type': 'password',
@@ -147,7 +149,7 @@ def get_token(module_params):
             (k, v) for k, v in temp_payload.items() if v is not None)
         try:
             r = json.loads(to_native(open_url(auth_url, method='POST',
-                                              validate_certs=validate_certs,
+                                              validate_certs=validate_certs, timeout=connection_timeout,
                                               data=urlencode(payload)).read()))
         except ValueError as e:
             raise KeycloakError(
@@ -229,6 +231,7 @@ class KeycloakAPI(object):
         self.module = module
         self.baseurl = self.module.params.get('auth_keycloak_url')
         self.validate_certs = self.module.params.get('validate_certs')
+        self.connection_timeout = self.module.params.get('connection_timeout')
         self.restheaders = connection_header
 
     def get_realm_info_by_id(self, realm='master'):
@@ -240,7 +243,7 @@ class KeycloakAPI(object):
         realm_info_url = URL_REALM_INFO.format(url=self.baseurl, realm=realm)
 
         try:
-            return json.loads(to_native(open_url(realm_info_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(realm_info_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
 
         except HTTPError as e:
@@ -265,7 +268,7 @@ class KeycloakAPI(object):
         realm_url = URL_REALM.format(url=self.baseurl, realm=realm)
 
         try:
-            return json.loads(to_native(open_url(realm_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(realm_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
 
         except HTTPError as e:
@@ -290,7 +293,7 @@ class KeycloakAPI(object):
         realm_url = URL_REALM.format(url=self.baseurl, realm=realm)
 
         try:
-            return open_url(realm_url, method='PUT', headers=self.restheaders,
+            return open_url(realm_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(realmrep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update realm %s: %s' % (realm, str(e)),
@@ -304,7 +307,7 @@ class KeycloakAPI(object):
         realm_url = URL_REALMS.format(url=self.baseurl)
 
         try:
-            return open_url(realm_url, method='POST', headers=self.restheaders,
+            return open_url(realm_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(realmrep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not create realm %s: %s' % (realmrep['id'], str(e)),
@@ -319,7 +322,7 @@ class KeycloakAPI(object):
         realm_url = URL_REALM.format(url=self.baseurl, realm=realm)
 
         try:
-            return open_url(realm_url, method='DELETE', headers=self.restheaders,
+            return open_url(realm_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not delete realm %s: %s' % (realm, str(e)),
@@ -337,7 +340,7 @@ class KeycloakAPI(object):
             clientlist_url += '?clientId=%s' % filter
 
         try:
-            return json.loads(to_native(open_url(clientlist_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(clientlist_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of clients for realm %s: %s'
@@ -368,7 +371,7 @@ class KeycloakAPI(object):
         client_url = URL_CLIENT.format(url=self.baseurl, realm=realm, id=id)
 
         try:
-            return json.loads(to_native(open_url(client_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(client_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
 
         except HTTPError as e:
@@ -407,7 +410,7 @@ class KeycloakAPI(object):
         client_url = URL_CLIENT.format(url=self.baseurl, realm=realm, id=id)
 
         try:
-            return open_url(client_url, method='PUT', headers=self.restheaders,
+            return open_url(client_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clientrep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update client %s in realm %s: %s'
@@ -422,7 +425,7 @@ class KeycloakAPI(object):
         client_url = URL_CLIENTS.format(url=self.baseurl, realm=realm)
 
         try:
-            return open_url(client_url, method='POST', headers=self.restheaders,
+            return open_url(client_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clientrep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not create client %s in realm %s: %s'
@@ -438,7 +441,7 @@ class KeycloakAPI(object):
         client_url = URL_CLIENT.format(url=self.baseurl, realm=realm, id=id)
 
         try:
-            return open_url(client_url, method='DELETE', headers=self.restheaders,
+            return open_url(client_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not delete client %s in realm %s: %s'
@@ -453,7 +456,7 @@ class KeycloakAPI(object):
         """
         client_roles_url = URL_CLIENT_ROLES.format(url=self.baseurl, realm=realm, id=cid)
         try:
-            return json.loads(to_native(open_url(client_roles_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(client_roles_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch rolemappings for client %s in realm %s: %s"
@@ -485,7 +488,7 @@ class KeycloakAPI(object):
         """
         rolemappings_url = URL_CLIENT_ROLEMAPPINGS.format(url=self.baseurl, realm=realm, id=gid, client=cid)
         try:
-            rolemappings = json.loads(to_native(open_url(rolemappings_url, method="GET", headers=self.restheaders,
+            rolemappings = json.loads(to_native(open_url(rolemappings_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                          validate_certs=self.validate_certs).read()))
             for role in rolemappings:
                 if rid == role['id']:
@@ -505,7 +508,7 @@ class KeycloakAPI(object):
         """
         available_rolemappings_url = URL_CLIENT_ROLEMAPPINGS_AVAILABLE.format(url=self.baseurl, realm=realm, id=gid, client=cid)
         try:
-            return json.loads(to_native(open_url(available_rolemappings_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(available_rolemappings_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
@@ -521,7 +524,7 @@ class KeycloakAPI(object):
         """
         available_rolemappings_url = URL_CLIENT_ROLEMAPPINGS_COMPOSITE.format(url=self.baseurl, realm=realm, id=gid, client=cid)
         try:
-            return json.loads(to_native(open_url(available_rolemappings_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(available_rolemappings_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
@@ -538,7 +541,8 @@ class KeycloakAPI(object):
         """
         available_rolemappings_url = URL_CLIENT_ROLEMAPPINGS.format(url=self.baseurl, realm=realm, id=gid, client=cid)
         try:
-            open_url(available_rolemappings_url, method="POST", headers=self.restheaders, data=json.dumps(role_rep), validate_certs=self.validate_certs)
+            open_url(available_rolemappings_url, method="POST", headers=self.restheaders, data=json.dumps(role_rep),
+                     validate_certs=self.validate_certs, timeout=self.connection_timeout)
         except Exception as e:
             self.module.fail_json(msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
                                       % (cid, gid, realm, str(e)))
@@ -554,7 +558,8 @@ class KeycloakAPI(object):
         """
         available_rolemappings_url = URL_CLIENT_ROLEMAPPINGS.format(url=self.baseurl, realm=realm, id=gid, client=cid)
         try:
-            open_url(available_rolemappings_url, method="DELETE", headers=self.restheaders, validate_certs=self.validate_certs)
+            open_url(available_rolemappings_url, method="DELETE", headers=self.restheaders,
+                     validate_certs=self.validate_certs, timeout=self.connection_timeout)
         except Exception as e:
             self.module.fail_json(msg="Could not delete available rolemappings for client %s in group %s, realm %s: %s"
                                       % (cid, gid, realm, str(e)))
@@ -568,7 +573,7 @@ class KeycloakAPI(object):
         url = URL_CLIENTTEMPLATES.format(url=self.baseurl, realm=realm)
 
         try:
-            return json.loads(to_native(open_url(url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of client templates for realm %s: %s'
@@ -587,7 +592,7 @@ class KeycloakAPI(object):
         url = URL_CLIENTTEMPLATE.format(url=self.baseurl, id=id, realm=realm)
 
         try:
-            return json.loads(to_native(open_url(url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain client templates %s for realm %s: %s'
@@ -633,7 +638,7 @@ class KeycloakAPI(object):
         url = URL_CLIENTTEMPLATE.format(url=self.baseurl, realm=realm, id=id)
 
         try:
-            return open_url(url, method='PUT', headers=self.restheaders,
+            return open_url(url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clienttrep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update client template %s in realm %s: %s'
@@ -648,7 +653,7 @@ class KeycloakAPI(object):
         url = URL_CLIENTTEMPLATES.format(url=self.baseurl, realm=realm)
 
         try:
-            return open_url(url, method='POST', headers=self.restheaders,
+            return open_url(url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clienttrep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not create client template %s in realm %s: %s'
@@ -664,7 +669,7 @@ class KeycloakAPI(object):
         url = URL_CLIENTTEMPLATE.format(url=self.baseurl, realm=realm, id=id)
 
         try:
-            return open_url(url, method='DELETE', headers=self.restheaders,
+            return open_url(url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not delete client template %s in realm %s: %s'
@@ -681,7 +686,7 @@ class KeycloakAPI(object):
         """
         clientscopes_url = URL_CLIENTSCOPES.format(url=self.baseurl, realm=realm)
         try:
-            return json.loads(to_native(open_url(clientscopes_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(clientscopes_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch list of clientscopes in realm %s: %s"
@@ -698,7 +703,7 @@ class KeycloakAPI(object):
         """
         clientscope_url = URL_CLIENTSCOPE.format(url=self.baseurl, realm=realm, id=cid)
         try:
-            return json.loads(to_native(open_url(clientscope_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(clientscope_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
 
         except HTTPError as e:
@@ -743,7 +748,7 @@ class KeycloakAPI(object):
         """
         clientscopes_url = URL_CLIENTSCOPES.format(url=self.baseurl, realm=realm)
         try:
-            return open_url(clientscopes_url, method='POST', headers=self.restheaders,
+            return open_url(clientscopes_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clientscoperep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Could not create clientscope %s in realm %s: %s"
@@ -758,7 +763,7 @@ class KeycloakAPI(object):
         clientscope_url = URL_CLIENTSCOPE.format(url=self.baseurl, realm=realm, id=clientscoperep['id'])
 
         try:
-            return open_url(clientscope_url, method='PUT', headers=self.restheaders,
+            return open_url(clientscope_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clientscoperep), validate_certs=self.validate_certs)
 
         except Exception as e:
@@ -796,7 +801,7 @@ class KeycloakAPI(object):
         # should have a good cid by here.
         clientscope_url = URL_CLIENTSCOPE.format(realm=realm, id=cid, url=self.baseurl)
         try:
-            return open_url(clientscope_url, method='DELETE', headers=self.restheaders,
+            return open_url(clientscope_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
 
         except Exception as e:
@@ -814,7 +819,7 @@ class KeycloakAPI(object):
         """
         protocolmappers_url = URL_CLIENTSCOPE_PROTOCOLMAPPERS.format(id=cid, url=self.baseurl, realm=realm)
         try:
-            return json.loads(to_native(open_url(protocolmappers_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(protocolmappers_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch list of protocolmappers in realm %s: %s"
@@ -833,7 +838,7 @@ class KeycloakAPI(object):
         """
         protocolmapper_url = URL_CLIENTSCOPE_PROTOCOLMAPPER.format(url=self.baseurl, realm=realm, id=cid, mapper_id=pid)
         try:
-            return json.loads(to_native(open_url(protocolmapper_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(protocolmapper_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
 
         except HTTPError as e:
@@ -880,7 +885,7 @@ class KeycloakAPI(object):
         """
         protocolmappers_url = URL_CLIENTSCOPE_PROTOCOLMAPPERS.format(url=self.baseurl, id=cid, realm=realm)
         try:
-            return open_url(protocolmappers_url, method='POST', headers=self.restheaders,
+            return open_url(protocolmappers_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(mapper_rep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Could not create protocolmapper %s in realm %s: %s"
@@ -896,7 +901,7 @@ class KeycloakAPI(object):
         protocolmapper_url = URL_CLIENTSCOPE_PROTOCOLMAPPER.format(url=self.baseurl, realm=realm, id=cid, mapper_id=mapper_rep['id'])
 
         try:
-            return open_url(protocolmapper_url, method='PUT', headers=self.restheaders,
+            return open_url(protocolmapper_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(mapper_rep), validate_certs=self.validate_certs)
 
         except Exception as e:
@@ -913,7 +918,7 @@ class KeycloakAPI(object):
         """
         groups_url = URL_GROUPS.format(url=self.baseurl, realm=realm)
         try:
-            return json.loads(to_native(open_url(groups_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(groups_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch list of groups in realm %s: %s"
@@ -930,7 +935,7 @@ class KeycloakAPI(object):
         """
         groups_url = URL_GROUP.format(url=self.baseurl, realm=realm, groupid=gid)
         try:
-            return json.loads(to_native(open_url(groups_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(groups_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
 
         except HTTPError as e:
@@ -976,7 +981,7 @@ class KeycloakAPI(object):
         """
         groups_url = URL_GROUPS.format(url=self.baseurl, realm=realm)
         try:
-            return open_url(groups_url, method='POST', headers=self.restheaders,
+            return open_url(groups_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(grouprep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Could not create group %s in realm %s: %s"
@@ -991,7 +996,7 @@ class KeycloakAPI(object):
         group_url = URL_GROUP.format(url=self.baseurl, realm=realm, groupid=grouprep['id'])
 
         try:
-            return open_url(group_url, method='PUT', headers=self.restheaders,
+            return open_url(group_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(grouprep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update group %s in realm %s: %s'
@@ -1028,7 +1033,7 @@ class KeycloakAPI(object):
         # should have a good groupid by here.
         group_url = URL_GROUP.format(realm=realm, groupid=groupid, url=self.baseurl)
         try:
-            return open_url(group_url, method='DELETE', headers=self.restheaders,
+            return open_url(group_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Unable to delete group %s: %s" % (groupid, str(e)))
@@ -1041,7 +1046,7 @@ class KeycloakAPI(object):
         """
         rolelist_url = URL_REALM_ROLES.format(url=self.baseurl, realm=realm)
         try:
-            return json.loads(to_native(open_url(rolelist_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(rolelist_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of roles for realm %s: %s'
@@ -1059,7 +1064,7 @@ class KeycloakAPI(object):
         """
         role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name))
         try:
-            return json.loads(to_native(open_url(role_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(role_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except HTTPError as e:
             if e.code == 404:
@@ -1079,7 +1084,7 @@ class KeycloakAPI(object):
         """
         roles_url = URL_REALM_ROLES.format(url=self.baseurl, realm=realm)
         try:
-            return open_url(roles_url, method='POST', headers=self.restheaders,
+            return open_url(roles_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(rolerep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not create role %s in realm %s: %s'
@@ -1093,7 +1098,7 @@ class KeycloakAPI(object):
         """
         role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(rolerep['name']))
         try:
-            return open_url(role_url, method='PUT', headers=self.restheaders,
+            return open_url(role_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(rolerep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update role %s in realm %s: %s'
@@ -1107,7 +1112,7 @@ class KeycloakAPI(object):
         """
         role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name))
         try:
-            return open_url(role_url, method='DELETE', headers=self.restheaders,
+            return open_url(role_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Unable to delete role %s in realm %s: %s'
@@ -1126,7 +1131,7 @@ class KeycloakAPI(object):
                                       % (clientid, realm))
         rolelist_url = URL_CLIENT_ROLES.format(url=self.baseurl, realm=realm, id=cid)
         try:
-            return json.loads(to_native(open_url(rolelist_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(rolelist_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of roles for client %s in realm %s: %s'
@@ -1150,7 +1155,7 @@ class KeycloakAPI(object):
                                       % (clientid, realm))
         role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name))
         try:
-            return json.loads(to_native(open_url(role_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(role_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except HTTPError as e:
             if e.code == 404:
@@ -1176,7 +1181,7 @@ class KeycloakAPI(object):
                                       % (clientid, realm))
         roles_url = URL_CLIENT_ROLES.format(url=self.baseurl, realm=realm, id=cid)
         try:
-            return open_url(roles_url, method='POST', headers=self.restheaders,
+            return open_url(roles_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(rolerep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not create role %s for client %s in realm %s: %s'
@@ -1196,7 +1201,7 @@ class KeycloakAPI(object):
                                       % (clientid, realm))
         role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep['name']))
         try:
-            return open_url(role_url, method='PUT', headers=self.restheaders,
+            return open_url(role_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(rolerep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update role %s for client %s in realm %s: %s'
@@ -1215,7 +1220,7 @@ class KeycloakAPI(object):
                                       % (clientid, realm))
         role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name))
         try:
-            return open_url(role_url, method='DELETE', headers=self.restheaders,
+            return open_url(role_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Unable to delete role %s for client %s in realm %s: %s'
@@ -1231,7 +1236,8 @@ class KeycloakAPI(object):
         try:
             authentication_flow = {}
             # Check if the authentication flow exists on the Keycloak serveraders
-            authentications = json.load(open_url(URL_AUTHENTICATION_FLOWS.format(url=self.baseurl, realm=realm), method='GET', headers=self.restheaders))
+            authentications = json.load(open_url(URL_AUTHENTICATION_FLOWS.format(url=self.baseurl, realm=realm), method='GET',
+                                                 headers=self.restheaders, timeout=self.connection_timeout, validate_certs=self.validate_certs))
             for authentication in authentications:
                 if authentication["alias"] == alias:
                     authentication_flow = authentication
@@ -1250,7 +1256,7 @@ class KeycloakAPI(object):
         flow_url = URL_AUTHENTICATION_FLOW.format(url=self.baseurl, realm=realm, id=id)
 
         try:
-            return open_url(flow_url, method='DELETE', headers=self.restheaders,
+            return open_url(flow_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not delete authentication flow %s in realm %s: %s'
@@ -1274,13 +1280,17 @@ class KeycloakAPI(object):
                     copyfrom=quote(config["copyFrom"])),
                 method='POST',
                 headers=self.restheaders,
-                data=json.dumps(new_name))
+                data=json.dumps(new_name),
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
             flow_list = json.load(
                 open_url(
                     URL_AUTHENTICATION_FLOWS.format(url=self.baseurl,
                                                     realm=realm),
                     method='GET',
-                    headers=self.restheaders))
+                    headers=self.restheaders,
+                    timeout=self.connection_timeout,
+                    validate_certs=self.validate_certs))
             for flow in flow_list:
                 if flow["alias"] == config["alias"]:
                     return flow
@@ -1309,14 +1319,18 @@ class KeycloakAPI(object):
                     realm=realm),
                 method='POST',
                 headers=self.restheaders,
-                data=json.dumps(new_flow))
+                data=json.dumps(new_flow),
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
             flow_list = json.load(
                 open_url(
                     URL_AUTHENTICATION_FLOWS.format(
                         url=self.baseurl,
                         realm=realm),
                     method='GET',
-                    headers=self.restheaders))
+                    headers=self.restheaders,
+                    timeout=self.connection_timeout,
+                    validate_certs=self.validate_certs))
             for flow in flow_list:
                 if flow["alias"] == config["alias"]:
                     return flow
@@ -1340,7 +1354,9 @@ class KeycloakAPI(object):
                     flowalias=quote(flowAlias)),
                 method='PUT',
                 headers=self.restheaders,
-                data=json.dumps(updatedExec))
+                data=json.dumps(updatedExec),
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Unable to update executions %s: %s" % (updatedExec, str(e)))
 
@@ -1359,7 +1375,9 @@ class KeycloakAPI(object):
                     id=executionId),
                 method='POST',
                 headers=self.restheaders,
-                data=json.dumps(authenticationConfig))
+                data=json.dumps(authenticationConfig),
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e)))
 
@@ -1382,7 +1400,9 @@ class KeycloakAPI(object):
                     flowalias=quote(flowAlias)),
                 method='POST',
                 headers=self.restheaders,
-                data=json.dumps(newSubFlow))
+                data=json.dumps(newSubFlow),
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Unable to create new subflow %s: %s" % (subflowName, str(e)))
 
@@ -1404,7 +1424,9 @@ class KeycloakAPI(object):
                     flowalias=quote(flowAlias)),
                 method='POST',
                 headers=self.restheaders,
-                data=json.dumps(newExec))
+                data=json.dumps(newExec),
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Unable to create new execution %s: %s" % (execution["provider"], str(e)))
 
@@ -1425,7 +1447,9 @@ class KeycloakAPI(object):
                             realm=realm,
                             id=executionId),
                         method='POST',
-                        headers=self.restheaders)
+                        headers=self.restheaders,
+                        timeout=self.connection_timeout,
+                        validate_certs=self.validate_certs)
             elif diff < 0:
                 for i in range(-diff):
                     open_url(
@@ -1434,7 +1458,9 @@ class KeycloakAPI(object):
                             realm=realm,
                             id=executionId),
                         method='POST',
-                        headers=self.restheaders)
+                        headers=self.restheaders,
+                        timeout=self.connection_timeout,
+                        validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg="Unable to change execution priority %s: %s" % (executionId, str(e)))
 
@@ -1454,7 +1480,9 @@ class KeycloakAPI(object):
                         realm=realm,
                         flowalias=quote(config["alias"])),
                     method='GET',
-                    headers=self.restheaders))
+                    headers=self.restheaders,
+                    timeout=self.connection_timeout,
+                    validate_certs=self.validate_certs))
             for execution in executions:
                 if "authenticationConfig" in execution:
                     execConfigId = execution["authenticationConfig"]
@@ -1465,7 +1493,9 @@ class KeycloakAPI(object):
                                 realm=realm,
                                 id=execConfigId),
                             method='GET',
-                            headers=self.restheaders))
+                            headers=self.restheaders,
+                            timeout=self.connection_timeout,
+                            validate_certs=self.validate_certs))
                     execution["authenticationConfig"] = execConfig
             return executions
         except Exception as e:
@@ -1479,7 +1509,7 @@ class KeycloakAPI(object):
         """
         idps_url = URL_IDENTITY_PROVIDERS.format(url=self.baseurl, realm=realm)
         try:
-            return json.loads(to_native(open_url(idps_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(idps_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of identity providers for realm %s: %s'
@@ -1496,7 +1526,7 @@ class KeycloakAPI(object):
         """
         idp_url = URL_IDENTITY_PROVIDER.format(url=self.baseurl, realm=realm, alias=alias)
         try:
-            return json.loads(to_native(open_url(idp_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(idp_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except HTTPError as e:
             if e.code == 404:
@@ -1516,7 +1546,7 @@ class KeycloakAPI(object):
         """
         idps_url = URL_IDENTITY_PROVIDERS.format(url=self.baseurl, realm=realm)
         try:
-            return open_url(idps_url, method='POST', headers=self.restheaders,
+            return open_url(idps_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(idprep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not create identity provider %s in realm %s: %s'
@@ -1530,7 +1560,7 @@ class KeycloakAPI(object):
         """
         idp_url = URL_IDENTITY_PROVIDER.format(url=self.baseurl, realm=realm, alias=idprep['alias'])
         try:
-            return open_url(idp_url, method='PUT', headers=self.restheaders,
+            return open_url(idp_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(idprep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update identity provider %s in realm %s: %s'
@@ -1543,7 +1573,7 @@ class KeycloakAPI(object):
         """
         idp_url = URL_IDENTITY_PROVIDER.format(url=self.baseurl, realm=realm, alias=alias)
         try:
-            return open_url(idp_url, method='DELETE', headers=self.restheaders,
+            return open_url(idp_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Unable to delete identity provider %s in realm %s: %s'
@@ -1557,7 +1587,7 @@ class KeycloakAPI(object):
         """
         mappers_url = URL_IDENTITY_PROVIDER_MAPPERS.format(url=self.baseurl, realm=realm, alias=alias)
         try:
-            return json.loads(to_native(open_url(mappers_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(mappers_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of identity provider mappers for idp %s in realm %s: %s'
@@ -1575,7 +1605,7 @@ class KeycloakAPI(object):
         """
         mapper_url = URL_IDENTITY_PROVIDER_MAPPER.format(url=self.baseurl, realm=realm, alias=alias, id=mid)
         try:
-            return json.loads(to_native(open_url(mapper_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(mapper_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except HTTPError as e:
             if e.code == 404:
@@ -1596,7 +1626,7 @@ class KeycloakAPI(object):
         """
         mappers_url = URL_IDENTITY_PROVIDER_MAPPERS.format(url=self.baseurl, realm=realm, alias=alias)
         try:
-            return open_url(mappers_url, method='POST', headers=self.restheaders,
+            return open_url(mappers_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(mapper), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not create identity provider mapper %s for idp %s in realm %s: %s'
@@ -1611,7 +1641,7 @@ class KeycloakAPI(object):
         """
         mapper_url = URL_IDENTITY_PROVIDER_MAPPER.format(url=self.baseurl, realm=realm, alias=alias, id=mapper['id'])
         try:
-            return open_url(mapper_url, method='PUT', headers=self.restheaders,
+            return open_url(mapper_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(mapper), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update mapper %s for identity provider %s in realm %s: %s'
@@ -1625,7 +1655,7 @@ class KeycloakAPI(object):
         """
         mapper_url = URL_IDENTITY_PROVIDER_MAPPER.format(url=self.baseurl, realm=realm, alias=alias, id=mid)
         try:
-            return open_url(mapper_url, method='DELETE', headers=self.restheaders,
+            return open_url(mapper_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Unable to delete mapper %s for identity provider %s in realm %s: %s'
@@ -1642,7 +1672,7 @@ class KeycloakAPI(object):
             comps_url += '?%s' % filter
 
         try:
-            return json.loads(to_native(open_url(comps_url, method='GET', headers=self.restheaders,
+            return json.loads(to_native(open_url(comps_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of components for realm %s: %s'
@@ -1659,7 +1689,7 @@ class KeycloakAPI(object):
         """
         comp_url = URL_COMPONENT.format(url=self.baseurl, realm=realm, id=cid)
         try:
-            return json.loads(to_native(open_url(comp_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(comp_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except HTTPError as e:
             if e.code == 404:
@@ -1679,13 +1709,13 @@ class KeycloakAPI(object):
         """
         comps_url = URL_COMPONENTS.format(url=self.baseurl, realm=realm)
         try:
-            resp = open_url(comps_url, method='POST', headers=self.restheaders,
+            resp = open_url(comps_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(comprep), validate_certs=self.validate_certs)
             comp_url = resp.getheader('Location')
             if comp_url is None:
                 self.module.fail_json(msg='Could not create component in realm %s: %s'
                                           % (realm, 'unexpected response'))
-            return json.loads(to_native(open_url(comp_url, method="GET", headers=self.restheaders,
+            return json.loads(to_native(open_url(comp_url, method="GET", headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
             self.module.fail_json(msg='Could not create component in realm %s: %s'
@@ -1702,7 +1732,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='Cannot update component without id')
         comp_url = URL_COMPONENT.format(url=self.baseurl, realm=realm, id=cid)
         try:
-            return open_url(comp_url, method='PUT', headers=self.restheaders,
+            return open_url(comp_url, method='PUT', headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(comprep), validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Could not update component %s in realm %s: %s'
@@ -1715,7 +1745,7 @@ class KeycloakAPI(object):
         """
         comp_url = URL_COMPONENT.format(url=self.baseurl, realm=realm, id=cid)
         try:
-            return open_url(comp_url, method='DELETE', headers=self.restheaders,
+            return open_url(comp_url, method='DELETE', headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
             self.module.fail_json(msg='Unable to delete component %s in realm %s: %s'

plugins/module_utils/net_tools/pritunl/api.py

@@ -337,7 +337,6 @@ def pritunl_auth_request(
 
     auth_string = "&".join(
         [api_token, auth_timestamp, auth_nonce, method.upper(), path]
-        + ([data] if data else [])
     )
 
     auth_signature = base64.b64encode(

plugins/module_utils/proxmox.py

@@ -21,6 +21,8 @@ except ImportError:
 
 
 from ansible.module_utils.basic import env_fallback, missing_required_lib
+from ansible.module_utils.common.text.converters import to_native
+from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
 
 def proxmox_auth_argument_spec():
@@ -98,3 +100,46 @@ class ProxmoxAnsible(object):
             return ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
         except Exception as e:
             self.module.fail_json(msg='%s' % e, exception=traceback.format_exc())
+
+    def version(self):
+        apireturn = self.proxmox_api.version.get()
+        return LooseVersion(apireturn['version'])
+
+    def get_node(self, node):
+        nodes = [n for n in self.proxmox_api.nodes.get() if n['node'] == node]
+        return nodes[0] if nodes else None
+
+    def get_nextvmid(self):
+        vmid = self.proxmox_api.cluster.nextid.get()
+        return vmid
+
+    def get_vmid(self, name, ignore_missing=False, choose_first_if_multiple=False):
+        vms = [vm['vmid'] for vm in self.proxmox_api.cluster.resources.get(type='vm') if vm.get('name') == name]
+
+        if not vms:
+            if ignore_missing:
+                return None
+
+            self.module.fail_json(msg='No VM with name %s found' % name)
+        elif len(vms) > 1:
+            if choose_first_if_multiple:
+                self.module.deprecate(
+                    'Multiple VMs with name %s found, choosing the first one. ' % name +
+                    'This will be an error in the future. To ensure the correct VM is used, ' +
+                    'also pass the vmid parameter.',
+                    version='5.0.0', collection_name='community.general')
+            else:
+                self.module.fail_json(msg='Multiple VMs with name %s found, provide vmid instead' % name)
+
+        return vms[0]
+
+    def get_vm(self, vmid, ignore_missing=False):
+        vms = [vm for vm in self.proxmox_api.cluster.resources.get(type='vm') if vm['vmid'] == int(vmid)]
+
+        if vms:
+            return vms[0]
+        else:
+            if ignore_missing:
+                return None
+
+            self.module.fail_json(msg='VM with vmid %s does not exist in cluster' % vmid)

plugins/module_utils/redfish_utils.py

@@ -732,14 +732,22 @@ class RedfishUtils(object):
     def get_multi_volume_inventory(self):
         return self.aggregate_systems(self.get_volume_inventory)
 
-    def manage_indicator_led(self, command):
+    def manage_system_indicator_led(self, command):
+        return self.manage_indicator_led(command, self.systems_uri)
+
+    def manage_chassis_indicator_led(self, command):
+        return self.manage_indicator_led(command, self.chassis_uri)
+
+    def manage_indicator_led(self, command, resource_uri=None):
         result = {}
         key = 'IndicatorLED'
+        if resource_uri is None:
+            resource_uri = self.chassis_uri
 
         payloads = {'IndicatorLedOn': 'Lit', 'IndicatorLedOff': 'Off', "IndicatorLedBlink": 'Blinking'}
 
         result = {}
-        response = self.get_request(self.root_uri + self.chassis_uri)
+        response = self.get_request(self.root_uri + resource_uri)
         if response['ret'] is False:
             return response
         result['ret'] = True
@@ -749,7 +757,7 @@ class RedfishUtils(object):
 
         if command in payloads.keys():
             payload = {'IndicatorLED': payloads[command]}
-            response = self.patch_request(self.root_uri + self.chassis_uri, payload)
+            response = self.patch_request(self.root_uri + resource_uri, payload)
             if response['ret'] is False:
                 return response
         else:

plugins/module_utils/redis.py

@@ -27,20 +27,20 @@ except ImportError:
     HAS_CERTIFI_PACKAGE = False
 
 
-def fail_imports(module):
+def fail_imports(module, needs_certifi=True):
     errors = []
     traceback = []
     if not HAS_REDIS_PACKAGE:
         errors.append(missing_required_lib('redis'))
         traceback.append(REDIS_IMP_ERR)
-    if not HAS_CERTIFI_PACKAGE:
+    if not HAS_CERTIFI_PACKAGE and needs_certifi:
         errors.append(missing_required_lib('certifi'))
         traceback.append(CERTIFI_IMPORT_ERROR)
     if errors:
         module.fail_json(errors=errors, traceback='\n'.join(traceback))
 
 
-def redis_auth_argument_spec():
+def redis_auth_argument_spec(tls_default=True):
     return dict(
         login_host=dict(type='str',
                         default='localhost',),
@@ -50,7 +50,7 @@ def redis_auth_argument_spec():
                             ),
         login_port=dict(type='int', default=6379),
         tls=dict(type='bool',
-                 default=True),
+                 default=tls_default),
         validate_certs=dict(type='bool',
                             default=True
                             ),
@@ -58,6 +58,30 @@ def redis_auth_argument_spec():
     )
 
 
+def redis_auth_params(module):
+    login_host = module.params['login_host']
+    login_user = module.params['login_user']
+    login_password = module.params['login_password']
+    login_port = module.params['login_port']
+    tls = module.params['tls']
+    validate_certs = 'required' if module.params['validate_certs'] else None
+    ca_certs = module.params['ca_certs']
+    if tls and ca_certs is None:
+        ca_certs = str(certifi.where())
+    if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None:
+        module.fail_json(
+            msg='The option `username` in only supported with redis >= 3.4.0.')
+    params = {'host': login_host,
+              'port': login_port,
+              'password': login_password,
+              'ssl_ca_certs': ca_certs,
+              'ssl_cert_reqs': validate_certs,
+              'ssl': tls}
+    if login_user is not None:
+        params['username'] = login_user
+    return params
+
+
 class RedisAnsible(object):
     '''Base class for Redis module'''
 
@@ -66,28 +90,8 @@ class RedisAnsible(object):
         self.connection = self._connect()
 
     def _connect(self):
-        login_host = self.module.params['login_host']
-        login_user = self.module.params['login_user']
-        login_password = self.module.params['login_password']
-        login_port = self.module.params['login_port']
-        tls = self.module.params['tls']
-        validate_certs = 'required' if self.module.params['validate_certs'] else None
-        ca_certs = self.module.params['ca_certs']
-        if tls and ca_certs is None:
-            ca_certs = str(certifi.where())
-        if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None:
-            self.module.fail_json(
-                msg='The option `username` in only supported with redis >= 3.4.0.')
-        params = {'host': login_host,
-                  'port': login_port,
-                  'password': login_password,
-                  'ssl_ca_certs': ca_certs,
-                  'ssl_cert_reqs': validate_certs,
-                  'ssl': tls}
-        if login_user is not None:
-            params['username'] = login_user
         try:
-            return Redis(**params)
+            return Redis(**redis_auth_params(self.module))
         except Exception as e:
             self.module.fail_json(msg='{0}'.format(str(e)))
         return None

plugins/module_utils/scaleway.py

@@ -167,17 +167,61 @@ class Scaleway(object):
 
 
 SCALEWAY_LOCATION = {
-    'par1': {'name': 'Paris 1', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-1'},
-    'EMEA-FR-PAR1': {'name': 'Paris 1', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-1'},
+    'par1': {
+        'name': 'Paris 1',
+        'country': 'FR',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/fr-par-1',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/fr-par-1'
+    },
 
-    'par2': {'name': 'Paris 2', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-2'},
-    'EMEA-FR-PAR2': {'name': 'Paris 2', 'country': 'FR', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/fr-par-2'},
+    'EMEA-FR-PAR1': {
+        'name': 'Paris 1',
+        'country': 'FR',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/fr-par-1',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/fr-par-1'
+    },
 
-    'ams1': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'},
-    'EMEA-NL-EVS': {'name': 'Amsterdam 1', 'country': 'NL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/nl-ams-1'},
+    'par2': {
+        'name': 'Paris 2',
+        'country': 'FR',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/fr-par-2',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/fr-par-2'
+    },
 
-    'waw1': {'name': 'Warsaw 1', 'country': 'PL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/pl-waw-1'},
-    'EMEA-PL-WAW1': {'name': 'Warsaw 1', 'country': 'PL', "api_endpoint": 'https://api.scaleway.com/instance/v1/zones/pl-waw-1'},
+    'EMEA-FR-PAR2': {
+        'name': 'Paris 2',
+        'country': 'FR',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/fr-par-2',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/fr-par-2'
+    },
+
+    'ams1': {
+        'name': 'Amsterdam 1',
+        'country': 'NL',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/nl-ams-1',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/nl-ams-10'
+    },
+
+    'EMEA-NL-EVS': {
+        'name': 'Amsterdam 1',
+        'country': 'NL',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/nl-ams-1',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/nl-ams-1'
+    },
+
+    'waw1': {
+        'name': 'Warsaw 1',
+        'country': 'PL',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/pl-waw-1',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/pl-waw-1'
+    },
+
+    'EMEA-PL-WAW1': {
+        'name': 'Warsaw 1',
+        'country': 'PL',
+        'api_endpoint': 'https://api.scaleway.com/instance/v1/zones/pl-waw-1',
+        'api_endpoint_vpc': 'https://api.scaleway.com/vpc/v1/zones/pl-waw-1'
+    },
 }
 
 SCALEWAY_ENDPOINT = "https://api.scaleway.com"

plugins/modules/alerta_customer.py

@@ -0,0 +1 @@
+./monitoring/alerta_customer.py

plugins/modules/cloud/atomic/atomic_container.py

@@ -182,10 +182,10 @@ def core(module):
 def main():
     module = AnsibleModule(
         argument_spec=dict(
-            mode=dict(default=None, choices=['user', 'system']),
+            mode=dict(choices=['user', 'system']),
             name=dict(required=True),
             image=dict(required=True),
-            rootfs=dict(default=None),
+            rootfs=dict(),
             state=dict(default='latest', choices=['present', 'absent', 'latest', 'rollback']),
             backend=dict(required=True, choices=['docker', 'ostree']),
             values=dict(type='list', default=[], elements='str'),

plugins/modules/cloud/centurylink/clc_alert_policy.py

@@ -228,8 +228,7 @@ class ClcAlertPolicy:
                 choices=[
                     'cpu',
                     'memory',
-                    'disk'],
-                default=None),
+                    'disk']),
             duration=dict(type='str'),
             threshold=dict(type='int'),
             state=dict(default='present', choices=['present', 'absent'])

plugins/modules/cloud/centurylink/clc_blueprint_package.py

@@ -42,7 +42,7 @@ options:
     description:
       - Whether to wait for the tasks to finish before returning.
     type: str
-    default: True
+    default: 'True'
     required: False
 requirements:
     - python = 2.7

plugins/modules/cloud/centurylink/clc_firewall_policy.py

@@ -66,8 +66,8 @@ options:
     description:
       - Whether the firewall policy is enabled or disabled
     type: str
-    choices: [True, False]
-    default: True
+    choices: ['True', 'False']
+    default: 'True'
 requirements:
     - python = 2.7
     - requests >= 2.5.0

plugins/modules/cloud/centurylink/clc_group.py

@@ -297,9 +297,9 @@ class ClcGroup(object):
         """
         argument_spec = dict(
             name=dict(required=True),
-            description=dict(default=None),
-            parent=dict(default=None),
-            location=dict(default=None),
+            description=dict(),
+            parent=dict(),
+            location=dict(),
             state=dict(default='present', choices=['present', 'absent']),
             wait=dict(type='bool', default=True))
 

plugins/modules/cloud/centurylink/clc_loadbalancer.py

@@ -48,7 +48,7 @@ options:
     description:
       - Port to configure on the public-facing side of the load balancer pool
     type: str
-    choices: [80, 443]
+    choices: ['80', '443']
   nodes:
     description:
       - A list of nodes that needs to be added to the load balancer pool
@@ -865,7 +865,7 @@ class ClcLoadBalancer:
         """
         argument_spec = dict(
             name=dict(required=True),
-            description=dict(default=None),
+            description=dict(),
             location=dict(required=True),
             alias=dict(required=True),
             port=dict(choices=[80, 443]),

plugins/modules/cloud/centurylink/clc_server.py

@@ -567,31 +567,31 @@ class ClcServer:
             template=dict(),
             group=dict(default='Default Group'),
             network_id=dict(),
-            location=dict(default=None),
+            location=dict(),
             cpu=dict(default=1, type='int'),
             memory=dict(default=1, type='int'),
-            alias=dict(default=None),
-            password=dict(default=None, no_log=True),
-            ip_address=dict(default=None),
+            alias=dict(),
+            password=dict(no_log=True),
+            ip_address=dict(),
             storage_type=dict(
                 default='standard',
                 choices=[
                     'standard',
                     'hyperscale']),
             type=dict(default='standard', choices=['standard', 'hyperscale', 'bareMetal']),
-            primary_dns=dict(default=None),
-            secondary_dns=dict(default=None),
+            primary_dns=dict(),
+            secondary_dns=dict(),
             additional_disks=dict(type='list', default=[], elements='dict'),
             custom_fields=dict(type='list', default=[], elements='dict'),
-            ttl=dict(default=None),
+            ttl=dict(),
             managed_os=dict(type='bool', default=False),
-            description=dict(default=None),
-            source_server_password=dict(default=None, no_log=True),
-            cpu_autoscale_policy_id=dict(default=None),
-            anti_affinity_policy_id=dict(default=None),
-            anti_affinity_policy_name=dict(default=None),
-            alert_policy_id=dict(default=None),
-            alert_policy_name=dict(default=None),
+            description=dict(),
+            source_server_password=dict(no_log=True),
+            cpu_autoscale_policy_id=dict(),
+            anti_affinity_policy_id=dict(),
+            anti_affinity_policy_name=dict(),
+            alert_policy_id=dict(),
+            alert_policy_name=dict(),
             packages=dict(type='list', default=[], elements='dict'),
             state=dict(
                 default='present',
@@ -601,7 +601,7 @@ class ClcServer:
                     'started',
                     'stopped']),
             count=dict(type='int', default=1),
-            exact_count=dict(type='int', default=None),
+            exact_count=dict(type='int', ),
             count_group=dict(),
             server_ids=dict(type='list', default=[], elements='str'),
             add_public_ip=dict(type='bool', default=False),
@@ -612,14 +612,13 @@ class ClcServer:
                     'UDP',
                     'ICMP']),
             public_ip_ports=dict(type='list', default=[], elements='dict'),
-            configuration_id=dict(default=None),
-            os_type=dict(default=None,
-                         choices=[
-                             'redHat6_64Bit',
-                             'centOS6_64Bit',
-                             'windows2012R2Standard_64Bit',
-                             'ubuntu14_64Bit'
-                         ]),
+            configuration_id=dict(),
+            os_type=dict(choices=[
+                'redHat6_64Bit',
+                'centOS6_64Bit',
+                'windows2012R2Standard_64Bit',
+                'ubuntu14_64Bit'
+            ]),
             wait=dict(type='bool', default=True))
 
         mutually_exclusive = [

plugins/modules/cloud/centurylink/clc_server_snapshot.py

@@ -36,7 +36,7 @@ options:
   wait:
     description:
       - Whether to wait for the provisioning tasks to finish before returning.
-    default: True
+    default: 'True'
     required: False
     type: str
 requirements:

plugins/modules/cloud/huawei/hwc_vpc_security_group.py

@@ -51,7 +51,6 @@ options:
               group.s
         type: str
         required: false
-        default: 0
     vpc_id:
         description:
             - Specifies the resource ID of the VPC to which the security group

plugins/modules/cloud/lxd/lxd_container.py

@@ -21,6 +21,13 @@ options:
           - Name of an instance.
         type: str
         required: true
+    project:
+        description:
+          - 'Project of an instance.
+            See U(https://github.com/lxc/lxd/blob/master/doc/projects.md).'
+        required: false
+        type: str
+        version_added: 4.8.0
     architecture:
         description:
           - 'The architecture for the instance (for example C(x86_64) or C(i686)).
@@ -248,6 +255,26 @@ EXAMPLES = '''
         wait_for_ipv4_addresses: true
         timeout: 600
 
+# An example for creating container in project other than default
+- hosts: localhost
+  connection: local
+  tasks:
+    - name: Create a started container in project mytestproject
+      community.general.lxd_container:
+        name: mycontainer
+        project: mytestproject
+        ignore_volatile_options: true
+        state: started
+        source:
+          protocol: simplestreams
+          type: image
+          mode: pull
+          server: https://images.linuxcontainers.org
+          alias: ubuntu/20.04/cloud
+        profiles: ["default"]
+        wait_for_ipv4_addresses: true
+        timeout: 600
+
 # An example for deleting a container
 - hosts: localhost
   connection: local
@@ -412,6 +439,7 @@ class LXDContainerManagement(object):
         """
         self.module = module
         self.name = self.module.params['name']
+        self.project = self.module.params['project']
         self._build_config()
 
         self.state = self.module.params['state']
@@ -468,16 +496,16 @@ class LXDContainerManagement(object):
                 self.config[attr] = param_val
 
     def _get_instance_json(self):
-        return self.client.do(
-            'GET', '{0}/{1}'.format(self.api_endpoint, self.name),
-            ok_error_codes=[404]
-        )
+        url = '{0}/{1}'.format(self.api_endpoint, self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
+        return self.client.do('GET', url, ok_error_codes=[404])
 
     def _get_instance_state_json(self):
-        return self.client.do(
-            'GET', '{0}/{1}/state'.format(self.api_endpoint, self.name),
-            ok_error_codes=[404]
-        )
+        url = '{0}/{1}/state'.format(self.api_endpoint, self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
+        return self.client.do('GET', url, ok_error_codes=[404])
 
     @staticmethod
     def _instance_json_to_module_state(resp_json):
@@ -486,18 +514,26 @@ class LXDContainerManagement(object):
         return ANSIBLE_LXD_STATES[resp_json['metadata']['status']]
 
     def _change_state(self, action, force_stop=False):
+        url = '{0}/{1}/state'.format(self.api_endpoint, self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
         body_json = {'action': action, 'timeout': self.timeout}
         if force_stop:
             body_json['force'] = True
-        return self.client.do('PUT', '{0}/{1}/state'.format(self.api_endpoint, self.name), body_json=body_json)
+        return self.client.do('PUT', url, body_json=body_json)
 
     def _create_instance(self):
+        url = self.api_endpoint
+        url_params = dict()
+        if self.target:
+            url_params['target'] = self.target
+        if self.project:
+            url_params['project'] = self.project
+        if url_params:
+            url = '{0}?{1}'.format(url, urlencode(url_params))
         config = self.config.copy()
         config['name'] = self.name
-        if self.target:
-            self.client.do('POST', '{0}?{1}'.format(self.api_endpoint, urlencode(dict(target=self.target))), config, wait_for_container=self.wait_for_container)
-        else:
-            self.client.do('POST', self.api_endpoint, config, wait_for_container=self.wait_for_container)
+        self.client.do('POST', url, config, wait_for_container=self.wait_for_container)
         self.actions.append('create')
 
     def _start_instance(self):
@@ -513,7 +549,10 @@ class LXDContainerManagement(object):
         self.actions.append('restart')
 
     def _delete_instance(self):
-        self.client.do('DELETE', '{0}/{1}'.format(self.api_endpoint, self.name))
+        url = '{0}/{1}'.format(self.api_endpoint, self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
+        self.client.do('DELETE', url)
         self.actions.append('delete')
 
     def _freeze_instance(self):
@@ -666,7 +705,10 @@ class LXDContainerManagement(object):
         if self._needs_to_change_instance_config('profiles'):
             body_json['profiles'] = self.config['profiles']
 
-        self.client.do('PUT', '{0}/{1}'.format(self.api_endpoint, self.name), body_json=body_json)
+        url = '{0}/{1}'.format(self.api_endpoint, self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
+        self.client.do('PUT', url, body_json=body_json)
         self.actions.append('apply_instance_configs')
 
     def run(self):
@@ -715,6 +757,9 @@ def main():
                 type='str',
                 required=True
             ),
+            project=dict(
+                type='str',
+            ),
             architecture=dict(
                 type='str',
             ),

plugins/modules/cloud/lxd/lxd_profile.py

@@ -21,6 +21,13 @@ options:
           - Name of a profile.
         required: true
         type: str
+    project:
+        description:
+         - 'Project of a profile.
+           See U(https://github.com/lxc/lxd/blob/master/doc/projects.md).'
+        type: str
+        required: false
+        version_added: 4.8.0
     description:
         description:
           - Description of the profile.
@@ -129,6 +136,19 @@ EXAMPLES = '''
             parent: br0
             type: nic
 
+# An example for creating a profile in project mytestproject
+- hosts: localhost
+  connection: local
+  tasks:
+    - name: Create a profile
+      community.general.lxd_profile:
+        name: testprofile
+        project: mytestproject
+        state: present
+        config: {}
+        description: test profile in project mytestproject
+        devices: {}
+
 # An example for creating a profile via http connection
 - hosts: localhost
   connection: local
@@ -208,6 +228,7 @@ actions:
 import os
 from ansible.module_utils.basic import AnsibleModule
 from ansible_collections.community.general.plugins.module_utils.lxd import LXDClient, LXDClientException
+from ansible.module_utils.six.moves.urllib.parse import urlencode
 
 # ANSIBLE_LXD_DEFAULT_URL is a default value of the lxd endpoint
 ANSIBLE_LXD_DEFAULT_URL = 'unix:/var/lib/lxd/unix.socket'
@@ -232,6 +253,7 @@ class LXDProfileManagement(object):
         """
         self.module = module
         self.name = self.module.params['name']
+        self.project = self.module.params['project']
         self._build_config()
         self.state = self.module.params['state']
         self.new_name = self.module.params.get('new_name', None)
@@ -272,10 +294,10 @@ class LXDProfileManagement(object):
                 self.config[attr] = param_val
 
     def _get_profile_json(self):
-        return self.client.do(
-            'GET', '/1.0/profiles/{0}'.format(self.name),
-            ok_error_codes=[404]
-        )
+        url = '/1.0/profiles/{0}'.format(self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
+        return self.client.do('GET', url, ok_error_codes=[404])
 
     @staticmethod
     def _profile_json_to_module_state(resp_json):
@@ -307,14 +329,20 @@ class LXDProfileManagement(object):
                         changed=False)
 
     def _create_profile(self):
+        url = '/1.0/profiles'
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
         config = self.config.copy()
         config['name'] = self.name
-        self.client.do('POST', '/1.0/profiles', config)
+        self.client.do('POST', url, config)
         self.actions.append('create')
 
     def _rename_profile(self):
+        url = '/1.0/profiles/{0}'.format(self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
         config = {'name': self.new_name}
-        self.client.do('POST', '/1.0/profiles/{0}'.format(self.name), config)
+        self.client.do('POST', url, config)
         self.actions.append('rename')
         self.name = self.new_name
 
@@ -421,11 +449,17 @@ class LXDProfileManagement(object):
             config = self._generate_new_config(config)
 
         # upload config to lxd
-        self.client.do('PUT', '/1.0/profiles/{0}'.format(self.name), config)
+        url = '/1.0/profiles/{0}'.format(self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
+        self.client.do('PUT', url, config)
         self.actions.append('apply_profile_configs')
 
     def _delete_profile(self):
-        self.client.do('DELETE', '/1.0/profiles/{0}'.format(self.name))
+        url = '/1.0/profiles/{0}'.format(self.name)
+        if self.project:
+            url = '{0}?{1}'.format(url, urlencode(dict(project=self.project)))
+        self.client.do('DELETE', url)
         self.actions.append('delete')
 
     def run(self):
@@ -469,6 +503,9 @@ def main():
                 type='str',
                 required=True
             ),
+            project=dict(
+                type='str',
+            ),
             new_name=dict(
                 type='str',
             ),

plugins/modules/cloud/lxd/lxd_project.py

@@ -0,0 +1,451 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: lxd_project
+short_description: Manage LXD projects
+version_added: 4.8.0
+description:
+  - Management of LXD projects.
+author: "Raymond Chang (@we10710aa)"
+options:
+    name:
+        description:
+          - Name of the project.
+        required: true
+        type: str
+    description:
+        description:
+          - Description of the project.
+        type: str
+    config:
+        description:
+          - 'The config for the project (for example C({"features.profiles": "true"})).
+            See U(https://linuxcontainers.org/lxd/docs/master/projects/).'
+          - If the project already exists and its "config" value in metadata
+            obtained from
+            C(GET /1.0/projects/<name>)
+            U(https://linuxcontainers.org/lxd/docs/master/api/#/projects/project_get)
+            are different, then this module tries to apply the configurations.
+        type: dict
+    new_name:
+        description:
+          - A new name of a project.
+          - If this parameter is specified a project will be renamed to this name.
+            See U(https://linuxcontainers.org/lxd/docs/master/api/#/projects/project_post).
+        required: false
+        type: str
+    merge_project:
+        description:
+            - Merge the configuration of the present project with the new desired configuration,
+              instead of replacing it. If configuration is the same after merged, no change will be made.
+        required: false
+        default: false
+        type: bool
+    state:
+        choices:
+          - present
+          - absent
+        description:
+          - Define the state of a project.
+        required: false
+        default: present
+        type: str
+    url:
+        description:
+          - The Unix domain socket path or the https URL for the LXD server.
+        required: false
+        default: unix:/var/lib/lxd/unix.socket
+        type: str
+    snap_url:
+        description:
+          - The Unix domain socket path when LXD is installed by snap package manager.
+        required: false
+        default: unix:/var/snap/lxd/common/lxd/unix.socket
+        type: str
+    client_key:
+        description:
+          - The client certificate key file path.
+          - If not specified, it defaults to C($HOME/.config/lxc/client.key).
+        required: false
+        aliases: [ key_file ]
+        type: path
+    client_cert:
+        description:
+          - The client certificate file path.
+          - If not specified, it defaults to C($HOME/.config/lxc/client.crt).
+        required: false
+        aliases: [ cert_file ]
+        type: path
+    trust_password:
+        description:
+          - The client trusted password.
+          - 'You need to set this password on the LXD server before
+            running this module using the following command:
+            C(lxc config set core.trust_password <some random password>)
+            See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).'
+          - If I(trust_password) is set, this module send a request for
+            authentication before sending any requests.
+        required: false
+        type: str
+notes:
+  - Projects must have a unique name. If you attempt to create a project
+    with a name that already existed in the users namespace the module will
+    simply return as "unchanged".
+'''
+
+EXAMPLES = '''
+# An example for creating a project
+- hosts: localhost
+  connection: local
+  tasks:
+    - name: Create a project
+      community.general.lxd_project:
+        name: ansible-test-project
+        state: present
+        config: {}
+        description: my new project
+
+# An example for renaming a project
+- hosts: localhost
+  connection: local
+  tasks:
+    - name: Rename ansible-test-project to ansible-test-project-new-name
+      community.general.lxd_project:
+        name: ansible-test-project
+        new_name: ansible-test-project-new-name
+        state: present
+        config: {}
+        description: my new project
+'''
+
+RETURN = '''
+old_state:
+  description: The old state of the project.
+  returned: success
+  type: str
+  sample: "absent"
+logs:
+  description: The logs of requests and responses.
+  returned: when ansible-playbook is invoked with -vvvv.
+  type: list
+  elements: dict
+  contains:
+    type:
+      description: Type of actions performed, currently only C(sent request).
+      type: str
+      sample: "sent request"
+    request:
+      description: HTTP request sent to LXD server.
+      type: dict
+      contains:
+        method:
+          description: Method of HTTP request.
+          type: str
+          sample: "GET"
+        url:
+          description: URL path of HTTP request.
+          type: str
+          sample: "/1.0/projects/test-project"
+        json:
+          description: JSON body of HTTP request.
+          type: str
+          sample: "(too long to be placed here)"
+        timeout:
+          description: Timeout of HTTP request, C(null) if unset.
+          type: int
+          sample: null
+    response:
+      description: HTTP response received from LXD server.
+      type: dict
+      contains:
+        json:
+          description: JSON of HTTP response.
+          type: str
+          sample: "(too long to be placed here)"
+actions:
+  description: List of actions performed for the project.
+  returned: success
+  type: list
+  elements: str
+  sample: ["create"]
+'''
+
+from ansible_collections.community.general.plugins.module_utils.lxd import LXDClient, LXDClientException
+from ansible.module_utils.basic import AnsibleModule
+import os
+
+# ANSIBLE_LXD_DEFAULT_URL is a default value of the lxd endpoint
+ANSIBLE_LXD_DEFAULT_URL = 'unix:/var/lib/lxd/unix.socket'
+
+# PROJECTS_STATES is a list for states supported
+PROJECTS_STATES = [
+    'present', 'absent'
+]
+
+# CONFIG_PARAMS is a list of config attribute names.
+CONFIG_PARAMS = [
+    'config', 'description'
+]
+
+
+class LXDProjectManagement(object):
+    def __init__(self, module):
+        """Management of LXC projects via Ansible.
+
+        :param module: Processed Ansible Module.
+        :type module: ``object``
+        """
+        self.module = module
+        self.name = self.module.params['name']
+        self._build_config()
+        self.state = self.module.params['state']
+        self.new_name = self.module.params.get('new_name', None)
+
+        self.key_file = self.module.params.get('client_key')
+        if self.key_file is None:
+            self.key_file = os.path.expanduser('~/.config/lxc/client.key')
+        self.cert_file = self.module.params.get('client_cert')
+        if self.cert_file is None:
+            self.cert_file = os.path.expanduser('~/.config/lxc/client.crt')
+        self.debug = self.module._verbosity >= 4
+
+        try:
+            if self.module.params['url'] != ANSIBLE_LXD_DEFAULT_URL:
+                self.url = self.module.params['url']
+            elif os.path.exists(self.module.params['snap_url'].replace('unix:', '')):
+                self.url = self.module.params['snap_url']
+            else:
+                self.url = self.module.params['url']
+        except Exception as e:
+            self.module.fail_json(msg=e.msg)
+
+        try:
+            self.client = LXDClient(
+                self.url, key_file=self.key_file, cert_file=self.cert_file,
+                debug=self.debug
+            )
+        except LXDClientException as e:
+            self.module.fail_json(msg=e.msg)
+        self.trust_password = self.module.params.get('trust_password', None)
+        self.actions = []
+
+    def _build_config(self):
+        self.config = {}
+        for attr in CONFIG_PARAMS:
+            param_val = self.module.params.get(attr, None)
+            if param_val is not None:
+                self.config[attr] = param_val
+
+    def _get_project_json(self):
+        return self.client.do(
+            'GET', '/1.0/projects/{0}'.format(self.name),
+            ok_error_codes=[404]
+        )
+
+    @staticmethod
+    def _project_json_to_module_state(resp_json):
+        if resp_json['type'] == 'error':
+            return 'absent'
+        return 'present'
+
+    def _update_project(self):
+        if self.state == 'present':
+            if self.old_state == 'absent':
+                if self.new_name is None:
+                    self._create_project()
+                else:
+                    self.module.fail_json(
+                        msg='new_name must not be set when the project does not exist and the state is present',
+                        changed=False)
+            else:
+                if self.new_name is not None and self.new_name != self.name:
+                    self._rename_project()
+                if self._needs_to_apply_project_configs():
+                    self._apply_project_configs()
+        elif self.state == 'absent':
+            if self.old_state == 'present':
+                if self.new_name is None:
+                    self._delete_project()
+                else:
+                    self.module.fail_json(
+                        msg='new_name must not be set when the project exists and the specified state is absent',
+                        changed=False)
+
+    def _create_project(self):
+        config = self.config.copy()
+        config['name'] = self.name
+        self.client.do('POST', '/1.0/projects', config)
+        self.actions.append('create')
+
+    def _rename_project(self):
+        config = {'name': self.new_name}
+        self.client.do('POST', '/1.0/projects/{0}'.format(self.name), config)
+        self.actions.append('rename')
+        self.name = self.new_name
+
+    def _needs_to_change_project_config(self, key):
+        if key not in self.config:
+            return False
+        old_configs = self.old_project_json['metadata'].get(key, None)
+        return self.config[key] != old_configs
+
+    def _needs_to_apply_project_configs(self):
+        return (
+            self._needs_to_change_project_config('config') or
+            self._needs_to_change_project_config('description')
+        )
+
+    def _merge_dicts(self, source, destination):
+        """ Return a new dict taht merge two dict,
+        with values in source dict overwrite destination dict
+
+        Args:
+            dict(source): source dict
+            dict(destination): destination dict
+        Kwargs:
+            None
+        Raises:
+            None
+        Returns:
+            dict(destination): merged dict"""
+        result = destination.copy()
+        for key, value in source.items():
+            if isinstance(value, dict):
+                # get node or create one
+                node = result.setdefault(key, {})
+                self._merge_dicts(value, node)
+            else:
+                result[key] = value
+        return result
+
+    def _apply_project_configs(self):
+        """ Selection of the procedure: rebuild or merge
+
+        The standard behavior is that all information not contained
+        in the play is discarded.
+
+        If "merge_project" is provides in the play and "True", then existing
+        configurations from the project and new ones defined are merged.
+
+        Args:
+            None
+        Kwargs:
+            None
+        Raises:
+            None
+        Returns:
+            None"""
+        old_config = dict()
+        old_metadata = self.old_project_json['metadata'].copy()
+        for attr in CONFIG_PARAMS:
+            old_config[attr] = old_metadata[attr]
+
+        if self.module.params['merge_project']:
+            config = self._merge_dicts(self.config, old_config)
+            if config == old_config:
+                # no need to call api if merged config is the same
+                # as old config
+                return
+        else:
+            config = self.config.copy()
+        # upload config to lxd
+        self.client.do('PUT', '/1.0/projects/{0}'.format(self.name), config)
+        self.actions.append('apply_projects_configs')
+
+    def _delete_project(self):
+        self.client.do('DELETE', '/1.0/projects/{0}'.format(self.name))
+        self.actions.append('delete')
+
+    def run(self):
+        """Run the main method."""
+
+        try:
+            if self.trust_password is not None:
+                self.client.authenticate(self.trust_password)
+
+            self.old_project_json = self._get_project_json()
+            self.old_state = self._project_json_to_module_state(
+                self.old_project_json)
+            self._update_project()
+
+            state_changed = len(self.actions) > 0
+            result_json = {
+                'changed': state_changed,
+                'old_state': self.old_state,
+                'actions': self.actions
+            }
+            if self.client.debug:
+                result_json['logs'] = self.client.logs
+            self.module.exit_json(**result_json)
+        except LXDClientException as e:
+            state_changed = len(self.actions) > 0
+            fail_params = {
+                'msg': e.msg,
+                'changed': state_changed,
+                'actions': self.actions
+            }
+            if self.client.debug:
+                fail_params['logs'] = e.kwargs['logs']
+            self.module.fail_json(**fail_params)
+
+
+def main():
+    """Ansible Main module."""
+
+    module = AnsibleModule(
+        argument_spec=dict(
+            name=dict(
+                type='str',
+                required=True
+            ),
+            new_name=dict(
+                type='str',
+            ),
+            config=dict(
+                type='dict',
+            ),
+            description=dict(
+                type='str',
+            ),
+            merge_project=dict(
+                type='bool',
+                default=False
+            ),
+            state=dict(
+                choices=PROJECTS_STATES,
+                default='present'
+            ),
+            url=dict(
+                type='str',
+                default=ANSIBLE_LXD_DEFAULT_URL
+            ),
+            snap_url=dict(
+                type='str',
+                default='unix:/var/snap/lxd/common/lxd/unix.socket'
+            ),
+            client_key=dict(
+                type='path',
+                aliases=['key_file']
+            ),
+            client_cert=dict(
+                type='path',
+                aliases=['cert_file']
+            ),
+            trust_password=dict(type='str', no_log=True)
+        ),
+        supports_check_mode=False,
+    )
+
+    lxd_manage = LXDProjectManagement(module=module)
+    lxd_manage.run()
+
+
+if __name__ == '__main__':
+    main()

plugins/modules/cloud/misc/proxmox.py

@@ -1,5 +1,6 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
+#
 # Copyright: Ansible Project
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
@@ -392,229 +393,189 @@ import traceback
 
 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
-try:
-    from proxmoxer import ProxmoxAPI
-    HAS_PROXMOXER = True
-except ImportError:
-    HAS_PROXMOXER = False
-
 from ansible.module_utils.basic import AnsibleModule, env_fallback
 from ansible.module_utils.common.text.converters import to_native
 
 from ansible_collections.community.general.plugins.module_utils.proxmox import (
-    ansible_to_proxmox_bool
-)
-
+    ansible_to_proxmox_bool, proxmox_auth_argument_spec, ProxmoxAnsible)
 
 VZ_TYPE = None
 
 
-def get_nextvmid(module, proxmox):
-    try:
-        vmid = proxmox.cluster.nextid.get()
-        return vmid
-    except Exception as e:
-        module.fail_json(msg="Unable to get next vmid. Failed with exception: %s" % to_native(e),
-                         exception=traceback.format_exc())
+class ProxmoxLxcAnsible(ProxmoxAnsible):
+    def content_check(self, node, ostemplate, template_store):
+        return [True for cnt in self.proxmox_api.nodes(node).storage(template_store).content.get() if cnt['volid'] == ostemplate]
 
+    def is_template_container(self, node, vmid):
+        """Check if the specified container is a template."""
+        proxmox_node = self.proxmox_api.nodes(node)
+        config = getattr(proxmox_node, VZ_TYPE)(vmid).config.get()
+        return config['template']
 
-def get_vmid(proxmox, hostname):
-    return [vm['vmid'] for vm in proxmox.cluster.resources.get(type='vm') if 'name' in vm and vm['name'] == hostname]
+    def create_instance(self, vmid, node, disk, storage, cpus, memory, swap, timeout, clone, **kwargs):
+        proxmox_node = self.proxmox_api.nodes(node)
 
+        # Remove all empty kwarg entries
+        kwargs = dict((k, v) for k, v in kwargs.items() if v is not None)
 
-def get_instance(proxmox, vmid):
-    return [vm for vm in proxmox.cluster.resources.get(type='vm') if vm['vmid'] == int(vmid)]
-
-
-def content_check(proxmox, node, ostemplate, template_store):
-    return [True for cnt in proxmox.nodes(node).storage(template_store).content.get() if cnt['volid'] == ostemplate]
-
-
-def is_template_container(proxmox, node, vmid):
-    """Check if the specified container is a template."""
-    proxmox_node = proxmox.nodes(node)
-    config = getattr(proxmox_node, VZ_TYPE)(vmid).config.get()
-    return config['template']
-
-
-def node_check(proxmox, node):
-    return [True for nd in proxmox.nodes.get() if nd['node'] == node]
-
-
-def proxmox_version(proxmox):
-    apireturn = proxmox.version.get()
-    return LooseVersion(apireturn['version'])
-
-
-def create_instance(module, proxmox, vmid, node, disk, storage, cpus, memory, swap, timeout, clone, **kwargs):
-    proxmox_node = proxmox.nodes(node)
-
-    # Remove all empty kwarg entries
-    kwargs = dict((k, v) for k, v in kwargs.items() if v is not None)
-
-    if VZ_TYPE == 'lxc':
-        kwargs['cpulimit'] = cpus
-        kwargs['rootfs'] = disk
-        if 'netif' in kwargs:
-            kwargs.update(kwargs['netif'])
-            del kwargs['netif']
-        if 'mounts' in kwargs:
-            kwargs.update(kwargs['mounts'])
-            del kwargs['mounts']
-        if 'pubkey' in kwargs:
-            if proxmox_version(proxmox) >= LooseVersion('4.2'):
-                kwargs['ssh-public-keys'] = kwargs['pubkey']
-            del kwargs['pubkey']
-    else:
-        kwargs['cpus'] = cpus
-        kwargs['disk'] = disk
-
-    if clone is not None:
-        if VZ_TYPE != 'lxc':
-            module.fail_json(changed=False, msg="Clone operator is only supported for LXC enabled proxmox clusters.")
-
-        clone_is_template = is_template_container(proxmox, node, clone)
-
-        # By default, create a full copy only when the cloned container is not a template.
-        create_full_copy = not clone_is_template
-
-        # Only accept parameters that are compatible with the clone endpoint.
-        valid_clone_parameters = ['hostname', 'pool', 'description']
-        if module.params['storage'] is not None and clone_is_template:
-            # Cloning a template, so create a full copy instead of a linked copy
-            create_full_copy = True
-        elif module.params['storage'] is None and not clone_is_template:
-            # Not cloning a template, but also no defined storage. This isn't possible.
-            module.fail_json(changed=False, msg="Cloned container is not a template, storage needs to be specified.")
-
-        if module.params['clone_type'] == 'linked':
-            if not clone_is_template:
-                module.fail_json(changed=False, msg="'linked' clone type is specified, but cloned container is not a template container.")
-            # Don't need to do more, by default create_full_copy is set to false already
-        elif module.params['clone_type'] == 'opportunistic':
-            if not clone_is_template:
-                # Cloned container is not a template, so we need our 'storage' parameter
-                valid_clone_parameters.append('storage')
-        elif module.params['clone_type'] == 'full':
-            create_full_copy = True
-            valid_clone_parameters.append('storage')
-
-        clone_parameters = {}
-
-        if create_full_copy:
-            clone_parameters['full'] = '1'
+        if VZ_TYPE == 'lxc':
+            kwargs['cpulimit'] = cpus
+            kwargs['rootfs'] = disk
+            if 'netif' in kwargs:
+                kwargs.update(kwargs['netif'])
+                del kwargs['netif']
+            if 'mounts' in kwargs:
+                kwargs.update(kwargs['mounts'])
+                del kwargs['mounts']
+            if 'pubkey' in kwargs:
+                if self.version() >= LooseVersion('4.2'):
+                    kwargs['ssh-public-keys'] = kwargs['pubkey']
+                del kwargs['pubkey']
         else:
-            clone_parameters['full'] = '0'
-        for param in valid_clone_parameters:
-            if module.params[param] is not None:
-                clone_parameters[param] = module.params[param]
+            kwargs['cpus'] = cpus
+            kwargs['disk'] = disk
 
-        taskid = getattr(proxmox_node, VZ_TYPE)(clone).clone.post(newid=vmid, **clone_parameters)
-    else:
-        taskid = getattr(proxmox_node, VZ_TYPE).create(vmid=vmid, storage=storage, memory=memory, swap=swap, **kwargs)
+        if clone is not None:
+            if VZ_TYPE != 'lxc':
+                self.module.fail_json(changed=False, msg="Clone operator is only supported for LXC enabled proxmox clusters.")
 
-    while timeout:
-        if (proxmox_node.tasks(taskid).status.get()['status'] == 'stopped' and
-                proxmox_node.tasks(taskid).status.get()['exitstatus'] == 'OK'):
-            return True
-        timeout -= 1
-        if timeout == 0:
-            module.fail_json(msg='Reached timeout while waiting for creating VM. Last line in task before timeout: %s' %
-                                 proxmox_node.tasks(taskid).log.get()[:1])
+            clone_is_template = self.is_template_container(node, clone)
 
-        time.sleep(1)
-    return False
+            # By default, create a full copy only when the cloned container is not a template.
+            create_full_copy = not clone_is_template
 
+            # Only accept parameters that are compatible with the clone endpoint.
+            valid_clone_parameters = ['hostname', 'pool', 'description']
+            if self.module.params['storage'] is not None and clone_is_template:
+                # Cloning a template, so create a full copy instead of a linked copy
+                create_full_copy = True
+            elif self.module.params['storage'] is None and not clone_is_template:
+                # Not cloning a template, but also no defined storage. This isn't possible.
+                self.module.fail_json(changed=False, msg="Cloned container is not a template, storage needs to be specified.")
 
-def start_instance(module, proxmox, vm, vmid, timeout):
-    taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.start.post()
-    while timeout:
-        if (proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['status'] == 'stopped' and
-                proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
-            return True
-        timeout -= 1
-        if timeout == 0:
-            module.fail_json(msg='Reached timeout while waiting for starting VM. Last line in task before timeout: %s' %
-                                 proxmox.nodes(vm[0]['node']).tasks(taskid).log.get()[:1])
+            if self.module.params['clone_type'] == 'linked':
+                if not clone_is_template:
+                    self.module.fail_json(changed=False, msg="'linked' clone type is specified, but cloned container is not a template container.")
+                # Don't need to do more, by default create_full_copy is set to false already
+            elif self.module.params['clone_type'] == 'opportunistic':
+                if not clone_is_template:
+                    # Cloned container is not a template, so we need our 'storage' parameter
+                    valid_clone_parameters.append('storage')
+            elif self.module.params['clone_type'] == 'full':
+                create_full_copy = True
+                valid_clone_parameters.append('storage')
 
-        time.sleep(1)
-    return False
+            clone_parameters = {}
 
+            if create_full_copy:
+                clone_parameters['full'] = '1'
+            else:
+                clone_parameters['full'] = '0'
+            for param in valid_clone_parameters:
+                if self.module.params[param] is not None:
+                    clone_parameters[param] = self.module.params[param]
 
-def stop_instance(module, proxmox, vm, vmid, timeout, force):
-    if force:
-        taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.shutdown.post(forceStop=1)
-    else:
-        taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.shutdown.post()
-    while timeout:
-        if (proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['status'] == 'stopped' and
-                proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
-            return True
-        timeout -= 1
-        if timeout == 0:
-            module.fail_json(msg='Reached timeout while waiting for stopping VM. Last line in task before timeout: %s' %
-                                 proxmox.nodes(vm[0]['node']).tasks(taskid).log.get()[:1])
+            taskid = getattr(proxmox_node, VZ_TYPE)(clone).clone.post(newid=vmid, **clone_parameters)
+        else:
+            taskid = getattr(proxmox_node, VZ_TYPE).create(vmid=vmid, storage=storage, memory=memory, swap=swap, **kwargs)
 
-        time.sleep(1)
-    return False
+        while timeout:
+            if (proxmox_node.tasks(taskid).status.get()['status'] == 'stopped' and
+                    proxmox_node.tasks(taskid).status.get()['exitstatus'] == 'OK'):
+                return True
+            timeout -= 1
+            if timeout == 0:
+                self.module.fail_json(msg='Reached timeout while waiting for creating VM. Last line in task before timeout: %s' %
+                                      proxmox_node.tasks(taskid).log.get()[:1])
 
+            time.sleep(1)
+        return False
 
-def umount_instance(module, proxmox, vm, vmid, timeout):
-    taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.umount.post()
-    while timeout:
-        if (proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['status'] == 'stopped' and
-                proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
-            return True
-        timeout -= 1
-        if timeout == 0:
-            module.fail_json(msg='Reached timeout while waiting for unmounting VM. Last line in task before timeout: %s' %
-                                 proxmox.nodes(vm[0]['node']).tasks(taskid).log.get()[:1])
+    def start_instance(self, vm, vmid, timeout):
+        taskid = getattr(self.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.start.post()
+        while timeout:
+            if (self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()['status'] == 'stopped' and
+                    self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
+                return True
+            timeout -= 1
+            if timeout == 0:
+                self.module.fail_json(msg='Reached timeout while waiting for starting VM. Last line in task before timeout: %s' %
+                                      self.proxmox_api.nodes(vm['node']).tasks(taskid).log.get()[:1])
 
-        time.sleep(1)
-    return False
+            time.sleep(1)
+        return False
+
+    def stop_instance(self, vm, vmid, timeout, force):
+        if force:
+            taskid = getattr(self.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.shutdown.post(forceStop=1)
+        else:
+            taskid = getattr(self.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.shutdown.post()
+        while timeout:
+            if (self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()['status'] == 'stopped' and
+                    self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
+                return True
+            timeout -= 1
+            if timeout == 0:
+                self.module.fail_json(msg='Reached timeout while waiting for stopping VM. Last line in task before timeout: %s' %
+                                      self.proxmox_api.nodes(vm['node']).tasks(taskid).log.get()[:1])
+
+            time.sleep(1)
+        return False
+
+    def umount_instance(self, vm, vmid, timeout):
+        taskid = getattr(self.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.umount.post()
+        while timeout:
+            if (self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()['status'] == 'stopped' and
+                    self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
+                return True
+            timeout -= 1
+            if timeout == 0:
+                self.module.fail_json(msg='Reached timeout while waiting for unmounting VM. Last line in task before timeout: %s' %
+                                      self.proxmox_api.nodes(vm['node']).tasks(taskid).log.get()[:1])
+
+            time.sleep(1)
+        return False
 
 
 def main():
+    module_args = proxmox_auth_argument_spec()
+    proxmox_args = dict(
+        vmid=dict(type='int', required=False),
+        node=dict(),
+        pool=dict(),
+        password=dict(no_log=True),
+        hostname=dict(),
+        ostemplate=dict(),
+        disk=dict(type='str'),
+        cores=dict(type='int'),
+        cpus=dict(type='int'),
+        memory=dict(type='int'),
+        swap=dict(type='int'),
+        netif=dict(type='dict'),
+        mounts=dict(type='dict'),
+        ip_address=dict(),
+        onboot=dict(type='bool'),
+        features=dict(type='list', elements='str'),
+        storage=dict(default='local'),
+        cpuunits=dict(type='int'),
+        nameserver=dict(),
+        searchdomain=dict(),
+        timeout=dict(type='int', default=30),
+        force=dict(type='bool', default=False),
+        purge=dict(type='bool', default=False),
+        state=dict(default='present', choices=['present', 'absent', 'stopped', 'started', 'restarted']),
+        pubkey=dict(type='str'),
+        unprivileged=dict(type='bool', default=False),
+        description=dict(type='str'),
+        hookscript=dict(type='str'),
+        proxmox_default_behavior=dict(type='str', default='no_defaults', choices=['compatibility', 'no_defaults']),
+        clone=dict(type='int'),
+        clone_type=dict(default='opportunistic', choices=['full', 'linked', 'opportunistic']),
+    )
+    module_args.update(proxmox_args)
+
     module = AnsibleModule(
-        argument_spec=dict(
-            api_host=dict(required=True),
-            api_password=dict(no_log=True, fallback=(env_fallback, ['PROXMOX_PASSWORD'])),
-            api_token_id=dict(no_log=True),
-            api_token_secret=dict(no_log=True),
-            api_user=dict(required=True),
-            vmid=dict(type='int', required=False),
-            validate_certs=dict(type='bool', default=False),
-            node=dict(),
-            pool=dict(),
-            password=dict(no_log=True),
-            hostname=dict(),
-            ostemplate=dict(),
-            disk=dict(type='str'),
-            cores=dict(type='int'),
-            cpus=dict(type='int'),
-            memory=dict(type='int'),
-            swap=dict(type='int'),
-            netif=dict(type='dict'),
-            mounts=dict(type='dict'),
-            ip_address=dict(),
-            onboot=dict(type='bool'),
-            features=dict(type='list', elements='str'),
-            storage=dict(default='local'),
-            cpuunits=dict(type='int'),
-            nameserver=dict(),
-            searchdomain=dict(),
-            timeout=dict(type='int', default=30),
-            force=dict(type='bool', default=False),
-            purge=dict(type='bool', default=False),
-            state=dict(default='present', choices=['present', 'absent', 'stopped', 'started', 'restarted']),
-            pubkey=dict(type='str', default=None),
-            unprivileged=dict(type='bool', default=False),
-            description=dict(type='str'),
-            hookscript=dict(type='str'),
-            proxmox_default_behavior=dict(type='str', default='no_defaults', choices=['compatibility', 'no_defaults']),
-            clone=dict(type='int'),
-            clone_type=dict(default='opportunistic', choices=['full', 'linked', 'opportunistic']),
-        ),
+        argument_spec=module_args,
         required_if=[
             ('state', 'present', ['node', 'hostname']),
             ('state', 'present', ('clone', 'ostemplate'), True),  # Require one of clone and ostemplate. Together with mutually_exclusive this ensures that we
@@ -627,17 +588,13 @@ def main():
         mutually_exclusive=[('clone', 'ostemplate')],  # Creating a new container is done either by cloning an existing one, or based on a template.
     )
 
-    if not HAS_PROXMOXER:
-        module.fail_json(msg='proxmoxer required for this module')
+    proxmox = ProxmoxLxcAnsible(module)
+
+    global VZ_TYPE
+    VZ_TYPE = 'openvz' if proxmox.version() < LooseVersion('4.0') else 'lxc'
 
     state = module.params['state']
-    api_host = module.params['api_host']
-    api_password = module.params['api_password']
-    api_token_id = module.params['api_token_id']
-    api_token_secret = module.params['api_token_secret']
-    api_user = module.params['api_user']
     vmid = module.params['vmid']
-    validate_certs = module.params['validate_certs']
     node = module.params['node']
     disk = module.params['disk']
     cpus = module.params['cpus']
@@ -664,68 +621,54 @@ def main():
             if module.params[param] is None:
                 module.params[param] = value
 
-    auth_args = {'user': api_user}
-    if not api_token_id:
-        auth_args['password'] = api_password
-    else:
-        auth_args['token_name'] = api_token_id
-        auth_args['token_value'] = api_token_secret
-
-    try:
-        proxmox = ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
-        global VZ_TYPE
-        VZ_TYPE = 'openvz' if proxmox_version(proxmox) < LooseVersion('4.0') else 'lxc'
-    except Exception as e:
-        module.fail_json(msg='authorization on proxmox cluster failed with exception: %s' % e)
-
     # If vmid not set get the Next VM id from ProxmoxAPI
     # If hostname is set get the VM id from ProxmoxAPI
     if not vmid and state == 'present':
-        vmid = get_nextvmid(module, proxmox)
+        vmid = proxmox.get_nextvmid()
     elif not vmid and hostname:
-        hosts = get_vmid(proxmox, hostname)
-        if len(hosts) == 0:
-            module.fail_json(msg="Vmid could not be fetched => Hostname doesn't exist (action: %s)" % state)
-        vmid = hosts[0]
+        vmid = proxmox.get_vmid(hostname, choose_first_if_multiple=True)
     elif not vmid:
         module.exit_json(changed=False, msg="Vmid could not be fetched for the following action: %s" % state)
 
     # Create a new container
     if state == 'present' and clone is None:
         try:
-            if get_instance(proxmox, vmid) and not module.params['force']:
+            if proxmox.get_vm(vmid, ignore_missing=True) and not module.params['force']:
                 module.exit_json(changed=False, msg="VM with vmid = %s is already exists" % vmid)
             # If no vmid was passed, there cannot be another VM named 'hostname'
-            if not module.params['vmid'] and get_vmid(proxmox, hostname) and not module.params['force']:
-                module.exit_json(changed=False, msg="VM with hostname %s already exists and has ID number %s" % (hostname, get_vmid(proxmox, hostname)[0]))
-            elif not node_check(proxmox, node):
+            if (not module.params['vmid'] and
+                    proxmox.get_vmid(hostname, ignore_missing=True, choose_first_if_multiple=True) and
+                    not module.params['force']):
+                vmid = proxmox.get_vmid(hostname, choose_first_if_multiple=True)
+                module.exit_json(changed=False, msg="VM with hostname %s already exists and has ID number %s" % (hostname, vmid))
+            elif not proxmox.get_node(node):
                 module.fail_json(msg="node '%s' not exists in cluster" % node)
-            elif not content_check(proxmox, node, module.params['ostemplate'], template_store):
+            elif not proxmox.content_check(node, module.params['ostemplate'], template_store):
                 module.fail_json(msg="ostemplate '%s' not exists on node %s and storage %s"
                                  % (module.params['ostemplate'], node, template_store))
         except Exception as e:
             module.fail_json(msg="Pre-creation checks of {VZ_TYPE} VM {vmid} failed with exception: {e}".format(VZ_TYPE=VZ_TYPE, vmid=vmid, e=e))
 
         try:
-            create_instance(module, proxmox, vmid, node, disk, storage, cpus, memory, swap, timeout, clone,
-                            cores=module.params['cores'],
-                            pool=module.params['pool'],
-                            password=module.params['password'],
-                            hostname=module.params['hostname'],
-                            ostemplate=module.params['ostemplate'],
-                            netif=module.params['netif'],
-                            mounts=module.params['mounts'],
-                            ip_address=module.params['ip_address'],
-                            onboot=ansible_to_proxmox_bool(module.params['onboot']),
-                            cpuunits=module.params['cpuunits'],
-                            nameserver=module.params['nameserver'],
-                            searchdomain=module.params['searchdomain'],
-                            force=ansible_to_proxmox_bool(module.params['force']),
-                            pubkey=module.params['pubkey'],
-                            features=",".join(module.params['features']) if module.params['features'] is not None else None,
-                            unprivileged=ansible_to_proxmox_bool(module.params['unprivileged']),
-                            description=module.params['description'],
-                            hookscript=module.params['hookscript'])
+            proxmox.create_instance(vmid, node, disk, storage, cpus, memory, swap, timeout, clone,
+                                    cores=module.params['cores'],
+                                    pool=module.params['pool'],
+                                    password=module.params['password'],
+                                    hostname=module.params['hostname'],
+                                    ostemplate=module.params['ostemplate'],
+                                    netif=module.params['netif'],
+                                    mounts=module.params['mounts'],
+                                    ip_address=module.params['ip_address'],
+                                    onboot=ansible_to_proxmox_bool(module.params['onboot']),
+                                    cpuunits=module.params['cpuunits'],
+                                    nameserver=module.params['nameserver'],
+                                    searchdomain=module.params['searchdomain'],
+                                    force=ansible_to_proxmox_bool(module.params['force']),
+                                    pubkey=module.params['pubkey'],
+                                    features=",".join(module.params['features']) if module.params['features'] is not None else None,
+                                    unprivileged=ansible_to_proxmox_bool(module.params['unprivileged']),
+                                    description=module.params['description'],
+                                    hookscript=module.params['hookscript'])
 
             module.exit_json(changed=True, msg="Deployed VM %s from template %s" % (vmid, module.params['ostemplate']))
         except Exception as e:
@@ -734,18 +677,21 @@ def main():
     # Clone a container
     elif state == 'present' and clone is not None:
         try:
-            if get_instance(proxmox, vmid) and not module.params['force']:
+            if proxmox.get_vm(vmid, ignore_missing=True) and not module.params['force']:
                 module.exit_json(changed=False, msg="VM with vmid = %s is already exists" % vmid)
             # If no vmid was passed, there cannot be another VM named 'hostname'
-            if not module.params['vmid'] and get_vmid(proxmox, hostname) and not module.params['force']:
-                module.exit_json(changed=False, msg="VM with hostname %s already exists and has ID number %s" % (hostname, get_vmid(proxmox, hostname)[0]))
-            if not get_instance(proxmox, clone):
+            if (not module.params['vmid'] and
+                    proxmox.get_vmid(hostname, ignore_missing=True, choose_first_if_multiple=True) and
+                    not module.params['force']):
+                vmid = proxmox.get_vmid(hostname, choose_first_if_multiple=True)
+                module.exit_json(changed=False, msg="VM with hostname %s already exists and has ID number %s" % (hostname, vmid))
+            if not proxmox.get_vm(clone, ignore_missing=True):
                 module.exit_json(changed=False, msg="Container to be cloned does not exist")
         except Exception as e:
             module.fail_json(msg="Pre-clone checks of {VZ_TYPE} VM {vmid} failed with exception: {e}".format(VZ_TYPE=VZ_TYPE, vmid=vmid, e=e))
 
         try:
-            create_instance(module, proxmox, vmid, node, disk, storage, cpus, memory, swap, timeout, clone)
+            proxmox.create_instance(vmid, node, disk, storage, cpus, memory, swap, timeout, clone)
 
             module.exit_json(changed=True, msg="Cloned VM %s from %s" % (vmid, clone))
         except Exception as e:
@@ -753,64 +699,60 @@ def main():
 
     elif state == 'started':
         try:
-            vm = get_instance(proxmox, vmid)
-            if not vm:
-                module.fail_json(msg='VM with vmid = %s not exists in cluster' % vmid)
-            if getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'running':
+            vm = proxmox.get_vm(vmid)
+            if getattr(proxmox.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'running':
                 module.exit_json(changed=False, msg="VM %s is already running" % vmid)
 
-            if start_instance(module, proxmox, vm, vmid, timeout):
+            if proxmox.start_instance(vm, vmid, timeout):
                 module.exit_json(changed=True, msg="VM %s started" % vmid)
         except Exception as e:
             module.fail_json(msg="starting of VM %s failed with exception: %s" % (vmid, e))
 
     elif state == 'stopped':
         try:
-            vm = get_instance(proxmox, vmid)
-            if not vm:
-                module.fail_json(msg='VM with vmid = %s not exists in cluster' % vmid)
+            vm = proxmox.get_vm(vmid)
 
-            if getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'mounted':
+            if getattr(proxmox.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'mounted':
                 if module.params['force']:
-                    if umount_instance(module, proxmox, vm, vmid, timeout):
+                    if proxmox.umount_instance(vm, vmid, timeout):
                         module.exit_json(changed=True, msg="VM %s is shutting down" % vmid)
                 else:
                     module.exit_json(changed=False, msg=("VM %s is already shutdown, but mounted. "
                                                          "You can use force option to umount it.") % vmid)
 
-            if getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'stopped':
+            if getattr(proxmox.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'stopped':
                 module.exit_json(changed=False, msg="VM %s is already shutdown" % vmid)
 
-            if stop_instance(module, proxmox, vm, vmid, timeout, force=module.params['force']):
+            if proxmox.stop_instance(vm, vmid, timeout, force=module.params['force']):
                 module.exit_json(changed=True, msg="VM %s is shutting down" % vmid)
         except Exception as e:
             module.fail_json(msg="stopping of VM %s failed with exception: %s" % (vmid, e))
 
     elif state == 'restarted':
         try:
-            vm = get_instance(proxmox, vmid)
-            if not vm:
-                module.fail_json(msg='VM with vmid = %s not exists in cluster' % vmid)
-            if (getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'stopped' or
-                    getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'mounted'):
+            vm = proxmox.get_vm(vmid)
+
+            vm_status = getattr(proxmox.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.current.get()['status']
+            if vm_status in ['stopped', 'mounted']:
                 module.exit_json(changed=False, msg="VM %s is not running" % vmid)
 
-            if (stop_instance(module, proxmox, vm, vmid, timeout, force=module.params['force']) and
-                    start_instance(module, proxmox, vm, vmid, timeout)):
+            if (proxmox.stop_instance(vm, vmid, timeout, force=module.params['force']) and
+                    proxmox.start_instance(vm, vmid, timeout)):
                 module.exit_json(changed=True, msg="VM %s is restarted" % vmid)
         except Exception as e:
             module.fail_json(msg="restarting of VM %s failed with exception: %s" % (vmid, e))
 
     elif state == 'absent':
         try:
-            vm = get_instance(proxmox, vmid)
+            vm = proxmox.get_vm(vmid, ignore_missing=True)
             if not vm:
                 module.exit_json(changed=False, msg="VM %s does not exist" % vmid)
 
-            if getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'running':
+            vm_status = getattr(proxmox.proxmox_api.nodes(vm['node']), VZ_TYPE)(vmid).status.current.get()['status']
+            if vm_status == 'running':
                 module.exit_json(changed=False, msg="VM %s is running. Stop it before deletion." % vmid)
 
-            if getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).status.current.get()['status'] == 'mounted':
+            if vm_status == 'mounted':
                 module.exit_json(changed=False, msg="VM %s is mounted. Stop it with force option before deletion." % vmid)
 
             delete_params = {}
@@ -818,16 +760,16 @@ def main():
             if module.params['purge']:
                 delete_params['purge'] = 1
 
-            taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE).delete(vmid, **delete_params)
+            taskid = getattr(proxmox.proxmox_api.nodes(vm['node']), VZ_TYPE).delete(vmid, **delete_params)
 
             while timeout:
-                if (proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['status'] == 'stopped' and
-                        proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
+                task_status = proxmox.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()
+                if (task_status['status'] == 'stopped' and task_status['exitstatus'] == 'OK'):
                     module.exit_json(changed=True, msg="VM %s removed" % vmid)
                 timeout -= 1
                 if timeout == 0:
                     module.fail_json(msg='Reached timeout while waiting for removing VM. Last line in task before timeout: %s'
-                                     % proxmox.nodes(vm[0]['node']).tasks(taskid).log.get()[:1])
+                                     % proxmox.proxmox_api.nodes(vm['node']).tasks(taskid).log.get()[:1])
 
                 time.sleep(1)
         except Exception as e:

plugins/modules/cloud/misc/proxmox_nic.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
-
+#
 # Copyright: (c) 2021, Lammert Hellinga (@Kogelvis) <lammert@hellinga.it>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
@@ -136,120 +136,96 @@ msg:
   sample: "Nic net0 unchanged on VM with vmid 103"
 '''
 
-try:
-    from proxmoxer import ProxmoxAPI
-    HAS_PROXMOXER = True
-except ImportError:
-    HAS_PROXMOXER = False
-
 from ansible.module_utils.basic import AnsibleModule, env_fallback
-from ansible_collections.community.general.plugins.module_utils.proxmox import proxmox_auth_argument_spec
+from ansible_collections.community.general.plugins.module_utils.proxmox import (proxmox_auth_argument_spec, ProxmoxAnsible)
 
 
-def get_vmid(module, proxmox, name):
-    try:
-        vms = [vm['vmid'] for vm in proxmox.cluster.resources.get(type='vm') if vm.get('name') == name]
-    except Exception as e:
-        module.fail_json(msg='Error: %s occurred while retrieving VM with name = %s' % (e, name))
+class ProxmoxNicAnsible(ProxmoxAnsible):
+    def update_nic(self, vmid, interface, model, **kwargs):
+        vm = self.get_vm(vmid)
 
-    if not vms:
-        module.fail_json(msg='No VM found with name: %s' % name)
-    elif len(vms) > 1:
-        module.fail_json(msg='Multiple VMs found with name: %s, provide vmid instead' % name)
+        try:
+            vminfo = self.proxmox_api.nodes(vm['node']).qemu(vmid).config.get()
+        except Exception as e:
+            self.module.fail_json(msg='Getting information for VM with vmid = %s failed with exception: %s' % (vmid, e))
 
-    return vms[0]
+        if interface in vminfo:
+            # Convert the current config to a dictionary
+            config = vminfo[interface].split(',')
+            config.sort()
 
+            config_current = {}
 
-def get_vm(proxmox, vmid):
-    return [vm for vm in proxmox.cluster.resources.get(type='vm') if vm['vmid'] == int(vmid)]
+            for i in config:
+                kv = i.split('=')
+                try:
+                    config_current[kv[0]] = kv[1]
+                except IndexError:
+                    config_current[kv[0]] = ''
 
+            # determine the current model nic and mac-address
+            models = ['e1000', 'e1000-82540em', 'e1000-82544gc', 'e1000-82545em', 'i82551', 'i82557b',
+                      'i82559er', 'ne2k_isa', 'ne2k_pci', 'pcnet', 'rtl8139', 'virtio', 'vmxnet3']
+            current_model = set(models) & set(config_current.keys())
+            current_model = current_model.pop()
+            current_mac = config_current[current_model]
 
-def update_nic(module, proxmox, vmid, interface, model, **kwargs):
-    vm = get_vm(proxmox, vmid)
+            # build nic config string
+            config_provided = "{0}={1}".format(model, current_mac)
+        else:
+            config_provided = model
 
-    try:
-        vminfo = proxmox.nodes(vm[0]['node']).qemu(vmid).config.get()
-    except Exception as e:
-        module.fail_json(msg='Getting information for VM with vmid = %s failed with exception: %s' % (vmid, e))
+        if kwargs['mac']:
+            config_provided = "{0}={1}".format(model, kwargs['mac'])
 
-    if interface in vminfo:
-        # Convert the current config to a dictionary
-        config = vminfo[interface].split(',')
-        config.sort()
+        if kwargs['bridge']:
+            config_provided += ",bridge={0}".format(kwargs['bridge'])
 
-        config_current = {}
+        if kwargs['firewall']:
+            config_provided += ",firewall=1"
 
-        for i in config:
-            kv = i.split('=')
-            try:
-                config_current[kv[0]] = kv[1]
-            except IndexError:
-                config_current[kv[0]] = ''
+        if kwargs['link_down']:
+            config_provided += ',link_down=1'
 
-        # determine the current model nic and mac-address
-        models = ['e1000', 'e1000-82540em', 'e1000-82544gc', 'e1000-82545em', 'i82551', 'i82557b',
-                  'i82559er', 'ne2k_isa', 'ne2k_pci', 'pcnet', 'rtl8139', 'virtio', 'vmxnet3']
-        current_model = set(models) & set(config_current.keys())
-        current_model = current_model.pop()
-        current_mac = config_current[current_model]
+        if kwargs['mtu']:
+            config_provided += ",mtu={0}".format(kwargs['mtu'])
+            if model != 'virtio':
+                self.module.warn(
+                    'Ignoring MTU for nic {0} on VM with vmid {1}, '
+                    'model should be set to \'virtio\': '.format(interface, vmid))
 
-        # build nic config string
-        config_provided = "{0}={1}".format(model, current_mac)
-    else:
-        config_provided = model
+        if kwargs['queues']:
+            config_provided += ",queues={0}".format(kwargs['queues'])
 
-    if kwargs['mac']:
-        config_provided = "{0}={1}".format(model, kwargs['mac'])
+        if kwargs['rate']:
+            config_provided += ",rate={0}".format(kwargs['rate'])
 
-    if kwargs['bridge']:
-        config_provided += ",bridge={0}".format(kwargs['bridge'])
+        if kwargs['tag']:
+            config_provided += ",tag={0}".format(kwargs['tag'])
 
-    if kwargs['firewall']:
-        config_provided += ",firewall=1"
+        if kwargs['trunks']:
+            config_provided += ",trunks={0}".format(';'.join(str(x) for x in kwargs['trunks']))
 
-    if kwargs['link_down']:
-        config_provided += ',link_down=1'
+        net = {interface: config_provided}
+        vm = self.get_vm(vmid)
 
-    if kwargs['mtu']:
-        config_provided += ",mtu={0}".format(kwargs['mtu'])
-        if model != 'virtio':
-            module.warn(
-                'Ignoring MTU for nic {0} on VM with vmid {1}, '
-                'model should be set to \'virtio\': '.format(interface, vmid))
+        if ((interface not in vminfo) or (vminfo[interface] != config_provided)):
+            if not self.module.check_mode:
+                self.proxmox_api.nodes(vm['node']).qemu(vmid).config.set(**net)
+            return True
 
-    if kwargs['queues']:
-        config_provided += ",queues={0}".format(kwargs['queues'])
+        return False
 
-    if kwargs['rate']:
-        config_provided += ",rate={0}".format(kwargs['rate'])
+    def delete_nic(self, vmid, interface):
+        vm = self.get_vm(vmid)
+        vminfo = self.proxmox_api.nodes(vm['node']).qemu(vmid).config.get()
 
-    if kwargs['tag']:
-        config_provided += ",tag={0}".format(kwargs['tag'])
+        if interface in vminfo:
+            if not self.module.check_mode:
+                self.proxmox_api.nodes(vm['node']).qemu(vmid).config.set(vmid=vmid, delete=interface)
+            return True
 
-    if kwargs['trunks']:
-        config_provided += ",trunks={0}".format(';'.join(str(x) for x in kwargs['trunks']))
-
-    net = {interface: config_provided}
-    vm = get_vm(proxmox, vmid)
-
-    if ((interface not in vminfo) or (vminfo[interface] != config_provided)):
-        if not module.check_mode:
-            proxmox.nodes(vm[0]['node']).qemu(vmid).config.set(**net)
-        return True
-
-    return False
-
-
-def delete_nic(module, proxmox, vmid, interface):
-    vm = get_vm(proxmox, vmid)
-    vminfo = proxmox.nodes(vm[0]['node']).qemu(vmid).config.get()
-
-    if interface in vminfo:
-        if not module.check_mode:
-            proxmox.nodes(vm[0]['node']).qemu(vmid).config.set(vmid=vmid, delete=interface)
-        return True
-
-    return False
+        return False
 
 
 def main():
@@ -281,53 +257,33 @@ def main():
         supports_check_mode=True,
     )
 
-    if not HAS_PROXMOXER:
-        module.fail_json(msg='proxmoxer required for this module')
+    proxmox = ProxmoxNicAnsible(module)
 
-    api_host = module.params['api_host']
-    api_password = module.params['api_password']
-    api_token_id = module.params['api_token_id']
-    api_token_secret = module.params['api_token_secret']
-    api_user = module.params['api_user']
     interface = module.params['interface']
     model = module.params['model']
     name = module.params['name']
     state = module.params['state']
-    validate_certs = module.params['validate_certs']
     vmid = module.params['vmid']
 
-    auth_args = {'user': api_user}
-    if not (api_token_id and api_token_secret):
-        auth_args['password'] = api_password
-    else:
-        auth_args['token_name'] = api_token_id
-        auth_args['token_value'] = api_token_secret
-
-    try:
-        proxmox = ProxmoxAPI(api_host, verify_ssl=validate_certs, **auth_args)
-    except Exception as e:
-        module.fail_json(msg='authorization on proxmox cluster failed with exception: %s' % e)
-
     # If vmid is not defined then retrieve its value from the vm name,
     if not vmid:
-        vmid = get_vmid(module, proxmox, name)
+        vmid = proxmox.get_vmid(name)
 
     # Ensure VM id exists
-    if not get_vm(proxmox, vmid):
-        module.fail_json(vmid=vmid, msg='VM with vmid = %s does not exist in cluster' % vmid)
+    proxmox.get_vm(vmid)
 
     if state == 'present':
         try:
-            if update_nic(module, proxmox, vmid, interface, model,
-                          bridge=module.params['bridge'],
-                          firewall=module.params['firewall'],
-                          link_down=module.params['link_down'],
-                          mac=module.params['mac'],
-                          mtu=module.params['mtu'],
-                          queues=module.params['queues'],
-                          rate=module.params['rate'],
-                          tag=module.params['tag'],
-                          trunks=module.params['trunks']):
+            if proxmox.update_nic(vmid, interface, model,
+                                  bridge=module.params['bridge'],
+                                  firewall=module.params['firewall'],
+                                  link_down=module.params['link_down'],
+                                  mac=module.params['mac'],
+                                  mtu=module.params['mtu'],
+                                  queues=module.params['queues'],
+                                  rate=module.params['rate'],
+                                  tag=module.params['tag'],
+                                  trunks=module.params['trunks']):
                 module.exit_json(changed=True, vmid=vmid, msg="Nic {0} updated on VM with vmid {1}".format(interface, vmid))
             else:
                 module.exit_json(vmid=vmid, msg="Nic {0} unchanged on VM with vmid {1}".format(interface, vmid))
@@ -336,7 +292,7 @@ def main():
 
     elif state == 'absent':
         try:
-            if delete_nic(module, proxmox, vmid, interface):
+            if proxmox.delete_nic(vmid, interface):
                 module.exit_json(changed=True, vmid=vmid, msg="Nic {0} deleted on VM with vmid {1}".format(interface, vmid))
             else:
                 module.exit_json(vmid=vmid, msg="Nic {0} does not exist on VM with vmid {1}".format(interface, vmid))

plugins/modules/cloud/misc/proxmox_snap.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
-
+#
 # Copyright: (c) 2020, Jeffrey van Pelt (@Thulium-Drake) <jeff@vanpelt.one>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
@@ -13,25 +13,9 @@ module: proxmox_snap
 short_description: Snapshot management of instances in Proxmox VE cluster
 version_added: 2.0.0
 description:
-  - Allows you to create/delete snapshots from instances in Proxmox VE cluster.
+  - Allows you to create/delete/restore snapshots from instances in Proxmox VE cluster.
   - Supports both KVM and LXC, OpenVZ has not been tested, as it is no longer supported on Proxmox VE.
 options:
-  api_host:
-    description:
-      - The host of the Proxmox VE cluster.
-    required: true
-    type: str
-  api_user:
-    description:
-      - The user to authenticate with.
-    required: true
-    type: str
-  api_password:
-    description:
-      - The password to authenticate with.
-      - You can use PROXMOX_PASSWORD environment variable.
-    type: str
-    required: yes
   hostname:
     description:
       - The instance name.
@@ -41,15 +25,11 @@ options:
       - The instance id.
       - If not set, will be fetched from PromoxAPI based on the hostname.
     type: str
-  validate_certs:
-    description:
-      - Enable / disable https certificate verification.
-    type: bool
-    default: no
   state:
     description:
      - Indicate desired state of the instance snapshot.
-    choices: ['present', 'absent']
+     - The C(rollback) value was added in community.general 4.8.0.
+    choices: ['present', 'absent', 'rollback']
     default: present
     type: str
   force:
@@ -74,7 +54,7 @@ options:
     type: int
   snapname:
     description:
-      - Name of the snapshot that has to be created.
+      - Name of the snapshot that has to be created/deleted/restored.
     default: 'ansible_snap'
     type: str
 
@@ -83,6 +63,8 @@ notes:
   - Supports C(check_mode).
 requirements: [ "proxmoxer", "python >= 2.7", "requests" ]
 author: Jeffrey van Pelt (@Thulium-Drake)
+extends_documentation_fragment:
+    - community.general.proxmox.documentation
 '''
 
 EXAMPLES = r'''
@@ -103,6 +85,15 @@ EXAMPLES = r'''
     vmid: 100
     state: absent
     snapname: pre-updates
+
+- name: Rollback container snapshot
+  community.general.proxmox_snap:
+    api_user: root@pam
+    api_password: 1q2w3e
+    api_host: node1
+    vmid: 100
+    state: rollback
+    snapname: pre-updates
 '''
 
 RETURN = r'''#'''
@@ -110,102 +101,93 @@ RETURN = r'''#'''
 import time
 import traceback
 
-PROXMOXER_IMP_ERR = None
-try:
-    from proxmoxer import ProxmoxAPI
-    HAS_PROXMOXER = True
-except ImportError:
-    PROXMOXER_IMP_ERR = traceback.format_exc()
-    HAS_PROXMOXER = False
-
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib, env_fallback
 from ansible.module_utils.common.text.converters import to_native
+from ansible_collections.community.general.plugins.module_utils.proxmox import (proxmox_auth_argument_spec, ProxmoxAnsible, HAS_PROXMOXER, PROXMOXER_IMP_ERR)
 
 
-VZ_TYPE = None
+class ProxmoxSnapAnsible(ProxmoxAnsible):
+    def snapshot(self, vm, vmid):
+        return getattr(self.proxmox_api.nodes(vm['node']), vm['type'])(vmid).snapshot
 
-
-def get_vmid(proxmox, hostname):
-    return [vm['vmid'] for vm in proxmox.cluster.resources.get(type='vm') if 'name' in vm and vm['name'] == hostname]
-
-
-def get_instance(proxmox, vmid):
-    return [vm for vm in proxmox.cluster.resources.get(type='vm') if int(vm['vmid']) == int(vmid)]
-
-
-def snapshot_create(module, proxmox, vm, vmid, timeout, snapname, description, vmstate):
-    if module.check_mode:
-        return True
-
-    if VZ_TYPE == 'lxc':
-        taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).snapshot.post(snapname=snapname, description=description)
-    else:
-        taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).snapshot.post(snapname=snapname, description=description, vmstate=int(vmstate))
-    while timeout:
-        if (proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['status'] == 'stopped' and
-                proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
+    def snapshot_create(self, vm, vmid, timeout, snapname, description, vmstate):
+        if self.module.check_mode:
             return True
-        timeout -= 1
-        if timeout == 0:
-            module.fail_json(msg='Reached timeout while waiting for creating VM snapshot. Last line in task before timeout: %s' %
-                                 proxmox.nodes(vm[0]['node']).tasks(taskid).log.get()[:1])
 
-        time.sleep(1)
-    return False
+        if vm['type'] == 'lxc':
+            taskid = self.snapshot(vm, vmid).post(snapname=snapname, description=description)
+        else:
+            taskid = self.snapshot(vm, vmid).post(snapname=snapname, description=description, vmstate=int(vmstate))
+        while timeout:
+            status_data = self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()
+            if status_data['status'] == 'stopped' and status_data['exitstatus'] == 'OK':
+                return True
+            if timeout == 0:
+                self.module.fail_json(msg='Reached timeout while waiting for creating VM snapshot. Last line in task before timeout: %s' %
+                                      self.proxmox_api.nodes(vm['node']).tasks(taskid).log.get()[:1])
 
+            time.sleep(1)
+            timeout -= 1
+        return False
 
-def snapshot_remove(module, proxmox, vm, vmid, timeout, snapname, force):
-    if module.check_mode:
-        return True
-
-    taskid = getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).snapshot.delete(snapname, force=int(force))
-    while timeout:
-        if (proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['status'] == 'stopped' and
-                proxmox.nodes(vm[0]['node']).tasks(taskid).status.get()['exitstatus'] == 'OK'):
+    def snapshot_remove(self, vm, vmid, timeout, snapname, force):
+        if self.module.check_mode:
             return True
-        timeout -= 1
-        if timeout == 0:
-            module.fail_json(msg='Reached timeout while waiting for removing VM snapshot. Last line in task before timeout: %s' %
-                                 proxmox.nodes(vm[0]['node']).tasks(taskid).log.get()[:1])
 
-        time.sleep(1)
-    return False
+        taskid = self.snapshot(vm, vmid).delete(snapname, force=int(force))
+        while timeout:
+            status_data = self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()
+            if status_data['status'] == 'stopped' and status_data['exitstatus'] == 'OK':
+                return True
+            if timeout == 0:
+                self.module.fail_json(msg='Reached timeout while waiting for removing VM snapshot. Last line in task before timeout: %s' %
+                                      self.proxmox_api.nodes(vm['node']).tasks(taskid).log.get()[:1])
 
+            time.sleep(1)
+            timeout -= 1
+        return False
 
-def setup_api(api_host, api_user, api_password, validate_certs):
-    api = ProxmoxAPI(api_host, user=api_user, password=api_password, verify_ssl=validate_certs)
-    return api
+    def snapshot_rollback(self, vm, vmid, timeout, snapname):
+        if self.module.check_mode:
+            return True
+
+        taskid = self.snapshot(vm, vmid)(snapname).post("rollback")
+        while timeout:
+            status_data = self.proxmox_api.nodes(vm['node']).tasks(taskid).status.get()
+            if status_data['status'] == 'stopped' and status_data['exitstatus'] == 'OK':
+                return True
+            if timeout == 0:
+                self.module.fail_json(msg='Reached timeout while waiting for rolling back VM snapshot. Last line in task before timeout: %s' %
+                                      self.proxmox_api.nodes(vm['node']).tasks(taskid).log.get()[:1])
+
+            time.sleep(1)
+            timeout -= 1
+        return False
 
 
 def main():
+    module_args = proxmox_auth_argument_spec()
+    snap_args = dict(
+        vmid=dict(required=False),
+        hostname=dict(),
+        timeout=dict(type='int', default=30),
+        state=dict(default='present', choices=['present', 'absent', 'rollback']),
+        description=dict(type='str'),
+        snapname=dict(type='str', default='ansible_snap'),
+        force=dict(type='bool', default='no'),
+        vmstate=dict(type='bool', default='no'),
+    )
+    module_args.update(snap_args)
+
     module = AnsibleModule(
-        argument_spec=dict(
-            api_host=dict(required=True),
-            api_user=dict(required=True),
-            api_password=dict(no_log=True, required=True, fallback=(env_fallback, ['PROXMOX_PASSWORD'])),
-            vmid=dict(required=False),
-            validate_certs=dict(type='bool', default='no'),
-            hostname=dict(),
-            timeout=dict(type='int', default=30),
-            state=dict(default='present', choices=['present', 'absent']),
-            description=dict(type='str'),
-            snapname=dict(type='str', default='ansible_snap'),
-            force=dict(type='bool', default='no'),
-            vmstate=dict(type='bool', default='no'),
-        ),
+        argument_spec=module_args,
         supports_check_mode=True
     )
 
-    if not HAS_PROXMOXER:
-        module.fail_json(msg=missing_required_lib('proxmoxer'),
-                         exception=PROXMOXER_IMP_ERR)
+    proxmox = ProxmoxSnapAnsible(module)
 
     state = module.params['state']
-    api_user = module.params['api_user']
-    api_host = module.params['api_host']
-    api_password = module.params['api_password']
     vmid = module.params['vmid']
-    validate_certs = module.params['validate_certs']
     hostname = module.params['hostname']
     description = module.params['description']
     snapname = module.params['snapname']
@@ -213,37 +195,21 @@ def main():
     force = module.params['force']
     vmstate = module.params['vmstate']
 
-    try:
-        proxmox = setup_api(api_host, api_user, api_password, validate_certs)
-
-    except Exception as e:
-        module.fail_json(msg='authorization on proxmox cluster failed with exception: %s' % to_native(e))
-
     # If hostname is set get the VM id from ProxmoxAPI
     if not vmid and hostname:
-        hosts = get_vmid(proxmox, hostname)
-        if len(hosts) == 0:
-            module.fail_json(msg="Vmid could not be fetched => Hostname does not exist (action: %s)" % state)
-        vmid = hosts[0]
+        vmid = proxmox.get_vmid(hostname, choose_first_if_multiple=True)
     elif not vmid:
         module.exit_json(changed=False, msg="Vmid could not be fetched for the following action: %s" % state)
 
-    vm = get_instance(proxmox, vmid)
-
-    global VZ_TYPE
-    VZ_TYPE = vm[0]['type']
+    vm = proxmox.get_vm(vmid)
 
     if state == 'present':
         try:
-            vm = get_instance(proxmox, vmid)
-            if not vm:
-                module.fail_json(msg='VM with vmid = %s not exists in cluster' % vmid)
-
-            for i in getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).snapshot.get():
+            for i in proxmox.snapshot(vm, vmid).get():
                 if i['name'] == snapname:
                     module.exit_json(changed=False, msg="Snapshot %s is already present" % snapname)
 
-            if snapshot_create(module, proxmox, vm, vmid, timeout, snapname, description, vmstate):
+            if proxmox.snapshot_create(vm, vmid, timeout, snapname, description, vmstate):
                 if module.check_mode:
                     module.exit_json(changed=False, msg="Snapshot %s would be created" % snapname)
                 else:
@@ -254,13 +220,9 @@ def main():
 
     elif state == 'absent':
         try:
-            vm = get_instance(proxmox, vmid)
-            if not vm:
-                module.fail_json(msg='VM with vmid = %s not exists in cluster' % vmid)
-
             snap_exist = False
 
-            for i in getattr(proxmox.nodes(vm[0]['node']), VZ_TYPE)(vmid).snapshot.get():
+            for i in proxmox.snapshot(vm, vmid).get():
                 if i['name'] == snapname:
                     snap_exist = True
                     continue
@@ -268,7 +230,7 @@ def main():
             if not snap_exist:
                 module.exit_json(changed=False, msg="Snapshot %s does not exist" % snapname)
             else:
-                if snapshot_remove(module, proxmox, vm, vmid, timeout, snapname, force):
+                if proxmox.snapshot_remove(vm, vmid, timeout, snapname, force):
                     if module.check_mode:
                         module.exit_json(changed=False, msg="Snapshot %s would be removed" % snapname)
                     else:
@@ -276,6 +238,25 @@ def main():
 
         except Exception as e:
             module.fail_json(msg="Removing snapshot %s of VM %s failed with exception: %s" % (snapname, vmid, to_native(e)))
+    elif state == 'rollback':
+        try:
+            snap_exist = False
+
+            for i in proxmox.snapshot(vm, vmid).get():
+                if i['name'] == snapname:
+                    snap_exist = True
+                    continue
+
+            if not snap_exist:
+                module.exit_json(changed=False, msg="Snapshot %s does not exist" % snapname)
+            if proxmox.snapshot_rollback(vm, vmid, timeout, snapname):
+                if module.check_mode:
+                    module.exit_json(changed=True, msg="Snapshot %s would be rolled back" % snapname)
+                else:
+                    module.exit_json(changed=True, msg="Snapshot %s rolled back" % snapname)
+
+        except Exception as e:
+            module.fail_json(msg="Rollback of snapshot %s of VM %s failed with exception: %s" % (snapname, vmid, to_native(e)))
 
 
 if __name__ == '__main__':