Release 5.3.0.

* Update proxmox.py

* Forgot a debug print.

* pep

* Check if int, old school way.

* pep, once again.

* Create 4910-fix-for-agent-enabled.yml

* Must check the first listentry for enabled=1

* Update changelogs/fragments/4910-fix-for-agent-enabled.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit aa03c71267)

Co-authored-by: ube <ube@alienautopsy.net>

.azure-pipelines/azure-pipelines.yml

@@ -48,7 +48,7 @@ variables:
 resources:
   containers:
     - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:1.9.0
+      image: quay.io/ansible/azure-pipelines-test-container:3.0.0
 
 pool: Standard
 

.github/BOTMETA.yml

@@ -214,7 +214,7 @@ files:
   $lookups/dnstxt.py:
     maintainers: jpmens
   $lookups/dsv.py:
-    maintainers: amigus endlesstrax
+    maintainers: amigus endlesstrax delineaKrehl tylerezimmerman
   $lookups/etcd3.py:
     maintainers: eric-belhomme
   $lookups/etcd.py:
@@ -251,7 +251,7 @@ files:
     maintainers: RevBits
   $lookups/shelvefile.py: {}
   $lookups/tss.py:
-    maintainers: amigus endlesstrax
+    maintainers: amigus endlesstrax delineaKrehl tylerezimmerman
   $module_utils/:
     labels: module_utils
   $module_utils/gconftool2.py:
@@ -440,6 +440,8 @@ files:
     maintainers: claco
   $modules/cloud/scaleway/:
     maintainers: $team_scaleway
+  $modules/cloud/scaleway/scaleway_compute_private_network.py:
+    maintainers: pastral
   $modules/cloud/scaleway/scaleway_database_backup.py:
     maintainers: guillaume_ro_fr
   $modules/cloud/scaleway/scaleway_image_info.py:
@@ -1068,6 +1070,10 @@ files:
     labels: interfaces_file
   $modules/system/iptables_state.py:
     maintainers: quidame
+  $modules/system/keyring.py:
+    maintainers: ahussey-redhat
+  $modules/system/keyring_info.py:
+    maintainers: ahussey-redhat
   $modules/system/shutdown.py:
     maintainers: nitzmahone samdoran aminvakil
   $modules/system/java_cert.py:
@@ -1290,5 +1296,5 @@ macros:
   team_rhn: FlossWare alikins barnabycourt vritant
   team_scaleway: remyleone abarbare
   team_solaris: bcoca fishman jasperla jpdasma mator scathatheworm troy2914 xen0l
-  team_suse: commel dcermak evrardjp lrupp toabctl AnderEnder alxgu andytom sealor
+  team_suse: commel evrardjp lrupp toabctl AnderEnder alxgu andytom sealor
   team_virt: joshainglis karmab tleguern Thulium-Drake Ajpantuso

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -105,7 +105,7 @@ body:
   attributes:
     label: Steps to Reproduce
     description: |
-      Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also pased any playbooks, configs and commands you used.
+      Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also passed any playbooks, configs and commands you used.
 
       **HINT:** You can paste https://gist.github.com links for larger files.
     value: |

CHANGELOG.rst

@@ -6,6 +6,90 @@ Community General Release Notes
 
 This changelog describes changes after version 4.0.0.
 
+v5.3.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- machinectl become plugin - can now be used with a password from another user than root, if a polkit rule is present (https://github.com/ansible-collections/community.general/pull/4849).
+- opentelemetry callback plugin - allow configuring opentelementry callback via config file (https://github.com/ansible-collections/community.general/pull/4916).
+- redfish_info - add ``GetManagerInventory`` to report list of Manager inventory information (https://github.com/ansible-collections/community.general/issues/4899).
+
+Bugfixes
+--------
+
+- cmd_runner module utils - fix bug caused by using the ``command`` variable instead of ``self.command`` when looking for binary path (https://github.com/ansible-collections/community.general/pull/4903).
+- dsv lookup plugin - do not ignore the ``tld`` parameter (https://github.com/ansible-collections/community.general/pull/4911).
+- lxd connection plugin - fix incorrect ``inventory_hostname`` in ``remote_addr``. This is needed for compatibility with ansible-core 2.13 (https://github.com/ansible-collections/community.general/issues/4886).
+- proxmox inventory plugin - fix crash when ``enabled=1`` is used in agent config string (https://github.com/ansible-collections/community.general/pull/4910).
+- rax_clb_nodes - fix code to be compatible with Python 3 (https://github.com/ansible-collections/community.general/pull/4933).
+- redfish_info - fix to ``GetChassisPower`` to correctly report power information when multiple chassis exist, but not all chassis report power information (https://github.com/ansible-collections/community.general/issues/4901).
+
+v5.2.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- cmd_runner module utils - add ``__call__`` method to invoke context (https://github.com/ansible-collections/community.general/pull/4791).
+- passwordstore lookup plugin - allow using alternative password managers by detecting wrapper scripts, allow explicit configuration of pass and gopass backends (https://github.com/ansible-collections/community.general/issues/4766).
+- sudoers - will attempt to validate the proposed sudoers rule using visudo if available, optionally skipped, or required (https://github.com/ansible-collections/community.general/pull/4794, https://github.com/ansible-collections/community.general/issues/4745).
+
+Bugfixes
+--------
+
+- Include ``PSF-license.txt`` file for ``plugins/module_utils/_mount.py``.
+- redfish_command - fix the check if a virtual media is unmounted to just check for ``instered= false`` caused by Supermicro hardware that does not clear the ``ImageName`` (https://github.com/ansible-collections/community.general/pull/4839).
+- redfish_command - the Supermicro Redfish implementation only supports the ``image_url`` parameter in the underlying API calls to ``VirtualMediaInsert`` and ``VirtualMediaEject``. Any values set (or the defaults) for ``write_protected`` or ``inserted`` will be ignored (https://github.com/ansible-collections/community.general/pull/4839).
+- sudoers - fix incorrect handling of ``state: absent`` (https://github.com/ansible-collections/community.general/issues/4852).
+
+New Modules
+-----------
+
+Cloud
+~~~~~
+
+scaleway
+^^^^^^^^
+
+- scaleway_compute_private_network - Scaleway compute - private network management
+
+System
+~~~~~~
+
+- keyring - Set or delete a passphrase using the Operating System's native keyring
+- keyring_info - Get a passphrase using the Operating System's native keyring
+
+v5.1.1
+======
+
+Release Summary
+---------------
+
+Bugfix release.
+
+Bugfixes
+--------
+
+- alternatives - do not set the priority if the priority was not set by the user (https://github.com/ansible-collections/community.general/pull/4810).
+- alternatives - only pass subcommands when they are specified as module arguments (https://github.com/ansible-collections/community.general/issues/4803, https://github.com/ansible-collections/community.general/issues/4804, https://github.com/ansible-collections/community.general/pull/4836).
+- alternatives - when ``subcommands`` is specified, ``link`` must be given for every subcommand. This was already mentioned in the documentation, but not enforced by the code (https://github.com/ansible-collections/community.general/pull/4836).
+- nmcli - fix error caused by adding undefined module arguments for list options (https://github.com/ansible-collections/community.general/issues/4373, https://github.com/ansible-collections/community.general/pull/4813).
+- proxmox inventory plugin - fixed extended status detection for qemu (https://github.com/ansible-collections/community.general/pull/4816).
+- redhat_subscription - fix unsubscribing on RHEL 9 (https://github.com/ansible-collections/community.general/issues/4741).
+- sudoers - ensure sudoers config files are created with the permissions requested by sudoers (0440) (https://github.com/ansible-collections/community.general/pull/4814).
+
 v5.1.0
 ======
 

PSF-license.txt

@@ -0,0 +1,48 @@
+PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+--------------------------------------------
+
+1. This LICENSE AGREEMENT is between the Python Software Foundation
+("PSF"), and the Individual or Organization ("Licensee") accessing and
+otherwise using this software ("Python") in source or binary form and
+its associated documentation.
+
+2. Subject to the terms and conditions of this License Agreement, PSF hereby
+grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+analyze, test, perform and/or display publicly, prepare derivative works,
+distribute, and otherwise use Python alone or in any derivative version,
+provided, however, that PSF's License Agreement and PSF's notice of copyright,
+i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Python Software Foundation;
+All Rights Reserved" are retained in Python alone or in any derivative version
+prepared by Licensee.
+
+3. In the event Licensee prepares a derivative work that is based on
+or incorporates Python or any part thereof, and wants to make
+the derivative work available to others as provided herein, then
+Licensee hereby agrees to include in any such work a brief summary of
+the changes made to Python.
+
+4. PSF is making Python available to Licensee on an "AS IS"
+basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+INFRINGE ANY THIRD PARTY RIGHTS.
+
+5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+6. This License Agreement will automatically terminate upon a material
+breach of its terms and conditions.
+
+7. Nothing in this License Agreement shall be deemed to create any
+relationship of agency, partnership, or joint venture between PSF and
+Licensee.  This License Agreement does not grant permission to use PSF
+trademarks or trade name in a trademark sense to endorse or promote
+products or services of Licensee, or any third party.
+
+8. By copying, installing or otherwise using Python, Licensee
+agrees to be bound by the terms and conditions of this License
+Agreement.

changelogs/changelog.yaml

@@ -845,3 +845,105 @@ releases:
       name: gconftool2_info
       namespace: system
     release_date: '2022-06-07'
+  5.1.1:
+    changes:
+      bugfixes:
+      - alternatives - do not set the priority if the priority was not set by the
+        user (https://github.com/ansible-collections/community.general/pull/4810).
+      - alternatives - only pass subcommands when they are specified as module arguments
+        (https://github.com/ansible-collections/community.general/issues/4803, https://github.com/ansible-collections/community.general/issues/4804,
+        https://github.com/ansible-collections/community.general/pull/4836).
+      - alternatives - when ``subcommands`` is specified, ``link`` must be given for
+        every subcommand. This was already mentioned in the documentation, but not
+        enforced by the code (https://github.com/ansible-collections/community.general/pull/4836).
+      - nmcli - fix error caused by adding undefined module arguments for list options
+        (https://github.com/ansible-collections/community.general/issues/4373, https://github.com/ansible-collections/community.general/pull/4813).
+      - proxmox inventory plugin - fixed extended status detection for qemu (https://github.com/ansible-collections/community.general/pull/4816).
+      - redhat_subscription - fix unsubscribing on RHEL 9 (https://github.com/ansible-collections/community.general/issues/4741).
+      - sudoers - ensure sudoers config files are created with the permissions requested
+        by sudoers (0440) (https://github.com/ansible-collections/community.general/pull/4814).
+      release_summary: Bugfix release.
+    fragments:
+    - 4809-redhat_subscription-unsubscribe.yaml
+    - 4810-alternatives-bug.yml
+    - 4813-fix-nmcli-convert-list.yaml
+    - 4814-sudoers-file-permissions.yml
+    - 4816-proxmox-fix-extended-status.yaml
+    - 4836-alternatives.yml
+    - 5.1.1.yml
+    release_date: '2022-06-14'
+  5.2.0:
+    changes:
+      bugfixes:
+      - Include ``PSF-license.txt`` file for ``plugins/module_utils/_mount.py``.
+      - redfish_command - fix the check if a virtual media is unmounted to just check
+        for ``instered= false`` caused by Supermicro hardware that does not clear
+        the ``ImageName`` (https://github.com/ansible-collections/community.general/pull/4839).
+      - redfish_command - the Supermicro Redfish implementation only supports the
+        ``image_url`` parameter in the underlying API calls to ``VirtualMediaInsert``
+        and ``VirtualMediaEject``. Any values set (or the defaults) for ``write_protected``
+        or ``inserted`` will be ignored (https://github.com/ansible-collections/community.general/pull/4839).
+      - 'sudoers - fix incorrect handling of ``state: absent`` (https://github.com/ansible-collections/community.general/issues/4852).'
+      minor_changes:
+      - cmd_runner module utils - add ``__call__`` method to invoke context (https://github.com/ansible-collections/community.general/pull/4791).
+      - passwordstore lookup plugin - allow using alternative password managers by
+        detecting wrapper scripts, allow explicit configuration of pass and gopass
+        backends (https://github.com/ansible-collections/community.general/issues/4766).
+      - sudoers - will attempt to validate the proposed sudoers rule using visudo
+        if available, optionally skipped, or required (https://github.com/ansible-collections/community.general/pull/4794,
+        https://github.com/ansible-collections/community.general/issues/4745).
+      release_summary: Regular bugfix and feature release.
+    fragments:
+    - 4780-passwordstore-wrapper-compat.yml
+    - 4791-cmd-runner-callable.yaml
+    - 4794-sudoers-validation.yml
+    - 4839-fix-VirtualMediaInsert-Supermicro.yml
+    - 4852-sudoers-state-absent.yml
+    - 5.2.0.yml
+    - psf-license.yml
+    modules:
+    - description: Set or delete a passphrase using the Operating System's native
+        keyring
+      name: keyring
+      namespace: system
+    - description: Get a passphrase using the Operating System's native keyring
+      name: keyring_info
+      namespace: system
+    - description: Scaleway compute - private network management
+      name: scaleway_compute_private_network
+      namespace: cloud.scaleway
+    release_date: '2022-06-21'
+  5.3.0:
+    changes:
+      bugfixes:
+      - cmd_runner module utils - fix bug caused by using the ``command`` variable
+        instead of ``self.command`` when looking for binary path (https://github.com/ansible-collections/community.general/pull/4903).
+      - dsv lookup plugin - do not ignore the ``tld`` parameter (https://github.com/ansible-collections/community.general/pull/4911).
+      - lxd connection plugin - fix incorrect ``inventory_hostname`` in ``remote_addr``.
+        This is needed for compatibility with ansible-core 2.13 (https://github.com/ansible-collections/community.general/issues/4886).
+      - proxmox inventory plugin - fix crash when ``enabled=1`` is used in agent config
+        string (https://github.com/ansible-collections/community.general/pull/4910).
+      - rax_clb_nodes - fix code to be compatible with Python 3 (https://github.com/ansible-collections/community.general/pull/4933).
+      - redfish_info - fix to ``GetChassisPower`` to correctly report power information
+        when multiple chassis exist, but not all chassis report power information
+        (https://github.com/ansible-collections/community.general/issues/4901).
+      minor_changes:
+      - machinectl become plugin - can now be used with a password from another user
+        than root, if a polkit rule is present (https://github.com/ansible-collections/community.general/pull/4849).
+      - opentelemetry callback plugin - allow configuring opentelementry callback
+        via config file (https://github.com/ansible-collections/community.general/pull/4916).
+      - redfish_info - add ``GetManagerInventory`` to report list of Manager inventory
+        information (https://github.com/ansible-collections/community.general/issues/4899).
+      release_summary: Regular bugfix and feature release.
+    fragments:
+    - 4849-add-password-prompt-support-for-machinectl.yml
+    - 4886-fix-lxd-inventory-hostname.yml
+    - 4899-add-GetManagerInventory-for-redfish_info.yml
+    - 4901-fix-redfish-chassispower.yml
+    - 4903-cmdrunner-bugfix.yaml
+    - 4910-fix-for-agent-enabled.yml
+    - 4911-dsv-honor-tld-option.yml
+    - 4916-opentelemetry-ini-options.yaml
+    - 4933-fix-rax-clb-nodes.yaml
+    - 5.3.0.yml
+    release_date: '2022-07-12'

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: community
 name: general
-version: 5.1.0
+version: 5.3.0
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)

meta/runtime.yml

@@ -608,6 +608,10 @@ plugin_routing:
       redirect: community.general.identity.keycloak.keycloak_role
     keycloak_user_federation:
       redirect: community.general.identity.keycloak.keycloak_user_federation
+    keyring:
+      redirect: community.general.system.keyring
+    keyring_info:
+      redirect: community.general.system.keyring_info
     kibana_plugin:
       redirect: community.general.database.misc.kibana_plugin
     kubevirt_cdi_upload:
@@ -1357,6 +1361,8 @@ plugin_routing:
       redirect: community.general.notification.say
     scaleway_compute:
       redirect: community.general.cloud.scaleway.scaleway_compute
+    scaleway_compute_private_network:
+      redirect: community.general.cloud.scaleway.scaleway_compute_private_network
     scaleway_database_backup:
       redirect: community.general.cloud.scaleway.scaleway_database_backup
     scaleway_image_facts:

plugins/become/machinectl.py

@@ -66,15 +66,46 @@ DOCUMENTATION = '''
             ini:
               - section: machinectl_become_plugin
                 key: password
+    notes:
+      - When not using this plugin with user C(root), it only works correctly with a polkit rule which will alter
+        the behaviour of machinectl. This rule must alter the prompt behaviour to ask directly for the user credentials,
+        if the user is allowed to perform the action (take a look at the examples section).
+        If such a rule is not present the plugin only work if it is used in context with the root user,
+        because then no further prompt will be shown by machinectl.
 '''
 
+EXAMPLES = r'''
+# A polkit rule needed to use the module with a non-root user.
+# See the Notes section for details.
+60-machinectl-fast-user-auth.rules: |
+    polkit.addRule(function(action, subject) {
+        if(action.id == "org.freedesktop.machine1.host-shell" && subject.isInGroup("wheel")) {
+            return polkit.Result.AUTH_SELF_KEEP;
+        }
+    });
+'''
+
+from re import compile as re_compile
+
 from ansible.plugins.become import BecomeBase
+from ansible.module_utils._text import to_bytes
+
+
+ansi_color_codes = re_compile(to_bytes(r'\x1B\[[0-9;]+m'))
 
 
 class BecomeModule(BecomeBase):
 
     name = 'community.general.machinectl'
 
+    prompt = 'Password: '
+    fail = ('==== AUTHENTICATION FAILED ====',)
+    success = ('==== AUTHENTICATION COMPLETE ====',)
+
+    @staticmethod
+    def remove_ansi_codes(line):
+        return ansi_color_codes.sub(b"", line)
+
     def build_become_command(self, cmd, shell):
         super(BecomeModule, self).build_become_command(cmd, shell)
 
@@ -86,3 +117,15 @@ class BecomeModule(BecomeBase):
         flags = self.get_option('become_flags')
         user = self.get_option('become_user')
         return '%s -q shell %s %s@ %s' % (become, flags, user, cmd)
+
+    def check_success(self, b_output):
+        b_output = self.remove_ansi_codes(b_output)
+        return super().check_success(b_output)
+
+    def check_incorrect_password(self, b_output):
+        b_output = self.remove_ansi_codes(b_output)
+        return super().check_incorrect_password(b_output)
+
+    def check_missing_password(self, b_output):
+        b_output = self.remove_ansi_codes(b_output)
+        return super().check_missing_password(b_output)

plugins/callback/log_plays.py

@@ -12,7 +12,7 @@ DOCUMENTATION = '''
     type: notification
     short_description: write playbook output to log file
     description:
-      - This callback writes playbook output to a file per host in the `/var/log/ansible/hosts` directory
+      - This callback writes playbook output to a file per host in the C(/var/log/ansible/hosts) directory
     requirements:
      - Whitelist in configuration
      - A writeable /var/log/ansible/hosts directory by the user executing Ansible on the controller

plugins/callback/opentelemetry.py

@@ -24,6 +24,10 @@ DOCUMENTATION = '''
           - Hide the arguments for a task.
         env:
           - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS
+        ini:
+          - section: callback_opentelemetry
+            key: hide_task_arguments
+            version_added: 5.3.0
       enable_from_environment:
         type: str
         description:
@@ -34,6 +38,10 @@ DOCUMENTATION = '''
             and if set to true this plugin will be enabled.
         env:
           - name: ANSIBLE_OPENTELEMETRY_ENABLE_FROM_ENVIRONMENT
+        ini:
+          - section: callback_opentelemetry
+            key: enable_from_environment
+            version_added: 5.3.0
         version_added: 3.8.0
       otel_service_name:
         default: ansible
@@ -42,6 +50,10 @@ DOCUMENTATION = '''
           - The service name resource attribute.
         env:
           - name: OTEL_SERVICE_NAME
+        ini:
+          - section: callback_opentelemetry
+            key: otel_service_name
+            version_added: 5.3.0
       traceparent:
         default: None
         type: str
@@ -61,11 +73,14 @@ examples: |
   Enable the plugin in ansible.cfg:
     [defaults]
     callbacks_enabled = community.general.opentelemetry
+    [callback_opentelemetry]
+    enable_from_environment = ANSIBLE_OPENTELEMETRY_ENABLED
 
   Set the environment variable:
     export OTEL_EXPORTER_OTLP_ENDPOINT=<your endpoint (OTLP/HTTP)>
     export OTEL_EXPORTER_OTLP_HEADERS="authorization=Bearer your_otel_token"
     export OTEL_SERVICE_NAME=your_service_name
+    export ANSIBLE_OPENTELEMETRY_ENABLED=true
 '''
 
 import getpass

plugins/callback/selective.py

@@ -14,9 +14,9 @@ DOCUMENTATION = '''
       - set as main display callback
     short_description: only print certain tasks
     description:
-      - This callback only prints tasks that have been tagged with `print_action` or that have failed.
+      - This callback only prints tasks that have been tagged with C(print_action) or that have failed.
         This allows operators to focus on the tasks that provide value only.
-      - Tasks that are not printed are placed with a '.'.
+      - Tasks that are not printed are placed with a C(.).
       - If you increase verbosity all tasks are printed.
     options:
       nocolor:

plugins/connection/lxd.py

@@ -18,6 +18,7 @@ DOCUMENTATION = '''
             - Container identifier.
         default: inventory_hostname
         vars:
+            - name: inventory_hostname
             - name: ansible_host
             - name: ansible_lxd_host
       executable:
@@ -61,7 +62,6 @@ class Connection(ConnectionBase):
     def __init__(self, play_context, new_stdin, *args, **kwargs):
         super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
 
-        self._host = self._play_context.remote_addr
         try:
             self._lxc_cmd = get_bin_path("lxc")
         except ValueError:
@@ -75,14 +75,14 @@ class Connection(ConnectionBase):
         super(Connection, self)._connect()
 
         if not self._connected:
-            self._display.vvv(u"ESTABLISH LXD CONNECTION FOR USER: root", host=self._host)
+            self._display.vvv(u"ESTABLISH LXD CONNECTION FOR USER: root", host=self.get_option('remote_addr'))
             self._connected = True
 
     def exec_command(self, cmd, in_data=None, sudoable=True):
         """ execute a command on the lxd host """
         super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
 
-        self._display.vvv(u"EXEC {0}".format(cmd), host=self._host)
+        self._display.vvv(u"EXEC {0}".format(cmd), host=self.get_option('remote_addr'))
 
         local_cmd = [self._lxc_cmd]
         if self.get_option("project"):
@@ -104,10 +104,10 @@ class Connection(ConnectionBase):
         stderr = to_text(stderr)
 
         if stderr == "error: Container is not running.\n":
-            raise AnsibleConnectionFailure("container not running: %s" % self._host)
+            raise AnsibleConnectionFailure("container not running: %s" % self.get_option('remote_addr'))
 
         if stderr == "error: not found\n":
-            raise AnsibleConnectionFailure("container not found: %s" % self._host)
+            raise AnsibleConnectionFailure("container not found: %s" % self.get_option('remote_addr'))
 
         return process.returncode, stdout, stderr
 
@@ -115,7 +115,7 @@ class Connection(ConnectionBase):
         """ put a file from local to lxd """
         super(Connection, self).put_file(in_path, out_path)
 
-        self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), host=self._host)
+        self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), host=self.get_option('remote_addr'))
 
         if not os.path.isfile(to_bytes(in_path, errors='surrogate_or_strict')):
             raise AnsibleFileNotFound("input path is not a file: %s" % in_path)
@@ -138,7 +138,7 @@ class Connection(ConnectionBase):
         """ fetch a file from lxd to local """
         super(Connection, self).fetch_file(in_path, out_path)
 
-        self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), host=self._host)
+        self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), host=self.get_option('remote_addr'))
 
         local_cmd = [self._lxc_cmd]
         if self.get_option("project"):

plugins/filter/counter.py

@@ -21,7 +21,7 @@ DOCUMENTATION = '''
 '''
 
 EXAMPLES = '''
-- name: Count occurences
+- name: Count occurrences
   ansible.builtin.debug:
     msg: >-
       {{ [1, 'a', 2, 2, 'a', 'b', 'a'] | community.general.counter }}
@@ -30,7 +30,7 @@ EXAMPLES = '''
 
 RETURN = '''
   _value:
-    description: A dictionary with the elements of the sequence as keys, and their number of occurance in the sequence as values.
+    description: A dictionary with the elements of the sequence as keys, and their number of occurrences in the sequence as values.
     type: dictionary
 '''
 

plugins/filter/jc.py

@@ -38,7 +38,7 @@ DOCUMENTATION = '''
     parser:
       description:
         - The correct parser for the input data.
-        - For exmaple C(ifconfig).
+        - For example C(ifconfig).
         - See U(https://github.com/kellyjonbrazil/jc#parsers) for the latest list of parsers.
       type: string
       required: true

plugins/inventory/cobbler.py

@@ -213,7 +213,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                         self.inventory.add_child(parent_group_name, group_name)
             else:
                 self.display.vvvv('Processing profile %s without parent\n' % profile['name'])
-                # Create a heirarchy of profile names
+                # Create a hierarchy of profile names
                 profile_elements = profile['name'].split('-')
                 i = 0
                 while i < len(profile_elements) - 1:

plugins/inventory/lxd.py

@@ -522,7 +522,7 @@ class InventoryModule(BaseInventoryPlugin):
         """Helper to save data
 
         Helper to save the data in self.data
-        Detect if data is allready in branch and use dict_merge() to prevent that branch is overwritten.
+        Detect if data is already in branch and use dict_merge() to prevent that branch is overwritten.
 
         Args:
             str(instance_name): name of instance

plugins/inventory/proxmox.py

@@ -412,12 +412,20 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                         properties[parsed_key] = [tag.strip() for tag in stripped_value.split(",")]
 
                 # The first field in the agent string tells you whether the agent is enabled
-                # the rest of the comma separated string is extra config for the agent
-                if config == 'agent' and int(value.split(',')[0]):
-                    agent_iface_value = self._get_agent_network_interfaces(node, vmid, vmtype)
-                    if agent_iface_value:
-                        agent_iface_key = self.to_safe('%s%s' % (key, "_interfaces"))
-                        properties[agent_iface_key] = agent_iface_value
+                # the rest of the comma separated string is extra config for the agent.
+                # In some (newer versions of proxmox) instances it can be 'enabled=1'.
+                if config == 'agent':
+                    agent_enabled = 0
+                    try:
+                        agent_enabled = int(value.split(',')[0])
+                    except ValueError:
+                        if value.split(',')[0] == "enabled=1":
+                            agent_enabled = 1
+                    if agent_enabled:
+                        agent_iface_value = self._get_agent_network_interfaces(node, vmid, vmtype)
+                        if agent_iface_value:
+                            agent_iface_key = self.to_safe('%s%s' % (key, "_interfaces"))
+                            properties[agent_iface_key] = agent_iface_value
 
                 if config == 'lxc':
                     out_val = {}
@@ -443,7 +451,8 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
     def _get_vm_status(self, properties, node, vmid, vmtype, name):
         ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/status/current" % (self.proxmox_url, node, vmtype, vmid))
         properties[self._fact('status')] = ret['status']
-        properties[self._fact('qmpstatus')] = ret['qmpstatus']
+        if vmtype == 'qemu':
+            properties[self._fact('qmpstatus')] = ret['qmpstatus']
 
     def _get_vm_snapshots(self, properties, node, vmid, vmtype, name):
         ret = self._get_json("%s/api2/json/nodes/%s/%s/%s/snapshot" % (self.proxmox_url, node, vmtype, vmid))

plugins/lookup/chef_databag.py

@@ -16,7 +16,7 @@ DOCUMENTATION = '''
          The lookup order mirrors the one from Chef, all folders in the base path are walked back looking for the following configuration
          file in order : .chef/knife.rb, ~/.chef/knife.rb, /etc/chef/client.rb"
     requirements:
-        - "pychef (python library https://pychef.readthedocs.io `pip install pychef`)"
+        - "pychef (L(Python library, https://pychef.readthedocs.io), C(pip install pychef))"
     options:
         name:
           description:

plugins/lookup/dsv.py

@@ -122,6 +122,7 @@ class LookupModule(LookupBase):
                 "tenant": self.get_option("tenant"),
                 "client_id": self.get_option("client_id"),
                 "client_secret": self.get_option("client_secret"),
+                "tld": self.get_option("tld"),
                 "url_template": self.get_option("url_template"),
             }
         )

plugins/lookup/passwordstore.py

@@ -106,6 +106,22 @@ DOCUMENTATION = '''
         type: str
         default: 15m
         version_added: 4.5.0
+      backend:
+        description:
+          - Specify which backend to use.
+          - Defaults to C(pass), passwordstore.org's original pass utility.
+          - C(gopass) support is incomplete.
+        ini:
+          - section: passwordstore_lookup
+            key: backend
+        vars:
+          - name: passwordstore_backend
+        type: str
+        default: pass
+        choices:
+          - pass
+          - gopass
+        version_added: 5.2.0
 '''
 EXAMPLES = """
 ansible.cfg: |
@@ -231,6 +247,24 @@ def check_output2(*popenargs, **kwargs):
 
 
 class LookupModule(LookupBase):
+    def __init__(self, loader=None, templar=None, **kwargs):
+
+        super(LookupModule, self).__init__(loader, templar, **kwargs)
+        self.realpass = None
+
+    def is_real_pass(self):
+        if self.realpass is None:
+            try:
+                self.passoutput = to_text(
+                    check_output2([self.pass_cmd, "--version"], env=self.env),
+                    errors='surrogate_or_strict'
+                )
+                self.realpass = 'pass: the standard unix password manager' in self.passoutput
+            except (subprocess.CalledProcessError) as e:
+                raise AnsibleError(e)
+
+        return self.realpass
+
     def parse_params(self, term):
         # I went with the "traditional" param followed with space separated KV pairs.
         # Waiting for final implementation of lookup parameter parsing.
@@ -270,10 +304,12 @@ class LookupModule(LookupBase):
             self.env = os.environ.copy()
             self.env['LANGUAGE'] = 'C'  # make sure to get errors in English as required by check_output2
 
-            # Set PASSWORD_STORE_DIR
-            if os.path.isdir(self.paramvals['directory']):
+            if self.backend == 'gopass':
+                self.env['GOPASS_NO_REMINDER'] = "YES"
+            elif os.path.isdir(self.paramvals['directory']):
+                # Set PASSWORD_STORE_DIR
                 self.env['PASSWORD_STORE_DIR'] = self.paramvals['directory']
-            else:
+            elif self.is_real_pass():
                 raise AnsibleError('Passwordstore directory \'{0}\' does not exist'.format(self.paramvals['directory']))
 
             # Set PASSWORD_STORE_UMASK if umask is set
@@ -288,7 +324,9 @@ class LookupModule(LookupBase):
     def check_pass(self):
         try:
             self.passoutput = to_text(
-                check_output2(["pass", "show", self.passname], env=self.env),
+                check_output2([self.pass_cmd, 'show'] +
+                              (['--password'] if self.backend == 'gopass' else []) +
+                              [self.passname], env=self.env),
                 errors='surrogate_or_strict'
             ).splitlines()
             self.password = self.passoutput[0]
@@ -302,8 +340,10 @@ class LookupModule(LookupBase):
                     if ':' in line:
                         name, value = line.split(':', 1)
                         self.passdict[name.strip()] = value.strip()
-            if os.path.isfile(os.path.join(self.paramvals['directory'], self.passname + ".gpg")):
-                # Only accept password as found, if there a .gpg file for it (might be a tree node otherwise)
+            if (self.backend == 'gopass' or
+                    os.path.isfile(os.path.join(self.paramvals['directory'], self.passname + ".gpg"))
+                    or not self.is_real_pass()):
+                # When using real pass, only accept password as found if there is a .gpg file for it (might be a tree node otherwise)
                 return True
         except (subprocess.CalledProcessError) as e:
             # 'not in password store' is the expected error if a password wasn't found
@@ -339,7 +379,7 @@ class LookupModule(LookupBase):
         if self.paramvals['backup']:
             msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
         try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
+            check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
             raise AnsibleError(e)
         return newpass
@@ -351,7 +391,7 @@ class LookupModule(LookupBase):
         datetime = time.strftime("%d/%m/%Y %H:%M:%S")
         msg = newpass + '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
         try:
-            check_output2(['pass', 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
+            check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
             raise AnsibleError(e)
         return newpass
@@ -380,6 +420,8 @@ class LookupModule(LookupBase):
             yield
 
     def setup(self, variables):
+        self.backend = self.get_option('backend')
+        self.pass_cmd = self.backend  # pass and gopass are commands as well
         self.locked = None
         timeout = self.get_option('locktimeout')
         if not re.match('^[0-9]+[smh]$', timeout):
@@ -402,6 +444,7 @@ class LookupModule(LookupBase):
         }
 
     def run(self, terms, variables, **kwargs):
+        self.set_options(var_options=variables, direct=kwargs)
         self.setup(variables)
         result = []
 

plugins/module_utils/_mount.py

@@ -3,51 +3,7 @@
 # This particular file snippet, and this file snippet only, is based on
 # Lib/posixpath.py of cpython
 # It is licensed under the PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
-#
-# 1. This LICENSE AGREEMENT is between the Python Software Foundation
-# ("PSF"), and the Individual or Organization ("Licensee") accessing and
-# otherwise using this software ("Python") in source or binary form and
-# its associated documentation.
-#
-# 2. Subject to the terms and conditions of this License Agreement, PSF hereby
-# grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
-# analyze, test, perform and/or display publicly, prepare derivative works,
-# distribute, and otherwise use Python alone or in any derivative version,
-# provided, however, that PSF's License Agreement and PSF's notice of copyright,
-# i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
-# 2011, 2012, 2013, 2014, 2015 Python Software Foundation; All Rights Reserved"
-# are retained in Python alone or in any derivative version prepared by Licensee.
-#
-# 3. In the event Licensee prepares a derivative work that is based on
-# or incorporates Python or any part thereof, and wants to make
-# the derivative work available to others as provided herein, then
-# Licensee hereby agrees to include in any such work a brief summary of
-# the changes made to Python.
-#
-# 4. PSF is making Python available to Licensee on an "AS IS"
-# basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
-# IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
-# DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
-# FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
-# INFRINGE ANY THIRD PARTY RIGHTS.
-#
-# 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
-# FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
-# A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
-# OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
-#
-# 6. This License Agreement will automatically terminate upon a material
-# breach of its terms and conditions.
-#
-# 7. Nothing in this License Agreement shall be deemed to create any
-# relationship of agency, partnership, or joint venture between PSF and
-# Licensee.  This License Agreement does not grant permission to use PSF
-# trademarks or trade name in a trademark sense to endorse or promote
-# products or services of Licensee, or any third party.
-#
-# 8. By copying, installing or otherwise using Python, Licensee
-# agrees to be bound by the terms and conditions of this License
-# Agreement.
+# (See PSF-license.txt in this collection)
 
 from __future__ import absolute_import, division, print_function
 

plugins/module_utils/cmd_runner.py

@@ -191,13 +191,13 @@ class CmdRunner(object):
             environ_update = {}
         self.environ_update = environ_update
 
-        self.command[0] = module.get_bin_path(command[0], opt_dirs=path_prefix, required=True)
+        self.command[0] = module.get_bin_path(self.command[0], opt_dirs=path_prefix, required=True)
 
         for mod_param_name, spec in iteritems(module.argument_spec):
             if mod_param_name not in self.arg_formats:
                 self.arg_formats[mod_param_name] = _Format.as_default_type(spec['type'], mod_param_name)
 
-    def context(self, args_order=None, output_process=None, ignore_value_none=True, check_mode_skip=False, check_mode_return=None, **kwargs):
+    def __call__(self, args_order=None, output_process=None, ignore_value_none=True, check_mode_skip=False, check_mode_return=None, **kwargs):
         if output_process is None:
             output_process = _process_as_is
         if args_order is None:
@@ -216,6 +216,9 @@ class CmdRunner(object):
     def has_arg_format(self, arg):
         return arg in self.arg_formats
 
+    # not decided whether to keep it or not, but if deprecating it will happen in a farther future.
+    context = __call__
+
 
 class _CmdRunnerContext(object):
     def __init__(self, runner, args_order, output_process, ignore_value_none, check_mode_skip, check_mode_return, **kwargs):

plugins/module_utils/hwc_utils.py

@@ -351,7 +351,7 @@ def wait_to_finish(target, pending, refresh, timeout, min_interval=1, delay=3):
 
             if pending and status not in pending:
                 raise HwcModuleException(
-                    "unexpect status(%s) occured" % status)
+                    "unexpect status(%s) occurred" % status)
 
         if not is_last_time:
             wait *= 2

plugins/module_utils/ilo_redfish_utils.py

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
 # Copyright (c) 2021-2022 Hewlett Packard Enterprise, Inc. All rights reserved.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

plugins/module_utils/opennebula.py

@@ -83,12 +83,12 @@ class OpenNebulaModule:
         if self.module.params.get("api_username"):
             username = self.module.params.get("api_username")
         else:
-            self.fail("Either api_username or the environment vairable ONE_USERNAME must be provided")
+            self.fail("Either api_username or the environment variable ONE_USERNAME must be provided")
 
         if self.module.params.get("api_password"):
             password = self.module.params.get("api_password")
         else:
-            self.fail("Either api_password or the environment vairable ONE_PASSWORD must be provided")
+            self.fail("Either api_password or the environment variable ONE_PASSWORD must be provided")
 
         session = "%s:%s" % (username, password)
 

plugins/module_utils/oracle/oci_utils.py

@@ -691,7 +691,7 @@ def check_and_create_resource(
     :param model: Model used to create a resource.
     :param exclude_attributes: The attributes which should not be used to distinguish the resource. e.g. display_name,
      dns_label.
-    :param dead_states: List of states which can't transition to any of the usable states of the resource. This deafults
+    :param dead_states: List of states which can't transition to any of the usable states of the resource. This defaults
     to ["TERMINATING", "TERMINATED", "FAULTY", "FAILED", "DELETING", "DELETED", "UNKNOWN_ENUM_VALUE"]
     :param default_attribute_values: A dictionary containing default values for attributes.
     :return: A dictionary containing the resource & the "changed" status. e.g. {"vcn":{x:y}, "changed":True}
@@ -1189,7 +1189,7 @@ def are_dicts_equal(
 
 
 def should_dict_attr_be_excluded(map_option_name, option_key, exclude_list):
-    """An entry for the Exclude list for excluding a map's key is specifed as a dict with the map option name as the
+    """An entry for the Exclude list for excluding a map's key is specified as a dict with the map option name as the
     key, and the value as a list of keys to be excluded within that map. For example, if the keys "k1" and "k2" of a map
     option named "m1" needs to be excluded, the exclude list must have an entry {'m1': ['k1','k2']} """
     for exclude_item in exclude_list:

plugins/module_utils/redfish_utils.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright (c) 2017-2018 Dell EMC Inc.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
@@ -1888,14 +1888,13 @@ class RedfishUtils(object):
                         for property in properties:
                             if property in data:
                                 chassis_power_result[property] = data[property]
-                else:
-                    return {'ret': False, 'msg': 'Key PowerControl not found.'}
                 chassis_power_results.append(chassis_power_result)
-            else:
-                return {'ret': False, 'msg': 'Key Power not found.'}
 
-        result['entries'] = chassis_power_results
-        return result
+        if len(chassis_power_results) > 0:
+            result['entries'] = chassis_power_results
+            return result
+        else:
+            return {'ret': False, 'msg': 'Power information not found.'}
 
     def get_chassis_thermals(self):
         result = {}
@@ -2187,9 +2186,8 @@ class RedfishUtils(object):
             else:
                 if media_match_strict:
                     continue
-            # if ejected, 'Inserted' should be False and 'ImageName' cleared
-            if (not data.get('Inserted', False) and
-                    not data.get('ImageName')):
+            # if ejected, 'Inserted' should be False
+            if (not data.get('Inserted', False)):
                 return uri, data
         return None, None
 
@@ -2225,7 +2223,7 @@ class RedfishUtils(object):
         return resources, headers
 
     @staticmethod
-    def _insert_virt_media_payload(options, param_map, data, ai):
+    def _insert_virt_media_payload(options, param_map, data, ai, image_only=False):
         payload = {
             'Image': options.get('image_url')
         }
@@ -2239,6 +2237,12 @@ class RedfishUtils(object):
                                        options.get(option), option,
                                        allowable)}
                 payload[param] = options.get(option)
+
+        # Some hardware (such as iLO 4 or Supermicro) only supports the Image property
+        # Inserted and WriteProtected are not writable
+        if image_only:
+            del payload['Inserted']
+            del payload['WriteProtected']
         return payload
 
     def virtual_media_insert_via_patch(self, options, param_map, uri, data, image_only=False):
@@ -2247,16 +2251,10 @@ class RedfishUtils(object):
                    {'AllowableValues': v}) for k, v in data.items()
                   if k.endswith('@Redfish.AllowableValues'))
         # construct payload
-        payload = self._insert_virt_media_payload(options, param_map, data, ai)
-        if 'Inserted' not in payload:
+        payload = self._insert_virt_media_payload(options, param_map, data, ai, image_only)
+        if 'Inserted' not in payload and not image_only:
             payload['Inserted'] = True
 
-        # Some hardware (such as iLO 4) only supports the Image property on the PATCH operation
-        # Inserted and WriteProtected are not writable
-        if image_only:
-            del payload['Inserted']
-            del payload['WriteProtected']
-
         # PATCH the resource
         response = self.patch_request(self.root_uri + uri, payload)
         if response['ret'] is False:
@@ -2292,6 +2290,13 @@ class RedfishUtils(object):
         if data["FirmwareVersion"].startswith("iLO 4"):
             image_only = True
 
+        # Supermicro does also not support Inserted and WriteProtected
+        # Supermicro uses as firmware version only a number so we can't check for it because we
+        # can't be sure that this firmware version is nut used by another vendor
+        # Tested with Supermicro Firmware 01.74.02
+        if 'Supermicro' in data['Oem']:
+            image_only = True
+
         virt_media_uri = data["VirtualMedia"]["@odata.id"]
         response = self.get_request(self.root_uri + virt_media_uri)
         if response['ret'] is False:
@@ -2346,7 +2351,7 @@ class RedfishUtils(object):
         # get ActionInfo or AllowableValues
         ai = self._get_all_action_info_values(action)
         # construct payload
-        payload = self._insert_virt_media_payload(options, param_map, data, ai)
+        payload = self._insert_virt_media_payload(options, param_map, data, ai, image_only)
         # POST to action
         response = self.post_request(self.root_uri + action_uri, payload)
         if response['ret'] is False:
@@ -2392,6 +2397,9 @@ class RedfishUtils(object):
         if data["FirmwareVersion"].startswith("iLO 4"):
             image_only = True
 
+        if 'Supermicro' in data['Oem']:
+            image_only = True
+
         virt_media_uri = data["VirtualMedia"]["@odata.id"]
         response = self.get_request(self.root_uri + virt_media_uri)
         if response['ret'] is False:
@@ -3020,3 +3028,26 @@ class RedfishUtils(object):
         if not result["entries"]:
             return {'ret': False, 'msg': "No HostInterface objects found"}
         return result
+
+    def get_manager_inventory(self, manager_uri):
+        result = {}
+        inventory = {}
+        # Get these entries, but does not fail if not found
+        properties = ['FirmwareVersion', 'ManagerType', 'Manufacturer', 'Model',
+                      'PartNumber', 'PowerState', 'SerialNumber', 'Status', 'UUID']
+
+        response = self.get_request(self.root_uri + manager_uri)
+        if response['ret'] is False:
+            return response
+        result['ret'] = True
+        data = response['data']
+
+        for property in properties:
+            if property in data:
+                inventory[property] = data[property]
+
+        result["entries"] = inventory
+        return result
+
+    def get_multi_manager_inventory(self):
+        return self.aggregate_managers(self.get_manager_inventory)

plugins/modules/cloud/lxd/lxd_container.py

@@ -191,10 +191,10 @@ notes:
     2.1, the later requires python to be installed in the instance which can
     be done with the command module.
   - You can copy a file from the host to the instance
-    with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) module and the `lxd` connection plugin.
+    with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) module and the C(community.general.lxd) connection plugin.
     See the example below.
   - You can copy a file in the created instance to the localhost
-    with `command=lxc file pull instance_name/dir/filename filename`.
+    with C(command=lxc file pull instance_name/dir/filename filename).
     See the first example below.
 '''
 

plugins/modules/cloud/lxd/lxd_profile.py

@@ -360,7 +360,7 @@ class LXDProfileManagement(object):
         )
 
     def _merge_dicts(self, source, destination):
-        """Merge Dictionarys
+        """Merge Dictionaries
 
         Get a list of filehandle numbers from logger to be handed to
         DaemonContext.files_preserve

plugins/modules/cloud/lxd/lxd_project.py

@@ -303,7 +303,7 @@ class LXDProjectManagement(object):
         )
 
     def _merge_dicts(self, source, destination):
-        """ Return a new dict taht merge two dict,
+        """ Return a new dict that merge two dict,
         with values in source dict overwrite destination dict
 
         Args:

plugins/modules/cloud/misc/proxmox_kvm.py

@@ -83,7 +83,7 @@ options:
     version_added: 1.3.0
   clone:
     description:
-      - Name of VM to be cloned. If C(vmid) is setted, C(clone) can take arbitrary value but required for initiating the clone.
+      - Name of VM to be cloned. If I(vmid) is set, I(clone) can take an arbitrary value but is required for initiating the clone.
     type: str
   cores:
     description:
@@ -1204,12 +1204,12 @@ def main():
         # Ensure source VM id exists when cloning
         proxmox.get_vm(vmid)
 
-        # Ensure the choosen VM name doesn't already exist when cloning
+        # Ensure the chosen VM name doesn't already exist when cloning
         existing_vmid = proxmox.get_vmid(name, ignore_missing=True)
         if existing_vmid:
             module.exit_json(changed=False, vmid=existing_vmid, msg="VM with name <%s> already exists" % name)
 
-        # Ensure the choosen VM id doesn't already exist when cloning
+        # Ensure the chosen VM id doesn't already exist when cloning
         if proxmox.get_vm(newid, ignore_missing=True):
             module.exit_json(changed=False, vmid=vmid, msg="vmid %s with VM name %s already exists" % (newid, name))
 

plugins/modules/cloud/misc/serverless.py

@@ -107,7 +107,7 @@ state:
   returned: always
 command:
   type: str
-  description: Full `serverless` command run by this module, in case you want to re-run the command outside the module.
+  description: Full C(serverless) command run by this module, in case you want to re-run the command outside the module.
   returned: always
   sample: serverless deploy --stage production
 '''

plugins/modules/cloud/misc/terraform.py

@@ -67,7 +67,7 @@ options:
   state_file:
     description:
       - The path to an existing Terraform state file to use when building plan.
-        If this is not specified, the default `terraform.tfstate` will be used.
+        If this is not specified, the default C(terraform.tfstate) will be used.
       - This option is ignored when plan is specified.
     type: path
   variables_files:
@@ -103,7 +103,7 @@ options:
   force_init:
     description:
       - To avoid duplicating infra, if a state file can't be found this will
-        force a `terraform init`. Generally, this should be turned off unless
+        force a C(terraform init). Generally, this should be turned off unless
         you intend to provision an entirely new Terraform deployment.
     default: false
     type: bool
@@ -149,7 +149,7 @@ options:
     type: int
     version_added: '3.8.0'
 notes:
-   - To just run a `terraform plan`, use check mode.
+   - To just run a C(terraform plan), use check mode.
 requirements: [ "terraform" ]
 author: "Ryan Scott Brown (@ryansb)"
 '''
@@ -205,7 +205,7 @@ EXAMPLES = """
 RETURN = """
 outputs:
   type: complex
-  description: A dictionary of all the TF outputs by their assigned name. Use `.outputs.MyOutputName.value` to access the value.
+  description: A dictionary of all the TF outputs by their assigned name. Use C(.outputs.MyOutputName.value) to access the value.
   returned: on success
   sample: '{"bukkit_arn": {"sensitive": false, "type": "string", "value": "arn:aws:s3:::tf-test-bukkit"}'
   contains:
@@ -223,12 +223,12 @@ outputs:
       description: The value of the output as interpolated by Terraform
 stdout:
   type: str
-  description: Full `terraform` command stdout, in case you want to display it or examine the event log
+  description: Full C(terraform) command stdout, in case you want to display it or examine the event log
   returned: always
   sample: ''
 command:
   type: str
-  description: Full `terraform` command built by this module, in case you want to re-run the command outside the module or debug a problem.
+  description: Full C(terraform) command built by this module, in case you want to re-run the command outside the module or debug a problem.
   returned: always
   sample: terraform apply ...
 """

plugins/modules/cloud/rackspace/rax_clb_nodes.py

@@ -252,7 +252,8 @@ def main():
                 'weight': weight,
             }
 
-            for name, value in mutable.items():
+            for name in list(mutable):
+                value = mutable[name]
                 if value is None or value == getattr(node, name):
                     mutable.pop(name)
 

plugins/modules/cloud/rackspace/rax_mon_check.py

@@ -75,15 +75,15 @@ options:
   target_hostname:
     type: str
     description:
-    - One of `target_hostname` and `target_alias` is required for remote.* checks,
+    - One of I(target_hostname) and I(target_alias) is required for remote.* checks,
       but prohibited for agent.* checks. The hostname this check should target.
       Must be a valid IPv4, IPv6, or FQDN.
   target_alias:
     type: str
     description:
-    - One of `target_alias` and `target_hostname` is required for remote.* checks,
+    - One of I(target_alias) and I(target_hostname) is required for remote.* checks,
       but prohibited for agent.* checks. Use the corresponding key in the entity's
-      `ip_addresses` hash to resolve an IP address to target.
+      I(ip_addresses) hash to resolve an IP address to target.
   details:
     type: dict
     description:

plugins/modules/cloud/scaleway/scaleway_compute_private_network.py

@@ -0,0 +1,209 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Scaleway VPC management module
+#
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: scaleway_compute_private_network
+short_description: Scaleway compute - private network management
+version_added: 5.2.0
+author: Pascal MANGIN (@pastral)
+description:
+    - This module add or remove a private network to a compute instance
+      (U(https://developer.scaleway.com)).
+extends_documentation_fragment:
+- community.general.scaleway
+
+
+options:
+  state:
+    type: str
+    description:
+     - Indicate desired state of the VPC.
+    default: present
+    choices:
+      - present
+      - absent
+
+  project:
+    type: str
+    description:
+      - Project identifier.
+    required: true
+
+  region:
+    type: str
+    description:
+     - Scaleway region to use (for example C(par1)).
+    required: true
+    choices:
+      - ams1
+      - EMEA-NL-EVS
+      - par1
+      - EMEA-FR-PAR1
+      - par2
+      - EMEA-FR-PAR2
+      - waw1
+      - EMEA-PL-WAW1
+
+  compute_id:
+    type: str
+    description:
+    - ID of the compute instance (see M(community.general.scaleway_compute)).
+    required: true
+
+  private_network_id:
+    type: str
+    description:
+    - ID of the private network (see M(community.general.scaleway_private_network)).
+    required: true
+
+'''
+
+EXAMPLES = '''
+- name: Plug a VM to a private network
+  community.general.scaleway_compute_private_network:
+    project: '{{ scw_project }}'
+    state: present
+    region: par1
+    compute_id: "12345678-f1e6-40ec-83e5-12345d67ed89"
+    private_network_id: "22345678-f1e6-40ec-83e5-12345d67ed89"
+  register: nicsvpc_creation_task
+
+- name: Unplug a VM from a private network
+  community.general.scaleway_compute_private_network:
+    project: '{{ scw_project }}'
+    state: absent
+    region: par1
+    compute_id: "12345678-f1e6-40ec-83e5-12345d67ed89"
+    private_network_id: "22345678-f1e6-40ec-83e5-12345d67ed89"
+
+'''
+
+RETURN = '''
+scaleway_compute_private_network:
+    description: Information on the VPC.
+    returned: success when C(state=present)
+    type: dict
+    sample:
+        {
+            "created_at": "2022-01-15T11:11:12.676445Z",
+            "id": "12345678-f1e6-40ec-83e5-12345d67ed89",
+            "name": "network",
+            "organization_id": "a123b4cd-ef5g-678h-90i1-jk2345678l90",
+            "project_id": "a123b4cd-ef5g-678h-90i1-jk2345678l90",
+            "tags": [
+                "tag1",
+                "tag2",
+                "tag3",
+                "tag4",
+                "tag5"
+            ],
+            "updated_at": "2022-01-15T11:12:04.624837Z",
+            "zone": "fr-par-2"
+        }
+'''
+from ansible_collections.community.general.plugins.module_utils.scaleway import SCALEWAY_LOCATION, scaleway_argument_spec, Scaleway
+from ansible.module_utils.basic import AnsibleModule
+
+
+def get_nics_info(api, compute_id, private_network_id):
+
+    response = api.get('servers/' + compute_id + '/private_nics')
+    if not response.ok:
+        msg = "Error during get servers information: %s: '%s' (%s)" % (response.info['msg'], response.json['message'], response.json)
+        api.module.fail_json(msg=msg)
+
+    i = 0
+    list_nics = response.json['private_nics']
+
+    while i < len(list_nics):
+        if list_nics[i]['private_network_id'] == private_network_id:
+            return list_nics[i]
+        i += 1
+
+    return None
+
+
+def present_strategy(api, compute_id, private_network_id):
+
+    changed = False
+    nic = get_nics_info(api, compute_id, private_network_id)
+    if nic is not None:
+        return changed, nic
+
+    data = {"private_network_id": private_network_id}
+    changed = True
+    if api.module.check_mode:
+        return changed, {"status": "a private network would be add to a server"}
+
+    response = api.post(path='servers/' + compute_id + '/private_nics', data=data)
+
+    if not response.ok:
+        api.module.fail_json(msg='Error when adding a private network to a server [{0}: {1}]'.format(response.status_code, response.json))
+
+    return changed, response.json
+
+
+def absent_strategy(api, compute_id, private_network_id):
+
+    changed = False
+    nic = get_nics_info(api, compute_id, private_network_id)
+    if nic is None:
+        return changed, {}
+
+    changed = True
+    if api.module.check_mode:
+        return changed, {"status": "private network would be destroyed"}
+
+    response = api.delete('servers/' + compute_id + '/private_nics/' + nic['id'])
+
+    if not response.ok:
+        api.module.fail_json(msg='Error deleting private network from server [{0}: {1}]'.format(
+            response.status_code, response.json))
+
+    return changed, response.json
+
+
+def core(module):
+
+    compute_id = module.params['compute_id']
+    pn_id = module.params['private_network_id']
+
+    region = module.params["region"]
+    module.params['api_url'] = SCALEWAY_LOCATION[region]["api_endpoint"]
+
+    api = Scaleway(module=module)
+    if module.params["state"] == "absent":
+        changed, summary = absent_strategy(api=api, compute_id=compute_id, private_network_id=pn_id)
+    else:
+        changed, summary = present_strategy(api=api, compute_id=compute_id, private_network_id=pn_id)
+    module.exit_json(changed=changed, scaleway_compute_private_network=summary)
+
+
+def main():
+    argument_spec = scaleway_argument_spec()
+    argument_spec.update(dict(
+        state=dict(default='present', choices=['absent', 'present']),
+        project=dict(required=True),
+        region=dict(required=True, choices=list(SCALEWAY_LOCATION.keys())),
+        compute_id=dict(required=True),
+        private_network_id=dict(required=True)
+    ))
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        supports_check_mode=True,
+    )
+
+    core(module)
+
+
+if __name__ == '__main__':
+    main()

plugins/modules/cloud/scaleway/scaleway_user_data.py

@@ -35,7 +35,7 @@ options:
   user_data:
     type: dict
     description:
-    - User defined data. Typically used with `cloud-init`.
+    - User defined data. Typically used with C(cloud-init).
     - Pass your cloud-init script here as a string
     required: false
 

plugins/modules/cloud/xenserver/xenserver_guest.py

@@ -1207,7 +1207,7 @@ class XenServerVM(XenServerObject):
                 if (self.module.params['home_server'] and
                         (not self.vm_params['affinity'] or self.module.params['home_server'] != self.vm_params['affinity']['name_label'])):
 
-                    # Check existance only. Ignore return value.
+                    # Check existence only. Ignore return value.
                     get_object_ref(self.module, self.module.params['home_server'], uuid=None, obj_type="home server", fail=True,
                                    msg_prefix="VM check home_server: ")
 
@@ -1371,7 +1371,7 @@ class XenServerVM(XenServerObject):
                         disk_sr = disk_params.get('sr')
 
                         if disk_sr_uuid is not None or disk_sr is not None:
-                            # Check existance only. Ignore return value.
+                            # Check existence only. Ignore return value.
                             get_object_ref(self.module, disk_sr, disk_sr_uuid, obj_type="SR", fail=True,
                                            msg_prefix="VM check disks[%s]: " % position)
                         elif self.default_sr_ref == 'OpaqueRef:NULL':
@@ -1448,7 +1448,7 @@ class XenServerVM(XenServerObject):
 
                 if cdrom_type == "iso":
                     # Check if ISO exists.
-                    # Check existance only. Ignore return value.
+                    # Check existence only. Ignore return value.
                     get_object_ref(self.module, cdrom_iso_name, uuid=None, obj_type="ISO image", fail=True,
                                    msg_prefix="VM check cdrom.iso_name: ")
 
@@ -1496,7 +1496,7 @@ class XenServerVM(XenServerObject):
                         self.module.fail_json(msg="VM check networks[%s]: network name cannot be an empty string!" % position)
 
                     if network_name:
-                        # Check existance only. Ignore return value.
+                        # Check existence only. Ignore return value.
                         get_object_ref(self.module, network_name, uuid=None, obj_type="network", fail=True,
                                        msg_prefix="VM check networks[%s]: " % position)
 

plugins/modules/clustering/consul/consul_kv.py

@@ -28,14 +28,14 @@ author:
 options:
     state:
         description:
-          - The action to take with the supplied key and value. If the state is 'present' and `value` is set, the key
-            contents will be set to the value supplied and `changed` will be set to `true` only if the value was
-            different to the current contents. If the state is 'present' and `value` is not set, the existing value
-            associated to the key will be returned. The state 'absent' will remove the key/value pair,
-            again 'changed' will be set to true only if the key actually existed
+          - The action to take with the supplied key and value. If the state is C(present) and I(value) is set, the key
+            contents will be set to the value supplied and C(changed) will be set to C(true) only if the value was
+            different to the current contents. If the state is C(present) and I(value) is not set, the existing value
+            associated to the key will be returned. The state C(absent) will remove the key/value pair,
+            again C(changed) will be set to true only if the key actually existed
             prior to the removal. An attempt can be made to obtain or free the
-            lock associated with a key/value pair with the states 'acquire' or
-            'release' respectively. a valid session must be supplied to make the
+            lock associated with a key/value pair with the states C(acquire) or
+            C(release) respectively. a valid session must be supplied to make the
             attempt changed will be true if the attempt is successful, false
             otherwise.
         type: str

plugins/modules/files/ini_file.py

@@ -279,7 +279,7 @@ def do_ini(module, filename, section=None, option=None, values=None,
     # handling multiple instances of option=value when state is 'present' with/without exclusive is a bit complex
     #
     # 1. edit all lines where we have a option=value pair with a matching value in values[]
-    # 2. edit all the remaing lines where we have a matching option
+    # 2. edit all the remaining lines where we have a matching option
     # 3. delete remaining lines where we have a matching option
     # 4. insert missing option line(s) at the end of the section
 

plugins/modules/files/sapcar_extract.py

@@ -207,7 +207,7 @@ def main():
         changed = True
     else:
         changed = False
-        out = "allready unpacked"
+        out = "already unpacked"
 
     if remove:
         os.remove(path)

plugins/modules/identity/ipa/ipa_otpconfig.py

@@ -45,7 +45,7 @@ EXAMPLES = r'''
     ipa_user: admin
     ipa_pass: supersecret
 
-- name: Ensure the TOTP syncronization window is set to 86400 seconds
+- name: Ensure the TOTP synchronization window is set to 86400 seconds
   community.general.ipa_otpconfig:
     ipatokentotpsyncwindow: '86400'
     ipa_host: localhost
@@ -59,7 +59,7 @@ EXAMPLES = r'''
     ipa_user: admin
     ipa_pass: supersecret
 
-- name: Ensure the HOTP syncronization window is set to 100 hops
+- name: Ensure the HOTP synchronization window is set to 100 hops
   community.general.ipa_otpconfig:
     ipatokenhotpsyncwindow: '100'
     ipa_host: localhost

plugins/modules/identity/ipa/ipa_vault.py

@@ -63,7 +63,7 @@ options:
         type: str
     replace:
         description:
-        - Force replace the existant vault on IPA server.
+        - Force replace the existent vault on IPA server.
         type: bool
         default: False
         choices: ["True", "False"]

plugins/modules/identity/keycloak/keycloak_realm_info.py

@@ -64,7 +64,7 @@ msg:
 
 realm_info:
     description:
-        - Representation of the realm public infomation.
+        - Representation of the realm public information.
     returned: always
     type: dict
     contains:

plugins/modules/monitoring/datadog/datadog_event.py

@@ -20,7 +20,7 @@ description:
 - "Allows to post events to Datadog (www.datadoghq.com) service."
 - "Uses http://docs.datadoghq.com/api/#events API."
 author:
-- "Artūras `arturaz` Šlajus (@arturaz)"
+- "Artūras 'arturaz' Šlajus (@arturaz)"
 - "Naoya Nakazawa (@n0ts)"
 options:
     api_key:

plugins/modules/net_tools/haproxy.py

@@ -99,7 +99,7 @@ options:
   weight:
     description:
       - The value passed in argument.
-      - If the value ends with the `%` sign, then the new weight will be
+      - If the value ends with the C(%) sign, then the new weight will be
         relative to the initially configured weight.
       - Relative weights are only permitted between 0 and 100% and absolute
         weights are permitted between 0 and 256.

plugins/modules/net_tools/nmcli.py

@@ -1501,7 +1501,7 @@ class Nmcli(object):
         if self._hairpin is None:
             self.module.deprecate(
                 "Parameter 'hairpin' default value will change from true to false in community.general 7.0.0. "
-                "Set the value explicitly to supress this warning.",
+                "Set the value explicitly to suppress this warning.",
                 version='7.0.0', collection_name='community.general',
             )
             # Should be False in 7.0.0 but then that should be in argument_specs
@@ -1836,7 +1836,10 @@ class Nmcli(object):
 
     @staticmethod
     def list_to_string(lst):
-        return ",".join(lst or [""])
+        if lst is None:
+            return None
+        else:
+            return ",".join(lst)
 
     @staticmethod
     def settings_type(setting):

plugins/modules/packaging/language/ansible_galaxy_install.py

@@ -242,7 +242,7 @@ class AnsibleGalaxyInstall(CmdModuleHelper):
             self.module.deprecate(
                 "Support for Ansible 2.9 and ansible-base 2.10 is being deprecated. "
                 "At the same time support for them is ended, also the ack_ansible29 option will be removed. "
-                "Upgrading is strongly recommended, or set 'ack_min_ansiblecore211' to supress this message.",
+                "Upgrading is strongly recommended, or set 'ack_min_ansiblecore211' to suppress this message.",
                 version="8.0.0",
                 collection_name="community.general",
             )

plugins/modules/packaging/language/composer.py

@@ -81,7 +81,7 @@ options:
     classmap_authoritative:
         description:
             - Autoload classes from classmap only.
-            - Implicitely enable optimize_autoloader.
+            - Implicitly enable optimize_autoloader.
             - Recommended especially for production, but can take a bit of time to run.
         default: false
         type: bool

plugins/modules/packaging/language/pip_package_info.py

@@ -17,7 +17,7 @@ options:
   clients:
     description:
       - A list of the pip executables that will be used to get the packages.
-        They can be supplied with the full path or just the executable name, i.e `pip3.7`.
+        They can be supplied with the full path or just the executable name, for example C(pip3.7).
     default: ['pip']
     required: False
     type: list

plugins/modules/packaging/os/apk.py

@@ -62,8 +62,8 @@ options:
     type: bool
     default: no
 notes:
-  - '"name" and "upgrade" are mutually exclusive.'
-  - When used with a `loop:` each package will be processed individually, it is much more efficient to pass the list directly to the `name` option.
+  - 'I(name) and I(upgrade) are mutually exclusive.'
+  - When used with a C(loop:) each package will be processed individually, it is much more efficient to pass the list directly to the I(name) option.
 '''
 
 EXAMPLES = '''

plugins/modules/packaging/os/homebrew.py

@@ -35,7 +35,7 @@ options:
         elements: str
     path:
         description:
-            - "A ':' separated list of paths to search for 'brew' executable.
+            - "A C(:) separated list of paths to search for C(brew) executable.
               Since a package (I(formula) in homebrew parlance) location is prefixed relative to the actual path of I(brew) command,
               providing an alternative I(brew) path enables managing different set of packages in an alternative location in the system."
         default: '/usr/local/bin:/opt/homebrew/bin'
@@ -70,8 +70,8 @@ options:
         elements: str
         version_added: '0.2.0'
 notes:
-  - When used with a `loop:` each package will be processed individually,
-    it is much more efficient to pass the list directly to the `name` option.
+  - When used with a C(loop:) each package will be processed individually,
+    it is much more efficient to pass the list directly to the I(name) option.
 '''
 
 EXAMPLES = '''

plugins/modules/packaging/os/openbsd_pkg.py

@@ -70,8 +70,8 @@ options:
         type: bool
         default: no
 notes:
-  - When used with a `loop:` each package will be processed individually,
-    it is much more efficient to pass the list directly to the `name` option.
+  - When used with a C(loop:) each package will be processed individually,
+    it is much more efficient to pass the list directly to the I(name) option.
 '''
 
 EXAMPLES = '''

plugins/modules/packaging/os/pkgng.py

@@ -102,8 +102,8 @@ options:
 author: "bleader (@bleader)"
 notes:
   - When using pkgsite, be careful that already in cache packages won't be downloaded again.
-  - When used with a `loop:` each package will be processed individually,
-    it is much more efficient to pass the list directly to the `name` option.
+  - When used with a C(loop:) each package will be processed individually,
+    it is much more efficient to pass the list directly to the I(name) option.
 '''
 
 EXAMPLES = '''

plugins/modules/packaging/os/pulp_repo.py

@@ -119,7 +119,7 @@ options:
   repoview:
     description:
       - Whether to generate repoview files for a published repository. Setting
-        this to "yes" automatically activates `generate_sqlite`.
+        this to "yes" automatically activates C(generate_sqlite).
     required: false
     type: bool
     default: no

plugins/modules/packaging/os/redhat_subscription.py

@@ -468,7 +468,7 @@ class Rhsm(RegistrationBase):
             items = ["--all"]
 
         if items:
-            args = [SUBMAN_CMD, 'unsubscribe'] + items
+            args = [SUBMAN_CMD, 'remove'] + items
             rc, stderr, stdout = self.module.run_command(args, check_rc=True)
         return serials
 

plugins/modules/packaging/os/zypper.py

@@ -136,8 +136,8 @@ options:
           - Adds C(--clean-deps) option to I(zypper) remove command.
         version_added: '4.6.0'
 notes:
-  - When used with a `loop:` each package will be processed individually,
-    it is much more efficient to pass the list directly to the `name` option.
+  - When used with a C(loop:) each package will be processed individually,
+    it is much more efficient to pass the list directly to the I(name) option.
 # informational: requirements for nodes
 requirements:
     - "zypper >= 1.0  # included in openSUSE >= 11.1 or SUSE Linux Enterprise Server/Desktop >= 11.0"

plugins/modules/remote_management/hpilo/hponcfg.py

@@ -29,7 +29,7 @@ options:
     type: str
   executable:
     description:
-     - Path to the hponcfg executable (`hponcfg` which uses $PATH).
+     - Path to the hponcfg executable (C(hponcfg) which uses $PATH).
     default: hponcfg
     type: str
   verbose:

plugins/modules/remote_management/lenovoxcc/xcc_redfish_command.py

@@ -1,7 +1,7 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 #
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

plugins/modules/remote_management/redfish/idrac_redfish_command.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # Copyright (c) 2018 Dell EMC Inc.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

plugins/modules/remote_management/redfish/idrac_redfish_config.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # Copyright (c) 2019 Dell EMC Inc.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

plugins/modules/remote_management/redfish/idrac_redfish_info.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # Copyright (c) 2019 Dell EMC Inc.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

plugins/modules/remote_management/redfish/ilo_redfish_config.py

@@ -1,7 +1,7 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 # Copyright (c) 2021-2022 Hewlett Packard Enterprise, Inc. All rights reserved.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 

plugins/modules/remote_management/redfish/ilo_redfish_info.py

@@ -1,7 +1,7 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 # Copyright (c) 2021-2022 Hewlett Packard Enterprise, Inc. All rights reserved.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
@@ -74,7 +74,7 @@ ilo_redfish_info:
             type: dict
             contains:
                 ret:
-                    description: Check variable to see if the information was succesfully retrived.
+                    description: Check variable to see if the information was successfully retrieved.
                     type: bool
                 msg:
                     description: Information of all active iLO sessions.

plugins/modules/remote_management/redfish/redfish_command.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # Copyright (c) 2017-2018 Dell EMC Inc.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

plugins/modules/remote_management/redfish/redfish_config.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # Copyright (c) 2017-2018 Dell EMC Inc.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

plugins/modules/remote_management/redfish/redfish_info.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 # Copyright (c) 2017-2018 Dell EMC Inc.
-# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
@@ -277,6 +277,14 @@ EXAMPLES = '''
       baseuri: "{{ baseuri }}"
       username: "{{ username }}"
       password: "{{ password }}"
+
+  - name: Get Manager Inventory
+    community.general.redfish_info:
+      category: Manager
+      command: GetManagerInventory
+      baseuri: "{{ baseuri }}"
+      username: "{{ username }}"
+      password: "{{ password }}"
 '''
 
 RETURN = '''
@@ -301,7 +309,7 @@ CATEGORY_COMMANDS_ALL = {
     "Sessions": ["GetSessions"],
     "Update": ["GetFirmwareInventory", "GetFirmwareUpdateCapabilities", "GetSoftwareInventory"],
     "Manager": ["GetManagerNicInventory", "GetVirtualMedia", "GetLogs", "GetNetworkProtocols",
-                "GetHealthReport", "GetHostInterfaces"],
+                "GetHealthReport", "GetHostInterfaces", "GetManagerInventory"],
 }
 
 CATEGORY_COMMANDS_DEFAULT = {
@@ -485,6 +493,8 @@ def main():
                     result["health_report"] = rf_utils.get_multi_manager_health_report()
                 elif command == "GetHostInterfaces":
                     result["host_interfaces"] = rf_utils.get_hostinterfaces()
+                elif command == "GetManagerInventory":
+                    result["manager"] = rf_utils.get_multi_manager_inventory()
 
     # Return data back
     module.exit_json(redfish_facts=result)

plugins/modules/source_control/gitlab/gitlab_protected_branch.py

@@ -36,7 +36,7 @@ options:
   name:
     description:
       - The name of the branch that needs to be protected.
-      - Can make use a wildcard charachter for like C(production/*) or just have C(main) or C(develop) as value.
+      - Can make use a wildcard character for like C(production/*) or just have C(main) or C(develop) as value.
     required: true
     type: str
   merge_access_levels:

plugins/modules/source_control/gitlab/gitlab_user.py

@@ -305,7 +305,7 @@ class GitLabUser(object):
             # note: as we unfortunately have some uncheckable parameters
             #   where it is not possible to determine if the update
             #   changed something or not, we must assume here that a
-            #   changed happend and that an user object update is needed
+            #   changed happened and that an user object update is needed
             potentionally_changed = True
 
         # Assign ssh keys

plugins/modules/source_control/hg.py

@@ -36,7 +36,7 @@ options:
     force:
         description:
             - Discards uncommitted changes. Runs C(hg update -C).  Prior to
-              1.9, the default was `yes`.
+              1.9, the default was C(yes).
         type: bool
         default: 'no'
     purge:

plugins/modules/storage/pmem/pmem.py

@@ -99,7 +99,7 @@ options:
           - The size of namespace. This option supports the suffixes C(k) or C(K) or C(KB) for KiB,
             C(m) or C(M) or C(MB) for MiB, C(g) or C(G) or C(GB) for GiB and C(t) or C(T) or C(TB) for TiB.
           - This option is required if multiple namespaces are configured.
-          - If this option is not set, all of the avaiable space of a region is configured.
+          - If this option is not set, all of the available space of a region is configured.
         type: str
         required: false
   namespace_append:

plugins/modules/storage/zfs/zfs_delegate_admin.py

@@ -17,7 +17,7 @@ description:
   - See the C(zfs allow) section of C(zfs(1M)) for detailed explanations of options.
   - This module attempts to adhere to the behavior of the command line tool as much as possible.
 requirements:
-  - "A ZFS/OpenZFS implementation that supports delegation with `zfs allow`, including: Solaris >= 10, illumos (all
+  - "A ZFS/OpenZFS implementation that supports delegation with C(zfs allow), including: Solaris >= 10, illumos (all
     versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0."
 options:
   name:

plugins/modules/system/alternatives.py

@@ -40,9 +40,8 @@ options:
     type: path
   priority:
     description:
-      - The priority of the alternative.
+      - The priority of the alternative. If no priority is given for creation C(50) is used as a fallback.
     type: int
-    default: 50
   state:
     description:
       - C(present) - install the alternative (if not already installed), but do
@@ -78,6 +77,7 @@ options:
         description:
           - The path to the symbolic link that should point to the real subcommand executable.
         type: path
+        required: true
     version_added: 5.1.0
 requirements: [ update-alternatives ]
 '''
@@ -171,9 +171,10 @@ class AlternativesModule(object):
         if self.mode_present:
             # Check if we need to (re)install
             subcommands_parameter = self.module.params['subcommands']
+            priority_parameter = self.module.params['priority']
             if (
                 self.path not in self.current_alternatives or
-                self.current_alternatives[self.path].get('priority') != self.priority or
+                (priority_parameter is not None and self.current_alternatives[self.path].get('priority') != priority_parameter) or
                 (subcommands_parameter is not None and (
                     not all(s in subcommands_parameter for s in self.current_alternatives[self.path].get('subcommands')) or
                     not all(s in self.current_alternatives[self.path].get('subcommands') for s in subcommands_parameter)
@@ -204,7 +205,7 @@ class AlternativesModule(object):
 
         cmd = [self.UPDATE_ALTERNATIVES, '--install', self.link, self.name, self.path, str(self.priority)]
 
-        if self.subcommands is not None:
+        if self.module.params['subcommands'] is not None:
             subcommands = [['--slave', subcmd['link'], subcmd['name'], subcmd['path']] for subcmd in self.subcommands]
             cmd += [item for sublist in subcommands for item in sublist]
 
@@ -273,7 +274,9 @@ class AlternativesModule(object):
 
     @property
     def priority(self):
-        return self.module.params.get('priority')
+        if self.module.params.get('priority') is not None:
+            return self.module.params.get('priority')
+        return self.current_alternatives.get(self.path, {}).get('priority', 50)
 
     @property
     def subcommands(self):
@@ -373,7 +376,7 @@ def main():
             name=dict(type='str', required=True),
             path=dict(type='path', required=True),
             link=dict(type='path'),
-            priority=dict(type='int', default=50),
+            priority=dict(type='int'),
             state=dict(
                 type='str',
                 choices=AlternativeState.to_list(),
@@ -382,7 +385,7 @@ def main():
             subcommands=dict(type='list', elements='dict', aliases=['slaves'], options=dict(
                 name=dict(type='str', required=True),
                 path=dict(type='path', required=True),
-                link=dict(type='path'),
+                link=dict(type='path', required=True),
             )),
         ),
         supports_check_mode=True,

plugins/modules/system/homectl.py

@@ -57,7 +57,7 @@ options:
     realname:
         description:
             - The user's real ('human') name.
-            - This can also be used to add a comment to maintain compatability with C(useradd).
+            - This can also be used to add a comment to maintain compatibility with C(useradd).
         aliases: [ 'comment' ]
         type: str
     realm:

plugins/modules/system/keyring.py

@@ -0,0 +1,270 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2022, Alexander Hussey <ahussey@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+"""
+Ansible Module - community.general.keyring
+"""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = r"""
+---
+module: keyring
+version_added: 5.2.0
+author:
+  - Alexander Hussey (@ahussey-redhat)
+short_description: Set or delete a passphrase using the Operating System's native keyring
+description: >-
+  This module uses the L(keyring Python library, https://pypi.org/project/keyring/)
+  to set or delete passphrases for a given service and username from the OS' native keyring.
+requirements:
+  - keyring (Python library)
+  - gnome-keyring (application - required for headless Gnome keyring access)
+  - dbus-run-session (application - required for headless Gnome keyring access)
+options:
+  service:
+    description: The name of the service.
+    required: true
+    type: str
+  username:
+    description: The user belonging to the service.
+    required: true
+    type: str
+  user_password:
+    description: The password to set.
+    required: false
+    type: str
+    aliases:
+      - password
+  keyring_password:
+    description: Password to unlock keyring.
+    required: true
+    type: str
+  state:
+    description: Whether the password should exist.
+    required: false
+    default: present
+    type: str
+    choices:
+      - present
+      - absent
+"""
+
+EXAMPLES = r"""
+- name: Set a password for test/test1
+  community.general.keyring:
+    service: test
+    username: test1
+    user_password: "{{ user_password }}"
+    keyring_password: "{{ keyring_password }}"
+
+- name: Delete the password for test/test1
+  community.general.keyring:
+    service: test
+    username: test1
+    user_password: "{{ user_password }}"
+    keyring_password: "{{ keyring_password }}"
+    state: absent
+"""
+
+try:
+    from shlex import quote
+except ImportError:
+    from pipes import quote
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+
+try:
+    import keyring
+
+    HAS_KEYRING = True
+except ImportError:
+    HAS_KEYRING = False
+    KEYRING_IMP_ERR = traceback.format_exc()
+
+
+def del_passphrase(module):
+    """
+    Attempt to delete a passphrase in the keyring using the Python API and fallback to using a shell.
+    """
+    if module.check_mode:
+        return None
+    try:
+        keyring.delete_password(module.params["service"], module.params["username"])
+        return None
+    except keyring.errors.KeyringLocked as keyring_locked_err:  # pylint: disable=unused-variable
+        delete_argument = (
+            'echo "%s" | gnome-keyring-daemon --unlock\nkeyring del %s %s\n'
+            % (
+                quote(module.params["keyring_password"]),
+                quote(module.params["service"]),
+                quote(module.params["username"]),
+            )
+        )
+        dummy, dummy, stderr = module.run_command(
+            "dbus-run-session -- /bin/bash",
+            use_unsafe_shell=True,
+            data=delete_argument,
+            encoding=None,
+        )
+
+        if not stderr.decode("UTF-8"):
+            return None
+        return stderr.decode("UTF-8")
+
+
+def set_passphrase(module):
+    """
+    Attempt to set passphrase in the keyring using the Python API and fallback to using a shell.
+    """
+    if module.check_mode:
+        return None
+    try:
+        keyring.set_password(
+            module.params["service"],
+            module.params["username"],
+            module.params["user_password"],
+        )
+        return None
+    except keyring.errors.KeyringLocked as keyring_locked_err:  # pylint: disable=unused-variable
+        set_argument = (
+            'echo "%s" | gnome-keyring-daemon --unlock\nkeyring set %s %s\n%s\n'
+            % (
+                quote(module.params["keyring_password"]),
+                quote(module.params["service"]),
+                quote(module.params["username"]),
+                quote(module.params["user_password"]),
+            )
+        )
+        dummy, dummy, stderr = module.run_command(
+            "dbus-run-session -- /bin/bash",
+            use_unsafe_shell=True,
+            data=set_argument,
+            encoding=None,
+        )
+        if not stderr.decode("UTF-8"):
+            return None
+        return stderr.decode("UTF-8")
+
+
+def get_passphrase(module):
+    """
+    Attempt to retrieve passphrase from keyring using the Python API and fallback to using a shell.
+    """
+    try:
+        passphrase = keyring.get_password(
+            module.params["service"], module.params["username"]
+        )
+        return passphrase
+    except keyring.errors.KeyringLocked:
+        pass
+    except keyring.errors.InitError:
+        pass
+    except AttributeError:
+        pass
+    get_argument = 'echo "%s" | gnome-keyring-daemon --unlock\nkeyring get %s %s\n' % (
+        quote(module.params["keyring_password"]),
+        quote(module.params["service"]),
+        quote(module.params["username"]),
+    )
+    dummy, stdout, dummy = module.run_command(
+        "dbus-run-session -- /bin/bash",
+        use_unsafe_shell=True,
+        data=get_argument,
+        encoding=None,
+    )
+    try:
+        return stdout.decode("UTF-8").splitlines()[1]  # Only return the line containing the password
+    except IndexError:
+        return None
+
+
+def run_module():
+    """
+    Attempts to retrieve a passphrase from a keyring.
+    """
+    result = dict(
+        changed=False,
+        msg="",
+    )
+
+    module_args = dict(
+        service=dict(type="str", required=True),
+        username=dict(type="str", required=True),
+        keyring_password=dict(type="str", required=True, no_log=True),
+        user_password=dict(
+            type="str", required=False, no_log=True, aliases=["password"]
+        ),
+        state=dict(
+            type="str", required=False, default="present", choices=["absent", "present"]
+        ),
+    )
+
+    module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
+
+    if not HAS_KEYRING:
+        module.fail_json(msg=missing_required_lib("keyring"), exception=KEYRING_IMP_ERR)
+
+    passphrase = get_passphrase(module)
+    if module.params["state"] == "present":
+        if passphrase is not None:
+            if passphrase == module.params["user_password"]:
+                result["msg"] = "Passphrase already set for %s@%s" % (
+                    module.params["service"],
+                    module.params["username"],
+                )
+            if passphrase != module.params["user_password"]:
+                set_result = set_passphrase(module)
+                if set_result is None:
+                    result["changed"] = True
+                    result["msg"] = "Passphrase has been updated for %s@%s" % (
+                        module.params["service"],
+                        module.params["username"],
+                    )
+                if set_result is not None:
+                    module.fail_json(msg=set_result)
+        if passphrase is None:
+            set_result = set_passphrase(module)
+            if set_result is None:
+                result["changed"] = True
+                result["msg"] = "Passphrase has been updated for %s@%s" % (
+                    module.params["service"],
+                    module.params["username"],
+                )
+            if set_result is not None:
+                module.fail_json(msg=set_result)
+
+    if module.params["state"] == "absent":
+        if not passphrase:
+            result["result"] = "Passphrase already absent for %s@%s" % (
+                module.params["service"],
+                module.params["username"],
+            )
+        if passphrase:
+            del_result = del_passphrase(module)
+            if del_result is None:
+                result["changed"] = True
+                result["msg"] = "Passphrase has been removed for %s@%s" % (
+                    module.params["service"],
+                    module.params["username"],
+                )
+            if del_result is not None:
+                module.fail_json(msg=del_result)
+
+    module.exit_json(**result)
+
+
+def main():
+    """
+    main module loop
+    """
+    run_module()
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/system/keyring_info.py

@@ -0,0 +1,149 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2022, Alexander Hussey <ahussey@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+"""
+Ansible Module - community.general.keyring_info
+"""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = r"""
+---
+module: keyring_info
+version_added: 5.2.0
+author:
+  - Alexander Hussey (@ahussey-redhat)
+short_description: Get a passphrase using the Operating System's native keyring
+description: >-
+  This module uses the L(keyring Python library, https://pypi.org/project/keyring/)
+  to retrieve passphrases for a given service and username from the OS' native keyring.
+requirements:
+  - keyring (Python library)
+  - gnome-keyring (application - required for headless Linux keyring access)
+  - dbus-run-session (application - required for headless Linux keyring access)
+options:
+  service:
+    description: The name of the service.
+    required: true
+    type: str
+  username:
+    description: The user belonging to the service.
+    required: true
+    type: str
+  keyring_password:
+    description: Password to unlock keyring.
+    required: true
+    type: str
+"""
+
+EXAMPLES = r"""
+  - name: Retrieve password for service_name/user_name
+    community.general.keyring_info:
+      service: test
+      username: test1
+      keyring_password: "{{ keyring_password }}"
+    register: test_password
+
+  - name: Display password
+    ansible.builtin.debug:
+      msg: "{{ test_password.passphrase }}"
+"""
+
+RETURN = r"""
+  passphrase:
+    description: A string containing the password.
+    returned: success and the password exists
+    type: str
+    sample: Password123
+"""
+
+try:
+    from shlex import quote
+except ImportError:
+    from pipes import quote
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+
+try:
+    import keyring
+
+    HAS_KEYRING = True
+except ImportError:
+    HAS_KEYRING = False
+    KEYRING_IMP_ERR = traceback.format_exc()
+
+
+def _alternate_retrieval_method(module):
+    get_argument = 'echo "%s" | gnome-keyring-daemon --unlock\nkeyring get %s %s\n' % (
+        quote(module.params["keyring_password"]),
+        quote(module.params["service"]),
+        quote(module.params["username"]),
+    )
+    dummy, stdout, dummy = module.run_command(
+        "dbus-run-session -- /bin/bash",
+        use_unsafe_shell=True,
+        data=get_argument,
+        encoding=None,
+    )
+    try:
+        return stdout.decode("UTF-8").splitlines()[1]
+    except IndexError:
+        return None
+
+
+def run_module():
+    """
+    Attempts to retrieve a passphrase from a keyring.
+    """
+    result = dict(changed=False, msg="")
+
+    module_args = dict(
+        service=dict(type="str", required=True),
+        username=dict(type="str", required=True),
+        keyring_password=dict(type="str", required=True, no_log=True),
+    )
+
+    module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
+
+    if not HAS_KEYRING:
+        module.fail_json(msg=missing_required_lib("keyring"), exception=KEYRING_IMP_ERR)
+    try:
+        passphrase = keyring.get_password(
+            module.params["service"], module.params["username"]
+        )
+    except keyring.errors.KeyringLocked:
+        pass
+    except keyring.errors.InitError:
+        pass
+    except AttributeError:
+        pass
+    passphrase = _alternate_retrieval_method(module)
+
+    if passphrase is not None:
+        result["msg"] = "Successfully retrieved password for %s@%s" % (
+            module.params["service"],
+            module.params["username"],
+        )
+        result["passphrase"] = passphrase
+    if passphrase is None:
+        result["msg"] = "Password for %s@%s does not exist." % (
+            module.params["service"],
+            module.params["username"],
+        )
+    module.exit_json(**result)
+
+
+def main():
+    """
+    main module loop
+    """
+    run_module()
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/system/nosh.py

@@ -129,7 +129,7 @@ state:
     type: str
     sample: "reloaded"
 status:
-    description: a dictionary with the key=value pairs returned by `system-control show-json` or C(None) if the service is not loaded
+    description: A dictionary with the key=value pairs returned by C(system-control show-json) or C(None) if the service is not loaded
     returned: success
     type: complex
     contains:

plugins/modules/system/sudoers.py

@@ -65,6 +65,15 @@ options:
       - The name of the user for the sudoers rule.
       - This option cannot be used in conjunction with I(group).
     type: str
+  validation:
+    description:
+      - If C(absent), the sudoers rule will be added without validation.
+      - If C(detect) and visudo is available, then the sudoers rule will be validated by visudo.
+      - If C(required), visudo must be available to validate the sudoers rule.
+    type: str
+    default: detect
+    choices: [ absent, detect, required ]
+    version_added: 5.2.0
 '''
 
 EXAMPLES = '''
@@ -115,7 +124,11 @@ from ansible.module_utils.common.text.converters import to_native
 
 class Sudoers(object):
 
+    FILE_MODE = 0o440
+
     def __init__(self, module):
+        self.module = module
+
         self.check_mode = module.check_mode
         self.name = module.params['name']
         self.user = module.params['user']
@@ -126,6 +139,7 @@ class Sudoers(object):
         self.sudoers_path = module.params['sudoers_path']
         self.file = os.path.join(self.sudoers_path, self.name)
         self.commands = module.params['commands']
+        self.validation = module.params['validation']
 
     def write(self):
         if self.check_mode:
@@ -134,6 +148,8 @@ class Sudoers(object):
         with open(self.file, 'w') as f:
             f.write(self.content())
 
+        os.chmod(self.file, self.FILE_MODE)
+
     def delete(self):
         if self.check_mode:
             return
@@ -145,7 +161,12 @@ class Sudoers(object):
 
     def matches(self):
         with open(self.file, 'r') as f:
-            return f.read() == self.content()
+            content_matches = f.read() == self.content()
+
+        current_mode = os.stat(self.file).st_mode & 0o777
+        mode_matches = current_mode == self.FILE_MODE
+
+        return content_matches and mode_matches
 
     def content(self):
         if self.user:
@@ -158,10 +179,29 @@ class Sudoers(object):
         runas_str = '({runas})'.format(runas=self.runas) if self.runas is not None else ''
         return "{owner} ALL={runas}{nopasswd} {commands}\n".format(owner=owner, runas=runas_str, nopasswd=nopasswd_str, commands=commands_str)
 
+    def validate(self):
+        if self.validation == 'absent':
+            return
+
+        visudo_path = self.module.get_bin_path('visudo', required=self.validation == 'required')
+        if visudo_path is None:
+            return
+
+        check_command = [visudo_path, '-c', '-f', '-']
+        rc, stdout, stderr = self.module.run_command(check_command, data=self.content())
+
+        if rc != 0:
+            raise Exception('Failed to validate sudoers rule:\n{stdout}'.format(stdout=stdout))
+
     def run(self):
-        if self.state == 'absent' and self.exists():
-            self.delete()
-            return True
+        if self.state == 'absent':
+            if self.exists():
+                self.delete()
+                return True
+            else:
+                return False
+
+        self.validate()
 
         if self.exists() and self.matches():
             return False
@@ -197,6 +237,10 @@ def main():
             'choices': ['present', 'absent'],
         },
         'user': {},
+        'validation': {
+            'default': 'detect',
+            'choices': ['absent', 'detect', 'required']
+        },
     }
 
     module = AnsibleModule(

plugins/modules/system/timezone.py

@@ -790,7 +790,7 @@ class AIXTimezone(Timezone):
     inspects C(/etc/environment) to determine the current timezone.
 
     While AIX time zones can be set using two formats (POSIX and
-    Olson) the prefered method is Olson.
+    Olson) the preferred method is Olson.
     See the following article for more information:
     https://developer.ibm.com/articles/au-aix-posix/
 

plugins/modules/system/xfconf.py

@@ -205,11 +205,11 @@ class XFConfProperty(StateModuleHelper):
         return result
 
     def _get(self):
-        with self.runner.context('channel property', output_process=self.process_command_output) as ctx:
+        with self.runner('channel property', output_process=self.process_command_output) as ctx:
             return ctx.run()
 
     def state_absent(self):
-        with self.runner.context('channel property reset', check_mode_skip=True) as ctx:
+        with self.runner('channel property reset', check_mode_skip=True) as ctx:
             ctx.run(reset=True)
         self.vars.value = None
 
@@ -235,7 +235,7 @@ class XFConfProperty(StateModuleHelper):
             isinstance(self.vars.previous_value, list) or \
             values_len > 1
 
-        with self.runner.context('channel property create force_array values_and_types', check_mode_skip=True) as ctx:
+        with self.runner('channel property create force_array values_and_types', check_mode_skip=True) as ctx:
             ctx.run(create=True, force_array=self.vars.is_array, values_and_types=(self.vars.value, value_type))
 
         if not self.vars.is_array:

plugins/modules/web_infrastructure/jira.py

@@ -186,7 +186,7 @@ options:
   validate_certs:
     required: false
     description:
-      - Require valid SSL certificates (set to `false` if you'd like to use self-signed certificates)
+      - Require valid SSL certificates (set to C(false) if you'd like to use self-signed certificates)
     default: true
     type: bool
 

tests/integration/targets/alternatives/tasks/main.yml

@@ -66,6 +66,8 @@
         state: absent
       with_items:
         - '{{ alternatives_dir }}/dummy'
+        - '{{ alternatives_dir }}/dummymain'
+        - '{{ alternatives_dir }}/dummysubcmd'
 
     - file:
         path: '/usr/bin/dummy{{ item }}'

tests/integration/targets/alternatives/tasks/subcommands.yml

@@ -32,6 +32,15 @@
     that:
       - cmd.stdout == "dummy2"
 
+- name: Get dummymain alternatives output
+  command:
+    cmd: '{{ alternatives_command }} --display dummymain'
+  register: result
+
+- name: Print result
+  debug:
+    var: result.stdout_lines
+
 - name: Subcommands are not removed if not specified
   alternatives:
     name: dummymain
@@ -75,4 +84,134 @@
   assert:
     that:
       - cmd.rc == 2
-      - '"No such file" in cmd.msg'
+      - '"No such file" in cmd.msg'
+
+- name: Get dummymain alternatives output
+  command:
+    cmd: '{{ alternatives_command }} --display dummymain'
+  register: result
+
+- name: Print result
+  debug:
+    var: result.stdout_lines
+
+- name: Install other alternative with subcommands
+  alternatives:
+    name: dummymain
+    path: '/usr/bin/dummy3'
+    link: '/usr/bin/dummymain'
+    subcommands:
+      - name: dummysubcmd
+        path: '/usr/bin/dummy4'
+        link: '/usr/bin/dummysubcmd'
+  register: alternative
+
+- name: Check expected command was executed
+  assert:
+    that:
+      - 'alternative is changed'
+
+- name: Execute the current dummymain command
+  command: dummymain
+  register: cmd
+
+- name: Ensure that the expected command was executed
+  assert:
+    that:
+      - cmd.stdout == "dummy3"
+
+- name: Execute the current dummysubcmd command
+  command: dummysubcmd
+  register: cmd
+
+- name: Ensure that the expected command was executed
+  assert:
+    that:
+      - cmd.stdout == "dummy4"
+
+- name: Get dummymain alternatives output
+  command:
+    cmd: '{{ alternatives_command }} --display dummymain'
+  register: result
+
+- name: Print result
+  debug:
+    var: result.stdout_lines
+
+- name: Switch to first alternative
+  alternatives:
+    name: dummymain
+    path: '/usr/bin/dummy1'
+  register: alternative
+
+- name: Check expected command was executed
+  assert:
+    that:
+      - 'alternative is changed'
+
+- name: Execute the current dummymain command
+  command: dummymain
+  register: cmd
+
+- name: Ensure that the expected command was executed
+  assert:
+    that:
+      - cmd.stdout == "dummy1"
+
+- name: Execute the current dummysubcmd command
+  command: dummysubcmd
+  register: cmd
+  ignore_errors: True
+
+- name: Ensure that the subcommand is gone
+  assert:
+    that:
+      - cmd.rc == 2
+      - '"No such file" in cmd.msg'
+
+- name: Get dummymain alternatives output
+  command:
+    cmd: '{{ alternatives_command }} --display dummymain'
+  register: result
+
+- name: Print result
+  debug:
+    var: result.stdout_lines
+
+- name: Switch to second alternative
+  alternatives:
+    name: dummymain
+    path: '/usr/bin/dummy3'
+  register: alternative
+
+- name: Check expected command was executed
+  assert:
+    that:
+      - 'alternative is changed'
+
+- name: Execute the current dummymain command
+  command: dummymain
+  register: cmd
+
+- name: Ensure that the expected command was executed
+  assert:
+    that:
+      - cmd.stdout == "dummy3"
+
+- name: Execute the current dummysubcmd command
+  command: dummysubcmd
+  register: cmd
+
+- name: Ensure that the expected command was executed
+  assert:
+    that:
+      - cmd.stdout == "dummy4"
+
+- name: Get dummymain alternatives output
+  command:
+    cmd: '{{ alternatives_command }} --display dummymain'
+  register: result
+
+- name: Print result
+  debug:
+    var: result.stdout_lines

tests/integration/targets/alternatives/tasks/test.yml

@@ -48,4 +48,4 @@
   when: ansible_os_family == 'RedHat' and not with_alternatives and item == 1
 
 - name: check that alternative has been updated
-  command: "grep -Pzq '/bin/dummy{{ item }}\\n50' '{{ alternatives_dir }}/dummy'"
+  command: "grep -Pzq '/bin/dummy{{ item }}\\n' '{{ alternatives_dir }}/dummy'"

tests/integration/targets/alternatives/tasks/tests_set_priority.yml

@@ -31,4 +31,19 @@
   register: alternative
 
 - name: check that alternative priority has been updated
-  command: "grep -Pzq '/bin/dummy{{ item }}\\n{{ 70 + item|int }}' '{{ alternatives_dir }}/dummy'"
+  command: "grep -Pzq '/bin/dummy{{ item }}\\n{{ 70 + item|int }}' '{{ alternatives_dir }}/dummy'"
+
+- name: no change without priority
+  alternatives:
+    name: dummy
+    path: '/usr/bin/dummy{{ item }}'
+    link: /usr/bin/dummy
+  register: alternative
+
+- name: check no change was triggered without priority
+  assert:
+    that:
+      - 'alternative is not changed'
+
+- name: check that alternative priority has not been changed
+  command: "grep -Pzq '/bin/dummy{{ item }}\\n{{ 70 + item|int }}' '{{ alternatives_dir }}/dummy'"

tests/integration/targets/alternatives/vars/Debian.yml

@@ -1,2 +1,3 @@
 ---
 alternatives_dir: /var/lib/dpkg/alternatives/
+alternatives_command: update-alternatives

tests/integration/targets/alternatives/vars/Suse-42.3.yml

@@ -1,2 +1,3 @@
 ---
 alternatives_dir: /var/lib/rpm/alternatives/
+alternatives_command: update-alternatives

tests/integration/targets/alternatives/vars/default.yml

@@ -1,2 +1,3 @@
 ---
 alternatives_dir: /var/lib/alternatives/
+alternatives_command: update-alternatives

tests/integration/targets/filter_from_csv/tasks/main.yml

@@ -14,7 +14,7 @@
       - "valid_comma_separated_spaces | community.general.from_csv(skipinitialspace=True)  ==  expected_result"
       - "valid_comma_separated_spaces | community.general.from_csv  !=  expected_result"
 
-- name: Parse valid csv input with no headers with/without specifiying fieldnames
+- name: Parse valid csv input with no headers with/without specifying fieldnames
   assert:
     that:
       - "valid_comma_separated_no_headers | community.general.from_csv(fieldnames=['id','name','role'])  ==  expected_result"

tests/integration/targets/iso_create/meta/main.yml

@@ -1,3 +1,4 @@
 dependencies:
   - setup_pkg_mgr
   - setup_remote_tmp_dir
+  - setup_remote_constraints

tests/integration/targets/iso_create/tasks/main.yml

@@ -10,6 +10,7 @@
   pip:
     name: pycdlib
     # state: latest
+    extra_args: "-c {{ remote_constraints }}"
   register: install_pycdlib
 - debug: var=install_pycdlib
 
@@ -104,7 +105,7 @@
     - iso_result is changed
     - iso_file.stat.exists == True
 
-- name: Create iso file with Rock Ridge extention
+- name: Create iso file with Rock Ridge extension
   iso_create:
     src_files:
       - "{{ remote_tmp_dir }}/test1.cfg"
@@ -123,7 +124,7 @@
     - iso_result is changed
     - iso_file.stat.exists == True
 
-- name: Create iso file with Joliet extention
+- name: Create iso file with Joliet extension
   iso_create:
     src_files:
       - "{{ remote_tmp_dir }}/test1.cfg"

tests/integration/targets/keyring/aliases

@@ -0,0 +1 @@
+unsupported

tests/integration/targets/keyring/tasks/main.yml

@@ -0,0 +1,95 @@
+---
+- name: Ensure required packages for headless keyring access are installed (RPM)
+  ansible.builtin.package:
+      name: gnome-keyring
+  become: true
+  when: "'localhost' not in inventory_hostname"
+
+- name: Ensure keyring is installed (RPM)
+  ansible.builtin.dnf:
+    name: python3-keyring
+    state: present
+  become: true
+  when: ansible_facts['os_family'] == 'RedHat'
+
+- name: Ensure keyring is installed (pip)
+  ansible.builtin.pip:
+    name: keyring
+    state: present
+  become: true
+  when: ansible_facts['os_family'] != 'RedHat'
+
+# Set password for new account
+# Expected result: success
+- name: Set password for test/test1
+  community.general.keyring:
+    service: test
+    username: test1
+    user_password: "{{ user_password }}"
+    keyring_password: "{{ keyring_password }}"
+  register: set_password
+
+- name: Assert that the password has been set
+  ansible.builtin.assert:
+    that:
+      - set_password.msg == "Passphrase has been updated for test@test1"
+
+# Print out password to confirm it has been set
+# Expected result: success
+- name: Retrieve password for test/test1
+  community.general.keyring_info:
+    service: test
+    username: test1
+    keyring_password: "{{ keyring_password }}"
+  register: test_set_password
+
+- name: Assert that the password exists
+  ansible.builtin.assert:
+    that:
+      - test_set_password.passphrase == user_password
+
+# Attempt to set password again
+# Expected result: success - nothing should happen
+- name: Attempt to re-set password for test/test1
+  community.general.keyring:
+    service: test
+    username: test1
+    user_password: "{{ user_password }}"
+    keyring_password: "{{ keyring_password }}"
+  register: second_set_password
+
+- name: Assert that the password has not been changed
+  ansible.builtin.assert:
+    that:
+      - second_set_password.msg == "Passphrase already set for test@test1"
+
+# Delete account
+# Expected result: success
+- name: Delete password for test/test1
+  community.general.keyring:
+    service: test
+    username: test1
+    user_password: "{{ user_password }}"
+    keyring_password: "{{ keyring_password }}"
+    state: absent
+  register: del_password
+
+- name: Assert that the password has been deleted
+  ansible.builtin.assert:
+    that:
+      - del_password.msg == "Passphrase has been removed for test@test1"
+
+# Attempt to get deleted account (to confirm it has been deleted).
+# Don't use `no_log` as run completes due to failed task.
+# Expected result: fail
+- name: Retrieve password for test/test1
+  community.general.keyring_info:
+    service: test
+    username: test1
+    keyring_password: "{{ keyring_password }}"
+  register: test_del_password
+
+- name: Assert that the password no longer exists
+  ansible.builtin.assert:
+    that:
+      - test_del_password.passphrase is not defined

tests/integration/targets/keyring/vars/main.yml

@@ -0,0 +1,3 @@
+---
+keyring_password: Password123
+user_password: Test123

tests/integration/targets/lookup_passwordstore/tasks/tests.yml

@@ -19,6 +19,44 @@
     - "~/.gnupg"
     - "~/.password-store"
 
+- name: Get path of pass executable
+  command: which pass
+  register: result
+
+- name: Store path of pass executable
+  set_fact:
+     passpath: "{{ result.stdout }}"
+
+- name: Move original pass into place if there was a leftover
+  command:
+    argv:
+      - mv
+      - "{{ passpath }}.testorig"
+      - "{{ passpath }}"
+  args:
+    removes: "{{ passpath }}.testorig"
+
+# having gopass is not required for this test, but we store
+# its path in case it is installed, so we can restore it
+- name: Try to find gopass in path
+  command: which gopass
+  register: result
+  ignore_errors: yes
+
+- name: Store path of gopass executable
+  set_fact:
+     gopasspath: "{{ (result.rc == 0) |
+       ternary(result.stdout, (passpath | dirname, 'gopass') | path_join) }}"
+
+- name: Move original gopass into place if there was a leftover
+  command:
+    argv:
+      - mv
+      - "{{ gopasspath }}.testorig"
+      - "{{ gopasspath }}"
+  args:
+    removes: "{{ gopasspath }}.testorig"
+
 # How to generate a new GPG key:
 #   gpg2 --batch --gen-key input  # See templates/input
 #   gpg2 --list-secret-keys --keyid-format LONG
@@ -151,3 +189,163 @@
   assert:
     that:
       - readyamlpass == 'testpassword\nrandom additional line'
+
+- name: Create a password in a folder
+  set_fact:
+    newpass: "{{ lookup('community.general.passwordstore', 'folder/test-pass length=8 create=yes') }}"
+
+- name: Fetch password from folder
+  set_fact:
+    readpass: "{{ lookup('community.general.passwordstore', 'folder/test-pass') }}"
+
+- name: Verify password from folder
+  assert:
+    that:
+      - readpass == newpass
+
+- name: Try to read folder as passname
+  set_fact:
+    newpass: "{{ lookup('community.general.passwordstore', 'folder') }}"
+  ignore_errors: true
+  register: eval_error
+
+- name: Make sure reading folder as passname failed
+  assert:
+    that:
+      - eval_error is failed
+      - '"passname folder not found" in eval_error.msg'
+
+- name: Change passwordstore location explicitly
+  set_fact:
+    passwordstore: "{{ lookup('env','HOME') }}/.password-store"
+
+- name: Make sure password store still works with explicit location set
+  set_fact:
+    newpass: "{{ lookup('community.general.passwordstore', 'test-pass') }}"
+
+- name: Change passwordstore location to a non-existent place
+  set_fact:
+    passwordstore: "somenonexistentplace"
+
+- name: Try reading from non-existent passwordstore location
+  set_fact:
+    newpass: "{{ lookup('community.general.passwordstore', 'test-pass') }}"
+  ignore_errors: true
+  register: eval_error
+
+- name: Make sure reading from non-existent passwordstore location failed
+  assert:
+    that:
+      - eval_error is failed
+      - >-
+        "Passwordstore directory 'somenonexistentplace' does not exist" in eval_error.msg
+
+- name: Test pass compatibility shim detection
+  block:
+  - name: Move original pass out of the way
+    command:
+      argv:
+        - mv
+        - "{{ passpath }}"
+        - "{{ passpath }}.testorig"
+    args:
+      creates: "{{ passpath }}.testorig"
+
+  - name: Create dummy pass script
+    ansible.builtin.copy:
+      content: |
+        #!/bin/sh
+        echo "shim_ok"
+      dest: "{{ passpath }}"
+      mode: '0755'
+
+  - name: Try reading from non-existent passwordstore location with different pass utility
+    set_fact:
+      newpass: "{{ lookup('community.general.passwordstore', 'test-pass') }}"
+    environment:
+      PATH: "/tmp"
+
+  - name: Verify password received from shim
+    assert:
+      that:
+        - newpass == "shim_ok"
+
+  - name: Try to read folder as passname with a different pass utility
+    set_fact:
+      newpass: "{{ lookup('community.general.passwordstore', 'folder') }}"
+
+  - name: Verify password received from shim
+    assert:
+      that:
+        - newpass == "shim_ok"
+
+  always:
+  - name: Move original pass back into place
+    command:
+      argv:
+        - mv
+        - "{{ passpath }}.testorig"
+        - "{{ passpath }}"
+    args:
+      removes: "{{ passpath }}.testorig"
+
+- name: Very basic gopass compatibility test
+  vars:
+    passwordstore_backend: "gopass"
+  block:
+  - name: check if gopass executable exists
+    stat:
+      path: "{{ gopasspath }}"
+    register: gopass_check
+
+  - name: Move original gopass out of the way
+    command:
+      argv:
+        - mv
+        - "{{ gopasspath }}"
+        - "{{ gopasspath }}.testorig"
+    args:
+      creates: "{{ gopasspath }}.testorig"
+    when: gopass_check.stat.exists == true
+
+  - name: Create mocked gopass script
+    ansible.builtin.copy:
+      content: |
+        #!/bin/sh
+        if [ "$GOPASS_NO_REMINDER" != "YES" ]; then
+          exit 1
+        fi
+        if [ "$1" = "--version" ]; then
+          exit 2
+        fi
+        if [ "$1" = "show" ] && [ "$2" != "--password" ]; then
+          exit 3
+        fi
+        echo "gopass_ok"
+      dest: "{{ gopasspath }}"
+      mode: '0755'
+
+  - name: Try to read folder as passname using gopass
+    set_fact:
+      newpass: "{{ lookup('community.general.passwordstore', 'folder') }}"
+
+  - name: Verify password received from gopass
+    assert:
+      that:
+        - newpass == "gopass_ok"
+
+  always:
+  - name: Remove mocked gopass
+    ansible.builtin.file:
+      path: "{{ gopasspath }}"
+      state: absent
+
+  - name: Move original gopass back into place
+    command:
+      argv:
+        - mv
+        - "{{ gopasspath }}.testorig"
+        - "{{ gopasspath }}"
+    args:
+      removes: "{{ gopasspath }}.testorig"
+    when: gopass_check.stat.exists == true

tests/integration/targets/sudoers/tasks/main.yml

@@ -1,11 +1,16 @@
 ---
 # Initialise environment
 
-- name: Register sudoers.d directory
+- name: Register variables
   set_fact:
     sudoers_path: /etc/sudoers.d
     alt_sudoers_path: /etc/sudoers_alt
 
+- name: Install sudo package
+  ansible.builtin.package:
+    name: sudo
+  when: ansible_os_family != 'Darwin'
+
 - name: Ensure sudoers directory exists
   ansible.builtin.file:
     path: "{{ sudoers_path }}"
@@ -29,6 +34,11 @@
     commands: /usr/local/bin/command
   register: rule_1
 
+- name: Stat my-sudo-rule-1 file
+  ansible.builtin.stat:
+    path: "{{ sudoers_path }}/my-sudo-rule-1"
+  register: rule_1_stat
+
 - name: Grab contents of my-sudo-rule-1
   ansible.builtin.slurp:
     src: "{{ sudoers_path }}/my-sudo-rule-1"
@@ -130,8 +140,73 @@
   register: revoke_rule_1_stat
 
 
+# Validation testing
+
+- name: Attempt command without full path to executable
+  community.general.sudoers:
+    name: edge-case-1
+    state: present
+    user: alice
+    commands: systemctl
+  ignore_errors: true
+  register: edge_case_1
+
+
+- name: Attempt command without full path to executable, but disabling validation
+  community.general.sudoers:
+    name: edge-case-2
+    state: present
+    user: alice
+    commands: systemctl
+    validation: absent
+    sudoers_path: "{{ alt_sudoers_path }}"
+  register: edge_case_2
+
+- name: find visudo
+  command:
+    cmd: which visudo
+  register: which_visudo
+  when: ansible_os_family != 'Darwin'
+
+- name: Prevent visudo being executed
+  file:
+    path: "{{ which_visudo.stdout }}"
+    mode: '-x'
+  when: ansible_os_family != 'Darwin'
+
+- name: Attempt command without full path to executable, but enforcing validation with no visudo present
+  community.general.sudoers:
+    name: edge-case-3
+    state: present
+    user: alice
+    commands: systemctl
+    validation: required
+  ignore_errors: true
+  when: ansible_os_family != 'Darwin'
+  register: edge_case_3
+  
+  
+- name: Revoke non-existing rule
+  community.general.sudoers:
+    name: non-existing-rule
+    state: absent
+  register: revoke_non_existing_rule
+
+- name: Stat non-existing rule
+  ansible.builtin.stat:
+    path: "{{ sudoers_path }}/non-existing-rule"
+  register: revoke_non_existing_rule_stat
+
+
 # Run assertions
 
+- name: Check rule 1 file stat
+  ansible.builtin.assert:
+    that:
+      - rule_1_stat.stat.exists
+      - rule_1_stat.stat.isreg
+      - rule_1_stat.stat.mode == '0440'
+
 - name: Check changed status
   ansible.builtin.assert:
     that:
@@ -139,6 +214,7 @@
       - rule_1_again is not changed
       - rule_5 is changed
       - revoke_rule_1 is changed
+      - revoke_non_existing_rule is not changed
 
 - name: Check contents
   ansible.builtin.assert:
@@ -150,7 +226,22 @@
       - "rule_5_contents['content'] | b64decode == 'alice ALL=NOPASSWD: /usr/local/bin/command\n'"
       - "rule_6_contents['content'] | b64decode == 'alice ALL=(bob)NOPASSWD: /usr/local/bin/command\n'"
 
-- name: Check stats
+- name: Check revocation stat
   ansible.builtin.assert:
     that:
       - not revoke_rule_1_stat.stat.exists
+      - not revoke_non_existing_rule_stat.stat.exists
+      
+- name: Check edge case responses
+  ansible.builtin.assert:
+    that:
+      - edge_case_1 is failed
+      - "'Failed to validate sudoers rule' in edge_case_1.msg"
+      - edge_case_2 is not failed
+
+- name: Check missing validation edge case
+  ansible.builtin.assert:
+    that:
+      - edge_case_3 is failed
+      - "'Failed to find required executable' in edge_case_3.msg"
+  when: ansible_os_family != 'Darwin'

tests/integration/targets/timezone/tasks/main.yml

@@ -66,7 +66,7 @@
 
 
 - name: Run tests
-  # Skip tests on Fedora 31 and 32 because dbus fails to start unless the container is run in priveleged mode.
+  # Skip tests on Fedora 31 and 32 because dbus fails to start unless the container is run in privileged mode.
   # Even then, it starts unreliably. This may be due to the move to cgroup v2 in Fedora 31 and 32.
   # https://www.redhat.com/sysadmin/fedora-31-control-group-v2
   when:

tests/integration/targets/timezone/tasks/test.yml

@@ -287,7 +287,7 @@
 
 - name:
   set_fact:
-    hwclock_supported: '{{ hwclock_test is successful or timedatectl_test is successful }}'
+    hwclock_supported: '{{ hwclock_test is successful or (timedatectl_test is successful and "RTC time: n/a" not in timedatectl_test.stdout) }}'
 ##
 ## test set hwclock, idempotency and checkmode
 ##

tests/integration/targets/zypper_repository/tasks/zypper_repository.yml

@@ -207,50 +207,53 @@
     that:
       - remove_repo is changed
 
-- name: add new repository via url to .repo file
-  community.general.zypper_repository:
-    repo: http://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/openSUSE_Leap_{{ ansible_distribution_version }}/systemsmanagement:Uyuni:Stable.repo
-    state: present
-  register: added_by_repo_file
+# For now, the URL does not work for 15.4
+- when: ansible_distribution_version is version('15.4', '<')
+  block:
+  - name: add new repository via url to .repo file
+    community.general.zypper_repository:
+      repo: http://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/openSUSE_Leap_{{ ansible_distribution_version }}/systemsmanagement:Uyuni:Stable.repo
+      state: present
+    register: added_by_repo_file
 
-- name: get repository details from zypper
-  command: zypper lr systemsmanagement_Uyuni_Stable
-  register: get_repository_details_from_zypper
+  - name: get repository details from zypper
+    command: zypper lr systemsmanagement_Uyuni_Stable
+    register: get_repository_details_from_zypper
 
-- name: verify adding via .repo file was successful
-  assert:
-    that:
-      - "added_by_repo_file is changed"
-      - "get_repository_details_from_zypper.rc == 0"
-      - "'/systemsmanagement:/Uyuni:/Stable/' in get_repository_details_from_zypper.stdout"
+  - name: verify adding via .repo file was successful
+    assert:
+      that:
+        - "added_by_repo_file is changed"
+        - "get_repository_details_from_zypper.rc == 0"
+        - "'/systemsmanagement:/Uyuni:/Stable/' in get_repository_details_from_zypper.stdout"
 
-- name: add same repository via url to .repo file again to verify idempotency
-  community.general.zypper_repository:
-    repo: http://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/openSUSE_Leap_{{ ansible_distribution_version }}/systemsmanagement:Uyuni:Stable.repo
-    state: present
-  register: added_again_by_repo_file
+  - name: add same repository via url to .repo file again to verify idempotency
+    community.general.zypper_repository:
+      repo: http://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/openSUSE_Leap_{{ ansible_distribution_version }}/systemsmanagement:Uyuni:Stable.repo
+      state: present
+    register: added_again_by_repo_file
 
-- name: verify nothing was changed adding a repo with the same .repo file
-  assert:
-    that:
-      - added_again_by_repo_file is not changed
+  - name: verify nothing was changed adding a repo with the same .repo file
+    assert:
+      that:
+        - added_again_by_repo_file is not changed
 
-- name: remove repository via url to .repo file
-  community.general.zypper_repository:
-    repo: http://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/openSUSE_Leap_{{ ansible_distribution_version }}/systemsmanagement:Uyuni:Stable.repo
-    state: absent
-  register: removed_by_repo_file
+  - name: remove repository via url to .repo file
+    community.general.zypper_repository:
+      repo: http://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/openSUSE_Leap_{{ ansible_distribution_version }}/systemsmanagement:Uyuni:Stable.repo
+      state: absent
+    register: removed_by_repo_file
 
-- name: get list of files in /etc/zypp/repos.d/
-  command: ls /etc/zypp/repos.d/
-  changed_when: false
-  register: etc_zypp_reposd
+  - name: get list of files in /etc/zypp/repos.d/
+    command: ls /etc/zypp/repos.d/
+    changed_when: false
+    register: etc_zypp_reposd
 
-- name: verify removal via .repo file was successful, including cleanup of local .repo file in /etc/zypp/repos.d/
-  assert:
-    that:
-      - "removed_by_repo_file"
-      - "'/systemsmanagement:/Uyuni:/Stable/' not in etc_zypp_reposd.stdout"
+  - name: verify removal via .repo file was successful, including cleanup of local .repo file in /etc/zypp/repos.d/
+    assert:
+      that:
+        - "removed_by_repo_file"
+        - "'/systemsmanagement:/Uyuni:/Stable/' not in etc_zypp_reposd.stdout"
 
 - name: Copy test .repo file
   copy: