Remove CI.

Release 7.5.9.
[PR #9052/d0b4e91c backport][stable-7] modprobe: fix --check mode not being honored for persistent option (#9069 )
2026-04-28 17:36:49 +00:00 · 2024-11-03 12:06:34 +01:00 · 2024-11-03 11:34:20 +01:00 · 2024-10-29 20:27:38 +01:00 · 2024-10-19 14:21:27 +02:00 · 2024-10-19 12:36:27 +02:00
532 changed files with 20757 additions and 6768 deletions
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -1,419 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-trigger:
-  batch: true
-  branches:
-    include:
-      - main
-      - stable-*
-
-pr:
-  autoCancel: true
-  branches:
-    include:
-      - main
-      - stable-*
-
-schedules:
-  - cron: 0 8 * * *
-    displayName: Nightly (main)
-    always: true
-    branches:
-      include:
-        - main
-  - cron: 0 10 * * *
-    displayName: Nightly (active stable branches)
-    always: true
-    branches:
-      include:
-        - stable-7
-        - stable-6
-  - cron: 0 11 * * 0
-    displayName: Weekly (old stable branches)
-    always: true
-    branches:
-      include:
-        - stable-5
-
-variables:
-  - name: checkoutPath
-    value: ansible_collections/community/general
-  - name: coverageBranches
-    value: main
-  - name: pipelinesCoverage
-    value: coverage
-  - name: entryPoint
-    value: tests/utils/shippable/shippable.sh
-  - name: fetchDepth
-    value: 0
-
-resources:
-  containers:
-    - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:3.0.0
-
-pool: Standard
-
-stages:
-### Sanity
-  - stage: Sanity_devel
-    displayName: Sanity devel
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: devel/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
-            - test: extra
-  - stage: Sanity_2_15
-    displayName: Sanity 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: 2.15/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
-  - stage: Sanity_2_14
-    displayName: Sanity 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: 2.14/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
-  - stage: Sanity_2_13
-    displayName: Sanity 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: 2.13/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
-### Units
-  - stage: Units_devel
-    displayName: Units devel
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: devel/units/{0}/1
-          targets:
-            - test: 2.7
-            - test: 3.6
-            - test: 3.7
-            - test: 3.8
-            - test: 3.9
-            - test: '3.10'
-            - test: '3.11'
-  - stage: Units_2_15
-    displayName: Units 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.15/units/{0}/1
-          targets:
-            - test: 3.5
-            - test: "3.10"
-  - stage: Units_2_14
-    displayName: Units 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.14/units/{0}/1
-          targets:
-            - test: 3.9
-  - stage: Units_2_13
-    displayName: Units 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.13/units/{0}/1
-          targets:
-            - test: 2.7
-            - test: 3.8
-
-## Remote
-  - stage: Remote_devel_extra_vms
-    displayName: Remote devel extra VMs
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: devel/{0}
-          targets:
-            - name: Alpine 3.17
-              test: alpine/3.17
-            # - name: Fedora 37
-            #   test: fedora/37
-            - name: Ubuntu 22.04
-              test: ubuntu/22.04
-          groups:
-            - vm
-  - stage: Remote_devel
-    displayName: Remote devel
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: devel/{0}
-          targets:
-            - name: macOS 13.2
-              test: macos/13.2
-            - name: RHEL 9.2
-              test: rhel/9.2
-            - name: RHEL 8.8
-              test: rhel/8.8
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
-            - name: FreeBSD 12.4
-              test: freebsd/12.4
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Remote_2_15
-    displayName: Remote 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.15/{0}
-          targets:
-            - name: RHEL 9.1
-              test: rhel/9.1
-            - name: RHEL 8.7
-              test: rhel/8.7
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: FreeBSD 13.1
-              test: freebsd/13.1
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Remote_2_14
-    displayName: Remote 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.14/{0}
-          targets:
-            - name: RHEL 9.0
-              test: rhel/9.0
-            - name: FreeBSD 12.3
-              test: freebsd/12.3
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Remote_2_13
-    displayName: Remote 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.13/{0}
-          targets:
-            - name: macOS 12.0
-              test: macos/12.0
-            - name: RHEL 8.5
-              test: rhel/8.5
-            - name: FreeBSD 13.0
-              test: freebsd/13.0
-          groups:
-            - 1
-            - 2
-            - 3
-
-### Docker
-  - stage: Docker_devel
-    displayName: Docker devel
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: devel/linux/{0}
-          targets:
-            - name: Fedora 37
-              test: fedora37
-            - name: openSUSE 15
-              test: opensuse15
-            - name: Ubuntu 20.04
-              test: ubuntu2004
-            - name: Ubuntu 22.04
-              test: ubuntu2204
-            - name: Alpine 3
-              test: alpine3
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Docker_2_15
-    displayName: Docker 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.15/linux/{0}
-          targets:
-            - name: CentOS 7
-              test: centos7
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Docker_2_14
-    displayName: Docker 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.14/linux/{0}
-          targets:
-            - name: Fedora 36
-              test: fedora36
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Docker_2_13
-    displayName: Docker 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.13/linux/{0}
-          targets:
-            - name: Fedora 35
-              test: fedora35
-            - name: openSUSE 15 py2
-              test: opensuse15py2
-            - name: Alpine 3
-              test: alpine3
-          groups:
-            - 1
-            - 2
-            - 3
-
-### Community Docker
-  - stage: Docker_community_devel
-    displayName: Docker (community images) devel
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: devel/linux-community/{0}
-          targets:
-            - name: Debian Bullseye
-              test: debian-bullseye/3.9
-            - name: ArchLinux
-              test: archlinux/3.11
-            - name: CentOS Stream 8
-              test: centos-stream8/3.9
-          groups:
-            - 1
-            - 2
-            - 3
-
-### Generic
-  - stage: Generic_devel
-    displayName: Generic devel
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: devel/generic/{0}/1
-          targets:
-            - test: 2.7
-            - test: '3.11'
-  - stage: Generic_2_15
-    displayName: Generic 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.15/generic/{0}/1
-          targets:
-            - test: 3.9
-  - stage: Generic_2_14
-    displayName: Generic 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.14/generic/{0}/1
-          targets:
-            - test: '3.10'
-  - stage: Generic_2_13
-    displayName: Generic 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.13/generic/{0}/1
-          targets:
-            - test: 3.9
-
-  - stage: Summary
-    condition: succeededOrFailed()
-    dependsOn:
-      - Sanity_devel
-      - Sanity_2_13
-      - Sanity_2_14
-      - Sanity_2_15
-      - Units_devel
-      - Units_2_13
-      - Units_2_14
-      - Units_2_15
-      - Remote_devel_extra_vms
-      - Remote_devel
-      - Remote_2_13
-      - Remote_2_14
-      - Remote_2_15
-      - Docker_devel
-      - Docker_2_13
-      - Docker_2_14
-      - Docker_2_15
-      - Docker_community_devel
-# Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
-#      - Generic_devel
-#      - Generic_2_13
-#      - Generic_2_14
-#      - Generic_2_15
-    jobs:
-      - template: templates/coverage.yml
--- a/.azure-pipelines/scripts/aggregate-coverage.sh
+++ b/.azure-pipelines/scripts/aggregate-coverage.sh
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# Aggregate code coverage results for later processing.
-
-set -o pipefail -eu
-
-agent_temp_directory="$1"
-
-PATH="${PWD}/bin:${PATH}"
-
-mkdir "${agent_temp_directory}/coverage/"
-
-options=(--venv --venv-system-site-packages --color -v)
-
-ansible-test coverage combine --group-by command --export "${agent_temp_directory}/coverage/" "${options[@]}"
-
-if ansible-test coverage analyze targets generate --help >/dev/null 2>&1; then
-    # Only analyze coverage if the installed version of ansible-test supports it.
-    # Doing so allows this script to work unmodified for multiple Ansible versions.
-    ansible-test coverage analyze targets generate "${agent_temp_directory}/coverage/coverage-analyze-targets.json" "${options[@]}"
-fi
--- a/.azure-pipelines/scripts/combine-coverage.py
+++ b/.azure-pipelines/scripts/combine-coverage.py
@@ -1,64 +0,0 @@
-#!/usr/bin/env python
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-"""
-Combine coverage data from multiple jobs, keeping the data only from the most recent attempt from each job.
-Coverage artifacts must be named using the format: "Coverage $(System.JobAttempt) {StableUniqueNameForEachJob}"
-The recommended coverage artifact name format is: Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)
-Keep in mind that Azure Pipelines does not enforce unique job display names (only names).
-It is up to pipeline authors to avoid name collisions when deviating from the recommended format.
-"""
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-import os
-import re
-import shutil
-import sys
-
-
-def main():
-    """Main program entry point."""
-    source_directory = sys.argv[1]
-
-    if '/ansible_collections/' in os.getcwd():
-        output_path = "tests/output"
-    else:
-        output_path = "test/results"
-
-    destination_directory = os.path.join(output_path, 'coverage')
-
-    if not os.path.exists(destination_directory):
-        os.makedirs(destination_directory)
-
-    jobs = {}
-    count = 0
-
-    for name in os.listdir(source_directory):
-        match = re.search('^Coverage (?P<attempt>[0-9]+) (?P<label>.+)$', name)
-        label = match.group('label')
-        attempt = int(match.group('attempt'))
-        jobs[label] = max(attempt, jobs.get(label, 0))
-
-    for label, attempt in jobs.items():
-        name = 'Coverage {attempt} {label}'.format(label=label, attempt=attempt)
-        source = os.path.join(source_directory, name)
-        source_files = os.listdir(source)
-
-        for source_file in source_files:
-            source_path = os.path.join(source, source_file)
-            destination_path = os.path.join(destination_directory, source_file + '.' + label)
-            print('"%s" -> "%s"' % (source_path, destination_path))
-            shutil.copyfile(source_path, destination_path)
-            count += 1
-
-    print('Coverage file count: %d' % count)
-    print('##vso[task.setVariable variable=coverageFileCount]%d' % count)
-    print('##vso[task.setVariable variable=outputPath]%s' % output_path)
-
-
-if __name__ == '__main__':
-    main()
--- a/.azure-pipelines/scripts/process-results.sh
+++ b/.azure-pipelines/scripts/process-results.sh
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# Check the test results and set variables for use in later steps.
-
-set -o pipefail -eu
-
-if [[ "$PWD" =~ /ansible_collections/ ]]; then
-    output_path="tests/output"
-else
-    output_path="test/results"
-fi
-
-echo "##vso[task.setVariable variable=outputPath]${output_path}"
-
-if compgen -G "${output_path}"'/junit/*.xml' > /dev/null; then
-    echo "##vso[task.setVariable variable=haveTestResults]true"
-fi
-
-if compgen -G "${output_path}"'/bot/ansible-test-*' > /dev/null; then
-    echo "##vso[task.setVariable variable=haveBotResults]true"
-fi
-
-if compgen -G "${output_path}"'/coverage/*' > /dev/null; then
-    echo "##vso[task.setVariable variable=haveCoverageData]true"
-fi
--- a/.azure-pipelines/scripts/publish-codecov.py
+++ b/.azure-pipelines/scripts/publish-codecov.py
@@ -1,105 +0,0 @@
-#!/usr/bin/env python
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-"""
-Upload code coverage reports to codecov.io.
-Multiple coverage files from multiple languages are accepted and aggregated after upload.
-Python coverage, as well as PowerShell and Python stubs can all be uploaded.
-"""
-
-import argparse
-import dataclasses
-import pathlib
-import shutil
-import subprocess
-import tempfile
-import typing as t
-import urllib.request
-
-
-@dataclasses.dataclass(frozen=True)
-class CoverageFile:
-    name: str
-    path: pathlib.Path
-    flags: t.List[str]
-
-
-@dataclasses.dataclass(frozen=True)
-class Args:
-    dry_run: bool
-    path: pathlib.Path
-
-
-def parse_args() -> Args:
-    parser = argparse.ArgumentParser()
-    parser.add_argument('-n', '--dry-run', action='store_true')
-    parser.add_argument('path', type=pathlib.Path)
-
-    args = parser.parse_args()
-
-    # Store arguments in a typed dataclass
-    fields = dataclasses.fields(Args)
-    kwargs = {field.name: getattr(args, field.name) for field in fields}
-
-    return Args(**kwargs)
-
-
-def process_files(directory: pathlib.Path) -> t.Tuple[CoverageFile, ...]:
-    processed = []
-    for file in directory.joinpath('reports').glob('coverage*.xml'):
-        name = file.stem.replace('coverage=', '')
-
-        # Get flags from name
-        flags = name.replace('-powershell', '').split('=')  # Drop '-powershell' suffix
-        flags = [flag if not flag.startswith('stub') else flag.split('-')[0] for flag in flags]  # Remove "-01" from stub files
-
-        processed.append(CoverageFile(name, file, flags))
-
-    return tuple(processed)
-
-
-def upload_files(codecov_bin: pathlib.Path, files: t.Tuple[CoverageFile, ...], dry_run: bool = False) -> None:
-    for file in files:
-        cmd = [
-            str(codecov_bin),
-            '--name', file.name,
-            '--file', str(file.path),
-        ]
-        for flag in file.flags:
-            cmd.extend(['--flags', flag])
-
-        if dry_run:
-            print(f'DRY-RUN: Would run command: {cmd}')
-            continue
-
-        subprocess.run(cmd, check=True)
-
-
-def download_file(url: str, dest: pathlib.Path, flags: int, dry_run: bool = False) -> None:
-    if dry_run:
-        print(f'DRY-RUN: Would download {url} to {dest} and set mode to {flags:o}')
-        return
-
-    with urllib.request.urlopen(url) as resp:
-        with dest.open('w+b') as f:
-            # Read data in chunks rather than all at once
-            shutil.copyfileobj(resp, f, 64 * 1024)
-
-    dest.chmod(flags)
-
-
-def main():
-    args = parse_args()
-    url = 'https://ansible-ci-files.s3.amazonaws.com/codecov/linux/codecov'
-    with tempfile.TemporaryDirectory(prefix='codecov-') as tmpdir:
-        codecov_bin = pathlib.Path(tmpdir) / 'codecov'
-        download_file(url, codecov_bin, 0o755, args.dry_run)
-
-        files = process_files(args.path)
-        upload_files(codecov_bin, files, args.dry_run)
-
-
-if __name__ == '__main__':
-    main()
--- a/.azure-pipelines/scripts/report-coverage.sh
+++ b/.azure-pipelines/scripts/report-coverage.sh
@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# Generate code coverage reports for uploading to Azure Pipelines and codecov.io.
-
-set -o pipefail -eu
-
-PATH="${PWD}/bin:${PATH}"
-
-if ! ansible-test --help >/dev/null 2>&1; then
-    # Install the devel version of ansible-test for generating code coverage reports.
-    # This is only used by Ansible Collections, which are typically tested against multiple Ansible versions (in separate jobs).
-    # Since a version of ansible-test is required that can work the output from multiple older releases, the devel version is used.
-    pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
-fi
-
-ansible-test coverage xml --group-by command --stub --venv --venv-system-site-packages --color -v
--- a/.azure-pipelines/scripts/run-tests.sh
+++ b/.azure-pipelines/scripts/run-tests.sh
@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# Configure the test environment and run the tests.
-
-set -o pipefail -eu
-
-entry_point="$1"
-test="$2"
-read -r -a coverage_branches <<< "$3"  # space separated list of branches to run code coverage on for scheduled builds
-
-export COMMIT_MESSAGE
-export COMPLETE
-export COVERAGE
-export IS_PULL_REQUEST
-
-if [ "${SYSTEM_PULLREQUEST_TARGETBRANCH:-}" ]; then
-    IS_PULL_REQUEST=true
-    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD^2)
-else
-    IS_PULL_REQUEST=
-    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
-fi
-
-COMPLETE=
-COVERAGE=
-
-if [ "${BUILD_REASON}" = "Schedule" ]; then
-    COMPLETE=yes
-
-    if printf '%s\n' "${coverage_branches[@]}" | grep -q "^${BUILD_SOURCEBRANCHNAME}$"; then
-        COVERAGE=yes
-    fi
-fi
-
-"${entry_point}" "${test}" 2>&1 | "$(dirname "$0")/time-command.py"
--- a/.azure-pipelines/scripts/time-command.py
+++ b/.azure-pipelines/scripts/time-command.py
@@ -1,29 +0,0 @@
-#!/usr/bin/env python
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-"""Prepends a relative timestamp to each input line from stdin and writes it to stdout."""
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-import sys
-import time
-
-
-def main():
-    """Main program entry point."""
-    start = time.time()
-
-    sys.stdin.reconfigure(errors='surrogateescape')
-    sys.stdout.reconfigure(errors='surrogateescape')
-
-    for line in sys.stdin:
-        seconds = time.time() - start
-        sys.stdout.write('%02d:%02d %s' % (seconds // 60, seconds % 60, line))
-        sys.stdout.flush()
-
-
-if __name__ == '__main__':
-    main()
--- a/.azure-pipelines/templates/coverage.yml
+++ b/.azure-pipelines/templates/coverage.yml
@@ -1,44 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# This template adds a job for processing code coverage data.
-# It will upload results to Azure Pipelines and codecov.io.
-# Use it from a job stage that completes after all other jobs have completed.
-# This can be done by placing it in a separate summary stage that runs after the test stage(s) have completed.
-
-jobs:
-  - job: Coverage
-    displayName: Code Coverage
-    container: default
-    workspace:
-      clean: all
-    steps:
-      - checkout: self
-        fetchDepth: $(fetchDepth)
-        path: $(checkoutPath)
-      - task: DownloadPipelineArtifact@2
-        displayName: Download Coverage Data
-        inputs:
-          path: coverage/
-          patterns: "Coverage */*=coverage.combined"
-      - bash: .azure-pipelines/scripts/combine-coverage.py coverage/
-        displayName: Combine Coverage Data
-      - bash: .azure-pipelines/scripts/report-coverage.sh
-        displayName: Generate Coverage Report
-        condition: gt(variables.coverageFileCount, 0)
-      - task: PublishCodeCoverageResults@1
-        inputs:
-          codeCoverageTool: Cobertura
-          # Azure Pipelines only accepts a single coverage data file.
-          # That means only Python or PowerShell coverage can be uploaded, but not both.
-          # Set the "pipelinesCoverage" variable to determine which type is uploaded.
-          # Use "coverage" for Python and "coverage-powershell" for PowerShell.
-          summaryFileLocation: "$(outputPath)/reports/$(pipelinesCoverage).xml"
-        displayName: Publish to Azure Pipelines
-        condition: gt(variables.coverageFileCount, 0)
-      - bash: .azure-pipelines/scripts/publish-codecov.py "$(outputPath)"
-        displayName: Publish to codecov.io
-        condition: gt(variables.coverageFileCount, 0)
-        continueOnError: true
--- a/.azure-pipelines/templates/matrix.yml
+++ b/.azure-pipelines/templates/matrix.yml
@@ -1,60 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# This template uses the provided targets and optional groups to generate a matrix which is then passed to the test template.
-# If this matrix template does not provide the required functionality, consider using the test template directly instead.
-
-parameters:
-  # A required list of dictionaries, one per test target.
-  # Each item in the list must contain a "test" or "name" key.
-  # Both may be provided. If one is omitted, the other will be used.
-  - name: targets
-    type: object
-
-  # An optional list of values which will be used to multiply the targets list into a matrix.
-  # Values can be strings or numbers.
-  - name: groups
-    type: object
-    default: []
-
-  # An optional format string used to generate the job name.
-  # - {0} is the name of an item in the targets list.
-  - name: nameFormat
-    type: string
-    default: "{0}"
-
-  # An optional format string used to generate the test name.
-  # - {0} is the name of an item in the targets list.
-  - name: testFormat
-    type: string
-    default: "{0}"
-
-  # An optional format string used to add the group to the job name.
-  # {0} is the formatted name of an item in the targets list.
-  # {{1}} is the group -- be sure to include the double "{{" and "}}".
-  - name: nameGroupFormat
-    type: string
-    default: "{0} - {{1}}"
-
-  # An optional format string used to add the group to the test name.
-  # {0} is the formatted test of an item in the targets list.
-  # {{1}} is the group -- be sure to include the double "{{" and "}}".
-  - name: testGroupFormat
-    type: string
-    default: "{0}/{{1}}"
-
-jobs:
-  - template: test.yml
-    parameters:
-      jobs:
-        - ${{ if eq(length(parameters.groups), 0) }}:
-          - ${{ each target in parameters.targets }}:
-            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
-              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
-        - ${{ if not(eq(length(parameters.groups), 0)) }}:
-          - ${{ each group in parameters.groups }}:
-            - ${{ each target in parameters.targets }}:
-              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
-                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}
--- a/.azure-pipelines/templates/test.yml
+++ b/.azure-pipelines/templates/test.yml
@@ -1,50 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# This template uses the provided list of jobs to create test one or more test jobs.
-# It can be used directly if needed, or through the matrix template.
-
-parameters:
-  # A required list of dictionaries, one per test job.
-  # Each item in the list must contain a "job" and "name" key.
-  - name: jobs
-    type: object
-
-jobs:
-  - ${{ each job in parameters.jobs }}:
-    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
-      displayName: ${{ job.name }}
-      container: default
-      workspace:
-        clean: all
-      steps:
-        - checkout: self
-          fetchDepth: $(fetchDepth)
-          path: $(checkoutPath)
-        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
-          displayName: Run Tests
-        - bash: .azure-pipelines/scripts/process-results.sh
-          condition: succeededOrFailed()
-          displayName: Process Results
-        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
-          condition: eq(variables.haveCoverageData, 'true')
-          displayName: Aggregate Coverage Data
-        - task: PublishTestResults@2
-          condition: eq(variables.haveTestResults, 'true')
-          inputs:
-            testResultsFiles: "$(outputPath)/junit/*.xml"
-          displayName: Publish Test Results
-        - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveBotResults, 'true')
-          displayName: Publish Bot Results
-          inputs:
-            targetPath: "$(outputPath)/bot/"
-            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
-        - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveCoverageData, 'true')
-          displayName: Publish Coverage Data
-          inputs:
-            targetPath: "$(Agent.TempDirectory)/coverage/"
-            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@@ -204,6 +204,8 @@ files:
    maintainers: ddelnano shinuza
  $lookups/:
    labels: lookups
+  $lookups/bitwarden_secrets_manager.py:
+    maintainers: jantari
  $lookups/bitwarden.py:
    maintainers: lungj
  $lookups/cartesian.py: {}
@@ -247,9 +249,11 @@ files:
    labels: onepassword
    maintainers: samdoran
  $lookups/onepassword.py:
-    maintainers: azenk scottsb
+    ignore: scottsb
+    maintainers: azenk
  $lookups/onepassword_raw.py:
-    maintainers: azenk scottsb
+    ignore: scottsb
+    maintainers: azenk
  $lookups/passwordstore.py: {}
  $lookups/random_pet.py:
    maintainers: Akasurde
@@ -274,6 +278,8 @@ files:
  $module_utils/gconftool2.py:
    labels: gconftool2
    maintainers: russoz
+  $module_utils/gio_mime.py:
+    maintainers: russoz
  $module_utils/gitlab.py:
    keywords: gitlab source_control
    labels: gitlab
@@ -326,6 +332,9 @@ files:
  $module_utils/scaleway.py:
    labels: cloud scaleway
    maintainers: $team_scaleway
+  $module_utils/snap.py:
+    labels: snap
+    maintainers: russoz
  $module_utils/ssh.py:
    maintainers: russoz
  $module_utils/storage/hpe3par/hpe3par.py:
@@ -431,7 +440,7 @@ files:
    ignore: resmo
    maintainers: dmtrs
  $modules/consul:
-    ignore: colin-nolan
+    ignore: colin-nolan Hakon
    maintainers: $team_consul
  $modules/copr.py:
    maintainers: schlupov
@@ -510,6 +519,8 @@ files:
  $modules/gem.py:
    labels: gem
    maintainers: $team_ansible_core johanwiren
+  $modules/gio_mime.py:
+    maintainers: russoz
  $modules/git_config.py:
    maintainers: djmattyg007 mgedmin
  $modules/github_:
@@ -530,6 +541,7 @@ files:
    keywords: gitlab source_control
    maintainers: $team_gitlab
    notify: jlozadad
+    ignore: dj-wasabi
  $modules/gitlab_branch.py:
    maintainers: paytroff
  $modules/gitlab_merge_request.py:
@@ -630,6 +642,7 @@ files:
    maintainers: bregman-arie
  $modules/ipa_:
    maintainers: $team_ipa
+    ignore: fxfitz
  $modules/ipbase_info.py:
    maintainers: dominikkukacka
  $modules/ipa_pwpolicy.py:
@@ -666,7 +679,9 @@ files:
    labels: jboss
    maintainers: $team_jboss jhoekx
  $modules/jenkins_build.py:
-    maintainers: brettmilford unnecessary-username
+    maintainers: brettmilford unnecessary-username juanmcasanova
+  $modules/jenkins_build_info.py:
+    maintainers: juanmcasanova
  $modules/jenkins_job.py:
    maintainers: sermilrod
  $modules/jenkins_job_info.py:
@@ -676,9 +691,9 @@ files:
  $modules/jenkins_script.py:
    maintainers: hogarthj
  $modules/jira.py:
-    ignore: DWSR
+    ignore: DWSR tarka
    labels: jira
-    maintainers: Slezhuk tarka pertoft
+    maintainers: Slezhuk pertoft
  $modules/kdeconfig.py:
    maintainers: smeso
  $modules/kernel_blacklist.py:
@@ -691,6 +706,12 @@ files:
    maintainers: Skrekulko
  $modules/keycloak_authz_authorization_scope.py:
    maintainers: mattock
+  $modules/keycloak_authz_permission.py:
+    maintainers: mattock
+  $modules/keycloak_authz_custom_policy.py:
+    maintainers: mattock
+  $modules/keycloak_authz_permission_info.py:
+    maintainers: mattock
  $modules/keycloak_client_rolemapping.py:
    maintainers: Gaetan2907
  $modules/keycloak_clientscope.py:
@@ -709,6 +730,8 @@ files:
    maintainers: kris2kris
  $modules/keycloak_realm_info.py:
    maintainers: fynncfchen
+  $modules/keycloak_realm_key.py:
+    maintainers: mattock
  $modules/keycloak_role.py:
    maintainers: laurpaum
  $modules/keycloak_user.py:
@@ -930,7 +953,7 @@ files:
    labels: pagerduty
    maintainers: suprememoocow thaumos
  $modules/pagerduty_alert.py:
-    maintainers: ApsOps
+    maintainers: ApsOps xshen1
  $modules/pagerduty_change.py:
    maintainers: adamvaughan
  $modules/pagerduty_user.py:
@@ -973,6 +996,9 @@ files:
    maintainers: $team_solaris dermute
  $modules/pmem.py:
    maintainers: mizumm
+  $modules/pnpm.py:
+    ignore: chrishoffman
+    maintainers: aretrosen
  $modules/portage.py:
    ignore: sayap
    labels: portage
@@ -990,6 +1016,7 @@ files:
    keywords: kvm libvirt proxmox qemu
    labels: proxmox virt
    maintainers: $team_virt UnderGreen
+    ignore: tleguern
  $modules/proxmox.py:
    ignore: skvidal
    maintainers: UnderGreen
@@ -1187,6 +1214,8 @@ files:
    ignore: ryansb
  $modules/shutdown.py:
    maintainers: nitzmahone samdoran aminvakil
+  $modules/simpleinit_msb.py:
+    maintainers: vaygr
  $modules/sl_vm.py:
    maintainers: mcltn
  $modules/slack.py:
@@ -1199,7 +1228,7 @@ files:
    maintainers: $team_solaris
  $modules/snap.py:
    labels: snap
-    maintainers: angristan vcarceler
+    maintainers: angristan vcarceler russoz
  $modules/snap_alias.py:
    labels: snap
    maintainers: russoz
@@ -1366,6 +1395,8 @@ files:
    ignore: matze
    labels: zypper
    maintainers: $team_suse
+  $plugin_utils/unsafe.py:
+    maintainers: felixfontein
  $tests/a_module.py:
    maintainers: felixfontein
 #########################
@@ -1385,7 +1416,6 @@ macros:
  becomes: plugins/become
  caches: plugins/cache
  callbacks: plugins/callback
-  cliconfs: plugins/cliconf
  connections: plugins/connection
  doc_fragments: plugins/doc_fragments
  filters: plugins/filter
@@ -1393,7 +1423,7 @@ macros:
  lookups: plugins/lookup
  module_utils: plugins/module_utils
  modules: plugins/modules
-  terminals: plugins/terminal
+  plugin_utils: plugins/plugin_utils
  tests: plugins/test
  team_ansible_core:
  team_aix: MorrisA bcoca d-little flynn1973 gforster kairoaraujo marvin-sinister mator molekuul ramooncamacho wtcross
@@ -1402,10 +1432,10 @@ macros:
  team_cyberark_conjur: jvanderhoof ryanprior
  team_e_spirit: MatrixCrawler getjack
  team_flatpak: JayKayy oolongbrothers
-  team_gitlab: Lunik Shaps dj-wasabi marwatk waheedi zanssa scodeman metanovii sh0shin nejch lgatellier suukit
+  team_gitlab: Lunik Shaps marwatk waheedi zanssa scodeman metanovii sh0shin nejch lgatellier suukit
  team_hpux: bcoca davx8342
  team_huawei: QijunPan TommyLike edisonxiang freesky-edward hwDCN niuzhenguo xuxiaowei0512 yanzhangi zengchen1024 zhongjun2
-  team_ipa: Akasurde Nosmoht fxfitz justchris1
+  team_ipa: Akasurde Nosmoht justchris1
  team_jboss: Wolfant jairojunior wbrefvem
  team_keycloak: eikef ndclt mattock
  team_linode: InTheCloudDan decentral1se displague rmcintosh Charliekenney23 LBGarber
@@ -1421,5 +1451,5 @@ macros:
  team_scaleway: remyleone abarbare
  team_solaris: bcoca fishman jasperla jpdasma mator scathatheworm troy2914 xen0l
  team_suse: commel evrardjp lrupp toabctl AnderEnder alxgu andytom sealor
-  team_virt: joshainglis karmab tleguern Thulium-Drake Ajpantuso
+  team_virt: joshainglis karmab Thulium-Drake Ajpantuso
  team_wdc: mikemoerk
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -1,240 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# For the comprehensive list of the inputs supported by the ansible-community/ansible-test-gh-action GitHub Action, see
-# https://github.com/marketplace/actions/ansible-test
-
-name: EOL CI
-on:
-  # Run EOL CI against all pushes (direct commits, also merged PRs), Pull Requests
-  push:
-    branches:
-      - main
-      - stable-*
-  pull_request:
-  # Run EOL CI once per day (at 10:00 UTC)
-  schedule:
-    - cron: '0 10 * * *'
-
-concurrency:
-  # Make sure there is at most one active run per PR, but do not cancel any non-PR runs
-  group: ${{ github.workflow }}-${{ (github.head_ref && github.event.number) || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  sanity:
-    name: EOL Sanity (Ⓐ${{ matrix.ansible }})
-    strategy:
-      matrix:
-        ansible:
-          - '2.11'
-          - '2.12'
-    # Ansible-test on various stable branches does not yet work well with cgroups v2.
-    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
-    # image for these stable branches. The list of branches where this is necessary will
-    # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28
-    # for the latest list.
-    runs-on: >-
-      ${{ contains(fromJson(
-          '["2.9", "2.10", "2.11"]'
-      ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }}
-    steps:
-      - name: Perform sanity testing
-        uses: felixfontein/ansible-test-gh-action@main
-        with:
-          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }}
-          ansible-core-version: stable-${{ matrix.ansible }}
-          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
-          pull-request-change-detection: 'true'
-          testing-type: sanity
-
-  units:
-    # Ansible-test on various stable branches does not yet work well with cgroups v2.
-    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
-    # image for these stable branches. The list of branches where this is necessary will
-    # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28
-    # for the latest list.
-    runs-on: >-
-      ${{ contains(fromJson(
-          '["2.9", "2.10", "2.11"]'
-      ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }}
-    name: EOL Units (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
-    strategy:
-      # As soon as the first unit test fails, cancel the others to free up the CI queue
-      fail-fast: true
-      matrix:
-        ansible:
-          - ''
-        python:
-          - ''
-        exclude:
-          - ansible: ''
-        include:
-          - ansible: '2.11'
-            python: '2.7'
-          - ansible: '2.11'
-            python: '3.5'
-          - ansible: '2.12'
-            python: '2.6'
-          - ansible: '2.12'
-            python: '3.8'
-
-    steps:
-      - name: >-
-          Perform unit testing against
-          Ansible version ${{ matrix.ansible }}
-        uses: felixfontein/ansible-test-gh-action@main
-        with:
-          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }}
-          ansible-core-version: stable-${{ matrix.ansible }}
-          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
-          pre-test-cmd: >-
-            mkdir -p ../../ansible
-            ;
-            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools
-          pull-request-change-detection: 'true'
-          target-python-version: ${{ matrix.python }}
-          testing-type: units
-
-  integration:
-    # Ansible-test on various stable branches does not yet work well with cgroups v2.
-    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
-    # image for these stable branches. The list of branches where this is necessary will
-    # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28
-    # for the latest list.
-    runs-on: >-
-      ${{ contains(fromJson(
-          '["2.9", "2.10", "2.11"]'
-      ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }}
-    name: EOL I (Ⓐ${{ matrix.ansible }}+${{ matrix.docker }}+py${{ matrix.python }}:${{ matrix.target }})
-    strategy:
-      fail-fast: false
-      matrix:
-        ansible:
-          - ''
-        docker:
-          - ''
-        python:
-          - ''
-        target:
-          - ''
-        exclude:
-          - ansible: ''
-        include:
-          # 2.11
-          - ansible: '2.11'
-            docker: fedora32
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.11'
-            docker: fedora32
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.11'
-            docker: fedora32
-            python: ''
-            target: azp/posix/3/
-          - ansible: '2.11'
-            docker: fedora33
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.11'
-            docker: fedora33
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.11'
-            docker: fedora33
-            python: ''
-            target: azp/posix/3/
-          - ansible: '2.11'
-            docker: alpine3
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.11'
-            docker: alpine3
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.11'
-            docker: alpine3
-            python: ''
-            target: azp/posix/3/
-          # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
-          # - ansible: '2.11'
-          #   docker: default
-          #   python: '2.7'
-          #   target: azp/generic/1/
-          # - ansible: '2.11'
-          #   docker: default
-          #   python: '3.5'
-          #   target: azp/generic/1/
-          # 2.12
-          - ansible: '2.12'
-            docker: centos6
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.12'
-            docker: centos6
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.12'
-            docker: centos6
-            python: ''
-            target: azp/posix/3/
-          - ansible: '2.12'
-            docker: fedora34
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.12'
-            docker: fedora34
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.12'
-            docker: fedora34
-            python: ''
-            target: azp/posix/3/
-          - ansible: '2.12'
-            docker: ubuntu1804
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.12'
-            docker: ubuntu1804
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.12'
-            docker: ubuntu1804
-            python: ''
-            target: azp/posix/3/
-          # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
-          # - ansible: '2.12'
-          #   docker: default
-          #   python: '3.8'
-          #   target: azp/generic/1/
-
-    steps:
-      - name: >-
-          Perform integration testing against
-          Ansible version ${{ matrix.ansible }}
-          under Python ${{ matrix.python }}
-        uses: felixfontein/ansible-test-gh-action@main
-        with:
-          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }}
-          ansible-core-version: stable-${{ matrix.ansible }}
-          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
-          docker-image: ${{ matrix.docker }}
-          integration-continue-on-error: 'false'
-          integration-diff: 'false'
-          integration-retry-on-error: 'true'
-          pre-test-cmd: >-
-            mkdir -p ../../ansible
-            ;
-            git clone --depth=1 --single-branch https://github.com/ansible-collections/ansible.posix.git ../../ansible/posix
-            ;
-            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.crypto.git ../../community/crypto
-            ;
-            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools
-          pull-request-change-detection: 'true'
-          target: ${{ matrix.target }}
-          target-python-version: ${{ matrix.python }}
-          testing-type: integration
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,36 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-name: "Code scanning - action"
-
-on:
-  schedule:
-    - cron: '26 19 * * 1'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  CodeQL-Build:
-
-    permissions:
-      actions: read  # for github/codeql-action/init to get workflow details
-      contents: read  # for actions/checkout to fetch code
-      security-events: write  # for github/codeql-action/autobuild to send a status report
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: python
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -1,35 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-name: Verify REUSE
-
-on:
-  push:
-    branches: [main]
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-    branches: [main]
-  # Run CI once per day (at 07:30 UTC)
-  schedule:
-    - cron: '30 7 * * *'
-
-jobs:
-  check:
-    permissions:
-      contents: read
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.pull_request.head.sha || '' }}
-
-      - name: Install dependencies
-        run: |
-          pip install reuse
-
-      - name: Check REUSE compliance
-        run: |
-          reuse lint
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,23 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.0.1
-    hooks:
-      - id: trailing-whitespace
-      - id: end-of-file-fixer
-      - id: mixed-line-ending
-        args: [--fix=lf]
-      - id: fix-encoding-pragma
-      - id: check-ast
-      - id: check-merge-conflict
-      - id: check-symlinks
-  - repo: https://github.com/pre-commit/pygrep-hooks
-    rev: v1.9.0
-    hooks:
-      - id: rst-backticks
-        types: [file]
-        files: changelogs/fragments/.*\.(yml|yaml)$
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CHANGELOG.md.license
+++ b/CHANGELOG.md.license
@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,478 @@ Community General Release Notes

 This changelog describes changes after version 6.0.0.

+v7.5.9
+======
+
+Release Summary
+---------------
+
+Maintenance release.
+
+This is the last 7.x.y release. The 7.x.y release train is now effectively End of Life.
+
+Thanks to everyone who contributed to the community.general 7.x.y releases!
+
+Bugfixes
+--------
+
+- ini_file - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- ipa_hostgroup - fix ``enabled `` and ``disabled`` states (https://github.com/ansible-collections/community.general/issues/8408, https://github.com/ansible-collections/community.general/pull/8900).
+- java_keystore - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- jenkins_plugin - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- kdeconfig - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- modprobe - fix check mode not being honored for ``persistent`` option (https://github.com/ansible-collections/community.general/issues/9051, https://github.com/ansible-collections/community.general/pull/9052).
+- pam_limits - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+
+v7.5.8
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Note that this is the last regular bugfix release. From now on, the 7.x.y release train
+will only receive major and security bugfixes.
+
+Minor Changes
+-------------
+
+- gitlab_deploy_key, gitlab_group_members, gitlab_group_variable, gitlab_hook, gitlab_instance_variable, gitlab_project_badge, gitlab_project_variable, gitlab_user - improve API pagination and compatibility with different versions of ``python-gitlab`` (https://github.com/ansible-collections/community.general/pull/7790).
+
+Security Fixes
+--------------
+
+- keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values ``proposed``, ``existing``, and ``end_state``, as well as the diff, did contain the client secret unmasked (https://github.com/ansible-collections/community.general/pull/8355).
+
+Bugfixes
+--------
+
+- gitlab_runner - fix pagination when checking for existing runners (https://github.com/ansible-collections/community.general/pull/7790).
+- keycloak_user_federation - fix diff of empty ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/8320).
+- opentelemetry callback plugin - close spans always (https://github.com/ansible-collections/community.general/pull/8367).
+- opentelemetry callback plugin - honour the ``disable_logs`` option to avoid storing task results since they are not used regardless (https://github.com/ansible-collections/community.general/pull/8373).
+
+v7.5.7
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- aix_filesystem - fix ``_validate_vg`` not passing VG name to ``lsvg_cmd`` (https://github.com/ansible-collections/community.general/issues/8151).
+- apt_rpm - when checking whether packages were installed after running ``apt-get -y install <packages>``, only the last package name was checked (https://github.com/ansible-collections/community.general/pull/8263).
+- bitwarden_secrets_manager lookup plugin - implements retry with exponential backoff to avoid lookup errors when Bitwardn's API rate limiting is encountered (https://github.com/ansible-collections/community.general/issues/8230, https://github.com/ansible-collections/community.general/pull/8238).
+- haproxy - fix an issue where HAProxy could get stuck in DRAIN mode when the backend was unreachable (https://github.com/ansible-collections/community.general/issues/8092).
+- inventory plugins - add unsafe wrapper to avoid marking strings that do not contain ``{`` or ``}`` as unsafe, to work around a bug in AWX ((https://github.com/ansible-collections/community.general/issues/8212, https://github.com/ansible-collections/community.general/pull/8225).
+- ipa - fix get version regex in IPA module_utils (https://github.com/ansible-collections/community.general/pull/8175).
+- keycloak_client - add sorted ``defaultClientScopes`` and ``optionalClientScopes`` to normalizations (https://github.com/ansible-collections/community.general/pull/8223).
+- keycloak_realm - add normalizations for ``enabledEventTypes`` and ``supportedLocales`` (https://github.com/ansible-collections/community.general/pull/8224).
+- puppet - add option ``environment_lang`` to set the environment language encoding. Defaults to lang ``C``. It is recommended to set it to ``C.UTF-8`` or ``en_US.UTF-8`` depending on what is available on your system. (https://github.com/ansible-collections/community.general/issues/8000)
+- riak - support ``riak admin`` sub-command in newer Riak KV versions beside the legacy ``riak-admin`` main command (https://github.com/ansible-collections/community.general/pull/8211).
+- xml - make module work with lxml 5.1.1, which removed some internals that the module was relying on (https://github.com/ansible-collections/community.general/pull/8169).
+
+v7.5.6
+======
+
+Release Summary
+---------------
+
+Regular bugfix release with security fixes.
+
+Security Fixes
+--------------
+
+- cobbler, gitlab_runners, icinga2, linode, lxd, nmap, online, opennebula, proxmox, scaleway, stackpath_compute, virtualbox, and xen_orchestra inventory plugin - make sure all data received from the remote servers is marked as unsafe, so remote code execution by obtaining texts that can be evaluated as templates is not possible (https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/, https://github.com/ansible-collections/community.general/pull/8098).
+
+Bugfixes
+--------
+
+- aix_filesystem - fix issue with empty list items in crfs logic and option order (https://github.com/ansible-collections/community.general/pull/8052).
+- homebrew - error returned from brew command was ignored and tried to parse empty JSON. Fix now checks for an error and raises it to give accurate error message to users (https://github.com/ansible-collections/community.general/issues/8047).
+- ipa_hbacrule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
+- ipa_sudorule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
+- iptables_state - fix idempotency issues when restoring incomplete iptables dumps (https://github.com/ansible-collections/community.general/issues/8029).
+- linode inventory plugin - add descriptive error message for linode inventory plugin (https://github.com/ansible-collections/community.general/pull/8133).
+- pacemaker_cluster - actually implement check mode, which the module claims to support. This means that until now the module also did changes in check mode (https://github.com/ansible-collections/community.general/pull/8081).
+- pam_limits - when the file does not exist, do not create it in check mode (https://github.com/ansible-collections/community.general/issues/8050, https://github.com/ansible-collections/community.general/pull/8057).
+- proxmox_kvm - fixed status check getting from node-specific API endpoint (https://github.com/ansible-collections/community.general/issues/7817).
+
+v7.5.5
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- cargo - fix idempotency issues when using a custom installation path for packages (using the ``--path`` parameter). The initial installation runs fine, but subsequent runs use the ``get_installed()`` function which did not check the given installation location, before running ``cargo install``. This resulted in a false ``changed`` state. Also the removal of packeges using ``state: absent`` failed, as the installation check did not use the given parameter (https://github.com/ansible-collections/community.general/pull/7970).
+- keycloak_client - fixes issue when metadata is provided in desired state when task is in check mode (https://github.com/ansible-collections/community.general/issues/1226, https://github.com/ansible-collections/community.general/pull/7881).
+- modprobe - listing modules files or modprobe files could trigger a FileNotFoundError if ``/etc/modprobe.d`` or ``/etc/modules-load.d`` did not exist. Relevant functions now return empty lists if the directories do not exist to avoid crashing the module (https://github.com/ansible-collections/community.general/issues/7717).
+- onepassword lookup plugin - failed for fields that were in sections and had uppercase letters in the label/ID. Field lookups are now case insensitive in all cases (https://github.com/ansible-collections/community.general/pull/7919).
+- pkgin - pkgin (pkgsrc package manager used by SmartOS) raises erratic exceptions and spurious ``changed=true`` (https://github.com/ansible-collections/community.general/pull/7971).
+- redfish_info - allow for a GET operation invoked by ``GetUpdateStatus`` to allow for an empty response body for cases where a service returns 204 No Content (https://github.com/ansible-collections/community.general/issues/8003).
+- redfish_info - correct uncaught exception when attempting to retrieve ``Chassis`` information (https://github.com/ansible-collections/community.general/pull/7952).
+
+v7.5.4
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- homebrew - detect already installed formulae and casks using JSON output from ``brew info`` (https://github.com/ansible-collections/community.general/issues/864).
+- ipa_otptoken - the module expect ``ipatokendisabled`` as string but the ``ipatokendisabled`` value is returned as a boolean (https://github.com/ansible-collections/community.general/pull/7795).
+- ldap - previously the order number (if present) was expected to follow an equals sign in the DN. This makes it so the order number string is identified correctly anywhere within the DN (https://github.com/ansible-collections/community.general/issues/7646).
+- mssql_script - make the module work with Python 2 (https://github.com/ansible-collections/community.general/issues/7818, https://github.com/ansible-collections/community.general/pull/7821).
+- nmcli - fix ``connection.slave-type`` wired to ``bond`` and not with parameter ``slave_type`` in case of connection type ``wifi`` (https://github.com/ansible-collections/community.general/issues/7389).
+
+v7.5.3
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- keycloak_identity_provider - ``mappers`` processing was not idempotent if the mappers configuration list had not been sorted by name (in ascending order). Fix resolves the issue by sorting mappers in the desired state using the same key which is used for obtaining existing state (https://github.com/ansible-collections/community.general/pull/7418).
+- keycloak_identity_provider - it was not possible to reconfigure (add, remove) ``mappers`` once they were created initially. Removal was ignored, adding new ones resulted in dropping the pre-existing unmodified mappers. Fix resolves the issue by supplying correct input to the internal update call (https://github.com/ansible-collections/community.general/pull/7418).
+- keycloak_user - when ``force`` is set, but user does not exist, do not try to delete it (https://github.com/ansible-collections/community.general/pull/7696).
+- statusio_maintenance - fix error caused by incorrectly formed API data payload. Was raising "Failed to create maintenance HTTP Error 400 Bad Request" caused by bad data type for date/time and deprecated dict keys (https://github.com/ansible-collections/community.general/pull/7754).
+
+v7.5.2
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Minor Changes
+-------------
+
+- elastic callback plugin - close elastic client to not leak resources (https://github.com/ansible-collections/community.general/pull/7517).
+
+Bugfixes
+--------
+
+- cloudflare_dns - fix Cloudflare lookup of SHFP records (https://github.com/ansible-collections/community.general/issues/7652).
+- interface_files - also consider ``address_family`` when changing ``option=method`` (https://github.com/ansible-collections/community.general/issues/7610, https://github.com/ansible-collections/community.general/pull/7612).
+- irc - replace ``ssl.wrap_socket`` that was removed from Python 3.12 with code for creating a proper SSL context (https://github.com/ansible-collections/community.general/pull/7542).
+- keycloak_* - fix Keycloak API client to quote ``/`` properly (https://github.com/ansible-collections/community.general/pull/7641).
+- keycloak_authz_permission - resource payload variable for scope-based permission was constructed as a string, when it needs to be a list, even for a single item (https://github.com/ansible-collections/community.general/issues/7151).
+- log_entries callback plugin - replace ``ssl.wrap_socket`` that was removed from Python 3.12 with code for creating a proper SSL context (https://github.com/ansible-collections/community.general/pull/7542).
+- lvol - test for output messages in both ``stdout`` and ``stderr`` (https://github.com/ansible-collections/community.general/pull/7601, https://github.com/ansible-collections/community.general/issues/7182).
+- ocapi_utils, oci_utils, redfish_utils module utils - replace ``type()`` calls with ``isinstance()`` calls (https://github.com/ansible-collections/community.general/pull/7501).
+- onepassword lookup plugin - field and section titles are now case insensitive when using op CLI version two or later. This matches the behavior of version one (https://github.com/ansible-collections/community.general/pull/7564).
+- pipx module utils - change the CLI argument formatter for the ``pip_args`` parameter (https://github.com/ansible-collections/community.general/issues/7497, https://github.com/ansible-collections/community.general/pull/7506).
+- redhat_subscription - use the D-Bus registration on RHEL 7 only on 7.4 and
+  greater; older versions of RHEL 7 do not have it
+  (https://github.com/ansible-collections/community.general/issues/7622,
+  https://github.com/ansible-collections/community.general/pull/7624).
+- terraform - fix multiline string handling in complex variables (https://github.com/ansible-collections/community.general/pull/7535).
+
+v7.5.1
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- composer - fix impossible to run ``working_dir`` dependent commands. The module was throwing an error when trying to run a ``working_dir`` dependent command, because it tried to get the command help without passing the ``working_dir`` (https://github.com/ansible-collections/community.general/issues/3787).
+- github_deploy_key - fix pagination behaviour causing a crash when only a single page of deploy keys exist (https://github.com/ansible-collections/community.general/pull/7375).
+- gitlab_group_members - fix gitlab constants call in ``gitlab_group_members`` module (https://github.com/ansible-collections/community.general/issues/7467).
+- gitlab_project_members - fix gitlab constants call in ``gitlab_project_members`` module (https://github.com/ansible-collections/community.general/issues/7467).
+- gitlab_protected_branches - fix gitlab constants call in ``gitlab_protected_branches`` module (https://github.com/ansible-collections/community.general/issues/7467).
+- gitlab_user - fix gitlab constants call in ``gitlab_user`` module (https://github.com/ansible-collections/community.general/issues/7467).
+- kernel_blacklist - simplified the mechanism to update the file, fixing the error (https://github.com/ansible-collections/community.general/pull/7382, https://github.com/ansible-collections/community.general/issues/7362).
+- memset module utils - make compatible with ansible-core 2.17 (https://github.com/ansible-collections/community.general/pull/7379).
+- proxmox_pool_member - absent state for type VM did not delete VMs from the pools (https://github.com/ansible-collections/community.general/pull/7464).
+- redfish_command - fix usage of message parsing in ``SimpleUpdate`` and ``MultipartHTTPPushUpdate`` commands to treat the lack of a ``MessageId`` as no message (https://github.com/ansible-collections/community.general/issues/7465, https://github.com/ansible-collections/community.general/pull/7471).
+- redhat_subscription - use the right D-Bus options for the consumer type when
+  registering a RHEL system older than 9 or a RHEL 9 system older than 9.2
+  and using ``consumer_type``
+  (https://github.com/ansible-collections/community.general/pull/7378).
+- selective callback plugin - fix length of task name lines in output always being 3 characters longer than desired (https://github.com/ansible-collections/community.general/pull/7374).
+
+v7.5.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Please note that this is the last minor 7.x.0 release. Further releases
+with major version 7 will be bugfix releases 7.5.y.
+
+Minor Changes
+-------------
+
+- cargo - add option ``executable``, which allows user to specify path to the cargo binary (https://github.com/ansible-collections/community.general/pull/7352).
+- cargo - add option ``locked`` which allows user to specify install the locked version of dependency instead of latest compatible version (https://github.com/ansible-collections/community.general/pull/6134).
+- dig lookup plugin - add TCP option to enable the use of TCP connection during DNS lookup (https://github.com/ansible-collections/community.general/pull/7343).
+- gitlab_group - add option ``force_delete`` (default: false) which allows delete group even if projects exists in it (https://github.com/ansible-collections/community.general/pull/7364).
+- ini_file - add ``ignore_spaces`` option (https://github.com/ansible-collections/community.general/pull/7273).
+- newrelic_deployment - add option ``app_name_exact_match``, which filters results for the exact app_name provided (https://github.com/ansible-collections/community.general/pull/7355).
+- onepassword lookup plugin - introduce ``account_id`` option which allows specifying which account to use (https://github.com/ansible-collections/community.general/pull/7308).
+- onepassword_raw lookup plugin - introduce ``account_id`` option which allows specifying which account to use (https://github.com/ansible-collections/community.general/pull/7308).
+- parted - on resize, use ``--fix`` option if available (https://github.com/ansible-collections/community.general/pull/7304).
+- pnpm - set correct version when state is latest or version is not mentioned. Resolves previous idempotency problem (https://github.com/ansible-collections/community.general/pull/7339).
+- proxmox - add ``vmid`` (and ``taskid`` when possible) to return values (https://github.com/ansible-collections/community.general/pull/7263).
+- random_string - added new ``ignore_similar_chars`` and ``similar_chars`` option to ignore certain chars (https://github.com/ansible-collections/community.general/pull/7242).
+- redfish_command - add new option ``update_oem_params`` for the ``MultipartHTTPPushUpdate`` command (https://github.com/ansible-collections/community.general/issues/7331).
+- redfish_config - add ``CreateVolume`` command to allow creation of volumes on servers (https://github.com/ansible-collections/community.general/pull/6813).
+- redfish_config - adding ``SetSecureBoot`` command (https://github.com/ansible-collections/community.general/pull/7129).
+- redfish_info - add support for ``GetBiosRegistries`` command (https://github.com/ansible-collections/community.general/pull/7144).
+- redfish_info - adds ``LinkStatus`` to NIC inventory (https://github.com/ansible-collections/community.general/pull/7318).
+- redis_info - refactor the redis_info module to use the redis module_utils enabling to pass TLS parameters to the Redis client (https://github.com/ansible-collections/community.general/pull/7267).
+- supervisorctl - allow to stop matching running processes before removing them with ``stop_before_removing=true`` (https://github.com/ansible-collections/community.general/pull/7284).
+
+Deprecated Features
+-------------------
+
+- The next major release, community.general 8.0.0, will drop support for ansible-core 2.11 and 2.12, which have been End of Life for some time now. This means that this collection no longer supports Python 2.6 on the target. Individual content might still work with unsupported ansible-core versions, but that can change at any time. Also please note that from now on, for every new major community.general release, we will drop support for all ansible-core versions that have been End of Life for more than a few weeks on the date of the major release (https://github.com/ansible-community/community-topics/discussions/271, https://github.com/ansible-collections/community.general/pull/7259).
+- redfish_info, redfish_config, redfish_command - the default value ``10`` for the ``timeout`` option is deprecated and will change to ``60`` in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/7295).
+
+Bugfixes
+--------
+
+- gitlab_group_variable - deleted all variables when used with ``purge=true`` due to missing ``raw`` property in KNOWN attributes (https://github.com/ansible-collections/community.general/issues/7250).
+- gitlab_project_variable - deleted all variables when used with ``purge=true`` due to missing ``raw`` property in KNOWN attributes (https://github.com/ansible-collections/community.general/issues/7250).
+- ldap_search - fix string normalization and the ``base64_attributes`` option on Python 3 (https://github.com/ansible-collections/community.general/issues/5704, https://github.com/ansible-collections/community.general/pull/7264).
+- lxc connection plugin - properly evaluate options (https://github.com/ansible-collections/community.general/pull/7369).
+- mail - skip headers containing equals characters due to missing ``maxsplit`` on header key/value parsing (https://github.com/ansible-collections/community.general/pull/7303).
+- nmap inventory plugin - fix ``get_option`` calls (https://github.com/ansible-collections/community.general/pull/7323).
+- onepassword - fix KeyError exception when trying to access value of a field that is not filled out in OnePassword item (https://github.com/ansible-collections/community.general/pull/7241).
+- snap - change the change detection mechanism from "parsing installation" to "comparing end state with initial state" (https://github.com/ansible-collections/community.general/pull/7340, https://github.com/ansible-collections/community.general/issues/7265).
+- terraform - prevents ``-backend-config`` option double encapsulating with ``shlex_quote`` function. (https://github.com/ansible-collections/community.general/pull/7301).
+
+New Modules
+-----------
+
+- community.general.consul_role - Manipulate Consul roles
+- community.general.gio_mime - Set default handler for MIME type, for applications using Gnome GIO
+- community.general.keycloak_authz_custom_policy - Allows administration of Keycloak client custom Javascript policies via Keycloak API
+- community.general.keycloak_realm_key - Allows administration of Keycloak realm keys via Keycloak API
+- community.general.simpleinit_msb - Manage services on Source Mage GNU/Linux
+
+v7.4.0
+======
+
+Release Summary
+---------------
+
+Bugfix and feature release.
+
+Minor Changes
+-------------
+
+- cobbler inventory plugin - add ``exclude_mgmt_classes`` and ``include_mgmt_classes`` options to exclude or include hosts based on management classes (https://github.com/ansible-collections/community.general/pull/7184).
+- cpanm - minor refactor when creating the ``CmdRunner`` object (https://github.com/ansible-collections/community.general/pull/7231).
+- gitlab_group_variable - add support for ``raw`` variables suboption (https://github.com/ansible-collections/community.general/pull/7132).
+- gitlab_project_variable - add support for ``raw`` variables suboption (https://github.com/ansible-collections/community.general/pull/7132).
+- jenkins_build - add new ``detach`` option, which allows the module to exit successfully as long as the build is created (default functionality is still waiting for the build to end before exiting) (https://github.com/ansible-collections/community.general/pull/7204).
+- jenkins_build - add new ``time_between_checks`` option, which allows to configure the wait time between requests to the Jenkins server (https://github.com/ansible-collections/community.general/pull/7204).
+- make - allows ``params`` to be used without value (https://github.com/ansible-collections/community.general/pull/7180).
+- nmap inventory plugin - now has a ``use_arp_ping`` option to allow the user to disable the default ARP ping query for a more reliable form (https://github.com/ansible-collections/community.general/pull/7119).
+- pagerduty - adds in option to use v2 API for creating pagerduty incidents (https://github.com/ansible-collections/community.general/issues/6151)
+- pritunl module utils - ensure ``validate_certs`` parameter is honoured in all methods (https://github.com/ansible-collections/community.general/pull/7156).
+- redfish_info - report ``Id`` in the output of ``GetManagerInventory`` (https://github.com/ansible-collections/community.general/pull/7140).
+- redfish_utils module utils - support ``Volumes`` in response for ``GetDiskInventory`` (https://github.com/ansible-collections/community.general/pull/6819).
+- unixy callback plugin - add support for ``check_mode_markers`` option (https://github.com/ansible-collections/community.general/pull/7179).
+
+Bugfixes
+--------
+
+- CmdRunner module utils - does not attempt to resolve path if executable is a relative or absolute path (https://github.com/ansible-collections/community.general/pull/7200).
+- nmap inventory plugin - now uses ``get_option`` in all cases to get its configuration information (https://github.com/ansible-collections/community.general/pull/7119).
+- nsupdate - fix a possible ``list index out of range`` exception (https://github.com/ansible-collections/community.general/issues/836).
+- oci_utils module util - fix inappropriate logical comparison expressions and makes them simpler. The previous checks had logical short circuits (https://github.com/ansible-collections/community.general/pull/7125).
+- pritunl module utils - fix incorrect URL parameter for orgnization add method (https://github.com/ansible-collections/community.general/pull/7161).
+- snap - an exception was being raised when snap list was empty (https://github.com/ansible-collections/community.general/pull/7124, https://github.com/ansible-collections/community.general/issues/7120).
+
+New Modules
+-----------
+
+- community.general.jenkins_build_info - Get information about Jenkins builds
+- community.general.pnpm - Manage node.js packages with pnpm
+
+v7.3.0
+======
+
+Release Summary
+---------------
+
+Feature and bugfix release.
+
+Minor Changes
+-------------
+
+- chroot connection plugin - add ``disable_root_check`` option (https://github.com/ansible-collections/community.general/pull/7099).
+- ejabberd_user - module now using ``CmdRunner`` to execute external command (https://github.com/ansible-collections/community.general/pull/7075).
+- ipa_config - add module parameters to manage FreeIPA user and group objectclasses (https://github.com/ansible-collections/community.general/pull/7019).
+- ipa_config - adds ``idp`` choice to ``ipauserauthtype`` parameter's choices (https://github.com/ansible-collections/community.general/pull/7051).
+- npm - module now using ``CmdRunner`` to execute external commands (https://github.com/ansible-collections/community.general/pull/6989).
+- proxmox_kvm - enabled force restart of VM, bringing the ``force`` parameter functionality in line with what is described in the docs (https://github.com/ansible-collections/community.general/pull/6914).
+- proxmox_vm_info - ``node`` parameter is no longer required. Information can be obtained for the whole cluster (https://github.com/ansible-collections/community.general/pull/6976).
+- proxmox_vm_info - non-existing provided by name/vmid VM would return empty results instead of failing (https://github.com/ansible-collections/community.general/pull/7049).
+- redfish_config - add ``DeleteAllVolumes`` command to allow deletion of all volumes on servers (https://github.com/ansible-collections/community.general/pull/6814).
+- redfish_utils - use ``Controllers`` key in redfish data to obtain Storage controllers properties (https://github.com/ansible-collections/community.general/pull/7081).
+- redfish_utils module utils - add support for ``PowerCycle`` reset type for ``redfish_command`` responses feature (https://github.com/ansible-collections/community.general/issues/7083).
+- redfish_utils module utils - add support for following ``@odata.nextLink`` pagination in ``software_inventory`` responses feature (https://github.com/ansible-collections/community.general/pull/7020).
+- shutdown - use ``shutdown -p ...`` with FreeBSD to halt and power off machine (https://github.com/ansible-collections/community.general/pull/7102).
+- sorcery - add grimoire (repository) management support (https://github.com/ansible-collections/community.general/pull/7012).
+
+Deprecated Features
+-------------------
+
+- ejabberd_user - deprecate the parameter ``logging`` in favour of producing more detailed information in the module output (https://github.com/ansible-collections/community.general/pull/7043).
+
+Bugfixes
+--------
+
+- bitwarden lookup plugin - the plugin made assumptions about the structure of a Bitwarden JSON object which may have been broken by an update in the Bitwarden API. Remove assumptions, and allow queries for general fields such as ``notes`` (https://github.com/ansible-collections/community.general/pull/7061).
+- ejabberd_user - module was failing to detect whether user was already created and/or password was changed (https://github.com/ansible-collections/community.general/pull/7033).
+- keycloak module util - fix missing ``http_agent``, ``timeout``, and ``validate_certs`` ``open_url()`` parameters (https://github.com/ansible-collections/community.general/pull/7067).
+- keycloak_client inventory plugin - fix missing client secret (https://github.com/ansible-collections/community.general/pull/6931).
+- lvol - add support for percentage of origin size specification when creating snapshot volumes (https://github.com/ansible-collections/community.general/issues/1630, https://github.com/ansible-collections/community.general/pull/7053).
+- lxc connection plugin - now handles ``remote_addr`` defaulting to ``inventory_hostname`` correctly (https://github.com/ansible-collections/community.general/pull/7104).
+- oci_utils module utils - avoid direct type comparisons (https://github.com/ansible-collections/community.general/pull/7085).
+- proxmox_user_info - avoid direct type comparisons (https://github.com/ansible-collections/community.general/pull/7085).
+- snap - fix crash when multiple snaps are specified and one has ``---`` in its description (https://github.com/ansible-collections/community.general/pull/7046).
+- sorcery - fix interruption of the multi-stage process (https://github.com/ansible-collections/community.general/pull/7012).
+- sorcery - fix queue generation before the whole system rebuild (https://github.com/ansible-collections/community.general/pull/7012).
+- sorcery - latest state no longer triggers update_cache (https://github.com/ansible-collections/community.general/pull/7012).
+
+v7.2.1
+======
+
+Release Summary
+---------------
+
+Bugfix release.
+
+Bugfixes
+--------
+
+- cmd_runner module utils - when a parameter in ``argument_spec`` has no type, meaning it is implicitly a ``str``, ``CmdRunner`` would fail trying to find the ``type`` key in that dictionary (https://github.com/ansible-collections/community.general/pull/6968).
+- ejabberd_user - provide meaningful error message when the ``ejabberdctl`` command is not found (https://github.com/ansible-collections/community.general/pull/7028, https://github.com/ansible-collections/community.general/issues/6949).
+- proxmox module utils - fix proxmoxer library version check (https://github.com/ansible-collections/community.general/issues/6974, https://github.com/ansible-collections/community.general/issues/6975, https://github.com/ansible-collections/community.general/pull/6980).
+- proxmox_kvm - when ``name`` option is provided without ``vmid`` and VM with that name already exists then no new VM will be created (https://github.com/ansible-collections/community.general/issues/6911, https://github.com/ansible-collections/community.general/pull/6981).
+- rundeck - fix ``TypeError`` on 404 API response (https://github.com/ansible-collections/community.general/pull/6983).
+
+v7.2.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- cobbler inventory plugin - convert Ansible unicode strings to native Python unicode strings before passing user/password to XMLRPC client (https://github.com/ansible-collections/community.general/pull/6923).
+- consul_session - drops requirement for the ``python-consul`` library to communicate with the Consul API, instead relying on the existing ``requests`` library requirement (https://github.com/ansible-collections/community.general/pull/6755).
+- gitlab_project_variable - minor refactor removing unnecessary code statements (https://github.com/ansible-collections/community.general/pull/6928).
+- gitlab_runner - minor refactor removing unnecessary code statements (https://github.com/ansible-collections/community.general/pull/6927).
+- htpasswd - the parameter ``crypt_scheme`` is being renamed as ``hash_scheme`` and added as an alias to it (https://github.com/ansible-collections/community.general/pull/6841).
+- keycloak_authentication - added provider ID choices, since Keycloak supports only those two specific ones (https://github.com/ansible-collections/community.general/pull/6763).
+- keyring - minor refactor removing unnecessary code statements (https://github.com/ansible-collections/community.general/pull/6927).
+- locale_gen - module has been refactored to use ``ModuleHelper`` and ``CmdRunner`` (https://github.com/ansible-collections/community.general/pull/6903).
+- locale_gen - module now using ``CmdRunner`` to execute external commands (https://github.com/ansible-collections/community.general/pull/6820).
+- make - add new ``targets`` parameter allowing multiple targets to be used with ``make`` (https://github.com/ansible-collections/community.general/pull/6882, https://github.com/ansible-collections/community.general/issues/4919).
+- nmcli - add support for ``ipv4.dns-options`` and ``ipv6.dns-options`` (https://github.com/ansible-collections/community.general/pull/6902).
+- npm - minor improvement on parameter validation (https://github.com/ansible-collections/community.general/pull/6848).
+- opkg - add ``executable`` parameter allowing to specify the path of the ``opkg`` command (https://github.com/ansible-collections/community.general/pull/6862).
+- pubnub_blocks - minor refactor removing unnecessary code statements (https://github.com/ansible-collections/community.general/pull/6928).
+- redfish_command - add ``account_types`` and ``oem_account_types`` as optional inputs to ``AddUser`` (https://github.com/ansible-collections/community.general/issues/6823, https://github.com/ansible-collections/community.general/pull/6871).
+- redfish_info - add ``AccountTypes`` and ``OEMAccountTypes`` to the output of ``ListUsers`` (https://github.com/ansible-collections/community.general/issues/6823, https://github.com/ansible-collections/community.general/pull/6871).
+- redfish_info - adds ``ProcessorArchitecture`` to CPU inventory (https://github.com/ansible-collections/community.general/pull/6864).
+- redfish_info - fix for ``GetVolumeInventory``, Controller name was getting populated incorrectly and duplicates were seen in the volumes retrieved (https://github.com/ansible-collections/community.general/pull/6719).
+- rhsm_repository - the interaction with ``subscription-manager`` was
+  refactored by grouping things together, removing unused bits, and hardening
+  the way it is run; also, the parsing of ``subscription-manager repos --list``
+  was improved and made slightly faster; no behaviour change is expected
+  (https://github.com/ansible-collections/community.general/pull/6783,
+  https://github.com/ansible-collections/community.general/pull/6837).
+- scaleway_security_group_rule - minor refactor removing unnecessary code statements (https://github.com/ansible-collections/community.general/pull/6928).
+- snap - add option ``dangerous`` to the module, that will map into the command line argument ``--dangerous``, allowing unsigned snap files to be installed (https://github.com/ansible-collections/community.general/pull/6908, https://github.com/ansible-collections/community.general/issues/5715).
+- tss lookup plugin - allow to fetch secret by path. Previously, we could not fetch secret by path but now use ``secret_path`` option to indicate to fetch secret by secret path (https://github.com/ansible-collections/community.general/pull/6881).
+- xenserver_guest_info - minor refactor removing unnecessary code statements (https://github.com/ansible-collections/community.general/pull/6928).
+- xenserver_guest_powerstate - minor refactor removing unnecessary code statements (https://github.com/ansible-collections/community.general/pull/6928).
+- yum_versionlock - add support to pin specific package versions instead of only the package itself (https://github.com/ansible-collections/community.general/pull/6861, https://github.com/ansible-collections/community.general/issues/4470).
+
+Deprecated Features
+-------------------
+
+- flowdock - module relies entirely on no longer responsive API endpoints, and it will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/6930).
+- proxmox - old feature flag ``proxmox_default_behavior`` will be removed in community.general 10.0.0 (https://github.com/ansible-collections/community.general/pull/6836).
+- stackdriver - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/6887).
+- webfaction_app - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/6909).
+- webfaction_db - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/6909).
+- webfaction_domain - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/6909).
+- webfaction_mailbox - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/6909).
+- webfaction_site - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (https://github.com/ansible-collections/community.general/pull/6909).
+
+Bugfixes
+--------
+
+- cobbler inventory plugin - fix calculation of cobbler_ipv4/6_address (https://github.com/ansible-collections/community.general/pull/6925).
+- datadog_downtime - presence of ``rrule`` param lead to the Datadog API returning Bad Request due to a missing recurrence type (https://github.com/ansible-collections/community.general/pull/6811).
+- ipa_dnszone - fix 'idnsallowsyncptr' key error for reverse zone (https://github.com/ansible-collections/community.general/pull/6906, https://github.com/ansible-collections/community.general/issues/6905).
+- keycloak_authentication - fix Keycloak authentication flow (step or sub-flow) indexing during update, if not specified by the user (https://github.com/ansible-collections/community.general/pull/6734).
+- locale_gen - now works for locales without the underscore character such as ``C.UTF-8`` (https://github.com/ansible-collections/community.general/pull/6774, https://github.com/ansible-collections/community.general/issues/5142, https://github.com/ansible-collections/community.general/issues/4305).
+- machinectl become plugin - mark plugin as ``require_tty`` to automatically disable pipelining, with which this plugin is not compatible (https://github.com/ansible-collections/community.general/issues/6932, https://github.com/ansible-collections/community.general/pull/6935).
+- nmcli - fix support for empty list (in compare and scrape) (https://github.com/ansible-collections/community.general/pull/6769).
+- openbsd_pkg - the pkg_info(1) behavior has changed in OpenBSD >7.3. The error message ``Can't find`` should not lead to an error case (https://github.com/ansible-collections/community.general/pull/6785).
+- pacman - module recognizes the output of ``yay`` running as ``root`` (https://github.com/ansible-collections/community.general/pull/6713).
+- proxmox - fix error when a configuration had no ``template`` field (https://github.com/ansible-collections/community.general/pull/6838, https://github.com/ansible-collections/community.general/issues/5372).
+- proxmox module utils - add logic to detect whether an old Promoxer complains about the ``token_name`` and ``token_value`` parameters and provide a better error message when that happens (https://github.com/ansible-collections/community.general/pull/6839, https://github.com/ansible-collections/community.general/issues/5371).
+- proxmox_disk - fix unable to create ``cdrom`` media due to ``size`` always being appended (https://github.com/ansible-collections/community.general/pull/6770).
+- proxmox_kvm - ``absent`` state with ``force`` specified failed to stop the VM due to the ``timeout`` value not being passed to ``stop_vm`` (https://github.com/ansible-collections/community.general/pull/6827).
+- proxmox_kvm - ``restarted`` state did not actually restart a VM in some VM configurations. The state now uses the Proxmox reboot endpoint instead of calling the ``stop_vm`` and ``start_vm`` functions (https://github.com/ansible-collections/community.general/pull/6773).
+- proxmox_template - require ``requests_toolbelt`` module to fix issue with uploading large templates (https://github.com/ansible-collections/community.general/issues/5579, https://github.com/ansible-collections/community.general/pull/6757).
+- redfish_info - fix ``ListUsers`` to not show empty account slots (https://github.com/ansible-collections/community.general/issues/6771, https://github.com/ansible-collections/community.general/pull/6772).
+- refish_utils module utils - changing variable names to avoid issues occuring when fetching Volumes data (https://github.com/ansible-collections/community.general/pull/6883).
+- snap - assume default track ``latest`` in parameter ``channel`` when not specified (https://github.com/ansible-collections/community.general/pull/6835, https://github.com/ansible-collections/community.general/issues/6821).
+- snap - fix the processing of the commands' output, stripping spaces and newlines from it (https://github.com/ansible-collections/community.general/pull/6826, https://github.com/ansible-collections/community.general/issues/6803).
+
+New Plugins
+-----------
+
+Lookup
+~~~~~~
+
+- community.general.bitwarden_secrets_manager - Retrieve secrets from Bitwarden Secrets Manager
+
+New Modules
+-----------
+
+- community.general.consul_policy - Manipulate Consul policies
+- community.general.keycloak_authz_permission - Allows administration of Keycloak client authorization permissions via Keycloak API
+- community.general.keycloak_authz_permission_info - Query Keycloak client authorization permissions information
+- community.general.proxmox_vm_info - Retrieve information about one or more Proxmox VE virtual machines
+
 v7.1.0
 ======

@@ -20,10 +492,9 @@ in its documentation. If you look at documentation with the ansible-doc CLI tool
 from ansible-core before 2.15, please note that it does not render the markup
 correctly. You should be still able to read it in most cases, but you need
 ansible-core 2.15 or later to see it as it is intended. Alternatively you can
-look at `the devel docsite <https://docs.ansible.com/ansible/devel/collections/community/general/>__`
+look at `the devel docsite <https://docs.ansible.com/ansible/devel/collections/community/general/>`__
 for the rendered HTML version of the documentation of the latest release.

-
 Minor Changes
 -------------

@@ -119,13 +590,13 @@ Known Issues
 New Modules
 -----------

- gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
- gitlab_merge_request - Create, update, or delete GitLab merge requests
- keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
- keycloak_user - Create and configure a user in Keycloak
- lvg_rename - Renames LVM volume groups
- proxmox_pool - Pool management for Proxmox VE cluster
- proxmox_pool_member - Add or delete members from Proxmox VE cluster pools
+- community.general.gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
+- community.general.gitlab_merge_request - Create, update, or delete GitLab merge requests
+- community.general.keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
+- community.general.keycloak_user - Create and configure a user in Keycloak
+- community.general.lvg_rename - Renames LVM volume groups
+- community.general.proxmox_pool - Pool management for Proxmox VE cluster
+- community.general.proxmox_pool_member - Add or delete members from Proxmox VE cluster pools

 v7.0.1
 ======
@@ -312,7 +783,7 @@ Deprecated Features
  we have not heard about anyone using them in those setups. Hence, these
  modules are deprecated, and will be removed in community.general 10.0.0
  in case there are no reports about being still useful, and potentially
-  noone that steps up to maintain them
+  no one that steps up to maintain them
  (https://github.com/ansible-collections/community.general/pull/6493).

 Removed Features (previously deprecated)
@@ -447,20 +918,20 @@ New Plugins
 Lookup
 ~~~~~~

- merge_variables - merge variables with a certain suffix
+- community.general.merge_variables - merge variables with a certain suffix

 New Modules
 -----------

- btrfs_info - Query btrfs filesystem info
- btrfs_subvolume - Manage btrfs subvolumes
- gitlab_project_badge - Manage project badges on GitLab Server
- ilo_redfish_command - Manages Out-Of-Band controllers using Redfish APIs
- ipbase_info - Retrieve IP geolocation and other facts of a host's IP address using the ipbase.com API
- kdeconfig - Manage KDE configuration files
- keycloak_authz_authorization_scope - Allows administration of Keycloak client authorization scopes via Keycloak API
- keycloak_clientscope_type - Set the type of aclientscope in realm or client via Keycloak API
- keycloak_clientsecret_info - Retrieve client secret via Keycloak API
- keycloak_clientsecret_regenerate - Regenerate Keycloak client secret via Keycloak API
- ocapi_command - Manages Out-Of-Band controllers using Open Composable API (OCAPI)
- ocapi_info - Manages Out-Of-Band controllers using Open Composable API (OCAPI)
+- community.general.btrfs_info - Query btrfs filesystem info
+- community.general.btrfs_subvolume - Manage btrfs subvolumes
+- community.general.gitlab_project_badge - Manage project badges on GitLab Server
+- community.general.ilo_redfish_command - Manages Out-Of-Band controllers using Redfish APIs
+- community.general.ipbase_info - Retrieve IP geolocation and other facts of a host's IP address using the ipbase.com API
+- community.general.kdeconfig - Manage KDE configuration files
+- community.general.keycloak_authz_authorization_scope - Allows administration of Keycloak client authorization scopes via Keycloak API
+- community.general.keycloak_clientscope_type - Set the type of aclientscope in realm or client via Keycloak API
+- community.general.keycloak_clientsecret_info - Retrieve client secret via Keycloak API
+- community.general.keycloak_clientsecret_regenerate - Regenerate Keycloak client secret via Keycloak API
+- community.general.ocapi_command - Manages Out-Of-Band controllers using Open Composable API (OCAPI)
+- community.general.ocapi_info - Manages Out-Of-Band controllers using Open Composable API (OCAPI)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,7 +31,9 @@ Also, consider taking up a valuable, reviewed, but abandoned pull request which
 * Try committing your changes with an informative but short commit message.
 * Do not squash your commits and force-push to your branch if not needed. Reviews of your pull request are much easier with individual commits to comprehend the pull request history. All commits of your pull request branch will be squashed into one commit by GitHub upon merge.
 * Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the repository checkout.
-* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/development_process.html#creating-changelog-fragments). (You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
+* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/collection_development_process.html#creating-a-changelog-fragment).
+  * You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. (If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
+  * Please always include a link to the pull request itself, and if the PR is about an issue, also a link to the issue. Also make sure the fragment ends with a period, and begins with a lower-case letter after `-`. (Again, if you don't do this, we'll add suggestions to fix it, so don't worry too much :) )
 * Avoid reformatting unrelated parts of the codebase in your PR. These types of changes will likely be requested for reversion, create additional work for reviewers, and may cause approval to be delayed.

 You can also read [our Quick-start development guide](https://github.com/ansible/community-docs/blob/main/create_pr_quick_start_guide.rst).
@@ -121,19 +123,3 @@ Creating new modules and plugins requires a bit more work than other Pull Reques
   listed as `maintainers` will be pinged for new issues and PRs that modify the module/plugin or its tests.

   When you add a new plugin/module, we expect that you perform maintainer duty for at least some time after contributing it.
-
-## pre-commit
-
-To help ensure high-quality contributions this repository includes a [pre-commit](https://pre-commit.com) configuration which
-corrects and tests against common issues that would otherwise cause CI to fail. To begin using these pre-commit hooks see
-the [Installation](#installation) section below.
-
-This is optional and not required to contribute to this repository.
-
-### Installation
-
-Follow the [instructions](https://pre-commit.com/#install) provided with pre-commit and run `pre-commit install` under the repository base. If for any reason you would like to disable the pre-commit hooks run `pre-commit uninstall`.
-
-This is optional to run it locally.
-
-You can trigger it locally with `pre-commit run --all-files` or even to run only for a given file `pre-commit run --files YOUR_FILE`.
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 [![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-7)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
 [![EOL CI](https://github.com/ansible-collections/community.general/workflows/EOL%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.general/actions)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
+[![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.general)](https://api.reuse.software/info/github.com/ansible-collections/community.general)

 This repository contains the `community.general` Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.

@@ -24,7 +25,7 @@ If you encounter abusive behavior violating the [Ansible Code of Conduct](https:

 ## Tested with Ansible

-Tested with the current ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14, ansible-core 2.15 releases and the current development version of ansible-core. Ansible-core versions before 2.11.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
+Tested with the current ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, and ansible-core 2.17 releases. Ansible-core versions before 2.11.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.

 Parts of this collection will not work with ansible-core 2.11 on Python 3.12+.

@@ -34,13 +35,13 @@ Some modules and plugins require external libraries. Please check the requiremen

 ## Included content

-Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/community/general) or the [documentation on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).
+Please check the included content on the [Ansible Galaxy page for this collection](https://galaxy.ansible.com/ui/repo/published/community/general/) or the [documentation on the Ansible docs site](https://docs.ansible.com/ansible/latest/collections/community/general/).

 ## Using this collection

 This collection is shipped with the Ansible package. So if you have it installed, no more action is required.

-If you have a minimal installation (only Ansible Core installed) or you want to use the latest version of the collection along with the whole Ansible package, you need to install the collection from [Ansible Galaxy](https://galaxy.ansible.com/community/general) manually with the `ansible-galaxy` command-line tool:
+If you have a minimal installation (only Ansible Core installed) or you want to use the latest version of the collection along with the whole Ansible package, you need to install the collection from [Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/community/general/) manually with the `ansible-galaxy` command-line tool:

    ansible-galaxy collection install community.general

@@ -57,7 +58,7 @@ Note that if you install the collection manually, it will not be upgraded automa
 ansible-galaxy collection install community.general --upgrade
 ```

-You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax where `X.Y.Z` can be any [available version](https://galaxy.ansible.com/community/general):
+You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax where `X.Y.Z` can be any [available version](https://galaxy.ansible.com/ui/repo/published/community/general/):

 ```bash
 ansible-galaxy collection install community.general:==X.Y.Z
@@ -117,7 +118,7 @@ See the [Releasing guidelines](https://github.com/ansible/community-docs/blob/ma

 ## Release notes

-See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-7/CHANGELOG.rst).
+See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-7/CHANGELOG.md).

 ## Roadmap

--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
--- a/changelogs/config.yaml
+++ b/changelogs/config.yaml
@@ -12,23 +12,31 @@ mention_ancestor: true
 flatmap: true
 new_plugins_after_name: removed_features
 notesdir: fragments
+output_formats:
+  - md
+  - rst
 prelude_section_name: release_summary
 prelude_section_title: Release Summary
 sections:
- - major_changes
-  - Major Changes
- - minor_changes
-  - Minor Changes
- - breaking_changes
-  - Breaking Changes / Porting Guide
- - deprecated_features
-  - Deprecated Features
- - removed_features
-  - Removed Features (previously deprecated)
- - security_fixes
-  - Security Fixes
- - bugfixes
-  - Bugfixes
- - known_issues
-  - Known Issues
+  - - major_changes
+    - Major Changes
+  - - minor_changes
+    - Minor Changes
+  - - breaking_changes
+    - Breaking Changes / Porting Guide
+  - - deprecated_features
+    - Deprecated Features
+  - - removed_features
+    - Removed Features (previously deprecated)
+  - - security_fixes
+    - Security Fixes
+  - - bugfixes
+    - Bugfixes
+  - - known_issues
+    - Known Issues
 title: Community General
+trivial_section_name: trivial
+use_fqcn: true
+add_plugin_period: true
+changelog_nice_yaml: true
+changelog_sort: version
--- a/docs/docsite/links.yml
+++ b/docs/docsite/links.yml
@@ -22,6 +22,7 @@ communication:
    - topic: General usage and support questions
      network: Libera
      channel: '#ansible'
-  mailing_lists:
-    - topic: Ansible Project List
-      url: https://groups.google.com/g/ansible-project
+  forums:
+    - topic: Ansible Forum
+      # The following URL directly points to the "Get Help" section
+      url: https://forum.ansible.com/c/help/6/none
--- a/docs/docsite/rst/filter_guide_abstract_informations_counting_elements_in_sequence.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_counting_elements_in_sequence.rst
@@ -6,7 +6,7 @@
 Counting elements in a sequence
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-The ``community.general.counter`` filter plugin allows you to count (hashable) elements in a sequence. Elements are returned as dictionary keys and their counts are stored as dictionary values.
+The :ansplugin:`community.general.counter filter plugin <community.general.counter#filter>` allows you to count (hashable) elements in a sequence. Elements are returned as dictionary keys and their counts are stored as dictionary values.

 .. code-block:: yaml+jinja

--- a/docs/docsite/rst/filter_guide_abstract_informations_dictionaries.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_dictionaries.rst
@@ -6,7 +6,7 @@
 Dictionaries
 ^^^^^^^^^^^^

-You can use the ``dict_kv`` filter to create a single-entry dictionary with ``value | community.general.dict_kv(key)``:
+You can use the :ansplugin:`community.general.dict_kv filter <community.general.dict_kv#filter>` to create a single-entry dictionary with ``value | community.general.dict_kv(key)``:

 .. code-block:: yaml+jinja

@@ -58,7 +58,7 @@ This produces:

 .. versionadded:: 2.0.0

-If you need to convert a list of key-value pairs to a dictionary, you can use the ``dict`` function. Unfortunately, this function cannot be used with ``map``. For this, the ``community.general.dict`` filter can be used:
+If you need to convert a list of key-value pairs to a dictionary, you can use the ``dict`` function. Unfortunately, this function cannot be used with ``map``. For this, the :ansplugin:`community.general.dict filter <community.general.dict#filter>` can be used:

 .. code-block:: yaml+jinja

--- a/docs/docsite/rst/filter_guide_abstract_informations_grouping.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_grouping.rst
@@ -6,7 +6,7 @@
 Grouping
 ^^^^^^^^

-If you have a list of dictionaries, the Jinja2 ``groupby`` filter allows to group the list by an attribute. This results in a list of ``(grouper, list)`` namedtuples, where ``list`` contains all dictionaries where the selected attribute equals ``grouper``. If you know that for every ``grouper``, there will be a most one entry in that list, you can use the ``community.general.groupby_as_dict`` filter to convert the original list into a dictionary which maps ``grouper`` to the corresponding dictionary.
+If you have a list of dictionaries, the Jinja2 ``groupby`` filter allows to group the list by an attribute. This results in a list of ``(grouper, list)`` namedtuples, where ``list`` contains all dictionaries where the selected attribute equals ``grouper``. If you know that for every ``grouper``, there will be a most one entry in that list, you can use the :ansplugin:`community.general.groupby_as_dict filter <community.general.groupby_as_dict#filter>` to convert the original list into a dictionary which maps ``grouper`` to the corresponding dictionary.

 One example is ``ansible_facts.mounts``, which is a list of dictionaries where each has one ``device`` element to indicate the device which is mounted. Therefore, ``ansible_facts.mounts | community.general.groupby_as_dict('device')`` is a dictionary mapping a device to the mount information:

--- a/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
@@ -6,7 +6,7 @@
 Merging lists of dictionaries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the ``lists_mergeby`` filter.
+If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby filter <community.general.lists_mergeby#filter>`.

 .. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin <ansible_collections.community.general.yaml_callback>`.

@@ -76,15 +76,15 @@ This produces the same result as in the previous example:
    name: meh


-The filter also accepts two optional parameters: ``recursive`` and ``list_merge``. These parameters are only supported when used with ansible-base 2.10 or ansible-core, but not with Ansible 2.9. This is available since community.general 4.4.0.
+The filter also accepts two optional parameters: :ansopt:`community.general.lists_mergeby#filter:recursive` and :ansopt:`community.general.lists_mergeby#filter:list_merge`. This is available since community.general 4.4.0.

 **recursive**
-    Is a boolean, default to ``False``. Should the ``community.general.lists_mergeby`` recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``.
+    Is a boolean, default to ``false``. Should the :ansplugin:`community.general.lists_mergeby#filter` filter recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``.

 **list_merge**
-    Is a string, its possible values are ``replace`` (default), ``keep``, ``append``, ``prepend``, ``append_rp`` or ``prepend_rp``. It modifies the behaviour of ``community.general.lists_mergeby`` when the hashes to merge contain arrays/lists.
+    Is a string, its possible values are :ansval:`replace` (default), :ansval:`keep`, :ansval:`append`, :ansval:`prepend`, :ansval:`append_rp` or :ansval:`prepend_rp`. It modifies the behaviour of :ansplugin:`community.general.lists_mergeby#filter` when the hashes to merge contain arrays/lists.

-The examples below set ``recursive=true`` and display the differences among all six options of ``list_merge``. Functionality of the parameters is exactly the same as in the filter ``combine``. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.
+The examples below set :ansopt:`community.general.lists_mergeby#filter:recursive=true` and display the differences among all six options of :ansopt:`community.general.lists_mergeby#filter:list_merge`. Functionality of the parameters is exactly the same as in the filter :ansplugin:`ansible.builtin.combine#filter`. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.

 Let us use the lists below in the following examples

@@ -110,7 +110,7 @@ Let us use the lists below in the following examples
    - name: myname02
      param01: [3, 4, 4, {key: value}]

-Example ``list_merge=replace`` (default):
+Example :ansopt:`community.general.lists_mergeby#filter:list_merge=replace` (default):

 .. code-block:: yaml+jinja

@@ -137,7 +137,7 @@ This produces:
    - 4
    - key: value

-Example ``list_merge=keep``:
+Example :ansopt:`community.general.lists_mergeby#filter:list_merge=keep`:

 .. code-block:: yaml+jinja

@@ -165,7 +165,7 @@ This produces:
    - 2
    - 3

-Example ``list_merge=append``:
+Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append`:

 .. code-block:: yaml+jinja

@@ -198,7 +198,7 @@ This produces:
    - 4
    - key: value

-Example ``list_merge=prepend``:
+Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend`:

 .. code-block:: yaml+jinja

@@ -231,7 +231,7 @@ This produces:
    - 2
    - 3

-Example ``list_merge=append_rp``:
+Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append_rp`:

 .. code-block:: yaml+jinja

@@ -263,7 +263,7 @@ This produces:
    - 4
    - key: value

-Example ``list_merge=prepend_rp``:
+Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend_rp`:

 .. code-block:: yaml+jinja

--- a/docs/docsite/rst/filter_guide_conversions.rst
+++ b/docs/docsite/rst/filter_guide_conversions.rst
@@ -9,7 +9,7 @@ Conversions
 Parsing CSV files
 ^^^^^^^^^^^^^^^^^

-Ansible offers the :ref:`community.general.read_csv module <ansible_collections.community.general.read_csv_module>` to read CSV files. Sometimes you need to convert strings to CSV files instead. For this, the ``from_csv`` filter exists.
+Ansible offers the :ansplugin:`community.general.read_csv module <community.general.read_csv#module>` to read CSV files. Sometimes you need to convert strings to CSV files instead. For this, the :ansplugin:`community.general.from_csv filter <community.general.from_csv#filter>` exists.

 .. code-block:: yaml+jinja

@@ -42,7 +42,7 @@ This produces:
        ]
    }

-The ``from_csv`` filter has several keyword arguments to control its behavior:
+The :ansplugin:`community.general.from_csv filter <community.general.from_csv#filter>` has several keyword arguments to control its behavior:

 :dialect: Dialect of the CSV file. Default is ``excel``. Other possible choices are ``excel-tab`` and ``unix``. If one of ``delimiter``, ``skipinitialspace`` or ``strict`` is specified, ``dialect`` is ignored.
 :fieldnames: A set of column names to use. If not provided, the first line of the CSV is assumed to contain the column names.
@@ -55,7 +55,7 @@ The ``from_csv`` filter has several keyword arguments to control its behavior:
 Converting to JSON
 ^^^^^^^^^^^^^^^^^^

-`JC <https://pypi.org/project/jc/>`_ is a CLI tool and Python library which allows to interpret output of various CLI programs as JSON. It is also available as a filter in community.general. This filter needs the `jc Python library <https://pypi.org/project/jc/>`_ installed on the controller.
+`JC <https://pypi.org/project/jc/>`_ is a CLI tool and Python library which allows to interpret output of various CLI programs as JSON. It is also available as a filter in community.general, called :ansplugin:`community.general.jc#filter`. This filter needs the `jc Python library <https://pypi.org/project/jc/>`_ installed on the controller.

 .. code-block:: yaml+jinja

--- a/docs/docsite/rst/filter_guide_creating_identifiers.rst
+++ b/docs/docsite/rst/filter_guide_creating_identifiers.rst
@@ -11,7 +11,7 @@ The following filters allow to create identifiers.
 Hashids
 ^^^^^^^

-`Hashids <https://hashids.org/>`_ allow to convert sequences of integers to short unique string identifiers. This filter needs the `hashids Python library <https://pypi.org/project/hashids/>`_ installed on the controller.
+`Hashids <https://hashids.org/>`_ allow to convert sequences of integers to short unique string identifiers. The :ansplugin:`community.general.hashids_encode#filter` and :ansplugin:`community.general.hashids_decode#filter` filters need the `hashids Python library <https://pypi.org/project/hashids/>`_ installed on the controller.

 .. code-block:: yaml+jinja

@@ -52,7 +52,7 @@ The hashids filters accept keyword arguments to allow fine-tuning the hashids ge
 Random MACs
 ^^^^^^^^^^^

-You can use the ``random_mac`` filter to complete a partial `MAC address <https://en.wikipedia.org/wiki/MAC_address>`_ to a random 6-byte MAC address.
+You can use the :ansplugin:`community.general.random_mac filter <community.general.random_mac#filter>` to complete a partial `MAC address <https://en.wikipedia.org/wiki/MAC_address>`_ to a random 6-byte MAC address.

 .. code-block:: yaml+jinja

--- a/docs/docsite/rst/filter_guide_paths.rst
+++ b/docs/docsite/rst/filter_guide_paths.rst
@@ -6,14 +6,4 @@
 Paths
 -----

-The ``path_join`` filter has been added in ansible-base 2.10. If you want to use this filter, but also need to support Ansible 2.9, you can use ``community.general``'s ``path_join`` shim, ``community.general.path_join``. This filter redirects to ``path_join`` for ansible-base 2.10 and ansible-core 2.11 or newer, and re-implements the filter for Ansible 2.9.
-
-.. code-block:: yaml+jinja
-
-    # ansible-base 2.10 or newer:
-    path: {{ ('/etc', path, 'subdir', file) | path_join }}
-
-    # Also works with Ansible 2.9:
-    path: {{ ('/etc', path, 'subdir', file) | community.general.path_join }}
-
-.. versionadded:: 3.0.0
+The :ansplugin:`ansible.builtin.path_join filter <ansible.builtin.path_join#filter>` has been added in ansible-base 2.10. Community.general 3.0.0 and newer contains an alias ``community.general.path_join`` for this filter that could be used on Ansible 2.9 as well. Since community.general no longer supports Ansible 2.9, this is now a simple redirect to :ansplugin:`ansible.builtin.path_join filter <ansible.builtin.path_join#filter>`.
--- a/docs/docsite/rst/filter_guide_selecting_json_data.rst
+++ b/docs/docsite/rst/filter_guide_selecting_json_data.rst
@@ -8,7 +8,7 @@
 Selecting JSON data: JSON queries
 ---------------------------------

-To select a single element or a data subset from a complex data structure in JSON format (for example, Ansible facts), use the ``json_query`` filter.  The ``json_query`` filter lets you query a complex JSON structure and iterate over it using a loop structure.
+To select a single element or a data subset from a complex data structure in JSON format (for example, Ansible facts), use the :ansplugin:`community.general.json_query filter <community.general.json_query#filter>`.  The :ansplugin:`community.general.json_query#filter` filter lets you query a complex JSON structure and iterate over it using a loop structure.

 .. note:: You must manually install the **jmespath** dependency on the Ansible controller before using this filter. This filter is built upon **jmespath**, and you can use the same syntax. For examples, see `jmespath examples <http://jmespath.org/examples.html>`_.

@@ -146,4 +146,4 @@ To extract ports from all clusters with name containing 'server1':
      vars:
        server_name_query: "domain.server[?contains(name,'server1')].port"

-.. note:: while using ``starts_with`` and ``contains``, you have to use `` to_json | from_json `` filter for correct parsing of data structure.
+.. note:: while using ``starts_with`` and ``contains``, you have to use ``to_json | from_json`` filter for correct parsing of data structure.
--- a/docs/docsite/rst/filter_guide_working_with_times.rst
+++ b/docs/docsite/rst/filter_guide_working_with_times.rst
@@ -6,9 +6,9 @@
 Working with times
 ------------------

-The ``to_time_unit`` filter allows to convert times from a human-readable string to a unit. For example, ``'4h 30min 12second' | community.general.to_time_unit('hour')`` gives the number of hours that correspond to 4 hours, 30 minutes and 12 seconds.
+The :ansplugin:`community.general.to_time_unit filter <community.general.to_time_unit#filter>` allows to convert times from a human-readable string to a unit. For example, ``'4h 30min 12second' | community.general.to_time_unit('hour')`` gives the number of hours that correspond to 4 hours, 30 minutes and 12 seconds.

-There are shorthands to directly convert to various units, like ``to_hours``, ``to_minutes``, ``to_seconds``, and so on. The following table lists all units that can be used:
+There are shorthands to directly convert to various units, like :ansplugin:`community.general.to_hours#filter`, :ansplugin:`community.general.to_minutes#filter`, :ansplugin:`community.general.to_seconds#filter`, and so on. The following table lists all units that can be used:

 .. list-table:: Units
   :widths: 25 25 25 25
@@ -21,37 +21,37 @@ There are shorthands to directly convert to various units, like ``to_hours``, ``
   * - Millisecond
     - 1/1000 second
     - ``ms``, ``millisecond``, ``milliseconds``, ``msec``, ``msecs``, ``msecond``, ``mseconds``
-     - ``to_milliseconds``
+     - :ansplugin:`community.general.to_milliseconds#filter`
   * - Second
     - 1 second
     - ``s``, ``sec``, ``secs``, ``second``, ``seconds``
-     - ``to_seconds``
+     - :ansplugin:`community.general.to_seconds#filter`
   * - Minute
     - 60 seconds
     - ``m``, ``min``, ``mins``, ``minute``, ``minutes``
-     - ``to_minutes``
+     - :ansplugin:`community.general.to_minutes#filter`
   * - Hour
     - 60*60 seconds
     - ``h``, ``hour``, ``hours``
-     - ``to_hours``
+     - :ansplugin:`community.general.to_hours#filter`
   * - Day
     - 24*60*60 seconds
     - ``d``, ``day``, ``days``
-     - ``to_days``
+     - :ansplugin:`community.general.to_days#filter`
   * - Week
     - 7*24*60*60 seconds
     - ``w``, ``week``, ``weeks``
-     - ``to_weeks``
+     - :ansplugin:`community.general.to_weeks#filter`
   * - Month
     - 30*24*60*60 seconds
     - ``mo``, ``month``, ``months``
-     - ``to_months``
+     - :ansplugin:`community.general.to_months#filter`
   * - Year
     - 365*24*60*60 seconds
     - ``y``, ``year``, ``years``
-     - ``to_years``
+     - :ansplugin:`community.general.to_years#filter`

-Note that months and years are using a simplified representation: a month is 30 days, and a year is 365 days. If you need different definitions of months or years, you can pass them as keyword arguments. For example, if you want a year to be 365.25 days, and a month to be 30.5 days, you can write ``'11months 4' | community.general.to_years(year=365.25, month=30.5)``. These keyword arguments can be specified to ``to_time_unit`` and to all shorthand filters.
+Note that months and years are using a simplified representation: a month is 30 days, and a year is 365 days. If you need different definitions of months or years, you can pass them as keyword arguments. For example, if you want a year to be 365.25 days, and a month to be 30.5 days, you can write ``'11months 4' | community.general.to_years(year=365.25, month=30.5)``. These keyword arguments can be specified to :ansplugin:`community.general.to_time_unit#filter` and to all shorthand filters.

 .. code-block:: yaml+jinja

--- a/docs/docsite/rst/filter_guide_working_with_unicode.rst
+++ b/docs/docsite/rst/filter_guide_working_with_unicode.rst
@@ -6,9 +6,9 @@
 Working with Unicode
 ---------------------

-`Unicode <https://unicode.org/main.html>`_ makes it possible to produce two strings which may be visually equivalent, but are comprised of distinctly different characters/character sequences. To address this ``Unicode`` defines `normalization forms <https://unicode.org/reports/tr15/>`_ which avoid these distinctions by choosing a unique character sequence for a given visual representation.
+`Unicode <https://unicode.org/main.html>`_ makes it possible to produce two strings which may be visually equivalent, but are comprised of distinctly different characters/character sequences. To address this Unicode defines `normalization forms <https://unicode.org/reports/tr15/>`_ which avoid these distinctions by choosing a unique character sequence for a given visual representation.

-You can use the ``community.general.unicode_normalize`` filter to normalize ``Unicode`` strings within your playbooks.
+You can use the :ansplugin:`community.general.unicode_normalize filter <community.general.unicode_normalize#filter>` to normalize Unicode strings within your playbooks.

 .. code-block:: yaml+jinja

@@ -28,7 +28,7 @@ This produces:
        "msg": true
    }

-The ``community.general.unicode_normalize`` filter accepts a keyword argument to select the ``Unicode`` form used to normalize the input string.
+The :ansplugin:`community.general.unicode_normalize filter <community.general.unicode_normalize#filter>` accepts a keyword argument :ansopt:`community.general.unicode_normalize#filter:form` to select the Unicode form used to normalize the input string.

 :form: One of ``'NFC'`` (default), ``'NFD'``, ``'NFKC'``, or ``'NFKD'``. See the `Unicode reference <https://unicode.org/reports/tr15/>`_ for more information.

--- a/docs/docsite/rst/filter_guide_working_with_versions.rst
+++ b/docs/docsite/rst/filter_guide_working_with_versions.rst
@@ -6,7 +6,7 @@
 Working with versions
 ---------------------

-If you need to sort a list of version numbers, the Jinja ``sort`` filter is problematic. Since it sorts lexicographically, ``2.10`` will come before ``2.9``. To treat version numbers correctly, you can use the ``version_sort`` filter:
+If you need to sort a list of version numbers, the Jinja ``sort`` filter is problematic. Since it sorts lexicographically, ``2.10`` will come before ``2.9``. To treat version numbers correctly, you can use the :ansplugin:`community.general.version_sort filter <community.general.version_sort#filter>`:

 .. code-block:: yaml+jinja

--- a/docs/docsite/rst/test_guide.rst
+++ b/docs/docsite/rst/test_guide.rst
@@ -15,7 +15,7 @@ The :ref:`community.general collection <plugins_in_community.general>` offers cu
 Feature Tests
 -------------

-The ``a_module`` test allows to check whether a given string refers to an existing module or action plugin. This can be useful in roles, which can use this to ensure that required modules are present ahead of time.
+The :ansplugin:`community.general.a_module test <community.general.a_module#test>` allows to check whether a given string refers to an existing module or action plugin. This can be useful in roles, which can use this to ensure that required modules are present ahead of time.

 .. code-block:: yaml+jinja

--- a/galaxy.yml
+++ b/galaxy.yml
@@ -5,7 +5,7 @@

 namespace: community
 name: general
-version: 7.1.0
+version: 7.5.9
 readme: README.md
 authors:
  - Ansible (https://github.com/ansible)
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@@ -150,6 +150,12 @@ plugin_routing:
        warning_text: You are using an internal name to access the community.general.airbrake_deployment
          modules. This has never been supported or documented, and will stop working
          in community.general 9.0.0.
+    stackdriver:
+      deprecation:
+        removal_version: 9.0.0
+        warning_text: >
+          This module relies on HTTPS APIs that do not exist anymore, and any new development in the
+          direction of providing an alternative should happen in the context of the google.cloud collection.
    system.aix_devices:
      redirect: community.general.aix_devices
      deprecation:
@@ -798,6 +804,10 @@ plugin_routing:
        warning_text: You are using an internal name to access the community.general.flatpak_remote
          modules. This has never been supported or documented, and will stop working
          in community.general 9.0.0.
+    flowdock:
+      deprecation:
+        removal_version: 9.0.0
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
    notification.flowdock:
      redirect: community.general.flowdock
      deprecation:
@@ -4433,6 +4443,10 @@ plugin_routing:
        warning_text: You are using an internal name to access the community.general.wdc_redfish_info
          modules. This has never been supported or documented, and will stop working
          in community.general 9.0.0.
+    webfaction_app:
+      deprecation:
+        removal_version: 9.0.0
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
    cloud.webfaction.webfaction_app:
      redirect: community.general.webfaction_app
      deprecation:
@@ -4440,6 +4454,10 @@ plugin_routing:
        warning_text: You are using an internal name to access the community.general.webfaction_app
          modules. This has never been supported or documented, and will stop working
          in community.general 9.0.0.
+    webfaction_db:
+      deprecation:
+        removal_version: 9.0.0
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
    cloud.webfaction.webfaction_db:
      redirect: community.general.webfaction_db
      deprecation:
@@ -4447,6 +4465,10 @@ plugin_routing:
        warning_text: You are using an internal name to access the community.general.webfaction_db
          modules. This has never been supported or documented, and will stop working
          in community.general 9.0.0.
+    webfaction_domain:
+      deprecation:
+        removal_version: 9.0.0
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
    cloud.webfaction.webfaction_domain:
      redirect: community.general.webfaction_domain
      deprecation:
@@ -4454,6 +4476,10 @@ plugin_routing:
        warning_text: You are using an internal name to access the community.general.webfaction_domain
          modules. This has never been supported or documented, and will stop working
          in community.general 9.0.0.
+    webfaction_mailbox:
+      deprecation:
+        removal_version: 9.0.0
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
    cloud.webfaction.webfaction_mailbox:
      redirect: community.general.webfaction_mailbox
      deprecation:
@@ -4461,6 +4487,10 @@ plugin_routing:
        warning_text: You are using an internal name to access the community.general.webfaction_mailbox
          modules. This has never been supported or documented, and will stop working
          in community.general 9.0.0.
+    webfaction_site:
+      deprecation:
+        removal_version: 9.0.0
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
    cloud.webfaction.webfaction_site:
      redirect: community.general.webfaction_site
      deprecation:
--- a/plugins/action/iptables_state.py
+++ b/plugins/action/iptables_state.py
@@ -44,7 +44,7 @@ class ActionModule(ActionBase):

    def _async_result(self, async_status_args, task_vars, timeout):
        '''
-        Retrieve results of the asynchonous task, and display them in place of
+        Retrieve results of the asynchronous task, and display them in place of
        the async wrapper results (those with the ansible_job_id key).
        '''
        async_status = self._task.copy()
--- a/plugins/action/shutdown.py
+++ b/plugins/action/shutdown.py
@@ -45,7 +45,7 @@ class ActionModule(ActionBase):
    SHUTDOWN_COMMAND_ARGS = {
        'alpine': '',
        'void': '-h +{delay_min} "{message}"',
-        'freebsd': '-h +{delay_sec}s "{message}"',
+        'freebsd': '-p +{delay_sec}s "{message}"',
        'linux': DEFAULT_SHUTDOWN_COMMAND_ARGS,
        'macosx': '-h +{delay_min} "{message}"',
        'openbsd': '-h +{delay_min} "{message}"',
--- a/plugins/become/machinectl.py
+++ b/plugins/become/machinectl.py
@@ -102,6 +102,7 @@ class BecomeModule(BecomeBase):
    prompt = 'Password: '
    fail = ('==== AUTHENTICATION FAILED ====',)
    success = ('==== AUTHENTICATION COMPLETE ====',)
+    require_tty = True  # see https://github.com/ansible-collections/community.general/issues/6932

    @staticmethod
    def remove_ansi_codes(line):
--- a/plugins/cache/redis.py
+++ b/plugins/cache/redis.py
@@ -150,7 +150,7 @@ class CacheModule(BaseCacheModule):
        # format: "localhost:26379;localhost2:26379;0:changeme"
        connections = uri.split(';')
        connection_args = connections.pop(-1)
-        if len(connection_args) > 0:  # hanle if no db nr is given
+        if len(connection_args) > 0:  # handle if no db nr is given
            connection_args = connection_args.split(':')
            kw['db'] = connection_args.pop(0)
            try:
--- a/plugins/callback/elastic.py
+++ b/plugins/callback/elastic.py
@@ -84,6 +84,7 @@ import time
 import uuid

 from collections import OrderedDict
+from contextlib import closing
 from os.path import basename

 from ansible.errors import AnsibleError, AnsibleRuntimeError
@@ -201,24 +202,25 @@ class ElasticSource(object):

        apm_cli = self.init_apm_client(apm_server_url, apm_service_name, apm_verify_server_cert, apm_secret_token, apm_api_key)
        if apm_cli:
-            instrument()  # Only call this once, as early as possible.
-            if traceparent:
-                parent = trace_parent_from_string(traceparent)
-                apm_cli.begin_transaction("Session", trace_parent=parent, start=parent_start_time)
-            else:
-                apm_cli.begin_transaction("Session", start=parent_start_time)
-            # Populate trace metadata attributes
-            if self.ansible_version is not None:
-                label(ansible_version=self.ansible_version)
-            label(ansible_session=self.session, ansible_host_name=self.host, ansible_host_user=self.user)
-            if self.ip_address is not None:
-                label(ansible_host_ip=self.ip_address)
+            with closing(apm_cli):
+                instrument()  # Only call this once, as early as possible.
+                if traceparent:
+                    parent = trace_parent_from_string(traceparent)
+                    apm_cli.begin_transaction("Session", trace_parent=parent, start=parent_start_time)
+                else:
+                    apm_cli.begin_transaction("Session", start=parent_start_time)
+                # Populate trace metadata attributes
+                if self.ansible_version is not None:
+                    label(ansible_version=self.ansible_version)
+                label(ansible_session=self.session, ansible_host_name=self.host, ansible_host_user=self.user)
+                if self.ip_address is not None:
+                    label(ansible_host_ip=self.ip_address)

-            for task_data in tasks:
-                for host_uuid, host_data in task_data.host_data.items():
-                    self.create_span_data(apm_cli, task_data, host_data)
+                for task_data in tasks:
+                    for host_uuid, host_data in task_data.host_data.items():
+                        self.create_span_data(apm_cli, task_data, host_data)

-            apm_cli.end_transaction(name=__name__, result=status, duration=end_time - parent_start_time)
+                apm_cli.end_transaction(name=__name__, result=status, duration=end_time - parent_start_time)

    def create_span_data(self, apm_cli, task_data, host_data):
        """ create the span with the given TaskData and HostData """
--- a/plugins/callback/logentries.py
+++ b/plugins/callback/logentries.py
@@ -18,7 +18,7 @@ DOCUMENTATION = '''
    requirements:
      - whitelisting in configuration
      - certifi (Python library)
-      - flatdict (Python library), if you want to use the 'flatten' option
+      - flatdict (Python library), if you want to use the O(flatten) option
    options:
      api:
        description: URI to the Logentries API.
@@ -90,9 +90,9 @@ examples: >
    api = data.logentries.com
    port = 10000
    tls_port = 20000
-    use_tls = no
+    use_tls = true
    token = dd21fc88-f00a-43ff-b977-e3a4233c53af
-    flatten = False
+    flatten = false
 '''

 import os
@@ -196,15 +196,11 @@ else:
    class TLSSocketAppender(PlainTextSocketAppender):
        def open_connection(self):
            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            sock = ssl.wrap_socket(
+            context = ssl.create_default_context(
+                purpose=ssl.Purpose.SERVER_AUTH,
+                cafile=certifi.where(), )
+            sock = context.wrap_socket(
                sock=sock,
-                keyfile=None,
-                certfile=None,
-                server_side=False,
-                cert_reqs=ssl.CERT_REQUIRED,
-                ssl_version=getattr(
-                    ssl, 'PROTOCOL_TLSv1_2', ssl.PROTOCOL_TLSv1),
-                ca_certs=certifi.where(),
                do_handshake_on_connect=True,
                suppress_ragged_eofs=True, )
            sock.connect((self.LE_API, self.LE_TLS_PORT))
--- a/plugins/callback/nrdp.py
+++ b/plugins/callback/nrdp.py
@@ -14,7 +14,7 @@ DOCUMENTATION = '''
    short_description: Post task results to a Nagios server through nrdp
    description:
        - This callback send playbook result to Nagios.
-        - Nagios shall use NRDP to recive passive events.
+        - Nagios shall use NRDP to receive passive events.
        - The passive check is sent to a dedicated host/service for Ansible.
    options:
        url:
--- a/plugins/callback/null.py
+++ b/plugins/callback/null.py
@@ -15,7 +15,7 @@ DOCUMENTATION = '''
      - set as main display callback
    short_description: Don't display stuff to screen
    description:
-        - This callback prevents outputing events to screen.
+        - This callback prevents outputting events to screen.
 '''

 from ansible.plugins.callback import CallbackBase
@@ -24,7 +24,7 @@ from ansible.plugins.callback import CallbackBase
 class CallbackModule(CallbackBase):

    '''
-    This callback wont print messages to stdout when new callback events are received.
+    This callback won't print messages to stdout when new callback events are received.
    '''

    CALLBACK_VERSION = 2.0
--- a/plugins/callback/opentelemetry.py
+++ b/plugins/callback/opentelemetry.py
@@ -350,7 +350,8 @@ class OpenTelemetrySource(object):
        if not disable_logs:
            # This will avoid populating span attributes to the logs
            span.add_event(task_data.dump, attributes={} if disable_attributes_in_logs else attributes)
-            span.end(end_time=host_data.finish)
+        # Close span always
+        span.end(end_time=host_data.finish)

    def set_span_attributes(self, span, attributes):
        """ update the span attributes with the given attributes if not None """
@@ -497,6 +498,12 @@ class CallbackModule(CallbackBase):
        # See https://github.com/open-telemetry/opentelemetry-specification/issues/740
        self.traceparent = self.get_option('traceparent')

+    def dump_results(self, result):
+        """ dump the results if disable_logs is not enabled """
+        if self.disable_logs:
+            return ""
+        return self._dump_results(result._result)
+
    def v2_playbook_on_start(self, playbook):
        self.ansible_playbook = basename(playbook._file_name)

@@ -546,7 +553,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            status,
            result,
-            self._dump_results(result._result)
+            self.dump_results(result)
        )

    def v2_runner_on_ok(self, result):
@@ -554,7 +561,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            'ok',
            result,
-            self._dump_results(result._result)
+            self.dump_results(result)
        )

    def v2_runner_on_skipped(self, result):
@@ -562,7 +569,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            'skipped',
            result,
-            self._dump_results(result._result)
+            self.dump_results(result)
        )

    def v2_playbook_on_include(self, included_file):
--- a/plugins/callback/selective.py
+++ b/plugins/callback/selective.py
@@ -115,8 +115,8 @@ class CallbackModule(CallbackBase):
            line_length = 120
            if self.last_skipped:
                print()
-            msg = colorize("# {0} {1}".format(task_name,
-                                              '*' * (line_length - len(task_name))), 'bold')
+            line = "# {0} ".format(task_name)
+            msg = colorize("{0}{1}".format(line, '*' * (line_length - len(line))), 'bold')
            print(msg)

    def _indent_text(self, text, indent_level):
--- a/plugins/callback/unixy.py
+++ b/plugins/callback/unixy.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright (c) 2017, Allyson Bowles <@akatch>
+# Copyright (c) 2023, Al Bowles <@akatch>
 # Copyright (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
@@ -11,7 +11,7 @@ __metaclass__ = type
 DOCUMENTATION = '''
    name: unixy
    type: stdout
-    author: Allyson Bowles (@akatch)
+    author: Al Bowles (@akatch)
    short_description: condensed Ansible output
    description:
      - Consolidated Ansible output in the style of LINUX/UNIX startup logs.
@@ -40,7 +40,6 @@ class CallbackModule(CallbackModule_default):
    - Only display task names if the task runs on at least one host
    - Add option to display all hostnames on a single line in the appropriate result color (failures may have a separate line)
    - Consolidate stats display
-    - Display whether run is in --check mode
    - Don't show play name if no hosts found
    '''

@@ -92,19 +91,31 @@ class CallbackModule(CallbackModule_default):
    def v2_playbook_on_task_start(self, task, is_conditional):
        self._get_task_display_name(task)
        if self.task_display_name is not None:
-            self._display.display("%s..." % self.task_display_name)
+            if task.check_mode and self.get_option('check_mode_markers'):
+                self._display.display("%s (check mode)..." % self.task_display_name)
+            else:
+                self._display.display("%s..." % self.task_display_name)

    def v2_playbook_on_handler_task_start(self, task):
        self._get_task_display_name(task)
        if self.task_display_name is not None:
-            self._display.display("%s (via handler)... " % self.task_display_name)
+            if task.check_mode and self.get_option('check_mode_markers'):
+                self._display.display("%s (via handler in check mode)... " % self.task_display_name)
+            else:
+                self._display.display("%s (via handler)... " % self.task_display_name)

    def v2_playbook_on_play_start(self, play):
        name = play.get_name().strip()
-        if name and play.hosts:
-            msg = u"\n- %s on hosts: %s -" % (name, ",".join(play.hosts))
+        if play.check_mode and self.get_option('check_mode_markers'):
+            if name and play.hosts:
+                msg = u"\n- %s (in check mode) on hosts: %s -" % (name, ",".join(play.hosts))
+            else:
+                msg = u"- check mode -"
        else:
-            msg = u"---"
+            if name and play.hosts:
+                msg = u"\n- %s on hosts: %s -" % (name, ",".join(play.hosts))
+            else:
+                msg = u"---"

        self._display.display(msg)

@@ -227,8 +238,10 @@ class CallbackModule(CallbackModule_default):
        self._display.display("  Ran out of hosts!", color=C.COLOR_ERROR)

    def v2_playbook_on_start(self, playbook):
-        # TODO display whether this run is happening in check mode
-        self._display.display("Executing playbook %s" % basename(playbook._file_name))
+        if context.CLIARGS['check'] and self.get_option('check_mode_markers'):
+            self._display.display("Executing playbook %s in check mode" % basename(playbook._file_name))
+        else:
+            self._display.display("Executing playbook %s" % basename(playbook._file_name))

        # show CLI arguments
        if self._display.verbosity > 3:
--- a/plugins/callback/yaml.py
+++ b/plugins/callback/yaml.py
@@ -19,6 +19,16 @@ DOCUMENTATION = '''
      - default_callback
    requirements:
      - set as stdout in configuration
+    seealso:
+      - plugin: ansible.builtin.default
+        plugin_type: callback
+        description: >
+          There is a parameter O(ansible.builtin.default#callback:result_format) in P(ansible.builtin.default#callback)
+          that allows you to change the output format to YAML.
+    notes:
+      - >
+        With ansible-core 2.13 or newer, you can instead specify V(yaml) for the parameter O(ansible.builtin.default#callback:result_format)
+        in P(ansible.builtin.default#callback).
 '''

 import yaml
--- a/plugins/connection/chroot.py
+++ b/plugins/connection/chroot.py
@@ -46,8 +46,42 @@ DOCUMENTATION = '''
        vars:
          - name: ansible_chroot_exe
        default: chroot
+      disable_root_check:
+        description:
+            - Do not check that the user is not root.
+        ini:
+          - section: chroot_connection
+            key: disable_root_check
+        env:
+          - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
+        vars:
+          - name: ansible_chroot_disable_root_check
+        default: false
+        type: bool
+        version_added: 7.3.0
 '''

+EXAMPLES = r"""
+# Plugin requires root privileges for chroot, -E preserves your env (and location of ~/.ansible):
+# sudo -E ansible-playbook ...
+#
+# Static inventory file
+# [chroots]
+# /path/to/debootstrap
+# /path/to/feboostrap
+# /path/to/lxc-image
+# /path/to/chroot
+
+# playbook
+---
+- hosts: chroots
+  connection: community.general.chroot
+  tasks:
+    - debug:
+        msg: "This is coming from chroot environment"
+
+"""
+
 import os
 import os.path
 import subprocess
@@ -81,11 +115,7 @@ class Connection(ConnectionBase):

        self.chroot = self._play_context.remote_addr

-        if os.geteuid() != 0:
-            raise AnsibleError("chroot connection requires running as root")
-
-        # we're running as root on the local system so do some
-        # trivial checks for ensuring 'host' is actually a chroot'able dir
+        # do some trivial checks for ensuring 'host' is actually a chroot'able dir
        if not os.path.isdir(self.chroot):
            raise AnsibleError("%s is not a directory" % self.chroot)

@@ -99,6 +129,11 @@ class Connection(ConnectionBase):

    def _connect(self):
        """ connect to the chroot """
+        if not self.get_option('disable_root_check') and os.geteuid() != 0:
+            raise AnsibleError(
+                "chroot connection requires running as root. "
+                "You can override this check with the `disable_root_check` option.")
+
        if os.path.isabs(self.get_option('chroot_exe')):
            self.chroot_cmd = self.get_option('chroot_exe')
        else:
--- a/plugins/connection/funcd.py
+++ b/plugins/connection/funcd.py
@@ -70,7 +70,7 @@ class Connection(ConnectionBase):
        if in_data:
            raise AnsibleError("Internal Error: this module does not support optimized module pipelining")

-        # totally ignores privlege escalation
+        # totally ignores privilege escalation
        display.vvv("EXEC %s" % cmd, host=self.host)
        p = self.client.command.run(cmd)[self.host]
        return p[0], p[1], p[2]
--- a/plugins/connection/lxc.py
+++ b/plugins/connection/lxc.py
@@ -19,6 +19,7 @@ DOCUMENTATION = '''
            - Container identifier
        default: inventory_hostname
        vars:
+            - name: inventory_hostname
            - name: ansible_host
            - name: ansible_lxc_host
      executable:
@@ -59,7 +60,7 @@ class Connection(ConnectionBase):
    def __init__(self, play_context, new_stdin, *args, **kwargs):
        super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)

-        self.container_name = self._play_context.remote_addr
+        self.container_name = None
        self.container = None

    def _connect(self):
@@ -67,12 +68,14 @@ class Connection(ConnectionBase):
        super(Connection, self)._connect()

        if not HAS_LIBLXC:
-            msg = "lxc bindings for python2 are not installed"
+            msg = "lxc python bindings are not installed"
            raise errors.AnsibleError(msg)

        if self.container:
            return

+        self.container_name = self.get_option('remote_addr')
+
        self._display.vvv("THIS IS A LOCAL LXC DIR", host=self.container_name)
        self.container = _lxc.Container(self.container_name)
        if self.container.state == "STOPPED":
@@ -117,7 +120,7 @@ class Connection(ConnectionBase):
        super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)

        # python2-lxc needs bytes. python3-lxc needs text.
-        executable = to_native(self._play_context.executable, errors='surrogate_or_strict')
+        executable = to_native(self.get_option('executable'), errors='surrogate_or_strict')
        local_cmd = [executable, '-c', to_native(cmd, errors='surrogate_or_strict')]

        read_stdout, write_stdout = None, None
--- a/plugins/connection/lxd.py
+++ b/plugins/connection/lxd.py
@@ -10,9 +10,9 @@ __metaclass__ = type
 DOCUMENTATION = '''
    author: Matt Clay (@mattclay) <matt@mystile.com>
    name: lxd
-    short_description: Run tasks in lxc containers via lxc CLI
+    short_description: Run tasks in LXD instances via C(lxc) CLI
    description:
-        - Run commands or put/fetch files to an existing lxc container using lxc CLI
+        - Run commands or put/fetch files to an existing instance using C(lxc) CLI.
    options:
      remote_addr:
        description:
@@ -24,7 +24,7 @@ DOCUMENTATION = '''
            - name: ansible_lxd_host
      executable:
        description:
-            - shell to use for execution inside container
+            - Shell to use for execution inside instance.
        default: /bin/sh
        vars:
            - name: ansible_executable
@@ -69,7 +69,7 @@ class Connection(ConnectionBase):
            raise AnsibleError("lxc command not found in PATH")

        if self._play_context.remote_user is not None and self._play_context.remote_user != 'root':
-            self._display.warning('lxd does not support remote_user, using container default: root')
+            self._display.warning('lxd does not support remote_user, using default: root')

    def _connect(self):
        """connect to lxd (nothing to do here) """
--- a/plugins/doc_fragments/nomad.py
+++ b/plugins/doc_fragments/nomad.py
@@ -47,6 +47,6 @@ options:
      type: str
    token:
      description:
-        - ACL token for authentification.
+        - ACL token for authentication.
      type: str
 '''
--- a/plugins/doc_fragments/proxmox.py
+++ b/plugins/doc_fragments/proxmox.py
@@ -29,11 +29,13 @@ options:
  api_token_id:
    description:
      - Specify the token ID.
+      - Requires C(proxmoxer>=1.1.0) to work.
    type: str
    version_added: 1.3.0
  api_token_secret:
    description:
      - Specify the token secret.
+      - Requires C(proxmoxer>=1.1.0) to work.
    type: str
    version_added: 1.3.0
  validate_certs:
--- a/plugins/filter/from_csv.py
+++ b/plugins/filter/from_csv.py
@@ -56,7 +56,7 @@ EXAMPLES = '''
 - name: Parse a CSV file's contents
  ansible.builtin.debug:
    msg: >-
-      {{ csv_data | community.genera.from_csv(dialect='unix') }}
+      {{ csv_data | community.general.from_csv(dialect='unix') }}
  vars:
    csv_data: |
      Column 1,Value
--- a/plugins/inventory/cobbler.py
+++ b/plugins/inventory/cobbler.py
@@ -42,6 +42,12 @@ DOCUMENTATION = '''
        description: Fallback to cached results if connection to cobbler fails.
        type: boolean
        default: false
+      exclude_mgmt_classes:
+        description: Management classes to exclude from inventory.
+        type: list
+        default: []
+        elements: str
+        version_added: 7.4.0
      exclude_profiles:
        description:
          - Profiles to exclude from inventory.
@@ -49,6 +55,12 @@ DOCUMENTATION = '''
        type: list
        default: []
        elements: str
+      include_mgmt_classes:
+        description: Management classes to include from inventory.
+        type: list
+        default: []
+        elements: str
+        version_added: 7.4.0
      include_profiles:
        description:
          - Profiles to include from inventory.
@@ -104,6 +116,9 @@ import socket
 from ansible.errors import AnsibleError
 from ansible.module_utils.common.text.converters import to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Cacheable, to_safe_group_name
+from ansible.module_utils.six import text_type
+
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 # xmlrpc
 try:
@@ -145,7 +160,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
            self.connection = xmlrpc_client.Server(self.cobbler_url, allow_none=True)
            self.token = None
            if self.get_option('user') is not None:
-                self.token = self.connection.login(self.get_option('user'), self.get_option('password'))
+                self.token = self.connection.login(text_type(self.get_option('user')), text_type(self.get_option('password')))
        return self.connection

    def _init_cache(self):
@@ -215,6 +230,8 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
        self.cache_key = self.get_cache_key(path)
        self.use_cache = cache and self.get_option('cache')

+        self.exclude_mgmt_classes = self.get_option('exclude_mgmt_classes')
+        self.include_mgmt_classes = self.get_option('include_mgmt_classes')
        self.exclude_profiles = self.get_option('exclude_profiles')
        self.include_profiles = self.get_option('include_profiles')
        self.group_by = self.get_option('group_by')
@@ -259,14 +276,21 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
        for host in self._get_systems():
            # Get the FQDN for the host and add it to the right groups
            if self.inventory_hostname == 'system':
-                hostname = host['name']  # None
+                hostname = make_unsafe(host['name'])  # None
            else:
-                hostname = host['hostname']  # None
+                hostname = make_unsafe(host['hostname'])  # None
            interfaces = host['interfaces']

-            if self._exclude_profile(host['profile']):
-                self.display.vvvv('Excluding host %s in profile %s\n' % (host['name'], host['profile']))
-                continue
+            if set(host['mgmt_classes']) & set(self.include_mgmt_classes):
+                self.display.vvvv('Including host %s in mgmt_classes %s\n' % (host['name'], host['mgmt_classes']))
+            else:
+                if self._exclude_profile(host['profile']):
+                    self.display.vvvv('Excluding host %s in profile %s\n' % (host['name'], host['profile']))
+                    continue
+
+                if set(host['mgmt_classes']) & set(self.exclude_mgmt_classes):
+                    self.display.vvvv('Excluding host %s in mgmt_classes %s\n' % (host['name'], host['mgmt_classes']))
+                    continue

            # hostname is often empty for non-static IP hosts
            if hostname == '':
@@ -274,7 +298,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                    if ivalue['management'] or not ivalue['static']:
                        this_dns_name = ivalue.get('dns_name', None)
                        if this_dns_name is not None and this_dns_name != "":
-                            hostname = this_dns_name
+                            hostname = make_unsafe(this_dns_name)
                            self.display.vvvv('Set hostname to %s from %s\n' % (hostname, iname))

            if hostname == '':
@@ -307,20 +331,22 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):

            # Add host variables
            ip_address = None
+            ip_address_first = None
            ipv6_address = None
+            ipv6_address_first = None
            for iname, ivalue in interfaces.items():
                # Set to first interface or management interface if defined or hostname matches dns_name
                if ivalue['ip_address'] != "":
-                    if ip_address is None:
-                        ip_address = ivalue['ip_address']
-                    elif ivalue['management']:
+                    if ip_address_first is None:
+                        ip_address_first = ivalue['ip_address']
+                    if ivalue['management']:
                        ip_address = ivalue['ip_address']
                    elif ivalue['dns_name'] == hostname and ip_address is None:
                        ip_address = ivalue['ip_address']
                if ivalue['ipv6_address'] != "":
-                    if ipv6_address is None:
-                        ipv6_address = ivalue['ipv6_address']
-                    elif ivalue['management']:
+                    if ipv6_address_first is None:
+                        ipv6_address_first = ivalue['ipv6_address']
+                    if ivalue['management']:
                        ipv6_address = ivalue['ipv6_address']
                    elif ivalue['dns_name'] == hostname and ipv6_address is None:
                        ipv6_address = ivalue['ipv6_address']
@@ -333,18 +359,22 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                        if ivalue['ipv6_address'] != "":
                            ip_addresses[ivalue['dns_name']] = ivalue['ipv6_address']

-            # Add ip_address to host if defined
+            # Add ip_address to host if defined, use first if no management or matched dns_name
+            if ip_address is None and ip_address_first is not None:
+                ip_address = ip_address_first
            if ip_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', ip_address)
+                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', make_unsafe(ip_address))
+            if ipv6_address is None and ipv6_address_first is not None:
+                ipv6_address = ipv6_address_first
            if ipv6_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', ipv6_address)
+                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', make_unsafe(ipv6_address))

            if self.get_option('want_facts'):
                try:
-                    self.inventory.set_variable(hostname, 'cobbler', host)
+                    self.inventory.set_variable(hostname, 'cobbler', make_unsafe(host))
                except ValueError as e:
                    self.display.warning("Could not set host info for %s: %s" % (hostname, to_text(e)))

        if self.get_option('want_ip_addresses'):
-            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', ip_addresses)
-            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', ipv6_addresses)
+            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', make_unsafe(ip_addresses))
+            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', make_unsafe(ipv6_addresses))
--- a/plugins/inventory/gitlab_runners.py
+++ b/plugins/inventory/gitlab_runners.py
@@ -85,6 +85,8 @@ from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.common.text.converters import to_native
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 try:
    import gitlab
    HAS_GITLAB = True
@@ -106,11 +108,11 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
            else:
                runners = gl.runners.all()
            for runner in runners:
-                host = str(runner['id'])
+                host = make_unsafe(str(runner['id']))
                ip_address = runner['ip_address']
-                host_attrs = vars(gl.runners.get(runner['id']))['_attrs']
+                host_attrs = make_unsafe(vars(gl.runners.get(runner['id']))['_attrs'])
                self.inventory.add_host(host, group='gitlab_runners')
-                self.inventory.set_variable(host, 'ansible_host', ip_address)
+                self.inventory.set_variable(host, 'ansible_host', make_unsafe(ip_address))
                if self.get_option('verbose_output', True):
                    self.inventory.set_variable(host, 'gitlab_runner_attributes', host_attrs)

--- a/plugins/inventory/icinga2.py
+++ b/plugins/inventory/icinga2.py
@@ -97,6 +97,8 @@ from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.six.moves.urllib.error import HTTPError

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable):
    ''' Host inventory parser for ansible using Icinga2 as source. '''
@@ -233,15 +235,15 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        """Convert Icinga2 API data to JSON format for Ansible"""
        groups_dict = {"_meta": {"hostvars": {}}}
        for entry in json_data:
-            host_attrs = entry['attrs']
+            host_attrs = make_unsafe(entry['attrs'])
            if self.inventory_attr == "name":
-                host_name = entry.get('name')
+                host_name = make_unsafe(entry.get('name'))
            if self.inventory_attr == "address":
                # When looking for address for inventory, if missing fallback to object name
                if host_attrs.get('address', '') != '':
-                    host_name = host_attrs.get('address')
+                    host_name = make_unsafe(host_attrs.get('address'))
                else:
-                    host_name = entry.get('name')
+                    host_name = make_unsafe(entry.get('name'))
            if self.inventory_attr == "display_name":
                host_name = host_attrs.get('display_name')
            if host_attrs['state'] == 0:
@@ -257,7 +259,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
            # If the address attribute is populated, override ansible_host with the value
            if host_attrs.get('address') != '':
                self.inventory.set_variable(host_name, 'ansible_host', host_attrs.get('address'))
-            self.inventory.set_variable(host_name, 'hostname', entry.get('name'))
+            self.inventory.set_variable(host_name, 'hostname', make_unsafe(entry.get('name')))
            self.inventory.set_variable(host_name, 'display_name', host_attrs.get('display_name'))
            self.inventory.set_variable(host_name, 'state',
                                        host_attrs['state'])
--- a/plugins/inventory/linode.py
+++ b/plugins/inventory/linode.py
@@ -124,6 +124,8 @@ compose:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 try:
    from linode_api4 import LinodeClient
@@ -199,20 +201,21 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
    def _add_instances_to_groups(self):
        """Add instance names to their dynamic inventory groups."""
        for instance in self.instances:
-            self.inventory.add_host(instance.label, group=instance.group)
+            self.inventory.add_host(make_unsafe(instance.label), group=instance.group)

    def _add_hostvars_for_instances(self):
        """Add hostvars for instances in the dynamic inventory."""
        ip_style = self.get_option('ip_style')
        for instance in self.instances:
            hostvars = instance._raw_json
+            hostname = make_unsafe(instance.label)
            for hostvar_key in hostvars:
                if ip_style == 'api' and hostvar_key in ['ipv4', 'ipv6']:
                    continue
                self.inventory.set_variable(
-                    instance.label,
+                    hostname,
                    hostvar_key,
-                    hostvars[hostvar_key]
+                    make_unsafe(hostvars[hostvar_key])
                )
            if ip_style == 'api':
                ips = instance.ips.ipv4.public + instance.ips.ipv4.private
@@ -221,9 +224,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

                for ip_type in set(ip.type for ip in ips):
                    self.inventory.set_variable(
-                        instance.label,
+                        hostname,
                        ip_type,
-                        self._ip_data([ip for ip in ips if ip.type == ip_type])
+                        make_unsafe(self._ip_data([ip for ip in ips if ip.type == ip_type]))
                    )

    def _ip_data(self, ip_list):
@@ -254,30 +257,44 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        self._add_instances_to_groups()
        self._add_hostvars_for_instances()
        for instance in self.instances:
-            variables = self.inventory.get_host(instance.label).get_vars()
+            hostname = make_unsafe(instance.label)
+            variables = self.inventory.get_host(hostname).get_vars()
            self._add_host_to_composed_groups(
                self.get_option('groups'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)
            self._add_host_to_keyed_groups(
                self.get_option('keyed_groups'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)
            self._set_composite_vars(
                self.get_option('compose'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)

    def verify_file(self, path):
-        """Verify the Linode configuration file."""
+        """Verify the Linode configuration file.
+
+        Return true/false if the config-file is valid for this plugin
+
+        Args:
+            str(path): path to the config
+        Kwargs:
+            None
+        Raises:
+            None
+        Returns:
+            bool(valid): is valid config file"""
+        valid = False
        if super(InventoryModule, self).verify_file(path):
-            endings = ('linode.yaml', 'linode.yml')
-            if any((path.endswith(ending) for ending in endings)):
-                return True
-        return False
+            if path.endswith(("linode.yaml", "linode.yml")):
+                valid = True
+            else:
+                self.display.vvv('Inventory source not ending in "linode.yaml" or "linode.yml"')
+        return valid

    def parse(self, inventory, loader, path, cache=True):
        """Dynamically parse Linode the cloud inventory."""
--- a/plugins/inventory/lxd.py
+++ b/plugins/inventory/lxd.py
@@ -47,7 +47,7 @@ DOCUMENTATION = r'''
            - You need to set this password on the lxd server before
                running this module using the following command
                C(lxc config set core.trust_password <some random password>)
-                See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).
+                See U(https://documentation.ubuntu.com/lxd/en/latest/authentication/#adding-client-certificates-using-a-trust-password).
            - If O(trust_password) is set, this module send a request for authentication before sending any requests.
            type: str
        state:
@@ -70,7 +70,7 @@ DOCUMENTATION = r'''
            version_added: 4.2.0
        prefered_instance_network_interface:
            description:
-            - If an instance has multiple network interfaces, select which one is the prefered as pattern.
+            - If an instance has multiple network interfaces, select which one is the preferred as pattern.
            - Combined with the first number that can be found e.g. 'eth' + 0.
            - The option has been renamed from O(prefered_container_network_interface) to O(prefered_instance_network_interface)
              in community.general 3.8.0. The old name still works as an alias.
@@ -80,7 +80,7 @@ DOCUMENTATION = r'''
              - prefered_container_network_interface
        prefered_instance_network_family:
            description:
-            - If an instance has multiple network interfaces, which one is the prefered by family.
+            - If an instance has multiple network interfaces, which one is the preferred by family.
            - Specify V(inet) for IPv4 and V(inet6) for IPv6.
            type: str
            default: inet
@@ -161,6 +161,7 @@ from ansible.module_utils.six import raise_from
 from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible_collections.community.general.plugins.module_utils.lxd import LXDClient, LXDClientException
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 try:
    import ipaddress
@@ -359,7 +360,7 @@ class InventoryModule(BaseInventoryPlugin):
        Kwargs:
            None
        Source:
-            https://github.com/lxc/lxd/blob/master/doc/rest-api.md
+            https://documentation.ubuntu.com/lxd/en/latest/rest-api/
        Raises:
            None
        Returns:
@@ -376,7 +377,7 @@ class InventoryModule(BaseInventoryPlugin):
    def get_instance_data(self, names):
        """Create Inventory of the instance

-        Iterate through the different branches of the instances and collect Informations.
+        Iterate through the different branches of the instances and collect Information.

        Args:
            list(names): List of instance names
@@ -398,7 +399,7 @@ class InventoryModule(BaseInventoryPlugin):
    def get_network_data(self, names):
        """Create Inventory of the instance

-        Iterate through the different branches of the instances and collect Informations.
+        Iterate through the different branches of the instances and collect Information.

        Args:
            list(names): List of instance names
@@ -451,12 +452,12 @@ class InventoryModule(BaseInventoryPlugin):
        return network_configuration

    def get_prefered_instance_network_interface(self, instance_name):
-        """Helper to get the prefered interface of thr instance
+        """Helper to get the preferred interface of thr instance

-        Helper to get the prefered interface provide by neme pattern from 'prefered_instance_network_interface'.
+        Helper to get the preferred interface provide by neme pattern from 'prefered_instance_network_interface'.

        Args:
-            str(containe_name): name of instance
+            str(instance_name): name of instance
        Kwargs:
            None
        Raises:
@@ -481,7 +482,7 @@ class InventoryModule(BaseInventoryPlugin):
        Helper to get the VLAN_ID from the instance

        Args:
-            str(containe_name): name of instance
+            str(instance_name): name of instance
        Kwargs:
            None
        Raises:
@@ -563,7 +564,7 @@ class InventoryModule(BaseInventoryPlugin):
            else:
                path[instance_name][key] = value
        except KeyError as err:
-            raise AnsibleParserError("Unable to store Informations: {0}".format(to_native(err)))
+            raise AnsibleParserError("Unable to store Information: {0}".format(to_native(err)))

    def extract_information_from_instance_configs(self):
        """Process configuration information
@@ -656,7 +657,7 @@ class InventoryModule(BaseInventoryPlugin):

        if self._get_data_entry('inventory/{0}/network_interfaces'.format(instance_name)):  # instance have network interfaces
            self.inventory.set_variable(instance_name, 'ansible_connection', 'ssh')
-            self.inventory.set_variable(instance_name, 'ansible_host', interface_selection(instance_name))
+            self.inventory.set_variable(instance_name, 'ansible_host', make_unsafe(interface_selection(instance_name)))
        else:
            self.inventory.set_variable(instance_name, 'ansible_connection', 'local')

@@ -682,31 +683,39 @@ class InventoryModule(BaseInventoryPlugin):
                if self.filter.lower() != instance_state:
                    continue
            # add instance
+            instance_name = make_unsafe(instance_name)
            self.inventory.add_host(instance_name)
-            # add network informations
+            # add network information
            self.build_inventory_network(instance_name)
            # add os
            v = self._get_data_entry('inventory/{0}/os'.format(instance_name))
            if v:
-                self.inventory.set_variable(instance_name, 'ansible_lxd_os', v.lower())
+                self.inventory.set_variable(instance_name, 'ansible_lxd_os', make_unsafe(v.lower()))
            # add release
            v = self._get_data_entry('inventory/{0}/release'.format(instance_name))
            if v:
-                self.inventory.set_variable(instance_name, 'ansible_lxd_release', v.lower())
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_release', make_unsafe(v.lower()))
            # add profile
-            self.inventory.set_variable(instance_name, 'ansible_lxd_profile', self._get_data_entry('inventory/{0}/profile'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_profile', make_unsafe(self._get_data_entry('inventory/{0}/profile'.format(instance_name))))
            # add state
-            self.inventory.set_variable(instance_name, 'ansible_lxd_state', instance_state)
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_state', make_unsafe(instance_state))
            # add type
-            self.inventory.set_variable(instance_name, 'ansible_lxd_type', self._get_data_entry('inventory/{0}/type'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_type', make_unsafe(self._get_data_entry('inventory/{0}/type'.format(instance_name))))
            # add location information
            if self._get_data_entry('inventory/{0}/location'.format(instance_name)) != "none":  # wrong type by lxd 'none' != 'None'
-                self.inventory.set_variable(instance_name, 'ansible_lxd_location', self._get_data_entry('inventory/{0}/location'.format(instance_name)))
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_location', make_unsafe(self._get_data_entry('inventory/{0}/location'.format(instance_name))))
            # add VLAN_ID information
            if self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)):
-                self.inventory.set_variable(instance_name, 'ansible_lxd_vlan_ids', self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)))
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_vlan_ids', make_unsafe(self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name))))
            # add project
-            self.inventory.set_variable(instance_name, 'ansible_lxd_project', self._get_data_entry('inventory/{0}/project'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_project', make_unsafe(self._get_data_entry('inventory/{0}/project'.format(instance_name))))

    def build_inventory_groups_location(self, group_name):
        """create group by attribute: location
@@ -979,7 +988,7 @@ class InventoryModule(BaseInventoryPlugin):
            for group_name in self.groupby:
                if not group_name.isalnum():
                    raise AnsibleParserError('Invalid character(s) in groupname: {0}'.format(to_native(group_name)))
-                group_type(group_name)
+                group_type(make_unsafe(group_name))

    def build_inventory(self):
        """Build dynamic inventory
--- a/plugins/inventory/nmap.py
+++ b/plugins/inventory/nmap.py
@@ -85,6 +85,11 @@ DOCUMENTATION = '''
            type: boolean
            default: false
            version_added: 6.1.0
+        use_arp_ping:
+            description: Whether to always (V(true)) use the quick ARP ping or (V(false)) a slower but more reliable method.
+            type: boolean
+            default: true
+            version_added: 7.4.0
    notes:
        - At least one of ipv4 or ipv6 is required to be True, both can be True, but they cannot both be False.
        - 'TODO: add OS fingerprinting'
@@ -122,6 +127,8 @@ from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

@@ -138,6 +145,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        strict = self.get_option('strict')

        for host in hosts:
+            host = make_unsafe(host)
            hostname = host['name']
            self.inventory.add_host(hostname)
            for var, value in host.items():
@@ -196,40 +204,43 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            # setup command
            cmd = [self._nmap]

-            if self._options['sudo']:
+            if self.get_option('sudo'):
                cmd.insert(0, 'sudo')

-            if self._options['port']:
+            if self.get_option('port'):
                cmd.append('-p')
-                cmd.append(self._options['port'])
+                cmd.append(self.get_option('port'))

-            if not self._options['ports']:
+            if not self.get_option('ports'):
                cmd.append('-sP')

-            if self._options['ipv4'] and not self._options['ipv6']:
+            if self.get_option('ipv4') and not self.get_option('ipv6'):
                cmd.append('-4')
-            elif self._options['ipv6'] and not self._options['ipv4']:
+            elif self.get_option('ipv6') and not self.get_option('ipv4'):
                cmd.append('-6')
-            elif not self._options['ipv6'] and not self._options['ipv4']:
+            elif not self.get_option('ipv6') and not self.get_option('ipv4'):
                raise AnsibleParserError('One of ipv4 or ipv6 must be enabled for this plugin')

-            if self._options['exclude']:
+            if self.get_option('exclude'):
                cmd.append('--exclude')
-                cmd.append(','.join(self._options['exclude']))
+                cmd.append(','.join(self.get_option('exclude')))

-            if self._options['dns_resolve']:
+            if self.get_option('dns_resolve'):
                cmd.append('-n')

-            if self._options['udp_scan']:
+            if self.get_option('udp_scan'):
                cmd.append('-sU')

-            if self._options['icmp_timestamp']:
+            if self.get_option('icmp_timestamp'):
                cmd.append('-PP')

-            if self._options['open']:
+            if self.get_option('open'):
                cmd.append('--open')

-            cmd.append(self._options['address'])
+            if not self.get_option('use_arp_ping'):
+                cmd.append('--disable-arp-ping')
+
+            cmd.append(self.get_option('address'))
            try:
                # execute
                p = Popen(cmd, stdout=PIPE, stderr=PIPE)
--- a/plugins/inventory/online.py
+++ b/plugins/inventory/online.py
@@ -69,6 +69,8 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.ansible_release import __version__ as ansible_version
 from ansible.module_utils.six.moves.urllib.parse import urljoin

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin):
    NAME = 'community.general.online'
@@ -169,20 +171,20 @@ class InventoryModule(BaseInventoryPlugin):
            "support"
        )
        for attribute in targeted_attributes:
-            self.inventory.set_variable(hostname, attribute, host_infos[attribute])
+            self.inventory.set_variable(hostname, attribute, make_unsafe(host_infos[attribute]))

        if self.extract_public_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", self.extract_public_ipv4(host_infos=host_infos))
-            self.inventory.set_variable(hostname, "ansible_host", self.extract_public_ipv4(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))
+            self.inventory.set_variable(hostname, "ansible_host", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))

        if self.extract_private_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", self.extract_private_ipv4(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_private_ipv4(host_infos=host_infos)))

        if self.extract_os_name(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_name", self.extract_os_name(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "os_name", make_unsafe(self.extract_os_name(host_infos=host_infos)))

        if self.extract_os_version(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_version", self.extract_os_name(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "os_version", make_unsafe(self.extract_os_name(host_infos=host_infos)))

    def _filter_host(self, host_infos, hostname_preferences):

@@ -201,6 +203,8 @@ class InventoryModule(BaseInventoryPlugin):
        if not hostname:
            return

+        hostname = make_unsafe(hostname)
+
        self.inventory.add_host(host=hostname)
        self._fill_host_variables(hostname=hostname, host_infos=host_infos)

@@ -210,6 +214,8 @@ class InventoryModule(BaseInventoryPlugin):
            if not group:
                return

+            group = make_unsafe(group)
+
            self.inventory.add_group(group=group)
            self.inventory.add_host(group=group, host=hostname)

--- a/plugins/inventory/opennebula.py
+++ b/plugins/inventory/opennebula.py
@@ -98,6 +98,8 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.common.text.converters import to_native

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 from collections import namedtuple
 import os

@@ -215,6 +217,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        filter_by_label = self.get_option('filter_by_label')
        servers = self._retrieve_servers(filter_by_label)
        for server in servers:
+            server = make_unsafe(server)
            hostname = server['name']
            # check for labels
            if group_by_labels and server['LABELS']:
--- a/plugins/inventory/proxmox.py
+++ b/plugins/inventory/proxmox.py
@@ -102,7 +102,7 @@ DOCUMENTATION = '''
        type: bool
      qemu_extended_statuses:
        description:
-          - Requires O(want_facts) to be set to V(true) to function. This will allow you to differentiate betweend C(paused) and C(prelaunch)
+          - Requires O(want_facts) to be set to V(true) to function. This will allow you to differentiate between C(paused) and C(prelaunch)
            statuses of the QEMU VMs.
          - This introduces multiple groups [prefixed with O(group_prefix)] C(prelaunch) and C(paused).
        default: false
@@ -224,6 +224,7 @@ from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible.utils.display import Display

 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 # 3rd party imports
 try:
@@ -330,7 +331,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

            self._cache[self.cache_key][url] = data

-        return self._cache[self.cache_key][url]
+        return make_unsafe(self._cache[self.cache_key][url])

    def _get_nodes(self):
        return self._get_json("%s/api2/json/nodes" % self.proxmox_url)
--- a/plugins/inventory/scaleway.py
+++ b/plugins/inventory/scaleway.py
@@ -121,6 +121,7 @@ else:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible_collections.community.general.plugins.module_utils.scaleway import SCALEWAY_LOCATION, parse_pagination_link
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.module_utils.six import raise_from
@@ -279,7 +280,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        zone_info = SCALEWAY_LOCATION[zone]

        url = _build_server_url(zone_info["api_endpoint"])
-        raw_zone_hosts_infos = _fetch_information(url=url, token=token)
+        raw_zone_hosts_infos = make_unsafe(_fetch_information(url=url, token=token))

        for host_infos in raw_zone_hosts_infos:

@@ -341,4 +342,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        hostname_preference = self.get_option("hostnames")

        for zone in self._get_zones(config_zones):
-            self.do_zone_inventory(zone=zone, token=token, tags=tags, hostname_preferences=hostname_preference)
+            self.do_zone_inventory(zone=make_unsafe(zone), token=token, tags=tags, hostname_preferences=hostname_preference)
--- a/plugins/inventory/stackpath_compute.py
+++ b/plugins/inventory/stackpath_compute.py
@@ -73,6 +73,8 @@ from ansible.plugins.inventory import (
 )
 from ansible.utils.display import Display

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 display = Display()

@@ -271,7 +273,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        if not cache or cache_needs_update:
            results = self._query()

-        self._populate(results)
+        self._populate(make_unsafe(results))

        # If the cache has expired/doesn't exist or
        # if refresh_inventory/flush cache is used
--- a/plugins/inventory/virtualbox.py
+++ b/plugins/inventory/virtualbox.py
@@ -63,6 +63,8 @@ from ansible.module_utils.common._collections_compat import MutableMapping
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
    ''' Host inventory parser for ansible using local virtualbox. '''
@@ -116,6 +118,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            self._add_host_to_keyed_groups(self.get_option('keyed_groups'), hostvars[host], host, strict=strict)

    def _populate_from_cache(self, source_data):
+        source_data = make_unsafe(source_data)
        hostvars = source_data.pop('_meta', {}).get('hostvars', {})
        for group in source_data:
            if group == 'all':
@@ -162,7 +165,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            v = v.strip()
            # found host
            if k.startswith('Name') and ',' not in v:  # some setting strings appear in Name
-                current_host = v
+                current_host = make_unsafe(v)
                if current_host not in hostvars:
                    hostvars[current_host] = {}
                    self.inventory.add_host(current_host)
@@ -170,12 +173,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                # try to get network info
                netdata = self._query_vbox_data(current_host, netinfo)
                if netdata:
-                    self.inventory.set_variable(current_host, 'ansible_host', netdata)
+                    self.inventory.set_variable(current_host, 'ansible_host', make_unsafe(netdata))

            # found groups
            elif k == 'Groups':
                for group in v.split('/'):
                    if group:
+                        group = make_unsafe(group)
                        group = self.inventory.add_group(group)
                        self.inventory.add_child(group, current_host)
                        if group not in cacheable_results:
@@ -185,17 +189,17 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

            else:
                # found vars, accumulate in hostvars for clean inventory set
-                pref_k = 'vbox_' + k.strip().replace(' ', '_')
+                pref_k = make_unsafe('vbox_' + k.strip().replace(' ', '_'))
                leading_spaces = len(k) - len(k.lstrip(' '))
                if 0 < leading_spaces <= 2:
                    if prevkey not in hostvars[current_host] or not isinstance(hostvars[current_host][prevkey], dict):
                        hostvars[current_host][prevkey] = {}
-                    hostvars[current_host][prevkey][pref_k] = v
+                    hostvars[current_host][prevkey][pref_k] = make_unsafe(v)
                elif leading_spaces > 2:
                    continue
                else:
                    if v != '':
-                        hostvars[current_host][pref_k] = v
+                        hostvars[current_host][pref_k] = make_unsafe(v)
                if self._ungrouped_host(current_host, cacheable_results):
                    if 'ungrouped' not in cacheable_results:
                        cacheable_results['ungrouped'] = {'hosts': []}
--- a/plugins/inventory/xen_orchestra.py
+++ b/plugins/inventory/xen_orchestra.py
@@ -84,6 +84,7 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable

 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 # 3rd party imports
 try:
@@ -347,4 +348,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            self.protocol = 'ws'

        objects = self._get_objects()
-        self._populate(objects)
+        self._populate(make_unsafe(objects))
--- a/plugins/lookup/bitwarden.py
+++ b/plugins/lookup/bitwarden.py
@@ -25,7 +25,10 @@ DOCUMENTATION = """
        type: list
        elements: str
      search:
-        description: Field to retrieve, for example V(name) or V(id).
+        description:
+          - Field to retrieve, for example V(name) or V(id).
+          - If set to V(id), only zero or one element can be returned.
+            Use the Jinja C(first) filter to get the only list element.
        type: str
        default: name
        version_added: 5.7.0
@@ -39,27 +42,27 @@ DOCUMENTATION = """
 """

 EXAMPLES = """
- name: "Get 'password' from Bitwarden record named 'a_test'"
+- name: "Get 'password' from all Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password') }}

- name: "Get 'password' from Bitwarden record with id 'bafba515-af11-47e6-abe3-af1200cd18b2'"
+- name: "Get 'password' from Bitwarden record with ID 'bafba515-af11-47e6-abe3-af1200cd18b2'"
  ansible.builtin.debug:
    msg: >-
-      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') }}
+      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') | first }}

- name: "Get 'password' from Bitwarden record named 'a_test' from collection"
+- name: "Get 'password' from all Bitwarden records named 'a_test' from collection"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password', collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}

- name: "Get full Bitwarden record named 'a_test'"
+- name: "Get list of all full Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test') }}

- name: "Get custom field 'api_key' from Bitwarden record named 'a_test'"
+- name: "Get custom field 'api_key' from all Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}
@@ -67,9 +70,12 @@ EXAMPLES = """

 RETURN = """
  _raw:
-    description: List of requested field or JSON object of list of matches.
+    description:
+      - A one-element list that contains a list of requested fields or JSON objects of matches.
+      - If you use C(query), you get a list of lists. If you use C(lookup) without C(wantlist=true),
+        this always gets reduced to a list of field values or JSON objects.
    type: list
-    elements: raw
+    elements: list
 """

 from subprocess import Popen, PIPE
@@ -132,20 +138,29 @@ class Bitwarden(object):
        If field is None, return the whole record for each match.
        """
        matches = self._get_matches(search_value, search_field, collection_id)
-
-        if field in ['autofillOnPageLoad', 'password', 'passwordRevisionDate', 'totp', 'uris', 'username']:
-            return [match['login'][field] for match in matches]
-        elif not field:
+        if not field:
            return matches
-        else:
-            custom_field_matches = []
-            for match in matches:
+        field_matches = []
+        for match in matches:
+            # if there are no custom fields, then `match` has no key 'fields'
+            if 'fields' in match:
+                custom_field_found = False
                for custom_field in match['fields']:
-                    if custom_field['name'] == field:
-                        custom_field_matches.append(custom_field['value'])
-            if matches and not custom_field_matches:
-                raise AnsibleError("Custom field {field} does not exist in {search_value}".format(field=field, search_value=search_value))
-            return custom_field_matches
+                    if field == custom_field['name']:
+                        field_matches.append(custom_field['value'])
+                        custom_field_found = True
+                        break
+                if custom_field_found:
+                    continue
+            if 'login' in match and field in match['login']:
+                field_matches.append(match['login'][field])
+                continue
+            if field in match:
+                field_matches.append(match[field])
+                continue
+        if matches and not field_matches:
+            raise AnsibleError("field {field} does not exist in {search_value}".format(field=field, search_value=search_value))
+        return field_matches


 class LookupModule(LookupBase):
--- a/plugins/lookup/bitwarden_secrets_manager.py
+++ b/plugins/lookup/bitwarden_secrets_manager.py
@@ -0,0 +1,144 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2023, jantari (https://github.com/jantari)
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+    name: bitwarden_secrets_manager
+    author:
+      - jantari (@jantari)
+    requirements:
+      - bws (command line utility)
+    short_description: Retrieve secrets from Bitwarden Secrets Manager
+    version_added: 7.2.0
+    description:
+      - Retrieve secrets from Bitwarden Secrets Manager.
+    options:
+      _terms:
+        description: Secret ID(s) to fetch values for.
+        required: true
+        type: list
+        elements: str
+      bws_access_token:
+        description: The BWS access token to use for this lookup.
+        env:
+          - name: BWS_ACCESS_TOKEN
+        required: true
+        type: str
+"""
+
+EXAMPLES = """
+- name: Get a secret relying on the BWS_ACCESS_TOKEN environment variable for authentication
+  ansible.builtin.debug:
+    msg: >-
+      {{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972") }}
+
+- name: Get a secret passing an explicit access token for authentication
+  ansible.builtin.debug:
+    msg: >-
+      {{
+        lookup(
+          "community.general.bitwarden_secrets_manager",
+          "2bc23e48-4932-40de-a047-5524b7ddc972",
+          bws_access_token="9.4f570d14-4b54-42f5-bc07-60f4450b1db5.YmluYXJ5LXNvbWV0aGluZy0xMjMK:d2h5IGhlbGxvIHRoZXJlCg=="
+        )
+      }}
+
+- name: Get two different secrets each using a different access token for authentication
+  ansible.builtin.debug:
+    msg:
+      - '{{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972", bws_access_token=token1) }}'
+      - '{{ lookup("community.general.bitwarden_secrets_manager", "9d89af4c-eb5d-41f5-bb0f-4ae81215c768", bws_access_token=token2) }}'
+  vars:
+    token1: "9.4f570d14-4b54-42f5-bc07-60f4450b1db5.YmluYXJ5LXNvbWV0aGluZy0xMjMK:d2h5IGhlbGxvIHRoZXJlCg=="
+    token2: "1.69b72797-6ea9-4687-a11e-848e41a30ae6.YW5zaWJsZSBpcyBncmVhdD8K:YW5zaWJsZSBpcyBncmVhdAo="
+
+- name: Get just the value of a secret
+  ansible.builtin.debug:
+    msg: >-
+      {{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972").value }}
+"""
+
+RETURN = """
+  _raw:
+    description: List containing one or more secrets.
+    type: list
+    elements: dict
+"""
+
+from subprocess import Popen, PIPE
+from time import sleep
+
+from ansible.errors import AnsibleLookupError
+from ansible.module_utils.common.text.converters import to_text
+from ansible.parsing.ajson import AnsibleJSONDecoder
+from ansible.plugins.lookup import LookupBase
+
+
+class BitwardenSecretsManagerException(AnsibleLookupError):
+    pass
+
+
+class BitwardenSecretsManager(object):
+    def __init__(self, path='bws'):
+        self._cli_path = path
+        self._max_retries = 3
+        self._retry_delay = 1
+
+    @property
+    def cli_path(self):
+        return self._cli_path
+
+    def _run_with_retry(self, args, stdin=None, retries=0):
+        out, err, rc = self._run(args, stdin)
+
+        if rc != 0:
+            if retries >= self._max_retries:
+                raise BitwardenSecretsManagerException("Max retries exceeded. Unable to retrieve secret.")
+
+            if "Too many requests" in err:
+                delay = self._retry_delay * (2 ** retries)
+                sleep(delay)
+                return self._run_with_retry(args, stdin, retries + 1)
+            else:
+                raise BitwardenSecretsManagerException("Command failed with return code {rc}: {err}".format(rc=rc, err=err))
+
+        return out, err, rc
+
+    def _run(self, args, stdin=None):
+        p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
+        out, err = p.communicate(stdin)
+        rc = p.wait()
+        return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict'), rc
+
+    def get_secret(self, secret_id, bws_access_token):
+        """Get and return the secret with the given secret_id.
+        """
+
+        # Prepare set of params for Bitwarden Secrets Manager CLI
+        # Color output was not always disabled correctly with the default 'auto' setting so explicitly disable it.
+        params = [
+            '--color', 'no',
+            '--access-token', bws_access_token,
+            'get', 'secret', secret_id
+        ]
+
+        out, err, rc = self._run_with_retry(params)
+        if rc != 0:
+            raise BitwardenSecretsManagerException(to_text(err))
+
+        return AnsibleJSONDecoder().raw_decode(out)[0]
+
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables=None, **kwargs):
+        self.set_options(var_options=variables, direct=kwargs)
+        bws_access_token = self.get_option('bws_access_token')
+
+        return [_bitwarden_secrets_manager.get_secret(term, bws_access_token) for term in terms]
+
+
+_bitwarden_secrets_manager = BitwardenSecretsManager()
--- a/plugins/lookup/dig.py
+++ b/plugins/lookup/dig.py
@@ -70,6 +70,11 @@ DOCUMENTATION = '''
          - "Class."
        type: str
        default: 'IN'
+      tcp:
+        description: Use TCP to lookup DNS records.
+        default: false
+        type: bool
+        version_added: 7.5.0
    notes:
      - ALL is not a record per-se, merely the listed fields are available for any record results you retrieve in the form of a dictionary.
      - While the 'dig' lookup plugin supports anything which dnspython supports out of the box, only a subset can be converted into a dictionary.
@@ -329,6 +334,7 @@ class LookupModule(LookupBase):
        flat = self.get_option('flat')
        fail_on_error = self.get_option('fail_on_error')
        real_empty = self.get_option('real_empty')
+        tcp = self.get_option('tcp')
        try:
            rdclass = dns.rdataclass.from_text(self.get_option('class'))
        except Exception as e:
@@ -375,6 +381,8 @@ class LookupModule(LookupBase):
                    fail_on_error = boolean(arg)
                elif opt == 'real_empty':
                    real_empty = boolean(arg)
+                elif opt == 'tcp':
+                    tcp = boolean(arg)

                continue

@@ -408,7 +416,7 @@ class LookupModule(LookupBase):

        for domain in domains:
            try:
-                answers = myres.query(domain, qtype, rdclass=rdclass)
+                answers = myres.query(domain, qtype, rdclass=rdclass, tcp=tcp)
                for rdata in answers:
                    s = rdata.to_text()
                    if qtype.upper() == 'TXT':
--- a/plugins/lookup/etcd.py
+++ b/plugins/lookup/etcd.py
@@ -39,6 +39,10 @@ DOCUMENTATION = '''
                - toggle checking that the ssl certificates are valid, you normally only want to turn this off with self-signed certs.
            default: true
            type: boolean
+    seealso:
+    - module: community.general.etcd3
+    - plugin: community.general.etcd3
+      plugin_type: lookup
 '''

 EXAMPLES = '''
--- a/plugins/lookup/etcd3.py
+++ b/plugins/lookup/etcd3.py
@@ -94,8 +94,8 @@ DOCUMENTATION = '''
      environment variable and keep O(endpoints), O(host), and O(port) unused.
    seealso:
    - module: community.general.etcd3
-    - ref: ansible_collections.community.general.etcd_lookup
-      description: The etcd v2 lookup.
+    - plugin: community.general.etcd
+      plugin_type: lookup

    requirements:
    - "etcd3 >= 0.10"
--- a/plugins/lookup/merge_variables.py
+++ b/plugins/lookup/merge_variables.py
@@ -11,7 +11,7 @@ DOCUMENTATION = """
      - Roy Lenferink (@rlenferink)
      - Mark Ettema (@m-a-r-k-e)
    name: merge_variables
-    short_description: merge variables with a certain suffix
+    short_description: merge variables whose names match a given pattern
    description:
        - This lookup returns the merged result of all variables in scope that match the given prefixes, suffixes, or
         regular expressions, optionally.
--- a/plugins/lookup/onepassword.py
+++ b/plugins/lookup/onepassword.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright (c) 2018, Scott Buchanan <sbuchanan@ri.pn>
+# Copyright (c) 2018, Scott Buchanan <scott@buchanan.works>
 # Copyright (c) 2016, Andrew Zenk <azenk@umn.edu> (lastpass.py used as starting point)
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
@@ -38,6 +38,10 @@ DOCUMENTATION = '''
        type: str
      subdomain:
        description: The 1Password subdomain to authenticate against.
+      account_id:
+        description: The account ID to target.
+        type: str
+        version_added: 7.5.0
      username:
        description: The username used to sign in.
      secret_key:
@@ -55,6 +59,7 @@ DOCUMENTATION = '''
        performed an initial sign in (meaning C(~/.op/config), C(~/.config/op/config) or C(~/.config/.op/config) exists), then only the
        C(master_password) is required. You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
      - This lookup can perform an initial login by providing O(subdomain), O(username), O(secret_key), and O(master_password).
+      - Can target a specific account by providing the O(account_id).
      - Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials
        needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
        to the 1Password master password.
@@ -80,19 +85,25 @@ EXAMPLES = """

 - name: Retrieve password for HAL when not signed in to 1Password
  ansible.builtin.debug:
-    var: lookup('community.general.onepassword'
-                'HAL 9000'
-                subdomain='Discovery'
+    var: lookup('community.general.onepassword',
+                'HAL 9000',
+                subdomain='Discovery',
                master_password=vault_master_password)

 - name: Retrieve password for HAL when never signed in to 1Password
  ansible.builtin.debug:
-    var: lookup('community.general.onepassword'
-                'HAL 9000'
-                subdomain='Discovery'
-                master_password=vault_master_password
-                username='tweety@acme.com'
+    var: lookup('community.general.onepassword',
+                'HAL 9000',
+                subdomain='Discovery',
+                master_password=vault_master_password,
+                username='tweety@acme.com',
                secret_key=vault_secret_key)
+
+- name: Retrieve password from specific account
+  ansible.builtin.debug:
+    var: lookup('community.general.onepassword',
+                'HAL 9000',
+                account_id='abc123')
 """

 RETURN = """
@@ -116,16 +127,34 @@ from ansible.module_utils.six import with_metaclass
 from ansible_collections.community.general.plugins.module_utils.onepassword import OnePasswordConfig


+def _lower_if_possible(value):
+    """Return the lower case version value, otherwise return the value"""
+    try:
+        return value.lower()
+    except AttributeError:
+        return value
+
+
 class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)):
    bin = "op"

-    def __init__(self, subdomain=None, domain="1password.com", username=None, secret_key=None, master_password=None, service_account_token=None):
+    def __init__(
+        self,
+        subdomain=None,
+        domain="1password.com",
+        username=None,
+        secret_key=None,
+        master_password=None,
+        service_account_token=None,
+        account_id=None,
+    ):
        self.subdomain = subdomain
        self.domain = domain
        self.username = username
        self.master_password = master_password
        self.secret_key = secret_key
        self.service_account_token = service_account_token
+        self.account_id = account_id

        self._path = None
        self._version = None
@@ -293,7 +322,9 @@ class OnePassCLIv1(OnePassCLIBase):

    def assert_logged_in(self):
        args = ["get", "account"]
-        if self.subdomain:
+        if self.account_id:
+            args.extend(["--account", self.account_id])
+        elif self.subdomain:
            account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain)
            args.extend(["--account", account])

@@ -326,6 +357,10 @@ class OnePassCLIv1(OnePassCLIBase):

    def get_raw(self, item_id, vault=None, token=None):
        args = ["get", "item", item_id]
+
+        if self.account_id:
+            args.extend(["--account", self.account_id])
+
        if vault is not None:
            args += ["--vault={0}".format(vault)]

@@ -453,6 +488,7 @@ class OnePassCLIv2(OnePassCLIBase):
            }
        """
        data = json.loads(data_json)
+        field_name = _lower_if_possible(field_name)
        for field in data.get("fields", []):
            if section_title is None:
                # If the field name exists in the section, return that value
@@ -461,24 +497,26 @@ class OnePassCLIv2(OnePassCLIBase):

                # If the field name doesn't exist in the section, match on the value of "label"
                # then "id" and return "value"
-                if field.get("label") == field_name:
-                    return field["value"]
+                if field.get("label", "").lower() == field_name:
+                    return field.get("value", "")

-                if field.get("id") == field_name:
-                    return field["value"]
+                if field.get("id", "").lower() == field_name:
+                    return field.get("value", "")

-            # Look at the section data and get an indentifier. The value of 'id' is either a unique ID
+            # Look at the section data and get an identifier. The value of 'id' is either a unique ID
            # or a human-readable string. If a 'label' field exists, prefer that since
            # it is the value visible in the 1Password UI when both 'id' and 'label' exist.
            section = field.get("section", {})
-            current_section_title = section.get("label", section.get("id"))
+            section_title = _lower_if_possible(section_title)
+
+            current_section_title = section.get("label", section.get("id", "")).lower()
            if section_title == current_section_title:
                # In the correct section. Check "label" then "id" for the desired field_name
-                if field.get("label") == field_name:
-                    return field["value"]
+                if field.get("label", "").lower() == field_name:
+                    return field.get("value", "")

-                if field.get("id") == field_name:
-                    return field["value"]
+                if field.get("id", "").lower() == field_name:
+                    return field.get("value", "")

        return ""

@@ -502,7 +540,9 @@ class OnePassCLIv2(OnePassCLIBase):
            # an interactive prompt. Only run 'op account get' after first listing accounts to see
            # if there are any previously configured accounts.
            args = ["account", "get"]
-            if self.subdomain:
+            if self.account_id:
+                args.extend(["--account", self.account_id])
+            elif self.subdomain:
                account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain)
                args.extend(["--account", account])

@@ -533,6 +573,10 @@ class OnePassCLIv2(OnePassCLIBase):

    def get_raw(self, item_id, vault=None, token=None):
        args = ["item", "get", item_id, "--format", "json"]
+
+        if self.account_id:
+            args.extend(["--account", self.account_id])
+
        if vault is not None:
            args += ["--vault={0}".format(vault)]

@@ -559,13 +603,14 @@ class OnePassCLIv2(OnePassCLIBase):

 class OnePass(object):
    def __init__(self, subdomain=None, domain="1password.com", username=None, secret_key=None, master_password=None,
-                 service_account_token=None):
+                 service_account_token=None, account_id=None):
        self.subdomain = subdomain
        self.domain = domain
        self.username = username
        self.secret_key = secret_key
        self.master_password = master_password
        self.service_account_token = service_account_token
+        self.account_id = account_id

        self.logged_in = False
        self.token = None
@@ -578,7 +623,7 @@ class OnePass(object):
        for cls in OnePassCLIBase.__subclasses__():
            if cls.supports_version == version.split(".")[0]:
                try:
-                    return cls(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token)
+                    return cls(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token, self.account_id)
                except TypeError as e:
                    raise AnsibleLookupError(e)

@@ -642,8 +687,9 @@ class LookupModule(LookupBase):
        secret_key = self.get_option("secret_key")
        master_password = self.get_option("master_password")
        service_account_token = self.get_option("service_account_token")
+        account_id = self.get_option("account_id")

-        op = OnePass(subdomain, domain, username, secret_key, master_password, service_account_token)
+        op = OnePass(subdomain, domain, username, secret_key, master_password, service_account_token, account_id)
        op.assert_logged_in()

        values = []
--- a/plugins/lookup/onepassword_raw.py
+++ b/plugins/lookup/onepassword_raw.py
@@ -35,6 +35,10 @@ DOCUMENTATION = '''
        version_added: 6.0.0
        default: '1password.com'
        type: str
+      account_id:
+        description: The account ID to target.
+        type: str
+        version_added: 7.5.0
      username:
        description: The username used to sign in.
      secret_key:
@@ -52,6 +56,7 @@ DOCUMENTATION = '''
        performed an initial sign in (meaning C(~/.op/config exists)), then only the O(master_password) is required.
        You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
      - This lookup can perform an initial login by providing O(subdomain), O(username), O(secret_key), and O(master_password).
+      - Can target a specific account by providing the O(account_id).
      - Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials
        needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
        to the 1Password master password.
@@ -96,8 +101,9 @@ class LookupModule(LookupBase):
        secret_key = self.get_option("secret_key")
        master_password = self.get_option("master_password")
        service_account_token = self.get_option("service_account_token")
+        account_id = self.get_option("account_id")

-        op = OnePass(subdomain, domain, username, secret_key, master_password, service_account_token)
+        op = OnePass(subdomain, domain, username, secret_key, master_password, service_account_token, account_id)
        op.assert_logged_in()

        values = []
--- a/plugins/lookup/random_string.py
+++ b/plugins/lookup/random_string.py
@@ -16,6 +16,8 @@ DOCUMENTATION = r"""
    version_added: '3.2.0'
    description:
      - Generates random string based upon the given constraints.
+      - Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom),
+        so should be strong enough for cryptographic purposes.
    options:
      length:
        description: The length of the string.
@@ -70,7 +72,7 @@ DOCUMENTATION = r"""
        type: int
      override_special:
        description:
-        - Overide a list of special characters to use in the string.
+        - Override a list of special characters to use in the string.
        - If set O(min_special) should be set to a non-default value.
        type: str
      override_all:
@@ -78,6 +80,19 @@ DOCUMENTATION = r"""
        - Override all values of O(numbers), O(upper), O(lower), and O(special) with
          the given list of characters.
        type: str
+      ignore_similar_chars:
+        description:
+        - Ignore similar characters, such as V(l) and V(1), or V(O) and V(0).
+        - These characters can be configured in O(similar_chars).
+        default: false
+        type: bool
+        version_added: 7.5.0
+      similar_chars:
+        description:
+        - Override a list of characters not to be use in the string.
+        default: "il1LoO0"
+        type: str
+        version_added: 7.5.0
      base64:
        description:
        - Returns base64 encoded string.
@@ -101,7 +116,7 @@ EXAMPLES = r"""
    var: lookup('community.general.random_string', base64=True)
  # Example result: ['NHZ6eWN5Qk0=']

- name: Generate a random string with 1 lower, 1 upper, 1 number and 1 special char (atleast)
+- name: Generate a random string with 1 lower, 1 upper, 1 number and 1 special char (at least)
  ansible.builtin.debug:
    var: lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1)
  # Example result: ['&Qw2|E[-']
@@ -171,9 +186,17 @@ class LookupModule(LookupBase):
        length = self.get_option("length")
        base64_flag = self.get_option("base64")
        override_all = self.get_option("override_all")
+        ignore_similar_chars = self.get_option("ignore_similar_chars")
+        similar_chars = self.get_option("similar_chars")
        values = ""
        available_chars_set = ""

+        if ignore_similar_chars:
+            number_chars = "".join([sc for sc in number_chars if sc not in similar_chars])
+            lower_chars = "".join([sc for sc in lower_chars if sc not in similar_chars])
+            upper_chars = "".join([sc for sc in upper_chars if sc not in similar_chars])
+            special_chars = "".join([sc for sc in special_chars if sc not in similar_chars])
+
        if override_all:
            # Override all the values
            available_chars_set = override_all
--- a/plugins/lookup/tss.py
+++ b/plugins/lookup/tss.py
@@ -26,6 +26,11 @@ options:
        description: The integer ID of the secret.
        required: true
        type: int
+    secret_path:
+        description: Indicate a full path of secret including folder and secret name when the secret ID is set to 0.
+        required: false
+        type: str
+        version_added: 7.2.0
    fetch_secret_ids_from_folder:
        description:
            - Boolean flag which indicates whether secret ids are in a folder is fetched by folder ID or not.
@@ -221,6 +226,29 @@ EXAMPLES = r"""
          the secret id's are {{
              secret
          }}
+
+# If secret ID is 0 and secret_path has value then secret is fetched by secret path
+- hosts: localhost
+  vars:
+      secret: >-
+        {{
+            lookup(
+                'community.general.tss',
+                0,
+                secret_path='\folderName\secretName'
+                base_url='https://secretserver.domain.com/SecretServer/',
+                username='user.name',
+                password='password'
+            )
+        }}
+  tasks:
+      - ansible.builtin.debug:
+          msg: >
+            the password is {{
+              (secret['items']
+                | items2dict(key_name='slug',
+                             value_name='itemValue'))['password']
+            }}
 """

 import abc
@@ -231,32 +259,23 @@ from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display

 try:
-    from delinea.secrets.server import SecretServer, SecretServerError
+    from delinea.secrets.server import SecretServer, SecretServerError, PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer

    HAS_TSS_SDK = True
    HAS_DELINEA_SS_SDK = True
+    HAS_TSS_AUTHORIZER = True
 except ImportError:
    try:
-        from thycotic.secrets.server import SecretServer, SecretServerError
+        from thycotic.secrets.server import SecretServer, SecretServerError, PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer

        HAS_TSS_SDK = True
        HAS_DELINEA_SS_SDK = False
+        HAS_TSS_AUTHORIZER = True
    except ImportError:
        SecretServer = None
        SecretServerError = None
        HAS_TSS_SDK = False
        HAS_DELINEA_SS_SDK = False
-
-try:
-    from thycotic.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer
-
-    HAS_TSS_AUTHORIZER = True
-except ImportError:
-    try:
-        from delinea.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer
-
-        HAS_TSS_AUTHORIZER = True
-    except ImportError:
        PasswordGrantAuthorizer = None
        DomainPasswordGrantAuthorizer = None
        AccessTokenAuthorizer = None
@@ -278,13 +297,21 @@ class TSSClient(object):
        else:
            return TSSClientV0(**server_parameters)

-    def get_secret(self, term, fetch_file_attachments, file_download_path):
+    def get_secret(self, term, secret_path, fetch_file_attachments, file_download_path):
        display.debug("tss_lookup term: %s" % term)
        secret_id = self._term_to_secret_id(term)
-        display.vvv(u"Secret Server lookup of Secret with ID %d" % secret_id)
+        if secret_id == 0 and secret_path:
+            fetch_secret_by_path = True
+            display.vvv(u"Secret Server lookup of Secret with path %s" % secret_path)
+        else:
+            fetch_secret_by_path = False
+            display.vvv(u"Secret Server lookup of Secret with ID %d" % secret_id)

        if fetch_file_attachments:
-            obj = self._client.get_secret(secret_id, fetch_file_attachments)
+            if fetch_secret_by_path:
+                obj = self._client.get_secret_by_path(secret_path, fetch_file_attachments)
+            else:
+                obj = self._client.get_secret(secret_id, fetch_file_attachments)
            for i in obj['items']:
                if file_download_path and os.path.isdir(file_download_path):
                    if i['isFile']:
@@ -302,7 +329,10 @@ class TSSClient(object):
                    raise AnsibleOptionsError("File download path does not exist")
            return obj
        else:
-            return self._client.get_secret_json(secret_id)
+            if fetch_secret_by_path:
+                return self._client.get_secret_by_path(secret_path, False)
+            else:
+                return self._client.get_secret_json(secret_id)

    def get_secret_ids_by_folderid(self, term):
        display.debug("tss_lookup term: %s" % term)
@@ -399,6 +429,14 @@ class LookupModule(LookupBase):
                else:
                    raise AnsibleError("latest python-tss-sdk must be installed to use this plugin")
            else:
-                return [tss.get_secret(term, self.get_option("fetch_attachments"), self.get_option("file_download_path")) for term in terms]
+                return [
+                    tss.get_secret(
+                        term,
+                        self.get_option("secret_path"),
+                        self.get_option("fetch_attachments"),
+                        self.get_option("file_download_path"),
+                    )
+                    for term in terms
+                ]
        except SecretServerError as error:
            raise AnsibleError("Secret Server lookup failure: %s" % error.message)
--- a/plugins/module_utils/cmd_runner.py
+++ b/plugins/module_utils/cmd_runner.py
@@ -6,6 +6,7 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

+import os
 from functools import wraps

 from ansible.module_utils.common.collections import is_sequence
@@ -204,11 +205,16 @@ class CmdRunner(object):
            environ_update = {}
        self.environ_update = environ_update

-        self.command[0] = module.get_bin_path(self.command[0], opt_dirs=path_prefix, required=True)
+        _cmd = self.command[0]
+        self.command[0] = _cmd if (os.path.isabs(_cmd) or '/' in _cmd) else module.get_bin_path(_cmd, opt_dirs=path_prefix, required=True)

        for mod_param_name, spec in iteritems(module.argument_spec):
            if mod_param_name not in self.arg_formats:
-                self.arg_formats[mod_param_name] = _Format.as_default_type(spec['type'], mod_param_name)
+                self.arg_formats[mod_param_name] = _Format.as_default_type(spec.get('type', 'str'), mod_param_name)
+
+    @property
+    def binary(self):
+        return self.command[0]

    def __call__(self, args_order=None, output_process=None, ignore_value_none=True, check_mode_skip=False, check_mode_return=None, **kwargs):
        if output_process is None:
--- a/plugins/module_utils/consul.py
+++ b/plugins/module_utils/consul.py
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2022, Håkon Lerring
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+def get_consul_url(configuration):
+    return '%s://%s:%s/v1' % (configuration.scheme,
+                              configuration.host, configuration.port)
+
+
+def get_auth_headers(configuration):
+    if configuration.token is None:
+        return {}
+    else:
+        return {'X-Consul-Token': configuration.token}
+
+
+class RequestError(Exception):
+    pass
+
+
+def handle_consul_response_error(response):
+    if 400 <= response.status_code < 600:
+        raise RequestError('%d %s' % (response.status_code, response.content))
--- a/plugins/module_utils/dimensiondata.py
+++ b/plugins/module_utils/dimensiondata.py
@@ -39,7 +39,7 @@ except ImportError:
    LIBCLOUD_IMP_ERR = traceback.format_exc()
    HAS_LIBCLOUD = False

-# MCP 2.x version patten for location (datacenter) names.
+# MCP 2.x version pattern for location (datacenter) names.
 #
 # Note that this is not a totally reliable way of determining MCP version.
 # Unfortunately, libcloud's NodeLocation currently makes no provision for extended properties.
--- a/plugins/module_utils/gio_mime.py
+++ b/plugins/module_utils/gio_mime.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2022, Alexei Znamensky <russoz@gmail.com>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt
+
+
+def gio_mime_runner(module, **kwargs):
+    return CmdRunner(
+        module,
+        command=['gio', 'mime'],
+        arg_formats=dict(
+            mime_type=cmd_runner_fmt.as_list(),
+            handler=cmd_runner_fmt.as_list(),
+        ),
+        **kwargs
+    )
+
+
+def gio_mime_get(runner, mime_type):
+    def process(rc, out, err):
+        if err.startswith("No default applications for"):
+            return None
+        out = out.splitlines()[0]
+        return out.split()[-1]
+
+    with runner("mime_type", output_process=process) as ctx:
+        return ctx.run(mime_type=mime_type)
--- a/plugins/module_utils/gitlab.py
+++ b/plugins/module_utils/gitlab.py
@@ -21,15 +21,30 @@ except ImportError:

 import traceback

+
+def _determine_list_all_kwargs(version):
+    gitlab_version = LooseVersion(version)
+    if gitlab_version >= LooseVersion('4.0.0'):
+        # 4.0.0 removed 'as_list'
+        return {'iterator': True, 'per_page': 100}
+    elif gitlab_version >= LooseVersion('3.7.0'):
+        # 3.7.0 added 'get_all'
+        return {'as_list': False, 'get_all': True, 'per_page': 100}
+    else:
+        return {'as_list': False, 'all': True, 'per_page': 100}
+
+
 GITLAB_IMP_ERR = None
 try:
    import gitlab
    import requests
    HAS_GITLAB_PACKAGE = True
+    list_all_kwargs = _determine_list_all_kwargs(gitlab.__version__)
 except Exception:
    gitlab = None
    GITLAB_IMP_ERR = traceback.format_exc()
    HAS_GITLAB_PACKAGE = False
+    list_all_kwargs = {}


 def auth_argument_spec(spec=None):
@@ -116,7 +131,7 @@ def gitlab_authentication(module):
 def filter_returned_variables(gitlab_variables):
    # pop properties we don't know
    existing_variables = [dict(x.attributes) for x in gitlab_variables]
-    KNOWN = ['key', 'value', 'masked', 'protected', 'variable_type', 'environment_scope']
+    KNOWN = ['key', 'value', 'masked', 'protected', 'variable_type', 'environment_scope', 'raw']
    for item in existing_variables:
        for key in list(item.keys()):
            if key not in KNOWN:
@@ -135,6 +150,7 @@ def vars_to_variables(vars, module):
                    "value": str(value),
                    "masked": False,
                    "protected": False,
+                    "raw": False,
                    "variable_type": "env_var",
                }
            )
@@ -145,6 +161,7 @@ def vars_to_variables(vars, module):
                "value": value.get('value'),
                "masked": value.get('masked'),
                "protected": value.get('protected'),
+                "raw": value.get('raw'),
                "variable_type": value.get('variable_type'),
            }

--- a/plugins/module_utils/hwc_utils.py
+++ b/plugins/module_utils/hwc_utils.py
@@ -203,7 +203,7 @@ class Config(object):

        if url == "":
            raise HwcClientException(
-                0, "Can not find the enpoint for %s" % service_type)
+                0, "Cannot find the endpoint for %s" % service_type)

        if url[-1] != "/":
            url += "/"
@@ -351,7 +351,7 @@ def wait_to_finish(target, pending, refresh, timeout, min_interval=1, delay=3):

            if pending and status not in pending:
                raise HwcModuleException(
-                    "unexpect status(%s) occurred" % status)
+                    "unexpected status(%s) occurred" % status)

        if not is_last_time:
            wait *= 2
@@ -362,7 +362,7 @@ def wait_to_finish(target, pending, refresh, timeout, min_interval=1, delay=3):

            time.sleep(wait)

-    raise HwcModuleException("asycn wait timeout after %d seconds" % timeout)
+    raise HwcModuleException("async wait timeout after %d seconds" % timeout)


 def navigate_value(data, index, array_index=None):
--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@@ -105,6 +105,20 @@ URL_COMPONENT = "{url}/admin/realms/{realm}/components/{id}"
 URL_AUTHZ_AUTHORIZATION_SCOPE = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/scope/{id}"
 URL_AUTHZ_AUTHORIZATION_SCOPES = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/scope"

+# This URL is used for:
+# - Querying client authorization permissions
+# - Removing client authorization permissions
+URL_AUTHZ_POLICIES = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/policy"
+URL_AUTHZ_POLICY = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/policy/{id}"
+
+URL_AUTHZ_PERMISSION = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/permission/{permission_type}/{id}"
+URL_AUTHZ_PERMISSIONS = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/permission/{permission_type}"
+
+URL_AUTHZ_RESOURCES = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/resource"
+
+URL_AUTHZ_CUSTOM_POLICY = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/policy/{policy_type}"
+URL_AUTHZ_CUSTOM_POLICIES = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/policy"
+

 def keycloak_argument_spec():
    """
@@ -530,7 +544,7 @@ class KeycloakAPI(object):
        return None

    def get_client_group_available_rolemappings(self, gid, cid, realm="master"):
-        """ Fetch the available role of a client in a specified goup on the Keycloak server.
+        """ Fetch the available role of a client in a specified group on the Keycloak server.

        :param gid: ID of the group from which to obtain the rolemappings.
        :param cid: ID of the client from which to obtain the rolemappings.
@@ -613,7 +627,7 @@ class KeycloakAPI(object):
                                      % (rid, realm, str(e)))

    def add_group_rolemapping(self, gid, cid, role_rep, realm="master"):
-        """ Fetch the composite role of a client in a specified goup on the Keycloak server.
+        """ Fetch the composite role of a client in a specified group on the Keycloak server.

        :param gid: ID of the group from which to obtain the rolemappings.
        :param cid: ID of the client from which to obtain the rolemappings.
@@ -766,7 +780,8 @@ class KeycloakAPI(object):
        users_url += '?username=%s&exact=true' % username
        try:
            userrep = None
-            users = json.loads(to_native(open_url(users_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
+            users = json.loads(to_native(open_url(users_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
            for user in users:
                if user['username'] == username:
@@ -792,7 +807,8 @@ class KeycloakAPI(object):

        service_account_user_url = URL_CLIENT_SERVICE_ACCOUNT_USER.format(url=self.baseurl, realm=realm, id=cid)
        try:
-            return json.loads(to_native(open_url(service_account_user_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
+            return json.loads(to_native(open_url(service_account_user_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
                                                 validate_certs=self.validate_certs).read()))
        except ValueError as e:
            self.module.fail_json(msg='API returned incorrect JSON when trying to obtain the service-account-user for realm %s and client_id %s: %s'
@@ -1222,7 +1238,7 @@ class KeycloakAPI(object):

        :param realm: Realm in which the clientscope resides.
        :param client_id: The client in which the clientscope resides.
-        :return The optinal clientscopes of this realm or client
+        :return The optional clientscopes of this realm or client
        """
        url = URL_OPTIONAL_CLIENTSCOPES if client_id is None else URL_CLIENT_OPTIONAL_CLIENTSCOPES
        return self._get_clientscopes_of_type(realm, url, 'optional', client_id)
@@ -1235,7 +1251,7 @@ class KeycloakAPI(object):

        :param realm: Realm in which the clientscope resides.
        :param url_template the template for the right type
-        :param scope_type this can be either optinal or default
+        :param scope_type this can be either optional or default
        :param client_id: The client in which the clientscope resides.
        :return The clientscopes of the specified type of this realm
        """
@@ -1257,7 +1273,7 @@ class KeycloakAPI(object):

    def _decide_url_type_clientscope(self, client_id=None, scope_type="default"):
        """Decides which url to use.
-        :param scope_type this can be either optinal or default
+        :param scope_type this can be either optional or default
        :param client_id: The client in which the clientscope resides.
        """
        if client_id is None:
@@ -1336,7 +1352,8 @@ class KeycloakAPI(object):
        clientsecret_url = URL_CLIENTSECRET.format(url=self.baseurl, realm=realm, id=id)

        try:
-            return json.loads(to_native(open_url(clientsecret_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout,
+            return json.loads(to_native(open_url(clientsecret_url, method='POST', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
                                                 validate_certs=self.validate_certs).read()))

        except HTTPError as e:
@@ -1359,7 +1376,8 @@ class KeycloakAPI(object):
        clientsecret_url = URL_CLIENTSECRET.format(url=self.baseurl, realm=realm, id=id)

        try:
-            return json.loads(to_native(open_url(clientsecret_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout,
+            return json.loads(to_native(open_url(clientsecret_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
                                                 validate_certs=self.validate_certs).read()))

        except HTTPError as e:
@@ -1502,7 +1520,7 @@ class KeycloakAPI(object):
    def get_subgroup_direct_parent(self, parents, realm="master", children_to_resolve=None):
        """ Get keycloak direct parent group API object for a given chain of parents.

-        To succesfully work the API for subgroups we actually dont need
+        To successfully work the API for subgroups we actually don't need
        to "walk the whole tree" for nested groups but only need to know
        the ID for the direct predecessor of current subgroup. This
        method will guarantee us this information getting there with
@@ -1661,7 +1679,7 @@ class KeycloakAPI(object):
        :param name: Name of the role to fetch.
        :param realm: Realm in which the role resides; default 'master'.
        """
-        role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name))
+        role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name, safe=''))
        try:
            return json.loads(to_native(open_url(role_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                                                 validate_certs=self.validate_certs).read()))
@@ -1698,7 +1716,7 @@ class KeycloakAPI(object):
        :param rolerep: A RoleRepresentation of the updated role.
        :return HTTPResponse object on success
        """
-        role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(rolerep['name']))
+        role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(rolerep['name']), safe='')
        try:
            composites = None
            if "composites" in rolerep:
@@ -1719,9 +1737,9 @@ class KeycloakAPI(object):
            if clientid is not None:
                client = self.get_client_by_clientid(client_id=clientid, realm=realm)
                cid = client['id']
-                composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"]))
+                composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"], safe=''))
            else:
-                composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"]))
+                composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"], safe=''))
            # Get existing composites
            return json.loads(to_native(open_url(
                composite_url,
@@ -1740,9 +1758,9 @@ class KeycloakAPI(object):
            if clientid is not None:
                client = self.get_client_by_clientid(client_id=clientid, realm=realm)
                cid = client['id']
-                composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"]))
+                composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"], safe=''))
            else:
-                composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"]))
+                composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"], safe=''))
            # Get existing composites
            # create new composites
            return open_url(composite_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
@@ -1757,9 +1775,9 @@ class KeycloakAPI(object):
            if clientid is not None:
                client = self.get_client_by_clientid(client_id=clientid, realm=realm)
                cid = client['id']
-                composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"]))
+                composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"], safe=''))
            else:
-                composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"]))
+                composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"], safe=''))
            # Get existing composites
            # create new composites
            return open_url(composite_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
@@ -1824,7 +1842,7 @@ class KeycloakAPI(object):
        :param name: The name of the role.
        :param realm: The realm in which this role resides, default "master".
        """
-        role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name))
+        role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name, safe=''))
        try:
            return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                            validate_certs=self.validate_certs)
@@ -1868,7 +1886,7 @@ class KeycloakAPI(object):
        if cid is None:
            self.module.fail_json(msg='Could not find client %s in realm %s'
                                      % (clientid, realm))
-        role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name))
+        role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name, safe=''))
        try:
            return json.loads(to_native(open_url(role_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                                                 validate_certs=self.validate_certs).read()))
@@ -1932,7 +1950,7 @@ class KeycloakAPI(object):
        if cid is None:
            self.module.fail_json(msg='Could not find client %s in realm %s'
                                      % (clientid, realm))
-        role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep['name']))
+        role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep['name'], safe=''))
        try:
            composites = None
            if "composites" in rolerep:
@@ -1958,7 +1976,7 @@ class KeycloakAPI(object):
        if cid is None:
            self.module.fail_json(msg='Could not find client %s in realm %s'
                                      % (clientid, realm))
-        role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name))
+        role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name, safe=''))
        try:
            return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                            validate_certs=self.validate_certs)
@@ -2018,7 +2036,7 @@ class KeycloakAPI(object):
                URL_AUTHENTICATION_FLOW_COPY.format(
                    url=self.baseurl,
                    realm=realm,
-                    copyfrom=quote(config["copyFrom"])),
+                    copyfrom=quote(config["copyFrom"], safe='')),
                method='POST',
                http_agent=self.http_agent, headers=self.restheaders,
                data=json.dumps(new_name),
@@ -2092,7 +2110,7 @@ class KeycloakAPI(object):
                URL_AUTHENTICATION_FLOW_EXECUTIONS.format(
                    url=self.baseurl,
                    realm=realm,
-                    flowalias=quote(flowAlias)),
+                    flowalias=quote(flowAlias, safe='')),
                method='PUT',
                http_agent=self.http_agent, headers=self.restheaders,
                data=json.dumps(updatedExec),
@@ -2141,7 +2159,7 @@ class KeycloakAPI(object):
                URL_AUTHENTICATION_FLOW_EXECUTIONS_FLOW.format(
                    url=self.baseurl,
                    realm=realm,
-                    flowalias=quote(flowAlias)),
+                    flowalias=quote(flowAlias, safe='')),
                method='POST',
                http_agent=self.http_agent, headers=self.restheaders,
                data=json.dumps(newSubFlow),
@@ -2165,7 +2183,7 @@ class KeycloakAPI(object):
                URL_AUTHENTICATION_FLOW_EXECUTIONS_EXECUTION.format(
                    url=self.baseurl,
                    realm=realm,
-                    flowalias=quote(flowAlias)),
+                    flowalias=quote(flowAlias, safe='')),
                method='POST',
                http_agent=self.http_agent, headers=self.restheaders,
                data=json.dumps(newExec),
@@ -2225,7 +2243,7 @@ class KeycloakAPI(object):
                    URL_AUTHENTICATION_FLOW_EXECUTIONS.format(
                        url=self.baseurl,
                        realm=realm,
-                        flowalias=quote(config["alias"])),
+                        flowalias=quote(config["alias"], safe='')),
                    method='GET',
                    http_agent=self.http_agent, headers=self.restheaders,
                    timeout=self.connection_timeout,
@@ -2318,7 +2336,7 @@ class KeycloakAPI(object):
            return open_url(
                URL_AUTHENTICATION_REQUIRED_ACTIONS_ALIAS.format(
                    url=self.baseurl,
-                    alias=quote(alias),
+                    alias=quote(alias, safe=''),
                    realm=realm
                ),
                method='PUT',
@@ -2345,7 +2363,7 @@ class KeycloakAPI(object):
            return open_url(
                URL_AUTHENTICATION_REQUIRED_ACTIONS_ALIAS.format(
                    url=self.baseurl,
-                    alias=quote(alias),
+                    alias=quote(alias, safe=''),
                    realm=realm
                ),
                method='DELETE',
@@ -2612,7 +2630,7 @@ class KeycloakAPI(object):

    def get_authz_authorization_scope_by_name(self, name, client_id, realm):
        url = URL_AUTHZ_AUTHORIZATION_SCOPES.format(url=self.baseurl, client_id=client_id, realm=realm)
-        search_url = "%s/search?name=%s" % (url, quote(name))
+        search_url = "%s/search?name=%s" % (url, quote(name, safe=''))

        try:
            return json.loads(to_native(open_url(search_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
@@ -2667,7 +2685,9 @@ class KeycloakAPI(object):
                open_url(
                    user_url,
                    method='GET',
-                    headers=self.restheaders))
+                    http_agent=self.http_agent, headers=self.restheaders,
+                    timeout=self.connection_timeout,
+                    validate_certs=self.validate_certs))
            return userrep
        except Exception as e:
            self.module.fail_json(msg='Could not get user %s in realm %s: %s'
@@ -2689,8 +2709,10 @@ class KeycloakAPI(object):
                realm=realm)
            open_url(users_url,
                     method='POST',
-                     headers=self.restheaders,
-                     data=json.dumps(userrep))
+                     http_agent=self.http_agent, headers=self.restheaders,
+                     data=json.dumps(userrep),
+                     timeout=self.connection_timeout,
+                     validate_certs=self.validate_certs)
            created_user = self.get_user_by_username(
                username=userrep['username'],
                realm=realm)
@@ -2733,8 +2755,10 @@ class KeycloakAPI(object):
            open_url(
                user_url,
                method='PUT',
-                headers=self.restheaders,
-                data=json.dumps(userrep))
+                http_agent=self.http_agent, headers=self.restheaders,
+                data=json.dumps(userrep),
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
            updated_user = self.get_user_by_id(
                user_id=userrep['id'],
                realm=realm)
@@ -2758,7 +2782,9 @@ class KeycloakAPI(object):
            return open_url(
                user_url,
                method='DELETE',
-                headers=self.restheaders)
+                http_agent=self.http_agent, headers=self.restheaders,
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
        except Exception as e:
            self.module.fail_json(msg='Could not delete user %s in realm %s: %s'
                                      % (user_id, realm, str(e)))
@@ -2780,7 +2806,9 @@ class KeycloakAPI(object):
                open_url(
                    user_groups_url,
                    method='GET',
-                    headers=self.restheaders))
+                    http_agent=self.http_agent, headers=self.restheaders,
+                    timeout=self.connection_timeout,
+                    validate_certs=self.validate_certs))
            for user_group in user_groups:
                groups.append(user_group["name"])
            return groups
@@ -2805,7 +2833,9 @@ class KeycloakAPI(object):
            return open_url(
                user_group_url,
                method='PUT',
-                headers=self.restheaders)
+                http_agent=self.http_agent, headers=self.restheaders,
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
        except Exception as e:
            self.module.fail_json(msg='Could not add user %s in group %s in realm %s: %s'
                                      % (user_id, group_id, realm, str(e)))
@@ -2827,7 +2857,9 @@ class KeycloakAPI(object):
            return open_url(
                user_group_url,
                method='DELETE',
-                headers=self.restheaders)
+                http_agent=self.http_agent, headers=self.restheaders,
+                timeout=self.connection_timeout,
+                validate_certs=self.validate_certs)
        except Exception as e:
            self.module.fail_json(msg='Could not remove user %s from group %s in realm %s: %s'
                                      % (user_id, group_id, realm, str(e)))
@@ -2847,7 +2879,7 @@ class KeycloakAPI(object):
            groups_to_add_and_remove = self.extract_groups_to_add_to_and_remove_from_user(groups)
            # If group membership need to be changed
            if not is_struct_included(groups_to_add_and_remove['add'], user_existing_groups):
-                # Get available goups in the realm
+                # Get available groups in the realm
                realm_groups = self.get_groups(realm=realm)
                for realm_group in realm_groups:
                    if "name" in realm_group and realm_group["name"] in groups_to_add_and_remove['add']:
@@ -2892,3 +2924,90 @@ class KeycloakAPI(object):
                    group_dict['name'] = group
                    list_of_groups.append(group_dict)
        return list_of_groups
+
+    def create_authz_custom_policy(self, policy_type, payload, client_id, realm):
+        """Create a custom policy for a Keycloak client"""
+        url = URL_AUTHZ_CUSTOM_POLICY.format(url=self.baseurl, policy_type=policy_type, client_id=client_id, realm=realm)
+
+        try:
+            return open_url(url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                            data=json.dumps(payload), validate_certs=self.validate_certs)
+        except Exception as e:
+            self.module.fail_json(msg='Could not create permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+
+    def remove_authz_custom_policy(self, policy_id, client_id, realm):
+        """Remove a custom policy from a Keycloak client"""
+        url = URL_AUTHZ_CUSTOM_POLICIES.format(url=self.baseurl, client_id=client_id, realm=realm)
+        delete_url = "%s/%s" % (url, policy_id)
+
+        try:
+            return open_url(delete_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                            validate_certs=self.validate_certs)
+        except Exception as e:
+            self.module.fail_json(msg='Could not delete custom policy %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
+
+    def get_authz_permission_by_name(self, name, client_id, realm):
+        """Get authorization permission by name"""
+        url = URL_AUTHZ_POLICIES.format(url=self.baseurl, client_id=client_id, realm=realm)
+        search_url = "%s/search?name=%s" % (url, name.replace(' ', '%20'))
+
+        try:
+            return json.loads(to_native(open_url(search_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
+                                                 validate_certs=self.validate_certs).read()))
+        except Exception:
+            return False
+
+    def create_authz_permission(self, payload, permission_type, client_id, realm):
+        """Create an authorization permission for a Keycloak client"""
+        url = URL_AUTHZ_PERMISSIONS.format(url=self.baseurl, permission_type=permission_type, client_id=client_id, realm=realm)
+
+        try:
+            return open_url(url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                            data=json.dumps(payload), validate_certs=self.validate_certs)
+        except Exception as e:
+            self.module.fail_json(msg='Could not create permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+
+    def remove_authz_permission(self, id, client_id, realm):
+        """Create an authorization permission for a Keycloak client"""
+        url = URL_AUTHZ_POLICY.format(url=self.baseurl, id=id, client_id=client_id, realm=realm)
+
+        try:
+            return open_url(url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                            validate_certs=self.validate_certs)
+        except Exception as e:
+            self.module.fail_json(msg='Could not delete permission %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
+
+    def update_authz_permission(self, payload, permission_type, id, client_id, realm):
+        """Update a permission for a Keycloak client"""
+        url = URL_AUTHZ_PERMISSION.format(url=self.baseurl, permission_type=permission_type, id=id, client_id=client_id, realm=realm)
+
+        try:
+            return open_url(url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
+                            data=json.dumps(payload), validate_certs=self.validate_certs)
+        except Exception as e:
+            self.module.fail_json(msg='Could not create update permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+
+    def get_authz_resource_by_name(self, name, client_id, realm):
+        """Get authorization resource by name"""
+        url = URL_AUTHZ_RESOURCES.format(url=self.baseurl, client_id=client_id, realm=realm)
+        search_url = "%s/search?name=%s" % (url, name.replace(' ', '%20'))
+
+        try:
+            return json.loads(to_native(open_url(search_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
+                                                 validate_certs=self.validate_certs).read()))
+        except Exception:
+            return False
+
+    def get_authz_policy_by_name(self, name, client_id, realm):
+        """Get authorization policy by name"""
+        url = URL_AUTHZ_POLICIES.format(url=self.baseurl, client_id=client_id, realm=realm)
+        search_url = "%s/search?name=%s&permission=false" % (url, name.replace(' ', '%20'))
+
+        try:
+            return json.loads(to_native(open_url(search_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
+                                                 validate_certs=self.validate_certs).read()))
+        except Exception:
+            return False
--- a/plugins/module_utils/ipa.py
+++ b/plugins/module_utils/ipa.py
@@ -104,7 +104,7 @@ class IPAClient(object):

    def get_ipa_version(self):
        response = self.ping()['summary']
-        ipa_ver_regex = re.compile(r'IPA server version (\d\.\d\.\d).*')
+        ipa_ver_regex = re.compile(r'IPA server version (\d+\.\d+\.\d+).*')
        version_match = ipa_ver_regex.match(response)
        ipa_version = None
        if version_match:
--- a/plugins/module_utils/ldap.py
+++ b/plugins/module_utils/ldap.py
@@ -139,5 +139,7 @@ class LdapGeneric(object):

    def _xorder_dn(self):
        # match X_ORDERed DNs
-        regex = r"\w+=\{\d+\}.+"
-        return re.match(regex, self.module.params['dn']) is not None
+        regex = r".+\{\d+\}.+"
+        explode_dn = ldap.dn.explode_dn(self.module.params['dn'])
+
+        return re.match(regex, explode_dn[0]) is not None
--- a/plugins/module_utils/locale_gen.py
+++ b/plugins/module_utils/locale_gen.py
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2023, Alexei Znamensky <russoz@gmail.com>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from ansible_collections.community.general.plugins.module_utils.cmd_runner import CmdRunner, cmd_runner_fmt
+
+
+def locale_runner(module):
+    runner = CmdRunner(
+        module,
+        command=["locale", "-a"],
+        check_rc=True,
+    )
+    return runner
+
+
+def locale_gen_runner(module):
+    runner = CmdRunner(
+        module,
+        command="locale-gen",
+        arg_formats=dict(
+            name=cmd_runner_fmt.as_list(),
+            purge=cmd_runner_fmt.as_fixed('--purge'),
+        ),
+        check_rc=True,
+    )
+    return runner
--- a/plugins/module_utils/memset.py
+++ b/plugins/module_utils/memset.py
@@ -14,8 +14,9 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type

 from ansible.module_utils.six.moves.urllib.parse import urlencode
-from ansible.module_utils.urls import open_url, urllib_error
+from ansible.module_utils.urls import open_url
 from ansible.module_utils.basic import json
+import ansible.module_utils.six.moves.urllib.error as urllib_error


 class Response(object):
@@ -78,7 +79,7 @@ def memset_api_call(api_key, api_method, payload=None):
            msg = "Memset API returned an error ({0}, {1})." . format(response.json()['error_type'], response.json()['error'])
    except urllib_error.URLError as e:
        has_failed = True
-        msg = "An URLError occured ({0})." . format(type(e))
+        msg = "An URLError occurred ({0})." . format(type(e))
        response.stderr = "{0}" . format(e)

    if msg is None:
--- a/plugins/module_utils/net_tools/pritunl/api.py
+++ b/plugins/module_utils/net_tools/pritunl/api.py
@@ -79,7 +79,7 @@ def _post_pritunl_organization(
        api_secret=api_secret,
        base_url=base_url,
        method="POST",
-        path="/organization/%s",
+        path="/organization",
        headers={"Content-Type": "application/json"},
        data=json.dumps(organization_data),
        validate_certs=validate_certs,
@@ -220,7 +220,7 @@ def post_pritunl_organization(
        api_secret=api_secret,
        base_url=base_url,
        organization_data={"name": organization_name},
-        validate_certs=True,
+        validate_certs=validate_certs,
    )

    if response.getcode() != 200:
@@ -248,7 +248,7 @@ def post_pritunl_user(
            base_url=base_url,
            organization_id=organization_id,
            user_data=user_data,
-            validate_certs=True,
+            validate_certs=validate_certs,
        )

        if response.getcode() != 200:
@@ -267,7 +267,7 @@ def post_pritunl_user(
            organization_id=organization_id,
            user_data=user_data,
            user_id=user_id,
-            validate_certs=True,
+            validate_certs=validate_certs,
        )

        if response.getcode() != 200:
@@ -287,7 +287,7 @@ def delete_pritunl_organization(
        api_secret=api_secret,
        base_url=base_url,
        organization_id=organization_id,
-        validate_certs=True,
+        validate_certs=validate_certs,
    )

    if response.getcode() != 200:
@@ -307,7 +307,7 @@ def delete_pritunl_user(
        base_url=base_url,
        organization_id=organization_id,
        user_id=user_id,
-        validate_certs=True,
+        validate_certs=validate_certs,
    )

    if response.getcode() != 200:
@@ -331,7 +331,7 @@ def pritunl_auth_request(
 ):
    """
    Send an API call to a Pritunl server.
-    Taken from https://pritunl.com/api and adaped work with Ansible open_url
+    Taken from https://pritunl.com/api and adapted to work with Ansible open_url
    """
    auth_timestamp = str(int(time.time()))
    auth_nonce = uuid.uuid4().hex
--- a/plugins/module_utils/ocapi_utils.py
+++ b/plugins/module_utils/ocapi_utils.py
@@ -432,7 +432,7 @@ class OcapiUtils(object):
            else:
                return response
        details = response["data"]["Status"].get("Details")
-        if type(details) is str:
+        if isinstance(details, str):
            details = [details]
        health_list = response["data"]["Status"]["Health"]
        return_value = {
--- a/plugins/module_utils/oracle/oci_utils.py
+++ b/plugins/module_utils/oracle/oci_utils.py
@@ -434,7 +434,7 @@ def check_and_update_attributes(
    target_instance, attr_name, input_value, existing_value, changed
 ):
    """
-    This function checks the difference between two resource attributes of literal types and sets the attrbute
+    This function checks the difference between two resource attributes of literal types and sets the attribute
    value in the target instance type holding the attribute.
    :param target_instance: The instance which contains the attribute whose values to be compared
    :param attr_name: Name of the attribute whose value required to be compared
@@ -561,7 +561,7 @@ def are_lists_equal(s, t):
    if s is None and t is None:
        return True

-    if (s is None and len(t) >= 0) or (t is None and len(s) >= 0) or (len(s) != len(t)):
+    if s is None or t is None or (len(s) != len(t)):
        return False

    if len(s) == 0:
@@ -570,7 +570,7 @@ def are_lists_equal(s, t):
    s = to_dict(s)
    t = to_dict(t)

-    if type(s[0]) == dict:
+    if isinstance(s[0], dict):
        # Handle list of dicts. Dictionary returned by the API may have additional keys. For example, a get call on
        # service gateway has an attribute `services` which is a list of `ServiceIdResponseDetails`. This has a key
        # `service_name` which is not provided in the list of `services` by a user while making an update call; only
@@ -604,9 +604,9 @@ def get_attr_to_update(get_fn, kwargs_get, module, update_attributes):
        user_provided_attr_value = module.params.get(attr, None)

        unequal_list_attr = (
-            type(resources_attr_value) == list or type(user_provided_attr_value) == list
+            isinstance(resources_attr_value, list) or isinstance(user_provided_attr_value, list)
        ) and not are_lists_equal(user_provided_attr_value, resources_attr_value)
-        unequal_attr = type(resources_attr_value) != list and to_dict(
+        unequal_attr = not isinstance(resources_attr_value, list) and to_dict(
            resources_attr_value
        ) != to_dict(user_provided_attr_value)
        if unequal_list_attr or unequal_attr:
@@ -785,7 +785,7 @@ def _get_attributes_to_consider(exclude_attributes, model, module):
        attributes_to_consider = list(model.attribute_map)
        if "freeform_tags" in attributes_to_consider:
            attributes_to_consider.remove("freeform_tags")
-        # Temporarily removing node_count as the exisiting resource does not reflect it
+        # Temporarily removing node_count as the existing resource does not reflect it
        if "node_count" in attributes_to_consider:
            attributes_to_consider.remove("node_count")
    _debug("attributes to consider: {0}".format(attributes_to_consider))
@@ -936,9 +936,9 @@ def tuplize(d):
    list_of_tuples = []
    key_list = sorted(list(d.keys()))
    for key in key_list:
-        if type(d[key]) == list:
+        if isinstance(d[key], list):
            # Convert a value which is itself a list of dict to a list of tuples.
-            if d[key] and type(d[key][0]) == dict:
+            if d[key] and isinstance(d[key][0], dict):
                sub_tuples = []
                for sub_dict in d[key]:
                    sub_tuples.append(tuplize(sub_dict))
@@ -948,7 +948,7 @@ def tuplize(d):
                list_of_tuples.append((sub_tuples is None, key, sub_tuples))
            else:
                list_of_tuples.append((d[key] is None, key, d[key]))
-        elif type(d[key]) == dict:
+        elif isinstance(d[key], dict):
            tupled_value = tuplize(d[key])
            list_of_tuples.append((tupled_value is None, key, tupled_value))
        else:
@@ -969,13 +969,13 @@ def sort_dictionary(d):
    """
    sorted_d = {}
    for key in d:
-        if type(d[key]) == list:
-            if d[key] and type(d[key][0]) == dict:
+        if isinstance(d[key], list):
+            if d[key] and isinstance(d[key][0], dict):
                sorted_value = sort_list_of_dictionary(d[key])
                sorted_d[key] = sorted_value
            else:
                sorted_d[key] = sorted(d[key])
-        elif type(d[key]) == dict:
+        elif isinstance(d[key], dict):
            sorted_d[key] = sort_dictionary(d[key])
        else:
            sorted_d[key] = d[key]
@@ -1026,10 +1026,7 @@ def check_if_user_value_matches_resources_attr(
            return

        if (
-            resources_value_for_attr is None
-            and len(user_provided_value_for_attr) >= 0
-            or user_provided_value_for_attr is None
-            and len(resources_value_for_attr) >= 0
+            resources_value_for_attr is None or user_provided_value_for_attr is None
        ):
            res[0] = False
            return
@@ -1044,7 +1041,7 @@ def check_if_user_value_matches_resources_attr(

        if (
            user_provided_value_for_attr
-            and type(user_provided_value_for_attr[0]) == dict
+            and isinstance(user_provided_value_for_attr[0], dict)
        ):
            # Process a list of dict
            sorted_user_provided_value_for_attr = sort_list_of_dictionary(
@@ -1532,7 +1529,7 @@ def delete_and_wait(
                                result[resource_type] = resource
                                return result
                        # oci.wait_until() returns an instance of oci.util.Sentinel in case the resource is not found.
-                        if type(wait_response) is not Sentinel:
+                        if not isinstance(wait_response, Sentinel):
                            resource = to_dict(wait_response.data)
                        else:
                            resource["lifecycle_state"] = "DELETED"
@@ -1547,7 +1544,7 @@ def delete_and_wait(
    except ServiceError as ex:
        # DNS API throws a 400 InvalidParameter when a zone id is provided for zone_name_or_id and if the zone
        # resource is not available, instead of the expected 404. So working around this for now.
-        if type(client) == oci.dns.DnsClient:
+        if isinstance(client, oci.dns.DnsClient):
            if ex.status == 400 and ex.code == "InvalidParameter":
                _debug(
                    "Resource {0} with {1} already deleted. So returning changed=False".format(
@@ -1774,7 +1771,7 @@ def update_class_type_attr_difference(
 ):
    """
    Checks the difference and updates an attribute which is represented by a class
-    instance. Not aplicable if the attribute type is a primitive value.
+    instance. Not applicable if the attribute type is a primitive value.
    For example, if a class name is A with an attribute x, then if A.x = X(), then only
    this method works.
    :param update_class_details The instance which should be updated if there is change in
@@ -1936,7 +1933,7 @@ def get_target_resource_from_list(
    module, list_resource_fn, target_resource_id=None, **kwargs
 ):
    """
-    Returns a resource filtered by identifer from a list of resources. This method should be
+    Returns a resource filtered by identifier from a list of resources. This method should be
    used as an alternative of 'get resource' method when 'get resource' is nor provided by
    resource api. This method returns a wrapper of response object but that should not be
    used as an input to 'wait_until' utility as this is only a partial wrapper of response object.
--- a/plugins/module_utils/pipx.py
+++ b/plugins/module_utils/pipx.py
@@ -42,7 +42,7 @@ def pipx_runner(module, command, **kwargs):
            system_site_packages=fmt.as_bool("--system-site-packages"),
            _list=fmt.as_fixed(['list', '--include-injected', '--json']),
            editable=fmt.as_bool("--editable"),
-            pip_args=fmt.as_opt_val('--pip-args'),
+            pip_args=fmt.as_opt_eq_val('--pip-args'),
        ),
        environ_update={'USE_EMOJI': '0'},
        check_rc=True,
--- a/plugins/module_utils/proxmox.py
+++ b/plugins/module_utils/proxmox.py
@@ -18,6 +18,7 @@ import traceback
 PROXMOXER_IMP_ERR = None
 try:
    from proxmoxer import ProxmoxAPI
+    from proxmoxer import __version__ as proxmoxer_version
    HAS_PROXMOXER = True
 except ImportError:
    HAS_PROXMOXER = False
@@ -79,6 +80,7 @@ class ProxmoxAnsible(object):
            module.fail_json(msg=missing_required_lib('proxmoxer'), exception=PROXMOXER_IMP_ERR)

        self.module = module
+        self.proxmoxer_version = proxmoxer_version
        self.proxmox_api = self._connect()
        # Test token validity
        try:
@@ -98,6 +100,8 @@ class ProxmoxAnsible(object):
        if api_password:
            auth_args['password'] = api_password
        else:
+            if self.proxmoxer_version < LooseVersion('1.1.0'):
+                self.module.fail_json('Using "token_name" and "token_value" require proxmoxer>=1.1.0')
            auth_args['token_name'] = api_token_id
            auth_args['token_value'] = api_token_secret

--- a/plugins/module_utils/puppet.py
+++ b/plugins/module_utils/puppet.py
@@ -107,5 +107,6 @@ def puppet_runner(module):
            verbose=cmd_runner_fmt.as_bool("--verbose"),
        ),
        check_rc=False,
+        force_lang=module.params["environment_lang"],
    )
    return runner
--- a/plugins/module_utils/redfish_utils.py
+++ b/plugins/module_utils/redfish_utils.py
@@ -10,6 +10,8 @@ import json
 import os
 import random
 import string
+import gzip
+from io import BytesIO
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.common.text.converters import to_native
 from ansible.module_utils.common.text.converters import to_text
@@ -18,6 +20,8 @@ from ansible.module_utils.six import text_type
 from ansible.module_utils.six.moves import http_client
 from ansible.module_utils.six.moves.urllib.error import URLError, HTTPError
 from ansible.module_utils.six.moves.urllib.parse import urlparse
+from ansible.module_utils.ansible_release import __version__ as ansible_version
+from ansible_collections.community.general.plugins.module_utils.version import LooseVersion

 GET_HEADERS = {'accept': 'application/json', 'OData-Version': '4.0'}
 POST_HEADERS = {'content-type': 'application/json', 'accept': 'application/json',
@@ -128,8 +132,10 @@ class RedfishUtils(object):
        return resp

    # The following functions are to send GET/POST/PATCH/DELETE requests
-    def get_request(self, uri):
+    def get_request(self, uri, override_headers=None, allow_no_resp=False):
        req_headers = dict(GET_HEADERS)
+        if override_headers:
+            req_headers.update(override_headers)
        username, password, basic_auth = self._auth_params(req_headers)
        try:
            # Service root is an unauthenticated resource; remove credentials
@@ -141,8 +147,19 @@ class RedfishUtils(object):
                            force_basic_auth=basic_auth, validate_certs=False,
                            follow_redirects='all',
                            use_proxy=True, timeout=self.timeout)
-            data = json.loads(to_native(resp.read()))
            headers = dict((k.lower(), v) for (k, v) in resp.info().items())
+            try:
+                if headers.get('content-encoding') == 'gzip' and LooseVersion(ansible_version) < LooseVersion('2.14'):
+                    # Older versions of Ansible do not automatically decompress the data
+                    # Starting in 2.14, open_url will decompress the response data by default
+                    data = json.loads(to_native(gzip.open(BytesIO(resp.read()), 'rt', encoding='utf-8').read()))
+                else:
+                    data = json.loads(to_native(resp.read()))
+            except Exception as e:
+                # No response data; this is okay in certain cases
+                data = None
+                if not allow_no_resp:
+                    raise
        except HTTPError as e:
            msg = self._get_extended_message(e)
            return {'ret': False,
@@ -318,7 +335,7 @@ class RedfishUtils(object):
        found in ansible.module_utils.urls, but it takes files and encodes them
        as Base64 strings, which is not expected by Redfish services.  It also
        adds escaping of certain bytes in the payload, such as inserting '\r'
-        any time it finds a standlone '\n', which corrupts the image payload
+        any time it finds a standalone '\n', which corrupts the image payload
        send to the service.  This implementation is simplified to Redfish's
        usage and doesn't necessarily represent an exhaustive method of
        building multipart requests.
@@ -717,7 +734,8 @@ class RedfishUtils(object):
        properties = ['CacheSummary', 'FirmwareVersion', 'Identifiers',
                      'Location', 'Manufacturer', 'Model', 'Name', 'Id',
                      'PartNumber', 'SerialNumber', 'SpeedGbps', 'Status']
-        key = "StorageControllers"
+        key = "Controllers"
+        deprecated_key = "StorageControllers"

        # Find Storage service
        response = self.get_request(self.root_uri + systems_uri)
@@ -745,7 +763,30 @@ class RedfishUtils(object):
                data = response['data']

                if key in data:
-                    controller_list = data[key]
+                    controllers_uri = data[key][u'@odata.id']
+
+                    response = self.get_request(self.root_uri + controllers_uri)
+                    if response['ret'] is False:
+                        return response
+                    result['ret'] = True
+                    data = response['data']
+
+                    if data[u'Members']:
+                        for controller_member in data[u'Members']:
+                            controller_member_uri = controller_member[u'@odata.id']
+                            response = self.get_request(self.root_uri + controller_member_uri)
+                            if response['ret'] is False:
+                                return response
+                            result['ret'] = True
+                            data = response['data']
+
+                            controller_result = {}
+                            for property in properties:
+                                if property in data:
+                                    controller_result[property] = data[property]
+                            controller_results.append(controller_result)
+                elif deprecated_key in data:
+                    controller_list = data[deprecated_key]
                    for controller in controller_list:
                        controller_result = {}
                        for property in properties:
@@ -767,7 +808,7 @@ class RedfishUtils(object):
        properties = ['BlockSizeBytes', 'CapableSpeedGbs', 'CapacityBytes',
                      'EncryptionAbility', 'EncryptionStatus',
                      'FailurePredicted', 'HotspareType', 'Id', 'Identifiers',
-                      'Manufacturer', 'MediaType', 'Model', 'Name',
+                      'Links', 'Manufacturer', 'MediaType', 'Model', 'Name',
                      'PartNumber', 'PhysicalLocation', 'Protocol', 'Revision',
                      'RotationSpeedRPM', 'SerialNumber', 'Status']

@@ -800,7 +841,25 @@ class RedfishUtils(object):
                        return response
                    data = response['data']
                    controller_name = 'Controller 1'
-                    if 'StorageControllers' in data:
+                    if 'Controllers' in data:
+                        controllers_uri = data['Controllers'][u'@odata.id']
+
+                        response = self.get_request(self.root_uri + controllers_uri)
+                        if response['ret'] is False:
+                            return response
+                        result['ret'] = True
+                        cdata = response['data']
+
+                        if cdata[u'Members']:
+                            controller_member_uri = cdata[u'Members'][0][u'@odata.id']
+
+                            response = self.get_request(self.root_uri + controller_member_uri)
+                            if response['ret'] is False:
+                                return response
+                            result['ret'] = True
+                            cdata = response['data']
+                            controller_name = cdata['Name']
+                    elif 'StorageControllers' in data:
                        sc = data['StorageControllers']
                        if sc:
                            if 'Name' in sc[0]:
@@ -819,7 +878,12 @@ class RedfishUtils(object):
                            for property in properties:
                                if property in data:
                                    if data[property] is not None:
-                                        drive_result[property] = data[property]
+                                        if property == "Links":
+                                            if "Volumes" in data["Links"].keys():
+                                                volumes = [v["@odata.id"] for v in data["Links"]["Volumes"]]
+                                                drive_result["Volumes"] = volumes
+                                        else:
+                                            drive_result[property] = data[property]
                            drive_results.append(drive_result)
                    drives = {'Controller': controller_name,
                              'Drives': drive_results}
@@ -897,14 +961,32 @@ class RedfishUtils(object):
            if data.get('Members'):
                for controller in data[u'Members']:
                    controller_list.append(controller[u'@odata.id'])
-                for c in controller_list:
+                for idx, c in enumerate(controller_list):
                    uri = self.root_uri + c
                    response = self.get_request(uri)
                    if response['ret'] is False:
                        return response
                    data = response['data']
-                    controller_name = 'Controller 1'
-                    if 'StorageControllers' in data:
+                    controller_name = 'Controller %s' % str(idx)
+                    if 'Controllers' in data:
+                        response = self.get_request(self.root_uri + data['Controllers'][u'@odata.id'])
+                        if response['ret'] is False:
+                            return response
+                        c_data = response['data']
+
+                        if c_data.get('Members') and c_data['Members']:
+                            response = self.get_request(self.root_uri + c_data['Members'][0][u'@odata.id'])
+                            if response['ret'] is False:
+                                return response
+                            member_data = response['data']
+
+                            if member_data:
+                                if 'Name' in member_data:
+                                    controller_name = member_data['Name']
+                                else:
+                                    controller_id = member_data.get('Id', '1')
+                                    controller_name = 'Controller %s' % controller_id
+                    elif 'StorageControllers' in data:
                        sc = data['StorageControllers']
                        if sc:
                            if 'Name' in sc[0]:
@@ -913,6 +995,7 @@ class RedfishUtils(object):
                                sc_id = sc[0].get('Id', '1')
                                controller_name = 'Controller %s' % sc_id
                    volume_results = []
+                    volume_list = []
                    if 'Volumes' in data:
                        # Get a list of all volumes and build respective URIs
                        volumes_uri = data[u'Volumes'][u'@odata.id']
@@ -1013,7 +1096,12 @@ class RedfishUtils(object):
        # command should be PowerOn, PowerForceOff, etc.
        if not command.startswith('Power'):
            return {'ret': False, 'msg': 'Invalid Command (%s)' % command}
-        reset_type = command[5:]
+
+        # Commands (except PowerCycle) will be stripped of the 'Power' prefix
+        if command == 'PowerCycle':
+            reset_type = command
+        else:
+            reset_type = command[5:]

        # map Reboot to a ResetType that does a reboot
        if reset_type == 'Reboot':
@@ -1121,7 +1209,8 @@ class RedfishUtils(object):
        user_list = []
        users_results = []
        # Get these entries, but does not fail if not found
-        properties = ['Id', 'Name', 'UserName', 'RoleId', 'Locked', 'Enabled']
+        properties = ['Id', 'Name', 'UserName', 'RoleId', 'Locked', 'Enabled',
+                      'AccountTypes', 'OEMAccountTypes']

        response = self.get_request(self.root_uri + self.accounts_uri)
        if response['ret'] is False:
@@ -1144,6 +1233,12 @@ class RedfishUtils(object):
                if property in data:
                    user[property] = data[property]

+            # Filter out empty account slots
+            # An empty account slot can be detected if the username is an empty
+            # string and if the account is disabled
+            if user.get('UserName', '') == '' and not user.get('Enabled', False):
+                continue
+
            users_results.append(user)
        result["entries"] = users_results
        return result
@@ -1166,6 +1261,10 @@ class RedfishUtils(object):
            payload['Password'] = user.get('account_password')
        if user.get('account_roleid'):
            payload['RoleId'] = user.get('account_roleid')
+        if user.get('account_accounttypes'):
+            payload['AccountTypes'] = user.get('account_accounttypes')
+        if user.get('account_oemaccounttypes'):
+            payload['OEMAccountTypes'] = user.get('account_oemaccounttypes')
        return self.patch_request(self.root_uri + uri, payload, check_pyld=True)

    def add_user(self, user):
@@ -1196,6 +1295,10 @@ class RedfishUtils(object):
            payload['Password'] = user.get('account_password')
        if user.get('account_roleid'):
            payload['RoleId'] = user.get('account_roleid')
+        if user.get('account_accounttypes'):
+            payload['AccountTypes'] = user.get('account_accounttypes')
+        if user.get('account_oemaccounttypes'):
+            payload['OEMAccountTypes'] = user.get('account_oemaccounttypes')
        if user.get('account_id'):
            payload['Id'] = user.get('account_id')

@@ -1465,29 +1568,37 @@ class RedfishUtils(object):

    def _software_inventory(self, uri):
        result = {}
-        response = self.get_request(self.root_uri + uri)
-        if response['ret'] is False:
-            return response
-        result['ret'] = True
-        data = response['data']
-
        result['entries'] = []
-        for member in data[u'Members']:
-            uri = self.root_uri + member[u'@odata.id']
-            # Get details for each software or firmware member
-            response = self.get_request(uri)
+
+        while uri:
+            response = self.get_request(self.root_uri + uri)
            if response['ret'] is False:
                return response
            result['ret'] = True
+
            data = response['data']
-            software = {}
-            # Get these standard properties if present
-            for key in ['Name', 'Id', 'Status', 'Version', 'Updateable',
-                        'SoftwareId', 'LowestSupportedVersion', 'Manufacturer',
-                        'ReleaseDate']:
-                if key in data:
-                    software[key] = data.get(key)
-            result['entries'].append(software)
+            if data.get('Members@odata.nextLink'):
+                uri = data.get('Members@odata.nextLink')
+            else:
+                uri = None
+
+            for member in data[u'Members']:
+                fw_uri = self.root_uri + member[u'@odata.id']
+                # Get details for each software or firmware member
+                response = self.get_request(fw_uri)
+                if response['ret'] is False:
+                    return response
+                result['ret'] = True
+                data = response['data']
+                software = {}
+                # Get these standard properties if present
+                for key in ['Name', 'Id', 'Status', 'Version', 'Updateable',
+                            'SoftwareId', 'LowestSupportedVersion', 'Manufacturer',
+                            'ReleaseDate']:
+                    if key in data:
+                        software[key] = data.get(key)
+                result['entries'].append(software)
+
        return result

    def get_firmware_inventory(self):
@@ -1555,7 +1666,10 @@ class RedfishUtils(object):

            # Scan the messages to see if next steps are needed
            for message in operation_results['messages']:
-                message_id = message['MessageId']
+                message_id = message.get('MessageId')
+                if message_id is None:
+                    # While this is invalid, treat the lack of a MessageId as "no message"
+                    continue

                if message_id.startswith('Update.1.') and message_id.endswith('.OperationTransitionedToJob'):
                    # Operation rerouted to a job; update the status and handle
@@ -1651,6 +1765,7 @@ class RedfishUtils(object):
        image_file = update_opts.get('update_image_file')
        targets = update_opts.get('update_targets')
        apply_time = update_opts.get('update_apply_time')
+        oem_params = update_opts.get('update_oem_params')

        # Ensure the image file is provided
        if not image_file:
@@ -1681,6 +1796,8 @@ class RedfishUtils(object):
            payload["Targets"] = targets
        if apply_time:
            payload["@Redfish.OperationApplyTime"] = apply_time
+        if oem_params:
+            payload["Oem"] = oem_params
        multipart_payload = {
            'UpdateParameters': {'content': json.dumps(payload), 'mime_type': 'application/json'},
            'UpdateFile': {'filename': image_file, 'content': image_payload, 'mime_type': 'application/octet-stream'}
@@ -1704,7 +1821,7 @@ class RedfishUtils(object):
            return {'ret': False, 'msg': 'Must provide a handle tracking the update.'}

        # Get the task or job tracking the update
-        response = self.get_request(self.root_uri + update_handle)
+        response = self.get_request(self.root_uri + update_handle, allow_no_resp=True)
        if response['ret'] is False:
            return response

@@ -2262,7 +2379,7 @@ class RedfishUtils(object):
        key = "Processors"
        # Get these entries, but does not fail if not found
        properties = ['Id', 'Name', 'Manufacturer', 'Model', 'MaxSpeedMHz',
-                      'TotalCores', 'TotalThreads', 'Status']
+                      'ProcessorArchitecture', 'TotalCores', 'TotalThreads', 'Status']

        # Search for 'key' entry and extract URI from it
        response = self.get_request(self.root_uri + systems_uri)
@@ -2366,7 +2483,7 @@ class RedfishUtils(object):
        result = {}
        properties = ['Name', 'Id', 'Description', 'FQDN', 'IPv4Addresses', 'IPv6Addresses',
                      'NameServers', 'MACAddress', 'PermanentMACAddress',
-                      'SpeedMbps', 'MTUSize', 'AutoNeg', 'Status']
+                      'SpeedMbps', 'MTUSize', 'AutoNeg', 'Status', 'LinkStatus']
        response = self.get_request(self.root_uri + resource_uri)
        if response['ret'] is False:
            return response
@@ -2798,8 +2915,7 @@ class RedfishUtils(object):

        # Get a list of all Chassis and build URIs, then get all PowerSupplies
        # from each Power entry in the Chassis
-        chassis_uri_list = self.chassis_uris
-        for chassis_uri in chassis_uri_list:
+        for chassis_uri in self.chassis_uris:
            response = self.get_request(self.root_uri + chassis_uri)
            if response['ret'] is False:
                return response
@@ -3255,7 +3371,7 @@ class RedfishUtils(object):
        result = {}
        inventory = {}
        # Get these entries, but does not fail if not found
-        properties = ['FirmwareVersion', 'ManagerType', 'Manufacturer', 'Model',
+        properties = ['Id', 'FirmwareVersion', 'ManagerType', 'Manufacturer', 'Model',
                      'PartNumber', 'PowerState', 'SerialNumber', 'Status', 'UUID']

        response = self.get_request(self.root_uri + manager_uri)
@@ -3338,34 +3454,285 @@ class RedfishUtils(object):

        return self.patch_request(self.root_uri + secure_boot_url, body, check_pyld=True)

+    def set_secure_boot(self, secure_boot_enable):
+        # This function enable Secure Boot on an OOB controller
+
+        response = self.get_request(self.root_uri + self.systems_uri)
+        if response["ret"] is False:
+            return response
+
+        server_details = response["data"]
+        secure_boot_url = server_details["SecureBoot"]["@odata.id"]
+
+        response = self.get_request(self.root_uri + secure_boot_url)
+        if response["ret"] is False:
+            return response
+
+        body = {}
+        body["SecureBootEnable"] = secure_boot_enable
+
+        return self.patch_request(self.root_uri + secure_boot_url, body, check_pyld=True)
+
    def get_hpe_thermal_config(self):
        result = {}
        key = "Thermal"
        # Go through list
-        for chassis_uri in self.chassis_uri_list:
+        for chassis_uri in self.chassis_uris:
            response = self.get_request(self.root_uri + chassis_uri)
            if response['ret'] is False:
                return response
            result['ret'] = True
            data = response['data']
-            oem = data.get['Oem']
-            hpe = oem.get['Hpe']
-            thermal_config = hpe.get('ThermalConfiguration')
-        result["current_thermal_config"] = thermal_config
-        return result
+            val = data.get('Oem', {}).get('Hpe', {}).get('ThermalConfiguration')
+            if val is not None:
+                return {"ret": True, "current_thermal_config": val}
+        return {"ret": False}

    def get_hpe_fan_percent_min(self):
        result = {}
        key = "Thermal"
        # Go through list
-        for chassis_uri in self.chassis_uri_list:
+        for chassis_uri in self.chassis_uris:
            response = self.get_request(self.root_uri + chassis_uri)
            if response['ret'] is False:
                return response
-            result['ret'] = True
            data = response['data']
-            oem = data.get['Oem']
-            hpe = oem.get['Hpe']
-            fan_percent_min_config = hpe.get('FanPercentMinimum')
-        result["fan_percent_min"] = fan_percent_min_config
-        return result
+            val = data.get('Oem', {}).get('Hpe', {}).get('FanPercentMinimum')
+            if val is not None:
+                return {"ret": True, "fan_percent_min": val}
+        return {"ret": False}
+
+    def delete_volumes(self, storage_subsystem_id, volume_ids):
+        # Find the Storage resource from the requested ComputerSystem resource
+        response = self.get_request(self.root_uri + self.systems_uri)
+        if response['ret'] is False:
+            return response
+        data = response['data']
+        storage_uri = data.get('Storage', {}).get('@odata.id')
+        if storage_uri is None:
+            return {'ret': False, 'msg': 'Storage resource not found'}
+
+        # Get Storage Collection
+        response = self.get_request(self.root_uri + storage_uri)
+        if response['ret'] is False:
+            return response
+        data = response['data']
+
+        # Collect Storage Subsystems
+        self.storage_subsystems_uris = [i['@odata.id'] for i in response['data'].get('Members', [])]
+        if not self.storage_subsystems_uris:
+            return {
+                'ret': False,
+                'msg': "StorageCollection's Members array is either empty or missing"}
+
+        # Matching Storage Subsystem ID with user input
+        self.storage_subsystem_uri = ""
+        for storage_subsystem_uri in self.storage_subsystems_uris:
+            if storage_subsystem_uri.split("/")[-2] == storage_subsystem_id:
+                self.storage_subsystem_uri = storage_subsystem_uri
+
+        if not self.storage_subsystem_uri:
+            return {
+                'ret': False,
+                'msg': "Provided Storage Subsystem ID %s does not exist on the server" % storage_subsystem_id}
+
+        # Get Volume Collection
+        response = self.get_request(self.root_uri + self.storage_subsystem_uri)
+        if response['ret'] is False:
+            return response
+        data = response['data']
+
+        response = self.get_request(self.root_uri + data['Volumes']['@odata.id'])
+        if response['ret'] is False:
+            return response
+        data = response['data']
+
+        # Collect Volumes
+        self.volume_uris = [i['@odata.id'] for i in response['data'].get('Members', [])]
+        if not self.volume_uris:
+            return {
+                'ret': True, 'changed': False,
+                'msg': "VolumeCollection's Members array is either empty or missing"}
+
+        # Delete each volume
+        for volume in self.volume_uris:
+            if volume.split("/")[-1] in volume_ids:
+                response = self.delete_request(self.root_uri + volume)
+                if response['ret'] is False:
+                    return response
+
+        return {'ret': True, 'changed': True,
+                'msg': "The following volumes were deleted: %s" % str(volume_ids)}
+
+    def create_volume(self, volume_details, storage_subsystem_id):
+        # Find the Storage resource from the requested ComputerSystem resource
+        response = self.get_request(self.root_uri + self.systems_uri)
+        if response['ret'] is False:
+            return response
+        data = response['data']
+        storage_uri = data.get('Storage', {}).get('@odata.id')
+        if storage_uri is None:
+            return {'ret': False, 'msg': 'Storage resource not found'}
+
+        # Get Storage Collection
+        response = self.get_request(self.root_uri + storage_uri)
+        if response['ret'] is False:
+            return response
+        data = response['data']
+
+        # Collect Storage Subsystems
+        self.storage_subsystems_uris = [i['@odata.id'] for i in response['data'].get('Members', [])]
+        if not self.storage_subsystems_uris:
+            return {
+                'ret': False,
+                'msg': "StorageCollection's Members array is either empty or missing"}
+
+        # Matching Storage Subsystem ID with user input
+        self.storage_subsystem_uri = ""
+        for storage_subsystem_uri in self.storage_subsystems_uris:
+            if storage_subsystem_uri.split("/")[-2] == storage_subsystem_id:
+                self.storage_subsystem_uri = storage_subsystem_uri
+
+        if not self.storage_subsystem_uri:
+            return {
+                'ret': False,
+                'msg': "Provided Storage Subsystem ID %s does not exist on the server" % storage_subsystem_id}
+
+        # Validate input parameters
+        required_parameters = ['RAIDType', 'Drives', 'CapacityBytes']
+        allowed_parameters = ['DisplayName', 'InitializeMethod', 'MediaSpanCount',
+                              'Name', 'ReadCachePolicy', 'StripSizeBytes', 'VolumeUsage', 'WriteCachePolicy']
+
+        for parameter in required_parameters:
+            if not volume_details.get(parameter):
+                return {
+                    'ret': False,
+                    'msg': "%s are required parameter to create a volume" % str(required_parameters)}
+
+        # Navigate to the volume uri of the correct storage subsystem
+        response = self.get_request(self.root_uri + self.storage_subsystem_uri)
+        if response['ret'] is False:
+            return response
+        data = response['data']
+
+        # Deleting any volumes of RAIDType None present on the Storage Subsystem
+        response = self.get_request(self.root_uri + data['Volumes']['@odata.id'])
+        if response['ret'] is False:
+            return response
+        volume_data = response['data']
+
+        if "Members" in volume_data:
+            for member in volume_data["Members"]:
+                response = self.get_request(self.root_uri + member['@odata.id'])
+                if response['ret'] is False:
+                    return response
+                member_data = response['data']
+
+                if member_data["RAIDType"] == "None":
+                    response = self.delete_request(self.root_uri + member['@odata.id'])
+                    if response['ret'] is False:
+                        return response
+
+        # Construct payload and issue POST command to create volume
+        volume_details["Links"] = {}
+        volume_details["Links"]["Drives"] = []
+        for drive in volume_details["Drives"]:
+            volume_details["Links"]["Drives"].append({"@odata.id": drive})
+        del volume_details["Drives"]
+        payload = volume_details
+        response = self.post_request(self.root_uri + data['Volumes']['@odata.id'], payload)
+        if response['ret'] is False:
+            return response
+
+        return {'ret': True, 'changed': True,
+                'msg': "Volume Created"}
+
+    def get_bios_registries(self):
+        # Get /redfish/v1
+        response = self.get_request(self.root_uri + self.systems_uri)
+        if not response["ret"]:
+            return response
+
+        server_details = response["data"]
+
+        # Get Registries URI
+        if "Bios" not in server_details:
+            msg = "Getting BIOS URI failed, Key 'Bios' not found in /redfish/v1/Systems/1/ response: %s"
+            return {
+                "ret": False,
+                "msg": msg % str(server_details)
+            }
+
+        bios_uri = server_details["Bios"]["@odata.id"]
+        bios_resp = self.get_request(self.root_uri + bios_uri)
+        if not bios_resp["ret"]:
+            return bios_resp
+
+        bios_data = bios_resp["data"]
+        attribute_registry = bios_data["AttributeRegistry"]
+
+        reg_uri = self.root_uri + self.service_root + "Registries/" + attribute_registry
+        reg_resp = self.get_request(reg_uri)
+        if not reg_resp["ret"]:
+            return reg_resp
+
+        reg_data = reg_resp["data"]
+
+        # Get BIOS attribute registry URI
+        lst = []
+
+        # Get the location URI
+        response = self.check_location_uri(reg_data, reg_uri)
+        if not response["ret"]:
+            return response
+
+        rsp_data, rsp_uri = response["rsp_data"], response["rsp_uri"]
+
+        if "RegistryEntries" not in rsp_data:
+            return {
+                "msg": "'RegistryEntries' not present in %s response, %s" % (rsp_uri, str(rsp_data)),
+                "ret": False
+            }
+
+        return {
+            "bios_registry": rsp_data,
+            "bios_registry_uri": rsp_uri,
+            "ret": True
+        }
+
+    def check_location_uri(self, resp_data, resp_uri):
+        # Get the location URI response
+        # return {"msg": self.creds, "ret": False}
+        vendor = self._get_vendor()['Vendor']
+        rsp_uri = ""
+        for loc in resp_data['Location']:
+            if loc['Language'] == "en":
+                rsp_uri = loc['Uri']
+                if vendor == 'HPE':
+                    # WORKAROUND
+                    # HPE systems with iLO 4 will have BIOS Attribute Registries location URI as a dictionary with key 'extref'
+                    # Hence adding condition to fetch the Uri
+                    if isinstance(loc['Uri'], dict) and "extref" in loc['Uri'].keys():
+                        rsp_uri = loc['Uri']['extref']
+        if not rsp_uri:
+            msg = "Language 'en' not found in BIOS Attribute Registries location, URI: %s, response: %s"
+            return {
+                "ret": False,
+                "msg": msg % (resp_uri, str(resp_data))
+            }
+
+        res = self.get_request(self.root_uri + rsp_uri)
+        if res['ret'] is False:
+            # WORKAROUND
+            # HPE systems with iLO 4 or iLO5 compresses (gzip) for some URIs
+            # Hence adding encoding to the header
+            if vendor == 'HPE':
+                override_headers = {"Accept-Encoding": "gzip"}
+                res = self.get_request(self.root_uri + rsp_uri, override_headers=override_headers)
+        if res['ret']:
+            return {
+                "ret": True,
+                "rsp_data": res["data"],
+                "rsp_uri": rsp_uri
+            }
+        return res
--- a/plugins/module_utils/rundeck.py
+++ b/plugins/module_utils/rundeck.py
@@ -72,7 +72,9 @@ def api_request(module, endpoint, data=None, method="GET"):
    if info["status"] == 403:
        module.fail_json(msg="Token authorization failed",
                         execution_info=json.loads(info["body"]))
-    if info["status"] == 409:
+    elif info["status"] == 404:
+        return None, info
+    elif info["status"] == 409:
        module.fail_json(msg="Job executions limit reached",
                         execution_info=json.loads(info["body"]))
    elif info["status"] >= 500:
--- a/plugins/module_utils/scaleway.py
+++ b/plugins/module_utils/scaleway.py
@@ -303,7 +303,7 @@ class Scaleway(object):
        wait_timeout = self.module.params["wait_timeout"]
        wait_sleep_time = self.module.params["wait_sleep_time"]

-        # Prevent requesting the ressource status too soon
+        # Prevent requesting the resource status too soon
        time.sleep(wait_sleep_time)

        start = datetime.datetime.utcnow()
--- a/Show More
+++ b/Show More