Release 9.3.0.

Improve communication info (#8756)

Improve communication info.

(cherry picked from commit 34519a5ecb)

Co-authored-by: Felix Fontein <felix@fontein.de>

.github/BOTMETA.yml

@@ -448,6 +448,8 @@ files:
     maintainers: hkariti
   $modules/bitbucket_:
     maintainers: catcombo
+  $modules/bootc_manage.py:
+    maintainers: cooktheryan
   $modules/bower.py:
     maintainers: mwarkentin
   $modules/btrfs_:
@@ -646,6 +648,11 @@ files:
     labels: homebrew_ macos
     maintainers: $team_macos
     notify: chris-short
+  $modules/homebrew_services.py:
+    ignore: ryansb
+    keywords: brew cask services darwin homebrew macosx macports osx
+    labels: homebrew_ macos
+    maintainers: $team_macos kitizz
   $modules/homectl.py:
     maintainers: jameslivulpi
   $modules/honeybadger_deployment.py:
@@ -1526,7 +1533,7 @@ macros:
   team_huawei: QijunPan TommyLike edisonxiang freesky-edward hwDCN niuzhenguo xuxiaowei0512 yanzhangi zengchen1024 zhongjun2
   team_ipa: Akasurde Nosmoht justchris1
   team_jboss: Wolfant jairojunior wbrefvem
-  team_keycloak: eikef ndclt mattock
+  team_keycloak: eikef ndclt mattock thomasbach-dev
   team_linode: InTheCloudDan decentral1se displague rmcintosh Charliekenney23 LBGarber
   team_macos: Akasurde kyleabenson martinm82 danieljaouen indrajitr
   team_manageiq: abellotti cben gtanzillo yaacov zgalor dkorn evertmulder

CHANGELOG.md

@@ -2,34 +2,39 @@
 
 **Topics**
 
-- <a href="#v9-2-0">v9\.2\.0</a>
+- <a href="#v9-3-0">v9\.3\.0</a>
     - <a href="#release-summary">Release Summary</a>
     - <a href="#minor-changes">Minor Changes</a>
     - <a href="#bugfixes">Bugfixes</a>
+    - <a href="#new-modules">New Modules</a>
+- <a href="#v9-2-0">v9\.2\.0</a>
+    - <a href="#release-summary-1">Release Summary</a>
+    - <a href="#minor-changes-1">Minor Changes</a>
+    - <a href="#bugfixes-1">Bugfixes</a>
     - <a href="#new-plugins">New Plugins</a>
         - <a href="#filter">Filter</a>
         - <a href="#test">Test</a>
 - <a href="#v9-1-0">v9\.1\.0</a>
-    - <a href="#release-summary-1">Release Summary</a>
-    - <a href="#minor-changes-1">Minor Changes</a>
+    - <a href="#release-summary-2">Release Summary</a>
+    - <a href="#minor-changes-2">Minor Changes</a>
     - <a href="#deprecated-features">Deprecated Features</a>
-    - <a href="#bugfixes-1">Bugfixes</a>
+    - <a href="#bugfixes-2">Bugfixes</a>
     - <a href="#known-issues">Known Issues</a>
     - <a href="#new-plugins-1">New Plugins</a>
         - <a href="#filter-1">Filter</a>
-    - <a href="#new-modules">New Modules</a>
+    - <a href="#new-modules-1">New Modules</a>
 - <a href="#v9-0-1">v9\.0\.1</a>
-    - <a href="#release-summary-2">Release Summary</a>
-    - <a href="#minor-changes-2">Minor Changes</a>
-    - <a href="#bugfixes-2">Bugfixes</a>
-- <a href="#v9-0-0">v9\.0\.0</a>
     - <a href="#release-summary-3">Release Summary</a>
     - <a href="#minor-changes-3">Minor Changes</a>
+    - <a href="#bugfixes-3">Bugfixes</a>
+- <a href="#v9-0-0">v9\.0\.0</a>
+    - <a href="#release-summary-4">Release Summary</a>
+    - <a href="#minor-changes-4">Minor Changes</a>
     - <a href="#breaking-changes--porting-guide">Breaking Changes / Porting Guide</a>
     - <a href="#deprecated-features-1">Deprecated Features</a>
     - <a href="#removed-features-previously-deprecated">Removed Features \(previously deprecated\)</a>
     - <a href="#security-fixes">Security Fixes</a>
-    - <a href="#bugfixes-3">Bugfixes</a>
+    - <a href="#bugfixes-4">Bugfixes</a>
     - <a href="#new-plugins-2">New Plugins</a>
         - <a href="#become">Become</a>
         - <a href="#callback">Callback</a>
@@ -37,11 +42,11 @@
         - <a href="#filter-2">Filter</a>
         - <a href="#lookup">Lookup</a>
         - <a href="#test-1">Test</a>
-    - <a href="#new-modules-1">New Modules</a>
+    - <a href="#new-modules-2">New Modules</a>
 This changelog describes changes after version 8\.0\.0\.
 
-<a id="v9-2-0"></a>
-## v9\.2\.0
+<a id="v9-3-0"></a>
+## v9\.3\.0
 
 <a id="release-summary"></a>
 ### Release Summary
@@ -51,6 +56,55 @@ Regular bugfix and feature release\.
 <a id="minor-changes"></a>
 ### Minor Changes
 
+* cgroup\_memory\_recap\, hipchat\, jabber\, log\_plays\, loganalytics\, logentries\, logstash\, slack\, splunk\, sumologic\, syslog\_json callback plugins \- make sure that all options are typed \([https\://github\.com/ansible\-collections/community\.general/pull/8628](https\://github\.com/ansible\-collections/community\.general/pull/8628)\)\.
+* chef\_databag\, consul\_kv\, cyberarkpassword\, dsv\, etcd\, filetree\, hiera\, onepassword\, onepassword\_doc\, onepassword\_raw\, passwordstore\, redis\, shelvefile\, tss lookup plugins \- make sure that all options are typed \([https\://github\.com/ansible\-collections/community\.general/pull/8626](https\://github\.com/ansible\-collections/community\.general/pull/8626)\)\.
+* chroot\, funcd\, incus\, iocage\, jail\, lxc\, lxd\, qubes\, zone connection plugins \- make sure that all options are typed \([https\://github\.com/ansible\-collections/community\.general/pull/8627](https\://github\.com/ansible\-collections/community\.general/pull/8627)\)\.
+* cobbler\, linode\, lxd\, nmap\, online\, scaleway\, stackpath\_compute\, virtualbox inventory plugins \- make sure that all options are typed \([https\://github\.com/ansible\-collections/community\.general/pull/8625](https\://github\.com/ansible\-collections/community\.general/pull/8625)\)\.
+* doas\, dzdo\, ksu\, machinectl\, pbrun\, pfexec\, pmrun\, sesu\, sudosu become plugins \- make sure that all options are typed \([https\://github\.com/ansible\-collections/community\.general/pull/8623](https\://github\.com/ansible\-collections/community\.general/pull/8623)\)\.
+* gconftool2 \- make use of <code>ModuleHelper</code> features to simplify code \([https\://github\.com/ansible\-collections/community\.general/pull/8711](https\://github\.com/ansible\-collections/community\.general/pull/8711)\)\.
+* gitlab\_project \- add option <code>container\_expiration\_policy</code> to schedule container registry cleanup \([https\://github\.com/ansible\-collections/community\.general/pull/8674](https\://github\.com/ansible\-collections/community\.general/pull/8674)\)\.
+* gitlab\_project \- add option <code>model\_registry\_access\_level</code> to disable model registry \([https\://github\.com/ansible\-collections/community\.general/pull/8688](https\://github\.com/ansible\-collections/community\.general/pull/8688)\)\.
+* gitlab\_project \- add option <code>pages\_access\_level</code> to disable project pages \([https\://github\.com/ansible\-collections/community\.general/pull/8688](https\://github\.com/ansible\-collections/community\.general/pull/8688)\)\.
+* gitlab\_project \- add option <code>repository\_access\_level</code> to disable project repository \([https\://github\.com/ansible\-collections/community\.general/pull/8674](https\://github\.com/ansible\-collections/community\.general/pull/8674)\)\.
+* gitlab\_project \- add option <code>service\_desk\_enabled</code> to disable service desk \([https\://github\.com/ansible\-collections/community\.general/pull/8688](https\://github\.com/ansible\-collections/community\.general/pull/8688)\)\.
+* locale\_gen \- add support for multiple locales \([https\://github\.com/ansible\-collections/community\.general/issues/8677](https\://github\.com/ansible\-collections/community\.general/issues/8677)\, [https\://github\.com/ansible\-collections/community\.general/pull/8682](https\://github\.com/ansible\-collections/community\.general/pull/8682)\)\.
+* memcached\, pickle\, redis\, yaml cache plugins \- make sure that all options are typed \([https\://github\.com/ansible\-collections/community\.general/pull/8624](https\://github\.com/ansible\-collections/community\.general/pull/8624)\)\.
+* opentelemetry callback plugin \- fix default value for <code>store\_spans\_in\_file</code> causing traces to be produced to a file named <code>None</code> \([https\://github\.com/ansible\-collections/community\.general/issues/8566](https\://github\.com/ansible\-collections/community\.general/issues/8566)\, [https\://github\.com/ansible\-collections/community\.general/pull/8741](https\://github\.com/ansible\-collections/community\.general/pull/8741)\)\.
+* passwordstore lookup plugin \- add the current user to the lockfile file name to address issues on multi\-user systems \([https\://github\.com/ansible\-collections/community\.general/pull/8689](https\://github\.com/ansible\-collections/community\.general/pull/8689)\)\.
+* pipx \- add parameter <code>suffix</code> to module \([https\://github\.com/ansible\-collections/community\.general/pull/8675](https\://github\.com/ansible\-collections/community\.general/pull/8675)\, [https\://github\.com/ansible\-collections/community\.general/issues/8656](https\://github\.com/ansible\-collections/community\.general/issues/8656)\)\.
+* pkgng \- add option <code>use\_globs</code> \(default <code>true</code>\) to optionally disable glob patterns \([https\://github\.com/ansible\-collections/community\.general/issues/8632](https\://github\.com/ansible\-collections/community\.general/issues/8632)\, [https\://github\.com/ansible\-collections/community\.general/pull/8633](https\://github\.com/ansible\-collections/community\.general/pull/8633)\)\.
+* proxmox inventory plugin \- add new fact for LXC interface details \([https\://github\.com/ansible\-collections/community\.general/pull/8713](https\://github\.com/ansible\-collections/community\.general/pull/8713)\)\.
+* redis\, redis\_info \- add <code>client\_cert</code> and <code>client\_key</code> options to specify path to certificate for Redis authentication  \([https\://github\.com/ansible\-collections/community\.general/pull/8654](https\://github\.com/ansible\-collections/community\.general/pull/8654)\)\.
+
+<a id="bugfixes"></a>
+### Bugfixes
+
+* gitlab\_runner \- fix <code>paused</code> parameter being ignored \([https\://github\.com/ansible\-collections/community\.general/pull/8648](https\://github\.com/ansible\-collections/community\.general/pull/8648)\)\.
+* homebrew\_cask \- fix <code>upgrade\_all</code> returns <code>changed</code> when nothing upgraded \([https\://github\.com/ansible\-collections/community\.general/issues/8707](https\://github\.com/ansible\-collections/community\.general/issues/8707)\, [https\://github\.com/ansible\-collections/community\.general/pull/8708](https\://github\.com/ansible\-collections/community\.general/pull/8708)\)\.
+* keycloak\_user\_federation \- get cleartext IDP <code>clientSecret</code> from full realm info to detect changes to it \([https\://github\.com/ansible\-collections/community\.general/issues/8294](https\://github\.com/ansible\-collections/community\.general/issues/8294)\, [https\://github\.com/ansible\-collections/community\.general/pull/8735](https\://github\.com/ansible\-collections/community\.general/pull/8735)\)\.
+* keycloak\_user\_federation \- remove existing user federation mappers if they are not present in the federation configuration and will not be updated \([https\://github\.com/ansible\-collections/community\.general/issues/7169](https\://github\.com/ansible\-collections/community\.general/issues/7169)\, [https\://github\.com/ansible\-collections/community\.general/pull/8695](https\://github\.com/ansible\-collections/community\.general/pull/8695)\)\.
+* proxmox \- fixed an issue where the new volume handling incorrectly converted <code>null</code> values into <code>\"None\"</code> strings \([https\://github\.com/ansible\-collections/community\.general/pull/8646](https\://github\.com/ansible\-collections/community\.general/pull/8646)\)\.
+* proxmox \- fixed an issue where volume strings where overwritten instead of appended to in the new <code>build\_volume\(\)</code> method \([https\://github\.com/ansible\-collections/community\.general/pull/8646](https\://github\.com/ansible\-collections/community\.general/pull/8646)\)\.
+* proxmox \- removed the forced conversion of non\-string values to strings to be consistent with the module documentation \([https\://github\.com/ansible\-collections/community\.general/pull/8646](https\://github\.com/ansible\-collections/community\.general/pull/8646)\)\.
+
+<a id="new-modules"></a>
+### New Modules
+
+* community\.general\.bootc\_manage \- Bootc Switch and Upgrade\.
+* community\.general\.homebrew\_services \- Services manager for Homebrew\.
+* community\.general\.keycloak\_realm\_keys\_metadata\_info \- Allows obtaining Keycloak realm keys metadata via Keycloak API\.
+
+<a id="v9-2-0"></a>
+## v9\.2\.0
+
+<a id="release-summary-1"></a>
+### Release Summary
+
+Regular bugfix and feature release\.
+
+<a id="minor-changes-1"></a>
+### Minor Changes
+
 * CmdRunner module utils \- the parameter <code>force\_lang</code> now supports the special value <code>auto</code> which will automatically try and determine the best parsable locale in the system \([https\://github\.com/ansible\-collections/community\.general/pull/8517](https\://github\.com/ansible\-collections/community\.general/pull/8517)\)\.
 * proxmox \- add <code>disk\_volume</code> and <code>mount\_volumes</code> keys for better readability \([https\://github\.com/ansible\-collections/community\.general/pull/8542](https\://github\.com/ansible\-collections/community\.general/pull/8542)\)\.
 * proxmox \- translate the old <code>disk</code> and <code>mounts</code> keys to the new handling internally \([https\://github\.com/ansible\-collections/community\.general/pull/8542](https\://github\.com/ansible\-collections/community\.general/pull/8542)\)\.
@@ -60,7 +114,7 @@ Regular bugfix and feature release\.
 * virtualbox inventory plugin \- expose a new parameter <code>enable\_advanced\_group\_parsing</code> to change how the VirtualBox dynamic inventory parses VM groups \([https\://github\.com/ansible\-collections/community\.general/issues/8508](https\://github\.com/ansible\-collections/community\.general/issues/8508)\, [https\://github\.com/ansible\-collections/community\.general/pull/8510](https\://github\.com/ansible\-collections/community\.general/pull/8510)\)\.
 * wdc\_redfish\_command \- minor change to handle upgrade file for Redfish WD platforms \([https\://github\.com/ansible\-collections/community\.general/pull/8444](https\://github\.com/ansible\-collections/community\.general/pull/8444)\)\.
 
-<a id="bugfixes"></a>
+<a id="bugfixes-1"></a>
 ### Bugfixes
 
 * bitwarden lookup plugin \- fix <code>KeyError</code> in <code>search\_field</code> \([https\://github\.com/ansible\-collections/community\.general/issues/8549](https\://github\.com/ansible\-collections/community\.general/issues/8549)\, [https\://github\.com/ansible\-collections/community\.general/pull/8557](https\://github\.com/ansible\-collections/community\.general/pull/8557)\)\.
@@ -85,12 +139,12 @@ Regular bugfix and feature release\.
 <a id="v9-1-0"></a>
 ## v9\.1\.0
 
-<a id="release-summary-1"></a>
+<a id="release-summary-2"></a>
 ### Release Summary
 
 Regular feature and bugfix release\.
 
-<a id="minor-changes-1"></a>
+<a id="minor-changes-2"></a>
 ### Minor Changes
 
 * CmdRunner module util \- argument formats can be specified as plain functions without calling <code>cmd\_runner\_fmt\.as\_func\(\)</code> \([https\://github\.com/ansible\-collections/community\.general/pull/8479](https\://github\.com/ansible\-collections/community\.general/pull/8479)\)\.
@@ -114,7 +168,7 @@ Regular feature and bugfix release\.
 * git\_config \- the <code>list\_all</code> option has been deprecated and will be removed in community\.general 11\.0\.0\. Use the <code>community\.general\.git\_config\_info</code> module instead \([https\://github\.com/ansible\-collections/community\.general/pull/8453](https\://github\.com/ansible\-collections/community\.general/pull/8453)\)\.
 * git\_config \- using <code>state\=present</code> without providing <code>value</code> is deprecated and will be disallowed in community\.general 11\.0\.0\. Use the <code>community\.general\.git\_config\_info</code> module instead to read a value \([https\://github\.com/ansible\-collections/community\.general/pull/8453](https\://github\.com/ansible\-collections/community\.general/pull/8453)\)\.
 
-<a id="bugfixes-1"></a>
+<a id="bugfixes-2"></a>
 ### Bugfixes
 
 * git\_config \- fix behavior of <code>state\=absent</code> if <code>value</code> is present \([https\://github\.com/ansible\-collections/community\.general/issues/8436](https\://github\.com/ansible\-collections/community\.general/issues/8436)\, [https\://github\.com/ansible\-collections/community\.general/pull/8452](https\://github\.com/ansible\-collections/community\.general/pull/8452)\)\.
@@ -141,7 +195,7 @@ Regular feature and bugfix release\.
 * community\.general\.remove\_keys \- Remove specific keys from dictionaries in a list\.
 * community\.general\.replace\_keys \- Replace specific keys in a list of dictionaries\.
 
-<a id="new-modules"></a>
+<a id="new-modules-1"></a>
 ### New Modules
 
 * community\.general\.consul\_agent\_check \- Add\, modify\, and delete checks within a consul cluster\.
@@ -152,17 +206,17 @@ Regular feature and bugfix release\.
 <a id="v9-0-1"></a>
 ## v9\.0\.1
 
-<a id="release-summary-2"></a>
+<a id="release-summary-3"></a>
 ### Release Summary
 
 Bugfix release for inclusion in Ansible 10\.0\.0rc1\.
 
-<a id="minor-changes-2"></a>
+<a id="minor-changes-3"></a>
 ### Minor Changes
 
 * ansible\_galaxy\_install \- minor refactor in the module \([https\://github\.com/ansible\-collections/community\.general/pull/8413](https\://github\.com/ansible\-collections/community\.general/pull/8413)\)\.
 
-<a id="bugfixes-2"></a>
+<a id="bugfixes-3"></a>
 ### Bugfixes
 
 * cpanm \- use new <code>VarDict</code> to prevent deprecation warning \([https\://github\.com/ansible\-collections/community\.general/issues/8410](https\://github\.com/ansible\-collections/community\.general/issues/8410)\, [https\://github\.com/ansible\-collections/community\.general/pull/8411](https\://github\.com/ansible\-collections/community\.general/pull/8411)\)\.
@@ -181,12 +235,12 @@ Bugfix release for inclusion in Ansible 10\.0\.0rc1\.
 <a id="v9-0-0"></a>
 ## v9\.0\.0
 
-<a id="release-summary-3"></a>
+<a id="release-summary-4"></a>
 ### Release Summary
 
 This is release 9\.0\.0 of <code>community\.general</code>\, released on 2024\-05\-20\.
 
-<a id="minor-changes-3"></a>
+<a id="minor-changes-4"></a>
 ### Minor Changes
 
 * PythonRunner module utils \- specialisation of <code>CmdRunner</code> to execute Python scripts \([https\://github\.com/ansible\-collections/community\.general/pull/8289](https\://github\.com/ansible\-collections/community\.general/pull/8289)\)\.
@@ -356,7 +410,7 @@ This is release 9\.0\.0 of <code>community\.general</code>\, released on 2024\-0
 * cobbler\, gitlab\_runners\, icinga2\, linode\, lxd\, nmap\, online\, opennebula\, proxmox\, scaleway\, stackpath\_compute\, virtualbox\, and xen\_orchestra inventory plugin \- make sure all data received from the remote servers is marked as unsafe\, so remote code execution by obtaining texts that can be evaluated as templates is not possible \([https\://www\.die\-welt\.net/2024/03/remote\-code\-execution\-in\-ansible\-dynamic\-inventory\-plugins/](https\://www\.die\-welt\.net/2024/03/remote\-code\-execution\-in\-ansible\-dynamic\-inventory\-plugins/)\, [https\://github\.com/ansible\-collections/community\.general/pull/8098](https\://github\.com/ansible\-collections/community\.general/pull/8098)\)\.
 * keycloak\_identity\_provider \- the client secret was not correctly sanitized by the module\. The return values <code>proposed</code>\, <code>existing</code>\, and <code>end\_state</code>\, as well as the diff\, did contain the client secret unmasked \([https\://github\.com/ansible\-collections/community\.general/pull/8355](https\://github\.com/ansible\-collections/community\.general/pull/8355)\)\.
 
-<a id="bugfixes-3"></a>
+<a id="bugfixes-4"></a>
 ### Bugfixes
 
 * aix\_filesystem \- fix <code>\_validate\_vg</code> not passing VG name to <code>lsvg\_cmd</code> \([https\://github\.com/ansible\-collections/community\.general/issues/8151](https\://github\.com/ansible\-collections/community\.general/issues/8151)\)\.
@@ -471,7 +525,7 @@ This is release 9\.0\.0 of <code>community\.general</code>\, released on 2024\-0
 
 * community\.general\.fqdn\_valid \- Validates fully\-qualified domain names against RFC 1123\.
 
-<a id="new-modules-1"></a>
+<a id="new-modules-2"></a>
 ### New Modules
 
 * community\.general\.consul\_acl\_bootstrap \- Bootstrap ACLs in Consul\.

CHANGELOG.rst

@@ -6,6 +6,55 @@ Community General Release Notes
 
 This changelog describes changes after version 8.0.0.
 
+v9.3.0
+======
+
+Release Summary
+---------------
+
+Regular bugfix and feature release.
+
+Minor Changes
+-------------
+
+- cgroup_memory_recap, hipchat, jabber, log_plays, loganalytics, logentries, logstash, slack, splunk, sumologic, syslog_json callback plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8628).
+- chef_databag, consul_kv, cyberarkpassword, dsv, etcd, filetree, hiera, onepassword, onepassword_doc, onepassword_raw, passwordstore, redis, shelvefile, tss lookup plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8626).
+- chroot, funcd, incus, iocage, jail, lxc, lxd, qubes, zone connection plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8627).
+- cobbler, linode, lxd, nmap, online, scaleway, stackpath_compute, virtualbox inventory plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8625).
+- doas, dzdo, ksu, machinectl, pbrun, pfexec, pmrun, sesu, sudosu become plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8623).
+- gconftool2 - make use of ``ModuleHelper`` features to simplify code (https://github.com/ansible-collections/community.general/pull/8711).
+- gitlab_project - add option ``container_expiration_policy`` to schedule container registry cleanup (https://github.com/ansible-collections/community.general/pull/8674).
+- gitlab_project - add option ``model_registry_access_level`` to disable model registry (https://github.com/ansible-collections/community.general/pull/8688).
+- gitlab_project - add option ``pages_access_level`` to disable project pages (https://github.com/ansible-collections/community.general/pull/8688).
+- gitlab_project - add option ``repository_access_level`` to disable project repository (https://github.com/ansible-collections/community.general/pull/8674).
+- gitlab_project - add option ``service_desk_enabled`` to disable service desk (https://github.com/ansible-collections/community.general/pull/8688).
+- locale_gen - add support for multiple locales (https://github.com/ansible-collections/community.general/issues/8677, https://github.com/ansible-collections/community.general/pull/8682).
+- memcached, pickle, redis, yaml cache plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8624).
+- opentelemetry callback plugin - fix default value for ``store_spans_in_file`` causing traces to be produced to a file named ``None`` (https://github.com/ansible-collections/community.general/issues/8566, https://github.com/ansible-collections/community.general/pull/8741).
+- passwordstore lookup plugin - add the current user to the lockfile file name to address issues on multi-user systems (https://github.com/ansible-collections/community.general/pull/8689).
+- pipx - add parameter ``suffix`` to module (https://github.com/ansible-collections/community.general/pull/8675, https://github.com/ansible-collections/community.general/issues/8656).
+- pkgng - add option ``use_globs`` (default ``true``) to optionally disable glob patterns (https://github.com/ansible-collections/community.general/issues/8632, https://github.com/ansible-collections/community.general/pull/8633).
+- proxmox inventory plugin - add new fact for LXC interface details (https://github.com/ansible-collections/community.general/pull/8713).
+- redis, redis_info - add ``client_cert`` and ``client_key`` options to specify path to certificate for Redis authentication  (https://github.com/ansible-collections/community.general/pull/8654).
+
+Bugfixes
+--------
+
+- gitlab_runner - fix ``paused`` parameter being ignored (https://github.com/ansible-collections/community.general/pull/8648).
+- homebrew_cask - fix ``upgrade_all`` returns ``changed`` when nothing upgraded (https://github.com/ansible-collections/community.general/issues/8707, https://github.com/ansible-collections/community.general/pull/8708).
+- keycloak_user_federation - get cleartext IDP ``clientSecret`` from full realm info to detect changes to it (https://github.com/ansible-collections/community.general/issues/8294, https://github.com/ansible-collections/community.general/pull/8735).
+- keycloak_user_federation - remove existing user federation mappers if they are not present in the federation configuration and will not be updated (https://github.com/ansible-collections/community.general/issues/7169, https://github.com/ansible-collections/community.general/pull/8695).
+- proxmox - fixed an issue where the new volume handling incorrectly converted ``null`` values into ``"None"`` strings (https://github.com/ansible-collections/community.general/pull/8646).
+- proxmox - fixed an issue where volume strings where overwritten instead of appended to in the new ``build_volume()`` method (https://github.com/ansible-collections/community.general/pull/8646).
+- proxmox - removed the forced conversion of non-string values to strings to be consistent with the module documentation (https://github.com/ansible-collections/community.general/pull/8646).
+
+New Modules
+-----------
+
+- community.general.bootc_manage - Bootc Switch and Upgrade.
+- community.general.homebrew_services - Services manager for Homebrew.
+- community.general.keycloak_realm_keys_metadata_info - Allows obtaining Keycloak realm keys metadata via Keycloak API.
+
 v9.2.0
 ======
 

CONTRIBUTING.md

@@ -56,6 +56,8 @@ cd ~/dev/ansible_collections/community/general
 
 Then you can run `ansible-test` (which is a part of [ansible-core](https://pypi.org/project/ansible-core/)) inside the checkout. The following example commands expect that you have installed Docker or Podman. Note that Podman has only been supported by more recent ansible-core releases. If you are using Docker, the following will work with Ansible 2.9+.
 
+### Sanity tests
+
 The following commands show how to run sanity tests:
 
 ```.bash
@@ -66,6 +68,8 @@ ansible-test sanity --docker -v
 ansible-test sanity --docker -v plugins/modules/system/pids.py tests/integration/targets/pids/
 ```
 
+### Unit tests
+
 The following commands show how to run unit tests:
 
 ```.bash
@@ -79,13 +83,32 @@ ansible-test units --docker -v --python 3.8
 ansible-test units --docker -v --python 3.8 tests/unit/plugins/modules/net_tools/test_nmcli.py
 ```
 
+### Integration tests
+
 The following commands show how to run integration tests:
 
-```.bash
-# Run integration tests for the interfaces_files module in a Docker container using the
-# fedora35 operating system image (the supported images depend on your ansible-core version):
-ansible-test integration --docker fedora35 -v interfaces_file
+#### In Docker
 
+Integration tests on Docker have the following parameters:
+- `image_name` (required): The name of the Docker image. To get the list of supported Docker images, run
+  `ansible-test integration --help` and look for _target docker images_.
+- `test_name` (optional): The name of the integration test.  
+  For modules, this equals the short name of the module; for example, `pacman` in case of `community.general.pacman`.  
+  For plugins, the plugin type is added before the plugin's short name, for example `callback_yaml` for the `community.general.yaml` callback.
+```.bash
+# Test all plugins/modules on fedora40
+ansible-test integration -v --docker fedora40
+
+# Template
+ansible-test integration -v --docker image_name test_name
+
+# Example community.general.ini_file module on fedora40 Docker image:
+ansible-test integration -v --docker fedora40 ini_file
+```
+
+#### Without isolation
+
+```.bash
 # Run integration tests for the flattened lookup **without any isolation**:
 ansible-test integration -v lookup_flattened
 ```

README.md

@@ -23,6 +23,18 @@ We follow [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/comm
 
 If you encounter abusive behavior violating the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html), please refer to the [policy violations](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#policy-violations) section of the Code of Conduct for information on how to raise a complaint.
 
+## Communication
+
+* Join the Ansible forum:
+  * [Get Help](https://forum.ansible.com/c/help/6): get help or help others. This is for questions about modules or plugins in the collection.
+  * [Tag `community-general`](https://forum.ansible.com/tag/community-general): discuss the *collection itself*, instead of specific modules or plugins.
+  * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+  * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
+
+For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+
 ## Tested with Ansible
 
 Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, ansible-core 2.17 releases and the current development version of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
@@ -98,18 +110,6 @@ It is necessary for maintainers of this collection to be subscribed to:
 
 They also should be subscribed to Ansible's [The Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn).
 
-## Communication
-
-We announce important development changes and releases through Ansible's [The Bullhorn newsletter](https://eepurl.com/gZmiEP). If you are a collection developer, be sure you are subscribed.
-
-Join us in the `#ansible` (general use questions and support), `#ansible-community` (community and collection development questions), and other [IRC channels](https://docs.ansible.com/ansible/devel/community/communication.html#irc-channels) on [Libera.chat](https://libera.chat).
-
-We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us.
-
-For more information about communities, meetings and agendas see [Community Wiki](https://github.com/ansible/community/wiki/Community).
-
-For more information about communication, refer to Ansible's the [Communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
-
 ## Publishing New Version
 
 See the [Releasing guidelines](https://github.com/ansible/community-docs/blob/main/releasing_collections.rst) to learn how to release this collection.

changelogs/changelog.yaml

@@ -972,3 +972,97 @@ releases:
           name: ansible_type
           namespace: null
     release_date: '2024-07-15'
+  9.3.0:
+    changes:
+      bugfixes:
+        - gitlab_runner - fix ``paused`` parameter being ignored (https://github.com/ansible-collections/community.general/pull/8648).
+        - homebrew_cask - fix ``upgrade_all`` returns ``changed`` when nothing upgraded
+          (https://github.com/ansible-collections/community.general/issues/8707, https://github.com/ansible-collections/community.general/pull/8708).
+        - keycloak_user_federation - get cleartext IDP ``clientSecret`` from full
+          realm info to detect changes to it (https://github.com/ansible-collections/community.general/issues/8294,
+          https://github.com/ansible-collections/community.general/pull/8735).
+        - keycloak_user_federation - remove existing user federation mappers if they
+          are not present in the federation configuration and will not be updated
+          (https://github.com/ansible-collections/community.general/issues/7169, https://github.com/ansible-collections/community.general/pull/8695).
+        - proxmox - fixed an issue where the new volume handling incorrectly converted
+          ``null`` values into ``"None"`` strings (https://github.com/ansible-collections/community.general/pull/8646).
+        - proxmox - fixed an issue where volume strings where overwritten instead
+          of appended to in the new ``build_volume()`` method (https://github.com/ansible-collections/community.general/pull/8646).
+        - proxmox - removed the forced conversion of non-string values to strings
+          to be consistent with the module documentation (https://github.com/ansible-collections/community.general/pull/8646).
+      minor_changes:
+        - cgroup_memory_recap, hipchat, jabber, log_plays, loganalytics, logentries,
+          logstash, slack, splunk, sumologic, syslog_json callback plugins - make
+          sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8628).
+        - chef_databag, consul_kv, cyberarkpassword, dsv, etcd, filetree, hiera, onepassword,
+          onepassword_doc, onepassword_raw, passwordstore, redis, shelvefile, tss
+          lookup plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8626).
+        - chroot, funcd, incus, iocage, jail, lxc, lxd, qubes, zone connection plugins
+          - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8627).
+        - cobbler, linode, lxd, nmap, online, scaleway, stackpath_compute, virtualbox
+          inventory plugins - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8625).
+        - doas, dzdo, ksu, machinectl, pbrun, pfexec, pmrun, sesu, sudosu become plugins
+          - make sure that all options are typed (https://github.com/ansible-collections/community.general/pull/8623).
+        - gconftool2 - make use of ``ModuleHelper`` features to simplify code (https://github.com/ansible-collections/community.general/pull/8711).
+        - gitlab_project - add option ``container_expiration_policy`` to schedule
+          container registry cleanup (https://github.com/ansible-collections/community.general/pull/8674).
+        - gitlab_project - add option ``model_registry_access_level`` to disable model
+          registry (https://github.com/ansible-collections/community.general/pull/8688).
+        - gitlab_project - add option ``pages_access_level`` to disable project pages
+          (https://github.com/ansible-collections/community.general/pull/8688).
+        - gitlab_project - add option ``repository_access_level`` to disable project
+          repository (https://github.com/ansible-collections/community.general/pull/8674).
+        - gitlab_project - add option ``service_desk_enabled`` to disable service
+          desk (https://github.com/ansible-collections/community.general/pull/8688).
+        - locale_gen - add support for multiple locales (https://github.com/ansible-collections/community.general/issues/8677,
+          https://github.com/ansible-collections/community.general/pull/8682).
+        - memcached, pickle, redis, yaml cache plugins - make sure that all options
+          are typed (https://github.com/ansible-collections/community.general/pull/8624).
+        - opentelemetry callback plugin - fix default value for ``store_spans_in_file``
+          causing traces to be produced to a file named ``None`` (https://github.com/ansible-collections/community.general/issues/8566,
+          https://github.com/ansible-collections/community.general/pull/8741).
+        - passwordstore lookup plugin - add the current user to the lockfile file
+          name to address issues on multi-user systems (https://github.com/ansible-collections/community.general/pull/8689).
+        - pipx - add parameter ``suffix`` to module (https://github.com/ansible-collections/community.general/pull/8675,
+          https://github.com/ansible-collections/community.general/issues/8656).
+        - pkgng - add option ``use_globs`` (default ``true``) to optionally disable
+          glob patterns (https://github.com/ansible-collections/community.general/issues/8632,
+          https://github.com/ansible-collections/community.general/pull/8633).
+        - proxmox inventory plugin - add new fact for LXC interface details (https://github.com/ansible-collections/community.general/pull/8713).
+        - redis, redis_info - add ``client_cert`` and ``client_key`` options to specify
+          path to certificate for Redis authentication  (https://github.com/ansible-collections/community.general/pull/8654).
+      release_summary: Regular bugfix and feature release.
+    fragments:
+      - 8623-become-types.yml
+      - 8624-cache-types.yml
+      - 8625-inventory-types.yml
+      - 8626-lookup-types.yml
+      - 8627-connection-types.yml
+      - 8628-callback-types.yml
+      - 8632-pkgng-add-option-use_globs.yml
+      - 8646-fix-bug-in-proxmox-volumes.yml
+      - 8648-fix-gitlab-runner-paused.yaml
+      - 8654-add-redis-tls-params.yml
+      - 8674-add-gitlab-project-cleanup-policy.yml
+      - 8675-pipx-install-suffix.yml
+      - 8682-locale-gen-multiple.yaml
+      - 8688-gitlab_project-add-new-params.yml
+      - 8689-passwordstore-lock-naming.yml
+      - 8695-keycloak_user_federation-mapper-removal.yml
+      - 8708-homebrew_cask-fix-upgrade-all.yml
+      - 8711-gconftool2-refactor.yml
+      - 8713-proxmox_lxc_interfaces.yml
+      - 8735-keycloak_identity_provider-get-cleartext-secret-from-realm-info.yml
+      - 8741-fix-opentelemetry-callback.yml
+      - 9.3.0.yml
+    modules:
+      - description: Bootc Switch and Upgrade.
+        name: bootc_manage
+        namespace: ''
+      - description: Services manager for Homebrew.
+        name: homebrew_services
+        namespace: ''
+      - description: Allows obtaining Keycloak realm keys metadata via Keycloak API.
+        name: keycloak_realm_keys_metadata_info
+        namespace: ''
+    release_date: '2024-08-12'

docs/docsite/links.yml

@@ -9,6 +9,8 @@ edit_on_github:
   path_prefix: ''
 
 extra_links:
+  - description: Ask for help
+    url: https://forum.ansible.com/c/help/6/none
   - description: Submit a bug report
     url: https://github.com/ansible-collections/community.general/issues/new?assignees=&labels=&template=bug_report.yml
   - description: Request a feature
@@ -26,6 +28,9 @@ communication:
     - topic: Ansible Project List
       url: https://groups.google.com/g/ansible-project
   forums:
-    - topic: Ansible Forum
+    - topic: "Ansible Forum: General usage and support questions"
       # The following URL directly points to the "Get Help" section
       url: https://forum.ansible.com/c/help/6/none
+    - topic: "Ansible Forum: Discussions about the collection itself, not for specific modules or plugins"
+      # The following URL directly points to the "community-general" tag
+      url: https://forum.ansible.com/tag/community-general

galaxy.yml

@@ -5,7 +5,7 @@
 
 namespace: community
 name: general
-version: 9.2.0
+version: 9.3.0
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)

plugins/action/iptables_state.py

@@ -88,6 +88,10 @@ class ActionModule(ActionBase):
             max_timeout = self._connection._play_context.timeout
             module_args = self._task.args
 
+            async_status_args = {}
+            starter_cmd = None
+            confirm_cmd = None
+
             if module_args.get('state', None) == 'restored':
                 if not wrap_async:
                     if not check_mode:

plugins/become/doas.py

@@ -13,7 +13,8 @@ DOCUMENTATION = '''
     author: Ansible Core Team
     options:
         become_user:
-            description: User you 'become' to execute the task
+            description: User you 'become' to execute the task.
+            type: string
             ini:
               - section: privilege_escalation
                 key: become_user
@@ -26,7 +27,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_USER
               - name: ANSIBLE_DOAS_USER
         become_exe:
-            description: Doas executable
+            description: Doas executable.
+            type: string
             default: doas
             ini:
               - section: privilege_escalation
@@ -40,7 +42,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_DOAS_EXE
         become_flags:
-            description: Options to pass to doas
+            description: Options to pass to doas.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -54,7 +57,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_DOAS_FLAGS
         become_pass:
-            description: password for doas prompt
+            description: Password for doas prompt.
+            type: string
             required: false
             vars:
               - name: ansible_become_password
@@ -68,8 +72,10 @@ DOCUMENTATION = '''
                 key: password
         prompt_l10n:
             description:
-                - List of localized strings to match for prompt detection
-                - If empty we'll use the built in one
+                - List of localized strings to match for prompt detection.
+                - If empty we will use the built in one.
+            type: list
+            elements: string
             default: []
             ini:
               - section: doas_become_plugin

plugins/become/dzdo.py

@@ -13,7 +13,8 @@ DOCUMENTATION = '''
     author: Ansible Core Team
     options:
         become_user:
-            description: User you 'become' to execute the task
+            description: User you 'become' to execute the task.
+            type: string
             ini:
               - section: privilege_escalation
                 key: become_user
@@ -26,7 +27,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_USER
               - name: ANSIBLE_DZDO_USER
         become_exe:
-            description: Dzdo executable
+            description: Dzdo executable.
+            type: string
             default: dzdo
             ini:
               - section: privilege_escalation
@@ -40,7 +42,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_DZDO_EXE
         become_flags:
-            description: Options to pass to dzdo
+            description: Options to pass to dzdo.
+            type: string
             default: -H -S -n
             ini:
               - section: privilege_escalation
@@ -54,7 +57,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_DZDO_FLAGS
         become_pass:
-            description: Options to pass to dzdo
+            description: Options to pass to dzdo.
+            type: string
             required: false
             vars:
               - name: ansible_become_password

plugins/become/ksu.py

@@ -13,7 +13,8 @@ DOCUMENTATION = '''
     author: Ansible Core Team
     options:
         become_user:
-            description: User you 'become' to execute the task
+            description: User you 'become' to execute the task.
+            type: string
             ini:
               - section: privilege_escalation
                 key: become_user
@@ -27,7 +28,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_KSU_USER
             required: true
         become_exe:
-            description: Su executable
+            description: Su executable.
+            type: string
             default: ksu
             ini:
               - section: privilege_escalation
@@ -41,7 +43,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_KSU_EXE
         become_flags:
-            description: Options to pass to ksu
+            description: Options to pass to ksu.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -55,7 +58,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_KSU_FLAGS
         become_pass:
-            description: ksu password
+            description: Ksu password.
+            type: string
             required: false
             vars:
               - name: ansible_ksu_pass
@@ -69,8 +73,10 @@ DOCUMENTATION = '''
                 key: password
         prompt_l10n:
             description:
-                - List of localized strings to match for prompt detection
-                - If empty we'll use the built in one
+                - List of localized strings to match for prompt detection.
+                - If empty we will use the built in one.
+            type: list
+            elements: string
             default: []
             ini:
               - section: ksu_become_plugin

plugins/become/machinectl.py

@@ -13,7 +13,8 @@ DOCUMENTATION = '''
     author: Ansible Core Team
     options:
         become_user:
-            description: User you 'become' to execute the task
+            description: User you 'become' to execute the task.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -27,7 +28,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_USER
               - name: ANSIBLE_MACHINECTL_USER
         become_exe:
-            description: Machinectl executable
+            description: Machinectl executable.
+            type: string
             default: machinectl
             ini:
               - section: privilege_escalation
@@ -41,7 +43,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_MACHINECTL_EXE
         become_flags:
-            description: Options to pass to machinectl
+            description: Options to pass to machinectl.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -55,7 +58,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_MACHINECTL_FLAGS
         become_pass:
-            description: Password for machinectl
+            description: Password for machinectl.
+            type: string
             required: false
             vars:
               - name: ansible_become_password

plugins/become/pbrun.py

@@ -13,7 +13,8 @@ DOCUMENTATION = '''
     author: Ansible Core Team
     options:
         become_user:
-            description: User you 'become' to execute the task
+            description: User you 'become' to execute the task.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -27,7 +28,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_USER
               - name: ANSIBLE_PBRUN_USER
         become_exe:
-            description: Sudo executable
+            description: Sudo executable.
+            type: string
             default: pbrun
             ini:
               - section: privilege_escalation
@@ -41,7 +43,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_PBRUN_EXE
         become_flags:
-            description: Options to pass to pbrun
+            description: Options to pass to pbrun.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -55,7 +58,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_PBRUN_FLAGS
         become_pass:
-            description: Password for pbrun
+            description: Password for pbrun.
+            type: string
             required: false
             vars:
               - name: ansible_become_password
@@ -68,7 +72,7 @@ DOCUMENTATION = '''
               - section: pbrun_become_plugin
                 key: password
         wrap_exe:
-            description: Toggle to wrap the command pbrun calls in 'shell -c' or not
+            description: Toggle to wrap the command pbrun calls in C(shell -c) or not.
             default: false
             type: bool
             ini:

plugins/become/pfexec.py

@@ -14,9 +14,10 @@ DOCUMENTATION = '''
     options:
         become_user:
             description:
-                - User you 'become' to execute the task
+                - User you 'become' to execute the task.
                 - This plugin ignores this setting as pfexec uses it's own C(exec_attr) to figure this out,
                   but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.
+            type: string
             default: root
             ini:
               - section: privilege_escalation
@@ -30,7 +31,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_USER
               - name: ANSIBLE_PFEXEC_USER
         become_exe:
-            description: Sudo executable
+            description: Sudo executable.
+            type: string
             default: pfexec
             ini:
               - section: privilege_escalation
@@ -44,7 +46,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_PFEXEC_EXE
         become_flags:
-            description: Options to pass to pfexec
+            description: Options to pass to pfexec.
+            type: string
             default: -H -S -n
             ini:
               - section: privilege_escalation
@@ -58,7 +61,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_PFEXEC_FLAGS
         become_pass:
-            description: pfexec password
+            description: pfexec password.
+            type: string
             required: false
             vars:
               - name: ansible_become_password
@@ -71,7 +75,7 @@ DOCUMENTATION = '''
               - section: pfexec_become_plugin
                 key: password
         wrap_exe:
-            description: Toggle to wrap the command pfexec calls in 'shell -c' or not
+            description: Toggle to wrap the command pfexec calls in C(shell -c) or not.
             default: false
             type: bool
             ini:
@@ -82,7 +86,7 @@ DOCUMENTATION = '''
             env:
               - name: ANSIBLE_PFEXEC_WRAP_EXECUTION
     notes:
-      - This plugin ignores O(become_user) as pfexec uses it's own C(exec_attr) to figure this out.
+      - This plugin ignores O(become_user) as pfexec uses its own C(exec_attr) to figure this out.
 '''
 
 from ansible.plugins.become import BecomeBase

plugins/become/pmrun.py

@@ -14,6 +14,7 @@ DOCUMENTATION = '''
     options:
         become_exe:
             description: Sudo executable
+            type: string
             default: pmrun
             ini:
               - section: privilege_escalation
@@ -27,7 +28,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_PMRUN_EXE
         become_flags:
-            description: Options to pass to pmrun
+            description: Options to pass to pmrun.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -41,7 +43,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_PMRUN_FLAGS
         become_pass:
-            description: pmrun password
+            description: pmrun password.
+            type: string
             required: false
             vars:
               - name: ansible_become_password

plugins/become/sesu.py

@@ -13,7 +13,8 @@ DOCUMENTATION = '''
     author: ansible (@nekonyuu)
     options:
         become_user:
-            description: User you 'become' to execute the task
+            description: User you 'become' to execute the task.
+            type: string
             default: ''
             ini:
               - section: privilege_escalation
@@ -27,7 +28,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_USER
               - name: ANSIBLE_SESU_USER
         become_exe:
-            description: sesu executable
+            description: sesu executable.
+            type: string
             default: sesu
             ini:
               - section: privilege_escalation
@@ -41,7 +43,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_EXE
               - name: ANSIBLE_SESU_EXE
         become_flags:
-            description: Options to pass to sesu
+            description: Options to pass to sesu.
+            type: string
             default: -H -S -n
             ini:
               - section: privilege_escalation
@@ -55,7 +58,8 @@ DOCUMENTATION = '''
               - name: ANSIBLE_BECOME_FLAGS
               - name: ANSIBLE_SESU_FLAGS
         become_pass:
-            description: Password to pass to sesu
+            description: Password to pass to sesu.
+            type: string
             required: false
             vars:
               - name: ansible_become_password

plugins/become/sudosu.py

@@ -16,6 +16,7 @@ DOCUMENTATION = """
     options:
         become_user:
             description: User you 'become' to execute the task.
+            type: string
             default: root
             ini:
               - section: privilege_escalation
@@ -30,6 +31,7 @@ DOCUMENTATION = """
               - name: ANSIBLE_SUDO_USER
         become_flags:
             description: Options to pass to C(sudo).
+            type: string
             default: -H -S -n
             ini:
               - section: privilege_escalation
@@ -44,6 +46,7 @@ DOCUMENTATION = """
               - name: ANSIBLE_SUDO_FLAGS
         become_pass:
             description: Password to pass to C(sudo).
+            type: string
             required: false
             vars:
               - name: ansible_become_password

plugins/cache/memcached.py

@@ -29,6 +29,7 @@ DOCUMENTATION = '''
             section: defaults
       _prefix:
         description: User defined prefix to use when creating the DB entries
+        type: string
         default: ansible_facts
         env:
           - name: ANSIBLE_CACHE_PLUGIN_PREFIX
@@ -37,13 +38,14 @@ DOCUMENTATION = '''
             section: defaults
       _timeout:
         default: 86400
+        type: integer
+        # TODO: determine whether it is OK to change to: type: float
         description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
         env:
           - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
         ini:
           - key: fact_caching_timeout
             section: defaults
-        type: integer
 '''
 
 import collections

plugins/cache/pickle.py

@@ -24,6 +24,7 @@ DOCUMENTATION = '''
         ini:
           - key: fact_caching_connection
             section: defaults
+        type: path
       _prefix:
         description: User defined prefix to use when creating the files
         env:
@@ -31,6 +32,7 @@ DOCUMENTATION = '''
         ini:
           - key: fact_caching_prefix
             section: defaults
+        type: string
       _timeout:
         default: 86400
         description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
@@ -39,6 +41,7 @@ DOCUMENTATION = '''
         ini:
           - key: fact_caching_timeout
             section: defaults
+        type: float
 '''
 
 try:

plugins/cache/redis.py

@@ -21,6 +21,7 @@ DOCUMENTATION = '''
           - The format is V(host:port:db:password), for example V(localhost:6379:0:changeme).
           - To use encryption in transit, prefix the connection with V(tls://), as in V(tls://localhost:6379:0:changeme).
           - To use redis sentinel, use separator V(;), for example V(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0.
+        type: string
         required: true
         env:
           - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
@@ -29,6 +30,7 @@ DOCUMENTATION = '''
             section: defaults
       _prefix:
         description: User defined prefix to use when creating the DB entries
+        type: string
         default: ansible_facts
         env:
           - name: ANSIBLE_CACHE_PLUGIN_PREFIX
@@ -37,6 +39,7 @@ DOCUMENTATION = '''
             section: defaults
       _keyset_name:
         description: User defined name for cache keyset name.
+        type: string
         default: ansible_cache_keys
         env:
           - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME
@@ -46,6 +49,7 @@ DOCUMENTATION = '''
         version_added: 1.3.0
       _sentinel_service_name:
         description: The redis sentinel service name (or referenced as cluster name).
+        type: string
         env:
           - name: ANSIBLE_CACHE_REDIS_SENTINEL
         ini:
@@ -54,13 +58,14 @@ DOCUMENTATION = '''
         version_added: 1.3.0
       _timeout:
         default: 86400
+        type: integer
+        # TODO: determine whether it is OK to change to: type: float
         description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
         env:
           - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
         ini:
           - key: fact_caching_timeout
             section: defaults
-        type: integer
 '''
 
 import re

plugins/cache/yaml.py

@@ -24,6 +24,7 @@ DOCUMENTATION = '''
         ini:
           - key: fact_caching_connection
             section: defaults
+        type: string
       _prefix:
         description: User defined prefix to use when creating the files
         env:
@@ -31,6 +32,7 @@ DOCUMENTATION = '''
         ini:
           - key: fact_caching_prefix
             section: defaults
+        type: string
       _timeout:
         default: 86400
         description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
@@ -40,6 +42,7 @@ DOCUMENTATION = '''
           - key: fact_caching_timeout
             section: defaults
         type: integer
+        # TODO: determine whether it is OK to change to: type: float
 '''
 
 

plugins/callback/cgroup_memory_recap.py

@@ -25,6 +25,7 @@ DOCUMENTATION = '''
       max_mem_file:
         required: true
         description: Path to cgroups C(memory.max_usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.max_usage_in_bytes).
+        type: str
         env:
           - name: CGROUP_MAX_MEM_FILE
         ini:
@@ -33,6 +34,7 @@ DOCUMENTATION = '''
       cur_mem_file:
         required: true
         description: Path to C(memory.usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.usage_in_bytes).
+        type: str
         env:
           - name: CGROUP_CUR_MEM_FILE
         ini:

plugins/callback/hipchat.py

@@ -25,6 +25,7 @@ DOCUMENTATION = '''
     options:
       token:
         description: HipChat API token for v1 or v2 API.
+        type: str
         required: true
         env:
           - name: HIPCHAT_TOKEN
@@ -33,6 +34,10 @@ DOCUMENTATION = '''
             key: token
       api_version:
         description: HipChat API version, v1 or v2.
+        type: str
+        choices:
+          - v1
+          - v2
         required: false
         default: v1
         env:
@@ -42,6 +47,7 @@ DOCUMENTATION = '''
             key: api_version
       room:
         description: HipChat room to post in.
+        type: str
         default: ansible
         env:
           - name: HIPCHAT_ROOM
@@ -50,6 +56,7 @@ DOCUMENTATION = '''
             key: room
       from:
         description:  Name to post as
+        type: str
         default: ansible
         env:
           - name: HIPCHAT_FROM

plugins/callback/jabber.py

@@ -20,21 +20,25 @@ DOCUMENTATION = '''
     options:
       server:
         description: connection info to jabber server
+        type: str
         required: true
         env:
           - name: JABBER_SERV
       user:
         description: Jabber user to authenticate as
+        type: str
         required: true
         env:
           - name: JABBER_USER
       password:
         description: Password for the user to the jabber server
+        type: str
         required: true
         env:
           - name: JABBER_PASS
       to:
         description: chat identifier that will receive the message
+        type: str
         required: true
         env:
           - name: JABBER_TO

plugins/callback/log_plays.py

@@ -21,6 +21,7 @@ DOCUMENTATION = '''
       log_folder:
         default: /var/log/ansible/hosts
         description: The folder where log files will be created.
+        type: str
         env:
           - name: ANSIBLE_LOG_FOLDER
         ini:

plugins/callback/loganalytics.py

@@ -21,6 +21,7 @@ DOCUMENTATION = '''
     options:
       workspace_id:
         description: Workspace ID of the Azure log analytics workspace.
+        type: str
         required: true
         env:
           - name: WORKSPACE_ID
@@ -29,6 +30,7 @@ DOCUMENTATION = '''
             key: workspace_id
       shared_key:
         description: Shared key to connect to Azure log analytics workspace.
+        type: str
         required: true
         env:
           - name: WORKSPACE_SHARED_KEY

plugins/callback/logentries.py

@@ -22,6 +22,7 @@ DOCUMENTATION = '''
     options:
       api:
         description: URI to the Logentries API.
+        type: str
         env:
           - name: LOGENTRIES_API
         default: data.logentries.com
@@ -30,6 +31,7 @@ DOCUMENTATION = '''
             key: api
       port:
         description: HTTP port to use when connecting to the API.
+        type: int
         env:
             - name: LOGENTRIES_PORT
         default: 80
@@ -38,6 +40,7 @@ DOCUMENTATION = '''
             key: port
       tls_port:
         description: Port to use when connecting to the API when TLS is enabled.
+        type: int
         env:
             - name: LOGENTRIES_TLS_PORT
         default: 443
@@ -46,6 +49,7 @@ DOCUMENTATION = '''
             key: tls_port
       token:
         description: The logentries C(TCP token).
+        type: str
         env:
           - name: LOGENTRIES_ANSIBLE_TOKEN
         required: true

plugins/callback/logstash.py

@@ -20,6 +20,7 @@ DOCUMENTATION = r'''
     options:
       server:
         description: Address of the Logstash server.
+        type: str
         env:
           - name: LOGSTASH_SERVER
         ini:
@@ -29,6 +30,7 @@ DOCUMENTATION = r'''
         default: localhost
       port:
         description: Port on which logstash is listening.
+        type: int
         env:
             - name: LOGSTASH_PORT
         ini:
@@ -38,6 +40,7 @@ DOCUMENTATION = r'''
         default: 5000
       type:
         description: Message type.
+        type: str
         env:
           - name: LOGSTASH_TYPE
         ini:
@@ -47,6 +50,7 @@ DOCUMENTATION = r'''
         default: ansible
       pre_command:
         description: Executes command before run and its result is added to the C(ansible_pre_command_output) logstash field.
+        type: str
         version_added: 2.0.0
         ini:
           - section: callback_logstash

plugins/callback/opentelemetry.py

@@ -85,7 +85,6 @@ DOCUMENTATION = '''
             key: disable_attributes_in_logs
         version_added: 7.1.0
       store_spans_in_file:
-        default: None
         type: str
         description:
           -  It stores the exported spans in the given file
@@ -356,6 +355,7 @@ class OpenTelemetrySource(object):
         status = Status(status_code=StatusCode.OK)
         if host_data.status != 'included':
             # Support loops
+            enriched_error_message = None
             if 'results' in host_data.result._result:
                 if host_data.status == 'failed':
                     message = self.get_error_message_from_results(host_data.result._result['results'], task_data.action)

plugins/callback/slack.py

@@ -22,6 +22,7 @@ DOCUMENTATION = '''
       webhook_url:
         required: true
         description: Slack Webhook URL.
+        type: str
         env:
           - name: SLACK_WEBHOOK_URL
         ini:
@@ -30,6 +31,7 @@ DOCUMENTATION = '''
       channel:
         default: "#ansible"
         description: Slack room to post in.
+        type: str
         env:
           - name: SLACK_CHANNEL
         ini:
@@ -37,6 +39,7 @@ DOCUMENTATION = '''
             key: channel
       username:
         description: Username to post as.
+        type: str
         env:
           - name: SLACK_USERNAME
         default: ansible

plugins/callback/splunk.py

@@ -22,6 +22,7 @@ DOCUMENTATION = '''
     options:
       url:
         description: URL to the Splunk HTTP collector source.
+        type: str
         env:
           - name: SPLUNK_URL
         ini:
@@ -29,6 +30,7 @@ DOCUMENTATION = '''
             key: url
       authtoken:
         description: Token to authenticate the connection to the Splunk HTTP collector.
+        type: str
         env:
           - name: SPLUNK_AUTHTOKEN
         ini:

plugins/callback/sumologic.py

@@ -20,6 +20,7 @@ requirements:
 options:
   url:
     description: URL to the Sumologic HTTP collector source.
+    type: str
     env:
       - name: SUMOLOGIC_URL
     ini:

plugins/callback/syslog_json.py

@@ -19,6 +19,7 @@ DOCUMENTATION = '''
     options:
       server:
         description: Syslog server that will receive the event.
+        type: str
         env:
         - name: SYSLOG_SERVER
         default: localhost
@@ -27,6 +28,7 @@ DOCUMENTATION = '''
             key: syslog_server
       port:
         description: Port on which the syslog server is listening.
+        type: int
         env:
           - name: SYSLOG_PORT
         default: 514
@@ -35,6 +37,7 @@ DOCUMENTATION = '''
             key: syslog_port
       facility:
         description: Syslog facility to log as.
+        type: str
         env:
           - name: SYSLOG_FACILITY
         default: user

plugins/connection/chroot.py

@@ -20,6 +20,7 @@ DOCUMENTATION = '''
       remote_addr:
         description:
             - The path of the chroot you want to access.
+        type: string
         default: inventory_hostname
         vars:
             - name: inventory_hostname
@@ -27,6 +28,7 @@ DOCUMENTATION = '''
       executable:
         description:
             - User specified executable shell
+        type: string
         ini:
           - section: defaults
             key: executable
@@ -38,6 +40,7 @@ DOCUMENTATION = '''
       chroot_exe:
         description:
             - User specified chroot binary
+        type: string
         ini:
           - section: chroot_connection
             key: exe

plugins/connection/funcd.py

@@ -21,6 +21,7 @@ DOCUMENTATION = '''
       remote_addr:
         description:
             - The path of the chroot you want to access.
+        type: string
         default: inventory_hostname
         vars:
             - name: ansible_host

plugins/connection/incus.py

@@ -19,6 +19,7 @@ DOCUMENTATION = """
       remote_addr:
         description:
             - The instance identifier.
+        type: string
         default: inventory_hostname
         vars:
             - name: inventory_hostname
@@ -27,6 +28,7 @@ DOCUMENTATION = """
       executable:
         description:
             - The shell to use for execution inside the instance.
+        type: string
         default: /bin/sh
         vars:
             - name: ansible_executable
@@ -35,6 +37,7 @@ DOCUMENTATION = """
         description:
             - The name of the Incus remote to use (per C(incus remote list)).
             - Remotes are used to access multiple servers from a single client.
+        type: string
         default: local
         vars:
             - name: ansible_incus_remote
@@ -42,6 +45,7 @@ DOCUMENTATION = """
         description:
             - The name of the Incus project to use (per C(incus project list)).
             - Projects are used to divide the instances running on a server.
+        type: string
         default: default
         vars:
             - name: ansible_incus_project

plugins/connection/iocage.py

@@ -20,12 +20,14 @@ DOCUMENTATION = '''
       remote_addr:
         description:
             - Path to the jail
+        type: string
         vars:
             - name: ansible_host
             - name: ansible_iocage_host
       remote_user:
         description:
             - User to execute as inside the jail
+        type: string
         vars:
             - name: ansible_user
             - name: ansible_iocage_user

plugins/connection/jail.py

@@ -20,6 +20,7 @@ DOCUMENTATION = '''
       remote_addr:
         description:
             - Path to the jail
+        type: string
         default: inventory_hostname
         vars:
             - name: inventory_hostname
@@ -28,6 +29,7 @@ DOCUMENTATION = '''
       remote_user:
         description:
             - User to execute as inside the jail
+        type: string
         vars:
             - name: ansible_user
             - name: ansible_jail_user

plugins/connection/lxc.py

@@ -17,6 +17,7 @@ DOCUMENTATION = '''
       remote_addr:
         description:
             - Container identifier
+        type: string
         default: inventory_hostname
         vars:
             - name: inventory_hostname
@@ -26,6 +27,7 @@ DOCUMENTATION = '''
         default: /bin/sh
         description:
             - Shell executable
+        type: string
         vars:
             - name: ansible_executable
             - name: ansible_lxc_executable

plugins/connection/lxd.py

@@ -19,6 +19,7 @@ DOCUMENTATION = '''
             - Instance (container/VM) identifier.
             - Since community.general 8.0.0, a FQDN can be provided; in that case, the first component (the part before C(.))
               is used as the instance identifier.
+        type: string
         default: inventory_hostname
         vars:
             - name: inventory_hostname
@@ -27,6 +28,7 @@ DOCUMENTATION = '''
       executable:
         description:
             - Shell to use for execution inside instance.
+        type: string
         default: /bin/sh
         vars:
             - name: ansible_executable
@@ -34,6 +36,7 @@ DOCUMENTATION = '''
       remote:
         description:
             - Name of the LXD remote to use.
+        type: string
         default: local
         vars:
             - name: ansible_lxd_remote
@@ -41,6 +44,7 @@ DOCUMENTATION = '''
       project:
         description:
             - Name of the LXD project to use.
+        type: string
         vars:
             - name: ansible_lxd_project
         version_added: 2.0.0

plugins/connection/qubes.py

@@ -25,14 +25,16 @@ DOCUMENTATION = '''
     options:
       remote_addr:
         description:
-            - vm name
+            - VM name.
+        type: string
         default: inventory_hostname
         vars:
             - name: ansible_host
       remote_user:
         description:
-            - The user to execute as inside the vm.
-        default: The *user* account as default in Qubes OS.
+            - The user to execute as inside the VM.
+        type: string
+        default: The I(user) account as default in Qubes OS.
         vars:
             - name: ansible_user
 #        keyword:

plugins/connection/zone.py

@@ -16,11 +16,12 @@ DOCUMENTATION = '''
     name: zone
     short_description: Run tasks in a zone instance
     description:
-        - Run commands or put/fetch files to an existing zone
+        - Run commands or put/fetch files to an existing zone.
     options:
       remote_addr:
         description:
             - Zone identifier
+        type: string
         default: inventory_hostname
         vars:
             - name: ansible_host

plugins/doc_fragments/redis.py

@@ -49,6 +49,16 @@ options:
       - Path to root certificates file. If not set and O(tls) is
         set to V(true), certifi ca-certificates will be used.
     type: str
+  client_cert_file:
+    description:
+      - Path to the client certificate file.
+    type: str
+    version_added: 9.3.0
+  client_key_file:
+    description:
+      - Path to the client private key file.
+    type: str
+    version_added: 9.3.0
 requirements: [ "redis", "certifi" ]
 
 notes:

plugins/inventory/cobbler.py

@@ -21,20 +21,24 @@ DOCUMENTATION = '''
     options:
       plugin:
         description: The name of this plugin, it should always be set to V(community.general.cobbler) for this plugin to recognize it as it's own.
+        type: string
         required: true
         choices: [ 'cobbler', 'community.general.cobbler' ]
       url:
         description: URL to cobbler.
+        type: string
         default: 'http://cobbler/cobbler_api'
         env:
             - name: COBBLER_SERVER
       user:
         description: Cobbler authentication user.
+        type: string
         required: false
         env:
             - name: COBBLER_USER
       password:
         description: Cobbler authentication password.
+        type: string
         required: false
         env:
             - name: COBBLER_PASSWORD

plugins/inventory/linode.py

@@ -35,6 +35,7 @@ DOCUMENTATION = r'''
             version_added: 4.5.0
         plugin:
             description: Marks this as an instance of the 'linode' plugin.
+            type: string
             required: true
             choices: ['linode', 'community.general.linode']
         ip_style:
@@ -47,6 +48,7 @@ DOCUMENTATION = r'''
             version_added: 3.6.0
         access_token:
             description: The Linode account personal access token.
+            type: string
             required: true
             env:
                 - name: LINODE_ACCESS_TOKEN

plugins/inventory/lxd.py

@@ -20,6 +20,7 @@ DOCUMENTATION = r'''
     options:
         plugin:
             description: Token that ensures this is a source file for the 'lxd' plugin.
+            type: string
             required: true
             choices: [ 'community.general.lxd' ]
         url:
@@ -27,8 +28,8 @@ DOCUMENTATION = r'''
             - The unix domain socket path or the https URL for the lxd server.
             - Sockets in filesystem have to start with C(unix:).
             - Mostly C(unix:/var/lib/lxd/unix.socket) or C(unix:/var/snap/lxd/common/lxd/unix.socket).
+            type: string
             default: unix:/var/snap/lxd/common/lxd/unix.socket
-            type: str
         client_key:
             description:
             - The client certificate key file path.

plugins/inventory/nmap.py

@@ -20,6 +20,7 @@ DOCUMENTATION = '''
     options:
         plugin:
             description: token that ensures this is a source file for the 'nmap' plugin.
+            type: string
             required: true
             choices: ['nmap', 'community.general.nmap']
         sudo:
@@ -29,6 +30,7 @@ DOCUMENTATION = '''
             type: boolean
         address:
             description: Network IP or range of IPs to scan, you can use a simple range (10.2.2.15-25) or CIDR notation.
+            type: string
             required: true
             env:
                 - name: ANSIBLE_NMAP_ADDRESS
@@ -91,7 +93,7 @@ DOCUMENTATION = '''
             default: true
             version_added: 7.4.0
     notes:
-        - At least one of ipv4 or ipv6 is required to be True, both can be True, but they cannot both be False.
+        - At least one of O(ipv4) or O(ipv6) is required to be V(true); both can be V(true), but they cannot both be V(false).
         - 'TODO: add OS fingerprinting'
 '''
 EXAMPLES = '''

plugins/inventory/online.py

@@ -16,11 +16,13 @@ DOCUMENTATION = r'''
     options:
         plugin:
             description: token that ensures this is a source file for the 'online' plugin.
+            type: string
             required: true
             choices: ['online', 'community.general.online']
         oauth_token:
             required: true
             description: Online OAuth token.
+            type: string
             env:
                 # in order of precedence
                 - name: ONLINE_TOKEN

plugins/inventory/proxmox.py

@@ -362,6 +362,34 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             except Exception:
                 return None
 
+    def _get_lxc_interfaces(self, properties, node, vmid):
+        status_key = self._fact('status')
+
+        if status_key not in properties or not properties[status_key] == 'running':
+            return
+
+        ret = self._get_json("%s/api2/json/nodes/%s/lxc/%s/interfaces" % (self.proxmox_url, node, vmid), ignore_errors=[501])
+        if not ret:
+            return
+
+        result = []
+
+        for iface in ret:
+            result_iface = {
+                'name': iface['name'],
+                'hwaddr': iface['hwaddr']
+            }
+
+            if 'inet' in iface:
+                result_iface['inet'] = iface['inet']
+
+            if 'inet6' in iface:
+                result_iface['inet6'] = iface['inet6']
+
+            result.append(result_iface)
+
+        properties[self._fact('lxc_interfaces')] = result
+
     def _get_agent_network_interfaces(self, node, vmid, vmtype):
         result = []
 
@@ -526,6 +554,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             self._get_vm_config(properties, node, vmid, ittype, name)
             self._get_vm_snapshots(properties, node, vmid, ittype, name)
 
+            if ittype == 'lxc':
+                self._get_lxc_interfaces(properties, node, vmid)
+
         # ensure the host satisfies filters
         if not self._can_add_host(name, properties):
             return None

plugins/inventory/scaleway.py

@@ -20,6 +20,7 @@ DOCUMENTATION = r'''
         plugin:
             description: Token that ensures this is a source file for the 'scaleway' plugin.
             required: true
+            type: string
             choices: ['scaleway', 'community.general.scaleway']
         regions:
             description: Filter results on a specific Scaleway region.
@@ -46,6 +47,7 @@ DOCUMENTATION = r'''
             - If not explicitly defined or in environment variables, it will try to lookup in the scaleway-cli configuration file
               (C($SCW_CONFIG_PATH), C($XDG_CONFIG_HOME/scw/config.yaml), or C(~/.config/scw/config.yaml)).
             - More details on L(how to generate token, https://www.scaleway.com/en/docs/generate-api-keys/).
+            type: string
             env:
                 # in order of precedence
                 - name: SCW_TOKEN

plugins/inventory/stackpath_compute.py

@@ -24,6 +24,7 @@ DOCUMENTATION = '''
             description:
                 - A token that ensures this is a source file for the plugin.
             required: true
+            type: string
             choices: ['community.general.stackpath_compute']
         client_id:
             description:

plugins/inventory/virtualbox.py

@@ -22,6 +22,7 @@ DOCUMENTATION = '''
     options:
         plugin:
             description: token that ensures this is a source file for the 'virtualbox' plugin
+            type: string
             required: true
             choices: ['virtualbox', 'community.general.virtualbox']
         running_only:
@@ -30,8 +31,10 @@ DOCUMENTATION = '''
             default: false
         settings_password_file:
             description: provide a file containing the settings password (equivalent to --settingspwfile)
+            type: string
         network_info_path:
             description: property path to query for network information (ansible_host)
+            type: string
             default: "/VirtualBox/GuestInfo/Net/0/V4/IP"
         query:
             description: create vars from virtualbox properties

plugins/lookup/chef_databag.py

@@ -22,10 +22,12 @@ DOCUMENTATION = '''
         name:
           description:
             - Name of the databag
+          type: string
           required: true
         item:
           description:
             - Item to fetch
+          type: string
           required: true
 '''
 

plugins/lookup/consul_kv.py

@@ -29,13 +29,17 @@ DOCUMENTATION = '''
       index:
         description:
           - If the key has a value with the specified index then this is returned allowing access to historical values.
+        type: int
       datacenter:
         description:
           - Retrieve the key from a consul datacenter other than the default for the consul host.
+        type: str
       token:
         description: The acl token to allow access to restricted values.
+        type: str
       host:
         default: localhost
+        type: str
         description:
           - The target to connect to, must be a resolvable address.
           - Will be determined from E(ANSIBLE_CONSUL_URL) if that is set.
@@ -46,22 +50,26 @@ DOCUMENTATION = '''
         description:
           - The port of the target host to connect to.
           - If you use E(ANSIBLE_CONSUL_URL) this value will be used from there.
+        type: int
         default: 8500
       scheme:
         default: http
+        type: str
         description:
           - Whether to use http or https.
           - If you use E(ANSIBLE_CONSUL_URL) this value will be used from there.
       validate_certs:
         default: true
-        description: Whether to verify the ssl connection or not.
+        description: Whether to verify the TLS connection or not.
+        type: bool
         env:
           - name: ANSIBLE_CONSUL_VALIDATE_CERTS
         ini:
           - section: lookup_consul
             key: validate_certs
       client_cert:
-        description: The client cert to verify the ssl connection.
+        description: The client cert to verify the TLS connection.
+        type: str
         env:
           - name: ANSIBLE_CONSUL_CLIENT_CERT
         ini:
@@ -94,7 +102,7 @@ EXAMPLES = """
 
   - name: retrieving a KV from a remote cluster on non default port
     ansible.builtin.debug:
-      msg: "{{ lookup('community.general.consul_kv', 'my/key', host='10.10.10.10', port='2000') }}"
+      msg: "{{ lookup('community.general.consul_kv', 'my/key', host='10.10.10.10', port=2000) }}"
 """
 
 RETURN = """

plugins/lookup/cyberarkpassword.py

@@ -17,19 +17,23 @@ DOCUMENTATION = '''
     options :
       _command:
         description: Cyberark CLI utility.
+        type: string
         env:
           - name: AIM_CLIPASSWORDSDK_CMD
         default: '/opt/CARKaim/sdk/clipasswordsdk'
       appid:
         description: Defines the unique ID of the application that is issuing the password request.
+        type: string
         required: true
       query:
         description: Describes the filter criteria for the password retrieval.
+        type: string
         required: true
       output:
         description:
           - Specifies the desired output fields separated by commas.
           - "They could be: Password, PassProps.<property>, PasswordChangeInProcess"
+        type: string
         default: 'password'
       _extra:
         description: for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"

plugins/lookup/dsv.py

@@ -22,6 +22,7 @@ options:
         required: true
     tenant:
         description: The first format parameter in the default O(url_template).
+        type: string
         env:
             - name: DSV_TENANT
         ini:
@@ -32,6 +33,7 @@ options:
         default: com
         description: The top-level domain of the tenant; the second format
             parameter in the default O(url_template).
+        type: string
         env:
             - name: DSV_TLD
         ini:
@@ -40,6 +42,7 @@ options:
         required: false
     client_id:
         description: The client_id with which to request the Access Grant.
+        type: string
         env:
             - name: DSV_CLIENT_ID
         ini:
@@ -48,6 +51,7 @@ options:
         required: true
     client_secret:
         description: The client secret associated with the specific O(client_id).
+        type: string
         env:
             - name: DSV_CLIENT_SECRET
         ini:
@@ -58,6 +62,7 @@ options:
         default: https://{}.secretsvaultcloud.{}/v1
         description: The path to prepend to the base URL to form a valid REST
             API request.
+        type: string
         env:
             - name: DSV_URL_TEMPLATE
         ini:

plugins/lookup/etcd.py

@@ -25,12 +25,14 @@ DOCUMENTATION = '''
         url:
             description:
                 - Environment variable with the URL for the etcd server
+            type: string
             default: 'http://127.0.0.1:4001'
             env:
               - name: ANSIBLE_ETCD_URL
         version:
             description:
                 - Environment variable with the etcd protocol version
+            type: string
             default: 'v1'
             env:
               - name: ANSIBLE_ETCD_VERSION

plugins/lookup/filetree.py

@@ -17,8 +17,10 @@ description:
   This enables merging different trees in order of importance, or add role_vars to specific paths to influence different instances of the same role.
 options:
   _terms:
-    description: path(s) of files to read
+    description: Path(s) of files to read.
     required: true
+    type: list
+    elements: string
 '''
 
 EXAMPLES = r"""

plugins/lookup/hiera.py

@@ -25,12 +25,14 @@ DOCUMENTATION = '''
       executable:
             description:
                 - Binary file to execute Hiera.
+            type: string
             default: '/usr/bin/hiera'
             env:
                 - name: ANSIBLE_HIERA_BIN
       config_file:
             description:
                 - File that describes the hierarchy of Hiera.
+            type: string
             default: '/etc/hiera.yaml'
             env:
                 - name: ANSIBLE_HIERA_CFG

plugins/lookup/onepassword.py

@@ -23,6 +23,8 @@ DOCUMENTATION = '''
       _terms:
         description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
         required: true
+        type: list
+        elements: string
       account_id:
         version_added: 7.5.0
       domain:

plugins/lookup/onepassword_doc.py

@@ -24,6 +24,8 @@ DOCUMENTATION = '''
       _terms:
         description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
         required: true
+        type: list
+        elements: string
 
     extends_documentation_fragment:
       - community.general.onepassword

plugins/lookup/onepassword_raw.py

@@ -23,6 +23,8 @@ DOCUMENTATION = '''
       _terms:
         description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
         required: true
+        type: list
+        elements: string
       account_id:
         version_added: 7.5.0
       domain:

plugins/lookup/passwordstore.py

@@ -42,8 +42,9 @@ DOCUMENTATION = '''
         default: false
       umask:
         description:
-          - Sets the umask for the created .gpg files. The first octed must be greater than 3 (user readable).
+          - Sets the umask for the created V(.gpg) files. The first octed must be greater than 3 (user readable).
           - Note pass' default value is V('077').
+        type: string
         env:
           - name: PASSWORD_STORE_UMASK
         version_added: 1.3.0
@@ -468,7 +469,8 @@ class LookupModule(LookupBase):
     def opt_lock(self, type):
         if self.get_option('lock') == type:
             tmpdir = os.environ.get('TMPDIR', '/tmp')
-            lockfile = os.path.join(tmpdir, '.passwordstore.lock')
+            user = os.environ.get('USER')
+            lockfile = os.path.join(tmpdir, '.{0}.passwordstore.lock'.format(user))
             with FileLock().lock_file(lockfile, tmpdir, self.lock_timeout):
                 self.locked = type
                 yield

plugins/lookup/redis.py

@@ -19,8 +19,11 @@ DOCUMENTATION = '''
     options:
       _terms:
         description: list of keys to query
+        type: list
+        elements: string
       host:
         description: location of Redis host
+        type: string
         default: '127.0.0.1'
         env:
           - name: ANSIBLE_REDIS_HOST

plugins/lookup/shelvefile.py

@@ -15,11 +15,15 @@ DOCUMENTATION = '''
     options:
       _terms:
         description: Sets of key value pairs of parameters.
+        type: list
+        elements: str
       key:
         description: Key to query.
+        type: str
         required: true
       file:
         description: Path to shelve file.
+        type: path
         required: true
 '''
 

plugins/lookup/tss.py

@@ -25,7 +25,8 @@ options:
     _terms:
         description: The integer ID of the secret.
         required: true
-        type: int
+        type: list
+        elements: int
     secret_path:
         description: Indicate a full path of secret including folder and secret name when the secret ID is set to 0.
         required: false
@@ -52,6 +53,7 @@ options:
         version_added: 7.0.0
     base_url:
         description: The base URL of the server, for example V(https://localhost/SecretServer).
+        type: string
         env:
             - name: TSS_BASE_URL
         ini:
@@ -60,6 +62,7 @@ options:
         required: true
     username:
         description: The username with which to request the OAuth2 Access Grant.
+        type: string
         env:
             - name: TSS_USERNAME
         ini:
@@ -69,6 +72,7 @@ options:
         description:
             - The password associated with the supplied username.
             - Required when O(token) is not provided.
+        type: string
         env:
             - name: TSS_PASSWORD
         ini:
@@ -80,6 +84,7 @@ options:
           - The domain with which to request the OAuth2 Access Grant.
           - Optional when O(token) is not provided.
           - Requires C(python-tss-sdk) version 1.0.0 or greater.
+        type: string
         env:
             - name: TSS_DOMAIN
         ini:
@@ -92,6 +97,7 @@ options:
           - Existing token for Thycotic authorizer.
           - If provided, O(username) and O(password) are not needed.
           - Requires C(python-tss-sdk) version 1.0.0 or greater.
+        type: string
         env:
             - name: TSS_TOKEN
         ini:
@@ -102,6 +108,7 @@ options:
         default: /api/v1
         description: The path to append to the base URL to form a valid REST
             API request.
+        type: string
         env:
             - name: TSS_API_PATH_URI
         required: false
@@ -109,6 +116,7 @@ options:
         default: /oauth2/token
         description: The path to append to the base URL to form a valid OAuth2
             Access Grant request.
+        type: string
         env:
             - name: TSS_TOKEN_PATH_URI
         required: false

plugins/module_utils/homebrew.py

@@ -113,3 +113,30 @@ class HomebrewValidate(object):
         return isinstance(
             package, string_types
         ) and not cls.INVALID_PACKAGE_REGEX.search(package)
+
+
+def parse_brew_path(module):
+    # type: (...) -> str
+    """Attempt to find the Homebrew executable path.
+
+    Requires:
+        - module has a `path` parameter
+        - path is a valid path string for the target OS. Otherwise, module.fail_json()
+          is called with msg="Invalid_path: <path>".
+    """
+    path = module.params["path"]
+    if not HomebrewValidate.valid_path(path):
+        module.fail_json(msg="Invalid path: {0}".format(path))
+
+    if isinstance(path, string_types):
+        paths = path.split(":")
+    elif isinstance(path, list):
+        paths = path
+    else:
+        module.fail_json(msg="Invalid path: {0}".format(path))
+
+    brew_path = module.get_bin_path("brew", required=True, opt_dirs=paths)
+    if not HomebrewValidate.valid_brew_path(brew_path):
+        module.fail_json(msg="Invalid brew path: {0}".format(brew_path))
+
+    return brew_path

plugins/module_utils/identity/keycloak/keycloak.py

@@ -19,6 +19,7 @@ from ansible.module_utils.common.text.converters import to_native, to_text
 URL_REALM_INFO = "{url}/realms/{realm}"
 URL_REALMS = "{url}/admin/realms"
 URL_REALM = "{url}/admin/realms/{realm}"
+URL_REALM_KEYS_METADATA = "{url}/admin/realms/{realm}/keys"
 
 URL_TOKEN = "{url}/realms/{realm}/protocol/openid-connect/token"
 URL_CLIENT = "{url}/admin/realms/{realm}/clients/{id}"
@@ -306,6 +307,37 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='Could not obtain realm %s: %s' % (realm, str(e)),
                                   exception=traceback.format_exc())
 
+    def get_realm_keys_metadata_by_id(self, realm='master'):
+        """Obtain realm public info by id
+
+        :param realm: realm id
+
+        :return: None, or a 'KeysMetadataRepresentation'
+                 (https://www.keycloak.org/docs-api/latest/rest-api/index.html#KeysMetadataRepresentation)
+                 -- a dict containing the keys 'active' and 'keys', the former containing a mapping
+                 from algorithms to key-ids, the latter containing a list of dicts with key
+                 information.
+        """
+        realm_keys_metadata_url = URL_REALM_KEYS_METADATA.format(url=self.baseurl, realm=realm)
+
+        try:
+            return json.loads(to_native(open_url(realm_keys_metadata_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,
+                                                 timeout=self.connection_timeout,
+                                                 validate_certs=self.validate_certs).read()))
+
+        except HTTPError as e:
+            if e.code == 404:
+                return None
+            else:
+                self.fail_open_url(e, msg='Could not obtain realm %s: %s' % (realm, str(e)),
+                                   exception=traceback.format_exc())
+        except ValueError as e:
+            self.module.fail_json(msg='API returned incorrect JSON when trying to obtain realm %s: %s' % (realm, str(e)),
+                                  exception=traceback.format_exc())
+        except Exception as e:
+            self.module.fail_json(msg='Could not obtain realm %s: %s' % (realm, str(e)),
+                                  exception=traceback.format_exc())
+
     def get_realm_by_id(self, realm='master'):
         """ Obtain realm representation by id
 

plugins/module_utils/ilo_redfish_utils.py

@@ -29,6 +29,7 @@ class iLORedfishUtils(RedfishUtils):
         result['ret'] = True
         data = response['data']
 
+        current_session = None
         if 'Oem' in data:
             if data["Oem"]["Hpe"]["Links"]["MySession"]["@odata.id"]:
                 current_session = data["Oem"]["Hpe"]["Links"]["MySession"]["@odata.id"]

plugins/module_utils/pipx.py

@@ -28,7 +28,6 @@ def pipx_runner(module, command, **kwargs):
         module,
         command=command,
         arg_formats=dict(
-
             state=fmt.as_map(_state_map),
             name=fmt.as_list(),
             name_source=fmt.as_func(fmt.unpack_args(lambda n, s: [s] if s else [n])),
@@ -43,6 +42,7 @@ def pipx_runner(module, command, **kwargs):
             _list=fmt.as_fixed(['list', '--include-injected', '--json']),
             editable=fmt.as_bool("--editable"),
             pip_args=fmt.as_opt_eq_val('--pip-args'),
+            suffix=fmt.as_opt_val('--suffix'),
         ),
         environ_update={'USE_EMOJI': '0'},
         check_rc=True,

plugins/module_utils/redis.py

@@ -57,7 +57,9 @@ def redis_auth_argument_spec(tls_default=True):
         validate_certs=dict(type='bool',
                             default=True
                             ),
-        ca_certs=dict(type='str')
+        ca_certs=dict(type='str'),
+        client_cert_file=dict(type='str'),
+        client_key_file=dict(type='str'),
     )
 
 
@@ -71,6 +73,8 @@ def redis_auth_params(module):
     ca_certs = module.params['ca_certs']
     if tls and ca_certs is None:
         ca_certs = str(certifi.where())
+    client_cert_file = module.params['client_cert_file']
+    client_key_file = module.params['client_key_file']
     if tuple(map(int, redis_version.split('.'))) < (3, 4, 0) and login_user is not None:
         module.fail_json(
             msg='The option `username` in only supported with redis >= 3.4.0.')
@@ -78,6 +82,8 @@ def redis_auth_params(module):
               'port': login_port,
               'password': login_password,
               'ssl_ca_certs': ca_certs,
+              'ssl_certfile': client_cert_file,
+              'ssl_keyfile': client_key_file,
               'ssl_cert_reqs': validate_certs,
               'ssl': tls}
     if login_user is not None:

plugins/modules/aix_inittab.py

@@ -192,6 +192,7 @@ def main():
     rmitab = module.get_bin_path('rmitab')
     chitab = module.get_bin_path('chitab')
     rc = 0
+    err = None
 
     # check if the new entry exists
     current_entry = check_current_entry(module)

plugins/modules/bootc_manage.py

@@ -0,0 +1,95 @@
+#!/usr/bin/python
+
+# Copyright (c) 2024, Ryan Cook <rcook@redhat.com>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt
+# or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: bootc_manage
+version_added: 9.3.0
+author:
+- Ryan Cook (@cooktheryan)
+short_description: Bootc Switch and Upgrade
+description:
+    - This module manages the switching and upgrading of C(bootc).
+options:
+    state:
+        description:
+            - 'Control to apply the latest image or switch the image.'
+            - 'B(Note:) This will not reboot the system.'
+            - 'Please use M(ansible.builtin.reboot) to reboot the system.'
+        required: true
+        type: str
+        choices: ['switch', 'latest']
+    image:
+        description:
+            - 'The image to switch to.'
+            - 'This is required when O(state=switch).'
+        required: false
+        type: str
+
+'''
+
+EXAMPLES = '''
+# Switch to a different image
+- name: Provide image to switch to a different image and retain the current running image
+  community.general.bootc_manage:
+    state: switch
+    image: "example.com/image:latest"
+
+# Apply updates of the current running image
+- name: Apply updates of the current running image
+  community.general.bootc_manage:
+    state: latest
+'''
+
+RETURN = '''
+'''
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.common.locale import get_best_parsable_locale
+
+
+def main():
+    argument_spec = dict(
+        state=dict(type='str', required=True, choices=['switch', 'latest']),
+        image=dict(type='str', required=False),
+    )
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        required_if=[
+            ('state', 'switch', ['image']),
+        ],
+    )
+
+    state = module.params['state']
+    image = module.params['image']
+
+    if state == 'switch':
+        command = ['bootc', 'switch', image, '--retain']
+    elif state == 'latest':
+        command = ['bootc', 'upgrade']
+
+    locale = get_best_parsable_locale(module)
+    module.run_command_environ_update = dict(LANG=locale, LC_ALL=locale, LC_MESSAGES=locale, LC_CTYPE=locale, LANGUAGE=locale)
+    rc, stdout, err = module.run_command(command, check_rc=True)
+
+    if 'Queued for next boot: ' in stdout:
+        result = {'changed': True, 'stdout': stdout}
+        module.exit_json(**result)
+    elif 'No changes in ' in stdout or 'Image specification is unchanged.' in stdout:
+        result = {'changed': False, 'stdout': stdout}
+        module.exit_json(**result)
+    else:
+        result = {'changed': False, 'stderr': err}
+        module.fail_json(msg='ERROR: Command execution failed.', **result)
+
+
+if __name__ == '__main__':
+    main()

plugins/modules/cronvar.py

@@ -183,6 +183,7 @@ class CronVar(object):
             fileh = open(backup_file, 'w')
         elif self.cron_file:
             fileh = open(self.cron_file, 'w')
+            path = None
         else:
             filed, path = tempfile.mkstemp(prefix='crontab')
             fileh = os.fdopen(filed, 'w')

plugins/modules/gconftool2.py

@@ -127,9 +127,8 @@ class GConftool(StateModuleHelper):
 
     def __init_module__(self):
         self.runner = gconftool2_runner(self.module, check_rc=True)
-        if self.vars.state != "get":
-            if not self.vars.direct and self.vars.config_source is not None:
-                self.module.fail_json(msg='If the "config_source" is specified then "direct" must be "true"')
+        if not self.vars.direct and self.vars.config_source is not None:
+            self.do_raise('If the "config_source" is specified then "direct" must be "true"')
 
         self.vars.set('previous_value', self._get(), fact=True)
         self.vars.set('value_type', self.vars.value_type)
@@ -140,7 +139,7 @@ class GConftool(StateModuleHelper):
     def _make_process(self, fail_on_err):
         def process(rc, out, err):
             if err and fail_on_err:
-                self.ansible.fail_json(msg='gconftool-2 failed with error: %s' % (str(err)))
+                self.do_raise('gconftool-2 failed with error:\n%s' % err.strip())
             out = out.rstrip()
             self.vars.value = None if out == "" else out
             return self.vars.value
@@ -152,16 +151,14 @@ class GConftool(StateModuleHelper):
     def state_absent(self):
         with self.runner("state key", output_process=self._make_process(False)) as ctx:
             ctx.run()
-            if self.verbosity >= 4:
-                self.vars.run_info = ctx.run_info
+            self.vars.set('run_info', ctx.run_info, verbosity=4)
         self.vars.set('new_value', None, fact=True)
         self.vars._value = None
 
     def state_present(self):
         with self.runner("direct config_source value_type state key value", output_process=self._make_process(True)) as ctx:
             ctx.run()
-            if self.verbosity >= 4:
-                self.vars.run_info = ctx.run_info
+            self.vars.set('run_info', ctx.run_info, verbosity=4)
         self.vars.set('new_value', self._get(), fact=True)
         self.vars._value = self.vars.new_value
 

plugins/modules/gitlab_project.py

@@ -180,6 +180,14 @@ options:
       - Supports project's default branch update since community.general 8.0.0.
     type: str
     version_added: "4.2.0"
+  repository_access_level:
+    description:
+      - V(private) means that accessing repository is allowed only to project members.
+      - V(disabled) means that accessing repository is disabled.
+      - V(enabled) means that accessing repository is enabled.
+    type: str
+    choices: ["private", "disabled", "enabled"]
+    version_added: "9.3.0"
   builds_access_level:
     description:
       - V(private) means that repository CI/CD is allowed only to project members.
@@ -259,6 +267,62 @@ options:
     type: list
     elements: str
     version_added: "6.6.0"
+  container_expiration_policy:
+    description:
+      - Project cleanup policy for its container registry.
+    type: dict
+    suboptions:
+      cadence:
+        description:
+          - How often cleanup should be run.
+        type: str
+        choices: ["1d", "7d", "14d", "1month", "3month"]
+      enabled:
+        description:
+          - Enable the cleanup policy.
+        type: bool
+      keep_n:
+        description:
+          - Number of tags kept per image name.
+          - V(0) clears the field.
+        type: int
+        choices: [0, 1, 5, 10, 25, 50, 100]
+      older_than:
+        description:
+          - Destroy tags older than this.
+          - V(0d) clears the field.
+        type: str
+        choices: ["0d", "7d", "14d", "30d", "90d"]
+      name_regex:
+        description:
+          - Destroy tags matching this regular expression.
+        type: str
+      name_regex_keep:
+        description:
+          - Keep tags matching this regular expression.
+        type: str
+    version_added: "9.3.0"
+  pages_access_level:
+    description:
+      - V(private) means that accessing pages tab is allowed only to project members.
+      - V(disabled) means that accessing pages tab is disabled.
+      - V(enabled) means that accessing pages tab is enabled.
+    type: str
+    choices: ["private", "disabled", "enabled"]
+    version_added: "9.3.0"
+  service_desk_enabled:
+    description:
+      - Enable Service Desk.
+    type: bool
+    version_added: "9.3.0"
+  model_registry_access_level:
+    description:
+      - V(private) means that accessing model registry tab is allowed only to project members.
+      - V(disabled) means that accessing model registry tab is disabled.
+      - V(enabled) means that accessing model registry tab is enabled.
+    type: str
+    choices: ["private", "disabled", "enabled"]
+    version_added: "9.3.0"
 '''
 
 EXAMPLES = r'''
@@ -375,6 +439,7 @@ class GitLabProject(object):
             'squash_option': options['squash_option'],
             'ci_config_path': options['ci_config_path'],
             'shared_runners_enabled': options['shared_runners_enabled'],
+            'repository_access_level': options['repository_access_level'],
             'builds_access_level': options['builds_access_level'],
             'forking_access_level': options['forking_access_level'],
             'container_registry_access_level': options['container_registry_access_level'],
@@ -384,6 +449,10 @@ class GitLabProject(object):
             'infrastructure_access_level': options['infrastructure_access_level'],
             'monitor_access_level': options['monitor_access_level'],
             'security_and_compliance_access_level': options['security_and_compliance_access_level'],
+            'container_expiration_policy': options['container_expiration_policy'],
+            'pages_access_level': options['pages_access_level'],
+            'service_desk_enabled': options['service_desk_enabled'],
+            'model_registry_access_level': options['model_registry_access_level'],
         }
 
         # topics was introduced on gitlab >=14 and replace tag_list. We get current gitlab version
@@ -471,7 +540,20 @@ class GitLabProject(object):
         for arg_key, arg_value in arguments.items():
             if arguments[arg_key] is not None:
                 if getattr(project, arg_key) != arguments[arg_key]:
-                    setattr(project, arg_key, arguments[arg_key])
+                    if arg_key == 'container_expiration_policy':
+                        old_val = getattr(project, arg_key)
+                        final_val = {key: value for key, value in arg_value.items() if value is not None}
+
+                        if final_val.get('older_than') == '0d':
+                            final_val['older_than'] = None
+                        if final_val.get('keep_n') == 0:
+                            final_val['keep_n'] = None
+
+                        if all(old_val.get(key) == value for key, value in final_val.items()):
+                            continue
+                        setattr(project, 'container_expiration_policy_attributes', final_val)
+                    else:
+                        setattr(project, arg_key, arg_value)
                     changed = True
 
         return (changed, project)
@@ -526,6 +608,7 @@ def main():
         ci_config_path=dict(type='str'),
         shared_runners_enabled=dict(type='bool'),
         avatar_path=dict(type='path'),
+        repository_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
         builds_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
         forking_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
         container_registry_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
@@ -536,6 +619,17 @@ def main():
         monitor_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
         security_and_compliance_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
         topics=dict(type='list', elements='str'),
+        container_expiration_policy=dict(type='dict', default=None, options=dict(
+            cadence=dict(type='str', choices=["1d", "7d", "14d", "1month", "3month"]),
+            enabled=dict(type='bool'),
+            keep_n=dict(type='int', choices=[0, 1, 5, 10, 25, 50, 100]),
+            older_than=dict(type='str', choices=["0d", "7d", "14d", "30d", "90d"]),
+            name_regex=dict(type='str'),
+            name_regex_keep=dict(type='str'),
+        )),
+        pages_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
+        service_desk_enabled=dict(type='bool'),
+        model_registry_access_level=dict(type='str', choices=['private', 'disabled', 'enabled']),
     ))
 
     module = AnsibleModule(
@@ -585,6 +679,7 @@ def main():
     shared_runners_enabled = module.params['shared_runners_enabled']
     avatar_path = module.params['avatar_path']
     default_branch = module.params['default_branch']
+    repository_access_level = module.params['repository_access_level']
     builds_access_level = module.params['builds_access_level']
     forking_access_level = module.params['forking_access_level']
     container_registry_access_level = module.params['container_registry_access_level']
@@ -595,6 +690,10 @@ def main():
     monitor_access_level = module.params['monitor_access_level']
     security_and_compliance_access_level = module.params['security_and_compliance_access_level']
     topics = module.params['topics']
+    container_expiration_policy = module.params['container_expiration_policy']
+    pages_access_level = module.params['pages_access_level']
+    service_desk_enabled = module.params['service_desk_enabled']
+    model_registry_access_level = module.params['model_registry_access_level']
 
     # Set project_path to project_name if it is empty.
     if project_path is None:
@@ -633,7 +732,7 @@ def main():
         if project_exists:
             gitlab_project.delete_project()
             module.exit_json(changed=True, msg="Successfully deleted project %s" % project_name)
-        module.exit_json(changed=False, msg="Project deleted or does not exists")
+        module.exit_json(changed=False, msg="Project deleted or does not exist")
 
     if state == 'present':
 
@@ -659,6 +758,7 @@ def main():
             "ci_config_path": ci_config_path,
             "shared_runners_enabled": shared_runners_enabled,
             "avatar_path": avatar_path,
+            "repository_access_level": repository_access_level,
             "builds_access_level": builds_access_level,
             "forking_access_level": forking_access_level,
             "container_registry_access_level": container_registry_access_level,
@@ -669,6 +769,10 @@ def main():
             "monitor_access_level": monitor_access_level,
             "security_and_compliance_access_level": security_and_compliance_access_level,
             "topics": topics,
+            "container_expiration_policy": container_expiration_policy,
+            "pages_access_level": pages_access_level,
+            "service_desk_enabled": service_desk_enabled,
+            "model_registry_access_level": model_registry_access_level,
         }):
 
             module.exit_json(changed=True, msg="Successfully created or updated the project %s" % project_name, project=gitlab_project.project_object._attrs)

plugins/modules/gitlab_runner.py

@@ -466,6 +466,7 @@ def main():
     state = module.params['state']
     runner_description = module.params['description']
     runner_active = module.params['active']
+    runner_paused = module.params['paused']
     tag_list = module.params['tag_list']
     run_untagged = module.params['run_untagged']
     runner_locked = module.params['locked']
@@ -500,7 +501,7 @@ def main():
             module.exit_json(changed=False, msg="Runner deleted or does not exists")
 
     if state == 'present':
-        if gitlab_runner.create_or_update_runner(runner_description, {
+        runner_values = {
             "active": runner_active,
             "tag_list": tag_list,
             "run_untagged": run_untagged,
@@ -510,7 +511,11 @@ def main():
             "registration_token": registration_token,
             "group": group,
             "project": project,
-        }):
+        }
+        if LooseVersion(gitlab_runner._gitlab.version()[0]) >= LooseVersion("14.8.0"):
+            # the paused attribute for runners is available since 14.8
+            runner_values["paused"] = runner_paused
+        if gitlab_runner.create_or_update_runner(runner_description, runner_values):
             module.exit_json(changed=True, runner=gitlab_runner.runner_object._attrs,
                              msg="Successfully created or updated the runner %s" % runner_description)
         else:

plugins/modules/haproxy.py

@@ -65,9 +65,8 @@ options:
   state:
     description:
       - Desired state of the provided backend host.
-      - Note that V(drain) state was added in version 2.4.
-      - It is supported only by HAProxy version 1.5 or later,
-      - When used on versions < 1.5, it will be ignored.
+      - Note that V(drain) state is supported only by HAProxy version 1.5 or later.
+        When used on versions < 1.5, it will be ignored.
     type: str
     required: true
     choices: [ disabled, drain, enabled ]

plugins/modules/homebrew_cask.py

@@ -534,7 +534,12 @@ class HomebrewCask(object):
             rc, out, err = self.module.run_command(cmd)
 
         if rc == 0:
-            if re.search(r'==> No Casks to upgrade', out.strip(), re.IGNORECASE):
+            # 'brew upgrade --cask' does not output anything if no casks are upgraded
+            if not out.strip():
+                self.message = 'Homebrew casks already upgraded.'
+
+            # handle legacy 'brew cask upgrade'
+            elif re.search(r'==> No Casks to upgrade', out.strip(), re.IGNORECASE):
                 self.message = 'Homebrew casks already upgraded.'
 
             else:

plugins/modules/homebrew_services.py

@@ -0,0 +1,256 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2013, Andrew Dunham <andrew@du.nham.ca>
+# Copyright (c) 2013, Daniel Jaouen <dcj24@cornell.edu>
+# Copyright (c) 2015, Indrajit Raychaudhuri <irc+code@indrajit.com>
+# Copyright (c) 2024, Kit Ham <kitizz.devside@gmail.com>
+#
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+DOCUMENTATION = """
+---
+module: homebrew_services
+author:
+    - "Kit Ham (@kitizz)"
+requirements:
+    - homebrew must already be installed on the target system
+short_description: Services manager for Homebrew
+version_added: 9.3.0
+description:
+    - Manages daemons and services via Homebrew.
+extends_documentation_fragment:
+    - community.general.attributes
+attributes:
+    check_mode:
+        support: full
+    diff_mode:
+        support: none
+options:
+    name:
+        description:
+            - An installed homebrew package whose service is to be updated.
+        aliases: [ 'formula' ]
+        type: str
+        required: true
+    path:
+        description:
+            - "A V(:) separated list of paths to search for C(brew) executable.
+              Since a package (I(formula) in homebrew parlance) location is prefixed relative to the actual path of C(brew) command,
+              providing an alternative C(brew) path enables managing different set of packages in an alternative location in the system."
+        default: '/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin'
+        type: path
+    state:
+        description:
+            - State of the package's service.
+        choices: [ 'present', 'absent', 'restarted' ]
+        default: present
+        type: str
+"""
+
+EXAMPLES = """
+- name: Install foo package
+  community.general.homebrew:
+    name: foo
+    state: present
+
+- name: Start the foo service (equivalent to `brew services start foo`)
+  community.general.homebrew_service:
+    name: foo
+    state: present
+
+- name: Restart the foo service (equivalent to `brew services restart foo`)
+  community.general.homebrew_service:
+    name: foo
+    state: restarted
+
+- name: Remove the foo service (equivalent to `brew services stop foo`)
+  community.general.homebrew_service:
+    name: foo
+    service_state: absent
+"""
+
+RETURN = """
+pid:
+    description:
+      - If the service is now running, this is the PID of the service, otherwise -1.
+    returned: success
+    type: int
+    sample: 1234
+running:
+    description:
+      - Whether the service is running after running this command.
+    returned: success
+    type: bool
+    sample: true
+"""
+
+import json
+import sys
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.general.plugins.module_utils.homebrew import (
+    HomebrewValidate,
+    parse_brew_path,
+)
+
+if sys.version_info < (3, 5):
+    from collections import namedtuple
+
+    # Stores validated arguments for an instance of an action.
+    # See DOCUMENTATION string for argument-specific information.
+    HomebrewServiceArgs = namedtuple(
+        "HomebrewServiceArgs", ["name", "state", "brew_path"]
+    )
+
+    # Stores the state of a Homebrew service.
+    HomebrewServiceState = namedtuple("HomebrewServiceState", ["running", "pid"])
+
+else:
+    from typing import NamedTuple, Optional
+
+    # Stores validated arguments for an instance of an action.
+    # See DOCUMENTATION string for argument-specific information.
+    HomebrewServiceArgs = NamedTuple(
+        "HomebrewServiceArgs", [("name", str), ("state", str), ("brew_path", str)]
+    )
+
+    # Stores the state of a Homebrew service.
+    HomebrewServiceState = NamedTuple(
+        "HomebrewServiceState", [("running", bool), ("pid", Optional[int])]
+    )
+
+
+def _brew_service_state(args, module):
+    # type: (HomebrewServiceArgs, AnsibleModule) -> HomebrewServiceState
+    cmd = [args.brew_path, "services", "info", args.name, "--json"]
+    rc, stdout, stderr = module.run_command(cmd, check_rc=True)
+
+    try:
+        data = json.loads(stdout)[0]
+    except json.JSONDecodeError:
+        module.fail_json(msg="Failed to parse JSON output:\n{0}".format(stdout))
+
+    return HomebrewServiceState(running=data["status"] == "started", pid=data["pid"])
+
+
+def _exit_with_state(args, module, changed=False, message=None):
+    # type: (HomebrewServiceArgs, AnsibleModule, bool, Optional[str]) -> None
+    state = _brew_service_state(args, module)
+    if message is None:
+        message = (
+            "Running: {state.running}, Changed: {changed}, PID: {state.pid}".format(
+                state=state, changed=changed
+            )
+        )
+    module.exit_json(msg=message, pid=state.pid, running=state.running, changed=changed)
+
+
+def validate_and_load_arguments(module):
+    # type: (AnsibleModule) -> HomebrewServiceArgs
+    """Reuse the Homebrew module's validation logic to validate these arguments."""
+    package = module.params["name"]  # type: ignore
+    if not HomebrewValidate.valid_package(package):
+        module.fail_json(msg="Invalid package name: {0}".format(package))
+
+    state = module.params["state"]  # type: ignore
+    if state not in ["present", "absent", "restarted"]:
+        module.fail_json(msg="Invalid state: {0}".format(state))
+
+    brew_path = parse_brew_path(module)
+
+    return HomebrewServiceArgs(name=package, state=state, brew_path=brew_path)
+
+
+def start_service(args, module):
+    # type: (HomebrewServiceArgs, AnsibleModule) -> None
+    """Start the requested brew service if it is not already running."""
+    state = _brew_service_state(args, module)
+    if state.running:
+        # Nothing to do, return early.
+        _exit_with_state(args, module, changed=False, message="Service already running")
+
+    if module.check_mode:
+        _exit_with_state(args, module, changed=True, message="Service would be started")
+
+    start_cmd = [args.brew_path, "services", "start", args.name]
+    rc, stdout, stderr = module.run_command(start_cmd, check_rc=True)
+
+    _exit_with_state(args, module, changed=True)
+
+
+def stop_service(args, module):
+    # type: (HomebrewServiceArgs, AnsibleModule) -> None
+    """Stop the requested brew service if it is running."""
+    state = _brew_service_state(args, module)
+    if not state.running:
+        # Nothing to do, return early.
+        _exit_with_state(args, module, changed=False, message="Service already stopped")
+
+    if module.check_mode:
+        _exit_with_state(args, module, changed=True, message="Service would be stopped")
+
+    stop_cmd = [args.brew_path, "services", "stop", args.name]
+    rc, stdout, stderr = module.run_command(stop_cmd, check_rc=True)
+
+    _exit_with_state(args, module, changed=True)
+
+
+def restart_service(args, module):
+    # type: (HomebrewServiceArgs, AnsibleModule) -> None
+    """Restart the requested brew service. This always results in a change."""
+    if module.check_mode:
+        _exit_with_state(
+            args, module, changed=True, message="Service would be restarted"
+        )
+
+    restart_cmd = [args.brew_path, "services", "restart", args.name]
+    rc, stdout, stderr = module.run_command(restart_cmd, check_rc=True)
+
+    _exit_with_state(args, module, changed=True)
+
+
+def main():
+    module = AnsibleModule(
+        argument_spec=dict(
+            name=dict(
+                aliases=["formula"],
+                required=True,
+                type="str",
+            ),
+            state=dict(
+                choices=["present", "absent", "restarted"],
+                default="present",
+            ),
+            path=dict(
+                default="/usr/local/bin:/opt/homebrew/bin:/home/linuxbrew/.linuxbrew/bin",
+                type="path",
+            ),
+        ),
+        supports_check_mode=True,
+    )
+
+    module.run_command_environ_update = dict(
+        LANG="C", LC_ALL="C", LC_MESSAGES="C", LC_CTYPE="C"
+    )
+
+    # Pre-validate arguments.
+    service_args = validate_and_load_arguments(module)
+
+    # Choose logic based on the desired state.
+    if service_args.state == "present":
+        start_service(service_args, module)
+    elif service_args.state == "absent":
+        stop_service(service_args, module)
+    elif service_args.state == "restarted":
+        restart_service(service_args, module)
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/ipa_dnsrecord.py

@@ -35,11 +35,8 @@ options:
   record_type:
     description:
     - The type of DNS record name.
-    - Currently, 'A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'NS', 'PTR', 'TXT', 'SRV', 'MX' and 'SSHFP' are supported.
-    - "'A6', 'CNAME', 'DNAME' and 'TXT' are added in version 2.5."
-    - "'SRV' and 'MX' are added in version 2.8."
-    - "'NS' are added in comunity.general 8.2.0."
-    - "'SSHFP' are added in community.general 9.1.0."
+    - Support for V(NS) was added in comunity.general 8.2.0.
+    - Support for V(SSHFP) was added in community.general 9.1.0.
     required: false
     default: 'A'
     choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'MX', 'NS', 'PTR', 'SRV', 'TXT', 'SSHFP']
@@ -49,31 +46,31 @@ options:
     - Manage DNS record name with this value.
     - Mutually exclusive with O(record_values), and exactly one of O(record_value) and O(record_values) has to be specified.
     - Use O(record_values) if you need to specify multiple values.
-    - In the case of 'A' or 'AAAA' record types, this will be the IP address.
-    - In the case of 'A6' record type, this will be the A6 Record data.
-    - In the case of 'CNAME' record type, this will be the hostname.
-    - In the case of 'DNAME' record type, this will be the DNAME target.
-    - In the case of 'NS' record type, this will be the name server hostname. Hostname must already have a valid A or AAAA record.
-    - In the case of 'PTR' record type, this will be the hostname.
-    - In the case of 'TXT' record type, this will be a text.
-    - In the case of 'SRV' record type, this will be a service record.
-    - In the case of 'MX' record type, this will be a mail exchanger record.
-    - In the case of 'SSHFP' record type, this will be an SSH fingerprint record.
+    - In the case of V(A) or V(AAAA) record types, this will be the IP address.
+    - In the case of V(A6) record type, this will be the A6 Record data.
+    - In the case of V(CNAME) record type, this will be the hostname.
+    - In the case of V(DNAME) record type, this will be the DNAME target.
+    - In the case of V(NS) record type, this will be the name server hostname. Hostname must already have a valid A or AAAA record.
+    - In the case of V(PTR) record type, this will be the hostname.
+    - In the case of V(TXT) record type, this will be a text.
+    - In the case of V(SRV) record type, this will be a service record.
+    - In the case of V(MX) record type, this will be a mail exchanger record.
+    - In the case of V(SSHFP) record type, this will be an SSH fingerprint record.
     type: str
   record_values:
     description:
     - Manage DNS record name with this value.
     - Mutually exclusive with O(record_value), and exactly one of O(record_value) and O(record_values) has to be specified.
-    - In the case of 'A' or 'AAAA' record types, this will be the IP address.
-    - In the case of 'A6' record type, this will be the A6 Record data.
-    - In the case of 'CNAME' record type, this will be the hostname.
-    - In the case of 'DNAME' record type, this will be the DNAME target.
-    - In the case of 'NS' record type, this will be the name server hostname. Hostname must already have a valid A or AAAA record.
-    - In the case of 'PTR' record type, this will be the hostname.
-    - In the case of 'TXT' record type, this will be a text.
-    - In the case of 'SRV' record type, this will be a service record.
-    - In the case of 'MX' record type, this will be a mail exchanger record.
-    - In the case of 'SSHFP' record type, this will be an SSH fingerprint record.
+    - In the case of V(A) or V(AAAA) record types, this will be the IP address.
+    - In the case of V(A6) record type, this will be the A6 Record data.
+    - In the case of V(CNAME) record type, this will be the hostname.
+    - In the case of V(DNAME) record type, this will be the DNAME target.
+    - In the case of V(NS) record type, this will be the name server hostname. Hostname must already have a valid A or AAAA record.
+    - In the case of V(PTR) record type, this will be the hostname.
+    - In the case of V(TXT) record type, this will be a text.
+    - In the case of V(SRV) record type, this will be a service record.
+    - In the case of V(MX) record type, this will be a mail exchanger record.
+    - In the case of V(SSHFP) record type, this will be an SSH fingerprint record.
     type: list
     elements: str
   record_ttl:

plugins/modules/iptables_state.py

@@ -459,6 +459,7 @@ def main():
         if not os.access(b_path, os.R_OK):
             module.fail_json(msg="Source %s not readable" % path)
         state_to_restore = read_state(b_path)
+        cmd = None
     else:
         cmd = ' '.join(SAVECOMMAND)
 

plugins/modules/keycloak_identity_provider.py

@@ -445,6 +445,15 @@ def get_identity_provider_with_mappers(kc, alias, realm):
     idp = kc.get_identity_provider(alias, realm)
     if idp is not None:
         idp['mappers'] = sorted(kc.get_identity_provider_mappers(alias, realm), key=lambda x: x.get('name'))
+        # clientSecret returned by API when using `get_identity_provider(alias, realm)` is always **********
+        # to detect changes to the secret, we get the actual cleartext secret from the full realm info
+        if 'config' in idp:
+            if 'clientSecret' in idp['config']:
+                for idp_from_realm in kc.get_realm_by_id(realm).get('identityProviders', []):
+                    if idp_from_realm['internalId'] == idp['internalId']:
+                        cleartext_secret = idp_from_realm.get('config', {}).get('clientSecret')
+                        if cleartext_secret:
+                            idp['config']['clientSecret'] = cleartext_secret
     if idp is None:
         idp = {}
     return idp

plugins/modules/keycloak_realm_keys_metadata_info.py

@@ -0,0 +1,133 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) Ansible project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+---
+module: keycloak_realm_keys_metadata_info
+
+short_description: Allows obtaining Keycloak realm keys metadata via Keycloak API
+
+version_added: 9.3.0
+
+description:
+    - This module allows you to get Keycloak realm keys metadata via the Keycloak REST API.
+
+    - The names of module options are snake_cased versions of the camelCase ones found in the
+      Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/latest/rest-api/index.html).
+
+options:
+    realm:
+        type: str
+        description:
+            - They Keycloak realm to fetch keys metadata.
+        default: 'master'
+
+extends_documentation_fragment:
+    - community.general.keycloak
+    - community.general.attributes
+    - community.general.attributes.info_module
+
+author:
+    - Thomas Bach (@thomasbach-dev)
+"""
+
+EXAMPLES = """
+- name: Fetch Keys metadata
+  community.general.keycloak_realm_keys_metadata_info:
+    auth_keycloak_url: https://auth.example.com/auth
+    auth_realm: master
+    auth_username: USERNAME
+    auth_password: PASSWORD
+    realm: MyCustomRealm
+  delegate_to: localhost
+  register: keycloak_keys_metadata
+
+- name: Write the Keycloak keys certificate into a file
+  ansible.builtin.copy:
+    dest: /tmp/keycloak.cert
+    content: |
+      {{ keys_metadata['keycloak_keys_metadata']['keys']
+      | selectattr('algorithm', 'equalto', 'RS256')
+      | map(attribute='certificate')
+      | first
+      }}
+  delegate_to: localhost
+"""
+
+RETURN = """
+msg:
+    description: Message as to what action was taken.
+    returned: always
+    type: str
+
+keys_metadata:
+    description:
+
+        - Representation of the realm keys metadata (see
+          U(https://www.keycloak.org/docs-api/latest/rest-api/index.html#KeysMetadataRepresentation)).
+
+    returned: always
+    type: dict
+    contains:
+        active:
+            description: A mapping (that is, a dict) from key algorithms to UUIDs.
+            type: dict
+            returned: always
+        keys:
+            description: A list of dicts providing detailed information on the keys.
+            type: list
+            elements: dict
+            returned: always
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (
+    KeycloakAPI, KeycloakError, get_token, keycloak_argument_spec)
+
+
+def main():
+    argument_spec = keycloak_argument_spec()
+
+    meta_args = dict(
+        realm=dict(default="master"),
+    )
+    argument_spec.update(meta_args)
+
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        supports_check_mode=True,
+        required_one_of=([["token", "auth_realm", "auth_username", "auth_password"]]),
+        required_together=([["auth_realm", "auth_username", "auth_password"]]),
+    )
+
+    result = dict(changed=False, msg="", keys_metadata="")
+
+    # Obtain access token, initialize API
+    try:
+        connection_header = get_token(module.params)
+    except KeycloakError as e:
+        module.fail_json(msg=str(e))
+
+    kc = KeycloakAPI(module, connection_header)
+
+    realm = module.params.get("realm")
+
+    keys_metadata = kc.get_realm_keys_metadata_by_id(realm=realm)
+
+    result["keys_metadata"] = keys_metadata
+    result["msg"] = "Get realm keys metadata successful for ID {realm}".format(
+        realm=realm
+    )
+    module.exit_json(**result)
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/keycloak_user_federation.py

@@ -892,11 +892,11 @@ def main():
             if cid is None:
                 old_mapper = {}
             elif change.get('id') is not None:
-                old_mapper = kc.get_component(change['id'], realm)
+                old_mapper = next((before_mapper for before_mapper in before_mapper.get('mappers', []) if before_mapper["id"] == change['id']), None)
                 if old_mapper is None:
                     old_mapper = {}
             else:
-                found = kc.get_components(urlencode(dict(parent=cid, name=change['name'])), realm)
+                found = [before_mapper for before_mapper in before_comp.get('mappers', []) if before_mapper['name'] == change['name']]
                 if len(found) > 1:
                     module.fail_json(msg='Found multiple mappers with name `{name}`. Cannot continue.'.format(name=change['name']))
                 if len(found) == 1:
@@ -905,10 +905,10 @@ def main():
                     old_mapper = {}
             new_mapper = old_mapper.copy()
             new_mapper.update(change)
-            if new_mapper != old_mapper:
-                if changeset.get('mappers') is None:
-                    changeset['mappers'] = list()
-                changeset['mappers'].append(new_mapper)
+            # changeset contains all desired mappers: those existing, to update or to create
+            if changeset.get('mappers') is None:
+                changeset['mappers'] = list()
+            changeset['mappers'].append(new_mapper)
 
     # Prepare the desired values using the existing values (non-existence results in a dict that is save to use as a basis)
     desired_comp = before_comp.copy()
@@ -931,42 +931,51 @@ def main():
         # Process a creation
         result['changed'] = True
 
-        if module._diff:
-            result['diff'] = dict(before='', after=sanitize(desired_comp))
-
         if module.check_mode:
+            if module._diff:
+                result['diff'] = dict(before='', after=sanitize(desired_comp))
             module.exit_json(**result)
 
         # create it
-        desired_comp = desired_comp.copy()
-        updated_mappers = desired_comp.pop('mappers', [])
+        desired_mappers = desired_comp.pop('mappers', [])
         after_comp = kc.create_component(desired_comp, realm)
-
         cid = after_comp['id']
+        updated_mappers = []
+        # when creating a user federation, keycloak automatically creates default mappers
+        default_mappers = kc.get_components(urlencode(dict(parent=cid)), realm)
 
-        for mapper in updated_mappers:
-            found = kc.get_components(urlencode(dict(parent=cid, name=mapper['name'])), realm)
+        # create new mappers or update existing default mappers
+        for desired_mapper in desired_mappers:
+            found = [default_mapper for default_mapper in default_mappers if default_mapper['name'] == desired_mapper['name']]
             if len(found) > 1:
-                module.fail_json(msg='Found multiple mappers with name `{name}`. Cannot continue.'.format(name=mapper['name']))
+                module.fail_json(msg='Found multiple mappers with name `{name}`. Cannot continue.'.format(name=desired_mapper['name']))
             if len(found) == 1:
                 old_mapper = found[0]
             else:
                 old_mapper = {}
 
             new_mapper = old_mapper.copy()
-            new_mapper.update(mapper)
+            new_mapper.update(desired_mapper)
 
             if new_mapper.get('id') is not None:
                 kc.update_component(new_mapper, realm)
+                updated_mappers.append(new_mapper)
             else:
                 if new_mapper.get('parentId') is None:
-                    new_mapper['parentId'] = after_comp['id']
-                mapper = kc.create_component(new_mapper, realm)
+                    new_mapper['parentId'] = cid
+                updated_mappers.append(kc.create_component(new_mapper, realm))
 
-        after_comp['mappers'] = updated_mappers
+        # we remove all unwanted default mappers
+        # we use ids so we dont accidently remove one of the previously updated default mapper
+        for default_mapper in default_mappers:
+            if not default_mapper['id'] in [x['id'] for x in updated_mappers]:
+                kc.delete_component(default_mapper['id'], realm)
+
+        after_comp['mappers'] = kc.get_components(urlencode(dict(parent=cid)), realm)
+        if module._diff:
+            result['diff'] = dict(before='', after=sanitize(after_comp))
         result['end_state'] = sanitize(after_comp)
-
-        result['msg'] = "User federation {id} has been created".format(id=after_comp['id'])
+        result['msg'] = "User federation {id} has been created".format(id=cid)
         module.exit_json(**result)
 
     else:
@@ -990,22 +999,32 @@ def main():
                 module.exit_json(**result)
 
             # do the update
-            desired_comp = desired_comp.copy()
-            updated_mappers = desired_comp.pop('mappers', [])
+            desired_mappers = desired_comp.pop('mappers', [])
             kc.update_component(desired_comp, realm)
-            after_comp = kc.get_component(cid, realm)
 
-            for mapper in updated_mappers:
+            for before_mapper in before_comp.get('mappers', []):
+                # remove unwanted existing mappers that will not be updated
+                if not before_mapper['id'] in [x['id'] for x in desired_mappers]:
+                    kc.delete_component(before_mapper['id'], realm)
+
+            for mapper in desired_mappers:
+                if mapper in before_comp.get('mappers', []):
+                    continue
                 if mapper.get('id') is not None:
                     kc.update_component(mapper, realm)
                 else:
                     if mapper.get('parentId') is None:
                         mapper['parentId'] = desired_comp['id']
-                    mapper = kc.create_component(mapper, realm)
-
-            after_comp['mappers'] = updated_mappers
-            result['end_state'] = sanitize(after_comp)
+                    kc.create_component(mapper, realm)
 
+            after_comp = kc.get_component(cid, realm)
+            after_comp['mappers'] = kc.get_components(urlencode(dict(parent=cid)), realm)
+            after_comp_sanitized = sanitize(after_comp)
+            before_comp_sanitized = sanitize(before_comp)
+            result['end_state'] = after_comp_sanitized
+            if module._diff:
+                result['diff'] = dict(before=before_comp_sanitized, after=after_comp_sanitized)
+            result['changed'] = before_comp_sanitized != after_comp_sanitized
             result['msg'] = "User federation {id} has been updated".format(id=cid)
             module.exit_json(**result)
 

plugins/modules/locale_gen.py

@@ -25,9 +25,11 @@ attributes:
         support: none
 options:
     name:
-        type: str
+        type: list
+        elements: str
         description:
-            - Name and encoding of the locale, such as "en_GB.UTF-8".
+            - Name and encoding of the locales, such as V(en_GB.UTF-8).
+            - Before community.general 9.3.0, this was a string. Using a string still works.
         required: true
     state:
         type: str
@@ -44,6 +46,13 @@ EXAMPLES = '''
   community.general.locale_gen:
     name: de_CH.UTF-8
     state: present
+
+- name: Ensure multiple locales exist
+  community.general.locale_gen:
+    name:
+      - en_GB.UTF-8
+      - nl_NL.UTF-8
+    state: present
 '''
 
 import os
@@ -74,7 +83,7 @@ class LocaleGen(StateModuleHelper):
     output_params = ["name"]
     module = dict(
         argument_spec=dict(
-            name=dict(type='str', required=True),
+            name=dict(type="list", elements="str", required=True),
             state=dict(type='str', default='present', choices=['absent', 'present']),
         ),
         supports_check_mode=True,
@@ -91,9 +100,7 @@ class LocaleGen(StateModuleHelper):
                     self.LOCALE_SUPPORTED, self.LOCALE_GEN
                 ))
 
-        if not self.is_available():
-            self.do_raise("The locale you've entered is not available on your system.")
-
+        self.assert_available()
         self.vars.set("is_present", self.is_present(), output=False)
         self.vars.set("state_tracking", self._state_name(self.vars.is_present), output=False, change=True)
 
@@ -104,8 +111,8 @@ class LocaleGen(StateModuleHelper):
     def _state_name(present):
         return "present" if present else "absent"
 
-    def is_available(self):
-        """Check if the given locale is available on the system. This is done by
+    def assert_available(self):
+        """Check if the given locales are available on the system. This is done by
         checking either :
         * if the locale is present in /etc/locales.gen
         * or if the locale is present in /usr/share/i18n/SUPPORTED"""
@@ -121,18 +128,35 @@ class LocaleGen(StateModuleHelper):
             res = [re_compiled.match(line) for line in lines]
             if self.verbosity >= 4:
                 self.vars.available_lines = lines
-            if any(r.group("locale") == self.vars.name for r in res if r):
-                return True
+
+            locales_not_found = []
+            for locale in self.vars.name:
+                # Check if the locale is not found in any of the matches
+                if not any(match and match.group("locale") == locale for match in res):
+                    locales_not_found.append(locale)
+
         # locale may be installed but not listed in the file, for example C.UTF-8 in some systems
-        return self.is_present()
+        locales_not_found = self.locale_get_not_present(locales_not_found)
+
+        if locales_not_found:
+            self.do_raise("The following locales you've entered are not available on your system: {0}".format(', '.join(locales_not_found)))
 
     def is_present(self):
+        return not self.locale_get_not_present(self.vars.name)
+
+    def locale_get_not_present(self, locales):
         runner = locale_runner(self.module)
         with runner() as ctx:
             rc, out, err = ctx.run()
             if self.verbosity >= 4:
                 self.vars.locale_run_info = ctx.run_info
-        return any(self.fix_case(self.vars.name) == self.fix_case(line) for line in out.splitlines())
+
+        not_found = []
+        for locale in locales:
+            if not any(self.fix_case(locale) == self.fix_case(line) for line in out.splitlines()):
+                not_found.append(locale)
+
+        return not_found
 
     def fix_case(self, name):
         """locale -a might return the encoding in either lower or upper case.
@@ -141,39 +165,50 @@ class LocaleGen(StateModuleHelper):
             name = name.replace(s, r)
         return name
 
-    def set_locale(self, name, enabled=True):
+    def set_locale(self, names, enabled=True):
         """ Sets the state of the locale. Defaults to enabled. """
-        search_string = r'#?\s*%s (?P<charset>.+)' % re.escape(name)
-        if enabled:
-            new_string = r'%s \g<charset>' % (name)
-        else:
-            new_string = r'# %s \g<charset>' % (name)
-        re_search = re.compile(search_string)
-        with open("/etc/locale.gen", "r") as fr:
-            lines = [re_search.sub(new_string, line) for line in fr]
-        with open("/etc/locale.gen", "w") as fw:
-            fw.write("".join(lines))
+        with open("/etc/locale.gen", 'r') as fr:
+            lines = fr.readlines()
 
-    def apply_change(self, targetState, name):
+        locale_regexes = []
+
+        for name in names:
+            search_string = r'^#?\s*%s (?P<charset>.+)' % re.escape(name)
+            if enabled:
+                new_string = r'%s \g<charset>' % (name)
+            else:
+                new_string = r'# %s \g<charset>' % (name)
+            re_search = re.compile(search_string)
+            locale_regexes.append([re_search, new_string])
+
+        for i in range(len(lines)):
+            for [search, replace] in locale_regexes:
+                lines[i] = search.sub(replace, lines[i])
+
+        # Write the modified content back to the file
+        with open("/etc/locale.gen", 'w') as fw:
+            fw.writelines(lines)
+
+    def apply_change(self, targetState, names):
         """Create or remove locale.
 
         Keyword arguments:
         targetState -- Desired state, either present or absent.
-        name -- Name including encoding such as de_CH.UTF-8.
+        names -- Names list including encoding such as de_CH.UTF-8.
         """
 
-        self.set_locale(name, enabled=(targetState == "present"))
+        self.set_locale(names, enabled=(targetState == "present"))
 
         runner = locale_gen_runner(self.module)
         with runner() as ctx:
             ctx.run()
 
-    def apply_change_ubuntu(self, targetState, name):
+    def apply_change_ubuntu(self, targetState, names):
         """Create or remove locale.
 
         Keyword arguments:
         targetState -- Desired state, either present or absent.
-        name -- Name including encoding such as de_CH.UTF-8.
+        names -- Name list including encoding such as de_CH.UTF-8.
         """
         runner = locale_gen_runner(self.module)
 
@@ -189,7 +224,7 @@ class LocaleGen(StateModuleHelper):
             with open("/var/lib/locales/supported.d/local", "w") as fw:
                 for line in content:
                     locale, charset = line.split(' ')
-                    if locale != name:
+                    if locale not in names:
                         fw.write(line)
             # Purge locales and regenerate.
             # Please provide a patch if you know how to avoid regenerating the locales to keep!

plugins/modules/maven_artifact.py

@@ -11,7 +11,7 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: maven_artifact
 short_description: Downloads an Artifact from a Maven Repository
@@ -22,7 +22,7 @@ description:
 author: "Chris Schmidt (@chrisisbeef)"
 requirements:
     - lxml
-    - boto if using a S3 repository (s3://...)
+    - boto if using a S3 repository (V(s3://...))
 attributes:
     check_mode:
         support: none
@@ -32,52 +32,52 @@ options:
     group_id:
         type: str
         description:
-            - The Maven groupId coordinate
+            - The Maven groupId coordinate.
         required: true
     artifact_id:
         type: str
         description:
-            - The maven artifactId coordinate
+            - The maven artifactId coordinate.
         required: true
     version:
         type: str
         description:
-            - The maven version coordinate
+            - The maven version coordinate.
             - Mutually exclusive with O(version_by_spec).
     version_by_spec:
         type: str
         description:
             - The maven dependency version ranges.
             - See supported version ranges on U(https://cwiki.apache.org/confluence/display/MAVENOLD/Dependency+Mediation+and+Conflict+Resolution)
-            - The range type "(,1.0],[1.2,)" and "(,1.1),(1.1,)" is not supported.
+            - The range type V((,1.0],[1.2,\)) and V((,1.1\),(1.1,\)) is not supported.
             - Mutually exclusive with O(version).
         version_added: '0.2.0'
     classifier:
         type: str
         description:
-            - The maven classifier coordinate
+            - The maven classifier coordinate.
         default: ''
     extension:
         type: str
         description:
-            - The maven type/extension coordinate
+            - The maven type/extension coordinate.
         default: jar
     repository_url:
         type: str
         description:
             - The URL of the Maven Repository to download from.
-            - Use s3://... if the repository is hosted on Amazon S3, added in version 2.2.
-            - Use file://... if the repository is local, added in version 2.6
+            - Use V(s3://...) if the repository is hosted on Amazon S3.
+            - Use V(file://...) if the repository is local.
         default: https://repo1.maven.org/maven2
     username:
         type: str
         description:
-            - The username to authenticate as to the Maven Repository. Use AWS secret key of the repository is hosted on S3
+            - The username to authenticate as to the Maven Repository. Use AWS secret key of the repository is hosted on S3.
         aliases: [ "aws_secret_key" ]
     password:
         type: str
         description:
-            - The password to authenticate with to the Maven Repository. Use AWS secret access key of the repository is hosted on S3
+            - The password to authenticate with to the Maven Repository. Use AWS secret access key of the repository is hosted on S3.
         aliases: [ "aws_secret_access_key" ]
     headers:
         description:
@@ -95,19 +95,19 @@ options:
     dest:
         type: path
         description:
-            - The path where the artifact should be written to
-            - If file mode or ownerships are specified and destination path already exists, they affect the downloaded file
+            - The path where the artifact should be written to.
+            - If file mode or ownerships are specified and destination path already exists, they affect the downloaded file.
         required: true
     state:
         type: str
         description:
-            - The desired state of the artifact
+            - The desired state of the artifact.
         default: present
         choices: [present,absent]
     timeout:
         type: int
         description:
-            - Specifies a timeout in seconds for the connection attempt
+            - Specifies a timeout in seconds for the connection attempt.
         default: 10
     validate_certs:
         description:

plugins/modules/memset_zone_record.py

@@ -181,6 +181,7 @@ def api_validation(args=None):
     https://www.memset.com/apidocs/methods_dns.html#dns.zone_record_create)
     '''
     failed_validation = False
+    error = None
 
     # priority can only be integer 0 > 999
     if not 0 <= args['priority'] <= 999:

plugins/modules/nagios.py

@@ -39,8 +39,6 @@ options:
   action:
     description:
       - Action to take.
-      - servicegroup options were added in 2.0.
-      - delete_downtime options were added in 2.2.
       - The V(acknowledge) and V(forced_check) actions were added in community.general 1.2.0.
     required: true
     choices: [ "downtime", "delete_downtime", "enable_alerts", "disable_alerts", "silence", "unsilence",

plugins/modules/pipx.py

@@ -114,14 +114,20 @@ options:
             - Arbitrary arguments to pass directly to C(pip).
         type: str
         version_added: 4.6.0
+    suffix:
+        description:
+            - Optional suffix for virtual environment and executable names.
+            - "B(Warning): C(pipx) documentation states this is an B(experimental) feature subject to change."
+        type: str
+        version_added: 9.3.0
 notes:
+    - This module requires C(pipx) version 0.16.2.1 or above.
+    - Please note that C(pipx) requires Python 3.6 or above.
     - This module does not install the C(pipx) python package, however that can be easily done with the module M(ansible.builtin.pip).
     - This module does not require C(pipx) to be in the shell C(PATH), but it must be loadable by Python as a module.
     - >
       This module will honor C(pipx) environment variables such as but not limited to C(PIPX_HOME) and C(PIPX_BIN_DIR)
       passed using the R(environment Ansible keyword, playbooks_environment).
-    - This module requires C(pipx) version 0.16.2.1 or above.
-    - Please note that C(pipx) requires Python 3.6 or above.
     - >
       This first implementation does not verify whether a specified version constraint has been installed or not.
       Hence, when using version operators, C(pipx) module will always try to execute the operation,
@@ -168,6 +174,10 @@ from ansible_collections.community.general.plugins.module_utils.pipx import pipx
 from ansible.module_utils.facts.compat import ansible_facts
 
 
+def _make_name(name, suffix):
+    return name if suffix is None else "{0}{1}".format(name, suffix)
+
+
 class PipX(StateModuleHelper):
     output_params = ['name', 'source', 'index_url', 'force', 'installdeps']
     module = dict(
@@ -188,6 +198,7 @@ class PipX(StateModuleHelper):
             executable=dict(type='path'),
             editable=dict(type='bool', default=False),
             pip_args=dict(type='str'),
+            suffix=dict(type='str'),
         ),
         required_if=[
             ('state', 'present', ['name']),
@@ -199,6 +210,9 @@ class PipX(StateModuleHelper):
             ('state', 'latest', ['name']),
             ('state', 'inject', ['name', 'inject_packages']),
         ],
+        required_by=dict(
+            suffix="name",
+        ),
         supports_check_mode=True,
     )
     use_old_vardict = False
@@ -222,9 +236,10 @@ class PipX(StateModuleHelper):
         installed = self.runner('_list', output_process=process_list).run(_list=1)
 
         if self.vars.name is not None:
-            app_list = installed.get(self.vars.name)
+            name = _make_name(self.vars.name, self.vars.suffix)
+            app_list = installed.get(name)
             if app_list:
-                return {self.vars.name: app_list}
+                return {name: app_list}
             else:
                 return {}
 
@@ -253,45 +268,50 @@ class PipX(StateModuleHelper):
     def state_install(self):
         if not self.vars.application or self.vars.force:
             self.changed = True
-            with self.runner('state index_url install_deps force python system_site_packages editable pip_args name_source', check_mode_skip=True) as ctx:
+            args = 'state index_url install_deps force python system_site_packages editable pip_args suffix name_source'
+            with self.runner(args, check_mode_skip=True) as ctx:
                 ctx.run(name_source=[self.vars.name, self.vars.source])
                 self._capture_results(ctx)
 
     state_present = state_install
 
     def state_upgrade(self):
+        name = _make_name(self.vars.name, self.vars.suffix)
         if not self.vars.application:
-            self.do_raise("Trying to upgrade a non-existent application: {0}".format(self.vars.name))
+            self.do_raise("Trying to upgrade a non-existent application: {0}".format(name))
         if self.vars.force:
             self.changed = True
 
         with self.runner('state include_injected index_url force editable pip_args name', check_mode_skip=True) as ctx:
-            ctx.run()
+            ctx.run(name=name)
             self._capture_results(ctx)
 
     def state_uninstall(self):
         if self.vars.application:
+            name = _make_name(self.vars.name, self.vars.suffix)
             with self.runner('state name', check_mode_skip=True) as ctx:
-                ctx.run()
+                ctx.run(name=name)
                 self._capture_results(ctx)
 
     state_absent = state_uninstall
 
     def state_reinstall(self):
+        name = _make_name(self.vars.name, self.vars.suffix)
         if not self.vars.application:
-            self.do_raise("Trying to reinstall a non-existent application: {0}".format(self.vars.name))
+            self.do_raise("Trying to reinstall a non-existent application: {0}".format(name))
         self.changed = True
         with self.runner('state name python', check_mode_skip=True) as ctx:
-            ctx.run()
+            ctx.run(name=name)
             self._capture_results(ctx)
 
     def state_inject(self):
+        name = _make_name(self.vars.name, self.vars.suffix)
         if not self.vars.application:
-            self.do_raise("Trying to inject packages into a non-existent application: {0}".format(self.vars.name))
+            self.do_raise("Trying to inject packages into a non-existent application: {0}".format(name))
         if self.vars.force:
             self.changed = True
         with self.runner('state index_url install_apps install_deps force editable pip_args name inject_packages', check_mode_skip=True) as ctx:
-            ctx.run()
+            ctx.run(name=name)
             self._capture_results(ctx)
 
     def state_uninstall_all(self):
@@ -314,7 +334,8 @@ class PipX(StateModuleHelper):
     def state_latest(self):
         if not self.vars.application or self.vars.force:
             self.changed = True
-            with self.runner('state index_url install_deps force python system_site_packages editable pip_args name_source', check_mode_skip=True) as ctx:
+            args = 'state index_url install_deps force python system_site_packages editable pip_args suffix name_source'
+            with self.runner(args, check_mode_skip=True) as ctx:
                 ctx.run(state='install', name_source=[self.vars.name, self.vars.source])
                 self._capture_results(ctx)
 

plugins/modules/pkgng.py

@@ -100,6 +100,13 @@ options:
         type: bool
         default: false
         version_added: 1.3.0
+    use_globs:
+        description:
+            - Treat the package names as shell glob patterns.
+        required: false
+        type: bool
+        default: true
+        version_added: 9.3.0
 author: "bleader (@bleader)"
 notes:
   - When using pkgsite, be careful that already in cache packages won't be downloaded again.
@@ -127,7 +134,6 @@ EXAMPLES = '''
       - bar
     state: absent
 
-# "latest" support added in 2.7
 - name: Upgrade package baz
   community.general.pkgng:
     name: baz
@@ -137,6 +143,12 @@ EXAMPLES = '''
   community.general.pkgng:
     name: "*"
     state: latest
+
+- name: Upgrade foo/bar
+  community.general.pkgng:
+    name: foo/bar
+    state: latest
+    use_globs: false
 '''
 
 
@@ -147,7 +159,7 @@ from ansible.module_utils.basic import AnsibleModule
 
 def query_package(module, run_pkgng, name):
 
-    rc, out, err = run_pkgng('info', '-g', '-e', name)
+    rc, out, err = run_pkgng('info', '-e', name)
 
     return rc == 0
 
@@ -157,7 +169,7 @@ def query_update(module, run_pkgng, name):
     # Check to see if a package upgrade is available.
     # rc = 0, no updates available or package not installed
     # rc = 1, updates available
-    rc, out, err = run_pkgng('upgrade', '-g', '-n', name)
+    rc, out, err = run_pkgng('upgrade', '-n', name)
 
     return rc == 1
 
@@ -260,7 +272,7 @@ def install_packages(module, run_pkgng, packages, cached, state):
             action_count[action] += len(package_list)
             continue
 
-        pkgng_args = [action, '-g', '-U', '-y'] + package_list
+        pkgng_args = [action, '-U', '-y'] + package_list
         rc, out, err = run_pkgng(*pkgng_args)
         stdout += out
         stderr += err
@@ -290,7 +302,7 @@ def install_packages(module, run_pkgng, packages, cached, state):
 
 
 def annotation_query(module, run_pkgng, package, tag):
-    rc, out, err = run_pkgng('info', '-g', '-A', package)
+    rc, out, err = run_pkgng('info', '-A', package)
     match = re.search(r'^\s*(?P<tag>%s)\s*:\s*(?P<value>\w+)' % tag, out, flags=re.MULTILINE)
     if match:
         return match.group('value')
@@ -425,7 +437,9 @@ def main():
             rootdir=dict(required=False, type='path'),
             chroot=dict(required=False, type='path'),
             jail=dict(required=False, type='str'),
-            autoremove=dict(default=False, type='bool')),
+            autoremove=dict(default=False, type='bool'),
+            use_globs=dict(default=True, required=False, type='bool'),
+        ),
         supports_check_mode=True,
         mutually_exclusive=[["rootdir", "chroot", "jail"]])
 
@@ -466,6 +480,9 @@ def main():
     def run_pkgng(action, *args, **kwargs):
         cmd = [pkgng_path, dir_arg, action]
 
+        if p["use_globs"] and action in ('info', 'install', 'upgrade',):
+            args = ('-g',) + args
+
         pkgng_env = {'BATCH': 'yes'}
 
         if p["ignore_osver"]:

plugins/modules/proxmox.py

@@ -401,7 +401,8 @@ EXAMPLES = r'''
     password: 123456
     hostname: example.org
     ostemplate: 'local:vztmpl/ubuntu-14.04-x86_64.tar.gz'
-    netif: '{"net0":"name=eth0,ip=dhcp,ip6=dhcp,bridge=vmbr0"}'
+    netif:
+      net0: "name=eth0,ip=dhcp,ip6=dhcp,bridge=vmbr0"
 
 - name: Create new container with minimal options defining network interface with static ip
   community.general.proxmox:
@@ -413,7 +414,21 @@ EXAMPLES = r'''
     password: 123456
     hostname: example.org
     ostemplate: 'local:vztmpl/ubuntu-14.04-x86_64.tar.gz'
-    netif: '{"net0":"name=eth0,gw=192.168.0.1,ip=192.168.0.2/24,bridge=vmbr0"}'
+    netif:
+      net0: "name=eth0,gw=192.168.0.1,ip=192.168.0.2/24,bridge=vmbr0"
+
+- name: Create new container with more options defining network interface with static ip4 and ip6 with vlan-tag and mtu
+  community.general.proxmox:
+    vmid: 100
+    node: uk-mc02
+    api_user: root@pam
+    api_password: 1q2w3e
+    api_host: node1
+    password: 123456
+    hostname: example.org
+    ostemplate: 'local:vztmpl/ubuntu-14.04-x86_64.tar.gz'
+    netif:
+      net0: "name=eth0,gw=192.168.0.1,ip=192.168.0.2/24,ip6=fe80::1227/64,gw6=fe80::1,bridge=vmbr0,firewall=1,tag=934,mtu=1500"
 
 - name: Create new container with minimal options defining a mount with 8GB
   community.general.proxmox:
@@ -425,7 +440,8 @@ EXAMPLES = r'''
     password: 123456
     hostname: example.org
     ostemplate: 'local:vztmpl/ubuntu-14.04-x86_64.tar.gz'
-    mounts: '{"mp0":"local:8,mp=/mnt/test/"}'
+    mounts:
+      mp0: "local:8,mp=/mnt/test/"
 
 - name: Create new container with minimal options defining a mount with 8GB using mount_volumes
   community.general.proxmox:
@@ -511,7 +527,8 @@ EXAMPLES = r'''
     api_user: root@pam
     api_password: 1q2w3e
     api_host: node1
-    netif: '{"net0":"name=eth0,gw=192.168.0.1,ip=192.168.0.3/24,bridge=vmbr0"}'
+    netif:
+      net0: "name=eth0,gw=192.168.0.1,ip=192.168.0.3/24,bridge=vmbr0"
     update: true
 
 - name: Start container
@@ -590,8 +607,7 @@ import time
 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
 from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.six import string_types
-from ansible.module_utils.common.text.converters import to_native, to_text
+from ansible.module_utils.common.text.converters import to_native
 
 
 from ansible_collections.community.general.plugins.module_utils.proxmox import (
@@ -724,13 +740,16 @@ class ProxmoxLxcAnsible(ProxmoxAnsible):
                 # If not, we have proxmox create one using the special syntax
                 except Exception:
                     vol_string = "{storage}:{size}".format(storage=storage, size=size)
+            else:
+                raise AssertionError('Internal error')
 
             # 1.3 If we have a host_path, we don't have storage, a volume, or a size
             vol_string = ",".join(
+                [vol_string] +
                 ([] if host_path is None else [host_path]) +
                 ([] if mountpoint is None else ["mp={0}".format(mountpoint)]) +
-                ([] if options is None else [map("=".join, options.items())]) +
-                ([] if not kwargs else [map("=".join, kwargs.items())])
+                ([] if options is None else ["{0}={1}".format(k, v) for k, v in options.items()]) +
+                ([] if not kwargs else ["{0}={1}".format(k, v) for k, v in kwargs.items()])
             )
 
             return {key: vol_string}
@@ -759,9 +778,6 @@ class ProxmoxLxcAnsible(ProxmoxAnsible):
         if disk is not None:
             kwargs["disk_volume"] = parse_disk_string(disk)
         if "disk_volume" in kwargs:
-            if not all(isinstance(val, string_types) for val in kwargs["disk_volume"].values()):
-                self.module.warn("All disk_volume values must be strings. Converting non-string values to strings.")
-                kwargs["disk_volume"] = {key: to_text(val) for key, val in kwargs["disk_volume"].items()}
             disk_dict = build_volume(key="rootfs", **kwargs.pop("disk_volume"))
             kwargs.update(disk_dict)
         if memory is not None:
@@ -775,9 +791,6 @@ class ProxmoxLxcAnsible(ProxmoxAnsible):
         if "mount_volumes" in kwargs:
             mounts_list = kwargs.pop("mount_volumes")
             for mount_config in mounts_list:
-                if not all(isinstance(val, string_types) for val in mount_config.values()):
-                    self.module.warn("All mount_volumes values must be strings. Converting non-string values to strings.")
-                    mount_config = {key: to_text(val) for key, val in mount_config.items()}
                 key = mount_config.pop("id")
                 mount_dict = build_volume(key=key, **mount_config)
                 kwargs.update(mount_dict)

plugins/modules/proxmox_disk.py

@@ -544,6 +544,7 @@ class ProxmoxDiskAnsible(ProxmoxAnsible):
             # NOOP
             return False, "Disk %s not found in VM %s and creation was disabled in parameters." % (disk, vmid)
 
+        timeout_str = "Reached timeout. Last line in task before timeout: %s"
         if (create == 'regular' and disk not in vm_config) or (create == 'forced'):
             # CREATE
             playbook_config = self.get_create_attributes()

plugins/modules/redis.py

@@ -132,6 +132,16 @@ EXAMPLES = '''
     command: config
     name: lua-time-limit
     value: 100
+
+- name: Connect using TLS and certificate authentication
+  community.general.redis:
+    command: config
+    name: lua-time-limit
+    value: 100
+    tls: true
+    ca_certs: /etc/redis/certs/ca.crt
+    client_cert_file: /etc/redis/certs/redis.crt
+    client_key_file: /etc/redis/certs/redis.key
 '''
 
 import traceback

plugins/modules/snmp_facts.py

@@ -307,6 +307,8 @@ def main():
         if m_args['community'] is None:
             module.fail_json(msg='Community not set when using snmp version 2')
 
+    integrity_proto = None
+    privacy_proto = None
     if m_args['version'] == "v3":
         if m_args['username'] is None:
             module.fail_json(msg='Username not set when using snmp version 3')

plugins/modules/timezone.py

@@ -49,7 +49,8 @@ options:
     aliases: [ rtc ]
     choices: [ local, UTC ]
 notes:
-  - On SmartOS the C(sm-set-timezone) utility (part of the smtools package) is required to set the zone timezone
+  - On Ubuntu 24.04 the C(util-linux-extra) package is required to provide the C(hwclock) command.
+  - On SmartOS the C(sm-set-timezone) utility (part of the smtools package) is required to set the zone timezone.
   - On AIX only Olson/tz database timezones are usable (POSIX is not supported).
     An OS reboot is also required on AIX for the new timezone setting to take effect.
     Note that AIX 6.1+ is needed (OS level 61 or newer).
@@ -75,6 +76,7 @@ diff:
 
 EXAMPLES = r'''
 - name: Set timezone to Asia/Tokyo
+  become: true
   community.general.timezone:
     name: Asia/Tokyo
 '''

tests/integration/targets/django_manage/meta/main.yml

@@ -5,3 +5,4 @@
 
 dependencies:
   - setup_pkg_mgr
+  - setup_os_pkg_name

tests/integration/targets/django_manage/tasks/main.yaml

@@ -9,17 +9,10 @@
     suffix: .django_manage
   register: tmp_django_root
 
-- name: Install virtualenv on CentOS 8
+- name: Install virtualenv
   package:
-    name: virtualenv
+    name: "{{ os_package_name.virtualenv }}"
     state: present
-  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '8'
-
-- name: Install virtualenv on Arch Linux
-  pip:
-    name: virtualenv
-    state: present
-  when: ansible_os_family == 'Archlinux'
 
 - name: Install required library
   pip:

tests/integration/targets/gandi_livedns/aliases

@@ -2,5 +2,4 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-cloud/gandi
 unsupported