Release 8.6.10.

[PR #9621/fb4f7248 backport][stable-8] keycloak_client: sanitize saml.encryption.private.key (#9628 )
keycloak_client: sanitize `saml.encryption.private.key` (#9621) * sanitize saml.encryption.private.key in module output * add changelog fragment * Re-categorize changelog fragment. --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit fb4f7248c9) Co-authored-by: fgruenbauer <gruenbauer@b1-systems.de>
2026-04-28 09:26:44 +00:00 · 2025-01-27 06:25:05 +01:00 · 2025-01-26 13:22:51 +01:00 · 2025-01-26 13:16:32 +01:00 · 2025-01-07 19:08:54 +01:00 · 2025-01-04 11:29:34 +01:00
411 changed files with 20567 additions and 3862 deletions
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -29,14 +29,14 @@ schedules:
    always: true
    branches:
      include:
-        - stable-8
-        - stable-7
+        - stable-10
+        - stable-9
  - cron: 0 11 * * 0
    displayName: Weekly (old stable branches)
    always: true
    branches:
      include:
-        - stable-6
+        - stable-8

 variables:
  - name: checkoutPath
@@ -53,26 +53,39 @@ variables:
 resources:
  containers:
    - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:4.0.1
+      image: quay.io/ansible/azure-pipelines-test-container:6.0.0

 pool: Standard

 stages:
 ### Sanity
-  - stage: Sanity_devel
-    displayName: Sanity devel
+  - stage: Sanity_2_18
+    displayName: Sanity 2.18
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          nameFormat: Test {0}
-          testFormat: devel/sanity/{0}
+          testFormat: 2.18/sanity/{0}
          targets:
            - test: 1
            - test: 2
            - test: 3
            - test: 4
            - test: extra
+  - stage: Sanity_2_17
+    displayName: Sanity 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.17/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
  - stage: Sanity_2_16
    displayName: Sanity 2.16
    dependsOn: []
@@ -86,48 +99,33 @@ stages:
            - test: 2
            - test: 3
            - test: 4
-  - stage: Sanity_2_15
-    displayName: Sanity 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: 2.15/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
-  - stage: Sanity_2_14
-    displayName: Sanity 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Test {0}
-          testFormat: 2.14/sanity/{0}
-          targets:
-            - test: 1
-            - test: 2
-            - test: 3
-            - test: 4
 ### Units
-  - stage: Units_devel
-    displayName: Units devel
+  - stage: Units_2_18
+    displayName: Units 2.18
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          nameFormat: Python {0}
-          testFormat: devel/units/{0}/1
+          testFormat: 2.18/units/{0}/1
          targets:
-            - test: 3.7
            - test: 3.8
            - test: 3.9
            - test: '3.10'
            - test: '3.11'
            - test: '3.12'
+            - test: '3.13'
+  - stage: Units_2_17
+    displayName: Units 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.17/units/{0}/1
+          targets:
+            - test: 3.7
+            - test: "3.12"
  - stage: Units_2_16
    displayName: Units 2.16
    dependsOn: []
@@ -140,59 +138,58 @@ stages:
            - test: 2.7
            - test: 3.6
            - test: "3.11"
-  - stage: Units_2_15
-    displayName: Units 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.15/units/{0}/1
-          targets:
-            - test: 3.5
-            - test: "3.10"
-  - stage: Units_2_14
-    displayName: Units 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.14/units/{0}/1
-          targets:
-            - test: 3.9

 ## Remote
-  - stage: Remote_devel_extra_vms
-    displayName: Remote devel extra VMs
+  - stage: Remote_2_18_extra_vms
+    displayName: Remote 2.18 extra VMs
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
-          testFormat: devel/{0}
+          testFormat: 2.18/{0}
          targets:
-            - name: Alpine 3.18
-              test: alpine/3.18
-            # - name: Fedora 39
-            #   test: fedora/39
+            - name: Alpine 3.20
+              test: alpine/3.20
+            # - name: Fedora 40
+            #   test: fedora/40
            - name: Ubuntu 22.04
              test: ubuntu/22.04
+            - name: Ubuntu 24.04
+              test: ubuntu/24.04
          groups:
            - vm
-  - stage: Remote_devel
-    displayName: Remote devel
+  - stage: Remote_2_18
+    displayName: Remote 2.18
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
-          testFormat: devel/{0}
+          testFormat: 2.18/{0}
          targets:
-            - name: macOS 13.2
-              test: macos/13.2
+            - name: macOS 14.3
+              test: macos/14.3
+            - name: RHEL 9.4
+              test: rhel/9.4
+            - name: FreeBSD 14.1
+              test: freebsd/14.1
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Remote_2_17
+    displayName: Remote 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.17/{0}
+          targets:
+            - name: FreeBSD 13.3
+              test: freebsd/13.3
            - name: RHEL 9.3
              test: rhel/9.3
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
+            - name: FreeBSD 14.0
+              test: freebsd/14.0
          groups:
            - 1
            - 2
@@ -205,76 +202,56 @@ stages:
        parameters:
          testFormat: 2.16/{0}
          targets:
-            #- name: macOS 13.2
-            #  test: macos/13.2
+            - name: macOS 13.2
+              test: macos/13.2
            - name: RHEL 9.2
              test: rhel/9.2
            - name: RHEL 8.8
              test: rhel/8.8
-            #- name: FreeBSD 13.2
-            #  test: freebsd/13.2
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Remote_2_15
-    displayName: Remote 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.15/{0}
-          targets:
-            - name: RHEL 9.1
-              test: rhel/9.1
-            - name: RHEL 8.7
-              test: rhel/8.7
            - name: RHEL 7.9
              test: rhel/7.9
-            - name: FreeBSD 13.1
-              test: freebsd/13.1
-            - name: FreeBSD 12.4
-              test: freebsd/12.4
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Remote_2_14
-    displayName: Remote 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.14/{0}
-          targets:
-            #- name: macOS 12.0
-            #  test: macos/12.0
-            - name: RHEL 9.0
-              test: rhel/9.0
-            #- name: FreeBSD 12.4
-            #  test: freebsd/12.4
+            # - name: FreeBSD 13.2
+            #   test: freebsd/13.2
          groups:
            - 1
            - 2
            - 3

 ### Docker
-  - stage: Docker_devel
-    displayName: Docker devel
+  - stage: Docker_2_18
+    displayName: Docker 2.18
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
-          testFormat: devel/linux/{0}
+          testFormat: 2.18/linux/{0}
+          targets:
+            - name: Fedora 40
+              test: fedora40
+            - name: Alpine 3.20
+              test: alpine320
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Docker_2_17
+    displayName: Docker 2.17
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.17/linux/{0}
          targets:
            - name: Fedora 39
              test: fedora39
+            - name: Alpine 3.19
+              test: alpine319
            - name: Ubuntu 20.04
              test: ubuntu2004
-            - name: Ubuntu 22.04
-              test: ubuntu2204
-            - name: Alpine 3
-              test: alpine3
          groups:
            - 1
            - 2
@@ -291,131 +268,93 @@ stages:
              test: fedora38
            - name: openSUSE 15
              test: opensuse15
-          groups:
-            - 1
-            - 2
-            - 3
-  - stage: Docker_2_15
-    displayName: Docker 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.15/linux/{0}
-          targets:
-            - name: Fedora 37
-              test: fedora37
+            - name: Alpine 3
+              test: alpine3
            - name: CentOS 7
              test: centos7
          groups:
            - 1
            - 2
            - 3
-  - stage: Docker_2_14
-    displayName: Docker 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.14/linux/{0}
-          targets:
-            - name: Alpine 3
-              test: alpine3
-          groups:
-            - 1
-            - 2
-            - 3

 ### Community Docker
-  - stage: Docker_community_devel
-    displayName: Docker (community images) devel
+  - stage: Docker_community_2_18
+    displayName: Docker (community images) 2.18
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
-          testFormat: devel/linux-community/{0}
+          testFormat: 2.18/linux-community/{0}
          targets:
            - name: Debian Bullseye
              test: debian-bullseye/3.9
            - name: Debian Bookworm
              test: debian-bookworm/3.11
            - name: ArchLinux
-              test: archlinux/3.11
+              test: archlinux/3.13
          groups:
            - 1
            - 2
            - 3

 ### Generic
-  - stage: Generic_devel
-    displayName: Generic devel
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: devel/generic/{0}/1
-          targets:
-            - test: '3.7'
-            - test: '3.12'
-  - stage: Generic_2_16
-    displayName: Generic 2.16
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.16/generic/{0}/1
-          targets:
-            - test: '2.7'
-            - test: '3.6'
-            - test: '3.11'
-  - stage: Generic_2_15
-    displayName: Generic 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.15/generic/{0}/1
-          targets:
-            - test: '3.9'
-  - stage: Generic_2_14
-    displayName: Generic 2.14
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.14/generic/{0}/1
-          targets:
-            - test: '3.10'
+# Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
+#  - stage: Generic_2_18
+#    displayName: Generic 2.18
+#    dependsOn: []
+#    jobs:
+#      - template: templates/matrix.yml
+#        parameters:
+#          nameFormat: Python {0}
+#          testFormat: 2.18/generic/{0}/1
+#          targets:
+#            - test: '3.8'
+#            - test: '3.11'
+#            - test: '3.13'
+#  - stage: Generic_2_17
+#    displayName: Generic 2.17
+#    dependsOn: []
+#    jobs:
+#      - template: templates/matrix.yml
+#        parameters:
+#          nameFormat: Python {0}
+#          testFormat: 2.17/generic/{0}/1
+#          targets:
+#            - test: '3.7'
+#            - test: '3.12'
+#  - stage: Generic_2_16
+#    displayName: Generic 2.16
+#    dependsOn: []
+#    jobs:
+#      - template: templates/matrix.yml
+#        parameters:
+#          nameFormat: Python {0}
+#          testFormat: 2.16/generic/{0}/1
+#          targets:
+#            - test: '2.7'
+#            - test: '3.6'
+#            - test: '3.11'

  - stage: Summary
    condition: succeededOrFailed()
    dependsOn:
-      - Sanity_devel
+      - Sanity_2_18
+      - Sanity_2_17
      - Sanity_2_16
-      - Sanity_2_15
-      - Sanity_2_14
-      - Units_devel
+      - Units_2_18
+      - Units_2_17
      - Units_2_16
-      - Units_2_15
-      - Units_2_14
-      - Remote_devel_extra_vms
-      - Remote_devel
+      - Remote_2_18_extra_vms
+      - Remote_2_18
+      - Remote_2_17
      - Remote_2_16
-      - Remote_2_15
-      - Remote_2_14
-      - Docker_devel
+      - Docker_2_18
+      - Docker_2_17
      - Docker_2_16
-      - Docker_2_15
-      - Docker_2_14
-      - Docker_community_devel
+      - Docker_community_2_18
 # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
-#      - Generic_devel
+#      - Generic_2_18
+#      - Generic_2_17
 #      - Generic_2_16
-#      - Generic_2_15
-#      - Generic_2_14
    jobs:
      - template: templates/coverage.yml
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@@ -50,6 +50,8 @@ files:
  $callbacks/cgroup_memory_recap.py: {}
  $callbacks/context_demo.py: {}
  $callbacks/counter_enabled.py: {}
+  $callbacks/default_without_diff.py:
+    maintainers: felixfontein
  $callbacks/dense.py:
    maintainers: dagwieers
  $callbacks/diy.py:
@@ -97,6 +99,9 @@ files:
  $connections/funcd.py:
    maintainers: mscherer
  $connections/iocage.py: {}
+  $connections/incus.py:
+    labels: incus
+    maintainers: stgraber
  $connections/jail.py:
    maintainers: $team_ansible_core
  $connections/lxc.py: {}
@@ -133,6 +138,8 @@ files:
    maintainers: giner
  $filters/from_csv.py:
    maintainers: Ajpantuso
+  $filters/from_ini.py:
+    maintainers: sscheib
  $filters/groupby_as_dict.py:
    maintainers: felixfontein
  $filters/hashids.py:
@@ -144,8 +151,18 @@ files:
  $filters/jc.py:
    maintainers: kellyjonbrazil
  $filters/json_query.py: {}
+  $filters/lists.py:
+    maintainers: cfiehe
+  $filters/lists_difference.yml:
+    maintainers: cfiehe
+  $filters/lists_intersect.yml:
+    maintainers: cfiehe
  $filters/lists_mergeby.py:
    maintainers: vbotka
+  $filters/lists_symmetric_difference.yml:
+    maintainers: cfiehe
+  $filters/lists_union.yml:
+    maintainers: cfiehe
  $filters/random_mac.py: {}
  $filters/time.py:
    maintainers: resmo
@@ -153,6 +170,8 @@ files:
    maintainers: resmo
  $filters/to_hours.yml:
    maintainers: resmo
+  $filters/to_ini.py:
+    maintainers: sscheib
  $filters/to_milliseconds.yml:
    maintainers: resmo
  $filters/to_minutes.yml:
@@ -193,7 +212,7 @@ files:
    labels: cloud opennebula
    maintainers: feldsam
  $inventories/proxmox.py:
-    maintainers: $team_virt ilijamt
+    maintainers: $team_virt ilijamt krauthosting
  $inventories/scaleway.py:
    labels: cloud scaleway
    maintainers: $team_scaleway
@@ -234,6 +253,8 @@ files:
  $lookups/filetree.py:
    maintainers: dagwieers
  $lookups/flattened.py: {}
+  $lookups/github_app_access_token.py:
+    maintainers: weisheng-p
  $lookups/hiera.py:
    maintainers: jparrill
  $lookups/keyring.py: {}
@@ -244,7 +265,7 @@ files:
    labels: manifold
    maintainers: galanoff
  $lookups/merge_variables.py:
-    maintainers: rlenferink m-a-r-k-e
+    maintainers: rlenferink m-a-r-k-e alpex8
  $lookups/onepass:
    labels: onepassword
    maintainers: samdoran
@@ -404,7 +425,7 @@ files:
  $modules/bearychat.py:
    maintainers: tonyseek
  $modules/bigpanda.py:
-    maintainers: hkariti
+    ignore: hkariti
  $modules/bitbucket_:
    maintainers: catcombo
  $modules/bower.py:
@@ -475,6 +496,8 @@ files:
    maintainers: russoz
  $modules/dnf_versionlock.py:
    maintainers: moreda
+  $modules/dnf_config_manager.py:
+    maintainers: ahyattdev
  $modules/dnsimple.py:
    maintainers: drcapulet
  $modules/dnsimple_info.py:
@@ -551,8 +574,12 @@ files:
    maintainers: paytroff
  $modules/gitlab_issue.py:
    maintainers: zvaraondrej
+  $modules/gitlab_label.py:
+    maintainers: gpongelli
  $modules/gitlab_merge_request.py:
    maintainers: zvaraondrej
+  $modules/gitlab_milestone.py:
+    maintainers: gpongelli
  $modules/gitlab_project_variable.py:
    maintainers: markuman
  $modules/gitlab_instance_variable.py:
@@ -561,6 +588,10 @@ files:
    maintainers: SamyCoenen
  $modules/gitlab_user.py:
    maintainers: LennertMertens stgrace
+  $modules/gitlab_group_access_token.py:
+    maintainers: pixslx
+  $modules/gitlab_project_access_token.py:
+    maintainers: pixslx
  $modules/grove.py:
    maintainers: zimbatm
  $modules/gunicorn.py:
@@ -649,6 +680,9 @@ files:
    maintainers: bregman-arie
  $modules/ipa_:
    maintainers: $team_ipa
+    ignore: fxfitz
+  $modules/ipa_dnsrecord.py:
+    maintainers: $team_ipa jwbernin
  $modules/ipbase_info.py:
    maintainers: dominikkukacka
  $modules/ipa_pwpolicy.py:
@@ -744,8 +778,14 @@ files:
    maintainers: elfelip
  $modules/keycloak_user_federation.py:
    maintainers: laurpaum
+  $modules/keycloak_component_info.py:
+    maintainers: desand01
+  $modules/keycloak_client_rolescope.py:
+    maintainers: desand01
  $modules/keycloak_user_rolemapping.py:
    maintainers: bratwurzt
+  $modules/keycloak_realm_rolemapping.py:
+    maintainers: agross mhuysamen Gaetan2907
  $modules/keyring.py:
    maintainers: ahussey-redhat
  $modules/keyring_info.py:
@@ -1021,23 +1061,27 @@ files:
  $modules/proxmox:
    keywords: kvm libvirt proxmox qemu
    labels: proxmox virt
-    maintainers: $team_virt UnderGreen
+    maintainers: $team_virt UnderGreen krauthosting
    ignore: tleguern
  $modules/proxmox.py:
    ignore: skvidal
-    maintainers: UnderGreen
+    maintainers: UnderGreen krauthosting
  $modules/proxmox_disk.py:
-    maintainers: castorsky
+    maintainers: castorsky krauthosting
  $modules/proxmox_kvm.py:
    ignore: skvidal
-    maintainers: helldorado
+    maintainers: helldorado krauthosting
  $modules/proxmox_nic.py:
-    maintainers: Kogelvis
+    maintainers: Kogelvis krauthosting
+  $modules/proxmox_node_info.py:
+    maintainers: jwbernin krauthosting
+  $modules/proxmox_storage_contents_info.py:
+    maintainers: l00ptr krauthosting
  $modules/proxmox_tasks_info:
-    maintainers: paginabianca
+    maintainers: paginabianca krauthosting
  $modules/proxmox_template.py:
    ignore: skvidal
-    maintainers: UnderGreen
+    maintainers: UnderGreen krauthosting
  $modules/pubnub_blocks.py:
    maintainers: parfeon pubnub
  $modules/pulp_repo.py:
@@ -1312,20 +1356,25 @@ files:
    maintainers: nate-kingsley
  $modules/urpmi.py:
    maintainers: pmakowski
+  $modules/usb_facts.py:
+    maintainers: maxopoly
  $modules/utm_:
    keywords: sophos utm
    maintainers: $team_e_spirit
  $modules/utm_ca_host_key_cert.py:
-    maintainers: stearz
+    ignore: stearz
+    maintainers: $team_e_spirit
  $modules/utm_ca_host_key_cert_info.py:
-    maintainers: stearz
+    ignore: stearz
+    maintainers: $team_e_spirit
  $modules/utm_network_interface_address.py:
    maintainers: steamx
  $modules/utm_network_interface_address_info.py:
    maintainers: steamx
  $modules/utm_proxy_auth_profile.py:
    keywords: sophos utm
-    maintainers: $team_e_spirit stearz
+    ignore: stearz
+    maintainers: $team_e_spirit
  $modules/utm_proxy_exception.py:
    keywords: sophos utm
    maintainers: $team_e_spirit RickS-C137
@@ -1401,10 +1450,47 @@ files:
    ignore: matze
    labels: zypper
    maintainers: $team_suse
+  $plugin_utils/unsafe.py:
+    maintainers: felixfontein
  $tests/a_module.py:
    maintainers: felixfontein
  $tests/fqdn_valid.py:
    maintainers: vbotka
+#########################
+  docs/docsite/rst/filter_guide.rst: {}
+  docs/docsite/rst/filter_guide_abstract_informations.rst: {}
+  docs/docsite/rst/filter_guide_abstract_informations_counting_elements_in_sequence.rst:
+    maintainers: keilr
+  docs/docsite/rst/filter_guide_abstract_informations_dictionaries.rst:
+    maintainers: felixfontein giner
+  docs/docsite/rst/filter_guide_abstract_informations_grouping.rst:
+    maintainers: felixfontein
+  docs/docsite/rst/filter_guide_abstract_informations_lists_helper.rst:
+    maintainers: cfiehe
+  docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst:
+    maintainers: vbotka
+  docs/docsite/rst/filter_guide_conversions.rst:
+    maintainers: Ajpantuso kellyjonbrazil
+  docs/docsite/rst/filter_guide_creating_identifiers.rst:
+    maintainers: Ajpantuso
+  docs/docsite/rst/filter_guide_paths.rst: {}
+  docs/docsite/rst/filter_guide_selecting_json_data.rst: {}
+  docs/docsite/rst/filter_guide_working_with_times.rst:
+    maintainers: resmo
+  docs/docsite/rst/filter_guide_working_with_unicode.rst:
+    maintainers: Ajpantuso
+  docs/docsite/rst/filter_guide_working_with_versions.rst:
+    maintainers: ericzolf
+  docs/docsite/rst/guide_alicloud.rst:
+    maintainers: xiaozhu36
+  docs/docsite/rst/guide_online.rst:
+    maintainers: remyleone
+  docs/docsite/rst/guide_packet.rst:
+    maintainers: baldwinSPC nurfet-becirevic t0mk teebes
+  docs/docsite/rst/guide_scaleway.rst:
+    maintainers: $team_scaleway
+  docs/docsite/rst/test_guide.rst:
+    maintainers: felixfontein
 #########################
  tests/:
    labels: tests
@@ -1422,7 +1508,6 @@ macros:
  becomes: plugins/become
  caches: plugins/cache
  callbacks: plugins/callback
-  cliconfs: plugins/cliconf
  connections: plugins/connection
  doc_fragments: plugins/doc_fragments
  filters: plugins/filter
@@ -1430,19 +1515,19 @@ macros:
  lookups: plugins/lookup
  module_utils: plugins/module_utils
  modules: plugins/modules
-  terminals: plugins/terminal
+  plugin_utils: plugins/plugin_utils
  tests: plugins/test
  team_ansible_core:
  team_aix: MorrisA bcoca d-little flynn1973 gforster kairoaraujo marvin-sinister mator molekuul ramooncamacho wtcross
  team_bsd: JoergFiedler MacLemon bcoca dch jasperla mekanix opoplawski overhacked tuxillo
-  team_consul: sgargan
+  team_consul: sgargan apollo13
  team_cyberark_conjur: jvanderhoof ryanprior
  team_e_spirit: MatrixCrawler getjack
  team_flatpak: JayKayy oolongbrothers
  team_gitlab: Lunik Shaps marwatk waheedi zanssa scodeman metanovii sh0shin nejch lgatellier suukit
  team_hpux: bcoca davx8342
  team_huawei: QijunPan TommyLike edisonxiang freesky-edward hwDCN niuzhenguo xuxiaowei0512 yanzhangi zengchen1024 zhongjun2
-  team_ipa: Akasurde Nosmoht fxfitz justchris1
+  team_ipa: Akasurde Nosmoht justchris1
  team_jboss: Wolfant jairojunior wbrefvem
  team_keycloak: eikef ndclt mattock
  team_linode: InTheCloudDan decentral1se displague rmcintosh Charliekenney23 LBGarber
@@ -1457,6 +1542,6 @@ macros:
  team_rhsm: cnsnyder ptoscano
  team_scaleway: remyleone abarbare
  team_solaris: bcoca fishman jasperla jpdasma mator scathatheworm troy2914 xen0l
-  team_suse: commel evrardjp lrupp toabctl AnderEnder alxgu andytom sealor
+  team_suse: commel evrardjp lrupp AnderEnder alxgu andytom sealor
  team_virt: joshainglis karmab Thulium-Drake Ajpantuso
  team_wdc: mikemoerk
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -30,6 +30,8 @@ jobs:
      matrix:
        ansible:
          - '2.13'
+          - '2.14'
+          - '2.15'
    # Ansible-test on various stable branches does not yet work well with cgroups v2.
    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
    # image for these stable branches. The list of branches where this is necessary will
@@ -41,6 +43,7 @@ jobs:
        uses: felixfontein/ansible-test-gh-action@main
        with:
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          pull-request-change-detection: 'true'
          testing-type: sanity
@@ -72,6 +75,12 @@ jobs:
            python: '2.7'
          - ansible: '2.13'
            python: '3.8'
+          - ansible: '2.14'
+            python: '3.9'
+          - ansible: '2.15'
+            python: '3.5'
+          - ansible: '2.15'
+            python: '3.10'

    steps:
      - name: >-
@@ -80,6 +89,7 @@ jobs:
        uses: felixfontein/ansible-test-gh-action@main
        with:
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          pre-test-cmd: >-
            mkdir -p ../../ansible
@@ -148,11 +158,45 @@ jobs:
            docker: alpine3
            python: ''
            target: azp/posix/3/
+          # 2.14
+          - ansible: '2.14'
+            docker: alpine3
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.14'
+            docker: alpine3
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.14'
+            docker: alpine3
+            python: ''
+            target: azp/posix/3/
+          # 2.15
+          - ansible: '2.15'
+            docker: fedora37
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.15'
+            docker: fedora37
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.15'
+            docker: fedora37
+            python: ''
+            target: azp/posix/3/
          # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
          # - ansible: '2.13'
          #   docker: default
          #   python: '3.9'
          #   target: azp/generic/1/
+          # - ansible: '2.14'
+          #   docker: default
+          #   python: '3.10'
+          #   target: azp/generic/1/
+          # - ansible: '2.15'
+          #   docker: default
+          #   python: '3.9'
+          #   target: azp/generic/1/

    steps:
      - name: >-
@@ -162,6 +206,7 @@ jobs:
        uses: felixfontein/ansible-test-gh-action@main
        with:
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          docker-image: ${{ matrix.docker }}
          integration-continue-on-error: 'false'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -25,12 +25,14 @@ jobs:
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
+      with:
+        persist-credentials: false

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
      with:
        languages: python

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
--- a/.github/workflows/import-galaxy.yml
+++ b/.github/workflows/import-galaxy.yml
@@ -0,0 +1,20 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: import-galaxy
+'on':
+  # Run CI against all pushes (direct commits, also merged PRs) to main, and all Pull Requests
+  push:
+    branches:
+      - main
+      - stable-*
+  pull_request:
+
+jobs:
+  import-galaxy:
+    permissions:
+      contents: read
+    name: Test to import built collection artifact with Galaxy importer
+    uses: ansible-community/github-action-test-galaxy-import/.github/workflows/test-galaxy-import.yml@main
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -7,10 +7,14 @@ name: Verify REUSE

 on:
  push:
-    branches: [main]
-  pull_request_target:
+    branches:
+      - main
+      - stable-*
+  pull_request:
    types: [opened, synchronize, reopened]
-    branches: [main]
+    branches:
+      - main
+      - stable-*
  # Run CI once per day (at 07:30 UTC)
  schedule:
    - cron: '30 7 * * *'
@@ -24,12 +28,8 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
+          persist-credentials: false
          ref: ${{ github.event.pull_request.head.sha || '' }}

-      - name: Install dependencies
-        run: |
-          pip install reuse
-
-      - name: Check REUSE compliance
-        run: |
-          reuse lint
+      - name: REUSE Compliance Check
+        uses: fsfe/reuse-action@v5
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/tests/sanity/ignore-2.11.txt.license
+++ b/tests/sanity/ignore-2.11.txt.license
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,466 @@ Community General Release Notes

 This changelog describes changes after version 7.0.0.

+v8.6.10
+=======
+
+Release Summary
+---------------
+
+Maintenance release with a security fix.
+
+Security Fixes
+--------------
+
+- keycloak_client - Sanitize ``saml.encryption.private.key`` so it does not show in the logs (https://github.com/ansible-collections/community.general/pull/9621).
+
+v8.6.9
+======
+
+Release Summary
+---------------
+
+Maintenance release with a security fix.
+
+Security Fixes
+--------------
+
+- keycloak_authentication - API calls did not properly set the ``priority`` during update resulting in incorrectly sorted authentication flows. This apparently only affects Keycloak 25 or newer (https://github.com/ansible-collections/community.general/pull/9263).
+
+v8.6.8
+======
+
+Release Summary
+---------------
+
+Maintenance release for inclusion in Ansible 9.13.0.
+
+Bugfixes
+--------
+
+- github_key - in check mode, a faulty call to ```datetime.strftime(...)``` was being made which generated an exception (https://github.com/ansible-collections/community.general/issues/9185).
+
+v8.6.7
+======
+
+Release Summary
+---------------
+
+Bugfix release.
+
+Bugfixes
+--------
+
+- collection_version lookup plugin - use ``importlib`` directly instead of the deprecated and in ansible-core 2.19 removed ``ansible.module_utils.compat.importlib`` (https://github.com/ansible-collections/community.general/pull/9084).
+- modprobe - fix check mode not being honored for ``persistent`` option (https://github.com/ansible-collections/community.general/issues/9051, https://github.com/ansible-collections/community.general/pull/9052).
+
+v8.6.6
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Note that this is the last regular bugfix release of community.general 8.x.y.
+From now on, there will only be maintenance releases with major bugfixes and
+security fixes.
+
+Minor Changes
+-------------
+
+- redfish_confg - remove ``CapacityBytes`` from required paramaters of the ``CreateVolume`` command (https://github.com/ansible-collections/community.general/pull/8956).
+
+Bugfixes
+--------
+
+- cloudflare_dns - fix changing Cloudflare SRV records (https://github.com/ansible-collections/community.general/issues/8679, https://github.com/ansible-collections/community.general/pull/8948).
+- dig lookup plugin - fix using only the last nameserver specified (https://github.com/ansible-collections/community.general/pull/8970).
+- homectl - the module now tries to use ``legacycrypt`` on Python 3.13+ (https://github.com/ansible-collections/community.general/issues/4691, https://github.com/ansible-collections/community.general/pull/8987).
+- ini_file - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- ipa_hostgroup - fix ``enabled `` and ``disabled`` states (https://github.com/ansible-collections/community.general/issues/8408, https://github.com/ansible-collections/community.general/pull/8900).
+- java_keystore - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- jenkins_plugin - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- kdeconfig - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- keycloak_realm - fix change detection in check mode by sorting the lists in the realms beforehand (https://github.com/ansible-collections/community.general/pull/8877).
+- keycloak_user_federation - minimize change detection by setting ``krbPrincipalAttribute`` to ``''`` in Keycloak responses if missing (https://github.com/ansible-collections/community.general/pull/8785).
+- keycloak_user_federation - remove ``lastSync`` parameter from Keycloak responses to minimize diff/changes (https://github.com/ansible-collections/community.general/pull/8812).
+- one_service - fix service creation after it was deleted with ``unique`` parameter (https://github.com/ansible-collections/community.general/issues/3137, https://github.com/ansible-collections/community.general/pull/8887).
+- pam_limits - pass absolute paths to ``module.atomic_move()`` (https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.general/pull/8925).
+- udm_user - the module now tries to use ``legacycrypt`` on Python 3.13+ (https://github.com/ansible-collections/community.general/issues/4690, https://github.com/ansible-collections/community.general/pull/8987).
+
+v8.6.5
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- gitlab_group_access_token - fix crash in check mode caused by attempted access to a newly created access token (https://github.com/ansible-collections/community.general/pull/8796).
+- gitlab_project_access_token - fix crash in check mode caused by attempted access to a newly created access token (https://github.com/ansible-collections/community.general/pull/8796).
+- keycloak_realm_key - fix invalid usage of ``parent_id`` (https://github.com/ansible-collections/community.general/issues/7850, https://github.com/ansible-collections/community.general/pull/8823).
+- keycloak_user_federation - fix key error when removing mappers during an update and new mappers are specified in the module args (https://github.com/ansible-collections/community.general/pull/8762).
+- keycloak_user_federation - fix the ``UnboundLocalError`` that occurs when an ID is provided for a user federation mapper (https://github.com/ansible-collections/community.general/pull/8831).
+- keycloak_user_federation - sort desired and after mapper list by name (analog to before mapper list) to minimize diff and make change detection more accurate (https://github.com/ansible-collections/community.general/pull/8761).
+- proxmox inventory plugin - fixed a possible error on concatenating responses from proxmox. In case an API call unexpectedly returned an empty result, the inventory failed with a fatal error. Added check for empty response (https://github.com/ansible-collections/community.general/issues/8798, https://github.com/ansible-collections/community.general/pull/8794).
+
+v8.6.4
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Minor Changes
+-------------
+
+- passwordstore lookup plugin - add the current user to the lockfile file name to address issues on multi-user systems (https://github.com/ansible-collections/community.general/pull/8689).
+
+Bugfixes
+--------
+
+- gitlab_runner - fix ``paused`` parameter being ignored (https://github.com/ansible-collections/community.general/pull/8648).
+- homebrew_cask - fix ``upgrade_all`` returns ``changed`` when nothing upgraded (https://github.com/ansible-collections/community.general/issues/8707, https://github.com/ansible-collections/community.general/pull/8708).
+- keycloak_user_federation - get cleartext IDP ``clientSecret`` from full realm info to detect changes to it (https://github.com/ansible-collections/community.general/issues/8294, https://github.com/ansible-collections/community.general/pull/8735).
+- keycloak_user_federation - remove existing user federation mappers if they are not present in the federation configuration and will not be updated (https://github.com/ansible-collections/community.general/issues/7169, https://github.com/ansible-collections/community.general/pull/8695).
+
+v8.6.3
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Minor Changes
+-------------
+
+- wdc_redfish_command - minor change to handle upgrade file for Redfish WD platforms (https://github.com/ansible-collections/community.general/pull/8444).
+
+Bugfixes
+--------
+
+- bitwarden lookup plugin - fix ``KeyError`` in ``search_field`` (https://github.com/ansible-collections/community.general/issues/8549, https://github.com/ansible-collections/community.general/pull/8557).
+- keycloak_clientscope - remove IDs from clientscope and its protocol mappers on comparison for changed check (https://github.com/ansible-collections/community.general/pull/8545).
+- nsupdate - fix 'index out of range' error when changing NS records by falling back to authority section of the response (https://github.com/ansible-collections/community.general/issues/8612, https://github.com/ansible-collections/community.general/pull/8614).
+- redfish_utils module utils - do not fail when language is not exactly "en" (https://github.com/ansible-collections/community.general/pull/8613).
+
+v8.6.2
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- git_config - fix behavior of ``state=absent`` if ``value`` is present (https://github.com/ansible-collections/community.general/issues/8436, https://github.com/ansible-collections/community.general/pull/8452).
+- homebrew - do not fail when brew prints warnings (https://github.com/ansible-collections/community.general/pull/8406, https://github.com/ansible-collections/community.general/issues/7044).
+- keycloak_client - fix TypeError when sanitizing the ``saml.signing.private.key`` attribute in the module's diff or state output. The ``sanitize_cr`` function expected a dict where in some cases a list might occur (https://github.com/ansible-collections/community.general/pull/8403).
+- keycloak_realm - add normalizations for ``attributes`` and ``protocol_mappers`` (https://github.com/ansible-collections/community.general/pull/8496).
+- launched - correctly report changed status in check mode (https://github.com/ansible-collections/community.general/pull/8406).
+- opennebula inventory plugin - fix invalid reference to IP when inventory runs against NICs with no IPv4 address (https://github.com/ansible-collections/community.general/pull/8489).
+- opentelemetry callback - do not save the JSON response when using the ``ansible.builtin.uri`` module (https://github.com/ansible-collections/community.general/pull/8430).
+- opentelemetry callback - do not save the content response when using the ``ansible.builtin.slurp`` module (https://github.com/ansible-collections/community.general/pull/8430).
+- paman - do not fail if an empty list of packages has been provided and there is nothing to do (https://github.com/ansible-collections/community.general/pull/8514).
+
+Known Issues
+------------
+
+- homectl - the module does not work under Python 3.13 or newer, since it relies on the removed ``crypt`` standard library module (https://github.com/ansible-collections/community.general/issues/4691, https://github.com/ansible-collections/community.general/pull/8497).
+- udm_user - the module does not work under Python 3.13 or newer, since it relies on the removed ``crypt`` standard library module (https://github.com/ansible-collections/community.general/issues/4690, https://github.com/ansible-collections/community.general/pull/8497).
+
+v8.6.1
+======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Security Fixes
+--------------
+
+- keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values ``proposed``, ``existing``, and ``end_state``, as well as the diff, did contain the client secret unmasked (https://github.com/ansible-collections/community.general/pull/8355).
+
+Bugfixes
+--------
+
+- keycloak_user_federation - fix diff of empty ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/8320).
+- merge_variables lookup plugin - fixing cross host merge: providing access to foreign hosts variables to the perspective of the host that is performing the merge (https://github.com/ansible-collections/community.general/pull/8303).
+- opentelemetry callback plugin - close spans always (https://github.com/ansible-collections/community.general/pull/8367).
+- opentelemetry callback plugin - honour the ``disable_logs`` option to avoid storing task results since they are not used regardless (https://github.com/ansible-collections/community.general/pull/8373).
+
+v8.6.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and features release.
+
+Minor Changes
+-------------
+
+- Use offset-aware ``datetime.datetime`` objects (with timezone UTC) instead of offset-naive UTC timestamps, which are deprecated in Python 3.12 (https://github.com/ansible-collections/community.general/pull/8222).
+- apt_rpm - add new states ``latest`` and ``present_not_latest``. The value ``latest`` is equivalent to the current behavior of ``present``, which will upgrade a package if a newer version exists. ``present_not_latest`` does what most users would expect ``present`` to do: it does not upgrade if the package is already installed. The current behavior of ``present`` will be deprecated in a later version, and eventually changed to that of ``present_not_latest`` (https://github.com/ansible-collections/community.general/issues/8217, https://github.com/ansible-collections/community.general/pull/8247).
+- bitwarden lookup plugin - add support to filter by organization ID (https://github.com/ansible-collections/community.general/pull/8188).
+- filesystem - add bcachefs support (https://github.com/ansible-collections/community.general/pull/8126).
+- ini_file - add an optional parameter ``section_has_values``. If the target ini file contains more than one ``section``, use ``section_has_values`` to specify which one should be updated (https://github.com/ansible-collections/community.general/pull/7505).
+- java_cert - add ``cert_content`` argument (https://github.com/ansible-collections/community.general/pull/8153).
+- keycloak_client, keycloak_clientscope, keycloak_clienttemplate - added ``docker-v2`` protocol support, enhancing alignment with Keycloak's protocol options (https://github.com/ansible-collections/community.general/issues/8215, https://github.com/ansible-collections/community.general/pull/8216).
+- nmcli - adds OpenvSwitch support with new ``type`` values ``ovs-port``, ``ovs-interface``, and ``ovs-bridge``, and new ``slave_type`` value ``ovs-port`` (https://github.com/ansible-collections/community.general/pull/8154).
+- osx_defaults - add option ``check_types`` to enable changing the type of existing defaults on the fly (https://github.com/ansible-collections/community.general/pull/8173).
+- passwordstore lookup - add ``missing_subkey`` parameter defining the behavior of the lookup when a passwordstore subkey is missing (https://github.com/ansible-collections/community.general/pull/8166).
+- portage - adds the possibility to explicitely tell portage to write packages to world file (https://github.com/ansible-collections/community.general/issues/6226, https://github.com/ansible-collections/community.general/pull/8236).
+- redfish_command - add command ``ResetToDefaults`` to reset manager to default state (https://github.com/ansible-collections/community.general/issues/8163).
+- redfish_info - add boolean return value ``MultipartHttpPush`` to ``GetFirmwareUpdateCapabilities`` (https://github.com/ansible-collections/community.general/issues/8194, https://github.com/ansible-collections/community.general/pull/8195).
+- ssh_config - allow ``accept-new`` as valid value for ``strict_host_key_checking`` (https://github.com/ansible-collections/community.general/pull/8257).
+
+Deprecated Features
+-------------------
+
+- hipchat callback plugin - the hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020. The callback plugin is therefore deprecated and will be removed from community.general 10.0.0 if nobody provides compelling reasons to still keep it (https://github.com/ansible-collections/community.general/issues/8184, https://github.com/ansible-collections/community.general/pull/8189).
+
+Bugfixes
+--------
+
+- aix_filesystem - fix ``_validate_vg`` not passing VG name to ``lsvg_cmd`` (https://github.com/ansible-collections/community.general/issues/8151).
+- apt_rpm - when checking whether packages were installed after running ``apt-get -y install <packages>``, only the last package name was checked (https://github.com/ansible-collections/community.general/pull/8263).
+- bitwarden_secrets_manager lookup plugin - implements retry with exponential backoff to avoid lookup errors when Bitwardn's API rate limiting is encountered (https://github.com/ansible-collections/community.general/issues/8230, https://github.com/ansible-collections/community.general/pull/8238).
+- from_ini filter plugin - disabling interpolation of ``ConfigParser`` to allow converting values with a ``%`` sign (https://github.com/ansible-collections/community.general/issues/8183, https://github.com/ansible-collections/community.general/pull/8185).
+- gitlab_issue, gitlab_label, gitlab_milestone - avoid crash during version comparison when the python-gitlab Python module is not installed (https://github.com/ansible-collections/community.general/pull/8158).
+- haproxy - fix an issue where HAProxy could get stuck in DRAIN mode when the backend was unreachable (https://github.com/ansible-collections/community.general/issues/8092).
+- inventory plugins - add unsafe wrapper to avoid marking strings that do not contain ``{`` or ``}`` as unsafe, to work around a bug in AWX ((https://github.com/ansible-collections/community.general/issues/8212, https://github.com/ansible-collections/community.general/pull/8225).
+- ipa - fix get version regex in IPA module_utils (https://github.com/ansible-collections/community.general/pull/8175).
+- keycloak_client - add sorted ``defaultClientScopes`` and ``optionalClientScopes`` to normalizations (https://github.com/ansible-collections/community.general/pull/8223).
+- keycloak_realm - add normalizations for ``enabledEventTypes`` and ``supportedLocales`` (https://github.com/ansible-collections/community.general/pull/8224).
+- puppet - add option ``environment_lang`` to set the environment language encoding. Defaults to lang ``C``. It is recommended to set it to ``C.UTF-8`` or ``en_US.UTF-8`` depending on what is available on your system. (https://github.com/ansible-collections/community.general/issues/8000)
+- riak - support ``riak admin`` sub-command in newer Riak KV versions beside the legacy ``riak-admin`` main command (https://github.com/ansible-collections/community.general/pull/8211).
+- to_ini filter plugin - disabling interpolation of ``ConfigParser`` to allow converting values with a ``%`` sign (https://github.com/ansible-collections/community.general/issues/8183, https://github.com/ansible-collections/community.general/pull/8185).
+- xml - make module work with lxml 5.1.1, which removed some internals that the module was relying on (https://github.com/ansible-collections/community.general/pull/8169).
+
+New Modules
+-----------
+
+- community.general.keycloak_client_rolescope - Allows administration of Keycloak client roles scope to restrict the usage of certain roles to a other specific client applications.
+
+v8.5.0
+======
+
+Release Summary
+---------------
+
+Regular feature and bugfix release with security fixes.
+
+Minor Changes
+-------------
+
+- bitwarden lookup plugin - allows to fetch all records of a given collection ID, by allowing to pass an empty value for ``search_value`` when ``collection_id`` is provided (https://github.com/ansible-collections/community.general/pull/8013).
+- icinga2 inventory plugin - adds new parameter ``group_by_hostgroups`` in order to make grouping by Icinga2 hostgroups optional (https://github.com/ansible-collections/community.general/pull/7998).
+- ini_file - support optional spaces between section names and their surrounding brackets (https://github.com/ansible-collections/community.general/pull/8075).
+- java_cert - enable ``owner``, ``group``, ``mode``, and other generic file arguments (https://github.com/ansible-collections/community.general/pull/8116).
+- ldap_attrs - module now supports diff mode, showing which attributes are changed within an operation (https://github.com/ansible-collections/community.general/pull/8073).
+- lxd_container - uses ``/1.0/instances`` API endpoint, if available. Falls back to ``/1.0/containers`` or ``/1.0/virtual-machines``. Fixes issue when using Incus or LXD 5.19 due to migrating to ``/1.0/instances`` endpoint (https://github.com/ansible-collections/community.general/pull/7980).
+- nmcli - allow setting ``MTU`` for ``bond-slave`` interface types (https://github.com/ansible-collections/community.general/pull/8118).
+- proxmox - adds ``startup`` parameters to configure startup order, startup delay and shutdown delay (https://github.com/ansible-collections/community.general/pull/8038).
+- revbitspss lookup plugin - removed a redundant unicode prefix. The prefix was not necessary for Python 3 and has been cleaned up to streamline the code (https://github.com/ansible-collections/community.general/pull/8087).
+
+Security Fixes
+--------------
+
+- cobbler, gitlab_runners, icinga2, linode, lxd, nmap, online, opennebula, proxmox, scaleway, stackpath_compute, virtualbox, and xen_orchestra inventory plugin - make sure all data received from the remote servers is marked as unsafe, so remote code execution by obtaining texts that can be evaluated as templates is not possible (https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/, https://github.com/ansible-collections/community.general/pull/8098).
+
+Bugfixes
+--------
+
+- aix_filesystem - fix issue with empty list items in crfs logic and option order (https://github.com/ansible-collections/community.general/pull/8052).
+- consul_token - fix token creation without ``accessor_id`` (https://github.com/ansible-collections/community.general/pull/8091).
+- homebrew - error returned from brew command was ignored and tried to parse empty JSON. Fix now checks for an error and raises it to give accurate error message to users (https://github.com/ansible-collections/community.general/issues/8047).
+- ipa_hbacrule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
+- ipa_sudorule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
+- iptables_state - fix idempotency issues when restoring incomplete iptables dumps (https://github.com/ansible-collections/community.general/issues/8029).
+- linode inventory plugin - add descriptive error message for linode inventory plugin (https://github.com/ansible-collections/community.general/pull/8133).
+- pacemaker_cluster - actually implement check mode, which the module claims to support. This means that until now the module also did changes in check mode (https://github.com/ansible-collections/community.general/pull/8081).
+- pam_limits - when the file does not exist, do not create it in check mode (https://github.com/ansible-collections/community.general/issues/8050, https://github.com/ansible-collections/community.general/pull/8057).
+- proxmox_kvm - fixed status check getting from node-specific API endpoint (https://github.com/ansible-collections/community.general/issues/7817).
+
+New Modules
+-----------
+
+- community.general.usb_facts - Allows listing information about USB devices
+
+v8.4.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- bitwarden lookup plugin - add ``bw_session`` option, to pass session key instead of reading from env (https://github.com/ansible-collections/community.general/pull/7994).
+- gitlab_deploy_key, gitlab_group_members, gitlab_group_variable, gitlab_hook, gitlab_instance_variable, gitlab_project_badge, gitlab_project_variable, gitlab_user - improve API pagination and compatibility with different versions of ``python-gitlab`` (https://github.com/ansible-collections/community.general/pull/7790).
+- gitlab_hook - adds ``releases_events`` parameter for supporting Releases events triggers on GitLab hooks (https://github.com/ansible-collections/community.general/pull/7956).
+- icinga2 inventory plugin - add Jinja2 templating support to ``url``, ``user``, and ``password`` paramenters (https://github.com/ansible-collections/community.general/issues/7074, https://github.com/ansible-collections/community.general/pull/7996).
+- mssql_script - adds transactional (rollback/commit) support via optional boolean param ``transaction`` (https://github.com/ansible-collections/community.general/pull/7976).
+- proxmox_kvm - add parameter ``update_unsafe`` to avoid limitations when updating dangerous values (https://github.com/ansible-collections/community.general/pull/7843).
+- redfish_config - add command ``SetServiceIdentification`` to set service identification (https://github.com/ansible-collections/community.general/issues/7916).
+- sudoers - add support for the ``NOEXEC`` tag in sudoers rules (https://github.com/ansible-collections/community.general/pull/7983).
+- terraform - fix ``diff_mode`` in state ``absent`` and when terraform ``resource_changes`` does not exist (https://github.com/ansible-collections/community.general/pull/7963).
+
+Bugfixes
+--------
+
+- cargo - fix idempotency issues when using a custom installation path for packages (using the ``--path`` parameter). The initial installation runs fine, but subsequent runs use the ``get_installed()`` function which did not check the given installation location, before running ``cargo install``. This resulted in a false ``changed`` state. Also the removal of packeges using ``state: absent`` failed, as the installation check did not use the given parameter (https://github.com/ansible-collections/community.general/pull/7970).
+- gitlab_issue - fix behavior to search GitLab issue, using ``search`` keyword instead of ``title`` (https://github.com/ansible-collections/community.general/issues/7846).
+- gitlab_runner - fix pagination when checking for existing runners (https://github.com/ansible-collections/community.general/pull/7790).
+- keycloak_client - fixes issue when metadata is provided in desired state when task is in check mode (https://github.com/ansible-collections/community.general/issues/1226, https://github.com/ansible-collections/community.general/pull/7881).
+- modprobe - listing modules files or modprobe files could trigger a FileNotFoundError if ``/etc/modprobe.d`` or ``/etc/modules-load.d`` did not exist. Relevant functions now return empty lists if the directories do not exist to avoid crashing the module (https://github.com/ansible-collections/community.general/issues/7717).
+- onepassword lookup plugin - failed for fields that were in sections and had uppercase letters in the label/ID. Field lookups are now case insensitive in all cases (https://github.com/ansible-collections/community.general/pull/7919).
+- pkgin - pkgin (pkgsrc package manager used by SmartOS) raises erratic exceptions and spurious ``changed=true`` (https://github.com/ansible-collections/community.general/pull/7971).
+- redfish_info - allow for a GET operation invoked by ``GetUpdateStatus`` to allow for an empty response body for cases where a service returns 204 No Content (https://github.com/ansible-collections/community.general/issues/8003).
+- redfish_info - correct uncaught exception when attempting to retrieve ``Chassis`` information (https://github.com/ansible-collections/community.general/pull/7952).
+
+New Plugins
+-----------
+
+Callback
+~~~~~~~~
+
+- community.general.default_without_diff - The default ansible callback without diff output
+
+Filter
+~~~~~~
+
+- community.general.lists_difference - Difference of lists with a predictive order
+- community.general.lists_intersect - Intersection of lists with a predictive order
+- community.general.lists_symmetric_difference - Symmetric Difference of lists with a predictive order
+- community.general.lists_union - Union of lists with a predictive order
+
+New Modules
+-----------
+
+- community.general.gitlab_group_access_token - Manages GitLab group access tokens
+- community.general.gitlab_project_access_token - Manages GitLab project access tokens
+
+v8.3.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- consul_auth_method, consul_binding_rule, consul_policy, consul_role, consul_session, consul_token - added action group ``community.general.consul`` (https://github.com/ansible-collections/community.general/pull/7897).
+- consul_policy - added support for diff and check mode (https://github.com/ansible-collections/community.general/pull/7878).
+- consul_policy, consul_role, consul_session - removed dependency on ``requests`` and factored out common parts (https://github.com/ansible-collections/community.general/pull/7826, https://github.com/ansible-collections/community.general/pull/7878).
+- consul_role - ``node_identities`` now expects a ``node_name`` option to match the Consul API, the old ``name`` is still supported as alias (https://github.com/ansible-collections/community.general/pull/7878).
+- consul_role - ``service_identities`` now expects a ``service_name`` option to match the Consul API, the old ``name`` is still supported as alias (https://github.com/ansible-collections/community.general/pull/7878).
+- consul_role - added support for diff mode (https://github.com/ansible-collections/community.general/pull/7878).
+- consul_role - added support for templated policies (https://github.com/ansible-collections/community.general/pull/7878).
+- redfish_info - add command ``GetServiceIdentification`` to get service identification (https://github.com/ansible-collections/community.general/issues/7882).
+- terraform - add support for ``diff_mode`` for terraform resource_changes (https://github.com/ansible-collections/community.general/pull/7896).
+
+Deprecated Features
+-------------------
+
+- consul_acl - the module has been deprecated and will be removed in community.general 10.0.0. ``consul_token`` and ``consul_policy`` can be used instead (https://github.com/ansible-collections/community.general/pull/7901).
+
+Bugfixes
+--------
+
+- homebrew - detect already installed formulae and casks using JSON output from ``brew info`` (https://github.com/ansible-collections/community.general/issues/864).
+- incus connection plugin - treats ``inventory_hostname`` as a variable instead of a literal in remote connections (https://github.com/ansible-collections/community.general/issues/7874).
+- ipa_otptoken - the module expect ``ipatokendisabled`` as string but the ``ipatokendisabled`` value is returned as a boolean (https://github.com/ansible-collections/community.general/pull/7795).
+- ldap - previously the order number (if present) was expected to follow an equals sign in the DN. This makes it so the order number string is identified correctly anywhere within the DN (https://github.com/ansible-collections/community.general/issues/7646).
+- mssql_script - make the module work with Python 2 (https://github.com/ansible-collections/community.general/issues/7818, https://github.com/ansible-collections/community.general/pull/7821).
+- nmcli - fix ``connection.slave-type`` wired to ``bond`` and not with parameter ``slave_type`` in case of connection type ``wifi`` (https://github.com/ansible-collections/community.general/issues/7389).
+- proxmox - fix updating a container config if the setting does not already exist (https://github.com/ansible-collections/community.general/pull/7872).
+
+New Modules
+-----------
+
+- community.general.consul_acl_bootstrap - Bootstrap ACLs in Consul
+- community.general.consul_auth_method - Manipulate Consul auth methods
+- community.general.consul_binding_rule - Manipulate Consul binding rules
+- community.general.consul_token - Manipulate Consul tokens
+- community.general.gitlab_label - Creates/updates/deletes GitLab Labels belonging to project or group.
+- community.general.gitlab_milestone - Creates/updates/deletes GitLab Milestones belonging to project or group
+
+v8.2.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- ipa_dnsrecord - adds ability to manage NS record types (https://github.com/ansible-collections/community.general/pull/7737).
+- ipa_pwpolicy - refactor module and exchange a sequence ``if`` statements with a ``for`` loop (https://github.com/ansible-collections/community.general/pull/7723).
+- ipa_pwpolicy - update module to support ``maxrepeat``, ``maxsequence``, ``dictcheck``, ``usercheck``, ``gracelimit`` parameters in FreeIPA password policies (https://github.com/ansible-collections/community.general/pull/7723).
+- keycloak_realm_key - the ``config.algorithm`` option now supports 8 additional key algorithms (https://github.com/ansible-collections/community.general/pull/7698).
+- keycloak_realm_key - the ``config.certificate`` option value is no longer defined with ``no_log=True`` (https://github.com/ansible-collections/community.general/pull/7698).
+- keycloak_realm_key - the ``provider_id`` option now supports RSA encryption key usage (value ``rsa-enc``) (https://github.com/ansible-collections/community.general/pull/7698).
+- keycloak_user_federation - allow custom user storage providers to be set through ``provider_id`` (https://github.com/ansible-collections/community.general/pull/7789).
+- mail - add ``Message-ID`` header; which is required by some mail servers (https://github.com/ansible-collections/community.general/pull/7740).
+- mail module, mail callback plugin - allow to configure the domain name of the Message-ID header with a new ``message_id_domain`` option (https://github.com/ansible-collections/community.general/pull/7765).
+- ssh_config - new feature to set ``AddKeysToAgent`` option to ``yes`` or ``no`` (https://github.com/ansible-collections/community.general/pull/7703).
+- ssh_config - new feature to set ``IdentitiesOnly`` option to ``yes`` or ``no`` (https://github.com/ansible-collections/community.general/pull/7704).
+- xcc_redfish_command - added support for raw POSTs (``command=PostResource`` in ``category=Raw``) without a specific action info (https://github.com/ansible-collections/community.general/pull/7746).
+
+Bugfixes
+--------
+
+- keycloak_identity_provider - ``mappers`` processing was not idempotent if the mappers configuration list had not been sorted by name (in ascending order). Fix resolves the issue by sorting mappers in the desired state using the same key which is used for obtaining existing state (https://github.com/ansible-collections/community.general/pull/7418).
+- keycloak_identity_provider - it was not possible to reconfigure (add, remove) ``mappers`` once they were created initially. Removal was ignored, adding new ones resulted in dropping the pre-existing unmodified mappers. Fix resolves the issue by supplying correct input to the internal update call (https://github.com/ansible-collections/community.general/pull/7418).
+- keycloak_user - when ``force`` is set, but user does not exist, do not try to delete it (https://github.com/ansible-collections/community.general/pull/7696).
+- proxmox_kvm - running ``state=template`` will first check whether VM is already a template (https://github.com/ansible-collections/community.general/pull/7792).
+- statusio_maintenance - fix error caused by incorrectly formed API data payload. Was raising "Failed to create maintenance HTTP Error 400 Bad Request" caused by bad data type for date/time and deprecated dict keys (https://github.com/ansible-collections/community.general/pull/7754).
+
+New Plugins
+-----------
+
+Connection
+~~~~~~~~~~
+
+- community.general.incus - Run tasks in Incus instances via the Incus CLI.
+
+Filter
+~~~~~~
+
+- community.general.from_ini - Converts INI text input into a dictionary
+- community.general.to_ini - Converts a dictionary to the INI file format
+
+Lookup
+~~~~~~
+
+- community.general.github_app_access_token - Obtain short-lived Github App Access tokens
+
+New Modules
+-----------
+
+- community.general.dnf_config_manager - Enable or disable dnf repositories using config-manager
+- community.general.keycloak_component_info - Retrive component info in Keycloak
+- community.general.keycloak_realm_rolemapping - Allows administration of Keycloak realm role mappings into groups with the Keycloak API
+- community.general.proxmox_node_info - Retrieve information about one or more Proxmox VE nodes
+- community.general.proxmox_storage_contents_info - List content from a Proxmox VE storage
+
 v8.1.0
 ======

@@ -75,19 +535,19 @@ New Plugins
 Lookup
 ~~~~~~

- onepassword_doc - Fetch documents stored in 1Password
+- community.general.onepassword_doc - Fetch documents stored in 1Password

 Test
 ~~~~

- fqdn_valid - Validates fully-qualified domain names against RFC 1123
+- community.general.fqdn_valid - Validates fully-qualified domain names against RFC 1123

 New Modules
 -----------

- git_config_info - Read git configuration
- gitlab_issue - Create, update, or delete GitLab issues
- nomad_token - Manage Nomad ACL tokens
+- community.general.git_config_info - Read git configuration
+- community.general.gitlab_issue - Create, update, or delete GitLab issues
+- community.general.nomad_token - Manage Nomad ACL tokens

 v8.0.2
 ======
@@ -421,27 +881,27 @@ New Plugins
 Lookup
 ~~~~~~

- bitwarden_secrets_manager - Retrieve secrets from Bitwarden Secrets Manager
+- community.general.bitwarden_secrets_manager - Retrieve secrets from Bitwarden Secrets Manager

 New Modules
 -----------

- consul_policy - Manipulate Consul policies
- consul_role - Manipulate Consul roles
- facter_facts - Runs the discovery program C(facter) on the remote system and return Ansible facts
- gio_mime - Set default handler for MIME type, for applications using Gnome GIO
- gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
- gitlab_merge_request - Create, update, or delete GitLab merge requests
- jenkins_build_info - Get information about Jenkins builds
- keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
- keycloak_authz_custom_policy - Allows administration of Keycloak client custom Javascript policies via Keycloak API
- keycloak_authz_permission - Allows administration of Keycloak client authorization permissions via Keycloak API
- keycloak_authz_permission_info - Query Keycloak client authorization permissions information
- keycloak_realm_key - Allows administration of Keycloak realm keys via Keycloak API
- keycloak_user - Create and configure a user in Keycloak
- lvg_rename - Renames LVM volume groups
- pnpm - Manage node.js packages with pnpm
- proxmox_pool - Pool management for Proxmox VE cluster
- proxmox_pool_member - Add or delete members from Proxmox VE cluster pools
- proxmox_vm_info - Retrieve information about one or more Proxmox VE virtual machines
- simpleinit_msb - Manage services on Source Mage GNU/Linux
+- community.general.consul_policy - Manipulate Consul policies
+- community.general.consul_role - Manipulate Consul roles
+- community.general.facter_facts - Runs the discovery program C(facter) on the remote system and return Ansible facts
+- community.general.gio_mime - Set default handler for MIME type, for applications using Gnome GIO
+- community.general.gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
+- community.general.gitlab_merge_request - Create, update, or delete GitLab merge requests
+- community.general.jenkins_build_info - Get information about Jenkins builds
+- community.general.keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
+- community.general.keycloak_authz_custom_policy - Allows administration of Keycloak client custom Javascript policies via Keycloak API
+- community.general.keycloak_authz_permission - Allows administration of Keycloak client authorization permissions via Keycloak API
+- community.general.keycloak_authz_permission_info - Query Keycloak client authorization permissions information
+- community.general.keycloak_realm_key - Allows administration of Keycloak realm keys via Keycloak API
+- community.general.keycloak_user - Create and configure a user in Keycloak
+- community.general.lvg_rename - Renames LVM volume groups
+- community.general.pnpm - Manage node.js packages with pnpm
+- community.general.proxmox_pool - Pool management for Proxmox VE cluster
+- community.general.proxmox_pool_member - Add or delete members from Proxmox VE cluster pools
+- community.general.proxmox_vm_info - Retrieve information about one or more Proxmox VE virtual machines
+- community.general.simpleinit_msb - Manage services on Source Mage GNU/Linux
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,7 +31,9 @@ Also, consider taking up a valuable, reviewed, but abandoned pull request which
 * Try committing your changes with an informative but short commit message.
 * Do not squash your commits and force-push to your branch if not needed. Reviews of your pull request are much easier with individual commits to comprehend the pull request history. All commits of your pull request branch will be squashed into one commit by GitHub upon merge.
 * Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the repository checkout.
-* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/development_process.html#creating-changelog-fragments). (You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
+* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/collection_development_process.html#creating-a-changelog-fragment).
+  * You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. (If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
+  * Please always include a link to the pull request itself, and if the PR is about an issue, also a link to the issue. Also make sure the fragment ends with a period, and begins with a lower-case letter after `-`. (Again, if you don't do this, we'll add suggestions to fix it, so don't worry too much :) )
 * Avoid reformatting unrelated parts of the codebase in your PR. These types of changes will likely be requested for reversion, create additional work for reviewers, and may cause approval to be delayed.

 You can also read [our Quick-start development guide](https://github.com/ansible/community-docs/blob/main/create_pr_quick_start_guide.rst).
@@ -54,6 +56,8 @@ cd ~/dev/ansible_collections/community/general

 Then you can run `ansible-test` (which is a part of [ansible-core](https://pypi.org/project/ansible-core/)) inside the checkout. The following example commands expect that you have installed Docker or Podman. Note that Podman has only been supported by more recent ansible-core releases. If you are using Docker, the following will work with Ansible 2.9+.

+### Sanity tests
+
 The following commands show how to run sanity tests:

 ```.bash
@@ -64,6 +68,8 @@ ansible-test sanity --docker -v
 ansible-test sanity --docker -v plugins/modules/system/pids.py tests/integration/targets/pids/
 ```

+### Unit tests
+
 The following commands show how to run unit tests:

 ```.bash
@@ -77,13 +83,32 @@ ansible-test units --docker -v --python 3.8
 ansible-test units --docker -v --python 3.8 tests/unit/plugins/modules/net_tools/test_nmcli.py
 ```

+### Integration tests
+
 The following commands show how to run integration tests:

-```.bash
-# Run integration tests for the interfaces_files module in a Docker container using the
-# fedora35 operating system image (the supported images depend on your ansible-core version):
-ansible-test integration --docker fedora35 -v interfaces_file
+#### In Docker

+Integration tests on Docker have the following parameters:
+- `image_name` (required): The name of the Docker image. To get the list of supported Docker images, run
+  `ansible-test integration --help` and look for _target docker images_.
+- `test_name` (optional): The name of the integration test.  
+  For modules, this equals the short name of the module; for example, `pacman` in case of `community.general.pacman`.  
+  For plugins, the plugin type is added before the plugin's short name, for example `callback_yaml` for the `community.general.yaml` callback.
+```.bash
+# Test all plugins/modules on fedora40
+ansible-test integration -v --docker fedora40
+
+# Template
+ansible-test integration -v --docker image_name test_name
+
+# Example community.general.ini_file module on fedora40 Docker image:
+ansible-test integration -v --docker fedora40 ini_file
+```
+
+#### Without isolation
+
+```.bash
 # Run integration tests for the flattened lookup **without any isolation**:
 ansible-test integration -v lookup_flattened
 ```
--- a/README.md
+++ b/README.md
@@ -6,9 +6,11 @@ SPDX-License-Identifier: GPL-3.0-or-later

 # Community General Collection

+[![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/ansible/devel/collections/community/general/)
 [![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-8)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
-[![EOL CI](https://github.com/ansible-collections/community.general/workflows/EOL%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.general/actions)
+[![EOL CI](https://github.com/ansible-collections/community.general/actions/workflows/ansible-test.yml/badge.svg?branch=stable-8)](https://github.com/ansible-collections/community.general/actions)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
+[![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.general)](https://api.reuse.software/info/github.com/ansible-collections/community.general)

 This repository contains the `community.general` Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.

@@ -22,9 +24,21 @@ We follow [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/comm

 If you encounter abusive behavior violating the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html), please refer to the [policy violations](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#policy-violations) section of the Code of Conduct for information on how to raise a complaint.

+## Communication
+
+* Join the Ansible forum:
+  * [Get Help](https://forum.ansible.com/c/help/6): get help or help others. This is for questions about modules or plugins in the collection. Please add appropriate tags if you start new discussions.
+  * [Tag `community-general`](https://forum.ansible.com/tag/community-general): discuss the *collection itself*, instead of specific modules or plugins.
+  * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+  * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
+
+For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+
 ## Tested with Ansible

-Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16 releases and the current development version of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
+Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, ansible-core 2.17, and ansible-core 2.18 releases of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.

 ## External requirements

@@ -97,25 +111,13 @@ It is necessary for maintainers of this collection to be subscribed to:

 They also should be subscribed to Ansible's [The Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn).

-## Communication
-
-We announce important development changes and releases through Ansible's [The Bullhorn newsletter](https://eepurl.com/gZmiEP). If you are a collection developer, be sure you are subscribed.
-
-Join us in the `#ansible` (general use questions and support), `#ansible-community` (community and collection development questions), and other [IRC channels](https://docs.ansible.com/ansible/devel/community/communication.html#irc-channels) on [Libera.chat](https://libera.chat).
-
-We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us.
-
-For more information about communities, meetings and agendas see [Community Wiki](https://github.com/ansible/community/wiki/Community).
-
-For more information about communication, refer to Ansible's the [Communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
-
 ## Publishing New Version

 See the [Releasing guidelines](https://github.com/ansible/community-docs/blob/main/releasing_collections.rst) to learn how to release this collection.

 ## Release notes

-See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-8/CHANGELOG.rst).
+See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-8/CHANGELOG.md).

 ## Roadmap

--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
--- a/changelogs/config.yaml
+++ b/changelogs/config.yaml
@@ -12,23 +12,31 @@ mention_ancestor: true
 flatmap: true
 new_plugins_after_name: removed_features
 notesdir: fragments
+output_formats:
+  - md
+  - rst
 prelude_section_name: release_summary
 prelude_section_title: Release Summary
 sections:
- - major_changes
-  - Major Changes
- - minor_changes
-  - Minor Changes
- - breaking_changes
-  - Breaking Changes / Porting Guide
- - deprecated_features
-  - Deprecated Features
- - removed_features
-  - Removed Features (previously deprecated)
- - security_fixes
-  - Security Fixes
- - bugfixes
-  - Bugfixes
- - known_issues
-  - Known Issues
+  - - major_changes
+    - Major Changes
+  - - minor_changes
+    - Minor Changes
+  - - breaking_changes
+    - Breaking Changes / Porting Guide
+  - - deprecated_features
+    - Deprecated Features
+  - - removed_features
+    - Removed Features (previously deprecated)
+  - - security_fixes
+    - Security Fixes
+  - - bugfixes
+    - Bugfixes
+  - - known_issues
+    - Known Issues
 title: Community General
+trivial_section_name: trivial
+use_fqcn: true
+add_plugin_period: true
+changelog_nice_yaml: true
+changelog_sort: version
--- a/docs/docsite/config.yml
+++ b/docs/docsite/config.yml
@@ -0,0 +1,7 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+changelog:
+  write_changelog: true
--- a/docs/docsite/extra-docs.yml
+++ b/docs/docsite/extra-docs.yml
@@ -8,3 +8,9 @@ sections:
    toctree:
      - filter_guide
      - test_guide
+  - title: Cloud Guides
+    toctree:
+      - guide_alicloud
+      - guide_online
+      - guide_packet
+      - guide_scaleway
--- a/docs/docsite/helper/lists_mergeby/default-common.yml
+++ b/docs/docsite/helper/lists_mergeby/default-common.yml
@@ -2,17 +2,11 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
 list1:
-  - name: foo
-    extra: true
-  - name: bar
-    extra: false
-  - name: meh
-    extra: true
+  - {name: foo, extra: true}
+  - {name: bar, extra: false}
+  - {name: meh, extra: true}

 list2:
-  - name: foo
-    path: /foo
-  - name: baz
-    path: /baz
+  - {name: foo, path: /foo}
+  - {name: baz, path: /baz}
--- a/docs/docsite/helper/lists_mergeby/default-recursive-true.yml
+++ b/docs/docsite/helper/lists_mergeby/default-recursive-true.yml
@@ -2,14 +2,12 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
 list1:
  - name: myname01
    param01:
      x: default_value
      y: default_value
-      list:
-        - default_value
+      list: [default_value]
  - name: myname02
    param01: [1, 1, 2, 3]

@@ -18,7 +16,6 @@ list2:
    param01:
      y: patch_value
      z: patch_value
-      list:
-        - patch_value
+      list: [patch_value]
  - name: myname02
-    param01: [3, 4, 4, {key: value}]
+    param01: [3, 4, 4]
--- a/docs/docsite/helper/lists_mergeby/example-001.yml
+++ b/docs/docsite/helper/lists_mergeby/example-001.yml
@@ -8,7 +8,7 @@
    dir: example-001_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-001.out
--- a/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-001_vars/list3.yml
@@ -2,6 +2,5 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ list1|
+list3: "{{ list1 |
           community.general.lists_mergeby(list2, 'name') }}"
--- a/docs/docsite/helper/lists_mergeby/example-002.yml
+++ b/docs/docsite/helper/lists_mergeby/example-002.yml
@@ -8,7 +8,7 @@
    dir: example-002_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-002.out
--- a/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-002_vars/list3.yml
@@ -2,6 +2,5 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name') }}"
--- a/docs/docsite/helper/lists_mergeby/example-003.yml
+++ b/docs/docsite/helper/lists_mergeby/example-003.yml
@@ -8,7 +8,7 @@
    dir: example-003_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-003.out
--- a/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-003_vars/list3.yml
@@ -2,7 +2,6 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true) }}"
--- a/docs/docsite/helper/lists_mergeby/example-004.yml
+++ b/docs/docsite/helper/lists_mergeby/example-004.yml
@@ -8,7 +8,7 @@
    dir: example-004_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-004.out
--- a/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-004_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='keep') }}"
--- a/docs/docsite/helper/lists_mergeby/example-005.yml
+++ b/docs/docsite/helper/lists_mergeby/example-005.yml
@@ -8,7 +8,7 @@
    dir: example-005_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-005.out
--- a/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-005_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='append') }}"
--- a/docs/docsite/helper/lists_mergeby/example-006.yml
+++ b/docs/docsite/helper/lists_mergeby/example-006.yml
@@ -8,7 +8,7 @@
    dir: example-006_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-006.out
--- a/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-006_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='prepend') }}"
--- a/docs/docsite/helper/lists_mergeby/example-007.yml
+++ b/docs/docsite/helper/lists_mergeby/example-007.yml
@@ -8,7 +8,7 @@
    dir: example-007_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug|d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-007.out
--- a/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-007_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='append_rp') }}"
--- a/docs/docsite/helper/lists_mergeby/example-008.yml
+++ b/docs/docsite/helper/lists_mergeby/example-008.yml
@@ -8,7 +8,7 @@
    dir: example-008_vars
 - debug:
    var: list3
-  when: debug|d(false)|bool
+  when: debug | d(false) | bool
 - template:
    src: list3.out.j2
    dest: example-008.out
--- a/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-008_vars/list3.yml
@@ -2,8 +2,7 @@
 # Copyright (c) Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-
-list3: "{{ [list1, list2]|
+list3: "{{ [list1, list2] |
           community.general.lists_mergeby('name',
                                           recursive=true,
                                           list_merge='prepend_rp') }}"
--- a/docs/docsite/helper/lists_mergeby/example-009.yml
+++ b/docs/docsite/helper/lists_mergeby/example-009.yml
@@ -0,0 +1,14 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: 9. Merge single list by common attribute 'name'
+  include_vars:
+    dir: example-009_vars
+- debug:
+    var: list3
+  when: debug | d(false) | bool
+- template:
+    src: list3.out.j2
+    dest: example-009.out
--- a/docs/docsite/helper/lists_mergeby/example-009_vars/default-common.yml
+++ b/docs/docsite/helper/lists_mergeby/example-009_vars/default-common.yml
@@ -0,0 +1 @@
+../default-common.yml
--- a/docs/docsite/helper/lists_mergeby/example-009_vars/list3.yml
+++ b/docs/docsite/helper/lists_mergeby/example-009_vars/list3.yml
@@ -0,0 +1,6 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+list3: "{{ [list1 + list2, []] |
+           community.general.lists_mergeby('name') }}"
--- a/docs/docsite/helper/lists_mergeby/examples.yml
+++ b/docs/docsite/helper/lists_mergeby/examples.yml
@@ -4,51 +4,75 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 examples:
-  - label: 'In the example below the lists are merged by the attribute ``name``:'
+  - title: Two lists
+    description: 'In the example below the lists are merged by the attribute ``name``:'
    file: example-001_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-001.out
    lang: 'yaml'
-  - label: 'It is possible to use a list of lists as an input of the filter:'
+  - title: List of two lists
+    description: 'It is possible to use a list of lists as an input of the filter:'
    file: example-002_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces the same result as in the previous example:'
+  - title:
+    description: 'This produces the same result as in the previous example:'
    file: example-002.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=replace`` (default):'
+  - title: Single list
+    description: 'It is possible to merge single list:'
+    file: example-009_vars/list3.yml
+    lang: 'yaml+jinja'
+  - title:
+    description: 'This produces the same result as in the previous example:'
+    file: example-009.out
+    lang: 'yaml'
+  - title: list_merge=replace (default)
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=replace` (default):'
    file: example-003_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-003.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=keep``:'
+  - title: list_merge=keep
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=keep`:'
    file: example-004_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-004.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=append``:'
+  - title: list_merge=append
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append`:'
    file: example-005_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-005.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=prepend``:'
+  - title: list_merge=prepend
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend`:'
    file: example-006_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-006.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=append_rp``:'
+  - title: list_merge=append_rp
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append_rp`:'
    file: example-007_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-007.out
    lang: 'yaml'
-  - label: 'Example ``list_merge=prepend_rp``:'
+  - title: list_merge=prepend_rp
+    description: 'Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend_rp`:'
    file: example-008_vars/list3.yml
    lang: 'yaml+jinja'
-  - label: 'This produces:'
+  - title:
+    description: 'This produces:'
    file: example-008.out
    lang: 'yaml'
--- a/docs/docsite/helper/lists_mergeby/examples_all.rst.j2
+++ b/docs/docsite/helper/lists_mergeby/examples_all.rst.j2
@@ -4,10 +4,10 @@
  SPDX-License-Identifier: GPL-3.0-or-later

 {% for i in examples %}
-{{ i.label }}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }}

 {% endfor %}
--- a/docs/docsite/helper/lists_mergeby/extra-vars.yml
+++ b/docs/docsite/helper/lists_mergeby/extra-vars.yml
@@ -0,0 +1,7 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+examples_one: true
+examples_all: true
+merging_lists_of_dictionaries: true
--- a/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
+++ b/docs/docsite/helper/lists_mergeby/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
@@ -6,57 +6,69 @@
 Merging lists of dictionaries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the ``lists_mergeby`` filter.
+If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby <community.general.lists_mergeby#filter>` filter.

-.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin <ansible_collections.community.general.yaml_callback>`.
+.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See the documentation for the :ansplugin:`community.general.yaml callback plugin <community.general.yaml#callback>`.

 Let us use the lists below in the following examples:

 .. code-block:: yaml

-  {{ lookup('file', 'default-common.yml')|indent(2) }}
+  {{ lookup('file', 'default-common.yml') | split('\n') | reject('match', '^(#|---)') | join ('\n')  | indent(2) }}

 {% for i in examples[0:2] %}
-{{ i.label }}
+{% if i.title | d('', true) | length > 0 %}
+{{ i.title }}
+{{ "%s" % ('"' * i.title|length) }}
+{% endif %}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }}

 {% endfor %}

 .. versionadded:: 2.0.0

-{% for i in examples[2:4] %}
-{{ i.label }}
+{% for i in examples[2:6] %}
+{% if i.title | d('', true) | length > 0 %}
+{{ i.title }}
+{{ "%s" % ('"' * i.title|length) }}
+{% endif %}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') | indent(2) }}

 {% endfor %}

-The filter also accepts two optional parameters: ``recursive`` and ``list_merge``. These parameters are only supported when used with ansible-base 2.10 or ansible-core, but not with Ansible 2.9. This is available since community.general 4.4.0.
+The filter also accepts two optional parameters: :ansopt:`community.general.lists_mergeby#filter:recursive` and :ansopt:`community.general.lists_mergeby#filter:list_merge`. This is available since community.general 4.4.0.

 **recursive**
-    Is a boolean, default to ``False``. Should the ``community.general.lists_mergeby`` recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``.
+    Is a boolean, default to ``false``. Should the :ansplugin:`community.general.lists_mergeby#filter` filter recursively merge nested hashes. Note: It does not depend on the value of the ``hash_behaviour`` setting in ``ansible.cfg``.

 **list_merge**
-    Is a string, its possible values are ``replace`` (default), ``keep``, ``append``, ``prepend``, ``append_rp`` or ``prepend_rp``. It modifies the behaviour of ``community.general.lists_mergeby`` when the hashes to merge contain arrays/lists.
+    Is a string, its possible values are :ansval:`replace` (default), :ansval:`keep`, :ansval:`append`, :ansval:`prepend`, :ansval:`append_rp` or :ansval:`prepend_rp`. It modifies the behaviour of :ansplugin:`community.general.lists_mergeby#filter` when the hashes to merge contain arrays/lists.

-The examples below set ``recursive=true`` and display the differences among all six options of ``list_merge``. Functionality of the parameters is exactly the same as in the filter ``combine``. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.
+The examples below set :ansopt:`community.general.lists_mergeby#filter:recursive=true` and display the differences among all six options of :ansopt:`community.general.lists_mergeby#filter:list_merge`. Functionality of the parameters is exactly the same as in the filter :ansplugin:`ansible.builtin.combine#filter`. See :ref:`Combining hashes/dictionaries <combine_filter>` to learn details about these options.

 Let us use the lists below in the following examples

 .. code-block:: yaml

-  {{ lookup('file', 'default-recursive-true.yml')|indent(2) }}
+  {{ lookup('file', 'default-recursive-true.yml') | split('\n') | reject('match', '^(#|---)') | join ('\n') |indent(2) }}

-{% for i in examples[4:16] %}
-{{ i.label }}
+{% for i in examples[6:] %}
+{% if i.title | d('', true) | length > 0 %}
+{{ i.title }}
+{{ "%s" % ('"' * i.title|length) }}
+{% endif %}
+{{ i.description }}

 .. code-block:: {{ i.lang }}

-  {{ lookup('file', i.file)|indent(2) }}
+  {{ lookup('file', i.file) | split('\n') | reject('match', '^(#|---)') | join ('\n') |indent(2) }}

 {% endfor %}
--- a/docs/docsite/helper/lists_mergeby/list3.out.j2
+++ b/docs/docsite/helper/lists_mergeby/list3.out.j2
@@ -4,4 +4,4 @@ GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://w
 SPDX-License-Identifier: GPL-3.0-or-later
 #}
 list3:
-{{ list3|to_nice_yaml(indent=0) }}
+  {{ list3 | to_yaml(indent=2, sort_keys=false) | indent(2) }}
--- a/docs/docsite/helper/lists_mergeby/playbook.yml
+++ b/docs/docsite/helper/lists_mergeby/playbook.yml
@@ -5,7 +5,7 @@

 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # 1) Run all examples and create example-XXX.out
-# shell> ansible-playbook playbook.yml -e examples=true
+# shell> ansible-playbook playbook.yml -e examples_one=true
 #
 # 2) Optionally, for testing, create examples_all.rst
 # shell> ansible-playbook playbook.yml -e examples_all=true
@@ -45,18 +45,20 @@
          tags: t007
        - import_tasks: example-008.yml
          tags: t008
-      when: examples|d(false)|bool
+        - import_tasks: example-009.yml
+          tags: t009
+      when: examples_one | d(false) | bool

    - block:
        - include_vars: examples.yml
        - template:
            src: examples_all.rst.j2
            dest: examples_all.rst
-      when: examples_all|d(false)|bool
+      when: examples_all | d(false) | bool

    - block:
        - include_vars: examples.yml
        - template:
            src: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst.j2
            dest: filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
-      when: merging_lists_of_dictionaries|d(false)|bool
+      when: merging_lists_of_dictionaries | d(false) | bool
--- a/docs/docsite/links.yml
+++ b/docs/docsite/links.yml
@@ -9,6 +9,8 @@ edit_on_github:
  path_prefix: ''

 extra_links:
+  - description: Ask for help
+    url: https://forum.ansible.com/c/help/6/none
  - description: Submit a bug report
    url: https://github.com/ansible-collections/community.general/issues/new?assignees=&labels=&template=bug_report.yml
  - description: Request a feature
@@ -22,6 +24,10 @@ communication:
    - topic: General usage and support questions
      network: Libera
      channel: '#ansible'
-  mailing_lists:
-    - topic: Ansible Project List
-      url: https://groups.google.com/g/ansible-project
+  forums:
+    - topic: "Ansible Forum: General usage and support questions"
+      # The following URL directly points to the "Get Help" section
+      url: https://forum.ansible.com/c/help/6/none
+    - topic: "Ansible Forum: Discussions about the collection itself, not for specific modules or plugins"
+      # The following URL directly points to the "community-general" tag
+      url: https://forum.ansible.com/tag/community-general
--- a/docs/docsite/rst/filter_guide_abstract_informations.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations.rst
@@ -12,4 +12,5 @@ Abstract transformations
   filter_guide_abstract_informations_dictionaries
   filter_guide_abstract_informations_grouping
   filter_guide_abstract_informations_merging_lists_of_dictionaries
+   filter_guide_abstract_informations_lists_helper
   filter_guide_abstract_informations_counting_elements_in_sequence
--- a/docs/docsite/rst/filter_guide_abstract_informations_lists_helper.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_lists_helper.rst
@@ -0,0 +1,81 @@
+..
+  Copyright (c) Ansible Project
+  GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+  SPDX-License-Identifier: GPL-3.0-or-later
+
+Union, intersection and difference of lists
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Starting with Ansible Core 2.16, the builtin filters :ansplugin:`ansible.builtin.union#filter`, :ansplugin:`ansible.builtin.intersect#filter`, :ansplugin:`ansible.builtin.difference#filter` and :ansplugin:`ansible.builtin.symmetric_difference#filter` began to behave differently and do no longer preserve the item order. Items in the resulting lists are returned in arbitrary order and the order can vary between subsequent runs.
+
+The Ansible community.general collection provides the following additional list filters:
+
+- :ansplugin:`community.general.lists_union#filter`
+- :ansplugin:`community.general.lists_intersect#filter`
+- :ansplugin:`community.general.lists_difference#filter`
+- :ansplugin:`community.general.lists_symmetric_difference#filter`
+
+These filters preserve the item order, eliminate duplicates and are an extended version of the builtin ones, because they can operate on more than two lists.
+
+.. note:: Stick to the builtin filters, when item order is not important or when you do not need the n-ary operating mode. The builtin filters are faster, because they rely mostly on sets as their underlying datastructure.
+
+Let us use the lists below in the following examples:
+
+.. code-block:: yaml
+
+  A: [9, 5, 7, 1, 9, 4, 10, 5, 9, 7]
+  B: [4, 1, 2, 8, 3, 1, 7]
+  C: [10, 2, 1, 9, 1]
+
+The union of ``A`` and ``B`` can be written as:
+
+.. code-block:: yaml+jinja
+
+  result: "{{ A | community.general.lists_union(B) }}"
+
+This statement produces:
+
+.. code-block:: yaml
+
+  result: [9, 5, 7, 1, 4, 10, 2, 8, 3]
+
+If you want to calculate the intersection of ``A``, ``B`` and ``C``, you can use the following statement:
+
+.. code-block:: yaml+jinja
+
+  result: "{{ A | community.general.lists_intersect(B, C) }}"
+
+Alternatively, you can use a list of lists as an input of the filter
+
+.. code-block:: yaml+jinja
+
+  result: "{{ [A, B] | community.general.lists_intersect(C) }}"
+
+or
+
+.. code-block:: yaml+jinja
+
+  result: "{{ [A, B, C] | community.general.lists_intersect(flatten=true) }}"
+
+All three statements are equivalent and give:
+
+.. code-block:: yaml
+
+  result: [1]
+
+.. note:: Be aware that in most cases, filter calls without any argument require ``flatten=true``, otherwise the input is returned as result. The reason for this is, that the input is considered as a variable argument and is wrapped by an additional outer list. ``flatten=true`` ensures that this list is removed before the input is processed by the filter logic.
+
+The filters ansplugin:`community.general.lists_difference#filter` or :ansplugin:`community.general.lists_symmetric_difference#filter` can be used in the same way as the filters in the examples above. They calculate the difference or the symmetric difference between two or more lists and preserve the item order.
+
+For example, the symmetric difference of ``A``, ``B`` and ``C`` may be written as:
+
+.. code-block:: yaml+jinja
+
+  result: "{{ A | community.general.lists_symmetric_difference(B, C) }}"
+
+This gives:
+
+.. code-block:: yaml
+
+  result: [5, 8, 3, 1]
+
--- a/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_merging_lists_of_dictionaries.rst
@@ -6,33 +6,30 @@
 Merging lists of dictionaries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby filter <community.general.lists_mergeby#filter>`.
+If you have two or more lists of dictionaries and want to combine them into a list of merged dictionaries, where the dictionaries are merged by an attribute, you can use the :ansplugin:`community.general.lists_mergeby <community.general.lists_mergeby#filter>` filter.

-.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See :ref:`the documentation for the community.general.yaml callback plugin <ansible_collections.community.general.yaml_callback>`.
+.. note:: The output of the examples in this section use the YAML callback plugin. Quoting: "Ansible output that can be quite a bit easier to read than the default JSON formatting." See the documentation for the :ansplugin:`community.general.yaml callback plugin <community.general.yaml#callback>`.

 Let us use the lists below in the following examples:

 .. code-block:: yaml

  list1:
-    - name: foo
-      extra: true
-    - name: bar
-      extra: false
-    - name: meh
-      extra: true
+    - {name: foo, extra: true}
+    - {name: bar, extra: false}
+    - {name: meh, extra: true}

  list2:
-    - name: foo
-      path: /foo
-    - name: baz
-      path: /baz
+    - {name: foo, path: /foo}
+    - {name: baz, path: /baz}

+Two lists
+"""""""""
 In the example below the lists are merged by the attribute ``name``:

 .. code-block:: yaml+jinja

-  list3: "{{ list1|
+  list3: "{{ list1 |
             community.general.lists_mergeby(list2, 'name') }}"

 This produces:
@@ -40,24 +37,21 @@ This produces:
 .. code-block:: yaml

  list3:
-  - extra: false
-    name: bar
-  - name: baz
-    path: /baz
-  - extra: true
-    name: foo
-    path: /foo
-  - extra: true
-    name: meh
+    - {name: bar, extra: false}
+    - {name: baz, path: /baz}
+    - {name: foo, extra: true, path: /foo}
+    - {name: meh, extra: true}


 .. versionadded:: 2.0.0

+List of two lists
+"""""""""""""""""
 It is possible to use a list of lists as an input of the filter:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name') }}"

 This produces the same result as in the previous example:
@@ -65,15 +59,29 @@ This produces the same result as in the previous example:
 .. code-block:: yaml

  list3:
-  - extra: false
-    name: bar
-  - name: baz
-    path: /baz
-  - extra: true
-    name: foo
-    path: /foo
-  - extra: true
-    name: meh
+    - {name: bar, extra: false}
+    - {name: baz, path: /baz}
+    - {name: foo, extra: true, path: /foo}
+    - {name: meh, extra: true}
+
+Single list
+"""""""""""
+It is possible to merge single list:
+
+.. code-block:: yaml+jinja
+
+  list3: "{{ [list1 + list2, []] |
+             community.general.lists_mergeby('name') }}"
+
+This produces the same result as in the previous example:
+
+.. code-block:: yaml
+
+  list3:
+    - {name: bar, extra: false}
+    - {name: baz, path: /baz}
+    - {name: foo, extra: true, path: /foo}
+    - {name: meh, extra: true}


 The filter also accepts two optional parameters: :ansopt:`community.general.lists_mergeby#filter:recursive` and :ansopt:`community.general.lists_mergeby#filter:list_merge`. This is available since community.general 4.4.0.
@@ -95,8 +103,7 @@ Let us use the lists below in the following examples
      param01:
        x: default_value
        y: default_value
-        list:
-          - default_value
+        list: [default_value]
    - name: myname02
      param01: [1, 1, 2, 3]

@@ -105,16 +112,17 @@ Let us use the lists below in the following examples
      param01:
        y: patch_value
        z: patch_value
-        list:
-          - patch_value
+        list: [patch_value]
    - name: myname02
-      param01: [3, 4, 4, {key: value}]
+      param01: [3, 4, 4]

+list_merge=replace (default)
+""""""""""""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=replace` (default):

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true) }}"

@@ -123,25 +131,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [patch_value]
+        z: patch_value
+    - name: myname02
+      param01: [3, 4, 4]

+list_merge=keep
+"""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=keep`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='keep') }}"
@@ -151,25 +156,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [default_value]
+        z: patch_value
+    - name: myname02
+      param01: [1, 1, 2, 3]

+list_merge=append
+"""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='append') }}"
@@ -179,30 +181,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
-    - 3
-    - 4
-    - 4
-    - key: value
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [default_value, patch_value]
+        z: patch_value
+    - name: myname02
+      param01: [1, 1, 2, 3, 3, 4, 4]

+list_merge=prepend
+""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='prepend') }}"
@@ -212,30 +206,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
-    - 1
-    - 1
-    - 2
-    - 3
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [patch_value, default_value]
+        z: patch_value
+    - name: myname02
+      param01: [3, 4, 4, 1, 1, 2, 3]

+list_merge=append_rp
+""""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=append_rp`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='append_rp') }}"
@@ -245,29 +231,22 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - default_value
-      - patch_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 1
-    - 1
-    - 2
-    - 3
-    - 4
-    - 4
-    - key: value
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [default_value, patch_value]
+        z: patch_value
+    - name: myname02
+      param01: [1, 1, 2, 3, 4, 4]

+list_merge=prepend_rp
+"""""""""""""""""""""
 Example :ansopt:`community.general.lists_mergeby#filter:list_merge=prepend_rp`:

 .. code-block:: yaml+jinja

-  list3: "{{ [list1, list2]|
+  list3: "{{ [list1, list2] |
             community.general.lists_mergeby('name',
                                             recursive=true,
                                             list_merge='prepend_rp') }}"
@@ -277,21 +256,12 @@ This produces:
 .. code-block:: yaml

  list3:
-  - name: myname01
-    param01:
-      list:
-      - patch_value
-      - default_value
-      x: default_value
-      y: patch_value
-      z: patch_value
-  - name: myname02
-    param01:
-    - 3
-    - 4
-    - 4
-    - key: value
-    - 1
-    - 1
-    - 2
+    - name: myname01
+      param01:
+        x: default_value
+        y: patch_value
+        list: [patch_value, default_value]
+        z: patch_value
+    - name: myname02
+      param01: [3, 4, 4, 1, 1, 2]

--- a/docs/docsite/rst/guide_alicloud.rst
+++ b/docs/docsite/rst/guide_alicloud.rst
@@ -0,0 +1,96 @@
+..
+  Copyright (c) Ansible Project
+  GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+  SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _ansible_collections.community.general.docsite.guide_alicloud:
+
+Alibaba Cloud Compute Services Guide
+====================================
+
+Introduction
+````````````
+
+The community.general collection contains several modules for controlling and managing Alibaba Cloud Compute Services (Alicloud).  This guide
+explains how to use the Alicloud Ansible modules together.
+
+All Alicloud modules require ``footmark`` - install it on your control machine with ``pip install footmark``.
+
+Cloud modules, including Alicloud modules, are usually executed on your local machine (the control machine) with ``connection: local``, rather than on remote machines defined in your hosts.
+
+Normally, you'll use the following pattern for plays that provision Alicloud resources:
+
+.. code-block:: yaml
+
+    - hosts: localhost
+      connection: local
+      vars:
+        - ...
+      tasks:
+        - ...
+
+Authentication
+``````````````
+
+You can specify your Alicloud authentication credentials (access key and secret key) by passing them as
+environment variables or by storing them in a vars file.
+
+To pass authentication credentials as environment variables:
+
+.. code-block:: console
+
+    export ALICLOUD_ACCESS_KEY='Alicloud123'
+    export ALICLOUD_SECRET_KEY='AlicloudSecret123'
+
+To store authentication credentials in a vars file, encrypt them with :ref:`Ansible Vault <vault>` to keep them secure, then list them:
+
+.. code-block:: yaml
+
+    ---
+    alicloud_access_key: "--REMOVED--"
+    alicloud_secret_key: "--REMOVED--"
+
+Note that if you store your credentials in a vars file, you need to refer to them in each Alicloud module. For example:
+
+.. code-block:: yaml+jinja
+
+    - community.general.ali_instance:
+        alicloud_access_key: "{{ alicloud_access_key }}"
+        alicloud_secret_key: "{{ alicloud_secret_key }}"
+        image_id: "..."
+
+Provisioning
+````````````
+
+Alicloud modules create Alicloud ECS instances (:ansplugin:`community.general.ali_instance#module`) and retrieve information on these (:ansplugin:`community.general.ali_instance_info#module`).
+
+You can use the ``count`` parameter to control the number of resources you create or terminate. For example, if you want exactly 5 instances tagged ``NewECS``, set the ``count`` of instances to 5 and the ``count_tag`` to ``NewECS``, as shown in the last task of the example playbook below. If there are no instances with the tag ``NewECS``, the task creates 5 new instances. If there are 2 instances with that tag, the task creates 3 more. If there are 8 instances with that tag, the task terminates 3 of those instances.
+
+If you do not specify a ``count_tag``, the task creates the number of instances you specify in ``count`` with the ``instance_name`` you provide.
+
+.. code-block:: yaml+jinja
+
+    # alicloud_setup.yml
+
+    - hosts: localhost
+      connection: local
+
+      tasks:
+        - name: Create a set of instances
+          community.general.ali_instance:
+             instance_type: ecs.n4.small
+             image_id: "{{ ami_id }}"
+             instance_name: "My-new-instance"
+             instance_tags:
+                 Name: NewECS
+                 Version: 0.0.1
+             count: 5
+             count_tag:
+                 Name: NewECS
+             allocate_public_ip: true
+             max_bandwidth_out: 50
+          register: create_instance
+
+In the example playbook above, data about the instances created by this playbook is saved in the variable defined by the ``register`` keyword in the task.
+
+Each Alicloud module offers a variety of parameter options. Not all options are demonstrated in the above example. See each individual module for further details and examples.
--- a/docs/docsite/rst/guide_online.rst
+++ b/docs/docsite/rst/guide_online.rst
@@ -0,0 +1,49 @@
+..
+  Copyright (c) Ansible Project
+  GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+  SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _ansible_collections.community.general.docsite.guide_online:
+
+****************
+Online.net Guide
+****************
+
+Introduction
+============
+
+Online is a French hosting company mainly known for providing bare-metal servers named Dedibox.
+Check it out: `https://www.online.net/en <https://www.online.net/en>`_
+
+Dynamic inventory for Online resources
+--------------------------------------
+
+Ansible has a dynamic inventory plugin that can list your resources.
+
+1. Create a YAML configuration such as ``online_inventory.yml`` with this content:
+
+   .. code-block:: yaml
+
+       plugin: community.general.online
+
+2. Set your ``ONLINE_TOKEN`` environment variable with your token.
+
+   You need to open an account and log into it before you can get a token.
+   You can find your token at the following page: `https://console.online.net/en/api/access <https://console.online.net/en/api/access>`_
+
+3. You can test that your inventory is working by running:
+
+   .. code-block:: console
+
+       $ ansible-inventory -v -i online_inventory.yml --list
+
+
+4. Now you can run your playbook or any other module with this inventory:
+
+   .. code-block:: ansible-output
+
+       $ ansible all -i online_inventory.yml -m ping
+       sd-96735 | SUCCESS => {
+           "changed": false,
+           "ping": "pong"
+       }
--- a/docs/docsite/rst/guide_packet.rst
+++ b/docs/docsite/rst/guide_packet.rst
@@ -0,0 +1,214 @@
+..
+  Copyright (c) Ansible Project
+  GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+  SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _ansible_collections.community.general.docsite.guide_packet:
+
+**********************************
+Packet.net Guide
+**********************************
+
+Introduction
+============
+
+`Packet.net <https://packet.net>`_ is a bare metal infrastructure host that is supported by the community.general collection through six cloud modules. The six modules are:
+
+- :ansplugin:`community.general.packet_device#module`: manages servers on Packet. You can use this module to create, restart and delete devices.
+- :ansplugin:`community.general.packet_ip_subnet#module`: assign IP subnet to a bare metal server
+- :ansplugin:`community.general.packet_project#module`: create/delete a project in Packet host
+- :ansplugin:`community.general.packet_sshkey#module`: adds a public SSH key from file or value to the Packet infrastructure. Every subsequently-created device will have this public key installed in .ssh/authorized_keys.
+- :ansplugin:`community.general.packet_volume#module`: create/delete a volume in Packet host
+- :ansplugin:`community.general.packet_volume_attachment#module`: attach/detach a volume to a device in the Packet host
+
+Note, this guide assumes you are familiar with Ansible and how it works. If you are not, have a look at their :ref:`docs <ansible_documentation>` before getting started.
+
+Requirements
+============
+
+The Packet modules connect to the Packet API using the `packet-python package <https://pypi.org/project/packet-python/>`_. You can install it with pip:
+
+.. code-block:: console
+
+    $ pip install packet-python
+
+In order to check the state of devices created by Ansible on Packet, it is a good idea to install one of the `Packet CLI clients <https://www.packet.net/developers/integrations/>`_. Otherwise you can check them through the `Packet portal <https://app.packet.net/portal>`_.
+
+To use the modules you will need a Packet API token. You can generate an API token through the Packet portal `here <https://app.packet.net/portal#/api-keys>`__. The simplest way to authenticate yourself is to set the Packet API token in an environment variable:
+
+.. code-block:: console
+
+    $ export PACKET_API_TOKEN=Bfse9F24SFtfs423Gsd3ifGsd43sSdfs
+
+If you are not comfortable exporting your API token, you can pass it as a parameter to the modules.
+
+On Packet, devices and reserved IP addresses belong to `projects <https://www.packet.com/developers/api/#projects>`_. In order to use the packet_device module, you need to specify the UUID of the project in which you want to create or manage devices. You can find a project's UUID in the Packet portal `here <https://app.packet.net/portal#/projects/list/table/>`_ (it is just under the project table) or through one of the available `CLIs <https://www.packet.net/developers/integrations/>`_.
+
+
+If you want to use a new SSH key pair in this tutorial, you can generate it to ``./id_rsa`` and ``./id_rsa.pub`` as:
+
+.. code-block:: console
+
+    $ ssh-keygen -t rsa -f ./id_rsa
+
+If you want to use an existing key pair, just copy the private and public key over to the playbook directory.
+
+
+Device Creation
+===============
+
+The following code block is a simple playbook that creates one `Type 0 <https://www.packet.com/cloud/servers/t1-small/>`_ server (the ``plan`` parameter). You have to supply ``plan`` and ``operating_system``. ``location`` defaults to ``ewr1`` (Parsippany, NJ). You can find all the possible values for the parameters through a `CLI client <https://www.packet.net/developers/integrations/>`_.
+
+.. code-block:: yaml+jinja
+
+    # playbook_create.yml
+
+    - name: Create Ubuntu device
+      hosts: localhost
+      tasks:
+
+      - community.general.packet_sshkey:
+          key_file: ./id_rsa.pub
+          label: tutorial key
+
+      - community.general.packet_device:
+          project_id: <your_project_id>
+          hostnames: myserver
+          operating_system: ubuntu_16_04
+          plan: baremetal_0
+          facility: sjc1
+
+After running ``ansible-playbook playbook_create.yml``, you should have a server provisioned on Packet. You can verify through a CLI or in the `Packet portal <https://app.packet.net/portal#/projects/list/table>`__.
+
+If you get an error with the message "failed to set machine state present, error: Error 404: Not Found", please verify your project UUID.
+
+
+Updating Devices
+================
+
+The two parameters used to uniquely identify Packet devices are: "device_ids" and "hostnames". Both parameters accept either a single string (later converted to a one-element list), or a list of strings.
+
+The ``device_ids`` and ``hostnames`` parameters are mutually exclusive. The following values are all acceptable:
+
+- device_ids: ``a27b7a83-fc93-435b-a128-47a5b04f2dcf``
+
+- hostnames: ``mydev1``
+
+- device_ids: ``[a27b7a83-fc93-435b-a128-47a5b04f2dcf, 4887130f-0ccd-49a0-99b0-323c1ceb527b]``
+
+- hostnames: ``[mydev1, mydev2]``
+
+In addition, hostnames can contain a special ``%d`` formatter along with a ``count`` parameter that lets you easily expand hostnames that follow a simple name and number pattern; in other words, ``hostnames: "mydev%d", count: 2`` will expand to [mydev1, mydev2].
+
+If your playbook acts on existing Packet devices, you can only pass the ``hostname`` and ``device_ids`` parameters. The following playbook shows how you can reboot a specific Packet device by setting the ``hostname`` parameter:
+
+.. code-block:: yaml+jinja
+
+    # playbook_reboot.yml
+
+    - name: reboot myserver
+      hosts: localhost
+      tasks:
+
+      - community.general.packet_device:
+          project_id: <your_project_id>
+          hostnames: myserver
+          state: rebooted
+
+You can also identify specific Packet devices with the ``device_ids`` parameter. The device's UUID can be found in the `Packet Portal <https://app.packet.net/portal>`_ or by using a `CLI <https://www.packet.net/developers/integrations/>`_. The following playbook removes a Packet device using the ``device_ids`` field:
+
+.. code-block:: yaml+jinja
+
+    # playbook_remove.yml
+
+    - name: remove a device
+      hosts: localhost
+      tasks:
+
+      - community.general.packet_device:
+          project_id: <your_project_id>
+          device_ids: <myserver_device_id>
+          state: absent
+
+
+More Complex Playbooks
+======================
+
+In this example, we will create a CoreOS cluster with `user data <https://packet.com/developers/docs/servers/key-features/user-data/>`_.
+
+
+The CoreOS cluster will use `etcd <https://etcd.io/>`_ for discovery of other servers in the cluster. Before provisioning your servers, you will need to generate a discovery token for your cluster:
+
+.. code-block:: console
+
+    $ curl -w "\n" 'https://discovery.etcd.io/new?size=3'
+
+The following playbook will create an SSH key, 3 Packet servers, and then wait until SSH is ready (or until 5 minutes passed). Make sure to substitute the discovery token URL in ``user_data``, and the ``project_id`` before running ``ansible-playbook``. Also, feel free to change ``plan`` and ``facility``.
+
+.. code-block:: yaml+jinja
+
+    # playbook_coreos.yml
+
+    - name: Start 3 CoreOS nodes in Packet and wait until SSH is ready
+      hosts: localhost
+      tasks:
+
+      - community.general.packet_sshkey:
+          key_file: ./id_rsa.pub
+          label: new
+
+      - community.general.packet_device:
+          hostnames: [coreos-one, coreos-two, coreos-three]
+          operating_system: coreos_beta
+          plan: baremetal_0
+          facility: ewr1
+          project_id: <your_project_id>
+          wait_for_public_IPv: 4
+          user_data: |
+            #cloud-config
+            coreos:
+              etcd2:
+                discovery: https://discovery.etcd.io/<token>
+                advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001
+                initial-advertise-peer-urls: http://$private_ipv4:2380
+                listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
+                listen-peer-urls: http://$private_ipv4:2380
+              fleet:
+                public-ip: $private_ipv4
+              units:
+                - name: etcd2.service
+                  command: start
+                - name: fleet.service
+                  command: start
+        register: newhosts
+
+      - name: wait for ssh
+        ansible.builtin.wait_for:
+          delay: 1
+          host: "{{ item.public_ipv4 }}"
+          port: 22
+          state: started
+          timeout: 500
+        loop: "{{ newhosts.results[0].devices }}"
+
+
+As with most Ansible modules, the default states of the Packet modules are idempotent, meaning the resources in your project will remain the same after re-runs of a playbook. Thus, we can keep the ``packet_sshkey`` module call in our playbook. If the public key is already in your Packet account, the call will have no effect.
+
+The second module call provisions 3 Packet Type 0 (specified using the ``plan`` parameter) servers in the project identified by the ``project_id`` parameter. The servers are all provisioned with CoreOS beta (the ``operating_system`` parameter) and are customized with cloud-config user data passed to the ``user_data`` parameter.
+
+The ``packet_device`` module has a ``wait_for_public_IPv`` that is used to specify the version of the IP address to wait for (valid values are ``4`` or ``6`` for IPv4 or IPv6). If specified, Ansible will wait until the GET API call for a device contains an Internet-routeable IP address of the specified version. When referring to an IP address of a created device in subsequent module calls, it is wise to use the ``wait_for_public_IPv`` parameter, or ``state: active`` in the packet_device module call.
+
+Run the playbook:
+
+.. code-block:: console
+
+    $ ansible-playbook playbook_coreos.yml
+
+Once the playbook quits, your new devices should be reachable through SSH. Try to connect to one and check if etcd has started properly:
+
+.. code-block:: console
+
+    tomk@work $ ssh -i id_rsa core@$one_of_the_servers_ip
+    core@coreos-one ~ $ etcdctl cluster-health
+
+If you have any questions or comments let us know! help@packet.net
--- a/docs/docsite/rst/guide_scaleway.rst
+++ b/docs/docsite/rst/guide_scaleway.rst
@@ -0,0 +1,320 @@
+..
+  Copyright (c) Ansible Project
+  GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+  SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _ansible_collections.community.general.docsite.guide_scaleway:
+
+**************
+Scaleway Guide
+**************
+
+Introduction
+============
+
+`Scaleway <https://scaleway.com>`_ is a cloud provider supported by the community.general collection through a set of plugins and modules.
+Those modules are:
+
+- :ansplugin:`community.general.scaleway_compute#module`: manages servers on Scaleway. You can use this module to create, restart and delete servers.
+- :ansplugin:`community.general.scaleway_compute_private_network#module`
+- :ansplugin:`community.general.scaleway_container#module`
+- :ansplugin:`community.general.scaleway_container_info#module`
+- :ansplugin:`community.general.scaleway_container_namespace_info#module`
+- :ansplugin:`community.general.scaleway_container_namespace#module`
+- :ansplugin:`community.general.scaleway_container_registry_info#module`
+- :ansplugin:`community.general.scaleway_container_registry#module`
+- :ansplugin:`community.general.scaleway_database_backup#module`
+- :ansplugin:`community.general.scaleway_function#module`
+- :ansplugin:`community.general.scaleway_function_info#module`
+- :ansplugin:`community.general.scaleway_function_namespace_info#module`
+- :ansplugin:`community.general.scaleway_function_namespace#module`
+- :ansplugin:`community.general.scaleway_image_info#module`
+- :ansplugin:`community.general.scaleway_ip#module`
+- :ansplugin:`community.general.scaleway_ip_info#module`
+- :ansplugin:`community.general.scaleway_lb#module`
+- :ansplugin:`community.general.scaleway_organization_info#module`
+- :ansplugin:`community.general.scaleway_private_network#module`
+- :ansplugin:`community.general.scaleway_security_group#module`
+- :ansplugin:`community.general.scaleway_security_group_info#module`
+- :ansplugin:`community.general.scaleway_security_group_rule#module`
+- :ansplugin:`community.general.scaleway_server_info#module`
+- :ansplugin:`community.general.scaleway_snapshot_info#module`
+- :ansplugin:`community.general.scaleway_sshkey#module`: adds a public SSH key from a file or value to the Packet infrastructure. Every subsequently-created device will have this public key installed in .ssh/authorized_keys.
+- :ansplugin:`community.general.scaleway_user_data#module`
+- :ansplugin:`community.general.scaleway_volume#module`: manages volumes on Scaleway.
+- :ansplugin:`community.general.scaleway_volume_info#module`
+
+The plugins are:
+
+- :ansplugin:`community.general.scaleway#inventory`: inventory plugin
+
+
+.. note::
+   This guide assumes you are familiar with Ansible and how it works.
+   If you are not, have a look at :ref:`ansible_documentation` before getting started.
+
+Requirements
+============
+
+The Scaleway modules and inventory script connect to the Scaleway API using `Scaleway REST API <https://developer.scaleway.com>`_.
+To use the modules and inventory script you will need a Scaleway API token.
+You can generate an API token through the `Scaleway console's credential page <https://cloud.scaleway.com/#/credentials>`__.
+The simplest way to authenticate yourself is to set the Scaleway API token in an environment variable:
+
+.. code-block:: console
+
+    $ export SCW_TOKEN=00000000-1111-2222-3333-444444444444
+
+If you are not comfortable exporting your API token, you can pass it as a parameter to the modules using the ``api_token`` argument.
+
+If you want to use a new SSH key pair in this tutorial, you can generate it to ``./id_rsa`` and ``./id_rsa.pub`` as:
+
+.. code-block:: console
+
+    $ ssh-keygen -t rsa -f ./id_rsa
+
+If you want to use an existing key pair, just copy the private and public key over to the playbook directory.
+
+How to add an SSH key?
+======================
+
+Connection to Scaleway Compute nodes use Secure Shell.
+SSH keys are stored at the account level, which means that you can reuse the same SSH key in multiple nodes.
+The first step to configure Scaleway compute resources is to have at least one SSH key configured.
+
+:ansplugin:`community.general.scaleway_sshkey#module` is a module that manages SSH keys on your Scaleway account.
+You can add an SSH key to your account by including the following task in a playbook:
+
+.. code-block:: yaml+jinja
+
+    - name: "Add SSH key"
+      community.general.scaleway_sshkey:
+        ssh_pub_key: "ssh-rsa AAAA..."
+        state: "present"
+
+The ``ssh_pub_key`` parameter contains your ssh public key as a string. Here is an example inside a playbook:
+
+
+.. code-block:: yaml+jinja
+
+    - name: Test SSH key lifecycle on a Scaleway account
+      hosts: localhost
+      gather_facts: false
+      environment:
+        SCW_API_KEY: ""
+
+      tasks:
+
+        - community.general.scaleway_sshkey:
+            ssh_pub_key: "ssh-rsa AAAAB...424242 developer@example.com"
+            state: present
+          register: result
+
+        - ansible.builtin.assert:
+            that:
+              - result is success and result is changed
+
+How to create a compute instance?
+=================================
+
+Now that we have an SSH key configured, the next step is to spin up a server!
+:ansplugin:`community.general.scaleway_compute#module` is a module that can create, update and delete Scaleway compute instances:
+
+.. code-block:: yaml+jinja
+
+    - name: Create a server
+      community.general.scaleway_compute:
+        name: foobar
+        state: present
+        image: 00000000-1111-2222-3333-444444444444
+        organization: 00000000-1111-2222-3333-444444444444
+        region: ams1
+        commercial_type: START1-S
+
+Here are the parameter details for the example shown above:
+
+- ``name`` is the name of the instance (the one that will show up in your web console).
+- ``image`` is the UUID of the system image you would like to use.
+  A list of all images is available for each availability zone.
+- ``organization`` represents the organization that your account is attached to.
+- ``region`` represents the Availability Zone which your instance is in (for this example, ``par1`` and ``ams1``).
+- ``commercial_type`` represents the name of the commercial offers.
+  You can check out the Scaleway pricing page to find which instance is right for you.
+
+Take a look at this short playbook to see a working example using ``scaleway_compute``:
+
+.. code-block:: yaml+jinja
+
+    - name: Test compute instance lifecycle on a Scaleway account
+      hosts: localhost
+      gather_facts: false
+      environment:
+        SCW_API_KEY: ""
+
+      tasks:
+
+        - name: Create a server
+          register: server_creation_task
+          community.general.scaleway_compute:
+            name: foobar
+            state: present
+            image: 00000000-1111-2222-3333-444444444444
+            organization: 00000000-1111-2222-3333-444444444444
+            region: ams1
+            commercial_type: START1-S
+            wait: true
+
+        - ansible.builtin.debug:
+            var: server_creation_task
+
+        - ansible.builtin.assert:
+            that:
+              - server_creation_task is success
+              - server_creation_task is changed
+
+        - name: Run it
+          community.general.scaleway_compute:
+            name: foobar
+            state: running
+            image: 00000000-1111-2222-3333-444444444444
+            organization: 00000000-1111-2222-3333-444444444444
+            region: ams1
+            commercial_type: START1-S
+            wait: true
+            tags:
+              - web_server
+          register: server_run_task
+
+        - ansible.builtin.debug:
+            var: server_run_task
+
+        - ansible.builtin.assert:
+            that:
+              - server_run_task is success
+              - server_run_task is changed
+
+Dynamic Inventory Plugin
+========================
+
+Ansible ships with :ansplugin:`community.general.scaleway#inventory`.
+You can now get a complete inventory of your Scaleway resources through this plugin and filter it on
+different parameters (``regions`` and ``tags`` are currently supported).
+
+Let us create an example!
+Suppose that we want to get all hosts that got the tag web_server.
+Create a file named ``scaleway_inventory.yml`` with the following content:
+
+.. code-block:: yaml+jinja
+
+    plugin: community.general.scaleway
+    regions:
+      - ams1
+      - par1
+    tags:
+      - web_server
+
+This inventory means that we want all hosts that got the tag ``web_server`` on the zones ``ams1`` and ``par1``.
+Once you have configured this file, you can get the information using the following command:
+
+.. code-block:: console
+
+    $ ansible-inventory --list -i scaleway_inventory.yml
+
+The output will be:
+
+.. code-block:: json
+
+    {
+        "_meta": {
+            "hostvars": {
+                "dd8e3ae9-0c7c-459e-bc7b-aba8bfa1bb8d": {
+                    "ansible_verbosity": 6,
+                    "arch": "x86_64",
+                    "commercial_type": "START1-S",
+                    "hostname": "foobar",
+                    "ipv4": "192.0.2.1",
+                    "organization": "00000000-1111-2222-3333-444444444444",
+                    "state": "running",
+                    "tags": [
+                        "web_server"
+                    ]
+                }
+            }
+        },
+        "all": {
+            "children": [
+                "ams1",
+                "par1",
+                "ungrouped",
+                "web_server"
+            ]
+        },
+        "ams1": {},
+        "par1": {
+            "hosts": [
+                "dd8e3ae9-0c7c-459e-bc7b-aba8bfa1bb8d"
+            ]
+        },
+        "ungrouped": {},
+        "web_server": {
+            "hosts": [
+                "dd8e3ae9-0c7c-459e-bc7b-aba8bfa1bb8d"
+            ]
+        }
+    }
+
+As you can see, we get different groups of hosts.
+``par1`` and ``ams1`` are groups based on location.
+``web_server`` is a group based on a tag.
+
+In case a filter parameter is not defined, the plugin supposes all values possible are wanted.
+This means that for each tag that exists on your Scaleway compute nodes, a group based on each tag will be created.
+
+Scaleway S3 object storage
+==========================
+
+`Object Storage <https://www.scaleway.com/object-storage>`_ allows you to store any kind of objects (documents, images, videos, and so on).
+As the Scaleway API is S3 compatible, Ansible supports it natively through the amazon.aws modules: :ansplugin:`amazon.aws.s3_bucket#module`, :ansplugin:`amazon.aws.s3_object#module`.
+
+You can find many examples in the `scaleway_s3 integration tests <https://github.com/ansible/ansible-legacy-tests/tree/devel/test/legacy/roles/scaleway_s3>`_.
+
+.. code-block:: yaml+jinja
+
+    - hosts: myserver
+      vars:
+        scaleway_region: nl-ams
+        s3_url: https://s3.nl-ams.scw.cloud
+      environment:
+        # AWS_ACCESS_KEY matches your scaleway organization id available at https://cloud.scaleway.com/#/account
+        AWS_ACCESS_KEY: 00000000-1111-2222-3333-444444444444
+        # AWS_SECRET_KEY matches a secret token that you can retrieve at https://cloud.scaleway.com/#/credentials
+        AWS_SECRET_KEY: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
+      module_defaults:
+        group/amazon.aws.aws:
+          s3_url: '{{ s3_url }}'
+          region: '{{ scaleway_region }}'
+      tasks:
+       # use a fact instead of a variable, otherwise template is evaluate each time variable is used
+        - ansible.builtin.set_fact:
+            bucket_name: "{{ 99999999 | random | to_uuid }}"
+
+        # "requester_pays:" is mandatory because Scaleway does not implement related API
+        # another way is to use amazon.aws.s3_object and "mode: create" !
+        - amazon.aws.s3_bucket:
+            name: '{{ bucket_name }}'
+            requester_pays:
+
+        - name: Another way to create the bucket
+          amazon.aws.s3_object:
+            bucket: '{{ bucket_name }}'
+            mode: create
+            encrypt: false
+          register: bucket_creation_check
+
+        - name: add something in the bucket
+          amazon.aws.s3_object:
+            mode: put
+            bucket: '{{ bucket_name }}'
+            src: /tmp/test.txt  #  needs to be created before
+            object: test.txt
+            encrypt: false  # server side encryption must be disabled
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -5,7 +5,7 @@

 namespace: community
 name: general
-version: 8.1.0
+version: 8.6.10
 readme: README.md
 authors:
  - Ansible (https://github.com/ansible)
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@@ -4,7 +4,37 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 requires_ansible: '>=2.13.0'
+action_groups:
+  consul:
+    - consul_auth_method
+    - consul_binding_rule
+    - consul_policy
+    - consul_role
+    - consul_session
+    - consul_token
 plugin_routing:
+  callback:
+    actionable:
+      tombstone:
+        removal_version: 2.0.0
+        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
+          = no' and 'display_ok_hosts = no' options.
+    full_skip:
+      tombstone:
+        removal_version: 2.0.0
+        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
+          = no' option.
+    hipchat:
+      deprecation:
+        removal_version: 10.0.0
+        warning_text: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
+    osx_say:
+      redirect: community.general.say
+    stderr:
+      tombstone:
+        removal_version: 2.0.0
+        warning_text: Use the 'default' callback plugin with 'display_failed_stderr
+          = yes' option.
  connection:
    docker:
      redirect: community.docker.docker
@@ -22,6 +52,10 @@ plugin_routing:
    nios_next_network:
      redirect: infoblox.nios_modules.nios_next_network
  modules:
+    consul_acl:
+      deprecation:
+        removal_version: 10.0.0
+        warning_text: Use community.general.consul_token and/or community.general.consul_policy instead.
    rax_cbs_attachments:
      deprecation:
        removal_version: 9.0.0
@@ -153,9 +187,9 @@ plugin_routing:
    stackdriver:
      deprecation:
        removal_version: 9.0.0
-        warning_text: >
-          This module relies on HTTPS APIs that do not exist anymore, and any new development in the
-          direction of providing an alternative should happen in the context of the google.cloud collection.
+        warning_text: This module relies on HTTPS APIs that do not exist anymore,
+          and any new development in the direction of providing an alternative should
+          happen in the context of the google.cloud collection.
    system.aix_devices:
      redirect: community.general.aix_devices
      deprecation:
@@ -807,7 +841,8 @@ plugin_routing:
    flowdock:
      deprecation:
        removal_version: 9.0.0
-        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and
+          there is no clear path to update.
    notification.flowdock:
      redirect: community.general.flowdock
      deprecation:
@@ -4446,7 +4481,8 @@ plugin_routing:
    webfaction_app:
      deprecation:
        removal_version: 9.0.0
-        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and
+          there is no clear path to update.
    cloud.webfaction.webfaction_app:
      redirect: community.general.webfaction_app
      deprecation:
@@ -4457,7 +4493,8 @@ plugin_routing:
    webfaction_db:
      deprecation:
        removal_version: 9.0.0
-        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and
+          there is no clear path to update.
    cloud.webfaction.webfaction_db:
      redirect: community.general.webfaction_db
      deprecation:
@@ -4468,7 +4505,8 @@ plugin_routing:
    webfaction_domain:
      deprecation:
        removal_version: 9.0.0
-        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and
+          there is no clear path to update.
    cloud.webfaction.webfaction_domain:
      redirect: community.general.webfaction_domain
      deprecation:
@@ -4479,7 +4517,8 @@ plugin_routing:
    webfaction_mailbox:
      deprecation:
        removal_version: 9.0.0
-        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and
+          there is no clear path to update.
    cloud.webfaction.webfaction_mailbox:
      redirect: community.general.webfaction_mailbox
      deprecation:
@@ -4490,7 +4529,8 @@ plugin_routing:
    webfaction_site:
      deprecation:
        removal_version: 9.0.0
-        warning_text: This module relies on HTTPS APIs that do not exist anymore and there is no clear path to update.
+        warning_text: This module relies on HTTPS APIs that do not exist anymore and
+          there is no clear path to update.
    cloud.webfaction.webfaction_site:
      redirect: community.general.webfaction_site
      deprecation:
@@ -4646,7 +4686,8 @@ plugin_routing:
    rackspace:
      deprecation:
        removal_version: 9.0.0
-        warning_text: This doc fragment is used by rax modules, that rely on the deprecated package pyrax.
+        warning_text: This doc fragment is used by rax modules, that rely on the deprecated
+          package pyrax.
    _gcp:
      redirect: community.google._gcp
    docker:
@@ -4688,24 +4729,6 @@ plugin_routing:
      redirect: dellemc.openmanage.dellemc_idrac
    remote_management.dellemc.ome:
      redirect: dellemc.openmanage.ome
-  callback:
-    actionable:
-      tombstone:
-        removal_version: 2.0.0
-        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
-          = no' and 'display_ok_hosts = no' options.
-    full_skip:
-      tombstone:
-        removal_version: 2.0.0
-        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
-          = no' option.
-    osx_say:
-      redirect: community.general.say
-    stderr:
-      tombstone:
-        removal_version: 2.0.0
-        warning_text: Use the 'default' callback plugin with 'display_failed_stderr
-          = yes' option.
  inventory:
    docker_machine:
      redirect: community.docker.docker_machine
--- a/plugins/action/iptables_state.py
+++ b/plugins/action/iptables_state.py
@@ -88,6 +88,10 @@ class ActionModule(ActionBase):
            max_timeout = self._connection._play_context.timeout
            module_args = self._task.args

+            async_status_args = {}
+            starter_cmd = None
+            confirm_cmd = None
+
            if module_args.get('state', None) == 'restored':
                if not wrap_async:
                    if not check_mode:
--- a/plugins/callback/default_without_diff.py
+++ b/plugins/callback/default_without_diff.py
@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2024, Felix Fontein <felix@fontein.de>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+  name: default_without_diff
+  type: stdout
+  short_description: The default ansible callback without diff output
+  version_added: 8.4.0
+  description:
+    - This is basically the default ansible callback plugin (P(ansible.builtin.default#callback)) without
+      showing diff output. This can be useful when using another callback which sends more detailed information
+      to another service, like the L(ARA, https://ara.recordsansible.org/) callback, and you want diff output
+      sent to that plugin but not shown on the console output.
+  author: Felix Fontein (@felixfontein)
+  extends_documentation_fragment:
+    - ansible.builtin.default_callback
+    - ansible.builtin.result_format_callback
+'''
+
+EXAMPLES = r'''
+# Enable callback in ansible.cfg:
+ansible_config: |
+  [defaults]
+  stdout_callback = community.general.default_without_diff
+
+# Enable callback with environment variables:
+environment_variable: |
+  ANSIBLE_STDOUT_CALLBACK=community.general.default_without_diff
+'''
+
+from ansible.plugins.callback.default import CallbackModule as Default
+
+
+class CallbackModule(Default):
+    CALLBACK_VERSION = 2.0
+    CALLBACK_TYPE = 'stdout'
+    CALLBACK_NAME = 'community.general.default_without_diff'
+
+    def v2_on_file_diff(self, result):
+        pass
--- a/plugins/callback/hipchat.py
+++ b/plugins/callback/hipchat.py
@@ -18,6 +18,10 @@ DOCUMENTATION = '''
    description:
      - This callback plugin sends status updates to a HipChat channel during playbook execution.
      - Before 2.4 only environment variables were available for configuring this plugin.
+    deprecated:
+      removed_in: 10.0.0
+      why: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
+      alternative: There is none.
    options:
      token:
        description: HipChat API token for v1 or v2 API.
--- a/plugins/callback/loganalytics.py
+++ b/plugins/callback/loganalytics.py
@@ -59,13 +59,16 @@ import uuid
 import socket
 import getpass

-from datetime import datetime
 from os.path import basename

 from ansible.module_utils.urls import open_url
 from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class AzureLogAnalyticsSource(object):
    def __init__(self):
@@ -93,7 +96,7 @@ class AzureLogAnalyticsSource(object):
        return "https://{0}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01".format(workspace_id)

    def __rfc1123date(self):
-        return datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')
+        return now().strftime('%a, %d %b %Y %H:%M:%S GMT')

    def send_event(self, workspace_id, shared_key, state, result, runtime):
        if result._task_fields['args'].get('_ansible_check_mode') is True:
@@ -167,7 +170,7 @@ class CallbackModule(CallbackBase):

    def _seconds_since_start(self, result):
        return (
-            datetime.utcnow() -
+            now() -
            self.start_datetimes[result._task._uuid]
        ).total_seconds()

@@ -185,10 +188,10 @@ class CallbackModule(CallbackBase):
        self.loganalytics.ansible_playbook = basename(playbook._file_name)

    def v2_playbook_on_task_start(self, task, is_conditional):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_playbook_on_handler_task_start(self, task):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_runner_on_ok(self, result, **kwargs):
        self.loganalytics.send_event(
--- a/plugins/callback/logstash.py
+++ b/plugins/callback/logstash.py
@@ -99,7 +99,6 @@ from ansible import context
 import socket
 import uuid
 import logging
-from datetime import datetime

 try:
    import logstash
@@ -109,6 +108,10 @@ except ImportError:

 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class CallbackModule(CallbackBase):

@@ -126,7 +129,7 @@ class CallbackModule(CallbackBase):
                                  "pip install python-logstash for Python 2"
                                  "pip install python3-logstash for Python 3")

-        self.start_time = datetime.utcnow()
+        self.start_time = now()

    def _init_plugin(self):
        if not self.disabled:
@@ -185,7 +188,7 @@ class CallbackModule(CallbackBase):
            self.logger.info("ansible start", extra=data)

    def v2_playbook_on_stats(self, stats):
-        end_time = datetime.utcnow()
+        end_time = now()
        runtime = end_time - self.start_time
        summarize_stat = {}
        for host in stats.processed.keys():
--- a/plugins/callback/mail.py
+++ b/plugins/callback/mail.py
@@ -71,6 +71,16 @@ options:
    ini:
        - section: callback_mail
          key: bcc
+  message_id_domain:
+    description:
+        - The domain name to use for the L(Message-ID header, https://en.wikipedia.org/wiki/Message-ID).
+        - The default is the hostname of the control node.
+    type: str
+    ini:
+        - section: callback_mail
+          key: message_id_domain
+    version_added: 8.2.0
+
 '''

 import json
@@ -131,7 +141,7 @@ class CallbackModule(CallbackBase):
            content += 'To: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in to_addresses])
        if self.cc:
            content += 'Cc: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in cc_addresses])
-        content += 'Message-ID: %s\n' % email.utils.make_msgid()
+        content += 'Message-ID: %s\n' % email.utils.make_msgid(domain=self.get_option('message_id_domain'))
        content += 'Subject: %s\n\n' % subject.strip()
        content += body

--- a/plugins/callback/opentelemetry.py
+++ b/plugins/callback/opentelemetry.py
@@ -304,6 +304,7 @@ class OpenTelemetrySource(object):
        status = Status(status_code=StatusCode.OK)
        if host_data.status != 'included':
            # Support loops
+            enriched_error_message = None
            if 'results' in host_data.result._result:
                if host_data.status == 'failed':
                    message = self.get_error_message_from_results(host_data.result._result['results'], task_data.action)
@@ -350,7 +351,8 @@ class OpenTelemetrySource(object):
        if not disable_logs:
            # This will avoid populating span attributes to the logs
            span.add_event(task_data.dump, attributes={} if disable_attributes_in_logs else attributes)
-            span.end(end_time=host_data.finish)
+        # Close span always
+        span.end(end_time=host_data.finish)

    def set_span_attributes(self, span, attributes):
        """ update the span attributes with the given attributes if not None """
@@ -497,6 +499,20 @@ class CallbackModule(CallbackBase):
        # See https://github.com/open-telemetry/opentelemetry-specification/issues/740
        self.traceparent = self.get_option('traceparent')

+    def dump_results(self, task, result):
+        """ dump the results if disable_logs is not enabled """
+        if self.disable_logs:
+            return ""
+        # ansible.builtin.uri contains the response in the json field
+        save = dict(result._result)
+
+        if "json" in save and task.action in ("ansible.builtin.uri", "ansible.legacy.uri", "uri"):
+            save.pop("json")
+        # ansible.builtin.slurp contains the response in the content field
+        if "content" in save and task.action in ("ansible.builtin.slurp", "ansible.legacy.slurp", "slurp"):
+            save.pop("content")
+        return self._dump_results(save)
+
    def v2_playbook_on_start(self, playbook):
        self.ansible_playbook = basename(playbook._file_name)

@@ -546,7 +562,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            status,
            result,
-            self._dump_results(result._result)
+            self.dump_results(self.tasks_data[result._task._uuid], result)
        )

    def v2_runner_on_ok(self, result):
@@ -554,7 +570,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            'ok',
            result,
-            self._dump_results(result._result)
+            self.dump_results(self.tasks_data[result._task._uuid], result)
        )

    def v2_runner_on_skipped(self, result):
@@ -562,7 +578,7 @@ class CallbackModule(CallbackBase):
            self.tasks_data,
            'skipped',
            result,
-            self._dump_results(result._result)
+            self.dump_results(self.tasks_data[result._task._uuid], result)
        )

    def v2_playbook_on_include(self, included_file):
--- a/plugins/callback/splunk.py
+++ b/plugins/callback/splunk.py
@@ -88,13 +88,16 @@ import uuid
 import socket
 import getpass

-from datetime import datetime
 from os.path import basename

 from ansible.module_utils.urls import open_url
 from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class SplunkHTTPCollectorSource(object):
    def __init__(self):
@@ -134,7 +137,7 @@ class SplunkHTTPCollectorSource(object):
        else:
            time_format = '%Y-%m-%d %H:%M:%S +0000'

-        data['timestamp'] = datetime.utcnow().strftime(time_format)
+        data['timestamp'] = now().strftime(time_format)
        data['host'] = self.host
        data['ip_address'] = self.ip_address
        data['user'] = self.user
@@ -181,7 +184,7 @@ class CallbackModule(CallbackBase):

    def _runtime(self, result):
        return (
-            datetime.utcnow() -
+            now() -
            self.start_datetimes[result._task._uuid]
        ).total_seconds()

@@ -220,10 +223,10 @@ class CallbackModule(CallbackBase):
        self.splunk.ansible_playbook = basename(playbook._file_name)

    def v2_playbook_on_task_start(self, task, is_conditional):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_playbook_on_handler_task_start(self, task):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_runner_on_ok(self, result, **kwargs):
        self.splunk.send_event(
--- a/plugins/callback/sumologic.py
+++ b/plugins/callback/sumologic.py
@@ -46,13 +46,16 @@ import uuid
 import socket
 import getpass

-from datetime import datetime
 from os.path import basename

 from ansible.module_utils.urls import open_url
 from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase

+from ansible_collections.community.general.plugins.module_utils.datetime import (
+    now,
+)
+

 class SumologicHTTPCollectorSource(object):
    def __init__(self):
@@ -84,8 +87,7 @@ class SumologicHTTPCollectorSource(object):
        data['uuid'] = result._task._uuid
        data['session'] = self.session
        data['status'] = state
-        data['timestamp'] = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S '
-                                                       '+0000')
+        data['timestamp'] = now().strftime('%Y-%m-%d %H:%M:%S +0000')
        data['host'] = self.host
        data['ip_address'] = self.ip_address
        data['user'] = self.user
@@ -123,7 +125,7 @@ class CallbackModule(CallbackBase):

    def _runtime(self, result):
        return (
-            datetime.utcnow() -
+            now() -
            self.start_datetimes[result._task._uuid]
        ).total_seconds()

@@ -144,10 +146,10 @@ class CallbackModule(CallbackBase):
        self.sumologic.ansible_playbook = basename(playbook._file_name)

    def v2_playbook_on_task_start(self, task, is_conditional):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_playbook_on_handler_task_start(self, task):
-        self.start_datetimes[task._uuid] = datetime.utcnow()
+        self.start_datetimes[task._uuid] = now()

    def v2_runner_on_ok(self, result, **kwargs):
        self.sumologic.send_event(
--- a/plugins/callback/yaml.py
+++ b/plugins/callback/yaml.py
@@ -19,6 +19,16 @@ DOCUMENTATION = '''
      - default_callback
    requirements:
      - set as stdout in configuration
+    seealso:
+      - plugin: ansible.builtin.default
+        plugin_type: callback
+        description: >
+          There is a parameter O(ansible.builtin.default#callback:result_format) in P(ansible.builtin.default#callback)
+          that allows you to change the output format to YAML.
+    notes:
+      - >
+        With ansible-core 2.13 or newer, you can instead specify V(yaml) for the parameter O(ansible.builtin.default#callback:result_format)
+        in P(ansible.builtin.default#callback).
 '''

 import yaml
--- a/plugins/connection/incus.py
+++ b/plugins/connection/incus.py
@@ -0,0 +1,169 @@
+# -*- coding: utf-8 -*-
+# Based on lxd.py (c) 2016, Matt Clay <matt@mystile.com>
+# (c) 2023, Stephane Graber <stgraber@stgraber.org>
+# Copyright (c) 2023 Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = """
+    author: Stéphane Graber (@stgraber)
+    name: incus
+    short_description: Run tasks in Incus instances via the Incus CLI.
+    description:
+        - Run commands or put/fetch files to an existing Incus instance using Incus CLI.
+    version_added: "8.2.0"
+    options:
+      remote_addr:
+        description:
+            - The instance identifier.
+        default: inventory_hostname
+        vars:
+            - name: inventory_hostname
+            - name: ansible_host
+            - name: ansible_incus_host
+      executable:
+        description:
+            - The shell to use for execution inside the instance.
+        default: /bin/sh
+        vars:
+            - name: ansible_executable
+            - name: ansible_incus_executable
+      remote:
+        description:
+            - The name of the Incus remote to use (per C(incus remote list)).
+            - Remotes are used to access multiple servers from a single client.
+        default: local
+        vars:
+            - name: ansible_incus_remote
+      project:
+        description:
+            - The name of the Incus project to use (per C(incus project list)).
+            - Projects are used to divide the instances running on a server.
+        default: default
+        vars:
+            - name: ansible_incus_project
+"""
+
+import os
+from subprocess import call, Popen, PIPE
+
+from ansible.errors import AnsibleError, AnsibleConnectionFailure, AnsibleFileNotFound
+from ansible.module_utils.common.process import get_bin_path
+from ansible.module_utils._text import to_bytes, to_text
+from ansible.plugins.connection import ConnectionBase
+
+
+class Connection(ConnectionBase):
+    """ Incus based connections """
+
+    transport = "incus"
+    has_pipelining = True
+    default_user = 'root'
+
+    def __init__(self, play_context, new_stdin, *args, **kwargs):
+        super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
+
+        self._incus_cmd = get_bin_path("incus")
+
+        if not self._incus_cmd:
+            raise AnsibleError("incus command not found in PATH")
+
+    def _connect(self):
+        """connect to Incus (nothing to do here) """
+        super(Connection, self)._connect()
+
+        if not self._connected:
+            self._display.vvv(u"ESTABLISH Incus CONNECTION FOR USER: root",
+                              host=self._instance())
+            self._connected = True
+
+    def _instance(self):
+        # Return only the leading part of the FQDN as the instance name
+        # as Incus instance names cannot be a FQDN.
+        return self.get_option('remote_addr').split(".")[0]
+
+    def exec_command(self, cmd, in_data=None, sudoable=True):
+        """ execute a command on the Incus host """
+        super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
+
+        self._display.vvv(u"EXEC {0}".format(cmd),
+                          host=self._instance())
+
+        local_cmd = [
+            self._incus_cmd,
+            "--project", self.get_option("project"),
+            "exec",
+            "%s:%s" % (self.get_option("remote"), self._instance()),
+            "--",
+            self._play_context.executable, "-c", cmd]
+
+        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
+        in_data = to_bytes(in_data, errors='surrogate_or_strict', nonstring='passthru')
+
+        process = Popen(local_cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+        stdout, stderr = process.communicate(in_data)
+
+        stdout = to_text(stdout)
+        stderr = to_text(stderr)
+
+        if stderr == "Error: Instance is not running.\n":
+            raise AnsibleConnectionFailure("instance not running: %s" %
+                                           self._instance())
+
+        if stderr == "Error: Instance not found\n":
+            raise AnsibleConnectionFailure("instance not found: %s" %
+                                           self._instance())
+
+        return process.returncode, stdout, stderr
+
+    def put_file(self, in_path, out_path):
+        """ put a file from local to Incus """
+        super(Connection, self).put_file(in_path, out_path)
+
+        self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path),
+                          host=self._instance())
+
+        if not os.path.isfile(to_bytes(in_path, errors='surrogate_or_strict')):
+            raise AnsibleFileNotFound("input path is not a file: %s" % in_path)
+
+        local_cmd = [
+            self._incus_cmd,
+            "--project", self.get_option("project"),
+            "file", "push", "--quiet",
+            in_path,
+            "%s:%s/%s" % (self.get_option("remote"),
+                          self._instance(),
+                          out_path)]
+
+        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
+
+        call(local_cmd)
+
+    def fetch_file(self, in_path, out_path):
+        """ fetch a file from Incus to local """
+        super(Connection, self).fetch_file(in_path, out_path)
+
+        self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path),
+                          host=self._instance())
+
+        local_cmd = [
+            self._incus_cmd,
+            "--project", self.get_option("project"),
+            "file", "pull", "--quiet",
+            "%s:%s/%s" % (self.get_option("remote"),
+                          self._instance(),
+                          in_path),
+            out_path]
+
+        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
+
+        call(local_cmd)
+
+    def close(self):
+        """ close the connection (nothing to do here) """
+        super(Connection, self).close()
+
+        self._connected = False
--- a/plugins/connection/lxd.py
+++ b/plugins/connection/lxd.py
@@ -10,9 +10,9 @@ __metaclass__ = type
 DOCUMENTATION = '''
    author: Matt Clay (@mattclay) <matt@mystile.com>
    name: lxd
-    short_description: Run tasks in lxc containers via lxc CLI
+    short_description: Run tasks in LXD instances via C(lxc) CLI
    description:
-        - Run commands or put/fetch files to an existing lxc container using lxc CLI
+        - Run commands or put/fetch files to an existing instance using C(lxc) CLI.
    options:
      remote_addr:
        description:
@@ -26,7 +26,7 @@ DOCUMENTATION = '''
            - name: ansible_lxd_host
      executable:
        description:
-            - shell to use for execution inside container
+            - Shell to use for execution inside instance.
        default: /bin/sh
        vars:
            - name: ansible_executable
@@ -71,7 +71,7 @@ class Connection(ConnectionBase):
            raise AnsibleError("lxc command not found in PATH")

        if self._play_context.remote_user is not None and self._play_context.remote_user != 'root':
-            self._display.warning('lxd does not support remote_user, using container default: root')
+            self._display.warning('lxd does not support remote_user, using default: root')

    def _host(self):
        """ translate remote_addr to lxd (short) hostname """
--- a/plugins/doc_fragments/consul.py
+++ b/plugins/doc_fragments/consul.py
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) Ansible project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+class ModuleDocFragment:
+    # Common parameters for Consul modules
+    DOCUMENTATION = r"""
+options:
+  host:
+    description:
+      - Host of the consul agent, defaults to V(localhost).
+    default: localhost
+    type: str
+  port:
+    type: int
+    description:
+      - The port on which the consul agent is running.
+    default: 8500
+  scheme:
+    description:
+      - The protocol scheme on which the consul agent is running.
+        Defaults to V(http) and can be set to V(https) for secure connections.
+    default: http
+    type: str
+  validate_certs:
+    type: bool
+    description:
+      - Whether to verify the TLS certificate of the consul agent.
+    default: true
+  ca_path:
+    description:
+      - The CA bundle to use for https connections
+    type: str
+"""
+
+    TOKEN = r"""
+options:
+  token:
+    description:
+      - The token to use for authorization.
+    type: str
+"""
+
+    ACTIONGROUP_CONSUL = r"""
+options: {}
+attributes:
+  action_group:
+    description: Use C(group/community.general.consul) in C(module_defaults) to set defaults for this module.
+    support: full
+    membership:
+      - community.general.consul
+    version_added: 8.3.0
+"""
--- a/plugins/doc_fragments/onepassword.py
+++ b/plugins/doc_fragments/onepassword.py
@@ -58,7 +58,11 @@ options:
 '''

    LOOKUP = r'''
-options: {}
+options:
+  service_account_token:
+    env:
+      - name: OP_SERVICE_ACCOUNT_TOKEN
+        version_added: 8.2.0
 notes:
  - This lookup will use an existing 1Password session if one exists. If not, and you have already
    performed an initial sign in (meaning C(~/.op/config), C(~/.config/op/config) or C(~/.config/.op/config) exists), then only the
--- a/plugins/filter/dict.py
+++ b/plugins/filter/dict.py
@@ -57,8 +57,8 @@ EXAMPLES = '''

 RETURN = '''
  _value:
-    description: The dictionary having the provided key-value pairs.
-    type: boolean
+    description: A dictionary with the provided key-value pairs.
+    type: dictionary
 '''


--- a/plugins/filter/from_ini.py
+++ b/plugins/filter/from_ini.py
@@ -0,0 +1,99 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2023, Steffen Scheib <steffen@scheib.me>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+
+DOCUMENTATION = r'''
+  name: from_ini
+  short_description: Converts INI text input into a dictionary
+  version_added: 8.2.0
+  author: Steffen Scheib (@sscheib)
+  description:
+    - Converts INI text input into a dictionary.
+  options:
+    _input:
+      description: A string containing an INI document.
+      type: string
+      required: true
+'''
+
+EXAMPLES = r'''
+  - name: Slurp an INI file
+    ansible.builtin.slurp:
+      src: /etc/rhsm/rhsm.conf
+    register: rhsm_conf
+
+  - name: Display the INI file as dictionary
+    ansible.builtin.debug:
+      var: rhsm_conf.content | b64decode | community.general.from_ini
+
+  - name: Set a new dictionary fact with the contents of the INI file
+    ansible.builtin.set_fact:
+      rhsm_dict: >-
+        {{
+            rhsm_conf.content | b64decode | community.general.from_ini
+        }}
+'''
+
+RETURN = '''
+  _value:
+    description: A dictionary representing the INI file.
+    type: dictionary
+'''
+
+__metaclass__ = type
+
+from ansible.errors import AnsibleFilterError
+from ansible.module_utils.six import string_types
+from ansible.module_utils.six.moves import StringIO
+from ansible.module_utils.six.moves.configparser import ConfigParser
+from ansible.module_utils.common.text.converters import to_native
+
+
+class IniParser(ConfigParser):
+    ''' Implements a configparser which is able to return a dict '''
+
+    def __init__(self):
+        super().__init__(interpolation=None)
+        self.optionxform = str
+
+    def as_dict(self):
+        d = dict(self._sections)
+        for k in d:
+            d[k] = dict(self._defaults, **d[k])
+            d[k].pop('__name__', None)
+
+        if self._defaults:
+            d['DEFAULT'] = dict(self._defaults)
+
+        return d
+
+
+def from_ini(obj):
+    ''' Read the given string as INI file and return a dict '''
+
+    if not isinstance(obj, string_types):
+        raise AnsibleFilterError(f'from_ini requires a str, got {type(obj)}')
+
+    parser = IniParser()
+
+    try:
+        parser.read_file(StringIO(obj))
+    except Exception as ex:
+        raise AnsibleFilterError(f'from_ini failed to parse given string: '
+                                 f'{to_native(ex)}', orig_exc=ex)
+
+    return parser.as_dict()
+
+
+class FilterModule(object):
+    ''' Query filter '''
+
+    def filters(self):
+
+        return {
+            'from_ini': from_ini
+        }
--- a/plugins/filter/groupby_as_dict.py
+++ b/plugins/filter/groupby_as_dict.py
@@ -13,6 +13,8 @@ DOCUMENTATION = '''
  author: Felix Fontein (@felixfontein)
  description:
    - Transform a sequence of dictionaries to a dictionary where the dictionaries are indexed by an attribute.
+    - This filter is similar to the Jinja2 C(groupby) filter. Use the Jinja2 C(groupby) filter if you have multiple entries with the same value,
+      or when you need a dictionary with list values, or when you need to use deeply nested attributes.
  positional: attribute
  options:
    _input:
--- a/plugins/filter/lists.py
+++ b/plugins/filter/lists.py
@@ -0,0 +1,210 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from ansible.errors import AnsibleFilterError
+from ansible.module_utils.common.collections import is_sequence
+
+
+def remove_duplicates(lst):
+    seen = set()
+    seen_add = seen.add
+    result = []
+    for item in lst:
+        try:
+            if item not in seen:
+                seen_add(item)
+                result.append(item)
+        except TypeError:
+            # This happens for unhashable values `item`. If this happens,
+            # convert `seen` to a list and continue.
+            seen = list(seen)
+            seen_add = seen.append
+            if item not in seen:
+                seen_add(item)
+                result.append(item)
+    return result
+
+
+def flatten_list(lst):
+    result = []
+    for sublist in lst:
+        if not is_sequence(sublist):
+            msg = ("All arguments must be lists. %s is %s")
+            raise AnsibleFilterError(msg % (sublist, type(sublist)))
+        if len(sublist) > 0:
+            if all(is_sequence(sub) for sub in sublist):
+                for item in sublist:
+                    result.append(item)
+            else:
+                result.append(sublist)
+    return result
+
+
+def lists_union(*args, **kwargs):
+    lists = args
+    flatten = kwargs.pop('flatten', False)
+
+    if kwargs:
+        # Some unused kwargs remain
+        raise AnsibleFilterError(
+            "lists_union() got unexpected keywords arguments: {0}".format(
+                ", ".join(kwargs.keys())
+            )
+        )
+
+    if flatten:
+        lists = flatten_list(args)
+
+    if not lists:
+        return []
+
+    if len(lists) == 1:
+        return lists[0]
+
+    a = lists[0]
+    for b in lists[1:]:
+        a = do_union(a, b)
+    return remove_duplicates(a)
+
+
+def do_union(a, b):
+    return a + b
+
+
+def lists_intersect(*args, **kwargs):
+    lists = args
+    flatten = kwargs.pop('flatten', False)
+
+    if kwargs:
+        # Some unused kwargs remain
+        raise AnsibleFilterError(
+            "lists_intersect() got unexpected keywords arguments: {0}".format(
+                ", ".join(kwargs.keys())
+            )
+        )
+
+    if flatten:
+        lists = flatten_list(args)
+
+    if not lists:
+        return []
+
+    if len(lists) == 1:
+        return lists[0]
+
+    a = remove_duplicates(lists[0])
+    for b in lists[1:]:
+        a = do_intersect(a, b)
+    return a
+
+
+def do_intersect(a, b):
+    isect = []
+    try:
+        other = set(b)
+        isect = [item for item in a if item in other]
+    except TypeError:
+        # This happens for unhashable values,
+        # use a list instead and redo.
+        other = list(b)
+        isect = [item for item in a if item in other]
+    return isect
+
+
+def lists_difference(*args, **kwargs):
+    lists = args
+    flatten = kwargs.pop('flatten', False)
+
+    if kwargs:
+        # Some unused kwargs remain
+        raise AnsibleFilterError(
+            "lists_difference() got unexpected keywords arguments: {0}".format(
+                ", ".join(kwargs.keys())
+            )
+        )
+
+    if flatten:
+        lists = flatten_list(args)
+
+    if not lists:
+        return []
+
+    if len(lists) == 1:
+        return lists[0]
+
+    a = remove_duplicates(lists[0])
+    for b in lists[1:]:
+        a = do_difference(a, b)
+    return a
+
+
+def do_difference(a, b):
+    diff = []
+    try:
+        other = set(b)
+        diff = [item for item in a if item not in other]
+    except TypeError:
+        # This happens for unhashable values,
+        # use a list instead and redo.
+        other = list(b)
+        diff = [item for item in a if item not in other]
+    return diff
+
+
+def lists_symmetric_difference(*args, **kwargs):
+    lists = args
+    flatten = kwargs.pop('flatten', False)
+
+    if kwargs:
+        # Some unused kwargs remain
+        raise AnsibleFilterError(
+            "lists_difference() got unexpected keywords arguments: {0}".format(
+                ", ".join(kwargs.keys())
+            )
+        )
+
+    if flatten:
+        lists = flatten_list(args)
+
+    if not lists:
+        return []
+
+    if len(lists) == 1:
+        return lists[0]
+
+    a = lists[0]
+    for b in lists[1:]:
+        a = do_symmetric_difference(a, b)
+    return a
+
+
+def do_symmetric_difference(a, b):
+    sym_diff = []
+    union = lists_union(a, b)
+    try:
+        isect = set(a) & set(b)
+        sym_diff = [item for item in union if item not in isect]
+    except TypeError:
+        # This happens for unhashable values,
+        # build the intersection of `a` and `b` backed
+        # by a list instead of a set and redo.
+        isect = lists_intersect(a, b)
+        sym_diff = [item for item in union if item not in isect]
+    return sym_diff
+
+
+class FilterModule(object):
+    ''' Ansible lists jinja2 filters '''
+
+    def filters(self):
+        return {
+            'lists_union': lists_union,
+            'lists_intersect': lists_intersect,
+            'lists_difference': lists_difference,
+            'lists_symmetric_difference': lists_symmetric_difference,
+        }
--- a/plugins/filter/lists_difference.yml
+++ b/plugins/filter/lists_difference.yml
@@ -0,0 +1,48 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+DOCUMENTATION:
+  name: lists_difference
+  short_description: Difference of lists with a predictive order
+  version_added: 8.4.0
+  description:
+    - Provide a unique list of all the elements from the first which do not appear in the other lists.
+    - The order of the items in the resulting list is preserved.
+  options:
+    _input:
+      description: A list.
+      type: list
+      elements: any
+      required: true
+    flatten:
+      description: Whether to remove one hierarchy level from the input list.
+      type: boolean
+      default: false
+  author:
+    - Christoph Fiehe (@cfiehe)
+
+EXAMPLES: |
+  - name: Return the difference of list1 and list2.
+    ansible.builtin.debug:
+      msg: "{{ list1 | community.general.lists_difference(list2) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+  # => [10]
+  
+  - name: Return the difference of list1, list2 and list3.
+    ansible.builtin.debug:
+      msg: "{{ [list1, list2, list3] | community.general.lists_difference(flatten=true) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+      list3: [1, 2, 3, 4, 5, 10, 99, 101]
+  # => []
+
+RETURN:
+  _value:
+    description: A unique list of all the elements from the first list that do not appear on the other lists.
+    type: list
+    elements: any
--- a/plugins/filter/lists_intersect.yml
+++ b/plugins/filter/lists_intersect.yml
@@ -0,0 +1,48 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+DOCUMENTATION:
+  name: lists_intersect
+  short_description: Intersection of lists with a predictive order
+  version_added: 8.4.0
+  description:
+    - Provide a unique list of all the common elements of two or more lists.
+    - The order of the items in the resulting list is preserved.
+  options:
+    _input:
+      description: A list.
+      type: list
+      elements: any
+      required: true
+    flatten:
+      description: Whether to remove one hierarchy level from the input list.
+      type: boolean
+      default: false
+  author:
+    - Christoph Fiehe (@cfiehe)
+
+EXAMPLES: |
+  - name: Return the intersection of list1 and list2.
+    ansible.builtin.debug:
+      msg: "{{ list1 | community.general.lists_intersect(list2) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+  # => [1, 2, 5, 3, 4]
+  
+  - name: Return the intersection of list1, list2 and list3.
+    ansible.builtin.debug:
+      msg: "{{ [list1, list2, list3] | community.general.lists_intersect(flatten=true) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+      list3: [1, 2, 3, 4, 5, 10, 99, 101]
+  # => [1, 2, 5, 3, 4]
+
+RETURN:
+  _value:
+    description: A unique list of all the common elements from the provided lists.
+    type: list
+    elements: any
--- a/plugins/filter/lists_mergeby.py
+++ b/plugins/filter/lists_mergeby.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright (c) 2020-2022, Vladimir Botka <vbotka@gmail.com>
+# Copyright (c) 2020-2024, Vladimir Botka <vbotka@gmail.com>
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

@@ -12,22 +12,32 @@ DOCUMENTATION = '''
  version_added: 2.0.0
  author: Vladimir Botka (@vbotka)
  description:
-    - Merge two or more lists by attribute O(index). Optional parameters O(recursive) and O(list_merge)
-      control the merging of the lists in values. The function merge_hash from ansible.utils.vars
-      is used. To learn details on how to use the parameters O(recursive) and O(list_merge) see
-      Ansible User's Guide chapter "Using filters to manipulate data" section "Combining
-      hashes/dictionaries".
+    - Merge two or more lists by attribute O(index). Optional
+      parameters O(recursive) and O(list_merge) control the merging of
+      the nested dictionaries and lists.
+    - The function C(merge_hash) from C(ansible.utils.vars) is used.
+    - To learn details on how to use the parameters O(recursive) and
+      O(list_merge) see Ansible User's Guide chapter "Using filters to
+      manipulate data" section R(Combining hashes/dictionaries, combine_filter) or the
+      filter P(ansible.builtin.combine#filter).
+
  positional: another_list, index
  options:
    _input:
-      description: A list of dictionaries.
+      description:
+        - A list of dictionaries, or a list of lists of dictionaries.
+        - The required type of the C(elements) is set to C(raw)
+          because all elements of O(_input) can be either dictionaries
+          or lists.
      type: list
-      elements: dictionary
+      elements: raw
      required: true
    another_list:
-      description: Another list of dictionaries. This parameter can be specified multiple times.
+      description:
+        - Another list of dictionaries, or a list of lists of dictionaries.
+        - This parameter can be specified multiple times.
      type: list
-      elements: dictionary
+      elements: raw
    index:
      description:
        - The dictionary key that must be present in every dictionary in every list that is used to
@@ -55,40 +65,134 @@ DOCUMENTATION = '''
 '''

 EXAMPLES = '''
- name: Merge two lists
+# Some results below are manually formatted for better readability. The
+# dictionaries' keys will be sorted alphabetically in real output.
+
+- name: Example 1. Merge two lists. The results r1 and r2 are the same.
  ansible.builtin.debug:
-    msg: >-
-      {{ list1 | community.general.lists_mergeby(
-                    list2,
-                    'index',
-                    recursive=True,
-                    list_merge='append'
-                 ) }}"
+    msg: |
+      r1: {{ r1 }}
+      r2: {{ r2 }}
  vars:
    list1:
-      - index: a
-        value: 123
-      - index: b
-        value: 42
+      - {index: a, value: 123}
+      - {index: b, value: 4}
    list2:
-      - index: a
-        foo: bar
-      - index: c
-        foo: baz
-  # Produces the following list of dictionaries:
-  #   {
-  #     "index": "a",
-  #     "foo": "bar",
-  #     "value": 123
-  #   },
-  #   {
-  #     "index": "b",
-  #     "value": 42
-  #   },
-  #   {
-  #     "index": "c",
-  #     "foo": "baz"
-  #   }
+      - {index: a, foo: bar}
+      - {index: c, foo: baz}
+    r1: "{{ list1 | community.general.lists_mergeby(list2, 'index') }}"
+    r2: "{{ [list1, list2] | community.general.lists_mergeby('index') }}"
+
+#  r1:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+#  r2:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+
+- name: Example 2. Merge three lists
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, value: 123}
+      - {index: b, value: 4}
+    list2:
+      - {index: a, foo: bar}
+      - {index: c, foo: baz}
+    list3:
+      - {index: d, foo: qux}
+    r: "{{ [list1, list2, list3] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+#    - {index: d, foo: qux}
+
+- name: Example 3. Merge single list. The result is the same as 2.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, value: 123}
+      - {index: b, value: 4}
+      - {index: a, foo: bar}
+      - {index: c, foo: baz}
+      - {index: d, foo: qux}
+    r: "{{ [list1, []] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: bar, value: 123}
+#    - {index: b, value: 4}
+#    - {index: c, foo: baz}
+#    - {index: d, foo: qux}
+
+- name: Example 4. Merge two lists. By default, replace nested lists.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: [X1, X2]}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: [Y1, Y2]}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: [Y1, Y2]}
+#    - {index: b, foo: [Y1, Y2]}
+
+- name: Example 5. Merge two lists. Append nested lists.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: [X1, X2]}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: [Y1, Y2]}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index', list_merge='append') }}"
+
+#  r:
+#    - {index: a, foo: [X1, X2, Y1, Y2]}
+#    - {index: b, foo: [X1, X2, Y1, Y2]}
+
+- name: Example 6. Merge two lists. By default, do not merge nested dictionaries.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: {x: 1, y: 2}}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: {y: 3, z: 4}}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index') }}"
+
+#  r:
+#    - {index: a, foo: {y: 3, z: 4}}
+#    - {index: b, foo: [Y1, Y2]}
+
+- name: Example 7. Merge two lists. Merge nested dictionaries too.
+  ansible.builtin.debug:
+    var: r
+  vars:
+    list1:
+      - {index: a, foo: {x: 1, y: 2}}
+      - {index: b, foo: [X1, X2]}
+    list2:
+      - {index: a, foo: {y: 3, z: 4}}
+      - {index: b, foo: [Y1, Y2]}
+    r: "{{ [list1, list2] | community.general.lists_mergeby('index', recursive=true) }}"
+
+#  r:
+#    - {index: a, foo: {x:1, y: 3, z: 4}}
+#    - {index: b, foo: [Y1, Y2]}
 '''

 RETURN = '''
@@ -108,13 +212,14 @@ from operator import itemgetter


 def list_mergeby(x, y, index, recursive=False, list_merge='replace'):
-    ''' Merge 2 lists by attribute 'index'. The function merge_hash from ansible.utils.vars is used.
-        This function is used by the function lists_mergeby.
+    '''Merge 2 lists by attribute 'index'. The function 'merge_hash'
+       from ansible.utils.vars is used.  This function is used by the
+       function lists_mergeby.
    '''

    d = defaultdict(dict)
-    for l in (x, y):
-        for elem in l:
+    for lst in (x, y):
+        for elem in lst:
            if not isinstance(elem, Mapping):
                msg = "Elements of list arguments for lists_mergeby must be dictionaries. %s is %s"
                raise AnsibleFilterError(msg % (elem, type(elem)))
@@ -124,20 +229,9 @@ def list_mergeby(x, y, index, recursive=False, list_merge='replace'):


 def lists_mergeby(*terms, **kwargs):
-    ''' Merge 2 or more lists by attribute 'index'. Optional parameters 'recursive' and 'list_merge'
-        control the merging of the lists in values. The function merge_hash from ansible.utils.vars
-        is used. To learn details on how to use the parameters 'recursive' and 'list_merge' see
-        Ansible User's Guide chapter "Using filters to manipulate data" section "Combining
-        hashes/dictionaries".
-
-        Example:
-        - debug:
-            msg: "{{ list1|
-                     community.general.lists_mergeby(list2,
-                                                     'index',
-                                                     recursive=True,
-                                                     list_merge='append')|
-                     list }}"
+    '''Merge 2 or more lists by attribute 'index'. To learn details
+       on how to use the parameters 'recursive' and 'list_merge' see
+       the filter ansible.builtin.combine.
    '''

    recursive = kwargs.pop('recursive', False)
@@ -155,7 +249,7 @@ def lists_mergeby(*terms, **kwargs):
                   "must be lists. %s is %s")
            raise AnsibleFilterError(msg % (sublist, type(sublist)))
        if len(sublist) > 0:
-            if all(isinstance(l, Sequence) for l in sublist):
+            if all(isinstance(lst, Sequence) for lst in sublist):
                for item in sublist:
                    flat_list.append(item)
            else:
--- a/plugins/filter/lists_symmetric_difference.yml
+++ b/plugins/filter/lists_symmetric_difference.yml
@@ -0,0 +1,48 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+DOCUMENTATION:
+  name: lists_symmetric_difference
+  short_description: Symmetric Difference of lists with a predictive order
+  version_added: 8.4.0
+  description:
+    - Provide a unique list containing the symmetric difference of two or more lists.
+    - The order of the items in the resulting list is preserved.
+  options:
+    _input:
+      description: A list.
+      type: list
+      elements: any
+      required: true
+    flatten:
+      description: Whether to remove one hierarchy level from the input list.
+      type: boolean
+      default: false
+  author:
+    - Christoph Fiehe (@cfiehe)
+
+EXAMPLES: |
+  - name: Return the symmetric difference of list1 and list2.
+    ansible.builtin.debug:
+      msg: "{{ list1 | community.general.lists_symmetric_difference(list2) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+  # => [10, 11, 99]
+  
+  - name: Return the symmetric difference of list1, list2 and list3.
+    ansible.builtin.debug:
+      msg: "{{ [list1, list2, list3] | community.general.lists_symmetric_difference(flatten=true) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+      list3: [1, 2, 3, 4, 5, 10, 99, 101]
+  # => [11, 1, 2, 3, 4, 5, 101]
+
+RETURN:
+  _value:
+    description: A unique list containing the symmetric difference of two or more lists.
+    type: list
+    elements: any
--- a/plugins/filter/lists_union.yml
+++ b/plugins/filter/lists_union.yml
@@ -0,0 +1,48 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+DOCUMENTATION:
+  name: lists_union
+  short_description: Union of lists with a predictive order
+  version_added: 8.4.0
+  description:
+    - Provide a unique list of all the elements of two or more lists.
+    - The order of the items in the resulting list is preserved.
+  options:
+    _input:
+      description: A list.
+      type: list
+      elements: any
+      required: true
+    flatten:
+      description: Whether to remove one hierarchy level from the input list.
+      type: boolean
+      default: false
+  author:
+    - Christoph Fiehe (@cfiehe)
+
+EXAMPLES: |
+  - name: Return the union of list1, list2 and list3.
+    ansible.builtin.debug:
+      msg: "{{ list1 | community.general.lists_union(list2, list3) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+      list3: [1, 2, 3, 4, 5, 10, 99, 101]
+  # => [1, 2, 5, 3, 4, 10, 11, 99, 101]
+  
+  - name: Return the union of list1 and list2.
+    ansible.builtin.debug:
+      msg: "{{ [list1, list2] | community.general.lists_union(flatten=true) }}"
+    vars:
+      list1: [1, 2, 5, 3, 4, 10]
+      list2: [1, 2, 3, 4, 5, 11, 99]
+  # => [1, 2, 5, 3, 4, 10, 11, 99]
+
+RETURN:
+  _value:
+    description: A unique list of all the elements from the provided lists.
+    type: list
+    elements: any
--- a/plugins/filter/to_ini.py
+++ b/plugins/filter/to_ini.py
@@ -0,0 +1,105 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2023, Steffen Scheib <steffen@scheib.me>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+
+DOCUMENTATION = r'''
+  name: to_ini
+  short_description: Converts a dictionary to the INI file format
+  version_added: 8.2.0
+  author: Steffen Scheib (@sscheib)
+  description:
+    - Converts a dictionary to the INI file format.
+  options:
+    _input:
+      description: The dictionary that should be converted to the INI format.
+      type: dictionary
+      required: true
+'''
+
+EXAMPLES = r'''
+  - name: Define a dictionary
+    ansible.builtin.set_fact:
+      my_dict:
+        section_name:
+          key_name: 'key value'
+
+        another_section:
+          connection: 'ssh'
+
+  - name: Write dictionary to INI file
+    ansible.builtin.copy:
+      dest: /tmp/test.ini
+      content: '{{ my_dict | community.general.to_ini }}'
+
+  # /tmp/test.ini will look like this:
+  # [section_name]
+  # key_name = key value
+  #
+  # [another_section]
+  # connection = ssh
+'''
+
+RETURN = r'''
+  _value:
+    description: A string formatted as INI file.
+    type: string
+'''
+
+
+__metaclass__ = type
+
+from ansible.errors import AnsibleFilterError
+from ansible.module_utils.common._collections_compat import Mapping
+from ansible.module_utils.six.moves import StringIO
+from ansible.module_utils.six.moves.configparser import ConfigParser
+from ansible.module_utils.common.text.converters import to_native
+
+
+class IniParser(ConfigParser):
+    ''' Implements a configparser which sets the correct optionxform '''
+
+    def __init__(self):
+        super().__init__(interpolation=None)
+        self.optionxform = str
+
+
+def to_ini(obj):
+    ''' Read the given dict and return an INI formatted string '''
+
+    if not isinstance(obj, Mapping):
+        raise AnsibleFilterError(f'to_ini requires a dict, got {type(obj)}')
+
+    ini_parser = IniParser()
+
+    try:
+        ini_parser.read_dict(obj)
+    except Exception as ex:
+        raise AnsibleFilterError('to_ini failed to parse given dict:'
+                                 f'{to_native(ex)}', orig_exc=ex)
+
+    # catching empty dicts
+    if obj == dict():
+        raise AnsibleFilterError('to_ini received an empty dict. '
+                                 'An empty dict cannot be converted.')
+
+    config = StringIO()
+    ini_parser.write(config)
+
+    # config.getvalue() returns two \n at the end
+    # with the below insanity, we remove the very last character of
+    # the resulting string
+    return ''.join(config.getvalue().rsplit(config.getvalue()[-1], 1))
+
+
+class FilterModule(object):
+    ''' Query filter '''
+
+    def filters(self):
+
+        return {
+            'to_ini': to_ini
+        }
--- a/plugins/inventory/cobbler.py
+++ b/plugins/inventory/cobbler.py
@@ -118,6 +118,8 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Cacheable, to_safe_group_name
 from ansible.module_utils.six import text_type

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 # xmlrpc
 try:
    import xmlrpclib as xmlrpc_client
@@ -274,9 +276,9 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
        for host in self._get_systems():
            # Get the FQDN for the host and add it to the right groups
            if self.inventory_hostname == 'system':
-                hostname = host['name']  # None
+                hostname = make_unsafe(host['name'])  # None
            else:
-                hostname = host['hostname']  # None
+                hostname = make_unsafe(host['hostname'])  # None
            interfaces = host['interfaces']

            if set(host['mgmt_classes']) & set(self.include_mgmt_classes):
@@ -296,7 +298,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                    if ivalue['management'] or not ivalue['static']:
                        this_dns_name = ivalue.get('dns_name', None)
                        if this_dns_name is not None and this_dns_name != "":
-                            hostname = this_dns_name
+                            hostname = make_unsafe(this_dns_name)
                            self.display.vvvv('Set hostname to %s from %s\n' % (hostname, iname))

            if hostname == '':
@@ -361,18 +363,18 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
            if ip_address is None and ip_address_first is not None:
                ip_address = ip_address_first
            if ip_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', ip_address)
+                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', make_unsafe(ip_address))
            if ipv6_address is None and ipv6_address_first is not None:
                ipv6_address = ipv6_address_first
            if ipv6_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', ipv6_address)
+                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', make_unsafe(ipv6_address))

            if self.get_option('want_facts'):
                try:
-                    self.inventory.set_variable(hostname, 'cobbler', host)
+                    self.inventory.set_variable(hostname, 'cobbler', make_unsafe(host))
                except ValueError as e:
                    self.display.warning("Could not set host info for %s: %s" % (hostname, to_text(e)))

        if self.get_option('want_ip_addresses'):
-            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', ip_addresses)
-            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', ipv6_addresses)
+            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', make_unsafe(ip_addresses))
+            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', make_unsafe(ipv6_addresses))
--- a/plugins/inventory/gitlab_runners.py
+++ b/plugins/inventory/gitlab_runners.py
@@ -84,6 +84,8 @@ from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.common.text.converters import to_native
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 try:
    import gitlab
    HAS_GITLAB = True
@@ -105,11 +107,11 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
            else:
                runners = gl.runners.all()
            for runner in runners:
-                host = str(runner['id'])
+                host = make_unsafe(str(runner['id']))
                ip_address = runner['ip_address']
-                host_attrs = vars(gl.runners.get(runner['id']))['_attrs']
+                host_attrs = make_unsafe(vars(gl.runners.get(runner['id']))['_attrs'])
                self.inventory.add_host(host, group='gitlab_runners')
-                self.inventory.set_variable(host, 'ansible_host', ip_address)
+                self.inventory.set_variable(host, 'ansible_host', make_unsafe(ip_address))
                if self.get_option('verbose_output', True):
                    self.inventory.set_variable(host, 'gitlab_runner_attributes', host_attrs)

--- a/plugins/inventory/icinga2.py
+++ b/plugins/inventory/icinga2.py
@@ -63,6 +63,12 @@ DOCUMENTATION = '''
        default: address
        choices: ['name', 'display_name', 'address']
        version_added: 4.2.0
+      group_by_hostgroups:
+        description:
+          - Uses Icinga2 hostgroups as groups.
+        type: boolean
+        default: true
+        version_added: 8.4.0
 '''

 EXAMPLES = r'''
@@ -97,6 +103,8 @@ from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.six.moves.urllib.error import HTTPError

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable):
    ''' Host inventory parser for ansible using Icinga2 as source. '''
@@ -114,6 +122,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        self.ssl_verify = None
        self.host_filter = None
        self.inventory_attr = None
+        self.group_by_hostgroups = None

        self.cache_key = None
        self.use_cache = None
@@ -233,31 +242,32 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        """Convert Icinga2 API data to JSON format for Ansible"""
        groups_dict = {"_meta": {"hostvars": {}}}
        for entry in json_data:
-            host_attrs = entry['attrs']
+            host_attrs = make_unsafe(entry['attrs'])
            if self.inventory_attr == "name":
-                host_name = entry.get('name')
+                host_name = make_unsafe(entry.get('name'))
            if self.inventory_attr == "address":
                # When looking for address for inventory, if missing fallback to object name
                if host_attrs.get('address', '') != '':
-                    host_name = host_attrs.get('address')
+                    host_name = make_unsafe(host_attrs.get('address'))
                else:
-                    host_name = entry.get('name')
+                    host_name = make_unsafe(entry.get('name'))
            if self.inventory_attr == "display_name":
                host_name = host_attrs.get('display_name')
            if host_attrs['state'] == 0:
                host_attrs['state'] = 'on'
            else:
                host_attrs['state'] = 'off'
-            host_groups = host_attrs.get('groups')
            self.inventory.add_host(host_name)
-            for group in host_groups:
-                if group not in self.inventory.groups.keys():
-                    self.inventory.add_group(group)
-                self.inventory.add_child(group, host_name)
+            if self.group_by_hostgroups:
+                host_groups = host_attrs.get('groups')
+                for group in host_groups:
+                    if group not in self.inventory.groups.keys():
+                        self.inventory.add_group(group)
+                    self.inventory.add_child(group, host_name)
            # If the address attribute is populated, override ansible_host with the value
            if host_attrs.get('address') != '':
                self.inventory.set_variable(host_name, 'ansible_host', host_attrs.get('address'))
-            self.inventory.set_variable(host_name, 'hostname', entry.get('name'))
+            self.inventory.set_variable(host_name, 'hostname', make_unsafe(entry.get('name')))
            self.inventory.set_variable(host_name, 'display_name', host_attrs.get('display_name'))
            self.inventory.set_variable(host_name, 'state',
                                        host_attrs['state'])
@@ -277,12 +287,23 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        self._read_config_data(path)

        # Store the options from the YAML file
-        self.icinga2_url = self.get_option('url').rstrip('/') + '/v1'
+        self.icinga2_url = self.get_option('url')
        self.icinga2_user = self.get_option('user')
        self.icinga2_password = self.get_option('password')
        self.ssl_verify = self.get_option('validate_certs')
        self.host_filter = self.get_option('host_filter')
        self.inventory_attr = self.get_option('inventory_attr')
+        self.group_by_hostgroups = self.get_option('group_by_hostgroups')
+
+        if self.templar.is_template(self.icinga2_url):
+            self.icinga2_url = self.templar.template(variable=self.icinga2_url, disable_lookups=False)
+        if self.templar.is_template(self.icinga2_user):
+            self.icinga2_user = self.templar.template(variable=self.icinga2_user, disable_lookups=False)
+        if self.templar.is_template(self.icinga2_password):
+            self.icinga2_password = self.templar.template(variable=self.icinga2_password, disable_lookups=False)
+
+        self.icinga2_url = self.icinga2_url.rstrip('/') + '/v1'
+
        # Not currently enabled
        # self.cache_key = self.get_cache_key(path)
        # self.use_cache = cache and self.get_option('cache')
--- a/plugins/inventory/linode.py
+++ b/plugins/inventory/linode.py
@@ -123,6 +123,8 @@ compose:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 try:
    from linode_api4 import LinodeClient
@@ -198,20 +200,21 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
    def _add_instances_to_groups(self):
        """Add instance names to their dynamic inventory groups."""
        for instance in self.instances:
-            self.inventory.add_host(instance.label, group=instance.group)
+            self.inventory.add_host(make_unsafe(instance.label), group=instance.group)

    def _add_hostvars_for_instances(self):
        """Add hostvars for instances in the dynamic inventory."""
        ip_style = self.get_option('ip_style')
        for instance in self.instances:
            hostvars = instance._raw_json
+            hostname = make_unsafe(instance.label)
            for hostvar_key in hostvars:
                if ip_style == 'api' and hostvar_key in ['ipv4', 'ipv6']:
                    continue
                self.inventory.set_variable(
-                    instance.label,
+                    hostname,
                    hostvar_key,
-                    hostvars[hostvar_key]
+                    make_unsafe(hostvars[hostvar_key])
                )
            if ip_style == 'api':
                ips = instance.ips.ipv4.public + instance.ips.ipv4.private
@@ -220,9 +223,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

                for ip_type in set(ip.type for ip in ips):
                    self.inventory.set_variable(
-                        instance.label,
+                        hostname,
                        ip_type,
-                        self._ip_data([ip for ip in ips if ip.type == ip_type])
+                        make_unsafe(self._ip_data([ip for ip in ips if ip.type == ip_type]))
                    )

    def _ip_data(self, ip_list):
@@ -253,30 +256,44 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        self._add_instances_to_groups()
        self._add_hostvars_for_instances()
        for instance in self.instances:
-            variables = self.inventory.get_host(instance.label).get_vars()
+            hostname = make_unsafe(instance.label)
+            variables = self.inventory.get_host(hostname).get_vars()
            self._add_host_to_composed_groups(
                self.get_option('groups'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)
            self._add_host_to_keyed_groups(
                self.get_option('keyed_groups'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)
            self._set_composite_vars(
                self.get_option('compose'),
                variables,
-                instance.label,
+                hostname,
                strict=strict)

    def verify_file(self, path):
-        """Verify the Linode configuration file."""
+        """Verify the Linode configuration file.
+
+        Return true/false if the config-file is valid for this plugin
+
+        Args:
+            str(path): path to the config
+        Kwargs:
+            None
+        Raises:
+            None
+        Returns:
+            bool(valid): is valid config file"""
+        valid = False
        if super(InventoryModule, self).verify_file(path):
-            endings = ('linode.yaml', 'linode.yml')
-            if any((path.endswith(ending) for ending in endings)):
-                return True
-        return False
+            if path.endswith(("linode.yaml", "linode.yml")):
+                valid = True
+            else:
+                self.display.vvv('Inventory source not ending in "linode.yaml" or "linode.yml"')
+        return valid

    def parse(self, inventory, loader, path, cache=True):
        """Dynamically parse Linode the cloud inventory."""
--- a/plugins/inventory/lxd.py
+++ b/plugins/inventory/lxd.py
@@ -175,6 +175,7 @@ from ansible.module_utils.six import raise_from
 from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible_collections.community.general.plugins.module_utils.lxd import LXDClient, LXDClientException
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 try:
    import ipaddress
@@ -470,7 +471,7 @@ class InventoryModule(BaseInventoryPlugin):
        Helper to get the preferred interface provide by neme pattern from 'prefered_instance_network_interface'.

        Args:
-            str(containe_name): name of instance
+            str(instance_name): name of instance
        Kwargs:
            None
        Raises:
@@ -495,7 +496,7 @@ class InventoryModule(BaseInventoryPlugin):
        Helper to get the VLAN_ID from the instance

        Args:
-            str(containe_name): name of instance
+            str(instance_name): name of instance
        Kwargs:
            None
        Raises:
@@ -670,7 +671,7 @@ class InventoryModule(BaseInventoryPlugin):

        if self._get_data_entry('inventory/{0}/network_interfaces'.format(instance_name)):  # instance have network interfaces
            self.inventory.set_variable(instance_name, 'ansible_connection', 'ssh')
-            self.inventory.set_variable(instance_name, 'ansible_host', interface_selection(instance_name))
+            self.inventory.set_variable(instance_name, 'ansible_host', make_unsafe(interface_selection(instance_name)))
        else:
            self.inventory.set_variable(instance_name, 'ansible_connection', 'local')

@@ -696,31 +697,39 @@ class InventoryModule(BaseInventoryPlugin):
                if self.filter.lower() != instance_state:
                    continue
            # add instance
+            instance_name = make_unsafe(instance_name)
            self.inventory.add_host(instance_name)
            # add network information
            self.build_inventory_network(instance_name)
            # add os
            v = self._get_data_entry('inventory/{0}/os'.format(instance_name))
            if v:
-                self.inventory.set_variable(instance_name, 'ansible_lxd_os', v.lower())
+                self.inventory.set_variable(instance_name, 'ansible_lxd_os', make_unsafe(v.lower()))
            # add release
            v = self._get_data_entry('inventory/{0}/release'.format(instance_name))
            if v:
-                self.inventory.set_variable(instance_name, 'ansible_lxd_release', v.lower())
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_release', make_unsafe(v.lower()))
            # add profile
-            self.inventory.set_variable(instance_name, 'ansible_lxd_profile', self._get_data_entry('inventory/{0}/profile'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_profile', make_unsafe(self._get_data_entry('inventory/{0}/profile'.format(instance_name))))
            # add state
-            self.inventory.set_variable(instance_name, 'ansible_lxd_state', instance_state)
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_state', make_unsafe(instance_state))
            # add type
-            self.inventory.set_variable(instance_name, 'ansible_lxd_type', self._get_data_entry('inventory/{0}/type'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_type', make_unsafe(self._get_data_entry('inventory/{0}/type'.format(instance_name))))
            # add location information
            if self._get_data_entry('inventory/{0}/location'.format(instance_name)) != "none":  # wrong type by lxd 'none' != 'None'
-                self.inventory.set_variable(instance_name, 'ansible_lxd_location', self._get_data_entry('inventory/{0}/location'.format(instance_name)))
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_location', make_unsafe(self._get_data_entry('inventory/{0}/location'.format(instance_name))))
            # add VLAN_ID information
            if self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)):
-                self.inventory.set_variable(instance_name, 'ansible_lxd_vlan_ids', self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)))
+                self.inventory.set_variable(
+                    instance_name, 'ansible_lxd_vlan_ids', make_unsafe(self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name))))
            # add project
-            self.inventory.set_variable(instance_name, 'ansible_lxd_project', self._get_data_entry('inventory/{0}/project'.format(instance_name)))
+            self.inventory.set_variable(
+                instance_name, 'ansible_lxd_project', make_unsafe(self._get_data_entry('inventory/{0}/project'.format(instance_name))))

    def build_inventory_groups_location(self, group_name):
        """create group by attribute: location
@@ -993,7 +1002,7 @@ class InventoryModule(BaseInventoryPlugin):
            for group_name in self.groupby:
                if not group_name.isalnum():
                    raise AnsibleParserError('Invalid character(s) in groupname: {0}'.format(to_native(group_name)))
-                group_type(group_name)
+                group_type(make_unsafe(group_name))

    def build_inventory(self):
        """Build dynamic inventory
--- a/plugins/inventory/nmap.py
+++ b/plugins/inventory/nmap.py
@@ -127,6 +127,8 @@ from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

@@ -143,6 +145,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        strict = self.get_option('strict')

        for host in hosts:
+            host = make_unsafe(host)
            hostname = host['name']
            self.inventory.add_host(hostname)
            for var, value in host.items():
--- a/plugins/inventory/online.py
+++ b/plugins/inventory/online.py
@@ -69,6 +69,8 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.ansible_release import __version__ as ansible_version
 from ansible.module_utils.six.moves.urllib.parse import urljoin

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin):
    NAME = 'community.general.online'
@@ -169,20 +171,20 @@ class InventoryModule(BaseInventoryPlugin):
            "support"
        )
        for attribute in targeted_attributes:
-            self.inventory.set_variable(hostname, attribute, host_infos[attribute])
+            self.inventory.set_variable(hostname, attribute, make_unsafe(host_infos[attribute]))

        if self.extract_public_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", self.extract_public_ipv4(host_infos=host_infos))
-            self.inventory.set_variable(hostname, "ansible_host", self.extract_public_ipv4(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))
+            self.inventory.set_variable(hostname, "ansible_host", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))

        if self.extract_private_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", self.extract_private_ipv4(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_private_ipv4(host_infos=host_infos)))

        if self.extract_os_name(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_name", self.extract_os_name(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "os_name", make_unsafe(self.extract_os_name(host_infos=host_infos)))

        if self.extract_os_version(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_version", self.extract_os_name(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "os_version", make_unsafe(self.extract_os_name(host_infos=host_infos)))

    def _filter_host(self, host_infos, hostname_preferences):

@@ -201,6 +203,8 @@ class InventoryModule(BaseInventoryPlugin):
        if not hostname:
            return

+        hostname = make_unsafe(hostname)
+
        self.inventory.add_host(host=hostname)
        self._fill_host_variables(hostname=hostname, host_infos=host_infos)

@@ -210,6 +214,8 @@ class InventoryModule(BaseInventoryPlugin):
            if not group:
                return

+            group = make_unsafe(group)
+
            self.inventory.add_group(group=group)
            self.inventory.add_host(group=group, host=hostname)

--- a/plugins/inventory/opennebula.py
+++ b/plugins/inventory/opennebula.py
@@ -98,6 +98,8 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.common.text.converters import to_native

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+
 from collections import namedtuple
 import os

@@ -141,7 +143,8 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
            nic = [nic]

        for net in nic:
-            return net['IP']
+            if net.get('IP'):
+                return net['IP']

        return False

@@ -215,6 +218,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        filter_by_label = self.get_option('filter_by_label')
        servers = self._retrieve_servers(filter_by_label)
        for server in servers:
+            server = make_unsafe(server)
            hostname = server['name']
            # check for labels
            if group_by_labels and server['LABELS']:
--- a/plugins/inventory/proxmox.py
+++ b/plugins/inventory/proxmox.py
@@ -228,6 +228,7 @@ from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible.utils.display import Display

 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 # 3rd party imports
 try:
@@ -328,13 +329,14 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                    data = json['data']
                    break
                else:
-                    # /hosts 's 'results' is a list of all hosts, returned is paginated
-                    data = data + json['data']
+                    if json['data']:
+                        # /hosts 's 'results' is a list of all hosts, returned is paginated
+                        data = data + json['data']
                    break

            self._cache[self.cache_key][url] = data

-        return self._cache[self.cache_key][url]
+        return make_unsafe(self._cache[self.cache_key][url])

    def _get_nodes(self):
        return self._get_json("%s/api2/json/nodes" % self.proxmox_url)
--- a/plugins/inventory/scaleway.py
+++ b/plugins/inventory/scaleway.py
@@ -121,6 +121,7 @@ else:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible_collections.community.general.plugins.module_utils.scaleway import SCALEWAY_LOCATION, parse_pagination_link
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.module_utils.six import raise_from
@@ -279,7 +280,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        zone_info = SCALEWAY_LOCATION[zone]

        url = _build_server_url(zone_info["api_endpoint"])
-        raw_zone_hosts_infos = _fetch_information(url=url, token=token)
+        raw_zone_hosts_infos = make_unsafe(_fetch_information(url=url, token=token))

        for host_infos in raw_zone_hosts_infos:

@@ -341,4 +342,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
        hostname_preference = self.get_option("hostnames")

        for zone in self._get_zones(config_zones):
-            self.do_zone_inventory(zone=zone, token=token, tags=tags, hostname_preferences=hostname_preference)
+            self.do_zone_inventory(zone=make_unsafe(zone), token=token, tags=tags, hostname_preferences=hostname_preference)
--- a/plugins/inventory/stackpath_compute.py
+++ b/plugins/inventory/stackpath_compute.py
@@ -73,6 +73,8 @@ from ansible.plugins.inventory import (
 )
 from ansible.utils.display import Display

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 display = Display()

@@ -271,7 +273,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
        if not cache or cache_needs_update:
            results = self._query()

-        self._populate(results)
+        self._populate(make_unsafe(results))

        # If the cache has expired/doesn't exist or
        # if refresh_inventory/flush cache is used
--- a/plugins/inventory/virtualbox.py
+++ b/plugins/inventory/virtualbox.py
@@ -63,6 +63,8 @@ from ansible.module_utils.common._collections_compat import MutableMapping
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path

+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
+

 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
    ''' Host inventory parser for ansible using local virtualbox. '''
@@ -116,6 +118,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            self._add_host_to_keyed_groups(self.get_option('keyed_groups'), hostvars[host], host, strict=strict)

    def _populate_from_cache(self, source_data):
+        source_data = make_unsafe(source_data)
        hostvars = source_data.pop('_meta', {}).get('hostvars', {})
        for group in source_data:
            if group == 'all':
@@ -162,7 +165,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            v = v.strip()
            # found host
            if k.startswith('Name') and ',' not in v:  # some setting strings appear in Name
-                current_host = v
+                current_host = make_unsafe(v)
                if current_host not in hostvars:
                    hostvars[current_host] = {}
                    self.inventory.add_host(current_host)
@@ -170,12 +173,13 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                # try to get network info
                netdata = self._query_vbox_data(current_host, netinfo)
                if netdata:
-                    self.inventory.set_variable(current_host, 'ansible_host', netdata)
+                    self.inventory.set_variable(current_host, 'ansible_host', make_unsafe(netdata))

            # found groups
            elif k == 'Groups':
                for group in v.split('/'):
                    if group:
+                        group = make_unsafe(group)
                        group = self.inventory.add_group(group)
                        self.inventory.add_child(group, current_host)
                        if group not in cacheable_results:
@@ -185,17 +189,17 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):

            else:
                # found vars, accumulate in hostvars for clean inventory set
-                pref_k = 'vbox_' + k.strip().replace(' ', '_')
+                pref_k = make_unsafe('vbox_' + k.strip().replace(' ', '_'))
                leading_spaces = len(k) - len(k.lstrip(' '))
                if 0 < leading_spaces <= 2:
                    if prevkey not in hostvars[current_host] or not isinstance(hostvars[current_host][prevkey], dict):
                        hostvars[current_host][prevkey] = {}
-                    hostvars[current_host][prevkey][pref_k] = v
+                    hostvars[current_host][prevkey][pref_k] = make_unsafe(v)
                elif leading_spaces > 2:
                    continue
                else:
                    if v != '':
-                        hostvars[current_host][pref_k] = v
+                        hostvars[current_host][pref_k] = make_unsafe(v)
                if self._ungrouped_host(current_host, cacheable_results):
                    if 'ungrouped' not in cacheable_results:
                        cacheable_results['ungrouped'] = {'hosts': []}
--- a/plugins/inventory/xen_orchestra.py
+++ b/plugins/inventory/xen_orchestra.py
@@ -84,6 +84,7 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable

 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe

 # 3rd party imports
 try:
@@ -347,4 +348,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            self.protocol = 'ws'

        objects = self._get_objects()
-        self._populate(objects)
+        self._populate(make_unsafe(objects))
--- a/plugins/lookup/bitwarden.py
+++ b/plugins/lookup/bitwarden.py
@@ -25,7 +25,11 @@ DOCUMENTATION = """
        type: list
        elements: str
      search:
-        description: Field to retrieve, for example V(name) or V(id).
+        description:
+          - Field to retrieve, for example V(name) or V(id).
+          - If set to V(id), only zero or one element can be returned.
+            Use the Jinja C(first) filter to get the only list element.
+          - If set to V(None) or V(''), or if O(_terms) is empty, records are not filtered by fields.
        type: str
        default: name
        version_added: 5.7.0
@@ -36,40 +40,61 @@ DOCUMENTATION = """
        description: Collection ID to filter results by collection. Leave unset to skip filtering.
        type: str
        version_added: 6.3.0
+      organization_id:
+        description: Organization ID to filter results by organization. Leave unset to skip filtering.
+        type: str
+        version_added: 8.5.0
+      bw_session:
+        description: Pass session key instead of reading from env.
+        type: str
+        version_added: 8.4.0
 """

 EXAMPLES = """
- name: "Get 'password' from Bitwarden record named 'a_test'"
+- name: "Get 'password' from all Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password') }}

- name: "Get 'password' from Bitwarden record with id 'bafba515-af11-47e6-abe3-af1200cd18b2'"
+- name: "Get 'password' from Bitwarden record with ID 'bafba515-af11-47e6-abe3-af1200cd18b2'"
  ansible.builtin.debug:
    msg: >-
-      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') }}
+      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') | first }}

- name: "Get 'password' from Bitwarden record named 'a_test' from collection"
+- name: "Get 'password' from all Bitwarden records named 'a_test' from collection"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='password', collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}

- name: "Get full Bitwarden record named 'a_test'"
+- name: "Get list of all full Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test') }}

- name: "Get custom field 'api_key' from Bitwarden record named 'a_test'"
+- name: "Get custom field 'api_key' from all Bitwarden records named 'a_test'"
  ansible.builtin.debug:
    msg: >-
      {{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}
+
+- name: "Get 'password' from all Bitwarden records named 'a_test', using given session key"
+  ansible.builtin.debug:
+    msg: >-
+      {{ lookup('community.general.bitwarden', 'a_test', field='password', bw_session='bXZ9B5TXi6...') }}
+
+- name: "Get all Bitwarden records from collection"
+  ansible.builtin.debug:
+    msg: >-
+      {{ lookup('community.general.bitwarden', None, collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}
 """

 RETURN = """
  _raw:
-    description: List of requested field or JSON object of list of matches.
+    description:
+      - A one-element list that contains a list of requested fields or JSON objects of matches.
+      - If you use C(query), you get a list of lists. If you use C(lookup) without C(wantlist=true),
+        this always gets reduced to a list of field values or JSON objects.
    type: list
-    elements: raw
+    elements: list
 """

 from subprocess import Popen, PIPE
@@ -88,11 +113,20 @@ class Bitwarden(object):

    def __init__(self, path='bw'):
        self._cli_path = path
+        self._session = None

    @property
    def cli_path(self):
        return self._cli_path

+    @property
+    def session(self):
+        return self._session
+
+    @session.setter
+    def session(self, value):
+        self._session = value
+
    @property
    def unlocked(self):
        out, err = self._run(['status'], stdin="")
@@ -100,6 +134,9 @@ class Bitwarden(object):
        return decoded['status'] == 'unlocked'

    def _run(self, args, stdin=None, expected_rc=0):
+        if self.session:
+            args += ['--session', self.session]
+
        p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
        out, err = p.communicate(to_bytes(stdin))
        rc = p.wait()
@@ -109,7 +146,7 @@ class Bitwarden(object):
            raise BitwardenException(err)
        return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict')

-    def _get_matches(self, search_value, search_field, collection_id):
+    def _get_matches(self, search_value, search_field, collection_id=None, organization_id=None):
        """Return matching records whose search_field is equal to key.
        """

@@ -117,30 +154,37 @@ class Bitwarden(object):
        if search_field == 'id':
            params = ['get', 'item', search_value]
        else:
-            params = ['list', 'items', '--search', search_value]
+            params = ['list', 'items']
+            if search_value:
+                params.extend(['--search', search_value])

        if collection_id:
            params.extend(['--collectionid', collection_id])
+        if organization_id:
+            params.extend(['--organizationid', organization_id])

        out, err = self._run(params)

        # This includes things that matched in different fields.
        initial_matches = AnsibleJSONDecoder().raw_decode(out)[0]
+
        if search_field == 'id':
            if initial_matches is None:
                initial_matches = []
            else:
                initial_matches = [initial_matches]
-        # Filter to only include results from the right field.
-        return [item for item in initial_matches if item[search_field] == search_value]

-    def get_field(self, field, search_value, search_field="name", collection_id=None):
+        # Filter to only include results from the right field, if a search is requested by value or field
+        return [item for item in initial_matches
+                if not search_value or not search_field or item.get(search_field) == search_value]
+
+    def get_field(self, field, search_value, search_field="name", collection_id=None, organization_id=None):
        """Return a list of the specified field for records whose search_field match search_value
        and filtered by collection if collection has been provided.

        If field is None, return the whole record for each match.
        """
-        matches = self._get_matches(search_value, search_field, collection_id)
+        matches = self._get_matches(search_value, search_field, collection_id, organization_id)
        if not field:
            return matches
        field_matches = []
@@ -161,22 +205,30 @@ class Bitwarden(object):
            if field in match:
                field_matches.append(match[field])
                continue
+
        if matches and not field_matches:
            raise AnsibleError("field {field} does not exist in {search_value}".format(field=field, search_value=search_value))
+
        return field_matches


 class LookupModule(LookupBase):

-    def run(self, terms, variables=None, **kwargs):
+    def run(self, terms=None, variables=None, **kwargs):
        self.set_options(var_options=variables, direct=kwargs)
        field = self.get_option('field')
        search_field = self.get_option('search')
        collection_id = self.get_option('collection_id')
+        organization_id = self.get_option('organization_id')
+        _bitwarden.session = self.get_option('bw_session')
+
        if not _bitwarden.unlocked:
            raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.")

-        return [_bitwarden.get_field(field, term, search_field, collection_id) for term in terms]
+        if not terms:
+            terms = [None]
+
+        return [_bitwarden.get_field(field, term, search_field, collection_id, organization_id) for term in terms]


 _bitwarden = Bitwarden()
--- a/plugins/lookup/bitwarden_secrets_manager.py
+++ b/plugins/lookup/bitwarden_secrets_manager.py
@@ -70,6 +70,7 @@ RETURN = """
 """

 from subprocess import Popen, PIPE
+from time import sleep

 from ansible.errors import AnsibleLookupError
 from ansible.module_utils.common.text.converters import to_text
@@ -84,11 +85,29 @@ class BitwardenSecretsManagerException(AnsibleLookupError):
 class BitwardenSecretsManager(object):
    def __init__(self, path='bws'):
        self._cli_path = path
+        self._max_retries = 3
+        self._retry_delay = 1

    @property
    def cli_path(self):
        return self._cli_path

+    def _run_with_retry(self, args, stdin=None, retries=0):
+        out, err, rc = self._run(args, stdin)
+
+        if rc != 0:
+            if retries >= self._max_retries:
+                raise BitwardenSecretsManagerException("Max retries exceeded. Unable to retrieve secret.")
+
+            if "Too many requests" in err:
+                delay = self._retry_delay * (2 ** retries)
+                sleep(delay)
+                return self._run_with_retry(args, stdin, retries + 1)
+            else:
+                raise BitwardenSecretsManagerException(f"Command failed with return code {rc}: {err}")
+
+        return out, err, rc
+
    def _run(self, args, stdin=None):
        p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
        out, err = p.communicate(stdin)
@@ -107,7 +126,7 @@ class BitwardenSecretsManager(object):
            'get', 'secret', secret_id
        ]

-        out, err, rc = self._run(params)
+        out, err, rc = self._run_with_retry(params)
        if rc != 0:
            raise BitwardenSecretsManagerException(to_text(err))

--- a/plugins/lookup/collection_version.py
+++ b/plugins/lookup/collection_version.py
@@ -63,11 +63,11 @@ RETURN = """
 import json
 import os
 import re
+from importlib import import_module

 import yaml

 from ansible.errors import AnsibleLookupError
-from ansible.module_utils.compat.importlib import import_module
 from ansible.plugins.lookup import LookupBase


--- a/plugins/lookup/dig.py
+++ b/plugins/lookup/dig.py
@@ -330,6 +330,7 @@ class LookupModule(LookupBase):
        myres.use_edns(0, ednsflags=dns.flags.DO, payload=edns_size)

        domains = []
+        nameservers = []
        qtype = self.get_option('qtype')
        flat = self.get_option('flat')
        fail_on_error = self.get_option('fail_on_error')
@@ -345,7 +346,6 @@ class LookupModule(LookupBase):
            if t.startswith('@'):       # e.g. "@10.0.1.2,192.0.2.1" is ok.
                nsset = t[1:].split(',')
                for ns in nsset:
-                    nameservers = []
                    # Check if we have a valid IP address. If so, use that, otherwise
                    # try to resolve name to address using system's resolver. If that
                    # fails we bail out.
@@ -358,7 +358,6 @@ class LookupModule(LookupBase):
                            nameservers.append(nsaddr)
                        except Exception as e:
                            raise AnsibleError("dns lookup NS: %s" % to_native(e))
-                    myres.nameservers = nameservers
                continue
            if '=' in t:
                try:
@@ -397,6 +396,9 @@ class LookupModule(LookupBase):

        # print "--- domain = {0} qtype={1} rdclass={2}".format(domain, qtype, rdclass)

+        if len(nameservers) > 0:
+            myres.nameservers = nameservers
+
        if qtype.upper() == 'PTR':
            reversed_domains = []
            for domain in domains:
--- a/plugins/lookup/github_app_access_token.py
+++ b/plugins/lookup/github_app_access_token.py
@@ -0,0 +1,156 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2023, Poh Wei Sheng <weisheng-p@hotmail.sg>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+    name: github_app_access_token
+    author:
+      - Poh Wei Sheng (@weisheng-p)
+    short_description: Obtain short-lived Github App Access tokens
+    version_added: '8.2.0'
+    requirements:
+      - jwt (https://github.com/GehirnInc/python-jwt)
+    description:
+      - This generates a Github access token that can be used with a C(git) command, if you use a Github App.
+    options:
+      key_path:
+        description:
+        - Path to your private key.
+        required: true
+        type: path
+      app_id:
+        description:
+        - Your GitHub App ID, you can find this in the Settings page.
+        required: true
+        type: str
+      installation_id:
+        description:
+        - The installation ID that contains the git repository you would like access to.
+        - As of 2023-12-24, this can be found via Settings page > Integrations > Application. The last part of the URL in the
+          configure button is the installation ID.
+        - Alternatively, you can use PyGithub (U(https://github.com/PyGithub/PyGithub)) to get your installation ID.
+        required: true
+        type: str
+      token_expiry:
+        description:
+        - How long the token should last for in seconds.
+        default: 600
+        type: int
+'''
+
+EXAMPLES = '''
+- name: Get access token to be used for git checkout with app_id=123456, installation_id=64209
+  ansible.builtin.git:
+    repo: >-
+      https://x-access-token:{{ github_token }}@github.com/hidden_user/super-secret-repo.git
+    dest: /srv/checkout
+  vars:
+    github_token: >-
+      {{ lookup('community.general.github_app_access_token', key_path='/home/to_your/key',
+                app_id='123456', installation_id='64209') }}
+'''
+
+RETURN = '''
+  _raw:
+    description: A one-element list containing your GitHub access token.
+    type: list
+    elements: str
+'''
+
+
+try:
+    from jwt import JWT, jwk_from_pem
+    HAS_JWT = True
+except ImportError:
+    HAS_JWT = False
+
+import time
+import json
+from ansible.module_utils.urls import open_url
+from ansible.module_utils.six.moves.urllib.error import HTTPError
+from ansible.errors import AnsibleError
+from ansible.plugins.lookup import LookupBase
+from ansible.utils.display import Display
+
+if HAS_JWT:
+    jwt_instance = JWT()
+else:
+    jwk_from_pem = None
+    jwt_instance = None
+
+display = Display()
+
+
+def read_key(path):
+    try:
+        with open(path, 'rb') as pem_file:
+            return jwk_from_pem(pem_file.read())
+    except Exception as e:
+        raise AnsibleError("Error while parsing key file: {0}".format(e))
+
+
+def encode_jwt(app_id, jwk, exp=600):
+    now = int(time.time())
+    payload = {
+        'iat': now,
+        'exp': now + exp,
+        'iss': app_id,
+    }
+    try:
+        return jwt_instance.encode(payload, jwk, alg='RS256')
+    except Exception as e:
+        raise AnsibleError("Error while encoding jwt: {0}".format(e))
+
+
+def post_request(generated_jwt, installation_id):
+    github_api_url = f'https://api.github.com/app/installations/{installation_id}/access_tokens'
+    headers = {
+        "Authorization": f'Bearer {generated_jwt}',
+        "Accept": "application/vnd.github.v3+json",
+    }
+    try:
+        response = open_url(github_api_url, headers=headers, method='POST')
+    except HTTPError as e:
+        try:
+            error_body = json.loads(e.read().decode())
+            display.vvv("Error returned: {0}".format(error_body))
+        except Exception:
+            error_body = {}
+        if e.code == 404:
+            raise AnsibleError("Github return error. Please confirm your installationd_id value is valid")
+        elif e.code == 401:
+            raise AnsibleError("Github return error. Please confirm your private key is valid")
+        raise AnsibleError("Unexpected data returned: {0} -- {1}".format(e, error_body))
+    response_body = response.read()
+    try:
+        json_data = json.loads(response_body.decode('utf-8'))
+    except json.decoder.JSONDecodeError as e:
+        raise AnsibleError("Error while dencoding JSON respone from github: {0}".format(e))
+    return json_data.get('token')
+
+
+def get_token(key_path, app_id, installation_id, expiry=600):
+    jwk = read_key(key_path)
+    generated_jwt = encode_jwt(app_id, jwk, exp=expiry)
+    return post_request(generated_jwt, installation_id)
+
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables=None, **kwargs):
+        if not HAS_JWT:
+            raise AnsibleError('Python jwt library is required. '
+                               'Please install using "pip install jwt"')
+
+        self.set_options(var_options=variables, direct=kwargs)
+
+        t = get_token(
+            self.get_option('key_path'),
+            self.get_option('app_id'),
+            self.get_option('installation_id'),
+            self.get_option('token_expiry'),
+        )
+
+        return [t]
--- a/plugins/lookup/merge_variables.py
+++ b/plugins/lookup/merge_variables.py
@@ -10,11 +10,12 @@ DOCUMENTATION = """
    author:
      - Roy Lenferink (@rlenferink)
      - Mark Ettema (@m-a-r-k-e)
+      - Alexander Petrenz (@alpex8)
    name: merge_variables
-    short_description: merge variables with a certain suffix
+    short_description: merge variables whose names match a given pattern
    description:
        - This lookup returns the merged result of all variables in scope that match the given prefixes, suffixes, or
-         regular expressions, optionally.
+          regular expressions, optionally.
    version_added: 6.5.0
    options:
      _terms:
@@ -61,6 +62,13 @@ DOCUMENTATION = """
        ini:
          - section: merge_variables_lookup
            key: override
+      groups:
+        description:
+          - Search for variables accross hosts that belong to the given groups. This allows to collect configuration pieces
+            accross different hosts (for example a service on a host with its database on another host).
+        type: list
+        elements: str
+        version_added: 8.5.0
 """

 EXAMPLES = """
@@ -131,22 +139,41 @@ def _verify_and_get_type(variable):


 class LookupModule(LookupBase):
-
    def run(self, terms, variables=None, **kwargs):
        self.set_options(direct=kwargs)
        initial_value = self.get_option("initial_value", None)
        self._override = self.get_option('override', 'error')
        self._pattern_type = self.get_option('pattern_type', 'regex')
+        self._groups = self.get_option('groups', None)

        ret = []
        for term in terms:
            if not isinstance(term, str):
                raise AnsibleError("Non-string type '{0}' passed, only 'str' types are allowed!".format(type(term)))

-            ret.append(self._merge_vars(term, initial_value, variables))
+            if not self._groups:  # consider only own variables
+                ret.append(self._merge_vars(term, initial_value, variables))
+            else:  # consider variables of hosts in given groups
+                cross_host_merge_result = initial_value
+                for host in variables["hostvars"]:
+                    if self._is_host_in_allowed_groups(variables["hostvars"][host]["group_names"]):
+                        host_variables = dict(variables["hostvars"].raw_get(host))
+                        host_variables["hostvars"] = variables["hostvars"]  # re-add hostvars
+                        cross_host_merge_result = self._merge_vars(term, cross_host_merge_result, host_variables)
+                ret.append(cross_host_merge_result)

        return ret

+    def _is_host_in_allowed_groups(self, host_groups):
+        if 'all' in self._groups:
+            return True
+
+        group_intersection = [host_group_name for host_group_name in host_groups if host_group_name in self._groups]
+        if group_intersection:
+            return True
+
+        return False
+
    def _var_matches(self, key, search_pattern):
        if self._pattern_type == "prefix":
            return key.startswith(search_pattern)
@@ -162,7 +189,6 @@ class LookupModule(LookupBase):
        display.vvv("Merge variables with {0}: {1}".format(self._pattern_type, search_pattern))
        var_merge_names = sorted([key for key in variables.keys() if self._var_matches(key, search_pattern)])
        display.vvv("The following variables will be merged: {0}".format(var_merge_names))
-
        prev_var_type = None
        result = None

@@ -171,7 +197,8 @@ class LookupModule(LookupBase):
            result = initial_value

        for var_name in var_merge_names:
-            var_value = self._templar.template(variables[var_name])  # Render jinja2 templates
+            with self._templar.set_temporary_context(available_variables=variables):  # tmp. switch renderer to context of current variables
+                var_value = self._templar.template(variables[var_name])  # Render jinja2 templates
            var_type = _verify_and_get_type(var_value)

            if prev_var_type is None:
--- a/plugins/lookup/onepassword.py
+++ b/plugins/lookup/onepassword.py
@@ -489,10 +489,10 @@ class OnePassCLIv2(OnePassCLIBase):
            current_section_title = section.get("label", section.get("id", "")).lower()
            if section_title == current_section_title:
                # In the correct section. Check "label" then "id" for the desired field_name
-                if field.get("label") == field_name:
+                if field.get("label", "").lower() == field_name:
                    return field.get("value", "")

-                if field.get("id") == field_name:
+                if field.get("id", "").lower() == field_name:
                    return field.get("value", "")

        return ""
--- a/plugins/lookup/passwordstore.py
+++ b/plugins/lookup/passwordstore.py
@@ -139,6 +139,21 @@ DOCUMENTATION = '''
        type: bool
        default: true
        version_added: 8.1.0
+      missing_subkey:
+        description:
+          - Preference about what to do if the password subkey is missing.
+          - If set to V(error), the lookup will error out if the subkey does not exist.
+          - If set to V(empty) or V(warn), will return a V(none) in case the subkey does not exist.
+        version_added: 8.6.0
+        type: str
+        default: empty
+        choices:
+          - error
+          - warn
+          - empty
+        ini:
+          - section: passwordstore_lookup
+            key: missing_subkey
    notes:
      - The lookup supports passing all options as lookup parameters since community.general 6.0.0.
 '''
@@ -147,6 +162,7 @@ ansible.cfg: |
  [passwordstore_lookup]
  lock=readwrite
  locktimeout=45s
+  missing_subkey=warn

 tasks.yml: |
  ---
@@ -432,13 +448,28 @@ class LookupModule(LookupBase):
            if self.paramvals['subkey'] in self.passdict:
                return self.passdict[self.paramvals['subkey']]
            else:
+                if self.paramvals["missing_subkey"] == "error":
+                    raise AnsibleError(
+                        "passwordstore: subkey {0} for passname {1} not found and missing_subkey=error is set".format(
+                            self.paramvals["subkey"], self.passname
+                        )
+                    )
+
+                if self.paramvals["missing_subkey"] == "warn":
+                    display.warning(
+                        "passwordstore: subkey {0} for passname {1} not found".format(
+                            self.paramvals["subkey"], self.passname
+                        )
+                    )
+
                return None

    @contextmanager
    def opt_lock(self, type):
        if self.get_option('lock') == type:
            tmpdir = os.environ.get('TMPDIR', '/tmp')
-            lockfile = os.path.join(tmpdir, '.passwordstore.lock')
+            user = os.environ.get('USER')
+            lockfile = os.path.join(tmpdir, '.{0}.passwordstore.lock'.format(user))
            with FileLock().lock_file(lockfile, tmpdir, self.lock_timeout):
                self.locked = type
                yield
@@ -481,6 +512,7 @@ class LookupModule(LookupBase):
            'umask': self.get_option('umask'),
            'timestamp': self.get_option('timestamp'),
            'preserve': self.get_option('preserve'),
+            "missing_subkey": self.get_option("missing_subkey"),
        }

    def run(self, terms, variables, **kwargs):
--- a/plugins/lookup/random_string.py
+++ b/plugins/lookup/random_string.py
@@ -104,37 +104,37 @@ EXAMPLES = r"""
 - name: Generate random string
  ansible.builtin.debug:
    var: lookup('community.general.random_string')
-  # Example result: ['DeadBeeF']
+  # Example result: 'DeadBeeF'

 - name: Generate random string with length 12
  ansible.builtin.debug:
    var: lookup('community.general.random_string', length=12)
-  # Example result: ['Uan0hUiX5kVG']
+  # Example result: 'Uan0hUiX5kVG'

 - name: Generate base64 encoded random string
  ansible.builtin.debug:
    var: lookup('community.general.random_string', base64=True)
-  # Example result: ['NHZ6eWN5Qk0=']
+  # Example result: 'NHZ6eWN5Qk0='

 - name: Generate a random string with 1 lower, 1 upper, 1 number and 1 special char (at least)
  ansible.builtin.debug:
    var: lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1)
-  # Example result: ['&Qw2|E[-']
+  # Example result: '&Qw2|E[-'

 - name: Generate a random string with all lower case characters
-  debug:
+  ansible.builtin.debug:
    var: query('community.general.random_string', upper=false, numbers=false, special=false)
  # Example result: ['exolxzyz']

 - name: Generate random hexadecimal string
-  debug:
+  ansible.builtin.debug:
    var: query('community.general.random_string', upper=false, lower=false, override_special=hex_chars, numbers=false)
  vars:
    hex_chars: '0123456789ABCDEF'
  # Example result: ['D2A40737']

 - name: Generate random hexadecimal string with override_all
-  debug:
+  ansible.builtin.debug:
    var: query('community.general.random_string', override_all=hex_chars)
  vars:
    hex_chars: '0123456789ABCDEF'
--- a/plugins/lookup/revbitspss.py
+++ b/plugins/lookup/revbitspss.py
@@ -100,7 +100,7 @@ class LookupModule(LookupBase):
        result = []
        for term in terms:
            try:
-                display.vvv(u"Secret Server lookup of Secret with ID %s" % term)
+                display.vvv("Secret Server lookup of Secret with ID %s" % term)
                result.append({term: secret_server.get_pam_secret(term)})
            except Exception as error:
                raise AnsibleError("Secret Server lookup failure: %s" % error.message)
--- a/plugins/module_utils/consul.py
+++ b/plugins/module_utils/consul.py
@@ -5,25 +5,317 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 from __future__ import absolute_import, division, print_function
+
 __metaclass__ = type

+import copy
+import json
+
+from ansible.module_utils.six.moves.urllib import error as urllib_error
+from ansible.module_utils.six.moves.urllib.parse import urlencode
+from ansible.module_utils.urls import open_url
+

 def get_consul_url(configuration):
-    return '%s://%s:%s/v1' % (configuration.scheme,
-                              configuration.host, configuration.port)
+    return "%s://%s:%s/v1" % (
+        configuration.scheme,
+        configuration.host,
+        configuration.port,
+    )


 def get_auth_headers(configuration):
    if configuration.token is None:
        return {}
    else:
-        return {'X-Consul-Token': configuration.token}
+        return {"X-Consul-Token": configuration.token}


 class RequestError(Exception):
-    pass
+    def __init__(self, status, response_data=None):
+        self.status = status
+        self.response_data = response_data
+
+    def __str__(self):
+        if self.response_data is None:
+            # self.status is already the message (backwards compat)
+            return self.status
+        return "HTTP %d: %s" % (self.status, self.response_data)


 def handle_consul_response_error(response):
    if 400 <= response.status_code < 600:
-        raise RequestError('%d %s' % (response.status_code, response.content))
+        raise RequestError("%d %s" % (response.status_code, response.content))
+
+
+AUTH_ARGUMENTS_SPEC = dict(
+    host=dict(default="localhost"),
+    port=dict(type="int", default=8500),
+    scheme=dict(default="http"),
+    validate_certs=dict(type="bool", default=True),
+    token=dict(no_log=True),
+    ca_path=dict(),
+)
+
+
+def camel_case_key(key):
+    parts = []
+    for part in key.split("_"):
+        if part in {"id", "ttl", "jwks", "jwt", "oidc", "iam", "sts"}:
+            parts.append(part.upper())
+        else:
+            parts.append(part.capitalize())
+    return "".join(parts)
+
+
+STATE_PARAMETER = "state"
+STATE_PRESENT = "present"
+STATE_ABSENT = "absent"
+
+OPERATION_READ = "read"
+OPERATION_CREATE = "create"
+OPERATION_UPDATE = "update"
+OPERATION_DELETE = "remove"
+
+
+def _normalize_params(params, arg_spec):
+    final_params = {}
+    for k, v in params.items():
+        if k not in arg_spec:  # Alias
+            continue
+        spec = arg_spec[k]
+        if (
+            spec.get("type") == "list"
+            and spec.get("elements") == "dict"
+            and spec.get("options")
+            and v
+        ):
+            v = [_normalize_params(d, spec["options"]) for d in v]
+        elif spec.get("type") == "dict" and spec.get("options") and v:
+            v = _normalize_params(v, spec["options"])
+        final_params[k] = v
+    return final_params
+
+
+class _ConsulModule:
+    """Base class for Consul modules.
+
+    This class is considered private, till the API is fully fleshed out.
+    As such backwards incompatible changes can occur even in bugfix releases.
+    """
+
+    api_endpoint = None  # type: str
+    unique_identifier = None  # type: str
+    result_key = None  # type: str
+    create_only_fields = set()
+    params = {}
+
+    def __init__(self, module):
+        self._module = module
+        self.params = _normalize_params(module.params, module.argument_spec)
+        self.api_params = {
+            k: camel_case_key(k)
+            for k in self.params
+            if k not in STATE_PARAMETER and k not in AUTH_ARGUMENTS_SPEC
+        }
+
+    def execute(self):
+        obj = self.read_object()
+
+        changed = False
+        diff = {}
+        if self.params[STATE_PARAMETER] == STATE_PRESENT:
+            obj_from_module = self.module_to_obj(obj is not None)
+            if obj is None:
+                operation = OPERATION_CREATE
+                new_obj = self.create_object(obj_from_module)
+                diff = {"before": {}, "after": new_obj}
+                changed = True
+            else:
+                operation = OPERATION_UPDATE
+                if self._needs_update(obj, obj_from_module):
+                    new_obj = self.update_object(obj, obj_from_module)
+                    diff = {"before": obj, "after": new_obj}
+                    changed = True
+                else:
+                    new_obj = obj
+        elif self.params[STATE_PARAMETER] == STATE_ABSENT:
+            operation = OPERATION_DELETE
+            if obj is not None:
+                self.delete_object(obj)
+                changed = True
+                diff = {"before": obj, "after": {}}
+            else:
+                diff = {"before": {}, "after": {}}
+            new_obj = None
+        else:
+            raise RuntimeError("Unknown state supplied.")
+
+        result = {"changed": changed}
+        if changed:
+            result["operation"] = operation
+            if self._module._diff:
+                result["diff"] = diff
+        if self.result_key:
+            result[self.result_key] = new_obj
+        self._module.exit_json(**result)
+
+    def module_to_obj(self, is_update):
+        obj = {}
+        for k, v in self.params.items():
+            result = self.map_param(k, v, is_update)
+            if result:
+                obj[result[0]] = result[1]
+        return obj
+
+    def map_param(self, k, v, is_update):
+        def helper(item):
+            return {camel_case_key(k): v for k, v in item.items()}
+
+        def needs_camel_case(k):
+            spec = self._module.argument_spec[k]
+            return (
+                spec.get("type") == "list"
+                and spec.get("elements") == "dict"
+                and spec.get("options")
+            ) or (spec.get("type") == "dict" and spec.get("options"))
+
+        if k in self.api_params and v is not None:
+            if isinstance(v, dict) and needs_camel_case(k):
+                v = helper(v)
+            elif isinstance(v, (list, tuple)) and needs_camel_case(k):
+                v = [helper(i) for i in v]
+            if is_update and k in self.create_only_fields:
+                return
+            return camel_case_key(k), v
+
+    def _needs_update(self, api_obj, module_obj):
+        api_obj = copy.deepcopy(api_obj)
+        module_obj = copy.deepcopy(module_obj)
+        return self.needs_update(api_obj, module_obj)
+
+    def needs_update(self, api_obj, module_obj):
+        for k, v in module_obj.items():
+            if k not in api_obj:
+                return True
+            if api_obj[k] != v:
+                return True
+        return False
+
+    def prepare_object(self, existing, obj):
+        operational_attributes = {"CreateIndex", "CreateTime", "Hash", "ModifyIndex"}
+        existing = {
+            k: v for k, v in existing.items() if k not in operational_attributes
+        }
+        for k, v in obj.items():
+            existing[k] = v
+        return existing
+
+    def endpoint_url(self, operation, identifier=None):
+        if operation == OPERATION_CREATE:
+            return self.api_endpoint
+        elif identifier:
+            return "/".join([self.api_endpoint, identifier])
+        raise RuntimeError("invalid arguments passed")
+
+    def read_object(self):
+        url = self.endpoint_url(OPERATION_READ, self.params.get(self.unique_identifier))
+        try:
+            return self.get(url)
+        except RequestError as e:
+            if e.status == 404:
+                return
+            elif e.status == 403 and b"ACL not found" in e.response_data:
+                return
+            raise
+
+    def create_object(self, obj):
+        if self._module.check_mode:
+            return obj
+        else:
+            return self.put(self.api_endpoint, data=self.prepare_object({}, obj))
+
+    def update_object(self, existing, obj):
+        url = self.endpoint_url(
+            OPERATION_UPDATE, existing.get(camel_case_key(self.unique_identifier))
+        )
+        merged_object = self.prepare_object(existing, obj)
+        if self._module.check_mode:
+            return merged_object
+        else:
+            return self.put(url, data=merged_object)
+
+    def delete_object(self, obj):
+        if self._module.check_mode:
+            return {}
+        else:
+            url = self.endpoint_url(
+                OPERATION_DELETE, obj.get(camel_case_key(self.unique_identifier))
+            )
+            return self.delete(url)
+
+    def _request(self, method, url_parts, data=None, params=None):
+        module_params = self.params
+
+        if not isinstance(url_parts, (tuple, list)):
+            url_parts = [url_parts]
+        if params:
+            # Remove values that are None
+            params = {k: v for k, v in params.items() if v is not None}
+
+        ca_path = module_params.get("ca_path")
+        base_url = "%s://%s:%s/v1" % (
+            module_params["scheme"],
+            module_params["host"],
+            module_params["port"],
+        )
+        url = "/".join([base_url] + list(url_parts))
+
+        headers = {}
+        token = self.params.get("token")
+        if token:
+            headers["X-Consul-Token"] = token
+
+        try:
+            if data is not None:
+                data = json.dumps(data)
+                headers["Content-Type"] = "application/json"
+            if params:
+                url = "%s?%s" % (url, urlencode(params))
+            response = open_url(
+                url,
+                method=method,
+                data=data,
+                headers=headers,
+                validate_certs=module_params["validate_certs"],
+                ca_path=ca_path,
+            )
+            response_data = response.read()
+            status = (
+                response.status if hasattr(response, "status") else response.getcode()
+            )
+
+        except urllib_error.URLError as e:
+            if isinstance(e, urllib_error.HTTPError):
+                status = e.code
+                response_data = e.fp.read()
+            else:
+                self._module.fail_json(
+                    msg="Could not connect to consul agent at %s:%s, error was %s"
+                    % (module_params["host"], module_params["port"], str(e))
+                )
+                raise
+
+        if 400 <= status < 600:
+            raise RequestError(status, response_data)
+
+        return json.loads(response_data)
+
+    def get(self, url_parts, **kwargs):
+        return self._request("GET", url_parts, **kwargs)
+
+    def put(self, url_parts, **kwargs):
+        return self._request("PUT", url_parts, **kwargs)
+
+    def delete(self, url_parts, **kwargs):
+        return self._request("DELETE", url_parts, **kwargs)
--- a/Show More
+++ b/Show More