Release 10.7.2.

[PR #10409/a36ad54b backport][stable-10] doc style adjustments: modules i* (#10410 )
doc style adjustments: modules i* (#10409) (cherry picked from commit a36ad54b53) Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2026-04-30 10:26:52 +00:00 · 2025-07-14 15:39:20 +02:00 · 2025-07-14 15:34:36 +02:00 · 2025-07-14 07:47:50 +02:00 · 2025-07-14 07:23:05 +02:00 · 2025-07-13 15:50:28 +00:00
1524 changed files with 84658 additions and 66681 deletions
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -29,22 +29,20 @@ schedules:
    always: true
    branches:
      include:
-        - stable-9
-        - stable-8
+        - stable-11
+        - stable-10
  - cron: 0 11 * * 0
    displayName: Weekly (old stable branches)
    always: true
    branches:
      include:
-        - stable-7
+        - stable-9

 variables:
  - name: checkoutPath
    value: ansible_collections/community/general
  - name: coverageBranches
    value: main
-  - name: pipelinesCoverage
-    value: coverage
  - name: entryPoint
    value: tests/utils/shippable/shippable.sh
  - name: fetchDepth
@@ -72,7 +70,19 @@ stages:
            - test: 2
            - test: 3
            - test: 4
-            - test: extra
+  - stage: Sanity_2_19
+    displayName: Sanity 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.19/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
  - stage: Sanity_2_18
    displayName: Sanity 2.18
    dependsOn: []
@@ -128,6 +138,17 @@ stages:
            - test: '3.11'
            - test: '3.12'
            - test: '3.13'
+  - stage: Units_2_19
+    displayName: Units 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.19/units/{0}/1
+          targets:
+            - test: 3.9
+            - test: "3.13"
  - stage: Units_2_18
    displayName: Units 2.18
    dependsOn: []
@@ -172,10 +193,10 @@ stages:
        parameters:
          testFormat: devel/{0}
          targets:
-            - name: Alpine 3.20
-              test: alpine/3.20
-            # - name: Fedora 40
-            #   test: fedora/40
+            - name: Alpine 3.21
+              test: alpine/3.21
+            # - name: Fedora 41
+            #   test: fedora/41
            - name: Ubuntu 22.04
              test: ubuntu/22.04
            - name: Ubuntu 24.04
@@ -190,12 +211,30 @@ stages:
        parameters:
          testFormat: devel/{0}
          targets:
-            - name: macOS 14.3
-              test: macos/14.3
-            - name: RHEL 9.4
-              test: rhel/9.4
-            - name: FreeBSD 14.1
-              test: freebsd/14.1
+            - name: macOS 15.3
+              test: macos/15.3
+            - name: RHEL 10.0
+              test: rhel/10.0
+            - name: RHEL 9.5
+              test: rhel/9.5
+            - name: FreeBSD 14.2
+              test: freebsd/14.2
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Remote_2_19
+    displayName: Remote 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.19/{0}
+          targets:
+            - name: RHEL 10.0
+              test: rhel/10.0
          groups:
            - 1
            - 2
@@ -208,8 +247,12 @@ stages:
        parameters:
          testFormat: 2.18/{0}
          targets:
+            - name: macOS 14.3
+              test: macos/14.3
            - name: RHEL 9.4
              test: rhel/9.4
+            - name: FreeBSD 14.1
+              test: freebsd/14.1
          groups:
            - 1
            - 2
@@ -226,8 +269,6 @@ stages:
              test: freebsd/13.3
            - name: RHEL 9.3
              test: rhel/9.3
-            - name: FreeBSD 14.0
-              test: freebsd/14.0
          groups:
            - 1
            - 2
@@ -264,10 +305,10 @@ stages:
        parameters:
          testFormat: devel/linux/{0}
          targets:
-            - name: Fedora 40
-              test: fedora40
-            - name: Alpine 3.20
-              test: alpine320
+            - name: Fedora 41
+              test: fedora41
+            - name: Alpine 3.21
+              test: alpine321
            - name: Ubuntu 22.04
              test: ubuntu2204
            - name: Ubuntu 24.04
@@ -276,6 +317,20 @@ stages:
            - 1
            - 2
            - 3
+  - stage: Docker_2_19
+    displayName: Docker 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.19/linux/{0}
+          targets:
+            - name: Ubuntu 24.04
+              test: ubuntu2404
+          groups:
+            - 1
+            - 2
+            - 3
  - stage: Docker_2_18
    displayName: Docker 2.18
    dependsOn: []
@@ -284,6 +339,10 @@ stages:
        parameters:
          testFormat: 2.18/linux/{0}
          targets:
+            - name: Fedora 40
+              test: fedora40
+            - name: Alpine 3.20
+              test: alpine320
            - name: Ubuntu 24.04
              test: ubuntu2404
          groups:
@@ -343,7 +402,7 @@ stages:
            - name: Debian Bookworm
              test: debian-bookworm/3.11
            - name: ArchLinux
-              test: archlinux/3.12
+              test: archlinux/3.13
          groups:
            - 1
            - 2
@@ -363,6 +422,17 @@ stages:
 #            - test: '3.8'
 #            - test: '3.11'
 #            - test: '3.13'
+#  - stage: Generic_2_19
+#    displayName: Generic 2.19
+#    dependsOn: []
+#    jobs:
+#      - template: templates/matrix.yml
+#        parameters:
+#          nameFormat: Python {0}
+#          testFormat: 2.19/generic/{0}/1
+#          targets:
+#            - test: '3.9'
+#            - test: '3.13'
 #  - stage: Generic_2_18
 #    displayName: Generic 2.18
 #    dependsOn: []
@@ -402,25 +472,30 @@ stages:
    condition: succeededOrFailed()
    dependsOn:
      - Sanity_devel
+      - Sanity_2_19
      - Sanity_2_18
      - Sanity_2_17
      - Sanity_2_16
      - Units_devel
+      - Units_2_19
      - Units_2_18
      - Units_2_17
      - Units_2_16
      - Remote_devel_extra_vms
      - Remote_devel
+      - Remote_2_19
      - Remote_2_18
      - Remote_2_17
      - Remote_2_16
      - Docker_devel
+      - Docker_2_19
      - Docker_2_18
      - Docker_2_17
      - Docker_2_16
      - Docker_community_devel
 # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
 #      - Generic_devel
+#      - Generic_2_19
 #      - Generic_2_18
 #      - Generic_2_17
 #      - Generic_2_16
--- a/.azure-pipelines/templates/coverage.yml
+++ b/.azure-pipelines/templates/coverage.yml
@@ -28,16 +28,6 @@ jobs:
      - bash: .azure-pipelines/scripts/report-coverage.sh
        displayName: Generate Coverage Report
        condition: gt(variables.coverageFileCount, 0)
-      - task: PublishCodeCoverageResults@1
-        inputs:
-          codeCoverageTool: Cobertura
-          # Azure Pipelines only accepts a single coverage data file.
-          # That means only Python or PowerShell coverage can be uploaded, but not both.
-          # Set the "pipelinesCoverage" variable to determine which type is uploaded.
-          # Use "coverage" for Python and "coverage-powershell" for PowerShell.
-          summaryFileLocation: "$(outputPath)/reports/$(pipelinesCoverage).xml"
-        displayName: Publish to Azure Pipelines
-        condition: gt(variables.coverageFileCount, 0)
      - bash: .azure-pipelines/scripts/publish-codecov.py "$(outputPath)"
        displayName: Publish to codecov.io
        condition: gt(variables.coverageFileCount, 0)
--- a/.azure-pipelines/templates/matrix.yml
+++ b/.azure-pipelines/templates/matrix.yml
@@ -50,11 +50,11 @@ jobs:
    parameters:
      jobs:
        - ${{ if eq(length(parameters.groups), 0) }}:
-          - ${{ each target in parameters.targets }}:
-            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
-              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
-        - ${{ if not(eq(length(parameters.groups), 0)) }}:
-          - ${{ each group in parameters.groups }}:
            - ${{ each target in parameters.targets }}:
-              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
-                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}
+                - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
+                  test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
+        - ${{ if not(eq(length(parameters.groups), 0)) }}:
+            - ${{ each group in parameters.groups }}:
+                - ${{ each target in parameters.targets }}:
+                    - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
+                      test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}
--- a/.azure-pipelines/templates/test.yml
+++ b/.azure-pipelines/templates/test.yml
@@ -14,37 +14,37 @@ parameters:

 jobs:
  - ${{ each job in parameters.jobs }}:
-    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
-      displayName: ${{ job.name }}
-      container: default
-      workspace:
-        clean: all
-      steps:
-        - checkout: self
-          fetchDepth: $(fetchDepth)
-          path: $(checkoutPath)
-        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
-          displayName: Run Tests
-        - bash: .azure-pipelines/scripts/process-results.sh
-          condition: succeededOrFailed()
-          displayName: Process Results
-        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
-          condition: eq(variables.haveCoverageData, 'true')
-          displayName: Aggregate Coverage Data
-        - task: PublishTestResults@2
-          condition: eq(variables.haveTestResults, 'true')
-          inputs:
-            testResultsFiles: "$(outputPath)/junit/*.xml"
-          displayName: Publish Test Results
-        - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveBotResults, 'true')
-          displayName: Publish Bot Results
-          inputs:
-            targetPath: "$(outputPath)/bot/"
-            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
-        - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveCoverageData, 'true')
-          displayName: Publish Coverage Data
-          inputs:
-            targetPath: "$(Agent.TempDirectory)/coverage/"
-            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+      - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
+        displayName: ${{ job.name }}
+        container: default
+        workspace:
+          clean: all
+        steps:
+          - checkout: self
+            fetchDepth: $(fetchDepth)
+            path: $(checkoutPath)
+          - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
+            displayName: Run Tests
+          - bash: .azure-pipelines/scripts/process-results.sh
+            condition: succeededOrFailed()
+            displayName: Process Results
+          - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
+            condition: eq(variables.haveCoverageData, 'true')
+            displayName: Aggregate Coverage Data
+          - task: PublishTestResults@2
+            condition: eq(variables.haveTestResults, 'true')
+            inputs:
+              testResultsFiles: "$(outputPath)/junit/*.xml"
+            displayName: Publish Test Results
+          - task: PublishPipelineArtifact@1
+            condition: eq(variables.haveBotResults, 'true')
+            displayName: Publish Bot Results
+            inputs:
+              targetPath: "$(outputPath)/bot/"
+              artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+          - task: PublishPipelineArtifact@1
+            condition: eq(variables.haveCoverageData, 'true')
+            displayName: Publish Coverage Data
+            inputs:
+              targetPath: "$(Agent.TempDirectory)/coverage/"
+              artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -0,0 +1,9 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# YAML reformatting
+2b4882549908b5b1fafe5fa10efb47f613a71f94
+8196cacff8e83dc5d7fb88b43ef3cab5d3751c39
+bd4f1a3e5ca1af5afc53636c36767e81a4566978
+a9e892952deef6f91977d7032dd95237a9867509
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@@ -61,7 +61,6 @@ files:
  $callbacks/elastic.py:
    keywords: apm observability
    maintainers: v1v
-  $callbacks/hipchat.py: {}
  $callbacks/jabber.py: {}
  $callbacks/log_plays.py: {}
  $callbacks/loganalytics.py:
@@ -78,6 +77,8 @@ files:
  $callbacks/opentelemetry.py:
    keywords: opentelemetry observability
    maintainers: v1v
+  $callbacks/print_task.py:
+    maintainers: demonpig
  $callbacks/say.py:
    keywords: brew cask darwin homebrew macosx macports osx
    labels: macos say
@@ -112,15 +113,22 @@ files:
  $connections/lxd.py:
    labels: lxd
    maintainers: mattclay
+  $connections/proxmox_pct_remote.py:
+    labels: proxmox
+    maintainers: mietzen
  $connections/qubes.py:
    maintainers: kushaldas
  $connections/saltstack.py:
    labels: saltstack
    maintainers: mscherer
+  $connections/wsl.py:
+    maintainers: rgl
  $connections/zone.py:
    maintainers: $team_ansible_core
  $doc_fragments/:
    labels: docs_fragments
+  $doc_fragments/clc.py:
+    maintainers: clc-runner russoz
  $doc_fragments/django.py:
    maintainers: russoz
  $doc_fragments/hpe3par.py:
@@ -136,6 +144,8 @@ files:
  $doc_fragments/xenserver.py:
    labels: xenserver
    maintainers: bvitnik
+  $filters/accumulate.py:
+    maintainers: VannTen
  $filters/counter.py:
    maintainers: keilr
  $filters/crc32.py:
@@ -158,6 +168,14 @@ files:
    maintainers: Ajpantuso
  $filters/jc.py:
    maintainers: kellyjonbrazil
+  $filters/json_diff.yml:
+    maintainers: numo68
+  $filters/json_patch.py:
+    maintainers: numo68
+  $filters/json_patch.yml:
+    maintainers: numo68
+  $filters/json_patch_recipe.yml:
+    maintainers: numo68
  $filters/json_query.py: {}
  $filters/keep_keys.py:
    maintainers: vbotka
@@ -194,6 +212,8 @@ files:
    maintainers: resmo
  $filters/to_months.yml:
    maintainers: resmo
+  $filters/to_prettytable.py:
+    maintainers: tgadiev
  $filters/to_seconds.yml:
    maintainers: resmo
  $filters/to_time_unit.yml:
@@ -212,6 +232,8 @@ files:
    maintainers: opoplawski
  $inventories/gitlab_runners.py:
    maintainers: morph027
+  $inventories/iocage.py:
+    maintainers: vbotka
  $inventories/icinga2.py:
    maintainers: BongoEADGC6
  $inventories/linode.py:
@@ -291,6 +313,8 @@ files:
  $lookups/onepassword_raw.py:
    ignore: scottsb
    maintainers: azenk
+  $lookups/onepassword_ssh_key.py:
+    maintainers: mohammedbabelly20
  $lookups/passwordstore.py: {}
  $lookups/random_pet.py:
    maintainers: Akasurde
@@ -308,8 +332,12 @@ files:
    maintainers: delineaKrehl tylerezimmerman
  $module_utils/:
    labels: module_utils
+  $module_utils/android_sdkmanager.py:
+    maintainers: shamilovstas
  $module_utils/btrfs.py:
    maintainers: gnfzdz
+  $module_utils/cmd_runner_fmt.py:
+    maintainers: russoz
  $module_utils/cmd_runner.py:
    maintainers: russoz
  $module_utils/deps.py:
@@ -356,9 +384,13 @@ files:
  $module_utils/oracle/oci_utils.py:
    labels: cloud
    maintainers: $team_oracle
+  $module_utils/pacemaker.py:
+    maintainers: munchtoast
  $module_utils/pipx.py:
    labels: pipx
    maintainers: russoz
+  $module_utils/pkg_req.py:
+    maintainers: russoz
  $module_utils/python_runner.py:
    maintainers: russoz
  $module_utils/puppet.py:
@@ -380,6 +412,8 @@ files:
    maintainers: russoz
  $module_utils/ssh.py:
    maintainers: russoz
+  $module_utils/systemd.py:
+    maintainers: NomakCooper
  $module_utils/storage/hpe3par/hpe3par.py:
    maintainers: farhan7500 gautamphegde
  $module_utils/utm_utils.py:
@@ -391,6 +425,8 @@ files:
  $module_utils/wdc_redfish_utils.py:
    labels: wdc_redfish_utils
    maintainers: $team_wdc
+  $module_utils/xdg_mime.py:
+    maintainers: mhalano
  $module_utils/xenserver.py:
    labels: xenserver
    maintainers: bvitnik
@@ -417,6 +453,8 @@ files:
    ignore: DavidWittman jiuka
    labels: alternatives
    maintainers: mulby
+  $modules/android_sdk.py:
+    maintainers: shamilovstas
  $modules/ansible_galaxy_install.py:
    maintainers: russoz
  $modules/apache2_mod_proxy.py:
@@ -447,7 +485,7 @@ files:
  $modules/bearychat.py:
    maintainers: tonyseek
  $modules/bigpanda.py:
-    maintainers: hkariti
+    ignore: hkariti
  $modules/bitbucket_:
    maintainers: catcombo
  $modules/bootc_manage.py:
@@ -505,6 +543,8 @@ files:
    ignore: skornehl
  $modules/dconf.py:
    maintainers: azaghal
+  $modules/decompress.py:
+    maintainers: shamilovstas
  $modules/deploy_helper.py:
    maintainers: ramondelafuente
  $modules/dimensiondata_network.py:
@@ -761,6 +801,8 @@ files:
    maintainers: sermilrod
  $modules/jenkins_job_info.py:
    maintainers: stpierre
+  $modules/jenkins_node.py:
+    maintainers: phyrwork
  $modules/jenkins_plugin.py:
    maintainers: jtyr
  $modules/jenkins_script.py:
@@ -797,6 +839,8 @@ files:
    maintainers: fynncfchen johncant
  $modules/keycloak_clientsecret_regenerate.py:
    maintainers: fynncfchen johncant
+  $modules/keycloak_component.py:
+    maintainers: fivetide
  $modules/keycloak_group.py:
    maintainers: adamgoossens
  $modules/keycloak_identity_provider.py:
@@ -829,6 +873,8 @@ files:
    maintainers: ahussey-redhat
  $modules/kibana_plugin.py:
    maintainers: barryib
+  $modules/krb_ticket.py:
+    maintainers: abakanovskii
  $modules/launchd.py:
    maintainers: martinm82
  $modules/layman.py:
@@ -839,6 +885,8 @@ files:
    maintainers: drybjed jtyr noles
  $modules/ldap_entry.py:
    maintainers: jtyr
+  $modules/ldap_inc.py:
+    maintainers: pduveau
  $modules/ldap_passwd.py:
    maintainers: KellerFuchs jtyr
  $modules/ldap_search.py:
@@ -1020,6 +1068,8 @@ files:
    maintainers: fraff
  $modules/pacemaker_cluster.py:
    maintainers: matbu
+  $modules/pacemaker_resource.py:
+    maintainers: munchtoast
  $modules/packet_:
    maintainers: nurfet-becirevic t0mk
  $modules/packet_device.py:
@@ -1110,6 +1160,10 @@ files:
  $modules/proxmox_kvm.py:
    ignore: skvidal
    maintainers: helldorado krauthosting
+  $modules/proxmox_backup.py:
+    maintainers: IamLunchbox
+  $modules/proxmox_backup_info.py:
+    maintainers: raoufnezhad mmayabi
  $modules/proxmox_nic.py:
    maintainers: Kogelvis krauthosting
  $modules/proxmox_node_info.py:
@@ -1159,12 +1213,6 @@ files:
    keywords: kvm libvirt proxmox qemu
    labels: rhevm virt
    maintainers: $team_virt TimothyVandenbrande
-  $modules/rhn_channel.py:
-    labels: rhn_channel
-    maintainers: vincentvdk alikins $team_rhn
-  $modules/rhn_register.py:
-    labels: rhn_register
-    maintainers: jlaska $team_rhn
  $modules/rhsm_release.py:
    maintainers: seandst $team_rhsm
  $modules/rhsm_repository.py:
@@ -1197,9 +1245,9 @@ files:
  $modules/scaleway_compute_private_network.py:
    maintainers: pastral
  $modules/scaleway_container.py:
-     maintainers: Lunik
+    maintainers: Lunik
  $modules/scaleway_container_info.py:
-     maintainers: Lunik
+    maintainers: Lunik
  $modules/scaleway_container_namespace.py:
    maintainers: Lunik
  $modules/scaleway_container_namespace_info.py:
@@ -1328,6 +1376,12 @@ files:
    maintainers: precurse
  $modules/sysrc.py:
    maintainers: dlundgren
+  $modules/systemd_creds_decrypt.py:
+    maintainers: konstruktoid
+  $modules/systemd_creds_encrypt.py:
+    maintainers: konstruktoid
+  $modules/systemd_info.py:
+    maintainers: NomakCooper
  $modules/sysupgrade.py:
    maintainers: precurse
  $modules/taiga_issue.py:
@@ -1359,16 +1413,19 @@ files:
    keywords: sophos utm
    maintainers: $team_e_spirit
  $modules/utm_ca_host_key_cert.py:
-    maintainers: stearz
+    ignore: stearz
+    maintainers: $team_e_spirit
  $modules/utm_ca_host_key_cert_info.py:
-    maintainers: stearz
+    ignore: stearz
+    maintainers: $team_e_spirit
  $modules/utm_network_interface_address.py:
    maintainers: steamx
  $modules/utm_network_interface_address_info.py:
    maintainers: steamx
  $modules/utm_proxy_auth_profile.py:
    keywords: sophos utm
-    maintainers: $team_e_spirit stearz
+    ignore: stearz
+    maintainers: $team_e_spirit
  $modules/utm_proxy_exception.py:
    keywords: sophos utm
    maintainers: $team_e_spirit RickS-C137
@@ -1398,6 +1455,8 @@ files:
    maintainers: dinoocch the-maldridge
  $modules/xcc_:
    maintainers: panyy3 renxulei
+  $modules/xdg_mime.py:
+    maintainers: mhalano
  $modules/xenserver_:
    maintainers: bvitnik
  $modules/xenserver_facts.py:
@@ -1444,6 +1503,9 @@ files:
    maintainers: $team_suse
  $plugin_utils/ansible_type.py:
    maintainers: vbotka
+  $modules/zypper_repository_info.py:
+    labels: zypper
+    maintainers: $team_suse TobiasZeuch181
  $plugin_utils/keys_filter.py:
    maintainers: vbotka
  $plugin_utils/unsafe.py:
@@ -1501,6 +1563,8 @@ files:
    maintainers: baldwinSPC nurfet-becirevic t0mk teebes
  docs/docsite/rst/guide_scaleway.rst:
    maintainers: $team_scaleway
+  docs/docsite/rst/guide_uthelper.rst:
+    maintainers: russoz
  docs/docsite/rst/guide_vardict.rst:
    maintainers: russoz
  docs/docsite/rst/test_guide.rst:
@@ -1552,10 +1616,9 @@ macros:
  team_oracle: manojmeda mross22 nalsaber
  team_purestorage: bannaych dnix101 genegr lionmax opslounge raekins sdodsley sile16
  team_redfish: mraineri tomasg2012 xmadsen renxulei rajeevkallur bhavya06 jyundt
-  team_rhn: FlossWare alikins barnabycourt vritant
  team_rhsm: cnsnyder ptoscano
  team_scaleway: remyleone abarbare
  team_solaris: bcoca fishman jasperla jpdasma mator scathatheworm troy2914 xen0l
-  team_suse: commel evrardjp lrupp toabctl AnderEnder alxgu andytom sealor
+  team_suse: commel evrardjp lrupp AnderEnder alxgu andytom sealor
  team_virt: joshainglis karmab Thulium-Drake Ajpantuso
  team_wdc: mikemoerk
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -7,147 +7,147 @@ name: Bug report
 description: Create a report to help us improve

 body:
- type: markdown
-  attributes:
-    value: |
-      ⚠
-      Verify first that your issue is not [already reported on GitHub][issue search].
-      Also test if the latest release and devel branch are affected too.
-      *Complete **all** sections as described, this form is processed automatically.*
+  - type: markdown
+    attributes:
+      value: |
+        ⚠
+        Verify first that your issue is not [already reported on GitHub][issue search].
+        Also test if the latest release and devel branch are affected too.
+        *Complete **all** sections as described, this form is processed automatically.*

-      [issue search]: https://github.com/ansible-collections/community.general/search?q=is%3Aissue&type=issues
+        [issue search]: https://github.com/ansible-collections/community.general/search?q=is%3Aissue&type=issues


- type: textarea
-  attributes:
-    label: Summary
-    description: Explain the problem briefly below.
-    placeholder: >-
-      When I try to do X with the collection from the main branch on GitHub, Y
-      breaks in a way Z under the env E. Here are all the details I know
-      about this problem...
-  validations:
-    required: true
-
- type: dropdown
-  attributes:
-    label: Issue Type
-    # FIXME: Once GitHub allows defining the default choice, update this
-    options:
-    - Bug Report
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    # For smaller collections we could use a multi-select and hardcode the list
-    # May generate this list via GitHub action and walking files under https://github.com/ansible-collections/community.general/tree/main/plugins
-    # Select from list, filter as you type (`mysql` would only show the 3 mysql components)
-    # OR freeform - doesn't seem to be supported in adaptivecards
-    label: Component Name
-    description: >-
-      Write the short name of the module, plugin, task or feature below,
-      *use your best guess if unsure*. Do not include `community.general.`!
-    placeholder: dnf, apt, yum, pip, user etc.
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Ansible Version
-    description: >-
-      Paste verbatim output from `ansible --version` between
-      tripple backticks.
-    value: |
-      ```console (paste below)
-      $ ansible --version
-
-      ```
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Community.general Version
-    description: >-
-      Paste verbatim output from "ansible-galaxy collection list community.general"
-      between tripple backticks.
-    value: |
-      ```console (paste below)
-      $ ansible-galaxy collection list community.general
-
-      ```
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Configuration
-    description: >-
-      If this issue has an example piece of YAML that can help to reproduce this problem, please provide it.
-      This can be a piece of YAML from, e.g., an automation, script, scene or configuration.
-      Paste verbatim output from `ansible-config dump --only-changed` between quotes
-    value: |
-      ```console (paste below)
-      $ ansible-config dump --only-changed
-
-      ```
-
-
- type: textarea
-  attributes:
-    label: OS / Environment
-    description: >-
-      Provide all relevant information below, e.g. target OS versions,
-      network device firmware, etc.
-    placeholder: RHEL 8, CentOS Stream etc.
-  validations:
-    required: false
-
-
- type: textarea
-  attributes:
-    label: Steps to Reproduce
-    description: |
-      Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also passed any playbooks, configs and commands you used.
-
-      **HINT:** You can paste https://gist.github.com links for larger files.
-    value: |
-      <!--- Paste example playbooks or commands between quotes below -->
-      ```yaml (paste below)
-
-      ```
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Expected Results
-    description: >-
-      Describe what you expected to happen when running the steps above.
-    placeholder: >-
-      I expected X to happen because I assumed Y.
-      that it did not.
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Actual Results
-    description: |
-      Describe what actually happened. If possible run with extra verbosity (`-vvvv`).
-
-      Paste verbatim command output between quotes.
-    value: |
-      ```console (paste below)
-
-      ```
- type: checkboxes
-  attributes:
-    label: Code of Conduct
-    description: |
-      Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
-    options:
-    - label: I agree to follow the Ansible Code of Conduct
+  - type: textarea
+    attributes:
+      label: Summary
+      description: Explain the problem briefly below.
+      placeholder: >-
+        When I try to do X with the collection from the main branch on GitHub, Y
+        breaks in a way Z under the env E. Here are all the details I know
+        about this problem...
+    validations:
      required: true
+
+  - type: dropdown
+    attributes:
+      label: Issue Type
+      # FIXME: Once GitHub allows defining the default choice, update this
+      options:
+        - Bug Report
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      # For smaller collections we could use a multi-select and hardcode the list
+      # May generate this list via GitHub action and walking files under https://github.com/ansible-collections/community.general/tree/main/plugins
+      # Select from list, filter as you type (`mysql` would only show the 3 mysql components)
+      # OR freeform - doesn't seem to be supported in adaptivecards
+      label: Component Name
+      description: >-
+        Write the short name of the module, plugin, task or feature below,
+        *use your best guess if unsure*. Do not include `community.general.`!
+      placeholder: dnf, apt, yum, pip, user etc.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Ansible Version
+      description: >-
+        Paste verbatim output from `ansible --version` between
+        tripple backticks.
+      value: |
+        ```console (paste below)
+        $ ansible --version
+
+        ```
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Community.general Version
+      description: >-
+        Paste verbatim output from "ansible-galaxy collection list community.general"
+        between tripple backticks.
+      value: |
+        ```console (paste below)
+        $ ansible-galaxy collection list community.general
+
+        ```
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Configuration
+      description: >-
+        If this issue has an example piece of YAML that can help to reproduce this problem, please provide it.
+        This can be a piece of YAML from, e.g., an automation, script, scene or configuration.
+        Paste verbatim output from `ansible-config dump --only-changed` between quotes
+      value: |
+        ```console (paste below)
+        $ ansible-config dump --only-changed
+
+        ```
+
+
+  - type: textarea
+    attributes:
+      label: OS / Environment
+      description: >-
+        Provide all relevant information below, e.g. target OS versions,
+        network device firmware, etc.
+      placeholder: RHEL 8, CentOS Stream etc.
+    validations:
+      required: false
+
+
+  - type: textarea
+    attributes:
+      label: Steps to Reproduce
+      description: |
+        Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also passed any playbooks, configs and commands you used.
+
+        **HINT:** You can paste https://gist.github.com links for larger files.
+      value: |
+        <!--- Paste example playbooks or commands between quotes below -->
+        ```yaml (paste below)
+
+        ```
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Expected Results
+      description: >-
+        Describe what you expected to happen when running the steps above.
+      placeholder: >-
+        I expected X to happen because I assumed Y.
+        that it did not.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Actual Results
+      description: |
+        Describe what actually happened. If possible run with extra verbosity (`-vvvv`).
+
+        Paste verbatim command output between quotes.
+      value: |
+        ```console (paste below)
+
+        ```
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: |
+        Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
+      options:
+        - label: I agree to follow the Ansible Code of Conduct
+          required: true
 ...
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -6,26 +6,26 @@
 # Ref: https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
 blank_issues_enabled: false  # default: true
 contact_links:
- name: Security bug report
-  url: https://docs.ansible.com/ansible-core/devel/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
-  about: |
-    Please learn how to report security vulnerabilities here.
+  - name: Security bug report
+    url: https://docs.ansible.com/ansible-core/devel/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
+    about: |
+      Please learn how to report security vulnerabilities here.

-    For all security related bugs, email security@ansible.com
-    instead of using this issue tracker and you will receive
-    a prompt response.
+      For all security related bugs, email security@ansible.com
+      instead of using this issue tracker and you will receive
+      a prompt response.

-    For more information, see
-    https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
- name: Ansible Code of Conduct
-  url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
-  about: Be nice to other members of the community.
- name: Talks to the community
-  url: https://docs.ansible.com/ansible/latest/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#mailing-list-information
-  about: Please ask and answer usage questions here
- name: Working groups
-  url: https://github.com/ansible/community/wiki
-  about: Interested in improving a specific area? Become a part of a working group!
- name: For Enterprise
-  url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
-  about: Red Hat offers support for the Ansible Automation Platform
+      For more information, see
+      https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
+  - name: Ansible Code of Conduct
+    url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
+    about: Be nice to other members of the community.
+  - name: Talks to the community
+    url: https://docs.ansible.com/ansible/latest/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#mailing-list-information
+    about: Please ask and answer usage questions here
+  - name: Working groups
+    url: https://github.com/ansible/community/wiki
+    about: Interested in improving a specific area? Become a part of a working group!
+  - name: For Enterprise
+    url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser_ansible_collections
+    about: Red Hat offers support for the Ansible Automation Platform
--- a/.github/ISSUE_TEMPLATE/documentation_report.yml
+++ b/.github/ISSUE_TEMPLATE/documentation_report.yml
@@ -8,122 +8,122 @@ description: Ask us about docs
 # NOTE: issue body is enabled to allow screenshots

 body:
- type: markdown
-  attributes:
-    value: |
-      ⚠
-      Verify first that your issue is not [already reported on GitHub][issue search].
-      Also test if the latest release and devel branch are affected too.
-      *Complete **all** sections as described, this form is processed automatically.*
+  - type: markdown
+    attributes:
+      value: |
+        ⚠
+        Verify first that your issue is not [already reported on GitHub][issue search].
+        Also test if the latest release and devel branch are affected too.
+        *Complete **all** sections as described, this form is processed automatically.*

-      [issue search]: https://github.com/ansible-collections/community.general/search?q=is%3Aissue&type=issues
+        [issue search]: https://github.com/ansible-collections/community.general/search?q=is%3Aissue&type=issues


- type: textarea
-  attributes:
-    label: Summary
-    description: |
-      Explain the problem briefly below, add suggestions to wording or structure.
+  - type: textarea
+    attributes:
+      label: Summary
+      description: |
+        Explain the problem briefly below, add suggestions to wording or structure.

-      **HINT:** Did you know the documentation has an `Edit on GitHub` link on every page?
-    placeholder: >-
-      I was reading the Collection documentation of version X and I'm having
-      problems understanding Y. It would be very helpful if that got
-      rephrased as Z.
-  validations:
-    required: true
-
- type: dropdown
-  attributes:
-    label: Issue Type
-    # FIXME: Once GitHub allows defining the default choice, update this
-    options:
-    - Documentation Report
-  validations:
-    required: true
-
- type: input
-  attributes:
-    label: Component Name
-    description: >-
-      Write the short name of the file, module, plugin, task or feature below,
-      *use your best guess if unsure*. Do not include `community.general.`!
-    placeholder: mysql_user
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Ansible Version
-    description: >-
-      Paste verbatim output from `ansible --version` between
-      tripple backticks.
-    value: |
-      ```console (paste below)
-      $ ansible --version
-
-      ```
-  validations:
-    required: false
-
- type: textarea
-  attributes:
-    label: Community.general Version
-    description: >-
-      Paste verbatim output from "ansible-galaxy collection list community.general"
-      between tripple backticks.
-    value: |
-      ```console (paste below)
-      $ ansible-galaxy collection list community.general
-
-      ```
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Configuration
-    description: >-
-      Paste verbatim output from `ansible-config dump --only-changed` between quotes.
-    value: |
-      ```console (paste below)
-      $ ansible-config dump --only-changed
-
-      ```
-  validations:
-    required: false
-
- type: textarea
-  attributes:
-    label: OS / Environment
-    description: >-
-      Provide all relevant information below, e.g. OS version,
-      browser, etc.
-    placeholder: Fedora 33, Firefox etc.
-  validations:
-    required: false
-
- type: textarea
-  attributes:
-    label: Additional Information
-    description: |
-      Describe how this improves the documentation, e.g. before/after situation or screenshots.
-
-      **Tip:** It's not possible to upload the screenshot via this field directly but you can use the last textarea in this form to attach them.
-
-      **HINT:** You can paste https://gist.github.com links for larger files.
-    placeholder: >-
-      When the improvement is applied, it makes it more straightforward
-      to understand X.
-  validations:
-    required: false
-
- type: checkboxes
-  attributes:
-    label: Code of Conduct
-    description: |
-      Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
-    options:
-    - label: I agree to follow the Ansible Code of Conduct
+        **HINT:** Did you know the documentation has an `Edit on GitHub` link on every page?
+      placeholder: >-
+        I was reading the Collection documentation of version X and I'm having
+        problems understanding Y. It would be very helpful if that got
+        rephrased as Z.
+    validations:
      required: true
+
+  - type: dropdown
+    attributes:
+      label: Issue Type
+      # FIXME: Once GitHub allows defining the default choice, update this
+      options:
+        - Documentation Report
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Component Name
+      description: >-
+        Write the short name of the file, module, plugin, task or feature below,
+        *use your best guess if unsure*. Do not include `community.general.`!
+      placeholder: mysql_user
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Ansible Version
+      description: >-
+        Paste verbatim output from `ansible --version` between
+        tripple backticks.
+      value: |
+        ```console (paste below)
+        $ ansible --version
+
+        ```
+    validations:
+      required: false
+
+  - type: textarea
+    attributes:
+      label: Community.general Version
+      description: >-
+        Paste verbatim output from "ansible-galaxy collection list community.general"
+        between tripple backticks.
+      value: |
+        ```console (paste below)
+        $ ansible-galaxy collection list community.general
+
+        ```
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Configuration
+      description: >-
+        Paste verbatim output from `ansible-config dump --only-changed` between quotes.
+      value: |
+        ```console (paste below)
+        $ ansible-config dump --only-changed
+
+        ```
+    validations:
+      required: false
+
+  - type: textarea
+    attributes:
+      label: OS / Environment
+      description: >-
+        Provide all relevant information below, e.g. OS version,
+        browser, etc.
+      placeholder: Fedora 33, Firefox etc.
+    validations:
+      required: false
+
+  - type: textarea
+    attributes:
+      label: Additional Information
+      description: |
+        Describe how this improves the documentation, e.g. before/after situation or screenshots.
+
+        **Tip:** It's not possible to upload the screenshot via this field directly but you can use the last textarea in this form to attach them.
+
+        **HINT:** You can paste https://gist.github.com links for larger files.
+      placeholder: >-
+        When the improvement is applied, it makes it more straightforward
+        to understand X.
+    validations:
+      required: false
+
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: |
+        Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
+      options:
+        - label: I agree to follow the Ansible Code of Conduct
+          required: true
 ...
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -7,67 +7,67 @@ name: Feature request
 description: Suggest an idea for this project

 body:
- type: markdown
-  attributes:
-    value: |
-      ⚠
-      Verify first that your issue is not [already reported on GitHub][issue search].
-      Also test if the latest release and devel branch are affected too.
-      *Complete **all** sections as described, this form is processed automatically.*
+  - type: markdown
+    attributes:
+      value: |
+        ⚠
+        Verify first that your issue is not [already reported on GitHub][issue search].
+        Also test if the latest release and devel branch are affected too.
+        *Complete **all** sections as described, this form is processed automatically.*

-      [issue search]: https://github.com/ansible-collections/community.general/search?q=is%3Aissue&type=issues
+        [issue search]: https://github.com/ansible-collections/community.general/search?q=is%3Aissue&type=issues


- type: textarea
-  attributes:
-    label: Summary
-    description: Describe the new feature/improvement briefly below.
-    placeholder: >-
-      I am trying to do X with the collection from the main branch on GitHub and
-      I think that implementing a feature Y would be very helpful for me and
-      every other user of community.general because of Z.
-  validations:
-    required: true
-
- type: dropdown
-  attributes:
-    label: Issue Type
-    # FIXME: Once GitHub allows defining the default choice, update this
-    options:
-    - Feature Idea
-  validations:
-    required: true
-
- type: input
-  attributes:
-    label: Component Name
-    description: >-
-      Write the short name of the module or plugin, or which other part(s) of the collection this feature affects.
-      *use your best guess if unsure*. Do not include `community.general.`!
-    placeholder: dnf, apt, yum, pip, user etc.
-  validations:
-    required: true
-
- type: textarea
-  attributes:
-    label: Additional Information
-    description: |
-      Describe how the feature would be used, why it is needed and what it would solve.
-
-      **HINT:** You can paste https://gist.github.com links for larger files.
-    value: |
-      <!--- Paste example playbooks or commands between quotes below -->
-      ```yaml (paste below)
-
-      ```
-  validations:
-    required: false
- type: checkboxes
-  attributes:
-    label: Code of Conduct
-    description: |
-      Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
-    options:
-    - label: I agree to follow the Ansible Code of Conduct
+  - type: textarea
+    attributes:
+      label: Summary
+      description: Describe the new feature/improvement briefly below.
+      placeholder: >-
+        I am trying to do X with the collection from the main branch on GitHub and
+        I think that implementing a feature Y would be very helpful for me and
+        every other user of community.general because of Z.
+    validations:
      required: true
+
+  - type: dropdown
+    attributes:
+      label: Issue Type
+      # FIXME: Once GitHub allows defining the default choice, update this
+      options:
+        - Feature Idea
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Component Name
+      description: >-
+        Write the short name of the module or plugin, or which other part(s) of the collection this feature affects.
+        *use your best guess if unsure*. Do not include `community.general.`!
+      placeholder: dnf, apt, yum, pip, user etc.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Additional Information
+      description: |
+        Describe how the feature would be used, why it is needed and what it would solve.
+
+        **HINT:** You can paste https://gist.github.com links for larger files.
+      value: |
+        <!--- Paste example playbooks or commands between quotes below -->
+        ```yaml (paste below)
+
+        ```
+    validations:
+      required: false
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: |
+        Read the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--ansible-collections) first.
+      options:
+        - label: I agree to follow the Ansible Code of Conduct
+          required: true
 ...
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -7,7 +7,7 @@
 # https://github.com/marketplace/actions/ansible-test

 name: EOL CI
-on:
+"on":
  # Run EOL CI against all pushes (direct commits, also merged PRs), Pull Requests
  push:
    branches:
@@ -29,8 +29,6 @@ jobs:
    strategy:
      matrix:
        ansible:
-          - '2.13'
-          - '2.14'
          - '2.15'
    # Ansible-test on various stable branches does not yet work well with cgroups v2.
    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
@@ -47,6 +45,8 @@ jobs:
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          pull-request-change-detection: 'true'
          testing-type: sanity
+          pre-test-cmd: >-
+            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools

  units:
    # Ansible-test on various stable branches does not yet work well with cgroups v2.
@@ -67,16 +67,8 @@ jobs:
        exclude:
          - ansible: ''
        include:
-          - ansible: '2.13'
+          - ansible: '2.15'
            python: '2.7'
-          - ansible: '2.13'
-            python: '3.8'
-          - ansible: '2.13'
-            python: '2.7'
-          - ansible: '2.13'
-            python: '3.8'
-          - ansible: '2.14'
-            python: '3.9'
          - ansible: '2.15'
            python: '3.5'
          - ansible: '2.15'
@@ -121,57 +113,19 @@ jobs:
        exclude:
          - ansible: ''
        include:
-          # 2.13
-          - ansible: '2.13'
-            docker: fedora35
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.13'
-            docker: fedora35
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.13'
-            docker: fedora35
-            python: ''
-            target: azp/posix/3/
-          - ansible: '2.13'
-            docker: opensuse15py2
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.13'
-            docker: opensuse15py2
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.13'
-            docker: opensuse15py2
-            python: ''
-            target: azp/posix/3/
-          - ansible: '2.13'
-            docker: alpine3
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.13'
-            docker: alpine3
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.13'
-            docker: alpine3
-            python: ''
-            target: azp/posix/3/
-          # 2.14
-          - ansible: '2.14'
-            docker: alpine3
-            python: ''
-            target: azp/posix/1/
-          - ansible: '2.14'
-            docker: alpine3
-            python: ''
-            target: azp/posix/2/
-          - ansible: '2.14'
-            docker: alpine3
-            python: ''
-            target: azp/posix/3/
          # 2.15
+          - ansible: '2.15'
+            docker: alpine3
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.15'
+            docker: alpine3
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.15'
+            docker: alpine3
+            python: ''
+            target: azp/posix/3/
          - ansible: '2.15'
            docker: fedora37
            python: ''
@@ -212,12 +166,15 @@ jobs:
          integration-continue-on-error: 'false'
          integration-diff: 'false'
          integration-retry-on-error: 'true'
+          # TODO: remove "--branch stable-2" from community.crypto install once we're only using ansible-core 2.17 or newer!
          pre-test-cmd: >-
            mkdir -p ../../ansible
            ;
            git clone --depth=1 --single-branch https://github.com/ansible-collections/ansible.posix.git ../../ansible/posix
            ;
-            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.crypto.git ../../community/crypto
+            git clone --depth=1 --single-branch --branch stable-2 https://github.com/ansible-collections/community.crypto.git ../../community/crypto
+            ;
+            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.docker.git ../../community/docker
            ;
            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools
          pull-request-change-detection: 'true'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -5,7 +5,7 @@

 name: "Code scanning - action"

-on:
+"on":
  schedule:
    - cron: '26 19 * * 1'
  workflow_dispatch:
@@ -23,14 +23,16 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false

-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: python
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: python

-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
--- a/.github/workflows/import-galaxy.yml
+++ b/.github/workflows/import-galaxy.yml
@@ -1,20 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-name: import-galaxy
-'on':
-  # Run CI against all pushes (direct commits, also merged PRs) to main, and all Pull Requests
-  push:
-    branches:
-      - main
-      - stable-*
-  pull_request:
-
-jobs:
-  import-galaxy:
-    permissions:
-      contents: read
-    name: Test to import built collection artifact with Galaxy importer
-    uses: ansible-community/github-action-test-galaxy-import/.github/workflows/test-galaxy-import.yml@main
--- a/.github/workflows/nox.yml
+++ b/.github/workflows/nox.yml
@@ -0,0 +1,28 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: nox
+'on':
+  push:
+    branches:
+      - main
+      - stable-*
+  pull_request:
+  # Run CI once per day (at 08:00 UTC)
+  schedule:
+    - cron: '0 8 * * *'
+  workflow_dispatch:
+
+jobs:
+  nox:
+    runs-on: ubuntu-latest
+    name: "Run extra sanity tests"
+    steps:
+      - name: Check out collection
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Run nox
+        uses: ansible-community/antsibull-nox@main
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -1,30 +0,0 @@
---
-# Copyright (c) Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-name: Verify REUSE
-
-on:
-  push:
-    branches: [main]
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-    branches: [main]
-  # Run CI once per day (at 07:30 UTC)
-  schedule:
-    - cron: '30 7 * * *'
-
-jobs:
-  check:
-    permissions:
-      contents: read
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha || '' }}
-
-      - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v4
--- a/.gitignore
+++ b/.gitignore
@@ -383,6 +383,16 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/

+### Python Patch ###
+# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration
+poetry.toml
+
+# ruff
+.ruff_cache/
+
+# LSP config files
+pyrightconfig.json
+
 ### Vim ###
 # Swap
 [._]*.s[a-v][a-z]
@@ -482,6 +492,10 @@ tags
 # https://plugins.jetbrains.com/plugin/12206-codestream
 .idea/codestream.xml

+# Azure Toolkit for IntelliJ plugin
+# https://plugins.jetbrains.com/plugin/8053-azure-toolkit-for-intellij
+.idea/**/azureSettings.xml
+
 ### Windows ###
 # Windows thumbnail cache files
 Thumbs.db
--- a/.reuse/dep5
+++ b/.reuse/dep5
@@ -1,5 +0,0 @@
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-
-Files: changelogs/fragments/*
-Copyright: Ansible Project
-License: GPL-3.0-or-later
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -44,7 +44,49 @@ If you want to test a PR locally, refer to [our testing guide](https://github.co

 If you find any inconsistencies or places in this document which can be improved, feel free to raise an issue or pull request to fix it.

-## Run sanity, unit or integration tests locally
+## Run sanity or unit locally (with antsibull-nox)
+
+The easiest way to run sanity and unit tests locally is to use [antsibull-nox](https://ansible.readthedocs.io/projects/antsibull-nox/).
+(If you have [nox](https://nox.thea.codes/en/stable/) installed, it will automatically install antsibull-nox in a virtual environment for you.)
+
+### Sanity tests
+
+The following commands show how to run ansible-test sanity tests:
+
+```.bash
+# Run basic sanity tests for all files in the collection:
+nox -Re ansible-test-sanity-devel
+
+# Run basic sanity tests for the given files and directories:
+nox -Re ansible-test-sanity-devel -- plugins/modules/system/pids.py tests/integration/targets/pids/
+
+# Run all other sanity tests for all files in the collection:
+nox -R
+```
+
+If you replace `-Re` with `-e`, respectively. If you leave `-R` away, then the virtual environments will be re-created. The `-R` re-uses them (if they already exist).
+
+### Unit tests
+
+The following commands show how to run unit tests:
+
+```.bash
+# Run all unit tests:
+nox -Re ansible-test-units-devel
+
+# Run all unit tests for one Python version (a lot faster):
+nox -Re ansible-test-units-devel -- --python 3.13
+
+# Run a specific unit test (for the nmcli module) for one Python version:
+nox -Re ansible-test-units-devel -- --python 3.13 tests/unit/plugins/modules/net_tools/test_nmcli.py
+```
+
+If you replace `-Re` with `-e`, then the virtual environments will be re-created. The `-R` re-uses them (if they already exist).
+
+## Run basic sanity, unit or integration tests locally (with ansible-test)
+
+Instead of using antsibull-nox, you can also run sanity and unit tests with ansible-test directly.
+This also allows you to run integration tests.

 You have to check out the repository into a specific path structure to be able to run `ansible-test`. The path to the git checkout must end with `.../ansible_collections/community/general`. Please see [our testing guide](https://github.com/ansible/community-docs/blob/main/test_pr_locally_guide.rst) for instructions on how to check out the repository into a correct path structure. The short version of these instructions is:

@@ -56,20 +98,27 @@ cd ~/dev/ansible_collections/community/general

 Then you can run `ansible-test` (which is a part of [ansible-core](https://pypi.org/project/ansible-core/)) inside the checkout. The following example commands expect that you have installed Docker or Podman. Note that Podman has only been supported by more recent ansible-core releases. If you are using Docker, the following will work with Ansible 2.9+.

-### Sanity tests
+### Basic sanity tests

-The following commands show how to run sanity tests:
+The following commands show how to run basic sanity tests:

 ```.bash
-# Run sanity tests for all files in the collection:
+# Run basic sanity tests for all files in the collection:
 ansible-test sanity --docker -v

-# Run sanity tests for the given files and directories:
+# Run basic sanity tests for the given files and directories:
 ansible-test sanity --docker -v plugins/modules/system/pids.py tests/integration/targets/pids/
 ```

 ### Unit tests

+Note that for running unit tests, you need to install required collections in the same folder structure that `community.general` is checked out in.
+Right now, you need to install [`community.internal_test_tools`](https://github.com/ansible-collections/community.internal_test_tools).
+If you want to use the latest version from GitHub, you can run:
+```
+git clone https://github.com/ansible-collections/community.internal_test_tools.git ~/dev/ansible_collections/community/internal_test_tools
+```
+
 The following commands show how to run unit tests:

 ```.bash
@@ -85,6 +134,16 @@ ansible-test units --docker -v --python 3.8 tests/unit/plugins/modules/net_tools

 ### Integration tests

+Note that for running integration tests, you need to install required collections in the same folder structure that `community.general` is checked out in.
+Right now, depending on the test, you need to install [`ansible.posix`](https://github.com/ansible-collections/ansible.posix), [`community.crypto`](https://github.com/ansible-collections/community.crypto), and [`community.docker`](https://github.com/ansible-collections/community.docker):
+If you want to use the latest versions from GitHub, you can run:
+```
+mkdir -p ~/dev/ansible_collections/ansible
+git clone https://github.com/ansible-collections/ansible.posix.git ~/dev/ansible_collections/ansible/posix
+git clone https://github.com/ansible-collections/community.crypto.git ~/dev/ansible_collections/community/crypto
+git clone https://github.com/ansible-collections/community.docker.git ~/dev/ansible_collections/community/docker
+```
+
 The following commands show how to run integration tests:

 #### In Docker
@@ -92,8 +151,8 @@ The following commands show how to run integration tests:
 Integration tests on Docker have the following parameters:
 - `image_name` (required): The name of the Docker image. To get the list of supported Docker images, run
  `ansible-test integration --help` and look for _target docker images_.
- `test_name` (optional): The name of the integration test.  
-  For modules, this equals the short name of the module; for example, `pacman` in case of `community.general.pacman`.  
+- `test_name` (optional): The name of the integration test.
+  For modules, this equals the short name of the module; for example, `pacman` in case of `community.general.pacman`.
  For plugins, the plugin type is added before the plugin's short name, for example `callback_yaml` for the `community.general.yaml` callback.
 ```.bash
 # Test all plugins/modules on fedora40
--- a/README.md
+++ b/README.md
@@ -6,8 +6,10 @@ SPDX-License-Identifier: GPL-3.0-or-later

 # Community General Collection

-[![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-9)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
-[![EOL CI](https://github.com/ansible-collections/community.general/workflows/EOL%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.general/actions)
+[![Documentation](https://img.shields.io/badge/docs-brightgreen.svg)](https://docs.ansible.com/ansible/latest/collections/community/general/)
+[![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-10)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
+[![EOL CI](https://github.com/ansible-collections/community.general/actions/workflows/ansible-test.yml/badge.svg?branch=stable-10)](https://github.com/ansible-collections/community.general/actions)
+[![Nox CI](https://github.com/ansible-collections/community.general/actions/workflows/nox.yml/badge.svg?branch=stable-10)](https://github.com/ansible-collections/community.general/actions)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
 [![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.general)](https://api.reuse.software/info/github.com/ansible-collections/community.general)

@@ -37,7 +39,7 @@ For more information about communication, see the [Ansible communication guide](

 ## Tested with Ansible

-Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, ansible-core 2.17, ansible-core 2.18 releases and the current development version of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
+Tested with the current ansible-core 2.15, ansible-core 2.16, ansible-core 2.17, ansible-core 2.18, ansible-core 2.19 releases and the current development version of ansible-core. Ansible-core versions before 2.15.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.

 ## External requirements

@@ -116,7 +118,7 @@ See the [Releasing guidelines](https://github.com/ansible/community-docs/blob/ma

 ## Release notes

-See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-9/CHANGELOG.md).
+See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-10/CHANGELOG.md).

 ## Roadmap

@@ -135,8 +137,8 @@ See [this issue](https://github.com/ansible-collections/community.general/issues

 This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.

-See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.general/blob/stable-9/COPYING) for the full text.
+See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.general/blob/stable-10/COPYING) for the full text.

-Parts of the collection are licensed under the [BSD 2-Clause license](https://github.com/ansible-collections/community.general/blob/stable-9/LICENSES/BSD-2-Clause.txt), the [MIT license](https://github.com/ansible-collections/community.general/blob/stable-9/LICENSES/MIT.txt), and the [PSF 2.0 license](https://github.com/ansible-collections/community.general/blob/stable-9/LICENSES/PSF-2.0.txt).
+Parts of the collection are licensed under the [BSD 2-Clause license](https://github.com/ansible-collections/community.general/blob/stable-10/LICENSES/BSD-2-Clause.txt), the [MIT license](https://github.com/ansible-collections/community.general/blob/stable-10/LICENSES/MIT.txt), and the [PSF 2.0 license](https://github.com/ansible-collections/community.general/blob/stable-10/LICENSES/PSF-2.0.txt).

-All files have a machine readable `SDPX-License-Identifier:` comment denoting its respective license(s) or an equivalent entry in an accompanying `.license` file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in `.reuse/dep5`. This conforms to the [REUSE specification](https://reuse.software/spec/).
+All files have a machine readable `SDPX-License-Identifier:` comment denoting its respective license(s) or an equivalent entry in an accompanying `.license` file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in `REUSE.toml`. This conforms to the [REUSE specification](https://reuse.software/spec/).
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -0,0 +1,11 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+version = 1
+
+[[annotations]]
+path = "changelogs/fragments/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "Ansible Project"
+SPDX-License-Identifier = "GPL-3.0-or-later"
--- a/antsibull-nox.toml
+++ b/antsibull-nox.toml
@@ -0,0 +1,62 @@
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+# SPDX-FileCopyrightText: 2025 Felix Fontein <felix@fontein.de>
+
+[collection_sources]
+"ansible.posix" = "git+https://github.com/ansible-collections/ansible.posix.git,main"
+"community.crypto" = "git+https://github.com/ansible-collections/community.crypto.git,main"
+"community.docker" = "git+https://github.com/ansible-collections/community.docker.git,main"
+"community.internal_test_tools" = "git+https://github.com/ansible-collections/community.internal_test_tools.git,main"
+
+[collection_sources_per_ansible.'2.15']
+# community.crypto's main branch needs ansible-core >= 2.17
+"community.crypto" = "git+https://github.com/ansible-collections/community.crypto.git,stable-2"
+
+[collection_sources_per_ansible.'2.16']
+# community.crypto's main branch needs ansible-core >= 2.17
+"community.crypto" = "git+https://github.com/ansible-collections/community.crypto.git,stable-2"
+
+[sessions]
+
+[sessions.docs_check]
+validate_collection_refs="all"
+
+[sessions.license_check]
+
+[sessions.extra_checks]
+run_no_unwanted_files = true
+no_unwanted_files_module_extensions = [".py"]
+no_unwanted_files_yaml_extensions = [".yml"]
+run_action_groups = true
+
+[[sessions.extra_checks.action_groups_config]]
+name = "consul"
+pattern = "^consul_.*$"
+exclusions = [
+    "consul_acl_bootstrap",
+    "consul_kv",
+]
+doc_fragment = "community.general.consul.actiongroup_consul"
+
+[[sessions.extra_checks.action_groups_config]]
+name = "keycloak"
+pattern = "^keycloak_.*$"
+exclusions = [
+    "keycloak_realm_info",
+]
+doc_fragment = "community.general.keycloak.actiongroup_keycloak"
+
+[[sessions.extra_checks.action_groups_config]]
+name = "proxmox"
+pattern = "^proxmox(_.*)?$"
+exclusions = []
+doc_fragment = "community.general.proxmox.actiongroup_proxmox"
+
+[sessions.build_import_check]
+run_galaxy_importer = true
+
+[sessions.ansible_test_sanity]
+include_devel = true
+
+[sessions.ansible_test_units]
+include_devel = true
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
--- a/docs/docsite/extra-docs.yml
+++ b/docs/docsite/extra-docs.yml
@@ -20,3 +20,4 @@ sections:
      - guide_vardict
      - guide_cmdrunner
      - guide_modulehelper
+      - guide_uthelper
--- a/docs/docsite/rst/filter_guide.rst
+++ b/docs/docsite/rst/filter_guide.rst
@@ -8,7 +8,7 @@
 community.general Filter Guide
 ==============================

-The :ref:`community.general collection <plugins_in_community.general>` offers several useful filter plugins.
+The :anscollection:`community.general collection <community.general#collection>` offers several useful filter plugins.

 .. toctree::
   :maxdepth: 2
--- a/docs/docsite/rst/filter_guide_abstract_informations_dictionaries.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_dictionaries.rst
@@ -26,8 +26,8 @@ You can use the :ansplugin:`community.general.dict_kv filter <community.general.
          type: host
          database: all
        myservers:
-        - server1
-        - server2
+          - server1
+          - server2

 This produces:

--- a/docs/docsite/rst/filter_guide_abstract_informations_lists_helper.rst
+++ b/docs/docsite/rst/filter_guide_abstract_informations_lists_helper.rst
@@ -65,7 +65,7 @@ All three statements are equivalent and give:

 .. note:: Be aware that in most cases, filter calls without any argument require ``flatten=true``, otherwise the input is returned as result. The reason for this is, that the input is considered as a variable argument and is wrapped by an additional outer list. ``flatten=true`` ensures that this list is removed before the input is processed by the filter logic.

-The filters ansplugin:`community.general.lists_difference#filter` or :ansplugin:`community.general.lists_symmetric_difference#filter` can be used in the same way as the filters in the examples above. They calculate the difference or the symmetric difference between two or more lists and preserve the item order.
+The filters :ansplugin:`community.general.lists_difference#filter` or :ansplugin:`community.general.lists_symmetric_difference#filter` can be used in the same way as the filters in the examples above. They calculate the difference or the symmetric difference between two or more lists and preserve the item order.

 For example, the symmetric difference of ``A``, ``B`` and ``C`` may be written as:

--- a/docs/docsite/rst/filter_guide_selecting_json_data.rst
+++ b/docs/docsite/rst/filter_guide_selecting_json_data.rst
@@ -17,50 +17,50 @@ Consider this data structure:
 .. code-block:: yaml+jinja

    {
-        "domain_definition": {
-            "domain": {
-                "cluster": [
-                    {
-                        "name": "cluster1"
-                    },
-                    {
-                        "name": "cluster2"
-                    }
-                ],
-                "server": [
-                    {
-                        "name": "server11",
-                        "cluster": "cluster1",
-                        "port": "8080"
-                    },
-                    {
-                        "name": "server12",
-                        "cluster": "cluster1",
-                        "port": "8090"
-                    },
-                    {
-                        "name": "server21",
-                        "cluster": "cluster2",
-                        "port": "9080"
-                    },
-                    {
-                        "name": "server22",
-                        "cluster": "cluster2",
-                        "port": "9090"
-                    }
-                ],
-                "library": [
-                    {
-                        "name": "lib1",
-                        "target": "cluster1"
-                    },
-                    {
-                        "name": "lib2",
-                        "target": "cluster2"
-                    }
-                ]
+      "domain_definition": {
+        "domain": {
+          "cluster": [
+            {
+              "name": "cluster1"
+            },
+            {
+              "name": "cluster2"
            }
+          ],
+          "server": [
+            {
+              "name": "server11",
+              "cluster": "cluster1",
+              "port": "8080"
+            },
+            {
+              "name": "server12",
+              "cluster": "cluster1",
+              "port": "8090"
+            },
+            {
+              "name": "server21",
+              "cluster": "cluster2",
+              "port": "9080"
+            },
+            {
+              "name": "server22",
+              "cluster": "cluster2",
+              "port": "9090"
+            }
+          ],
+          "library": [
+            {
+              "name": "lib1",
+              "target": "cluster1"
+            },
+            {
+              "name": "lib2",
+              "target": "cluster2"
+            }
+          ]
        }
+      }
    }

 To extract all clusters from this structure, you can use the following query:
@@ -124,7 +124,7 @@ To get a hash map with all ports and names of a cluster:
        var: item
      loop: "{{ domain_definition | community.general.json_query(server_name_cluster1_query) }}"
      vars:
-        server_name_cluster1_query: "domain.server[?cluster=='cluster2'].{name: name, port: port}"
+        server_name_cluster1_query: "domain.server[?cluster=='cluster1'].{name: name, port: port}"

 To extract ports from all clusters with name starting with 'server1':

--- a/docs/docsite/rst/guide_alicloud.rst
+++ b/docs/docsite/rst/guide_alicloud.rst
@@ -78,17 +78,17 @@ If you do not specify a ``count_tag``, the task creates the number of instances
      tasks:
        - name: Create a set of instances
          community.general.ali_instance:
-             instance_type: ecs.n4.small
-             image_id: "{{ ami_id }}"
-             instance_name: "My-new-instance"
-             instance_tags:
-                 Name: NewECS
-                 Version: 0.0.1
-             count: 5
-             count_tag:
-                 Name: NewECS
-             allocate_public_ip: true
-             max_bandwidth_out: 50
+            instance_type: ecs.n4.small
+            image_id: "{{ ami_id }}"
+            instance_name: "My-new-instance"
+            instance_tags:
+              Name: NewECS
+              Version: 0.0.1
+            count: 5
+            count_tag:
+              Name: NewECS
+            allocate_public_ip: true
+            max_bandwidth_out: 50
          register: create_instance

 In the example playbook above, data about the instances created by this playbook is saved in the variable defined by the ``register`` keyword in the task.
--- a/docs/docsite/rst/guide_cmdrunner.rst
+++ b/docs/docsite/rst/guide_cmdrunner.rst
@@ -267,24 +267,54 @@ In these descriptions ``value`` refers to the single parameter passed to the for
        +------------+-------------------------+

 - ``cmd_runner_fmt.as_fixed()``
-    This method receives one parameter ``arg``, the function expects no ``value`` - if one
-    is provided then it is ignored.
-    The function returns ``arg`` as-is.
+    This method defines one or more fixed arguments that are returned by the generated function
+    regardless whether ``value`` is passed to it or not.

-    - Creation:
-        ``cmd_runner_fmt.as_fixed("--version")``
+    This method accepts these arguments in one of three forms:
+
+        * one scalar parameter ``arg``, which will be returned as ``[arg]`` by the function, or
+        * one sequence parameter, such as a list, ``arg``, which will be returned by the function as ``arg[0]``, or
+        * multiple parameters ``args``, which will be returned as ``args`` directly by the function.
+
+    See the examples below for each one of those forms. And, stressing that the generated function expects no ``value`` - if one
+    is provided then it is ignored.
+
+    - Creation (one scalar argument):
+        * ``cmd_runner_fmt.as_fixed("--version")``
    - Examples:
-        +---------+-----------------------+
-        | Value   | Outcome               |
-        +=========+=======================+
-        |         | ``["--version"]``     |
-        +---------+-----------------------+
-        | 57      | ``["--version"]``     |
-        +---------+-----------------------+
+        +---------+--------------------------------------+
+        | Value   | Outcome                              |
+        +=========+======================================+
+        |         | * ``["--version"]``                  |
+        +---------+--------------------------------------+
+        | 57      | * ``["--version"]``                  |
+        +---------+--------------------------------------+
+
+    - Creation (one sequence argument):
+        * ``cmd_runner_fmt.as_fixed(["--list", "--json"])``
+    - Examples:
+        +---------+--------------------------------------+
+        | Value   | Outcome                              |
+        +=========+======================================+
+        |         | * ``["--list", "--json"]``           |
+        +---------+--------------------------------------+
+        | True    | * ``["--list", "--json"]``           |
+        +---------+--------------------------------------+
+
+    - Creation (multiple arguments):
+        * ``cmd_runner_fmt.as_fixed("--one", "--two", "--three")``
+    - Examples:
+        +---------+--------------------------------------+
+        | Value   | Outcome                              |
+        +=========+======================================+
+        |         | * ``["--one", "--two", "--three"]``  |
+        +---------+--------------------------------------+
+        | False   | * ``["--one", "--two", "--three"]``  |
+        +---------+--------------------------------------+

    - Note:
        This is the only special case in which a value can be missing for the formatting function.
-        The example also comes from the code in `Quickstart`_.
+        The first example here comes from the code in `Quickstart`_.
        In that case, the module has code to determine the command's version so that it can assert compatibility.
        There is no *value* to be passed for that CLI argument.

--- a/docs/docsite/rst/guide_modulehelper.rst
+++ b/docs/docsite/rst/guide_modulehelper.rst
@@ -76,13 +76,18 @@ section above, but there are more elements that will take part in it.
    from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelper

    class MyTest(ModuleHelper):
+        # behavior for module paramaters ONLY, see below for further information
        output_params = ()
        change_params = ()
        diff_params = ()
-        facts_name = None
        facts_params = ()
+
+        facts_name = None   # used if generating facts, from parameters or otherwise
+
+        # transitional variables for the new VarDict implementation, see information below
        use_old_vardict = True
        mute_vardict_deprecation = False
+
        module = dict(
            argument_spec=dict(...),
            # ...
@@ -211,9 +216,10 @@ One of the attributes in that metadata marks the variable for output, and MH mak
    There are two ways to prevent that from happening:

        #.  Set ``mute_vardict_deprecation = True`` and the deprecation will be silenced. If the module still uses the old ``VarDict``,
-            it will not be able to update to community.general 11.0.0 (Spring 2026) upon its release.
-        #.  Set ``use_old_vardict = False`` to make the MH module use the new ``VarDict`` immediatelly.
-            The new ``VarDict`` and its use is documented and this is the recommended way to handle this.
+            it will not be able to update to community.general 11.0.0 (Spring 2025) upon its release.
+        #.  Set ``use_old_vardict = False`` to make the MH module use the new ``VarDict`` immediately.
+            We strongly recommend you use the new ``VarDict``, for that you make sure to consult its documentation at
+            :ref:`ansible_collections.community.general.docsite.guide_vardict`.

    .. code-block:: python

@@ -233,6 +239,11 @@ If you want to include some module parameters in the output, list them in the ``
        output_params = ('state', 'name')
        ...

+.. important::
+
+    The variable names listed in ``output_params`` **must be module parameters**, as in parameters listed in the module's ``argument_spec``.
+    Names not found in ``argument_spec`` are silently ignored.
+
 Another neat feature provided by MH by using ``VarDict`` is the automatic tracking of changes when setting the metadata ``change=True``.
 Again, to enable this feature for module parameters, you must list them in the ``change_params`` class variable.

@@ -243,6 +254,11 @@ Again, to enable this feature for module parameters, you must list them in the `
        change_params = ('value', )
        ...

+.. important::
+
+    The variable names listed in ``change_params`` **must be module parameters**, as in parameters listed in the module's ``argument_spec``.
+    Names not found in ``argument_spec`` are silently ignored.
+
 .. seealso::

    See more about this in
@@ -260,6 +276,11 @@ With that, MH will automatically generate the diff output for variables that hav
        # example from community.general.gio_mime
        self.vars.set_meta("handler", initial_value=gio_mime_get(self.runner, self.vars.mime_type), diff=True, change=True)

+.. important::
+
+    The variable names listed in ``diff_params`` **must be module parameters**, as in parameters listed in the module's ``argument_spec``.
+    Names not found in ``argument_spec`` are silently ignored.
+
 Moreover, if a module is set to return *facts* instead of return values, then again use the metadata ``fact=True`` and ``fact_params`` for module parameters.
 Additionally, you must specify ``facts_name``, as in:

@@ -283,6 +304,11 @@ That generates an Ansible fact like:
      debug:
        msg: Volume fact is {{ ansible_facts.volume_facts.volume }}

+.. important::
+
+    The variable names listed in ``fact_params`` **must be module parameters**, as in parameters listed in the module's ``argument_spec``.
+    Names not found in ``argument_spec`` are silently ignored.
+
 .. important::

    If ``facts_name`` is not set, the module does not generate any facts.
@@ -346,6 +372,8 @@ However, you can set output variables specifically for that exception, if you so

 .. code-block:: python

+    from ansible_collections.community.general.plugins.module_utils.module_helper import ModuleHelperException
+
    def __init_module__(self):
        if not complex_validation():
            self.do_raise("Validation failed!")
@@ -354,11 +382,16 @@ However, you can set output variables specifically for that exception, if you so
        awesomeness = calculate_awesomeness()
        if awesomeness > 1000:
            self.do_raise("Over awesome, I cannot handle it!", update_output={"awesomeness": awesomeness})
+            # which is just a convenience shortcut for
+            raise ModuleHelperException("...", update_output={...})

 All exceptions derived from ``Exception`` are captured and translated into a ``fail_json()`` call.
 However, if you do want to call ``self.module.fail_json()`` yourself it will work,
 just keep in mind that there will be no automatic handling of output variables in that case.

+Behind the curtains, all ``do_raise()`` does is to raise a ``ModuleHelperException``.
+If you want to create specialized error handling for your code, the best way is to extend that clas and raise it when needed.
+
 .. _ansible_collections.community.general.docsite.guide_modulehelper.statemh:

 StateModuleHelper
@@ -461,6 +494,11 @@ Additionally, MH will also delegate:
 - ``diff_mode`` to ``self.module._diff``
 - ``verbosity`` to ``self.module._verbosity``

+Starting in community.general 10.3.0, MH will also delegate the method ``debug`` to ``self.module``.
+If any existing module already has a ``debug`` attribute defined, a warning message will be generated,
+requesting it to be renamed. Upon the release of community.general 12.0.0, the delegation will be
+preemptive and will override any existing method or property in the subclasses.
+
 Decorators
 """"""""""

--- a/docs/docsite/rst/guide_packet.rst
+++ b/docs/docsite/rst/guide_packet.rst
@@ -67,16 +67,16 @@ The following code block is a simple playbook that creates one `Type 0 <https://
      hosts: localhost
      tasks:

-      - community.general.packet_sshkey:
-          key_file: ./id_rsa.pub
-          label: tutorial key
+        - community.general.packet_sshkey:
+            key_file: ./id_rsa.pub
+            label: tutorial key

-      - community.general.packet_device:
-          project_id: <your_project_id>
-          hostnames: myserver
-          operating_system: ubuntu_16_04
-          plan: baremetal_0
-          facility: sjc1
+        - community.general.packet_device:
+            project_id: <your_project_id>
+            hostnames: myserver
+            operating_system: ubuntu_16_04
+            plan: baremetal_0
+            facility: sjc1

 After running ``ansible-playbook playbook_create.yml``, you should have a server provisioned on Packet. You can verify through a CLI or in the `Packet portal <https://app.packet.net/portal#/projects/list/table>`__.

@@ -110,10 +110,10 @@ If your playbook acts on existing Packet devices, you can only pass the ``hostna
      hosts: localhost
      tasks:

-      - community.general.packet_device:
-          project_id: <your_project_id>
-          hostnames: myserver
-          state: rebooted
+        - community.general.packet_device:
+            project_id: <your_project_id>
+            hostnames: myserver
+            state: rebooted

 You can also identify specific Packet devices with the ``device_ids`` parameter. The device's UUID can be found in the `Packet Portal <https://app.packet.net/portal>`_ or by using a `CLI <https://www.packet.net/developers/integrations/>`_. The following playbook removes a Packet device using the ``device_ids`` field:

@@ -125,10 +125,10 @@ You can also identify specific Packet devices with the ``device_ids`` parameter.
      hosts: localhost
      tasks:

-      - community.general.packet_device:
-          project_id: <your_project_id>
-          device_ids: <myserver_device_id>
-          state: absent
+        - community.general.packet_device:
+            project_id: <your_project_id>
+            device_ids: <myserver_device_id>
+            state: absent


 More Complex Playbooks
@@ -153,43 +153,43 @@ The following playbook will create an SSH key, 3 Packet servers, and then wait u
      hosts: localhost
      tasks:

-      - community.general.packet_sshkey:
-          key_file: ./id_rsa.pub
-          label: new
+        - community.general.packet_sshkey:
+            key_file: ./id_rsa.pub
+            label: new

-      - community.general.packet_device:
-          hostnames: [coreos-one, coreos-two, coreos-three]
-          operating_system: coreos_beta
-          plan: baremetal_0
-          facility: ewr1
-          project_id: <your_project_id>
-          wait_for_public_IPv: 4
-          user_data: |
-            #cloud-config
-            coreos:
-              etcd2:
-                discovery: https://discovery.etcd.io/<token>
-                advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001
-                initial-advertise-peer-urls: http://$private_ipv4:2380
-                listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
-                listen-peer-urls: http://$private_ipv4:2380
-              fleet:
-                public-ip: $private_ipv4
-              units:
-                - name: etcd2.service
-                  command: start
-                - name: fleet.service
-                  command: start
-        register: newhosts
+        - community.general.packet_device:
+            hostnames: [coreos-one, coreos-two, coreos-three]
+            operating_system: coreos_beta
+            plan: baremetal_0
+            facility: ewr1
+            project_id: <your_project_id>
+            wait_for_public_IPv: 4
+            user_data: |
+              # cloud-config
+              coreos:
+                etcd2:
+                  discovery: https://discovery.etcd.io/<token>
+                  advertise-client-urls: http://$private_ipv4:2379,http://$private_ipv4:4001
+                  initial-advertise-peer-urls: http://$private_ipv4:2380
+                  listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
+                  listen-peer-urls: http://$private_ipv4:2380
+                fleet:
+                  public-ip: $private_ipv4
+                units:
+                  - name: etcd2.service
+                    command: start
+                  - name: fleet.service
+                    command: start
+          register: newhosts

-      - name: wait for ssh
-        ansible.builtin.wait_for:
-          delay: 1
-          host: "{{ item.public_ipv4 }}"
-          port: 22
-          state: started
-          timeout: 500
-        loop: "{{ newhosts.results[0].devices }}"
+        - name: wait for ssh
+          ansible.builtin.wait_for:
+            delay: 1
+            host: "{{ item.public_ipv4 }}"
+            port: 22
+            state: started
+            timeout: 500
+          loop: "{{ newhosts.results[0].devices }}"


 As with most Ansible modules, the default states of the Packet modules are idempotent, meaning the resources in your project will remain the same after re-runs of a playbook. Thus, we can keep the ``packet_sshkey`` module call in our playbook. If the public key is already in your Packet account, the call will have no effect.
--- a/docs/docsite/rst/guide_uthelper.rst
+++ b/docs/docsite/rst/guide_uthelper.rst
@@ -0,0 +1,394 @@
+..
+  Copyright (c) Ansible Project
+  GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+  SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _ansible_collections.community.general.docsite.guide_uthelper:
+
+UTHelper Guide
+==============
+
+Introduction
+^^^^^^^^^^^^
+
+``UTHelper`` was written to reduce the boilerplate code used in unit tests for modules.
+It was originally written to handle tests of modules that run external commands using ``AnsibleModule.run_command()``.
+At the time of writing (Feb 2025) that remains the only type of tests you can use
+``UTHelper`` for, but it aims to provide support for other types of interactions.
+
+Until now, there are many different ways to implement unit tests that validate a module based on the execution of external commands. See some examples:
+
+* `test_apk.py <https://github.com/ansible-collections/community.general/blob/10.3.0/tests/unit/plugins/modules/test_apk.py>`_ - A very simple one
+* `test_bootc_manage.py <https://github.com/ansible-collections/community.general/blob/10.3.0/tests/unit/plugins/modules/test_bootc_manage.py>`_ -
+  This one has more test cases, but do notice how the code is repeated amongst them.
+* `test_modprobe.py <https://github.com/ansible-collections/community.general/blob/10.3.0/tests/unit/plugins/modules/test_modprobe.py>`_ -
+  This one has 15 tests in it, but to achieve that it declares 8 classes repeating quite a lot of code.
+
+As you can notice, there is no consistency in the way these tests are executed -
+they all do the same thing eventually, but each one is written in a very distinct way.
+
+``UTHelper`` aims to:
+
+* provide a consistent idiom to define unit tests
+* reduce the code to a bare minimal, and
+* define tests as data instead
+* allow the test cases definition to be expressed not only as a Python data structure but also as YAML content
+
+Quickstart
+""""""""""
+
+To use UTHelper, your test module will need only a bare minimal of code:
+
+.. code-block:: python
+
+    # tests/unit/plugin/modules/test_ansible_module.py
+    from ansible_collections.community.general.plugins.modules import ansible_module
+    from .uthelper import UTHelper, RunCommandMock
+
+
+    UTHelper.from_module(ansible_module, __name__, mocks=[RunCommandMock])
+
+Then, in the test specification file, you have:
+
+.. code-block:: yaml
+
+    # tests/unit/plugin/modules/test_ansible_module.yaml
+    test_cases:
+      - id: test_ansible_module
+        flags:
+          diff: true
+        input:
+          state: present
+          name: Roger the Shrubber
+        output:
+          shrubbery:
+            looks: nice
+            price: not too expensive
+          changed: true
+          diff:
+            before:
+              shrubbery: null
+            after:
+              shrubbery:
+                looks: nice
+                price: not too expensive
+        mocks:
+          run_command:
+            - command: [/testbin/shrubber, --version]
+              rc: 0
+              out: "2.80.0\n"
+              err: ''
+            - command: [/testbin/shrubber, --make-shrubbery]
+              rc: 0
+              out: 'Shrubbery created'
+              err: ''
+
+.. note::
+
+    If you prefer to pick a different YAML file for the test cases, or if you prefer to define them in plain Python,
+    you can use the convenience methods ``UTHelper.from_file()`` and ``UTHelper.from_spec()``, respectively.
+    See more details below.
+
+
+Using ``UTHelper``
+^^^^^^^^^^^^^^^^^^
+
+Test Module
+"""""""""""
+
+``UTHelper`` is **strictly for unit tests**. To use it, you import the ``.uthelper.UTHelper`` class.
+As mentioned in different parts of this guide, there are three different mechanisms to load the test cases.
+
+.. seealso::
+
+    See the UTHelper class reference below for API details on the three different mechanisms.
+
+
+The easies and most recommended way of using ``UTHelper`` is literally the example shown.
+See a real world example at
+`test_gconftool2.py <https://github.com/ansible-collections/community.general/blob/10.3.0/tests/unit/plugins/modules/test_gconftool2.py>`_.
+
+The ``from_module()`` method will pick the filename of the test module up (in the example above, ``tests/unit/plugins/modules/test_gconftool2.py``)
+and it will search for ``tests/unit/plugins/modules/test_gconftool2.yaml`` (or ``.yml`` if that is not found).
+In that file it will expect to find the test specification expressed in YAML format, conforming to the structure described below LINK LINK LINK.
+
+If you prefer to read the test specifications a different file path, use ``from_file()`` passing the file handle for the YAML file.
+
+And, if for any reason you prefer or need to pass the data structure rather than dealing with YAML files, use the ``from_spec()`` method.
+A real world example for that can be found at
+`test_snap.py <https://github.com/ansible-collections/community.general/blob/main/tests/unit/plugins/modules/test_snap.py>`_.
+
+
+Test Specification
+""""""""""""""""""
+
+The structure of the test specification data is described below.
+
+Top level
+---------
+
+At the top level there are two accepted keys:
+
+- ``anchors: dict``
+    Optional. Placeholder for you to define YAML anchors that can be repeated in the test cases.
+    Its contents are never accessed directly by test Helper.
+- ``test_cases: list``
+    Mandatory. List of test cases, see below for definition.
+
+Test cases
+----------
+
+You write the test cases with five elements:
+
+- ``id: str``
+    Mandatory. Used to identify the test case.
+
+- ``flags: dict``
+    Optional. Flags controling the behavior of the test case. All flags are optional. Accepted flags:
+
+    * ``check: bool``: set to ``true`` if the module is to be executed in **check mode**.
+    * ``diff: bool``: set to ``true`` if the module is to be executed in **diff mode**.
+    * ``skip: str``: set the test case to be skipped, providing the message for ``pytest.skip()``.
+    * ``xfail: str``: set the test case to expect failure, providing the message for ``pytest.xfail()``.
+
+- ``input: dict``
+    Optional. Parameters for the Ansible module, it can be empty.
+
+- ``output: dict``
+    Optional. Expected return values from the Ansible module.
+    All RV names are used here are expected to be found in the module output, but not all RVs in the output must be here.
+    It can include special RVs such as ``changed`` and ``diff``.
+    It can be empty.
+
+- ``mocks: dict``
+    Optional. Mocked interactions, ``run_command`` being the only one supported for now.
+    Each key in this dictionary refers to one subclass of ``TestCaseMock`` and its
+    structure is dictated by the ``TestCaseMock`` subclass implementation.
+    All keys are expected to be named using snake case, as in ``run_command``.
+    The ``TestCaseMock`` subclass is responsible for defining the name used in the test specification.
+    The structure for that specification is dependent on the implementing class.
+    See more details below for the implementation of ``RunCommandMock``
+
+Example using YAML
+------------------
+
+We recommend you use ``UTHelper`` reading the test specifications from a YAML file.
+See an example below of how one actually looks like (excerpt from ``test_opkg.yaml``):
+
+..  code-block:: yaml
+
+  ---
+  anchors:
+    environ: &env-def {environ_update: {LANGUAGE: C, LC_ALL: C}, check_rc: false}
+  test_cases:
+    - id: install_zlibdev
+      input:
+        name: zlib-dev
+        state: present
+      output:
+        msg: installed 1 package(s)
+      mocks:
+        run_command:
+          - command: [/testbin/opkg, --version]
+            environ: *env-def
+            rc: 0
+            out: ''
+            err: ''
+          - command: [/testbin/opkg, list-installed, zlib-dev]
+            environ: *env-def
+            rc: 0
+            out: ''
+            err: ''
+          - command: [/testbin/opkg, install, zlib-dev]
+            environ: *env-def
+            rc: 0
+            out: |
+              Installing zlib-dev (1.2.11-6) to root...
+              Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mips_24kc/base/zlib-dev_1.2.11-6_mips_24kc.ipk
+              Installing zlib (1.2.11-6) to root...
+              Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mips_24kc/base/zlib_1.2.11-6_mips_24kc.ipk
+              Configuring zlib.
+              Configuring zlib-dev.
+            err: ''
+          - command: [/testbin/opkg, list-installed, zlib-dev]
+            environ: *env-def
+            rc: 0
+            out: |
+              zlib-dev - 1.2.11-6
+            err: ''
+    - id: install_zlibdev_present
+      input:
+        name: zlib-dev
+        state: present
+      output:
+        msg: package(s) already present
+      mocks:
+        run_command:
+          - command: [/testbin/opkg, --version]
+            environ: *env-def
+            rc: 0
+            out: ''
+            err: ''
+          - command: [/testbin/opkg, list-installed, zlib-dev]
+            environ: *env-def
+            rc: 0
+            out: |
+              zlib-dev - 1.2.11-6
+            err: ''
+
+TestCaseMocks Specifications
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``TestCaseMock`` subclass is free to define the expected data structure.
+
+RunCommandMock Specification
+""""""""""""""""""""""""""""
+
+``RunCommandMock`` mocks can be specified with the key ``run_command`` and it expects a ``list`` in which elements follow the structure:
+
+- ``command: Union[list, str]``
+    Mandatory. The command that is expected to be executed by the module. It corresponds to the parameter ``args`` of the ``AnsibleModule.run_command()`` call.
+    It can be either a list or a string, though the list form is generally recommended.
+- ``environ: dict``
+    Mandatory. All other parameters passed to the ``AnsibleModule.run_command()`` call.
+    Most commonly used are ``environ_update`` and ``check_rc``.
+    Must include all parameters the Ansible module uses in the ``AnsibleModule.run_command()`` call, otherwise the test will fail.
+- ``rc: int``
+    Mandatory. The return code for the command execution.
+    As per usual in bash scripting, a value of ``0`` means success, whereas any other number is an error code.
+- ``out: str``
+    Mandatory. The *stdout* result of the command execution, as one single string containing zero or more lines.
+- ``err: str``
+    Mandatory. The *stderr* result of the command execution, as one single string containing zero or more lines.
+
+
+``UTHelper`` Reference
+^^^^^^^^^^^^^^^^^^^^^^
+
+.. py:module:: .uthelper
+
+  .. py:class:: UTHelper
+
+    A class to encapsulate unit tests.
+
+    .. py:staticmethod:: from_spec(ansible_module, test_module, test_spec, mocks=None)
+
+      Creates an ``UTHelper`` instance from a given test specification.
+
+      :param ansible_module: The Ansible module to be tested.
+      :type ansible_module: module
+      :param test_module: The test module.
+      :type test_module: module
+      :param test_spec: The test specification.
+      :type test_spec: dict
+      :param mocks: List of ``TestCaseMocks`` to be used during testing. Currently only ``RunCommandMock`` exists.
+      :type mocks: list or None
+      :return: An ``UTHelper`` instance.
+      :rtype: UTHelper
+
+      Example usage of ``from_spec()``:
+
+      .. code-block:: python
+
+          import sys
+
+          from ansible_collections.community.general.plugins.modules import ansible_module
+          from .uthelper import UTHelper, RunCommandMock
+
+          TEST_SPEC = dict(
+              test_cases=[
+                  ...
+              ]
+          )
+
+          helper = UTHelper.from_spec(ansible_module, sys.modules[__name__], TEST_SPEC, mocks=[RunCommandMock])
+
+    .. py:staticmethod:: from_file(ansible_module, test_module, test_spec_filehandle, mocks=None)
+
+      Creates an ``UTHelper`` instance from a test specification file.
+
+      :param ansible_module: The Ansible module to be tested.
+      :type ansible_module: module
+      :param test_module: The test module.
+      :type test_module: module
+      :param test_spec_filehandle: A file handle to an file stream handle providing the test specification in YAML format.
+      :type test_spec_filehandle: file
+      :param mocks: List of ``TestCaseMocks`` to be used during testing. Currently only ``RunCommandMock`` exists.
+      :type mocks: list or None
+      :return: An ``UTHelper`` instance.
+      :rtype: UTHelper
+
+      Example usage of ``from_file()``:
+
+      .. code-block:: python
+
+          import sys
+
+          from ansible_collections.community.general.plugins.modules import ansible_module
+          from .uthelper import UTHelper, RunCommandMock
+
+          with open("test_spec.yaml", "r") as test_spec_filehandle:
+              helper = UTHelper.from_file(ansible_module, sys.modules[__name__], test_spec_filehandle, mocks=[RunCommandMock])
+
+    .. py:staticmethod:: from_module(ansible_module, test_module_name, mocks=None)
+
+      Creates an ``UTHelper`` instance from a given Ansible module and test module.
+
+      :param ansible_module: The Ansible module to be tested.
+      :type ansible_module: module
+      :param test_module_name: The name of the test module. It works if passed ``__name__``.
+      :type test_module_name: str
+      :param mocks: List of ``TestCaseMocks`` to be used during testing. Currently only ``RunCommandMock`` exists.
+      :type mocks: list or None
+      :return: An ``UTHelper`` instance.
+      :rtype: UTHelper
+
+      Example usage of ``from_module()``:
+
+      .. code-block:: python
+
+          from ansible_collections.community.general.plugins.modules import ansible_module
+          from .uthelper import UTHelper, RunCommandMock
+
+          # Example usage
+          helper = UTHelper.from_module(ansible_module, __name__, mocks=[RunCommandMock])
+
+
+Creating TestCaseMocks
+^^^^^^^^^^^^^^^^^^^^^^
+
+To create a new ``TestCaseMock`` you must extend that class and implement the relevant parts:
+
+.. code-block:: python
+
+    class ShrubberyMock(TestCaseMock):
+        # this name is mandatory, it is the name used in the test specification
+        name = "shrubbery"
+
+        def setup(self, mocker):
+            # perform setup, commonly using mocker to patch some other piece of code
+            ...
+
+        def check(self, test_case, results):
+            # verify the tst execution met the expectations of the test case
+            # for example the function was called as many times as it should
+            ...
+
+        def fixtures(self):
+            # returns a dict mapping names to pytest fixtures that should be used for the test case
+            # for example, in RunCommandMock it creates a fixture that patches AnsibleModule.get_bin_path
+            ...
+
+Caveats
+^^^^^^^
+
+Known issues/opportunities for improvement:
+
+* Only one ``UTHelper`` per test module: UTHelper injects a test function with a fixed name into the module's namespace,
+  so placing a second ``UTHelper`` instance is going to overwrite the function created by the first one.
+* Order of elements in module's namespace is not consistent across executions in Python 3.5, so if adding more tests to the test module
+  might make Test Helper add its function before or after the other test functions.
+  In the community.general collection the CI processes uses ``pytest-xdist`` to paralellize and distribute the tests,
+  and it requires the order of the tests to be consistent.
+
+.. versionadded:: 7.5.0
--- a/docs/docsite/rst/guide_vardict.rst
+++ b/docs/docsite/rst/guide_vardict.rst
@@ -51,7 +51,7 @@ And by the time the module is about to exit:

 That makes the return value of the module:

-.. code-block:: javascript
+.. code-block:: json

    {
        "abc": 123,
--- a/docs/docsite/rst/test_guide.rst
+++ b/docs/docsite/rst/test_guide.rst
@@ -8,7 +8,7 @@
 community.general Test (Plugin) Guide
 =====================================

-The :ref:`community.general collection <plugins_in_community.general>` offers currently one test plugin.
+The :anscollection:`community.general collection <community.general#collection>` offers currently one test plugin.

 .. contents:: Topics

--- a/galaxy.yml
+++ b/galaxy.yml
@@ -5,7 +5,7 @@

 namespace: community
 name: general
-version: 9.5.0
+version: 10.7.2
 readme: README.md
 authors:
  - Ansible (https://github.com/ansible)
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@@ -3,7 +3,7 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-requires_ansible: '>=2.13.0'
+requires_ansible: '>=2.15.0'
 action_groups:
  consul:
    - consul_agent_check
@@ -16,6 +16,8 @@ action_groups:
    - consul_token
  proxmox:
    - proxmox
+    - proxmox_backup
+    - proxmox_backup_info
    - proxmox_disk
    - proxmox_domain_info
    - proxmox_group_info
@@ -31,6 +33,34 @@ action_groups:
    - proxmox_template
    - proxmox_user_info
    - proxmox_vm_info
+  keycloak:
+    - keycloak_authentication
+    - keycloak_authentication_required_actions
+    - keycloak_authz_authorization_scope
+    - keycloak_authz_custom_policy
+    - keycloak_authz_permission
+    - keycloak_authz_permission_info
+    - keycloak_client
+    - keycloak_client_rolemapping
+    - keycloak_client_rolescope
+    - keycloak_clientscope
+    - keycloak_clientscope_type
+    - keycloak_clientsecret_info
+    - keycloak_clientsecret_regenerate
+    - keycloak_clienttemplate
+    - keycloak_component
+    - keycloak_component_info
+    - keycloak_group
+    - keycloak_identity_provider
+    - keycloak_realm
+    - keycloak_realm_key
+    - keycloak_realm_keys_metadata_info
+    - keycloak_realm_rolemapping
+    - keycloak_role
+    - keycloak_user
+    - keycloak_user_federation
+    - keycloak_user_rolemapping
+    - keycloak_userprofile
 plugin_routing:
  callback:
    actionable:
@@ -44,7 +74,7 @@ plugin_routing:
        warning_text: Use the 'default' callback plugin with 'display_skipped_hosts
          = no' option.
    hipchat:
-      deprecation:
+      tombstone:
        removal_version: 10.0.0
        warning_text: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
    osx_say:
@@ -54,6 +84,11 @@ plugin_routing:
        removal_version: 2.0.0
        warning_text: Use the 'default' callback plugin with 'display_failed_stderr
          = yes' option.
+    yaml:
+      deprecation:
+        removal_version: 12.0.0
+        warning_text: >-
+          The plugin has been superseded by the the option `result_format=yaml` in callback plugin ansible.builtin.default from ansible-core 2.13 onwards.
  connection:
    docker:
      redirect: community.docker.docker
@@ -64,6 +99,10 @@ plugin_routing:
      redirect: community.google.gcp_storage_file
    hashi_vault:
      redirect: community.hashi_vault.hashi_vault
+    manifold:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: Company was acquired in 2021 and service was ceased afterwards.
    nios:
      redirect: infoblox.nios_modules.nios_lookup
    nios_next_ip:
@@ -71,140 +110,64 @@ plugin_routing:
    nios_next_network:
      redirect: infoblox.nios_modules.nios_next_network
  modules:
-    consul_acl:
-      deprecation:
-        removal_version: 10.0.0
-        warning_text: Use community.general.consul_token and/or community.general.consul_policy instead.
-    hipchat:
-      deprecation:
-        removal_version: 11.0.0
-        warning_text: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
-    rax_cbs_attachments:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_cbs:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_cdb_database:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_cdb_user:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_cdb:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_clb_nodes:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_clb_ssl:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_clb:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_dns_record:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_dns:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_facts:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_files_objects:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_files:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_identity:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_keypair:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_meta:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_mon_alarm:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_mon_check:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_mon_entity:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_mon_notification_plan:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_mon_notification:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_network:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_queue:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_scaling_group:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rax_scaling_policy:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on the deprecated package pyrax.
-    rhn_channel:
-      deprecation:
-        removal_version: 10.0.0
-        warning_text: RHN is EOL, please contact the community.general maintainers
-          if still using this; see the module documentation for more details.
-    rhn_register:
-      deprecation:
-        removal_version: 10.0.0
-        warning_text: RHN is EOL, please contact the community.general maintainers
-          if still using this; see the module documentation for more details.
-    stackdriver:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This module relied on HTTPS APIs that do not exist anymore,
-          and any new development in the direction of providing an alternative should
-          happen in the context of the google.cloud collection.
    ali_instance_facts:
      tombstone:
        removal_version: 3.0.0
        warning_text: Use community.general.ali_instance_info instead.
+    atomic_container:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Project Atomic was sunset by the end of 2019.
+    atomic_host:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Project Atomic was sunset by the end of 2019.
+    atomic_image:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Project Atomic was sunset by the end of 2019.
    cisco_spark:
      redirect: community.general.cisco_webex
+    clc_alert_policy:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_blueprint_package:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_firewall_policy:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_group:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_loadbalancer:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_modify_server:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_publicip:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_server:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    clc_server_snapshot:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: CenturyLink Cloud services went EOL in September 2023.
+    consul_acl:
+      tombstone:
+        removal_version: 10.0.0
+        warning_text: Use community.general.consul_token and/or community.general.consul_policy instead.
    docker_compose:
      redirect: community.docker.docker_compose
    docker_config:
@@ -259,6 +222,10 @@ plugin_routing:
      redirect: community.docker.docker_volume
    docker_volume_info:
      redirect: community.docker.docker_volume_info
+    facter:
+      deprecation:
+        removal_version: 12.0.0
+        warning_text: Use community.general.facter_facts instead.
    flowdock:
      tombstone:
        removal_version: 9.0.0
@@ -352,6 +319,10 @@ plugin_routing:
      redirect: community.hrobot.firewall
    hetzner_firewall_info:
      redirect: community.hrobot.firewall_info
+    hipchat:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
    hpilo_facts:
      tombstone:
        removal_version: 3.0.0
@@ -673,6 +644,26 @@ plugin_routing:
      redirect: community.postgresql.postgresql_user
    postgresql_user_obj_stat_info:
      redirect: community.postgresql.postgresql_user_obj_stat_info
+    profitbricks:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: Supporting library is unsupported since 2021.
+    profitbricks_datacenter:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: Supporting library is unsupported since 2021.
+    profitbricks_nic:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: Supporting library is unsupported since 2021.
+    profitbricks_volume:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: Supporting library is unsupported since 2021.
+    profitbricks_volume_attachments:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: Supporting library is unsupported since 2021.
    purefa_facts:
      tombstone:
        removal_version: 3.0.0
@@ -685,10 +676,122 @@ plugin_routing:
      tombstone:
        removal_version: 3.0.0
        warning_text: Use community.general.python_requirements_info instead.
+    rax_cbs_attachments:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_cbs:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_cdb_database:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_cdb_user:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_cdb:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_clb_nodes:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_clb_ssl:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_clb:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_dns_record:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_dns:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_facts:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_files_objects:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_files:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_identity:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_keypair:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_meta:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_mon_alarm:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_mon_check:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_mon_entity:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_mon_notification_plan:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_mon_notification:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_network:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_queue:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_scaling_group:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
+    rax_scaling_policy:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on the deprecated package pyrax.
    redfish_facts:
      tombstone:
        removal_version: 3.0.0
        warning_text: Use community.general.redfish_info instead.
+    rhn_channel:
+      tombstone:
+        removal_version: 10.0.0
+        warning_text: RHN is EOL.
+    rhn_register:
+      tombstone:
+        removal_version: 10.0.0
+        warning_text: RHN is EOL.
    sapcar_extract:
      redirect: community.sap_libs.sapcar_extract
    sap_task_list_execute:
@@ -721,6 +824,26 @@ plugin_routing:
      tombstone:
        removal_version: 3.0.0
        warning_text: Use community.general.scaleway_volume_info instead.
+    sensu_check:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20.
+    sensu_client:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20.
+    sensu_handler:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20.
+    sensu_silence:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20.
+    sensu_subscription:
+      deprecation:
+        removal_version: 13.0.0
+        warning_text: Sensu Core and Sensu Enterprise products have been End of Life since 2019/20.
    sf_account_manager:
      tombstone:
        removal_version: 2.0.0
@@ -745,6 +868,12 @@ plugin_routing:
      tombstone:
        removal_version: 3.0.0
        warning_text: Use community.general.smartos_image_info instead.
+    stackdriver:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module relied on HTTPS APIs that do not exist anymore,
+          and any new development in the direction of providing an alternative should
+          happen in the context of the google.cloud collection.
    vertica_facts:
      tombstone:
        removal_version: 3.0.0
@@ -779,11 +908,6 @@ plugin_routing:
        removal_version: 3.0.0
        warning_text: Use community.general.xenserver_guest_info instead.
  doc_fragments:
-    rackspace:
-      tombstone:
-        removal_version: 9.0.0
-        warning_text: This doc fragment was used by rax modules, that relied on the deprecated
-          package pyrax.
    _gcp:
      redirect: community.google._gcp
    docker:
@@ -798,11 +922,16 @@ plugin_routing:
      redirect: infoblox.nios_modules.nios
    postgresql:
      redirect: community.postgresql.postgresql
-  module_utils:
-    rax:
+    purestorage:
+      deprecation:
+        removal_version: 12.0.0
+        warning_text: The modules for purestorage were removed in community.general 3.0.0, this document fragment was left behind.
+    rackspace:
      tombstone:
        removal_version: 9.0.0
-        warning_text: This module util relied on the deprecated package pyrax.
+        warning_text: This doc fragment was used by rax modules, that relied on the deprecated
+          package pyrax.
+  module_utils:
    docker.common:
      redirect: community.docker.common
    docker.swarm:
@@ -821,6 +950,14 @@ plugin_routing:
      redirect: infoblox.nios_modules.api
    postgresql:
      redirect: community.postgresql.postgresql
+    pure:
+      deprecation:
+        removal_version: 12.0.0
+        warning_text: The modules for purestorage were removed in community.general 3.0.0, this module util was left behind.
+    rax:
+      tombstone:
+        removal_version: 9.0.0
+        warning_text: This module util relied on the deprecated package pyrax.
    remote_management.dellemc.dellemc_idrac:
      redirect: dellemc.openmanage.dellemc_idrac
    remote_management.dellemc.ome:
@@ -832,6 +969,10 @@ plugin_routing:
      redirect: community.docker.docker_swarm
    kubevirt:
      redirect: community.kubevirt.kubevirt
+    stackpath_compute:
+      deprecation:
+        removal_version: 11.0.0
+        warning_text: The company and the service were sunset in June 2024.
  filter:
    path_join:
      # The ansible.builtin.path_join filter has been added in ansible-base 2.10.
--- a/noxfile.py
+++ b/noxfile.py
@@ -0,0 +1,38 @@
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+# SPDX-FileCopyrightText: 2025 Felix Fontein <felix@fontein.de>
+
+# /// script
+# dependencies = ["nox>=2025.02.09", "antsibull-nox"]
+# ///
+
+import sys
+
+import nox
+
+
+try:
+    import antsibull_nox
+except ImportError:
+    print("You need to install antsibull-nox in the same Python environment as nox.")
+    sys.exit(1)
+
+
+antsibull_nox.load_antsibull_nox_toml()
+
+
+@nox.session(name="aliases", python=False, default=True)
+def aliases(session: nox.Session) -> None:
+    session.run("python", "tests/sanity/extra/aliases.py")
+
+
+@nox.session(name="botmeta", default=True)
+def botmeta(session: nox.Session) -> None:
+    session.install("PyYAML", "voluptuous")
+    session.run("python", "tests/sanity/extra/botmeta.py")
+
+
+# Allow to run the noxfile with `python noxfile.py`, `pipx run noxfile.py`, or similar.
+# Requires nox >= 2025.02.09
+if __name__ == "__main__":
+    nox.main()
--- a/plugins/action/iptables_state.py
+++ b/plugins/action/iptables_state.py
@@ -3,8 +3,7 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
+from __future__ import annotations

 import time

@@ -22,25 +21,33 @@ class ActionModule(ActionBase):
    _VALID_ARGS = frozenset(('path', 'state', 'table', 'noflush', 'counters', 'modprobe', 'ip_version', 'wait'))
    DEFAULT_SUDOABLE = True

-    MSG_ERROR__ASYNC_AND_POLL_NOT_ZERO = (
-        "This module doesn't support async>0 and poll>0 when its 'state' param "
-        "is set to 'restored'. To enable its rollback feature (that needs the "
-        "module to run asynchronously on the remote), please set task attribute "
-        "'poll' (=%s) to 0, and 'async' (=%s) to a value >2 and not greater than "
-        "'ansible_timeout' (=%s) (recommended).")
-    MSG_WARNING__NO_ASYNC_IS_NO_ROLLBACK = (
-        "Attempts to restore iptables state without rollback in case of mistake "
-        "may lead the ansible controller to loose access to the hosts and never "
-        "regain it before fixing firewall rules through a serial console, or any "
-        "other way except SSH. Please set task attribute 'poll' (=%s) to 0, and "
-        "'async' (=%s) to a value >2 and not greater than 'ansible_timeout' (=%s) "
-        "(recommended).")
-    MSG_WARNING__ASYNC_GREATER_THAN_TIMEOUT = (
-        "You attempt to restore iptables state with rollback in case of mistake, "
-        "but with settings that will lead this rollback to happen AFTER that the "
-        "controller will reach its own timeout. Please set task attribute 'poll' "
-        "(=%s) to 0, and 'async' (=%s) to a value >2 and not greater than "
-        "'ansible_timeout' (=%s) (recommended).")
+    @staticmethod
+    def msg_error__async_and_poll_not_zero(task_poll, task_async, max_timeout):
+        return (
+            "This module doesn't support async>0 and poll>0 when its 'state' param "
+            "is set to 'restored'. To enable its rollback feature (that needs the "
+            "module to run asynchronously on the remote), please set task attribute "
+            f"'poll' (={task_poll}) to 0, and 'async' (={task_async}) to a value >2 and not greater than "
+            f"'ansible_timeout' (={max_timeout}) (recommended).")
+
+    @staticmethod
+    def msg_warning__no_async_is_no_rollback(task_poll, task_async, max_timeout):
+        return (
+            "Attempts to restore iptables state without rollback in case of mistake "
+            "may lead the ansible controller to loose access to the hosts and never "
+            "regain it before fixing firewall rules through a serial console, or any "
+            f"other way except SSH. Please set task attribute 'poll' (={task_poll}) to 0, and "
+            f"'async' (={task_async}) to a value >2 and not greater than 'ansible_timeout' (={max_timeout}) "
+            "(recommended).")
+
+    @staticmethod
+    def msg_warning__async_greater_than_timeout(task_poll, task_async, max_timeout):
+        return (
+            "You attempt to restore iptables state with rollback in case of mistake, "
+            "but with settings that will lead this rollback to happen AFTER that the "
+            "controller will reach its own timeout. Please set task attribute 'poll' "
+            f"(={task_poll}) to 0, and 'async' (={task_async}) to a value >2 and not greater than "
+            f"'ansible_timeout' (={max_timeout}) (recommended).")

    def _async_result(self, async_status_args, task_vars, timeout):
        '''
@@ -95,18 +102,18 @@ class ActionModule(ActionBase):
            if module_args.get('state', None) == 'restored':
                if not wrap_async:
                    if not check_mode:
-                        display.warning(self.MSG_WARNING__NO_ASYNC_IS_NO_ROLLBACK % (
+                        display.warning(self.msg_error__async_and_poll_not_zero(
                            task_poll,
                            task_async,
                            max_timeout))
                elif task_poll:
-                    raise AnsibleActionFail(self.MSG_ERROR__ASYNC_AND_POLL_NOT_ZERO % (
+                    raise AnsibleActionFail(self.msg_warning__no_async_is_no_rollback(
                        task_poll,
                        task_async,
                        max_timeout))
                else:
                    if task_async > max_timeout and not check_mode:
-                        display.warning(self.MSG_WARNING__ASYNC_GREATER_THAN_TIMEOUT % (
+                        display.warning(self.msg_warning__async_greater_than_timeout(
                            task_poll,
                            task_async,
                            max_timeout))
@@ -119,10 +126,10 @@ class ActionModule(ActionBase):
                    # remote and local sides (if not the same, make the loop
                    # longer on the controller); and set a backup file path.
                    module_args['_timeout'] = task_async
-                    module_args['_back'] = '%s/iptables.state' % async_dir
+                    module_args['_back'] = f'{async_dir}/iptables.state'
                    async_status_args = dict(mode='status')
-                    confirm_cmd = 'rm -f %s' % module_args['_back']
-                    starter_cmd = 'touch %s.starter' % module_args['_back']
+                    confirm_cmd = f"rm -f {module_args['_back']}"
+                    starter_cmd = f"touch {module_args['_back']}.starter"
                    remaining_time = max(task_async, max_timeout)

            # do work!
--- a/plugins/action/shutdown.py
+++ b/plugins/action/shutdown.py
@@ -5,9 +5,8 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
+from __future__ import annotations

-__metaclass__ = type

 from ansible.errors import AnsibleError, AnsibleConnectionFailure
 from ansible.module_utils.common.text.converters import to_native, to_text
@@ -18,6 +17,10 @@ from ansible.utils.display import Display
 display = Display()


+def fmt(mapping, key):
+    return to_native(mapping[key]).strip()
+
+
 class TimedOutException(Exception):
    pass

@@ -84,31 +87,26 @@ class ActionModule(ActionBase):
    def get_distribution(self, task_vars):
        # FIXME: only execute the module if we don't already have the facts we need
        distribution = {}
-        display.debug('{action}: running setup module to get distribution'.format(action=self._task.action))
+        display.debug(f'{self._task.action}: running setup module to get distribution')
        module_output = self._execute_module(
            task_vars=task_vars,
            module_name='ansible.legacy.setup',
            module_args={'gather_subset': 'min'})
        try:
            if module_output.get('failed', False):
-                raise AnsibleError('Failed to determine system distribution. {0}, {1}'.format(
-                    to_native(module_output['module_stdout']).strip(),
-                    to_native(module_output['module_stderr']).strip()))
+                raise AnsibleError(f"Failed to determine system distribution. {fmt(module_output, 'module_stdout')}, {fmt(module_output, 'module_stderr')}")
            distribution['name'] = module_output['ansible_facts']['ansible_distribution'].lower()
            distribution['version'] = to_text(
                module_output['ansible_facts']['ansible_distribution_version'].split('.')[0])
            distribution['family'] = to_text(module_output['ansible_facts']['ansible_os_family'].lower())
-            display.debug("{action}: distribution: {dist}".format(action=self._task.action, dist=distribution))
+            display.debug(f"{self._task.action}: distribution: {distribution}")
            return distribution
        except KeyError as ke:
-            raise AnsibleError('Failed to get distribution information. Missing "{0}" in output.'.format(ke.args[0]))
+            raise AnsibleError(f'Failed to get distribution information. Missing "{ke.args[0]}" in output.')

    def get_shutdown_command(self, task_vars, distribution):
        def find_command(command, find_search_paths):
-            display.debug('{action}: running find module looking in {paths} to get path for "{command}"'.format(
-                action=self._task.action,
-                command=command,
-                paths=find_search_paths))
+            display.debug(f'{self._task.action}: running find module looking in {find_search_paths} to get path for "{command}"')
            find_result = self._execute_module(
                task_vars=task_vars,
                # prevent collection search by calling with ansible.legacy (still allows library/ override of find)
@@ -130,42 +128,37 @@ class ActionModule(ActionBase):
        if is_string(search_paths):
            search_paths = [search_paths]

-        # Error if we didn't get a list
-        err_msg = "'search_paths' must be a string or flat list of strings, got {0}"
        try:
            incorrect_type = any(not is_string(x) for x in search_paths)
            if not isinstance(search_paths, list) or incorrect_type:
                raise TypeError
        except TypeError:
-            raise AnsibleError(err_msg.format(search_paths))
+            # Error if we didn't get a list
+            err_msg = f"'search_paths' must be a string or flat list of strings, got {search_paths}"
+            raise AnsibleError(err_msg)

        full_path = find_command(shutdown_bin, search_paths)  # find the path to the shutdown command
        if not full_path:  # if we could not find the shutdown command
-            display.vvv('Unable to find command "{0}" in search paths: {1}, will attempt a shutdown using systemd '
-                        'directly.'.format(shutdown_bin, search_paths))  # tell the user we will try with systemd
+
+            # tell the user we will try with systemd
+            display.vvv(f'Unable to find command "{shutdown_bin}" in search paths: {search_paths}, will attempt a shutdown using systemd directly.')
            systemctl_search_paths = ['/bin', '/usr/bin']
            full_path = find_command('systemctl', systemctl_search_paths)  # find the path to the systemctl command
            if not full_path:  # if we couldn't find systemctl
                raise AnsibleError(
-                    'Could not find command "{0}" in search paths: {1} or systemctl command in search paths: {2}, unable to shutdown.'.
-                    format(shutdown_bin, search_paths, systemctl_search_paths))  # we give up here
+                    f'Could not find command "{shutdown_bin}" in search paths: {search_paths} or systemctl'
+                    f' command in search paths: {systemctl_search_paths}, unable to shutdown.')  # we give up here
            else:
-                return "{0} poweroff".format(full_path[0])  # done, since we cannot use args with systemd shutdown
+                return f"{full_path[0]} poweroff"  # done, since we cannot use args with systemd shutdown

        # systemd case taken care of, here we add args to the command
        args = self._get_value_from_facts('SHUTDOWN_COMMAND_ARGS', distribution, 'DEFAULT_SHUTDOWN_COMMAND_ARGS')
        # Convert seconds to minutes. If less that 60, set it to 0.
        delay_sec = self.delay
        shutdown_message = self._task.args.get('msg', self.DEFAULT_SHUTDOWN_MESSAGE)
-        return '{0} {1}'. \
-            format(
-                full_path[0],
-                args.format(
-                    delay_sec=delay_sec,
-                    delay_min=delay_sec // 60,
-                    message=shutdown_message
-                )
-            )
+
+        af = args.format(delay_sec=delay_sec, delay_min=delay_sec // 60, message=shutdown_message)
+        return f'{full_path[0]} {af}'

    def perform_shutdown(self, task_vars, distribution):
        result = {}
@@ -174,9 +167,8 @@ class ActionModule(ActionBase):

        self.cleanup(force=True)
        try:
-            display.vvv("{action}: shutting down server...".format(action=self._task.action))
-            display.debug("{action}: shutting down server with command '{command}'".
-                          format(action=self._task.action, command=shutdown_command_exec))
+            display.vvv(f"{self._task.action}: shutting down server...")
+            display.debug(f"{self._task.action}: shutting down server with command '{shutdown_command_exec}'")
            if self._play_context.check_mode:
                shutdown_result['rc'] = 0
            else:
@@ -184,16 +176,13 @@ class ActionModule(ActionBase):
        except AnsibleConnectionFailure as e:
            # If the connection is closed too quickly due to the system being shutdown, carry on
            display.debug(
-                '{action}: AnsibleConnectionFailure caught and handled: {error}'.format(action=self._task.action,
-                                                                                        error=to_text(e)))
+                f'{self._task.action}: AnsibleConnectionFailure caught and handled: {e}')
            shutdown_result['rc'] = 0

        if shutdown_result['rc'] != 0:
            result['failed'] = True
            result['shutdown'] = False
-            result['msg'] = "Shutdown command failed. Error was {stdout}, {stderr}".format(
-                stdout=to_native(shutdown_result['stdout'].strip()),
-                stderr=to_native(shutdown_result['stderr'].strip()))
+            result['msg'] = f"Shutdown command failed. Error was {fmt(shutdown_result, 'stdout')}, {fmt(shutdown_result, 'stderr')}"
            return result

        result['failed'] = False
@@ -206,7 +195,7 @@ class ActionModule(ActionBase):

        # If running with local connection, fail so we don't shutdown ourself
        if self._connection.transport == 'local' and (not self._play_context.check_mode):
-            msg = 'Running {0} with local connection would shutdown the control node.'.format(self._task.action)
+            msg = f'Running {self._task.action} with local connection would shutdown the control node.'
            return {'changed': False, 'elapsed': 0, 'shutdown': False, 'failed': True, 'msg': msg}

        if task_vars is None:
--- a/plugins/become/doas.py
+++ b/plugins/become/doas.py
@@ -2,89 +2,88 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: doas
-    short_description: Do As user
+DOCUMENTATION = r"""
+name: doas
+short_description: Do As user
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(doas) utility.
+author: Ansible Core Team
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    type: string
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: doas_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_doas_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_DOAS_USER
+  become_exe:
+    description: C(doas) executable.
+    type: string
+    default: doas
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: doas_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_doas_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_DOAS_EXE
+  become_flags:
+    description: Options to pass to C(doas).
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: doas_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_doas_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_DOAS_FLAGS
+  become_pass:
+    description: Password for C(doas) prompt.
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_doas_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_DOAS_PASS
+    ini:
+      - section: doas_become_plugin
+        key: password
+  prompt_l10n:
    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the doas utility.
-    author: Ansible Core Team
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            type: string
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: doas_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_doas_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_DOAS_USER
-        become_exe:
-            description: Doas executable.
-            type: string
-            default: doas
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: doas_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_doas_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_DOAS_EXE
-        become_flags:
-            description: Options to pass to doas.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: doas_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_doas_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_DOAS_FLAGS
-        become_pass:
-            description: Password for doas prompt.
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_doas_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_DOAS_PASS
-            ini:
-              - section: doas_become_plugin
-                key: password
-        prompt_l10n:
-            description:
-                - List of localized strings to match for prompt detection.
-                - If empty we will use the built in one.
-            type: list
-            elements: string
-            default: []
-            ini:
-              - section: doas_become_plugin
-                key: localized_prompts
-            vars:
-              - name: ansible_doas_prompt_l10n
-            env:
-              - name: ANSIBLE_DOAS_PROMPT_L10N
-'''
+      - List of localized strings to match for prompt detection.
+      - If empty we will use the built in one.
+    type: list
+    elements: string
+    default: []
+    ini:
+      - section: doas_become_plugin
+        key: localized_prompts
+    vars:
+      - name: ansible_doas_prompt_l10n
+    env:
+      - name: ANSIBLE_DOAS_PROMPT_L10N
+"""

 import re

@@ -125,9 +124,9 @@ class BecomeModule(BecomeBase):
            flags += ' -n'

        become_user = self.get_option('become_user')
-        user = '-u %s' % (become_user) if become_user else ''
+        user = f'-u {become_user}' if become_user else ''

        success_cmd = self._build_success_command(cmd, shell, noexe=True)
        executable = getattr(shell, 'executable', shell.SHELL_FAMILY)

-        return '%s %s %s %s -c %s' % (become_exe, flags, user, executable, success_cmd)
+        return f'{become_exe} {flags} {user} {executable} -c {success_cmd}'
--- a/plugins/become/dzdo.py
+++ b/plugins/become/dzdo.py
@@ -2,75 +2,74 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: dzdo
-    short_description: Centrify's Direct Authorize
-    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the dzdo utility.
-    author: Ansible Core Team
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            type: string
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: dzdo_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_dzdo_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_DZDO_USER
-        become_exe:
-            description: Dzdo executable.
-            type: string
-            default: dzdo
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: dzdo_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_dzdo_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_DZDO_EXE
-        become_flags:
-            description: Options to pass to dzdo.
-            type: string
-            default: -H -S -n
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: dzdo_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_dzdo_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_DZDO_FLAGS
-        become_pass:
-            description: Options to pass to dzdo.
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_dzdo_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_DZDO_PASS
-            ini:
-              - section: dzdo_become_plugin
-                key: password
-'''
+DOCUMENTATION = r"""
+name: dzdo
+short_description: Centrify's Direct Authorize
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(dzdo) utility.
+author: Ansible Core Team
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    type: string
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: dzdo_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_dzdo_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_DZDO_USER
+  become_exe:
+    description: C(dzdo) executable.
+    type: string
+    default: dzdo
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: dzdo_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_dzdo_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_DZDO_EXE
+  become_flags:
+    description: Options to pass to C(dzdo).
+    type: string
+    default: -H -S -n
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: dzdo_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_dzdo_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_DZDO_FLAGS
+  become_pass:
+    description: Options to pass to C(dzdo).
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_dzdo_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_DZDO_PASS
+    ini:
+      - section: dzdo_become_plugin
+        key: password
+"""

 from ansible.plugins.become import BecomeBase

@@ -92,10 +91,10 @@ class BecomeModule(BecomeBase):

        flags = self.get_option('become_flags')
        if self.get_option('become_pass'):
-            self.prompt = '[dzdo via ansible, key=%s] password:' % self._id
-            flags = '%s -p "%s"' % (flags.replace('-n', ''), self.prompt)
+            self.prompt = f'[dzdo via ansible, key={self._id}] password:'
+            flags = f"{flags.replace('-n', '')} -p \"{self.prompt}\""

        become_user = self.get_option('become_user')
-        user = '-u %s' % (become_user) if become_user else ''
+        user = f'-u {become_user}' if become_user else ''

-        return ' '.join([becomecmd, flags, user, self._build_success_command(cmd, shell)])
+        return f"{becomecmd} {flags} {user} {self._build_success_command(cmd, shell)}"
--- a/plugins/become/ksu.py
+++ b/plugins/become/ksu.py
@@ -2,90 +2,89 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: ksu
-    short_description: Kerberos substitute user
+DOCUMENTATION = r"""
+name: ksu
+short_description: Kerberos substitute user
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(ksu) utility.
+author: Ansible Core Team
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    type: string
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: ksu_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_ksu_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_KSU_USER
+    required: true
+  become_exe:
+    description: C(ksu) executable.
+    type: string
+    default: ksu
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: ksu_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_ksu_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_KSU_EXE
+  become_flags:
+    description: Options to pass to C(ksu).
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: ksu_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_ksu_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_KSU_FLAGS
+  become_pass:
+    description: C(ksu) password.
+    type: string
+    required: false
+    vars:
+      - name: ansible_ksu_pass
+      - name: ansible_become_pass
+      - name: ansible_become_password
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_KSU_PASS
+    ini:
+      - section: ksu_become_plugin
+        key: password
+  prompt_l10n:
    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the ksu utility.
-    author: Ansible Core Team
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            type: string
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: ksu_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_ksu_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_KSU_USER
-            required: true
-        become_exe:
-            description: Su executable.
-            type: string
-            default: ksu
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: ksu_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_ksu_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_KSU_EXE
-        become_flags:
-            description: Options to pass to ksu.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: ksu_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_ksu_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_KSU_FLAGS
-        become_pass:
-            description: Ksu password.
-            type: string
-            required: false
-            vars:
-              - name: ansible_ksu_pass
-              - name: ansible_become_pass
-              - name: ansible_become_password
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_KSU_PASS
-            ini:
-              - section: ksu_become_plugin
-                key: password
-        prompt_l10n:
-            description:
-                - List of localized strings to match for prompt detection.
-                - If empty we will use the built in one.
-            type: list
-            elements: string
-            default: []
-            ini:
-              - section: ksu_become_plugin
-                key: localized_prompts
-            vars:
-              - name: ansible_ksu_prompt_l10n
-            env:
-              - name: ANSIBLE_KSU_PROMPT_L10N
-'''
+      - List of localized strings to match for prompt detection.
+      - If empty we will use the built in one.
+    type: list
+    elements: string
+    default: []
+    ini:
+      - section: ksu_become_plugin
+        key: localized_prompts
+    vars:
+      - name: ansible_ksu_prompt_l10n
+    env:
+      - name: ANSIBLE_KSU_PROMPT_L10N
+"""

 import re

@@ -124,4 +123,4 @@ class BecomeModule(BecomeBase):

        flags = self.get_option('become_flags')
        user = self.get_option('become_user')
-        return '%s %s %s -e %s ' % (exe, user, flags, self._build_success_command(cmd, shell))
+        return f'{exe} {user} {flags} -e {self._build_success_command(cmd, shell)} '
--- a/plugins/become/machinectl.py
+++ b/plugins/become/machinectl.py
@@ -2,94 +2,92 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: machinectl
-    short_description: Systemd's machinectl privilege escalation
-    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the machinectl utility.
-    author: Ansible Core Team
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: machinectl_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_machinectl_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_MACHINECTL_USER
-        become_exe:
-            description: Machinectl executable.
-            type: string
-            default: machinectl
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: machinectl_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_machinectl_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_MACHINECTL_EXE
-        become_flags:
-            description: Options to pass to machinectl.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: machinectl_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_machinectl_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_MACHINECTL_FLAGS
-        become_pass:
-            description: Password for machinectl.
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_machinectl_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_MACHINECTL_PASS
-            ini:
-              - section: machinectl_become_plugin
-                key: password
-    notes:
-      - When not using this plugin with user V(root), it only works correctly with a polkit rule which will alter
-        the behaviour of machinectl. This rule must alter the prompt behaviour to ask directly for the user credentials,
-        if the user is allowed to perform the action (take a look at the examples section).
-        If such a rule is not present the plugin only work if it is used in context with the root user,
-        because then no further prompt will be shown by machinectl.
-'''
+DOCUMENTATION = r"""
+name: machinectl
+short_description: Systemd's machinectl privilege escalation
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(machinectl) utility.
+author: Ansible Core Team
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: machinectl_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_machinectl_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_MACHINECTL_USER
+  become_exe:
+    description: C(machinectl) executable.
+    type: string
+    default: machinectl
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: machinectl_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_machinectl_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_MACHINECTL_EXE
+  become_flags:
+    description: Options to pass to C(machinectl).
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: machinectl_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_machinectl_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_MACHINECTL_FLAGS
+  become_pass:
+    description: Password for C(machinectl).
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_machinectl_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_MACHINECTL_PASS
+    ini:
+      - section: machinectl_become_plugin
+        key: password
+notes:
+  - When not using this plugin with user V(root), it only works correctly with a polkit rule which will alter the behaviour
+    of machinectl. This rule must alter the prompt behaviour to ask directly for the user credentials, if the user is allowed
+    to perform the action (take a look at the examples section). If such a rule is not present the plugin only work if it
+    is used in context with the root user, because then no further prompt will be shown by machinectl.
+"""

-EXAMPLES = r'''
+EXAMPLES = r"""
 # A polkit rule needed to use the module with a non-root user.
 # See the Notes section for details.
-/etc/polkit-1/rules.d/60-machinectl-fast-user-auth.rules: |
+/etc/polkit-1/rules.d/60-machinectl-fast-user-auth.rules: |-
  polkit.addRule(function(action, subject) {
    if(action.id == "org.freedesktop.machine1.host-shell" &&
      subject.isInGroup("wheel")) {
        return polkit.Result.AUTH_SELF_KEEP;
    }
  });
-'''
+"""

 from re import compile as re_compile

@@ -123,7 +121,7 @@ class BecomeModule(BecomeBase):

        flags = self.get_option('become_flags')
        user = self.get_option('become_user')
-        return '%s -q shell %s %s@ %s' % (become, flags, user, self._build_success_command(cmd, shell))
+        return f'{become} -q shell {flags} {user}@ {self._build_success_command(cmd, shell)}'

    def check_success(self, b_output):
        b_output = self.remove_ansi_codes(b_output)
--- a/plugins/become/pbrun.py
+++ b/plugins/become/pbrun.py
@@ -2,87 +2,86 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: pbrun
-    short_description: PowerBroker run
-    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the pbrun utility.
-    author: Ansible Core Team
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: pbrun_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_pbrun_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_PBRUN_USER
-        become_exe:
-            description: Sudo executable.
-            type: string
-            default: pbrun
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: pbrun_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_pbrun_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_PBRUN_EXE
-        become_flags:
-            description: Options to pass to pbrun.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: pbrun_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_pbrun_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_PBRUN_FLAGS
-        become_pass:
-            description: Password for pbrun.
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_pbrun_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_PBRUN_PASS
-            ini:
-              - section: pbrun_become_plugin
-                key: password
-        wrap_exe:
-            description: Toggle to wrap the command pbrun calls in C(shell -c) or not.
-            default: false
-            type: bool
-            ini:
-              - section: pbrun_become_plugin
-                key: wrap_execution
-            vars:
-              - name: ansible_pbrun_wrap_execution
-            env:
-              - name: ANSIBLE_PBRUN_WRAP_EXECUTION
-'''
+DOCUMENTATION = r"""
+name: pbrun
+short_description: PowerBroker run
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(pbrun) utility.
+author: Ansible Core Team
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: pbrun_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_pbrun_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_PBRUN_USER
+  become_exe:
+    description: C(pbrun) executable.
+    type: string
+    default: pbrun
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: pbrun_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_pbrun_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_PBRUN_EXE
+  become_flags:
+    description: Options to pass to C(pbrun).
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: pbrun_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_pbrun_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_PBRUN_FLAGS
+  become_pass:
+    description: Password for C(pbrun).
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_pbrun_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_PBRUN_PASS
+    ini:
+      - section: pbrun_become_plugin
+        key: password
+  wrap_exe:
+    description: Toggle to wrap the command C(pbrun) calls in C(shell -c) or not.
+    default: false
+    type: bool
+    ini:
+      - section: pbrun_become_plugin
+        key: wrap_execution
+    vars:
+      - name: ansible_pbrun_wrap_execution
+    env:
+      - name: ANSIBLE_PBRUN_WRAP_EXECUTION
+"""

 from ansible.plugins.become import BecomeBase

@@ -103,7 +102,7 @@ class BecomeModule(BecomeBase):

        flags = self.get_option('become_flags')
        become_user = self.get_option('become_user')
-        user = '-u %s' % (become_user) if become_user else ''
+        user = f'-u {become_user}' if become_user else ''
        noexe = not self.get_option('wrap_exe')

-        return ' '.join([become_exe, flags, user, self._build_success_command(cmd, shell, noexe=noexe)])
+        return f"{become_exe} {flags} {user} {self._build_success_command(cmd, shell, noexe=noexe)}"
--- a/plugins/become/pfexec.py
+++ b/plugins/become/pfexec.py
@@ -2,92 +2,91 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: pfexec
-    short_description: profile based execution
+DOCUMENTATION = r"""
+name: pfexec
+short_description: profile based execution
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(pfexec) utility.
+author: Ansible Core Team
+options:
+  become_user:
    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the pfexec utility.
-    author: Ansible Core Team
-    options:
-        become_user:
-            description:
-                - User you 'become' to execute the task.
-                - This plugin ignores this setting as pfexec uses it's own C(exec_attr) to figure this out,
-                  but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.
-            type: string
-            default: root
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: pfexec_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_pfexec_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_PFEXEC_USER
-        become_exe:
-            description: Sudo executable.
-            type: string
-            default: pfexec
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: pfexec_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_pfexec_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_PFEXEC_EXE
-        become_flags:
-            description: Options to pass to pfexec.
-            type: string
-            default: -H -S -n
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: pfexec_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_pfexec_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_PFEXEC_FLAGS
-        become_pass:
-            description: pfexec password.
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_pfexec_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_PFEXEC_PASS
-            ini:
-              - section: pfexec_become_plugin
-                key: password
-        wrap_exe:
-            description: Toggle to wrap the command pfexec calls in C(shell -c) or not.
-            default: false
-            type: bool
-            ini:
-              - section: pfexec_become_plugin
-                key: wrap_execution
-            vars:
-              - name: ansible_pfexec_wrap_execution
-            env:
-              - name: ANSIBLE_PFEXEC_WRAP_EXECUTION
-    notes:
-      - This plugin ignores O(become_user) as pfexec uses its own C(exec_attr) to figure this out.
-'''
+      - User you 'become' to execute the task.
+      - This plugin ignores this setting as pfexec uses its own C(exec_attr) to figure this out, but it is supplied here for
+        Ansible to make decisions needed for the task execution, like file permissions.
+    type: string
+    default: root
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: pfexec_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_pfexec_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_PFEXEC_USER
+  become_exe:
+    description: C(pfexec) executable.
+    type: string
+    default: pfexec
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: pfexec_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_pfexec_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_PFEXEC_EXE
+  become_flags:
+    description: Options to pass to C(pfexec).
+    type: string
+    default: -H -S -n
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: pfexec_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_pfexec_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_PFEXEC_FLAGS
+  become_pass:
+    description: C(pfexec) password.
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_pfexec_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_PFEXEC_PASS
+    ini:
+      - section: pfexec_become_plugin
+        key: password
+  wrap_exe:
+    description: Toggle to wrap the command C(pfexec) calls in C(shell -c) or not.
+    default: false
+    type: bool
+    ini:
+      - section: pfexec_become_plugin
+        key: wrap_execution
+    vars:
+      - name: ansible_pfexec_wrap_execution
+    env:
+      - name: ANSIBLE_PFEXEC_WRAP_EXECUTION
+notes:
+  - This plugin ignores O(become_user) as pfexec uses its own C(exec_attr) to figure this out.
+"""

 from ansible.plugins.become import BecomeBase

@@ -106,4 +105,4 @@ class BecomeModule(BecomeBase):

        flags = self.get_option('become_flags')
        noexe = not self.get_option('wrap_exe')
-        return '%s %s %s' % (exe, flags, self._build_success_command(cmd, shell, noexe=noexe))
+        return f'{exe} {flags} {self._build_success_command(cmd, shell, noexe=noexe)}'
--- a/plugins/become/pmrun.py
+++ b/plugins/become/pmrun.py
@@ -2,63 +2,62 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: pmrun
-    short_description: Privilege Manager run
-    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the pmrun utility.
-    author: Ansible Core Team
-    options:
-        become_exe:
-            description: Sudo executable
-            type: string
-            default: pmrun
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: pmrun_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_pmrun_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_PMRUN_EXE
-        become_flags:
-            description: Options to pass to pmrun.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: pmrun_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_pmrun_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_PMRUN_FLAGS
-        become_pass:
-            description: pmrun password.
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_pmrun_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_PMRUN_PASS
-            ini:
-              - section: pmrun_become_plugin
-                key: password
-    notes:
-      - This plugin ignores the become_user supplied and uses pmrun's own configuration to select the user.
-'''
+DOCUMENTATION = r"""
+name: pmrun
+short_description: Privilege Manager run
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(pmrun) utility.
+author: Ansible Core Team
+options:
+  become_exe:
+    description: C(pmrun) executable.
+    type: string
+    default: pmrun
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: pmrun_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_pmrun_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_PMRUN_EXE
+  become_flags:
+    description: Options to pass to C(pmrun).
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: pmrun_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_pmrun_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_PMRUN_FLAGS
+  become_pass:
+    description: C(pmrun) password.
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_pmrun_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_PMRUN_PASS
+    ini:
+      - section: pmrun_become_plugin
+        key: password
+notes:
+  - This plugin ignores the C(become_user) supplied and uses C(pmrun)'s own configuration to select the user.
+"""

 from ansible.plugins.become import BecomeBase
 from ansible.module_utils.six.moves import shlex_quote
@@ -78,4 +77,4 @@ class BecomeModule(BecomeBase):
        become = self.get_option('become_exe')

        flags = self.get_option('become_flags')
-        return '%s %s %s' % (become, flags, shlex_quote(self._build_success_command(cmd, shell)))
+        return f'{become} {flags} {shlex_quote(self._build_success_command(cmd, shell))}'
--- a/plugins/become/run0.py
+++ b/plugins/become/run0.py
@@ -3,72 +3,71 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import absolute_import, division, print_function
+from __future__ import annotations

-__metaclass__ = type

-DOCUMENTATION = """
-    name: run0
-    short_description: Systemd's run0
-    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the C(run0) utility.
-    author:
-        - Thomas Sjögren (@konstruktoid)
-    version_added: '9.0.0'
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            default: root
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: run0_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_run0_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_RUN0_USER
-            type: string
-        become_exe:
-            description: The C(run0) executable.
-            default: run0
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: run0_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_run0_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_RUN0_EXE
-            type: string
-        become_flags:
-            description: Options to pass to run0.
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: run0_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_run0_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_RUN0_FLAGS
-            type: string
-    notes:
-      - This plugin will only work when a polkit rule is in place.
+DOCUMENTATION = r"""
+name: run0
+short_description: Systemd's run0
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(run0) utility.
+author:
+  - Thomas Sjögren (@konstruktoid)
+version_added: '9.0.0'
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    default: root
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: run0_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_run0_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_RUN0_USER
+    type: string
+  become_exe:
+    description: C(run0) executable.
+    default: run0
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: run0_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_run0_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_RUN0_EXE
+    type: string
+  become_flags:
+    description: Options to pass to C(run0).
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: run0_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_run0_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_RUN0_FLAGS
+    type: string
+notes:
+  - This plugin will only work when a C(polkit) rule is in place.
 """

 EXAMPLES = r"""
 # An example polkit rule that allows the user 'ansible' in the 'wheel' group
 # to execute commands using run0 without authentication.
-/etc/polkit-1/rules.d/60-run0-fast-user-auth.rules: |
+/etc/polkit-1/rules.d/60-run0-fast-user-auth.rules: |-
  polkit.addRule(function(action, subject) {
    if(action.id == "org.freedesktop.systemd1.manage-units" &&
      subject.isInGroup("wheel") &&
--- a/plugins/become/sesu.py
+++ b/plugins/become/sesu.py
@@ -2,76 +2,75 @@
 # Copyright (c) 2018, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: sesu
-    short_description: CA Privileged Access Manager
-    description:
-        - This become plugins allows your remote/login user to execute commands as another user via the sesu utility.
-    author: ansible (@nekonyuu)
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            type: string
-            default: ''
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: sesu_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_sesu_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_SESU_USER
-        become_exe:
-            description: sesu executable.
-            type: string
-            default: sesu
-            ini:
-              - section: privilege_escalation
-                key: become_exe
-              - section: sesu_become_plugin
-                key: executable
-            vars:
-              - name: ansible_become_exe
-              - name: ansible_sesu_exe
-            env:
-              - name: ANSIBLE_BECOME_EXE
-              - name: ANSIBLE_SESU_EXE
-        become_flags:
-            description: Options to pass to sesu.
-            type: string
-            default: -H -S -n
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: sesu_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_sesu_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_SESU_FLAGS
-        become_pass:
-            description: Password to pass to sesu.
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_sesu_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_SESU_PASS
-            ini:
-              - section: sesu_become_plugin
-                key: password
-'''
+DOCUMENTATION = r"""
+name: sesu
+short_description: CA Privileged Access Manager
+description:
+  - This become plugins allows your remote/login user to execute commands as another user using the C(sesu) utility.
+author: ansible (@nekonyuu)
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    type: string
+    default: ''
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: sesu_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_sesu_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_SESU_USER
+  become_exe:
+    description: C(sesu) executable.
+    type: string
+    default: sesu
+    ini:
+      - section: privilege_escalation
+        key: become_exe
+      - section: sesu_become_plugin
+        key: executable
+    vars:
+      - name: ansible_become_exe
+      - name: ansible_sesu_exe
+    env:
+      - name: ANSIBLE_BECOME_EXE
+      - name: ANSIBLE_SESU_EXE
+  become_flags:
+    description: Options to pass to C(sesu).
+    type: string
+    default: -H -S -n
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: sesu_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_sesu_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_SESU_FLAGS
+  become_pass:
+    description: Password to pass to C(sesu).
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_sesu_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_SESU_PASS
+    ini:
+      - section: sesu_become_plugin
+        key: password
+"""

 from ansible.plugins.become import BecomeBase

@@ -93,4 +92,4 @@ class BecomeModule(BecomeBase):

        flags = self.get_option('become_flags')
        user = self.get_option('become_user')
-        return '%s %s %s -c %s' % (become, flags, user, self._build_success_command(cmd, shell))
+        return f'{become} {flags} {user} -c {self._build_success_command(cmd, shell)}'
--- a/plugins/become/sudosu.py
+++ b/plugins/become/sudosu.py
@@ -2,77 +2,77 @@
 # Copyright (c) 2021, Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = """
-    name: sudosu
-    short_description: Run tasks using sudo su -
+DOCUMENTATION = r"""
+name: sudosu
+short_description: Run tasks using sudo su -
+description:
+  - This become plugin allows your remote/login user to execute commands as another user using the C(sudo) and C(su) utilities
+    combined.
+author:
+  - Dag Wieers (@dagwieers)
+version_added: 2.4.0
+options:
+  become_user:
+    description: User you 'become' to execute the task.
+    type: string
+    default: root
+    ini:
+      - section: privilege_escalation
+        key: become_user
+      - section: sudo_become_plugin
+        key: user
+    vars:
+      - name: ansible_become_user
+      - name: ansible_sudo_user
+    env:
+      - name: ANSIBLE_BECOME_USER
+      - name: ANSIBLE_SUDO_USER
+  become_flags:
+    description: Options to pass to C(sudo).
+    type: string
+    default: -H -S -n
+    ini:
+      - section: privilege_escalation
+        key: become_flags
+      - section: sudo_become_plugin
+        key: flags
+    vars:
+      - name: ansible_become_flags
+      - name: ansible_sudo_flags
+    env:
+      - name: ANSIBLE_BECOME_FLAGS
+      - name: ANSIBLE_SUDO_FLAGS
+  become_pass:
+    description: Password to pass to C(sudo).
+    type: string
+    required: false
+    vars:
+      - name: ansible_become_password
+      - name: ansible_become_pass
+      - name: ansible_sudo_pass
+    env:
+      - name: ANSIBLE_BECOME_PASS
+      - name: ANSIBLE_SUDO_PASS
+    ini:
+      - section: sudo_become_plugin
+        key: password
+  alt_method:
    description:
-      - This become plugin allows your remote/login user to execute commands as another user via the C(sudo) and C(su) utilities combined.
-    author:
-      - Dag Wieers (@dagwieers)
-    version_added: 2.4.0
-    options:
-        become_user:
-            description: User you 'become' to execute the task.
-            type: string
-            default: root
-            ini:
-              - section: privilege_escalation
-                key: become_user
-              - section: sudo_become_plugin
-                key: user
-            vars:
-              - name: ansible_become_user
-              - name: ansible_sudo_user
-            env:
-              - name: ANSIBLE_BECOME_USER
-              - name: ANSIBLE_SUDO_USER
-        become_flags:
-            description: Options to pass to C(sudo).
-            type: string
-            default: -H -S -n
-            ini:
-              - section: privilege_escalation
-                key: become_flags
-              - section: sudo_become_plugin
-                key: flags
-            vars:
-              - name: ansible_become_flags
-              - name: ansible_sudo_flags
-            env:
-              - name: ANSIBLE_BECOME_FLAGS
-              - name: ANSIBLE_SUDO_FLAGS
-        become_pass:
-            description: Password to pass to C(sudo).
-            type: string
-            required: false
-            vars:
-              - name: ansible_become_password
-              - name: ansible_become_pass
-              - name: ansible_sudo_pass
-            env:
-              - name: ANSIBLE_BECOME_PASS
-              - name: ANSIBLE_SUDO_PASS
-            ini:
-              - section: sudo_become_plugin
-                key: password
-        alt_method:
-            description:
-              - Whether to use an alternative method to call C(su). Instead of running C(su -l user /path/to/shell -c command),
-                it runs C(su -l user -c command).
-              - Use this when the default one is not working on your system.
-            required: false
-            type: boolean
-            ini:
-              - section: community.general.sudosu
-                key: alternative_method
-            vars:
-              - name: ansible_sudosu_alt_method
-            env:
-              - name: ANSIBLE_SUDOSU_ALT_METHOD
-            version_added: 9.2.0
+      - Whether to use an alternative method to call C(su). Instead of running C(su -l user /path/to/shell -c command), it
+        runs C(su -l user -c command).
+      - Use this when the default one is not working on your system.
+    required: false
+    type: boolean
+    ini:
+      - section: community.general.sudosu
+        key: alternative_method
+    vars:
+      - name: ansible_sudosu_alt_method
+    env:
+      - name: ANSIBLE_SUDOSU_ALT_METHOD
+    version_added: 9.2.0
 """


@@ -98,16 +98,16 @@ class BecomeModule(BecomeBase):
        flags = self.get_option('become_flags') or ''
        prompt = ''
        if self.get_option('become_pass'):
-            self.prompt = '[sudo via ansible, key=%s] password:' % self._id
+            self.prompt = f'[sudo via ansible, key={self._id}] password:'
            if flags:  # this could be simplified, but kept as is for now for backwards string matching
                flags = flags.replace('-n', '')
-            prompt = '-p "%s"' % (self.prompt)
+            prompt = f'-p "{self.prompt}"'

        user = self.get_option('become_user') or ''
        if user:
-            user = '%s' % (user)
+            user = f'{user}'

        if self.get_option('alt_method'):
-            return ' '.join([becomecmd, flags, prompt, "su -l", user, "-c", self._build_success_command(cmd, shell, True)])
+            return f"{becomecmd} {flags} {prompt} su -l {user} -c {self._build_success_command(cmd, shell, True)}"
        else:
-            return ' '.join([becomecmd, flags, prompt, 'su -l', user, self._build_success_command(cmd, shell)])
+            return f"{becomecmd} {flags} {prompt} su -l {user} {self._build_success_command(cmd, shell)}"
--- a/plugins/cache/memcached.py
+++ b/plugins/cache/memcached.py
@@ -4,49 +4,48 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: memcached
-    short_description: Use memcached DB for cache
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: memcached
+short_description: Use memcached DB for cache
+description:
+  - This cache uses JSON formatted, per host records saved in memcached.
+requirements:
+  - memcache (python lib)
+options:
+  _uri:
    description:
-        - This cache uses JSON formatted, per host records saved in memcached.
-    requirements:
-      - memcache (python lib)
-    options:
-      _uri:
-        description:
-          - List of connection information for the memcached DBs
-        default: ['127.0.0.1:11211']
-        type: list
-        elements: string
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
-        ini:
-          - key: fact_caching_connection
-            section: defaults
-      _prefix:
-        description: User defined prefix to use when creating the DB entries
-        type: string
-        default: ansible_facts
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_PREFIX
-        ini:
-          - key: fact_caching_prefix
-            section: defaults
-      _timeout:
-        default: 86400
-        type: integer
+      - List of connection information for the memcached DBs.
+    default: ['127.0.0.1:11211']
+    type: list
+    elements: string
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
+    ini:
+      - key: fact_caching_connection
+        section: defaults
+  _prefix:
+    description: User defined prefix to use when creating the DB entries.
+    type: string
+    default: ansible_facts
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_PREFIX
+    ini:
+      - key: fact_caching_prefix
+        section: defaults
+  _timeout:
+    default: 86400
+    type: integer
        # TODO: determine whether it is OK to change to: type: float
-        description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
-        ini:
-          - key: fact_caching_timeout
-            section: defaults
-'''
+    description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
+    ini:
+      - key: fact_caching_timeout
+        section: defaults
+"""

 import collections
 import os
@@ -191,7 +190,7 @@ class CacheModule(BaseCacheModule):
        self._keys = CacheModuleKeys(self._db, self._db.get(CacheModuleKeys.PREFIX) or [])

    def _make_key(self, key):
-        return "{0}{1}".format(self._prefix, key)
+        return f"{self._prefix}{key}"

    def _expire_keys(self):
        if self._timeout > 0:
--- a/plugins/cache/pickle.py
+++ b/plugins/cache/pickle.py
@@ -5,44 +5,43 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: pickle
-    short_description: Pickle formatted files.
+DOCUMENTATION = r"""
+name: pickle
+short_description: Pickle formatted files
+description:
+  - This cache uses Python's pickle serialization format, in per host files, saved to the filesystem.
+author: Brian Coca (@bcoca)
+options:
+  _uri:
+    required: true
    description:
-        - This cache uses Python's pickle serialization format, in per host files, saved to the filesystem.
-    author: Brian Coca (@bcoca)
-    options:
-      _uri:
-        required: true
-        description:
-          - Path in which the cache plugin will save the files
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
-        ini:
-          - key: fact_caching_connection
-            section: defaults
-        type: path
-      _prefix:
-        description: User defined prefix to use when creating the files
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_PREFIX
-        ini:
-          - key: fact_caching_prefix
-            section: defaults
-        type: string
-      _timeout:
-        default: 86400
-        description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
-        ini:
-          - key: fact_caching_timeout
-            section: defaults
-        type: float
-'''
+      - Path in which the cache plugin will save the files.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
+    ini:
+      - key: fact_caching_connection
+        section: defaults
+    type: path
+  _prefix:
+    description: User defined prefix to use when creating the files.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_PREFIX
+    ini:
+      - key: fact_caching_prefix
+        section: defaults
+    type: string
+  _timeout:
+    default: 86400
+    description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
+    ini:
+      - key: fact_caching_timeout
+        section: defaults
+    type: float
+"""

 try:
    import cPickle as pickle
@@ -57,6 +56,7 @@ class CacheModule(BaseFileCacheModule):
    """
    A caching module backed by pickle files.
    """
+    _persistent = False  # prevent unnecessary JSON serialization and key munging

    def _load(self, filepath):
        # Pickle is a binary format
--- a/plugins/cache/redis.py
+++ b/plugins/cache/redis.py
@@ -3,77 +3,75 @@
 # Copyright (c) 2017 Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: redis
-    short_description: Use Redis DB for cache
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: redis
+short_description: Use Redis DB for cache
+description:
+  - This cache uses JSON formatted, per host records saved in Redis.
+requirements:
+  - redis>=2.4.5 (python lib)
+options:
+  _uri:
    description:
-        - This cache uses JSON formatted, per host records saved in Redis.
-    requirements:
-      - redis>=2.4.5 (python lib)
-    options:
-      _uri:
-        description:
-          - A colon separated string of connection information for Redis.
-          - The format is V(host:port:db:password), for example V(localhost:6379:0:changeme).
-          - To use encryption in transit, prefix the connection with V(tls://), as in V(tls://localhost:6379:0:changeme).
-          - To use redis sentinel, use separator V(;), for example V(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0.
-        type: string
-        required: true
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
-        ini:
-          - key: fact_caching_connection
-            section: defaults
-      _prefix:
-        description: User defined prefix to use when creating the DB entries
-        type: string
-        default: ansible_facts
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_PREFIX
-        ini:
-          - key: fact_caching_prefix
-            section: defaults
-      _keyset_name:
-        description: User defined name for cache keyset name.
-        type: string
-        default: ansible_cache_keys
-        env:
-          - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME
-        ini:
-          - key: fact_caching_redis_keyset_name
-            section: defaults
-        version_added: 1.3.0
-      _sentinel_service_name:
-        description: The redis sentinel service name (or referenced as cluster name).
-        type: string
-        env:
-          - name: ANSIBLE_CACHE_REDIS_SENTINEL
-        ini:
-          - key: fact_caching_redis_sentinel
-            section: defaults
-        version_added: 1.3.0
-      _timeout:
-        default: 86400
-        type: integer
+      - A colon separated string of connection information for Redis.
+      - The format is V(host:port:db:password), for example V(localhost:6379:0:changeme).
+      - To use encryption in transit, prefix the connection with V(tls://), as in V(tls://localhost:6379:0:changeme).
+      - To use redis sentinel, use separator V(;), for example V(localhost:26379;localhost:26379;0:changeme). Requires redis>=2.9.0.
+    type: string
+    required: true
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
+    ini:
+      - key: fact_caching_connection
+        section: defaults
+  _prefix:
+    description: User defined prefix to use when creating the DB entries.
+    type: string
+    default: ansible_facts
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_PREFIX
+    ini:
+      - key: fact_caching_prefix
+        section: defaults
+  _keyset_name:
+    description: User defined name for cache keyset name.
+    type: string
+    default: ansible_cache_keys
+    env:
+      - name: ANSIBLE_CACHE_REDIS_KEYSET_NAME
+    ini:
+      - key: fact_caching_redis_keyset_name
+        section: defaults
+    version_added: 1.3.0
+  _sentinel_service_name:
+    description: The redis sentinel service name (or referenced as cluster name).
+    type: string
+    env:
+      - name: ANSIBLE_CACHE_REDIS_SENTINEL
+    ini:
+      - key: fact_caching_redis_sentinel
+        section: defaults
+    version_added: 1.3.0
+  _timeout:
+    default: 86400
+    type: integer
        # TODO: determine whether it is OK to change to: type: float
-        description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
-        ini:
-          - key: fact_caching_timeout
-            section: defaults
-'''
+    description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
+    ini:
+      - key: fact_caching_timeout
+        section: defaults
+"""

 import re
 import time
 import json

 from ansible.errors import AnsibleError
-from ansible.module_utils.common.text.converters import to_native
 from ansible.parsing.ajson import AnsibleJSONEncoder, AnsibleJSONDecoder
 from ansible.plugins.cache import BaseCacheModule
 from ansible.utils.display import Display
@@ -131,7 +129,7 @@ class CacheModule(BaseCacheModule):
            connection = self._parse_connection(self.re_url_conn, uri)
            self._db = StrictRedis(*connection, **kw)

-        display.vv('Redis connection: %s' % self._db)
+        display.vv(f'Redis connection: {self._db}')

    @staticmethod
    def _parse_connection(re_patt, uri):
@@ -164,12 +162,12 @@ class CacheModule(BaseCacheModule):
                pass  # password is optional

        sentinels = [self._parse_connection(self.re_sent_conn, shost) for shost in connections]
-        display.vv('\nUsing redis sentinels: %s' % sentinels)
+        display.vv(f'\nUsing redis sentinels: {sentinels}')
        scon = Sentinel(sentinels, **kw)
        try:
            return scon.master_for(self._sentinel_service_name, socket_timeout=0.2)
        except Exception as exc:
-            raise AnsibleError('Could not connect to redis sentinel: %s' % to_native(exc))
+            raise AnsibleError(f'Could not connect to redis sentinel: {exc}')

    def _make_key(self, key):
        return self._prefix + key
--- a/plugins/cache/yaml.py
+++ b/plugins/cache/yaml.py
@@ -5,45 +5,44 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: yaml
-    short_description: YAML formatted files.
+DOCUMENTATION = r"""
+name: yaml
+short_description: YAML formatted files
+description:
+  - This cache uses YAML formatted, per host, files saved to the filesystem.
+author: Brian Coca (@bcoca)
+options:
+  _uri:
+    required: true
    description:
-        - This cache uses YAML formatted, per host, files saved to the filesystem.
-    author: Brian Coca (@bcoca)
-    options:
-      _uri:
-        required: true
-        description:
-          - Path in which the cache plugin will save the files
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
-        ini:
-          - key: fact_caching_connection
-            section: defaults
-        type: string
-      _prefix:
-        description: User defined prefix to use when creating the files
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_PREFIX
-        ini:
-          - key: fact_caching_prefix
-            section: defaults
-        type: string
-      _timeout:
-        default: 86400
-        description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire
-        env:
-          - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
-        ini:
-          - key: fact_caching_timeout
-            section: defaults
-        type: integer
+      - Path in which the cache plugin will save the files.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_CONNECTION
+    ini:
+      - key: fact_caching_connection
+        section: defaults
+    type: string
+  _prefix:
+    description: User defined prefix to use when creating the files.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_PREFIX
+    ini:
+      - key: fact_caching_prefix
+        section: defaults
+    type: string
+  _timeout:
+    default: 86400
+    description: Expiration timeout in seconds for the cache plugin data. Set to 0 to never expire.
+    env:
+      - name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
+    ini:
+      - key: fact_caching_timeout
+        section: defaults
+    type: integer
        # TODO: determine whether it is OK to change to: type: float
-'''
+"""


 import codecs
--- a/plugins/callback/cgroup_memory_recap.py
+++ b/plugins/callback/cgroup_memory_recap.py
@@ -4,43 +4,43 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: cgroup_memory_recap
-    type: aggregate
-    requirements:
-      - whitelist in configuration
-      - cgroups
-    short_description: Profiles maximum memory usage of tasks and full execution using cgroups
-    description:
-        - This is an ansible callback plugin that profiles maximum memory usage of ansible and individual tasks, and displays a recap at the end using cgroups.
-    notes:
-        - Requires ansible to be run from within a cgroup, such as with C(cgexec -g memory:ansible_profile ansible-playbook ...).
-        - This cgroup should only be used by ansible to get accurate results.
-        - To create the cgroup, first use a command such as C(sudo cgcreate -a ec2-user:ec2-user -t ec2-user:ec2-user -g memory:ansible_profile).
-    options:
-      max_mem_file:
-        required: true
-        description: Path to cgroups C(memory.max_usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.max_usage_in_bytes).
-        type: str
-        env:
-          - name: CGROUP_MAX_MEM_FILE
-        ini:
-          - section: callback_cgroupmemrecap
-            key: max_mem_file
-      cur_mem_file:
-        required: true
-        description: Path to C(memory.usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.usage_in_bytes).
-        type: str
-        env:
-          - name: CGROUP_CUR_MEM_FILE
-        ini:
-          - section: callback_cgroupmemrecap
-            key: cur_mem_file
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: cgroup_memory_recap
+type: aggregate
+requirements:
+  - whitelist in configuration
+  - cgroups
+short_description: Profiles maximum memory usage of tasks and full execution using cgroups
+description:
+  - This is an Ansible callback plugin that profiles maximum memory usage of Ansible and individual tasks, and displays a
+    recap at the end using cgroups.
+notes:
+  - Requires ansible to be run from within a C(cgroup), such as with C(cgexec -g memory:ansible_profile ansible-playbook ...).
+  - This C(cgroup) should only be used by Ansible to get accurate results.
+  - To create the C(cgroup), first use a command such as C(sudo cgcreate -a ec2-user:ec2-user -t ec2-user:ec2-user -g memory:ansible_profile).
+options:
+  max_mem_file:
+    required: true
+    description: Path to cgroups C(memory.max_usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.max_usage_in_bytes).
+    type: str
+    env:
+      - name: CGROUP_MAX_MEM_FILE
+    ini:
+      - section: callback_cgroupmemrecap
+        key: max_mem_file
+  cur_mem_file:
+    required: true
+    description: Path to C(memory.usage_in_bytes) file. Example V(/sys/fs/cgroup/memory/ansible_profile/memory.usage_in_bytes).
+    type: str
+    env:
+      - name: CGROUP_CUR_MEM_FILE
+    ini:
+      - section: callback_cgroupmemrecap
+        key: cur_mem_file
+"""

 import time
 import threading
@@ -114,7 +114,7 @@ class CallbackModule(CallbackBase):
            max_results = int(f.read().strip()) / 1024 / 1024

        self._display.banner('CGROUP MEMORY RECAP')
-        self._display.display('Execution Maximum: %0.2fMB\n\n' % max_results)
+        self._display.display(f'Execution Maximum: {max_results:0.2f}MB\n\n')

        for task, memory in self.task_results:
-            self._display.display('%s (%s): %0.2fMB' % (task.get_name(), task._uuid, memory))
+            self._display.display(f'{task.get_name()} ({task._uuid}): {memory:0.2f}MB')
--- a/plugins/callback/context_demo.py
+++ b/plugins/callback/context_demo.py
@@ -4,20 +4,19 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: context_demo
-    type: aggregate
-    short_description: demo callback that adds play/task context
-    description:
-      - Displays some play and task context along with normal output.
-      - This is mostly for demo purposes.
-    requirements:
-      - whitelist in configuration
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: context_demo
+type: aggregate
+short_description: demo callback that adds play/task context
+description:
+  - Displays some play and task context along with normal output.
+  - This is mostly for demo purposes.
+requirements:
+  - whitelist in configuration
+"""

 from ansible.plugins.callback import CallbackBase

@@ -38,15 +37,15 @@ class CallbackModule(CallbackBase):
        self.play = None

    def v2_on_any(self, *args, **kwargs):
-        self._display.display("--- play: {0} task: {1} ---".format(getattr(self.play, 'name', None), self.task))
+        self._display.display(f"--- play: {getattr(self.play, 'name', None)} task: {self.task} ---")

        self._display.display("     --- ARGS ")
        for i, a in enumerate(args):
-            self._display.display('     %s: %s' % (i, a))
+            self._display.display(f'     {i}: {a}')

        self._display.display("      --- KWARGS ")
        for k in kwargs:
-            self._display.display('     %s: %s' % (k, kwargs[k]))
+            self._display.display(f'     {k}: {kwargs[k]}')

    def v2_playbook_on_play_start(self, play):
        self.play = play
--- a/plugins/callback/counter_enabled.py
+++ b/plugins/callback/counter_enabled.py
@@ -6,23 +6,22 @@
    Counter enabled Ansible callback plugin (See DOCUMENTATION for more information)
 '''

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: counter_enabled
-    type: stdout
-    short_description: adds counters to the output items (tasks and hosts/task)
-    description:
-      - Use this callback when you need a kind of progress bar on a large environments.
-      - You will know how many tasks has the playbook to run, and which one is actually running.
-      - You will know how many hosts may run a task, and which of them is actually running.
-    extends_documentation_fragment:
-      - default_callback
-    requirements:
-      - set as stdout callback in C(ansible.cfg) (C(stdout_callback = counter_enabled))
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: counter_enabled
+type: stdout
+short_description: adds counters to the output items (tasks and hosts/task)
+description:
+  - Use this callback when you need a kind of progress bar on a large environments.
+  - You will know how many tasks has the playbook to run, and which one is actually running.
+  - You will know how many hosts may run a task, and which of them is actually running.
+extends_documentation_fragment:
+  - default_callback
+requirements:
+  - set as stdout callback in C(ansible.cfg) (C(stdout_callback = counter_enabled))
+"""

 from ansible import constants as C
 from ansible.plugins.callback import CallbackBase
@@ -71,7 +70,7 @@ class CallbackModule(CallbackBase):
        if not name:
            msg = u"play"
        else:
-            msg = u"PLAY [%s]" % name
+            msg = f"PLAY [{name}]"

        self._play = play

@@ -91,25 +90,17 @@ class CallbackModule(CallbackBase):
        for host in hosts:
            stat = stats.summarize(host)

-            self._display.display(u"%s : %s %s %s %s %s %s" % (
-                hostcolor(host, stat),
-                colorize(u'ok', stat['ok'], C.COLOR_OK),
-                colorize(u'changed', stat['changed'], C.COLOR_CHANGED),
-                colorize(u'unreachable', stat['unreachable'], C.COLOR_UNREACHABLE),
-                colorize(u'failed', stat['failures'], C.COLOR_ERROR),
-                colorize(u'rescued', stat['rescued'], C.COLOR_OK),
-                colorize(u'ignored', stat['ignored'], C.COLOR_WARN)),
+            self._display.display(
+                f"{hostcolor(host, stat)} : {colorize('ok', stat['ok'], C.COLOR_OK)} {colorize('changed', stat['changed'], C.COLOR_CHANGED)} "
+                f"{colorize('unreachable', stat['unreachable'], C.COLOR_UNREACHABLE)} {colorize('failed', stat['failures'], C.COLOR_ERROR)} "
+                f"{colorize('rescued', stat['rescued'], C.COLOR_OK)} {colorize('ignored', stat['ignored'], C.COLOR_WARN)}",
                screen_only=True
            )

-            self._display.display(u"%s : %s %s %s %s %s %s" % (
-                hostcolor(host, stat, False),
-                colorize(u'ok', stat['ok'], None),
-                colorize(u'changed', stat['changed'], None),
-                colorize(u'unreachable', stat['unreachable'], None),
-                colorize(u'failed', stat['failures'], None),
-                colorize(u'rescued', stat['rescued'], None),
-                colorize(u'ignored', stat['ignored'], None)),
+            self._display.display(
+                f"{hostcolor(host, stat, False)} : {colorize('ok', stat['ok'], None)} {colorize('changed', stat['changed'], None)} "
+                f"{colorize('unreachable', stat['unreachable'], None)} {colorize('failed', stat['failures'], None)} "
+                f"{colorize('rescued', stat['rescued'], None)} {colorize('ignored', stat['ignored'], None)}",
                log_only=True
            )

@@ -124,12 +115,14 @@ class CallbackModule(CallbackBase):
            for k in sorted(stats.custom.keys()):
                if k == '_run':
                    continue
-                self._display.display('\t%s: %s' % (k, self._dump_results(stats.custom[k], indent=1).replace('\n', '')))
+                _custom_stats = self._dump_results(stats.custom[k], indent=1).replace('\n', '')
+                self._display.display(f'\t{k}: {_custom_stats}')

            # print per run custom stats
            if '_run' in stats.custom:
                self._display.display("", screen_only=True)
-                self._display.display('\tRUN: %s' % self._dump_results(stats.custom['_run'], indent=1).replace('\n', ''))
+                _custom_stats_run = self._dump_results(stats.custom['_run'], indent=1).replace('\n', '')
+                self._display.display(f'\tRUN: {_custom_stats_run}')
            self._display.display("", screen_only=True)

    def v2_playbook_on_task_start(self, task, is_conditional):
@@ -143,13 +136,13 @@ class CallbackModule(CallbackBase):
        # that they can secure this if they feel that their stdout is insecure
        # (shoulder surfing, logging stdout straight to a file, etc).
        if not task.no_log and C.DISPLAY_ARGS_TO_STDOUT:
-            args = ', '.join(('%s=%s' % a for a in task.args.items()))
-            args = ' %s' % args
-        self._display.banner("TASK %d/%d [%s%s]" % (self._task_counter, self._task_total, task.get_name().strip(), args))
+            args = ', '.join(('{k}={v}' for k, v in task.args.items()))
+            args = f' {args}'
+        self._display.banner(f"TASK {self._task_counter}/{self._task_total} [{task.get_name().strip()}{args}]")
        if self._display.verbosity >= 2:
            path = task.get_path()
            if path:
-                self._display.display("task path: %s" % path, color=C.COLOR_DEBUG)
+                self._display.display(f"task path: {path}", color=C.COLOR_DEBUG)
        self._host_counter = self._previous_batch_total
        self._task_counter += 1

@@ -166,15 +159,15 @@ class CallbackModule(CallbackBase):
            return
        elif result._result.get('changed', False):
            if delegated_vars:
-                msg = "changed: %d/%d [%s -> %s]" % (self._host_counter, self._host_total, result._host.get_name(), delegated_vars['ansible_host'])
+                msg = f"changed: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> {delegated_vars['ansible_host']}]"
            else:
-                msg = "changed: %d/%d [%s]" % (self._host_counter, self._host_total, result._host.get_name())
+                msg = f"changed: {self._host_counter}/{self._host_total} [{result._host.get_name()}]"
            color = C.COLOR_CHANGED
        else:
            if delegated_vars:
-                msg = "ok: %d/%d [%s -> %s]" % (self._host_counter, self._host_total, result._host.get_name(), delegated_vars['ansible_host'])
+                msg = f"ok: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> {delegated_vars['ansible_host']}]"
            else:
-                msg = "ok: %d/%d [%s]" % (self._host_counter, self._host_total, result._host.get_name())
+                msg = f"ok: {self._host_counter}/{self._host_total} [{result._host.get_name()}]"
            color = C.COLOR_OK

        self._handle_warnings(result._result)
@@ -185,7 +178,7 @@ class CallbackModule(CallbackBase):
            self._clean_results(result._result, result._task.action)

            if self._run_is_verbose(result):
-                msg += " => %s" % (self._dump_results(result._result),)
+                msg += f" => {self._dump_results(result._result)}"
            self._display.display(msg, color=color)

    def v2_runner_on_failed(self, result, ignore_errors=False):
@@ -206,14 +199,16 @@ class CallbackModule(CallbackBase):

        else:
            if delegated_vars:
-                self._display.display("fatal: %d/%d [%s -> %s]: FAILED! => %s" % (self._host_counter, self._host_total,
-                                                                                  result._host.get_name(), delegated_vars['ansible_host'],
-                                                                                  self._dump_results(result._result)),
-                                      color=C.COLOR_ERROR)
+                self._display.display(
+                    f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> "
+                    f"{delegated_vars['ansible_host']}]: FAILED! => {self._dump_results(result._result)}",
+                    color=C.COLOR_ERROR
+                )
            else:
-                self._display.display("fatal: %d/%d [%s]: FAILED! => %s" % (self._host_counter, self._host_total,
-                                                                            result._host.get_name(), self._dump_results(result._result)),
-                                      color=C.COLOR_ERROR)
+                self._display.display(
+                    f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()}]: FAILED! => {self._dump_results(result._result)}",
+                    color=C.COLOR_ERROR
+                )

        if ignore_errors:
            self._display.display("...ignoring", color=C.COLOR_SKIP)
@@ -231,9 +226,9 @@ class CallbackModule(CallbackBase):
            if result._task.loop and 'results' in result._result:
                self._process_items(result)
            else:
-                msg = "skipping: %d/%d [%s]" % (self._host_counter, self._host_total, result._host.get_name())
+                msg = f"skipping: {self._host_counter}/{self._host_total} [{result._host.get_name()}]"
                if self._run_is_verbose(result):
-                    msg += " => %s" % self._dump_results(result._result)
+                    msg += f" => {self._dump_results(result._result)}"
                self._display.display(msg, color=C.COLOR_SKIP)

    def v2_runner_on_unreachable(self, result):
@@ -244,11 +239,13 @@ class CallbackModule(CallbackBase):

        delegated_vars = result._result.get('_ansible_delegated_vars', None)
        if delegated_vars:
-            self._display.display("fatal: %d/%d [%s -> %s]: UNREACHABLE! => %s" % (self._host_counter, self._host_total,
-                                                                                   result._host.get_name(), delegated_vars['ansible_host'],
-                                                                                   self._dump_results(result._result)),
-                                  color=C.COLOR_UNREACHABLE)
+            self._display.display(
+                f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()} -> "
+                f"{delegated_vars['ansible_host']}]: UNREACHABLE! => {self._dump_results(result._result)}",
+                color=C.COLOR_UNREACHABLE
+            )
        else:
-            self._display.display("fatal: %d/%d [%s]: UNREACHABLE! => %s" % (self._host_counter, self._host_total,
-                                                                             result._host.get_name(), self._dump_results(result._result)),
-                                  color=C.COLOR_UNREACHABLE)
+            self._display.display(
+                f"fatal: {self._host_counter}/{self._host_total} [{result._host.get_name()}]: UNREACHABLE! => {self._dump_results(result._result)}",
+                color=C.COLOR_UNREACHABLE
+            )
--- a/plugins/callback/default_without_diff.py
+++ b/plugins/callback/default_without_diff.py
@@ -4,35 +4,33 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = r'''
-  name: default_without_diff
-  type: stdout
-  short_description: The default ansible callback without diff output
-  version_added: 8.4.0
-  description:
-    - This is basically the default ansible callback plugin (P(ansible.builtin.default#callback)) without
-      showing diff output. This can be useful when using another callback which sends more detailed information
-      to another service, like the L(ARA, https://ara.recordsansible.org/) callback, and you want diff output
-      sent to that plugin but not shown on the console output.
-  author: Felix Fontein (@felixfontein)
-  extends_documentation_fragment:
-    - ansible.builtin.default_callback
-    - ansible.builtin.result_format_callback
-'''
+DOCUMENTATION = r"""
+name: default_without_diff
+type: stdout
+short_description: The default ansible callback without diff output
+version_added: 8.4.0
+description:
+  - This is basically the default ansible callback plugin (P(ansible.builtin.default#callback)) without showing diff output.
+    This can be useful when using another callback which sends more detailed information to another service, like the L(ARA,
+    https://ara.recordsansible.org/) callback, and you want diff output sent to that plugin but not shown on the console output.
+author: Felix Fontein (@felixfontein)
+extends_documentation_fragment:
+  - ansible.builtin.default_callback
+  - ansible.builtin.result_format_callback
+"""

-EXAMPLES = r'''
+EXAMPLES = r"""
 # Enable callback in ansible.cfg:
 ansible_config: |
  [defaults]
  stdout_callback = community.general.default_without_diff

 # Enable callback with environment variables:
-environment_variable: |
+environment_variable: |-
  ANSIBLE_STDOUT_CALLBACK=community.general.default_without_diff
-'''
+"""

 from ansible.plugins.callback.default import CallbackModule as Default

--- a/plugins/callback/dense.py
+++ b/plugins/callback/dense.py
@@ -4,22 +4,21 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
+DOCUMENTATION = r"""
 name: dense
 type: stdout
 short_description: minimal stdout output
 extends_documentation_fragment:
- default_callback
+  - default_callback
 description:
- When in verbose mode it will act the same as the default callback.
+  - When in verbose mode it will act the same as the default callback.
 author:
- Dag Wieers (@dagwieers)
+  - Dag Wieers (@dagwieers)
 requirements:
- set as stdout in configuration
-'''
+  - set as stdout in configuration
+"""

 HAS_OD = False
 try:
@@ -195,7 +194,7 @@ class CallbackModule(CallbackModule_default):
            self.disabled = True

    def __del__(self):
-        sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+        sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")

    def _add_host(self, result, status):
        name = result._host.get_name()
@@ -243,7 +242,7 @@ class CallbackModule(CallbackModule_default):

    def _handle_exceptions(self, result):
        if 'exception' in result:
-            # Remove the exception from the result so it's not shown every time
+            # Remove the exception from the result so it is not shown every time
            del result['exception']

            if self._display.verbosity == 1:
@@ -252,7 +251,7 @@ class CallbackModule(CallbackModule_default):
    def _display_progress(self, result=None):
        # Always rewrite the complete line
        sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.nolinewrap + vt100.underline)
-        sys.stdout.write('%s %d:' % (self.type, self.count[self.type]))
+        sys.stdout.write(f'{self.type} {self.count[self.type]}:')
        sys.stdout.write(vt100.reset)
        sys.stdout.flush()

@@ -260,7 +259,7 @@ class CallbackModule(CallbackModule_default):
        for name in self.hosts:
            sys.stdout.write(' ')
            if self.hosts[name].get('delegate', None):
-                sys.stdout.write(self.hosts[name]['delegate'] + '>')
+                sys.stdout.write(f"{self.hosts[name]['delegate']}>")
            sys.stdout.write(colors[self.hosts[name]['state']] + name + vt100.reset)
            sys.stdout.flush()

@@ -274,8 +273,8 @@ class CallbackModule(CallbackModule_default):
        if not self.shown_title:
            self.shown_title = True
            sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.underline)
-            sys.stdout.write('%s %d: %s' % (self.type, self.count[self.type], self.task.get_name().strip()))
-            sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+            sys.stdout.write(f'{self.type} {self.count[self.type]}: {self.task.get_name().strip()}')
+            sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")
            sys.stdout.flush()
        else:
            sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline)
@@ -284,7 +283,7 @@ class CallbackModule(CallbackModule_default):
    def _display_results(self, result, status):
        # Leave the previous task on screen (as it has changes/errors)
        if self._display.verbosity == 0 and self.keep:
-            sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+            sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")
        else:
            sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline)
        self.keep = False
@@ -309,15 +308,15 @@ class CallbackModule(CallbackModule_default):
        if result._task.loop and 'results' in result._result:
            self._process_items(result)
        else:
-            sys.stdout.write(colors[status] + status + ': ')
+            sys.stdout.write(f"{colors[status] + status}: ")

            delegated_vars = result._result.get('_ansible_delegated_vars', None)
            if delegated_vars:
-                sys.stdout.write(vt100.reset + result._host.get_name() + '>' + colors[status] + delegated_vars['ansible_host'])
+                sys.stdout.write(f"{vt100.reset + result._host.get_name()}>{colors[status]}{delegated_vars['ansible_host']}")
            else:
                sys.stdout.write(result._host.get_name())

-            sys.stdout.write(': ' + dump + '\n')
+            sys.stdout.write(f": {dump}\n")
            sys.stdout.write(vt100.reset + vt100.save + vt100.clearline)
            sys.stdout.flush()

@@ -327,7 +326,7 @@ class CallbackModule(CallbackModule_default):
    def v2_playbook_on_play_start(self, play):
        # Leave the previous task on screen (as it has changes/errors)
        if self._display.verbosity == 0 and self.keep:
-            sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline + vt100.bold)
+            sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}{vt100.bold}")
        else:
            sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.bold)

@@ -341,14 +340,14 @@ class CallbackModule(CallbackModule_default):
        name = play.get_name().strip()
        if not name:
            name = 'unnamed'
-        sys.stdout.write('PLAY %d: %s' % (self.count['play'], name.upper()))
-        sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+        sys.stdout.write(f"PLAY {self.count['play']}: {name.upper()}")
+        sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")
        sys.stdout.flush()

    def v2_playbook_on_task_start(self, task, is_conditional):
        # Leave the previous task on screen (as it has changes/errors)
        if self._display.verbosity == 0 and self.keep:
-            sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline + vt100.underline)
+            sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}{vt100.underline}")
        else:
            # Do not clear line, since we want to retain the previous output
            sys.stdout.write(vt100.restore + vt100.reset + vt100.underline)
@@ -365,14 +364,14 @@ class CallbackModule(CallbackModule_default):
            self.count['task'] += 1

        # Write the next task on screen (behind the prompt is the previous output)
-        sys.stdout.write('%s %d.' % (self.type, self.count[self.type]))
+        sys.stdout.write(f'{self.type} {self.count[self.type]}.')
        sys.stdout.write(vt100.reset)
        sys.stdout.flush()

    def v2_playbook_on_handler_task_start(self, task):
        # Leave the previous task on screen (as it has changes/errors)
        if self._display.verbosity == 0 and self.keep:
-            sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline + vt100.underline)
+            sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}{vt100.underline}")
        else:
            sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline + vt100.underline)

@@ -388,7 +387,7 @@ class CallbackModule(CallbackModule_default):
            self.count[self.type] += 1

        # Write the next task on screen (behind the prompt is the previous output)
-        sys.stdout.write('%s %d.' % (self.type, self.count[self.type]))
+        sys.stdout.write(f'{self.type} {self.count[self.type]}.')
        sys.stdout.write(vt100.reset)
        sys.stdout.flush()

@@ -451,13 +450,13 @@ class CallbackModule(CallbackModule_default):

    def v2_playbook_on_no_hosts_remaining(self):
        if self._display.verbosity == 0 and self.keep:
-            sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+            sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")
        else:
            sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline)
        self.keep = False

-        sys.stdout.write(vt100.white + vt100.redbg + 'NO MORE HOSTS LEFT')
-        sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+        sys.stdout.write(f"{vt100.white + vt100.redbg}NO MORE HOSTS LEFT")
+        sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")
        sys.stdout.flush()

    def v2_playbook_on_include(self, included_file):
@@ -465,7 +464,7 @@ class CallbackModule(CallbackModule_default):

    def v2_playbook_on_stats(self, stats):
        if self._display.verbosity == 0 and self.keep:
-            sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+            sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")
        else:
            sys.stdout.write(vt100.restore + vt100.reset + vt100.clearline)

@@ -476,22 +475,16 @@ class CallbackModule(CallbackModule_default):
        sys.stdout.write(vt100.bold + vt100.underline)
        sys.stdout.write('SUMMARY')

-        sys.stdout.write(vt100.restore + vt100.reset + '\n' + vt100.save + vt100.clearline)
+        sys.stdout.write(f"{vt100.restore}{vt100.reset}\n{vt100.save}{vt100.clearline}")
        sys.stdout.flush()

        hosts = sorted(stats.processed.keys())
        for h in hosts:
            t = stats.summarize(h)
            self._display.display(
-                u"%s : %s %s %s %s %s %s" % (
-                    hostcolor(h, t),
-                    colorize(u'ok', t['ok'], C.COLOR_OK),
-                    colorize(u'changed', t['changed'], C.COLOR_CHANGED),
-                    colorize(u'unreachable', t['unreachable'], C.COLOR_UNREACHABLE),
-                    colorize(u'failed', t['failures'], C.COLOR_ERROR),
-                    colorize(u'rescued', t['rescued'], C.COLOR_OK),
-                    colorize(u'ignored', t['ignored'], C.COLOR_WARN),
-                ),
+                f"{hostcolor(h, t)} : {colorize('ok', t['ok'], C.COLOR_OK)} {colorize('changed', t['changed'], C.COLOR_CHANGED)} "
+                f"{colorize('unreachable', t['unreachable'], C.COLOR_UNREACHABLE)} {colorize('failed', t['failures'], C.COLOR_ERROR)} "
+                f"{colorize('rescued', t['rescued'], C.COLOR_OK)} {colorize('ignored', t['ignored'], C.COLOR_WARN)}",
                screen_only=True
            )

--- a/plugins/callback/diy.py
+++ b/plugins/callback/diy.py
--- a/plugins/callback/elastic.py
+++ b/plugins/callback/elastic.py
@@ -2,72 +2,71 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Victor Martinez (@v1v)  <VictorMartinezRubio@gmail.com>
-    name: elastic
-    type: notification
-    short_description: Create distributed traces for each Ansible task in Elastic APM
-    version_added: 3.8.0
+DOCUMENTATION = r"""
+author: Victor Martinez (@v1v)  <VictorMartinezRubio@gmail.com>
+name: elastic
+type: notification
+short_description: Create distributed traces for each Ansible task in Elastic APM
+version_added: 3.8.0
+description:
+  - This callback creates distributed traces for each Ansible task in Elastic APM.
+  - You can configure the plugin with environment variables.
+  - See U(https://www.elastic.co/guide/en/apm/agent/python/current/configuration.html).
+options:
+  hide_task_arguments:
+    default: false
+    type: bool
    description:
-      - This callback creates distributed traces for each Ansible task in Elastic APM.
-      - You can configure the plugin with environment variables.
-      - See U(https://www.elastic.co/guide/en/apm/agent/python/current/configuration.html).
-    options:
-      hide_task_arguments:
-        default: false
-        type: bool
-        description:
-          - Hide the arguments for a task.
-        env:
-          - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS
-      apm_service_name:
-        default: ansible
-        type: str
-        description:
-          - The service name resource attribute.
-        env:
-          - name: ELASTIC_APM_SERVICE_NAME
-      apm_server_url:
-        type: str
-        description:
-          - Use the APM server and its environment variables.
-        env:
-          - name: ELASTIC_APM_SERVER_URL
-      apm_secret_token:
-        type: str
-        description:
-          - Use the APM server token
-        env:
-          - name: ELASTIC_APM_SECRET_TOKEN
-      apm_api_key:
-        type: str
-        description:
-          - Use the APM API key
-        env:
-          - name: ELASTIC_APM_API_KEY
-      apm_verify_server_cert:
-        default: true
-        type: bool
-        description:
-          - Verifies the SSL certificate if an HTTPS connection.
-        env:
-          - name: ELASTIC_APM_VERIFY_SERVER_CERT
-      traceparent:
-        type: str
-        description:
-          - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header).
-        env:
-          - name: TRACEPARENT
-    requirements:
-      - elastic-apm (Python library)
-'''
+      - Hide the arguments for a task.
+    env:
+      - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS
+  apm_service_name:
+    default: ansible
+    type: str
+    description:
+      - The service name resource attribute.
+    env:
+      - name: ELASTIC_APM_SERVICE_NAME
+  apm_server_url:
+    type: str
+    description:
+      - Use the APM server and its environment variables.
+    env:
+      - name: ELASTIC_APM_SERVER_URL
+  apm_secret_token:
+    type: str
+    description:
+      - Use the APM server token.
+    env:
+      - name: ELASTIC_APM_SECRET_TOKEN
+  apm_api_key:
+    type: str
+    description:
+      - Use the APM API key.
+    env:
+      - name: ELASTIC_APM_API_KEY
+  apm_verify_server_cert:
+    default: true
+    type: bool
+    description:
+      - Verifies the SSL certificate if an HTTPS connection.
+    env:
+      - name: ELASTIC_APM_VERIFY_SERVER_CERT
+  traceparent:
+    type: str
+    description:
+      - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header).
+    env:
+      - name: TRACEPARENT
+requirements:
+  - elastic-apm (Python library)
+"""


-EXAMPLES = '''
-examples: |
+EXAMPLES = r"""
+examples: |-
  Enable the plugin in ansible.cfg:
    [defaults]
    callbacks_enabled = community.general.elastic
@@ -76,7 +75,7 @@ examples: |
    export ELASTIC_APM_SERVER_URL=<your APM server URL)>
    export ELASTIC_APM_SERVICE_NAME=your_service_name
    export ELASTIC_APM_API_KEY=your_APM_API_KEY
-'''
+"""

 import getpass
 import socket
@@ -118,7 +117,7 @@ class TaskData:
        if host.uuid in self.host_data:
            if host.status == 'included':
                # concatenate task include output from multiple items
-                host.result = '%s\n%s' % (self.host_data[host.uuid].result, host.result)
+                host.result = f'{self.host_data[host.uuid].result}\n{host.result}'
            else:
                return

@@ -166,7 +165,7 @@ class ElasticSource(object):
        args = None

        if not task.no_log and not hide_task_arguments:
-            args = ', '.join(('%s=%s' % a for a in task.args.items()))
+            args = ', '.join((f'{k}={v}' for k, v in task.args.items()))

        tasks_data[uuid] = TaskData(uuid, name, path, play_name, action, args)

@@ -225,7 +224,7 @@ class ElasticSource(object):
    def create_span_data(self, apm_cli, task_data, host_data):
        """ create the span with the given TaskData and HostData """

-        name = '[%s] %s: %s' % (host_data.name, task_data.play, task_data.name)
+        name = f'[{host_data.name}] {task_data.play}: {task_data.name}'

        message = "success"
        status = "success"
@@ -259,7 +258,7 @@ class ElasticSource(object):
                                  "ansible.task.host.status": host_data.status}) as span:
            span.outcome = status
            if 'failure' in status:
-                exception = AnsibleRuntimeError(message="{0}: {1} failed with error message {2}".format(task_data.action, name, enriched_error_message))
+                exception = AnsibleRuntimeError(message=f"{task_data.action}: {name} failed with error message {enriched_error_message}")
                apm_cli.capture_exception(exc_info=(type(exception), exception, exception.__traceback__), handled=True)

    def init_apm_client(self, apm_server_url, apm_service_name, apm_verify_server_cert, apm_secret_token, apm_api_key):
@@ -288,7 +287,7 @@ class ElasticSource(object):
        message = result.get('msg', 'failed')
        exception = result.get('exception')
        stderr = result.get('stderr')
-        return ('message: "{0}"\nexception: "{1}"\nstderr: "{2}"').format(message, exception, stderr)
+        return f"message: \"{message}\"\nexception: \"{exception}\"\nstderr: \"{stderr}\""


 class CallbackModule(CallbackBase):
--- a/plugins/callback/hipchat.py
+++ b/plugins/callback/hipchat.py
@@ -1,240 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright (c) 2014, Matt Martz <matt@sivel.net>
-# Copyright (c) 2017 Ansible Project
-# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: hipchat
-    type: notification
-    requirements:
-      - whitelist in configuration.
-      - prettytable (python lib)
-    short_description: post task events to hipchat
-    description:
-      - This callback plugin sends status updates to a HipChat channel during playbook execution.
-      - Before 2.4 only environment variables were available for configuring this plugin.
-    deprecated:
-      removed_in: 10.0.0
-      why: The hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020.
-      alternative: There is none.
-    options:
-      token:
-        description: HipChat API token for v1 or v2 API.
-        type: str
-        required: true
-        env:
-          - name: HIPCHAT_TOKEN
-        ini:
-          - section: callback_hipchat
-            key: token
-      api_version:
-        description: HipChat API version, v1 or v2.
-        type: str
-        choices:
-          - v1
-          - v2
-        required: false
-        default: v1
-        env:
-          - name: HIPCHAT_API_VERSION
-        ini:
-          - section: callback_hipchat
-            key: api_version
-      room:
-        description: HipChat room to post in.
-        type: str
-        default: ansible
-        env:
-          - name: HIPCHAT_ROOM
-        ini:
-          - section: callback_hipchat
-            key: room
-      from:
-        description:  Name to post as
-        type: str
-        default: ansible
-        env:
-          - name: HIPCHAT_FROM
-        ini:
-          - section: callback_hipchat
-            key: from
-      notify:
-        description: Add notify flag to important messages
-        type: bool
-        default: true
-        env:
-          - name: HIPCHAT_NOTIFY
-        ini:
-          - section: callback_hipchat
-            key: notify
-
-'''
-
-import os
-import json
-
-try:
-    import prettytable
-    HAS_PRETTYTABLE = True
-except ImportError:
-    HAS_PRETTYTABLE = False
-
-from ansible.plugins.callback import CallbackBase
-from ansible.module_utils.six.moves.urllib.parse import urlencode
-from ansible.module_utils.urls import open_url
-
-
-class CallbackModule(CallbackBase):
-    """This is an example ansible callback plugin that sends status
-    updates to a HipChat channel during playbook execution.
-    """
-
-    CALLBACK_VERSION = 2.0
-    CALLBACK_TYPE = 'notification'
-    CALLBACK_NAME = 'community.general.hipchat'
-    CALLBACK_NEEDS_WHITELIST = True
-
-    API_V1_URL = 'https://api.hipchat.com/v1/rooms/message'
-    API_V2_URL = 'https://api.hipchat.com/v2/'
-
-    def __init__(self):
-
-        super(CallbackModule, self).__init__()
-
-        if not HAS_PRETTYTABLE:
-            self.disabled = True
-            self._display.warning('The `prettytable` python module is not installed. '
-                                  'Disabling the HipChat callback plugin.')
-        self.printed_playbook = False
-        self.playbook_name = None
-        self.play = None
-
-    def set_options(self, task_keys=None, var_options=None, direct=None):
-        super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
-
-        self.token = self.get_option('token')
-        self.api_version = self.get_option('api_version')
-        self.from_name = self.get_option('from')
-        self.allow_notify = self.get_option('notify')
-        self.room = self.get_option('room')
-
-        if self.token is None:
-            self.disabled = True
-            self._display.warning('HipChat token could not be loaded. The HipChat '
-                                  'token can be provided using the `HIPCHAT_TOKEN` '
-                                  'environment variable.')
-
-        # Pick the request handler.
-        if self.api_version == 'v2':
-            self.send_msg = self.send_msg_v2
-        else:
-            self.send_msg = self.send_msg_v1
-
-    def send_msg_v2(self, msg, msg_format='text', color='yellow', notify=False):
-        """Method for sending a message to HipChat"""
-
-        headers = {'Authorization': 'Bearer %s' % self.token, 'Content-Type': 'application/json'}
-
-        body = {}
-        body['room_id'] = self.room
-        body['from'] = self.from_name[:15]  # max length is 15
-        body['message'] = msg
-        body['message_format'] = msg_format
-        body['color'] = color
-        body['notify'] = self.allow_notify and notify
-
-        data = json.dumps(body)
-        url = self.API_V2_URL + "room/{room_id}/notification".format(room_id=self.room)
-        try:
-            response = open_url(url, data=data, headers=headers, method='POST')
-            return response.read()
-        except Exception as ex:
-            self._display.warning('Could not submit message to hipchat: {0}'.format(ex))
-
-    def send_msg_v1(self, msg, msg_format='text', color='yellow', notify=False):
-        """Method for sending a message to HipChat"""
-
-        params = {}
-        params['room_id'] = self.room
-        params['from'] = self.from_name[:15]  # max length is 15
-        params['message'] = msg
-        params['message_format'] = msg_format
-        params['color'] = color
-        params['notify'] = int(self.allow_notify and notify)
-
-        url = ('%s?auth_token=%s' % (self.API_V1_URL, self.token))
-        try:
-            response = open_url(url, data=urlencode(params))
-            return response.read()
-        except Exception as ex:
-            self._display.warning('Could not submit message to hipchat: {0}'.format(ex))
-
-    def v2_playbook_on_play_start(self, play):
-        """Display Playbook and play start messages"""
-
-        self.play = play
-        name = play.name
-        # This block sends information about a playbook when it starts
-        # The playbook object is not immediately available at
-        # playbook_on_start so we grab it via the play
-        #
-        # Displays info about playbook being started by a person on an
-        # inventory, as well as Tags, Skip Tags and Limits
-        if not self.printed_playbook:
-            self.playbook_name, dummy = os.path.splitext(os.path.basename(self.play.playbook.filename))
-            host_list = self.play.playbook.inventory.host_list
-            inventory = os.path.basename(os.path.realpath(host_list))
-            self.send_msg("%s: Playbook initiated by %s against %s" %
-                          (self.playbook_name,
-                           self.play.playbook.remote_user,
-                           inventory), notify=True)
-            self.printed_playbook = True
-            subset = self.play.playbook.inventory._subset
-            skip_tags = self.play.playbook.skip_tags
-            self.send_msg("%s:\nTags: %s\nSkip Tags: %s\nLimit: %s" %
-                          (self.playbook_name,
-                           ', '.join(self.play.playbook.only_tags),
-                           ', '.join(skip_tags) if skip_tags else None,
-                           ', '.join(subset) if subset else subset))
-
-        # This is where we actually say we are starting a play
-        self.send_msg("%s: Starting play: %s" %
-                      (self.playbook_name, name))
-
-    def playbook_on_stats(self, stats):
-        """Display info about playbook statistics"""
-        hosts = sorted(stats.processed.keys())
-
-        t = prettytable.PrettyTable(['Host', 'Ok', 'Changed', 'Unreachable',
-                                     'Failures'])
-
-        failures = False
-        unreachable = False
-
-        for h in hosts:
-            s = stats.summarize(h)
-
-            if s['failures'] > 0:
-                failures = True
-            if s['unreachable'] > 0:
-                unreachable = True
-
-            t.add_row([h] + [s[k] for k in ['ok', 'changed', 'unreachable',
-                                            'failures']])
-
-        self.send_msg("%s: Playbook complete" % self.playbook_name,
-                      notify=True)
-
-        if failures or unreachable:
-            color = 'red'
-            self.send_msg("%s: Failures detected" % self.playbook_name,
-                          color=color, notify=True)
-        else:
-            color = 'green'
-
-        self.send_msg("/code %s:\n%s" % (self.playbook_name, t), color=color)
--- a/plugins/callback/jabber.py
+++ b/plugins/callback/jabber.py
@@ -4,45 +4,44 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: jabber
-    type: notification
-    short_description: post task events to a jabber server
-    description:
-      - The chatty part of ChatOps with a Hipchat server as a target.
-      - This callback plugin sends status updates to a HipChat channel during playbook execution.
-    requirements:
-      - xmpp (Python library U(https://github.com/ArchipelProject/xmpppy))
-    options:
-      server:
-        description: connection info to jabber server
-        type: str
-        required: true
-        env:
-          - name: JABBER_SERV
-      user:
-        description: Jabber user to authenticate as
-        type: str
-        required: true
-        env:
-          - name: JABBER_USER
-      password:
-        description: Password for the user to the jabber server
-        type: str
-        required: true
-        env:
-          - name: JABBER_PASS
-      to:
-        description: chat identifier that will receive the message
-        type: str
-        required: true
-        env:
-          - name: JABBER_TO
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: jabber
+type: notification
+short_description: post task events to a Jabber server
+description:
+  - The chatty part of ChatOps with a Hipchat server as a target.
+  - This callback plugin sends status updates to a HipChat channel during playbook execution.
+requirements:
+  - xmpp (Python library U(https://github.com/ArchipelProject/xmpppy))
+options:
+  server:
+    description: Connection info to Jabber server.
+    type: str
+    required: true
+    env:
+      - name: JABBER_SERV
+  user:
+    description: Jabber user to authenticate as.
+    type: str
+    required: true
+    env:
+      - name: JABBER_USER
+  password:
+    description: Password for the user to the Jabber server.
+    type: str
+    required: true
+    env:
+      - name: JABBER_PASS
+  to:
+    description: Chat identifier that will receive the message.
+    type: str
+    required: true
+    env:
+      - name: JABBER_TO
+"""

 import os

@@ -102,7 +101,7 @@ class CallbackModule(CallbackBase):
        """Display Playbook and play start messages"""
        self.play = play
        name = play.name
-        self.send_msg("Ansible starting play: %s" % (name))
+        self.send_msg(f"Ansible starting play: {name}")

    def playbook_on_stats(self, stats):
        name = self.play
@@ -118,7 +117,7 @@ class CallbackModule(CallbackBase):

        if failures or unreachable:
            out = self.debug
-            self.send_msg("%s: Failures detected \n%s \nHost: %s\n Failed at:\n%s" % (name, self.task, h, out))
+            self.send_msg(f"{name}: Failures detected \n{self.task} \nHost: {h}\n Failed at:\n{out}")
        else:
            out = self.debug
-            self.send_msg("Great! \n Playbook %s completed:\n%s \n Last task debug:\n %s" % (name, s, out))
+            self.send_msg(f"Great! \n Playbook {name} completed:\n{s} \n Last task debug:\n {out}")
--- a/plugins/callback/log_plays.py
+++ b/plugins/callback/log_plays.py
@@ -4,30 +4,29 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: log_plays
-    type: notification
-    short_description: write playbook output to log file
-    description:
-      - This callback writes playbook output to a file per host in the C(/var/log/ansible/hosts) directory.
-    requirements:
-     - Whitelist in configuration
-     - A writeable C(/var/log/ansible/hosts) directory by the user executing Ansible on the controller
-    options:
-      log_folder:
-        default: /var/log/ansible/hosts
-        description: The folder where log files will be created.
-        type: str
-        env:
-          - name: ANSIBLE_LOG_FOLDER
-        ini:
-          - section: callback_log_plays
-            key: log_folder
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: log_plays
+type: notification
+short_description: write playbook output to log file
+description:
+  - This callback writes playbook output to a file per host in the C(/var/log/ansible/hosts) directory.
+requirements:
+  - Whitelist in configuration
+  - A writeable C(/var/log/ansible/hosts) directory by the user executing Ansible on the controller
+options:
+  log_folder:
+    default: /var/log/ansible/hosts
+    description: The folder where log files will be created.
+    type: str
+    env:
+      - name: ANSIBLE_LOG_FOLDER
+    ini:
+      - section: callback_log_plays
+        key: log_folder
+"""

 import os
 import time
@@ -57,7 +56,10 @@ class CallbackModule(CallbackBase):
    CALLBACK_NEEDS_WHITELIST = True

    TIME_FORMAT = "%b %d %Y %H:%M:%S"
-    MSG_FORMAT = "%(now)s - %(playbook)s - %(task_name)s - %(task_action)s - %(category)s - %(data)s\n\n"
+
+    @staticmethod
+    def _make_msg(now, playbook, task_name, task_action, category, data):
+        return f"{now} - {playbook} - {task_name} - {task_action} - {category} - {data}\n\n"

    def __init__(self):

@@ -82,22 +84,12 @@ class CallbackModule(CallbackBase):
                invocation = data.pop('invocation', None)
                data = json.dumps(data, cls=AnsibleJSONEncoder)
                if invocation is not None:
-                    data = json.dumps(invocation) + " => %s " % data
+                    data = f"{json.dumps(invocation)} => {data} "

        path = os.path.join(self.log_folder, result._host.get_name())
        now = time.strftime(self.TIME_FORMAT, time.localtime())

-        msg = to_bytes(
-            self.MSG_FORMAT
-            % dict(
-                now=now,
-                playbook=self.playbook,
-                task_name=result._task.name,
-                task_action=result._task.action,
-                category=category,
-                data=data,
-            )
-        )
+        msg = to_bytes(self._make_msg(now, self.playbook, result._task.name, result._task.action, category, data))
        with open(path, "ab") as fd:
            fd.write(msg)

--- a/plugins/callback/loganalytics.py
+++ b/plugins/callback/loganalytics.py
@@ -3,44 +3,43 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: loganalytics
-    type: notification
-    short_description: Posts task results to Azure Log Analytics
-    author: "Cyrus Li (@zhcli) <cyrus1006@gmail.com>"
-    description:
-      - This callback plugin will post task results in JSON formatted to an Azure Log Analytics workspace.
-      - Credits to authors of splunk callback plugin.
-    version_added: "2.4.0"
-    requirements:
-      - Whitelisting this callback plugin.
-      - An Azure log analytics work space has been established.
-    options:
-      workspace_id:
-        description: Workspace ID of the Azure log analytics workspace.
-        type: str
-        required: true
-        env:
-          - name: WORKSPACE_ID
-        ini:
-          - section: callback_loganalytics
-            key: workspace_id
-      shared_key:
-        description: Shared key to connect to Azure log analytics workspace.
-        type: str
-        required: true
-        env:
-          - name: WORKSPACE_SHARED_KEY
-        ini:
-          - section: callback_loganalytics
-            key: shared_key
-'''
+DOCUMENTATION = r"""
+name: loganalytics
+type: notification
+short_description: Posts task results to Azure Log Analytics
+author: "Cyrus Li (@zhcli) <cyrus1006@gmail.com>"
+description:
+  - This callback plugin will post task results in JSON formatted to an Azure Log Analytics workspace.
+  - Credits to authors of splunk callback plugin.
+version_added: "2.4.0"
+requirements:
+  - Whitelisting this callback plugin.
+  - An Azure log analytics work space has been established.
+options:
+  workspace_id:
+    description: Workspace ID of the Azure log analytics workspace.
+    type: str
+    required: true
+    env:
+      - name: WORKSPACE_ID
+    ini:
+      - section: callback_loganalytics
+        key: workspace_id
+  shared_key:
+    description: Shared key to connect to Azure log analytics workspace.
+    type: str
+    required: true
+    env:
+      - name: WORKSPACE_SHARED_KEY
+    ini:
+      - section: callback_loganalytics
+        key: shared_key
+"""

-EXAMPLES = '''
-examples: |
+EXAMPLES = r"""
+examples: |-
  Whitelist the plugin in ansible.cfg:
    [defaults]
    callback_whitelist = community.general.loganalytics
@@ -51,7 +50,7 @@ examples: |
    [callback_loganalytics]
    workspace_id = 01234567-0123-0123-0123-01234567890a
    shared_key = dZD0kCbKl3ehZG6LHFMuhtE0yHiFCmetzFMc2u+roXIUQuatqU924SsAAAAPemhjbGlAemhjbGktTUJQAQIDBA==
-'''
+"""

 import hashlib
 import hmac
@@ -84,18 +83,17 @@ class AzureLogAnalyticsSource(object):

    def __build_signature(self, date, workspace_id, shared_key, content_length):
        # Build authorisation signature for Azure log analytics API call
-        sigs = "POST\n{0}\napplication/json\nx-ms-date:{1}\n/api/logs".format(
-            str(content_length), date)
+        sigs = f"POST\n{content_length}\napplication/json\nx-ms-date:{date}\n/api/logs"
        utf8_sigs = sigs.encode('utf-8')
        decoded_shared_key = base64.b64decode(shared_key)
        hmac_sha256_sigs = hmac.new(
            decoded_shared_key, utf8_sigs, digestmod=hashlib.sha256).digest()
        encoded_hash = base64.b64encode(hmac_sha256_sigs).decode('utf-8')
-        signature = "SharedKey {0}:{1}".format(workspace_id, encoded_hash)
+        signature = f"SharedKey {workspace_id}:{encoded_hash}"
        return signature

    def __build_workspace_url(self, workspace_id):
-        return "https://{0}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01".format(workspace_id)
+        return f"https://{workspace_id}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01"

    def __rfc1123date(self):
        return now().strftime('%a, %d %b %Y %H:%M:%S GMT')
--- a/plugins/callback/logdna.py
+++ b/plugins/callback/logdna.py
@@ -3,59 +3,58 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: logdna
-    type: notification
-    short_description: Sends playbook logs to LogDNA
-    description:
-      - This callback will report logs from playbook actions, tasks, and events to LogDNA (U(https://app.logdna.com)).
-    requirements:
-      - LogDNA Python Library (U(https://github.com/logdna/python))
-      - whitelisting in configuration
-    options:
-      conf_key:
-        required: true
-        description: LogDNA Ingestion Key.
-        type: string
-        env:
-          - name: LOGDNA_INGESTION_KEY
-        ini:
-          - section: callback_logdna
-            key: conf_key
-      plugin_ignore_errors:
-        required: false
-        description: Whether to ignore errors on failing or not.
-        type: boolean
-        env:
-          - name: ANSIBLE_IGNORE_ERRORS
-        ini:
-          - section: callback_logdna
-            key: plugin_ignore_errors
-        default: false
-      conf_hostname:
-        required: false
-        description: Alternative Host Name; the current host name by default.
-        type: string
-        env:
-          - name: LOGDNA_HOSTNAME
-        ini:
-          - section: callback_logdna
-            key: conf_hostname
-      conf_tags:
-        required: false
-        description: Tags.
-        type: string
-        env:
-          - name: LOGDNA_TAGS
-        ini:
-          - section: callback_logdna
-            key: conf_tags
-        default: ansible
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: logdna
+type: notification
+short_description: Sends playbook logs to LogDNA
+description:
+  - This callback will report logs from playbook actions, tasks, and events to LogDNA (U(https://app.logdna.com)).
+requirements:
+  - LogDNA Python Library (U(https://github.com/logdna/python))
+  - whitelisting in configuration
+options:
+  conf_key:
+    required: true
+    description: LogDNA Ingestion Key.
+    type: string
+    env:
+      - name: LOGDNA_INGESTION_KEY
+    ini:
+      - section: callback_logdna
+        key: conf_key
+  plugin_ignore_errors:
+    required: false
+    description: Whether to ignore errors on failing or not.
+    type: boolean
+    env:
+      - name: ANSIBLE_IGNORE_ERRORS
+    ini:
+      - section: callback_logdna
+        key: plugin_ignore_errors
+    default: false
+  conf_hostname:
+    required: false
+    description: Alternative Host Name; the current host name by default.
+    type: string
+    env:
+      - name: LOGDNA_HOSTNAME
+    ini:
+      - section: callback_logdna
+        key: conf_hostname
+  conf_tags:
+    required: false
+    description: Tags.
+    type: string
+    env:
+      - name: LOGDNA_TAGS
+    ini:
+      - section: callback_logdna
+        key: conf_tags
+    default: ansible
+"""

 import logging
 import json
@@ -73,7 +72,7 @@ except ImportError:

 # Getting MAC Address of system:
 def get_mac():
-    mac = "%012x" % getnode()
+    mac = f"{getnode():012x}"
    return ":".join(map(lambda index: mac[index:index + 2], range(int(len(mac) / 2))))


@@ -161,7 +160,7 @@ class CallbackModule(CallbackBase):
        if ninvalidKeys > 0:
            for key in invalidKeys:
                del meta[key]
-            meta['__errors'] = 'These keys have been sanitized: ' + ', '.join(invalidKeys)
+            meta['__errors'] = f"These keys have been sanitized: {', '.join(invalidKeys)}"
        return meta

    def sanitizeJSON(self, data):
--- a/plugins/callback/logentries.py
+++ b/plugins/callback/logentries.py
@@ -3,82 +3,79 @@
 # Copyright (c) 2017 Ansible Project
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: logentries
-    type: notification
-    short_description: Sends events to Logentries
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: logentries
+type: notification
+short_description: Sends events to Logentries
+description:
+  - This callback plugin will generate JSON objects and send them to Logentries using TCP for auditing/debugging purposes.
+requirements:
+  - whitelisting in configuration
+  - certifi (Python library)
+  - flatdict (Python library), if you want to use the O(flatten) option
+options:
+  api:
+    description: URI to the Logentries API.
+    type: str
+    env:
+      - name: LOGENTRIES_API
+    default: data.logentries.com
+    ini:
+      - section: callback_logentries
+        key: api
+  port:
+    description: HTTP port to use when connecting to the API.
+    type: int
+    env:
+      - name: LOGENTRIES_PORT
+    default: 80
+    ini:
+      - section: callback_logentries
+        key: port
+  tls_port:
+    description: Port to use when connecting to the API when TLS is enabled.
+    type: int
+    env:
+      - name: LOGENTRIES_TLS_PORT
+    default: 443
+    ini:
+      - section: callback_logentries
+        key: tls_port
+  token:
+    description: The logentries C(TCP token).
+    type: str
+    env:
+      - name: LOGENTRIES_ANSIBLE_TOKEN
+    required: true
+    ini:
+      - section: callback_logentries
+        key: token
+  use_tls:
    description:
-      - This callback plugin will generate JSON objects and send them to Logentries via TCP for auditing/debugging purposes.
-      - Before 2.4, if you wanted to use an ini configuration, the file must be placed in the same directory as this plugin and named C(logentries.ini).
-      - In 2.4 and above you can just put it in the main Ansible configuration file.
-    requirements:
-      - whitelisting in configuration
-      - certifi (Python library)
-      - flatdict (Python library), if you want to use the O(flatten) option
-    options:
-      api:
-        description: URI to the Logentries API.
-        type: str
-        env:
-          - name: LOGENTRIES_API
-        default: data.logentries.com
-        ini:
-          - section: callback_logentries
-            key: api
-      port:
-        description: HTTP port to use when connecting to the API.
-        type: int
-        env:
-            - name: LOGENTRIES_PORT
-        default: 80
-        ini:
-          - section: callback_logentries
-            key: port
-      tls_port:
-        description: Port to use when connecting to the API when TLS is enabled.
-        type: int
-        env:
-            - name: LOGENTRIES_TLS_PORT
-        default: 443
-        ini:
-          - section: callback_logentries
-            key: tls_port
-      token:
-        description: The logentries C(TCP token).
-        type: str
-        env:
-          - name: LOGENTRIES_ANSIBLE_TOKEN
-        required: true
-        ini:
-          - section: callback_logentries
-            key: token
-      use_tls:
-        description:
-          - Toggle to decide whether to use TLS to encrypt the communications with the API server.
-        env:
-          - name: LOGENTRIES_USE_TLS
-        default: false
-        type: boolean
-        ini:
-          - section: callback_logentries
-            key: use_tls
-      flatten:
-        description: Flatten complex data structures into a single dictionary with complex keys.
-        type: boolean
-        default: false
-        env:
-          - name: LOGENTRIES_FLATTEN
-        ini:
-          - section: callback_logentries
-            key: flatten
-'''
+      - Toggle to decide whether to use TLS to encrypt the communications with the API server.
+    env:
+      - name: LOGENTRIES_USE_TLS
+    default: false
+    type: boolean
+    ini:
+      - section: callback_logentries
+        key: use_tls
+  flatten:
+    description: Flatten complex data structures into a single dictionary with complex keys.
+    type: boolean
+    default: false
+    env:
+      - name: LOGENTRIES_FLATTEN
+    ini:
+      - section: callback_logentries
+        key: flatten
+"""

-EXAMPLES = '''
-examples: >
+EXAMPLES = r"""
+examples: >-
  To enable, add this to your ansible.cfg file in the defaults block

    [defaults]
@@ -97,7 +94,7 @@ examples: >
    use_tls = true
    token = dd21fc88-f00a-43ff-b977-e3a4233c53af
    flatten = false
-'''
+"""

 import os
 import socket
@@ -135,7 +132,7 @@ class PlainTextSocketAppender(object):
        # Error message displayed when an incorrect Token has been detected
        self.INVALID_TOKEN = "\n\nIt appears the LOGENTRIES_TOKEN parameter you entered is incorrect!\n\n"
        # Unicode Line separator character   \u2028
-        self.LINE_SEP = u'\u2028'
+        self.LINE_SEP = '\u2028'

        self._display = display
        self._conn = None
@@ -153,7 +150,7 @@ class PlainTextSocketAppender(object):
                self.open_connection()
                return
            except Exception as e:
-                self._display.vvvv(u"Unable to connect to Logentries: %s" % to_text(e))
+                self._display.vvvv(f"Unable to connect to Logentries: {e}")

            root_delay *= 2
            if root_delay > self.MAX_DELAY:
@@ -162,7 +159,7 @@ class PlainTextSocketAppender(object):
            wait_for = root_delay + random.uniform(0, root_delay)

            try:
-                self._display.vvvv("sleeping %s before retry" % wait_for)
+                self._display.vvvv(f"sleeping {wait_for} before retry")
                time.sleep(wait_for)
            except KeyboardInterrupt:
                raise
@@ -175,8 +172,8 @@ class PlainTextSocketAppender(object):
        # Replace newlines with Unicode line separator
        # for multi-line events
        data = to_text(data, errors='surrogate_or_strict')
-        multiline = data.replace(u'\n', self.LINE_SEP)
-        multiline += u"\n"
+        multiline = data.replace('\n', self.LINE_SEP)
+        multiline += "\n"
        # Send data, reconnect if needed
        while True:
            try:
@@ -249,7 +246,7 @@ class CallbackModule(CallbackBase):
            self.use_tls = self.get_option('use_tls')
            self.flatten = self.get_option('flatten')
        except KeyError as e:
-            self._display.warning(u"Missing option for Logentries callback plugin: %s" % to_text(e))
+            self._display.warning(f"Missing option for Logentries callback plugin: {e}")
            self.disabled = True

        try:
@@ -268,10 +265,10 @@ class CallbackModule(CallbackBase):

        if not self.disabled:
            if self.use_tls:
-                self._display.vvvv("Connecting to %s:%s with TLS" % (self.api_url, self.api_tls_port))
+                self._display.vvvv(f"Connecting to {self.api_url}:{self.api_tls_port} with TLS")
                self._appender = TLSSocketAppender(display=self._display, LE_API=self.api_url, LE_TLS_PORT=self.api_tls_port)
            else:
-                self._display.vvvv("Connecting to %s:%s" % (self.api_url, self.api_port))
+                self._display.vvvv(f"Connecting to {self.api_url}:{self.api_port}")
                self._appender = PlainTextSocketAppender(display=self._display, LE_API=self.api_url, LE_PORT=self.api_port)
            self._appender.reopen_connection()

@@ -284,7 +281,7 @@ class CallbackModule(CallbackBase):

    def emit(self, record):
        msg = record.rstrip('\n')
-        msg = "{0} {1}".format(self.token, msg)
+        msg = f"{self.token} {msg}"
        self._appender.put(msg)
        self._display.vvvv("Sent event to logentries")

--- a/plugins/callback/logstash.py
+++ b/plugins/callback/logstash.py
@@ -4,98 +4,96 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = r'''
-    author: Yevhen Khmelenko (@ujenmr)
-    name: logstash
-    type: notification
-    short_description: Sends events to Logstash
-    description:
-      - This callback will report facts and task events to Logstash U(https://www.elastic.co/products/logstash).
-    requirements:
-      - whitelisting in configuration
-      - logstash (Python library)
-    options:
-      server:
-        description: Address of the Logstash server.
-        type: str
-        env:
-          - name: LOGSTASH_SERVER
-        ini:
-          - section: callback_logstash
-            key: server
-            version_added: 1.0.0
-        default: localhost
-      port:
-        description: Port on which logstash is listening.
-        type: int
-        env:
-            - name: LOGSTASH_PORT
-        ini:
-          - section: callback_logstash
-            key: port
-            version_added: 1.0.0
-        default: 5000
-      type:
-        description: Message type.
-        type: str
-        env:
-          - name: LOGSTASH_TYPE
-        ini:
-          - section: callback_logstash
-            key: type
-            version_added: 1.0.0
-        default: ansible
-      pre_command:
-        description: Executes command before run and its result is added to the C(ansible_pre_command_output) logstash field.
-        type: str
-        version_added: 2.0.0
-        ini:
-          - section: callback_logstash
-            key: pre_command
-        env:
-          - name: LOGSTASH_PRE_COMMAND
-      format_version:
-        description: Logging format.
-        type: str
-        version_added: 2.0.0
-        ini:
-          - section: callback_logstash
-            key: format_version
-        env:
-          - name: LOGSTASH_FORMAT_VERSION
-        default: v1
-        choices:
-          - v1
-          - v2
+DOCUMENTATION = r"""
+author: Yevhen Khmelenko (@ujenmr)
+name: logstash
+type: notification
+short_description: Sends events to Logstash
+description:
+  - This callback will report facts and task events to Logstash U(https://www.elastic.co/products/logstash).
+requirements:
+  - whitelisting in configuration
+  - logstash (Python library)
+options:
+  server:
+    description: Address of the Logstash server.
+    type: str
+    env:
+      - name: LOGSTASH_SERVER
+    ini:
+      - section: callback_logstash
+        key: server
+        version_added: 1.0.0
+    default: localhost
+  port:
+    description: Port on which logstash is listening.
+    type: int
+    env:
+      - name: LOGSTASH_PORT
+    ini:
+      - section: callback_logstash
+        key: port
+        version_added: 1.0.0
+    default: 5000
+  type:
+    description: Message type.
+    type: str
+    env:
+      - name: LOGSTASH_TYPE
+    ini:
+      - section: callback_logstash
+        key: type
+        version_added: 1.0.0
+    default: ansible
+  pre_command:
+    description: Executes command before run and its result is added to the C(ansible_pre_command_output) logstash field.
+    type: str
+    version_added: 2.0.0
+    ini:
+      - section: callback_logstash
+        key: pre_command
+    env:
+      - name: LOGSTASH_PRE_COMMAND
+  format_version:
+    description: Logging format.
+    type: str
+    version_added: 2.0.0
+    ini:
+      - section: callback_logstash
+        key: format_version
+    env:
+      - name: LOGSTASH_FORMAT_VERSION
+    default: v1
+    choices:
+      - v1
+      - v2
+"""

-'''
-
-EXAMPLES = r'''
+EXAMPLES = r"""
 ansible.cfg: |
-    # Enable Callback plugin
-    [defaults]
-        callback_whitelist = community.general.logstash
+  # Enable Callback plugin
+  [defaults]
+      callback_whitelist = community.general.logstash

-    [callback_logstash]
-        server = logstash.example.com
-        port = 5000
-        pre_command = git rev-parse HEAD
-        type = ansible
+  [callback_logstash]
+      server = logstash.example.com
+      port = 5000
+      pre_command = git rev-parse HEAD
+      type = ansible

-11-input-tcp.conf: |
-    # Enable Logstash TCP Input
-    input {
-            tcp {
-                port => 5000
-                codec => json
-                add_field => { "[@metadata][beat]" => "notify" }
-                add_field => { "[@metadata][type]" => "ansible" }
-            }
-        }
-'''
+11-input-tcp.conf: |-
+  # Enable Logstash TCP Input
+  input {
+          tcp {
+              port => 5000
+              codec => json
+              add_field => { "[@metadata][beat]" => "notify" }
+              add_field => { "[@metadata][type]" => "ansible" }
+          }
+      }
+"""

 import os
 import json
@@ -129,9 +127,7 @@ class CallbackModule(CallbackBase):

        if not HAS_LOGSTASH:
            self.disabled = True
-            self._display.warning("The required python-logstash/python3-logstash is not installed. "
-                                  "pip install python-logstash for Python 2"
-                                  "pip install python3-logstash for Python 3")
+            self._display.warning("The required python3-logstash is not installed.")

        self.start_time = now()

--- a/plugins/callback/mail.py
+++ b/plugins/callback/mail.py
@@ -4,84 +4,82 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
+DOCUMENTATION = r"""
 name: mail
 type: notification
-short_description: Sends failure events via email
+short_description: Sends failure events through email
 description:
- This callback will report failures via email.
+  - This callback will report failures through email.
 author:
- Dag Wieers (@dagwieers)
+  - Dag Wieers (@dagwieers)
 requirements:
- whitelisting in configuration
+  - whitelisting in configuration
 options:
  mta:
    description:
-        - Mail Transfer Agent, server that accepts SMTP.
+      - Mail Transfer Agent, server that accepts SMTP.
    type: str
    env:
-        - name: SMTPHOST
+      - name: SMTPHOST
    ini:
-        - section: callback_mail
-          key: smtphost
+      - section: callback_mail
+        key: smtphost
    default: localhost
  mtaport:
    description:
-        - Mail Transfer Agent Port.
-        - Port at which server SMTP.
+      - Mail Transfer Agent Port.
+      - Port at which server SMTP.
    type: int
    ini:
-        - section: callback_mail
-          key: smtpport
+      - section: callback_mail
+        key: smtpport
    default: 25
  to:
    description:
-        - Mail recipient.
+      - Mail recipient.
    type: list
    elements: str
    ini:
-        - section: callback_mail
-          key: to
+      - section: callback_mail
+        key: to
    default: [root]
  sender:
    description:
-        - Mail sender.
-        - This is required since community.general 6.0.0.
+      - Mail sender.
+      - This is required since community.general 6.0.0.
    type: str
    required: true
    ini:
-        - section: callback_mail
-          key: sender
+      - section: callback_mail
+        key: sender
  cc:
    description:
-        - CC'd recipients.
+      - CC'd recipients.
    type: list
    elements: str
    ini:
-        - section: callback_mail
-          key: cc
+      - section: callback_mail
+        key: cc
  bcc:
    description:
-        - BCC'd recipients.
+      - BCC'd recipients.
    type: list
    elements: str
    ini:
-        - section: callback_mail
-          key: bcc
+      - section: callback_mail
+        key: bcc
  message_id_domain:
    description:
-        - The domain name to use for the L(Message-ID header, https://en.wikipedia.org/wiki/Message-ID).
-        - The default is the hostname of the control node.
+      - The domain name to use for the L(Message-ID header, https://en.wikipedia.org/wiki/Message-ID).
+      - The default is the hostname of the control node.
    type: str
    ini:
-        - section: callback_mail
-          key: message_id_domain
+      - section: callback_mail
+        key: message_id_domain
    version_added: 8.2.0
-
-'''
+"""

 import json
 import os
@@ -135,14 +133,14 @@ class CallbackModule(CallbackBase):
        if self.bcc:
            bcc_addresses = email.utils.getaddresses(self.bcc)

-        content = 'Date: %s\n' % email.utils.formatdate()
-        content += 'From: %s\n' % email.utils.formataddr(sender_address)
+        content = f'Date: {email.utils.formatdate()}\n'
+        content += f'From: {email.utils.formataddr(sender_address)}\n'
        if self.to:
-            content += 'To: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in to_addresses])
+            content += f"To: {', '.join([email.utils.formataddr(pair) for pair in to_addresses])}\n"
        if self.cc:
-            content += 'Cc: %s\n' % ', '.join([email.utils.formataddr(pair) for pair in cc_addresses])
-        content += 'Message-ID: %s\n' % email.utils.make_msgid(domain=self.get_option('message_id_domain'))
-        content += 'Subject: %s\n\n' % subject.strip()
+            content += f"Cc: {', '.join([email.utils.formataddr(pair) for pair in cc_addresses])}\n"
+        content += f"Message-ID: {email.utils.make_msgid(domain=self.get_option('message_id_domain'))}\n"
+        content += f'Subject: {subject.strip()}\n\n'
        content += body

        addresses = to_addresses
@@ -159,23 +157,22 @@ class CallbackModule(CallbackBase):
        smtp.quit()

    def subject_msg(self, multiline, failtype, linenr):
-        return '%s: %s' % (failtype, multiline.strip('\r\n').splitlines()[linenr])
+        msg = multiline.strip('\r\n').splitlines()[linenr]
+        return f'{failtype}: {msg}'

    def indent(self, multiline, indent=8):
        return re.sub('^', ' ' * indent, multiline, flags=re.MULTILINE)

    def body_blob(self, multiline, texttype):
        ''' Turn some text output in a well-indented block for sending in a mail body '''
-        intro = 'with the following %s:\n\n' % texttype
-        blob = ''
-        for line in multiline.strip('\r\n').splitlines():
-            blob += '%s\n' % line
-        return intro + self.indent(blob) + '\n'
+        intro = f'with the following {texttype}:\n\n'
+        blob = "\n".join(multiline.strip('\r\n').splitlines())
+        return f"{intro}{self.indent(blob)}\n"

    def mail_result(self, result, failtype):
        host = result._host.get_name()
        if not self.sender:
-            self.sender = '"Ansible: %s" <root>' % host
+            self.sender = f'"Ansible: {host}" <root>'

        # Add subject
        if self.itembody:
@@ -191,31 +188,32 @@ class CallbackModule(CallbackBase):
        elif result._result.get('exception'):  # Unrelated exceptions are added to output :-/
            subject = self.subject_msg(result._result['exception'], failtype, -1)
        else:
-            subject = '%s: %s' % (failtype, result._task.name or result._task.action)
+            subject = f'{failtype}: {result._task.name or result._task.action}'

        # Make playbook name visible (e.g. in Outlook/Gmail condensed view)
-        body = 'Playbook: %s\n' % os.path.basename(self.playbook._file_name)
+        body = f'Playbook: {os.path.basename(self.playbook._file_name)}\n'
        if result._task.name:
-            body += 'Task: %s\n' % result._task.name
-        body += 'Module: %s\n' % result._task.action
-        body += 'Host: %s\n' % host
+            body += f'Task: {result._task.name}\n'
+        body += f'Module: {result._task.action}\n'
+        body += f'Host: {host}\n'
        body += '\n'

        # Add task information (as much as possible)
        body += 'The following task failed:\n\n'
        if 'invocation' in result._result:
-            body += self.indent('%s: %s\n' % (result._task.action, json.dumps(result._result['invocation']['module_args'], indent=4)))
+            body += self.indent(f"{result._task.action}: {json.dumps(result._result['invocation']['module_args'], indent=4)}\n")
        elif result._task.name:
-            body += self.indent('%s (%s)\n' % (result._task.name, result._task.action))
+            body += self.indent(f'{result._task.name} ({result._task.action})\n')
        else:
-            body += self.indent('%s\n' % result._task.action)
+            body += self.indent(f'{result._task.action}\n')
        body += '\n'

        # Add item / message
        if self.itembody:
            body += self.itembody
        elif result._result.get('failed_when_result') is True:
-            body += "due to the following condition:\n\n" + self.indent('failed_when:\n- ' + '\n- '.join(result._task.failed_when)) + '\n\n'
+            fail_cond = self.indent('failed_when:\n- ' + '\n- '.join(result._task.failed_when))
+            body += f"due to the following condition:\n\n{fail_cond}\n\n"
        elif result._result.get('msg'):
            body += self.body_blob(result._result['msg'], 'message')

@@ -228,13 +226,13 @@ class CallbackModule(CallbackBase):
            body += self.body_blob(result._result['exception'], 'exception')
        if result._result.get('warnings'):
            for i in range(len(result._result.get('warnings'))):
-                body += self.body_blob(result._result['warnings'][i], 'exception %d' % (i + 1))
+                body += self.body_blob(result._result['warnings'][i], f'exception {i + 1}')
        if result._result.get('deprecations'):
            for i in range(len(result._result.get('deprecations'))):
-                body += self.body_blob(result._result['deprecations'][i], 'exception %d' % (i + 1))
+                body += self.body_blob(result._result['deprecations'][i], f'exception {i + 1}')

        body += 'and a complete dump of the error:\n\n'
-        body += self.indent('%s: %s' % (failtype, json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4)))
+        body += self.indent(f'{failtype}: {json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4)}')

        self.mail(subject=subject, body=body)

@@ -257,4 +255,4 @@ class CallbackModule(CallbackBase):
    def v2_runner_item_on_failed(self, result):
        # Pass item information to task failure
        self.itemsubject = result._result['msg']
-        self.itembody += self.body_blob(json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4), "failed item dump '%(item)s'" % result._result)
+        self.itembody += self.body_blob(json.dumps(result._result, cls=AnsibleJSONEncoder, indent=4), f"failed item dump '{result._result['item']}'")
--- a/plugins/callback/nrdp.py
+++ b/plugins/callback/nrdp.py
@@ -4,68 +4,67 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: nrdp
-    type: notification
-    author: "Remi VERCHERE (@rverchere)"
-    short_description: Post task results to a Nagios server through nrdp
-    description:
-        - This callback send playbook result to Nagios.
-        - Nagios shall use NRDP to receive passive events.
-        - The passive check is sent to a dedicated host/service for Ansible.
-    options:
-        url:
-            description: URL of the nrdp server.
-            required: true
-            env:
-                - name : NRDP_URL
-            ini:
-                - section: callback_nrdp
-                  key: url
-            type: string
-        validate_certs:
-            description: Validate the SSL certificate of the nrdp server. (Used for HTTPS URLs.)
-            env:
-                - name: NRDP_VALIDATE_CERTS
-            ini:
-                - section: callback_nrdp
-                  key: validate_nrdp_certs
-                - section: callback_nrdp
-                  key: validate_certs
-            type: boolean
-            default: false
-            aliases: [ validate_nrdp_certs ]
-        token:
-            description: Token to be allowed to push nrdp events.
-            required: true
-            env:
-                - name: NRDP_TOKEN
-            ini:
-                - section: callback_nrdp
-                  key: token
-            type: string
-        hostname:
-            description: Hostname where the passive check is linked to.
-            required: true
-            env:
-                - name : NRDP_HOSTNAME
-            ini:
-                - section: callback_nrdp
-                  key: hostname
-            type: string
-        servicename:
-            description: Service where the passive check is linked to.
-            required: true
-            env:
-                - name : NRDP_SERVICENAME
-            ini:
-                - section: callback_nrdp
-                  key: servicename
-            type: string
-'''
+DOCUMENTATION = r"""
+name: nrdp
+type: notification
+author: "Remi VERCHERE (@rverchere)"
+short_description: Post task results to a Nagios server through nrdp
+description:
+  - This callback send playbook result to Nagios.
+  - Nagios shall use NRDP to receive passive events.
+  - The passive check is sent to a dedicated host/service for Ansible.
+options:
+  url:
+    description: URL of the nrdp server.
+    required: true
+    env:
+      - name: NRDP_URL
+    ini:
+      - section: callback_nrdp
+        key: url
+    type: string
+  validate_certs:
+    description: Validate the SSL certificate of the nrdp server. (Used for HTTPS URLs).
+    env:
+      - name: NRDP_VALIDATE_CERTS
+    ini:
+      - section: callback_nrdp
+        key: validate_nrdp_certs
+      - section: callback_nrdp
+        key: validate_certs
+    type: boolean
+    default: false
+    aliases: [validate_nrdp_certs]
+  token:
+    description: Token to be allowed to push nrdp events.
+    required: true
+    env:
+      - name: NRDP_TOKEN
+    ini:
+      - section: callback_nrdp
+        key: token
+    type: string
+  hostname:
+    description: Hostname where the passive check is linked to.
+    required: true
+    env:
+      - name: NRDP_HOSTNAME
+    ini:
+      - section: callback_nrdp
+        key: hostname
+    type: string
+  servicename:
+    description: Service where the passive check is linked to.
+    required: true
+    env:
+      - name: NRDP_SERVICENAME
+    ini:
+      - section: callback_nrdp
+        key: servicename
+    type: string
+"""

 from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible.module_utils.common.text.converters import to_bytes
@@ -132,10 +131,10 @@ class CallbackModule(CallbackBase):
        xmldata = "<?xml version='1.0'?>\n"
        xmldata += "<checkresults>\n"
        xmldata += "<checkresult type='service'>\n"
-        xmldata += "<hostname>%s</hostname>\n" % self.hostname
-        xmldata += "<servicename>%s</servicename>\n" % self.servicename
-        xmldata += "<state>%d</state>\n" % state
-        xmldata += "<output>%s</output>\n" % msg
+        xmldata += f"<hostname>{self.hostname}</hostname>\n"
+        xmldata += f"<servicename>{self.servicename}</servicename>\n"
+        xmldata += f"<state>{state}</state>\n"
+        xmldata += f"<output>{msg}</output>\n"
        xmldata += "</checkresult>\n"
        xmldata += "</checkresults>\n"

@@ -152,7 +151,7 @@ class CallbackModule(CallbackBase):
                                validate_certs=self.validate_nrdp_certs)
            return response.read()
        except Exception as ex:
-            self._display.warning("NRDP callback cannot send result {0}".format(ex))
+            self._display.warning(f"NRDP callback cannot send result {ex}")

    def v2_playbook_on_play_start(self, play):
        '''
@@ -170,17 +169,16 @@ class CallbackModule(CallbackBase):
        critical = warning = 0
        for host in hosts:
            stat = stats.summarize(host)
-            gstats += "'%s_ok'=%d '%s_changed'=%d \
-                       '%s_unreachable'=%d '%s_failed'=%d " % \
-                (host, stat['ok'], host, stat['changed'],
-                 host, stat['unreachable'], host, stat['failures'])
+            gstats += (
+                f"'{host}_ok'={stat['ok']} '{host}_changed'={stat['changed']} '{host}_unreachable'={stat['unreachable']} '{host}_failed'={stat['failures']} "
+            )
            # Critical when failed tasks or unreachable host
            critical += stat['failures']
            critical += stat['unreachable']
            # Warning when changed tasks
            warning += stat['changed']

-        msg = "%s | %s" % (name, gstats)
+        msg = f"{name} | {gstats}"
        if critical:
            # Send Critical
            self._send_nrdp(self.CRITICAL, msg)
--- a/plugins/callback/null.py
+++ b/plugins/callback/null.py
@@ -4,19 +4,18 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: 'null'
-    type: stdout
-    requirements:
-      - set as main display callback
-    short_description: Don't display stuff to screen
-    description:
-        - This callback prevents outputting events to screen.
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: 'null'
+type: stdout
+requirements:
+  - set as main display callback
+short_description: do not display stuff to screen
+description:
+  - This callback prevents outputting events to screen.
+"""

 from ansible.plugins.callback import CallbackBase

--- a/plugins/callback/opentelemetry.py
+++ b/plugins/callback/opentelemetry.py
@@ -3,122 +3,122 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Victor Martinez (@v1v)  <VictorMartinezRubio@gmail.com>
-    name: opentelemetry
-    type: notification
-    short_description: Create distributed traces with OpenTelemetry
-    version_added: 3.7.0
+DOCUMENTATION = r"""
+author: Victor Martinez (@v1v)  <VictorMartinezRubio@gmail.com>
+name: opentelemetry
+type: notification
+short_description: Create distributed traces with OpenTelemetry
+version_added: 3.7.0
+description:
+  - This callback creates distributed traces for each Ansible task with OpenTelemetry.
+  - You can configure the OpenTelemetry exporter and SDK with environment variables.
+  - See U(https://opentelemetry-python.readthedocs.io/en/latest/exporter/otlp/otlp.html).
+  - See
+    U(https://opentelemetry-python.readthedocs.io/en/latest/sdk/environment_variables.html#opentelemetry-sdk-environment-variables).
+options:
+  hide_task_arguments:
+    default: false
+    type: bool
    description:
-      - This callback creates distributed traces for each Ansible task with OpenTelemetry.
-      - You can configure the OpenTelemetry exporter and SDK with environment variables.
-      - See U(https://opentelemetry-python.readthedocs.io/en/latest/exporter/otlp/otlp.html).
-      - See U(https://opentelemetry-python.readthedocs.io/en/latest/sdk/environment_variables.html#opentelemetry-sdk-environment-variables).
-    options:
-      hide_task_arguments:
-        default: false
-        type: bool
-        description:
-          - Hide the arguments for a task.
-        env:
-          - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS
-        ini:
-          - section: callback_opentelemetry
-            key: hide_task_arguments
-            version_added: 5.3.0
-      enable_from_environment:
-        type: str
-        description:
-          - Whether to enable this callback only if the given environment variable exists and it is set to V(true).
-          - This is handy when you use Configuration as Code and want to send distributed traces
-            if running in the CI rather when running Ansible locally.
-          - For such, it evaluates the given O(enable_from_environment) value as environment variable
-            and if set to true this plugin will be enabled.
-        env:
-          - name: ANSIBLE_OPENTELEMETRY_ENABLE_FROM_ENVIRONMENT
-        ini:
-          - section: callback_opentelemetry
-            key: enable_from_environment
-            version_added: 5.3.0
-        version_added: 3.8.0
-      otel_service_name:
-        default: ansible
-        type: str
-        description:
-          - The service name resource attribute.
-        env:
-          - name: OTEL_SERVICE_NAME
-        ini:
-          - section: callback_opentelemetry
-            key: otel_service_name
-            version_added: 5.3.0
-      traceparent:
-        default: None
-        type: str
-        description:
-          - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header).
-        env:
-          - name: TRACEPARENT
-      disable_logs:
-        default: false
-        type: bool
-        description:
-          - Disable sending logs.
-        env:
-          - name: ANSIBLE_OPENTELEMETRY_DISABLE_LOGS
-        ini:
-          - section: callback_opentelemetry
-            key: disable_logs
-        version_added: 5.8.0
-      disable_attributes_in_logs:
-        default: false
-        type: bool
-        description:
-          - Disable populating span attributes to the logs.
-        env:
-          - name: ANSIBLE_OPENTELEMETRY_DISABLE_ATTRIBUTES_IN_LOGS
-        ini:
-          - section: callback_opentelemetry
-            key: disable_attributes_in_logs
-        version_added: 7.1.0
-      store_spans_in_file:
-        type: str
-        description:
-          -  It stores the exported spans in the given file
-        env:
-          - name: ANSIBLE_OPENTELEMETRY_STORE_SPANS_IN_FILE
-        ini:
-          - section: callback_opentelemetry
-            key: store_spans_in_file
-        version_added: 9.0.0
-      otel_exporter_otlp_traces_protocol:
-        type: str
-        description:
-          - E(OTEL_EXPORTER_OTLP_TRACES_PROTOCOL) represents the the transport protocol for spans.
-          - See
-            U(https://opentelemetry-python.readthedocs.io/en/latest/sdk/environment_variables.html#envvar-OTEL_EXPORTER_OTLP_TRACES_PROTOCOL).
-        default: grpc
-        choices:
-          - grpc
-          - http/protobuf
-        env:
-          - name: OTEL_EXPORTER_OTLP_TRACES_PROTOCOL
-        ini:
-          - section: callback_opentelemetry
-            key: otel_exporter_otlp_traces_protocol
-        version_added: 9.0.0
-    requirements:
-      - opentelemetry-api (Python library)
-      - opentelemetry-exporter-otlp (Python library)
-      - opentelemetry-sdk (Python library)
-'''
+      - Hide the arguments for a task.
+    env:
+      - name: ANSIBLE_OPENTELEMETRY_HIDE_TASK_ARGUMENTS
+    ini:
+      - section: callback_opentelemetry
+        key: hide_task_arguments
+        version_added: 5.3.0
+  enable_from_environment:
+    type: str
+    description:
+      - Whether to enable this callback only if the given environment variable exists and it is set to V(true).
+      - This is handy when you use Configuration as Code and want to send distributed traces if running in the CI rather when
+        running Ansible locally.
+      - For such, it evaluates the given O(enable_from_environment) value as environment variable and if set to true this
+        plugin will be enabled.
+    env:
+      - name: ANSIBLE_OPENTELEMETRY_ENABLE_FROM_ENVIRONMENT
+    ini:
+      - section: callback_opentelemetry
+        key: enable_from_environment
+        version_added: 5.3.0
+    version_added: 3.8.0
+  otel_service_name:
+    default: ansible
+    type: str
+    description:
+      - The service name resource attribute.
+    env:
+      - name: OTEL_SERVICE_NAME
+    ini:
+      - section: callback_opentelemetry
+        key: otel_service_name
+        version_added: 5.3.0
+  traceparent:
+    default: None
+    type: str
+    description:
+      - The L(W3C Trace Context header traceparent,https://www.w3.org/TR/trace-context-1/#traceparent-header).
+    env:
+      - name: TRACEPARENT
+  disable_logs:
+    default: false
+    type: bool
+    description:
+      - Disable sending logs.
+    env:
+      - name: ANSIBLE_OPENTELEMETRY_DISABLE_LOGS
+    ini:
+      - section: callback_opentelemetry
+        key: disable_logs
+    version_added: 5.8.0
+  disable_attributes_in_logs:
+    default: false
+    type: bool
+    description:
+      - Disable populating span attributes to the logs.
+    env:
+      - name: ANSIBLE_OPENTELEMETRY_DISABLE_ATTRIBUTES_IN_LOGS
+    ini:
+      - section: callback_opentelemetry
+        key: disable_attributes_in_logs
+    version_added: 7.1.0
+  store_spans_in_file:
+    type: str
+    description:
+      - It stores the exported spans in the given file.
+    env:
+      - name: ANSIBLE_OPENTELEMETRY_STORE_SPANS_IN_FILE
+    ini:
+      - section: callback_opentelemetry
+        key: store_spans_in_file
+    version_added: 9.0.0
+  otel_exporter_otlp_traces_protocol:
+    type: str
+    description:
+      - E(OTEL_EXPORTER_OTLP_TRACES_PROTOCOL) represents the the transport protocol for spans.
+      - See
+        U(https://opentelemetry-python.readthedocs.io/en/latest/sdk/environment_variables.html#envvar-OTEL_EXPORTER_OTLP_TRACES_PROTOCOL).
+    default: grpc
+    choices:
+      - grpc
+      - http/protobuf
+    env:
+      - name: OTEL_EXPORTER_OTLP_TRACES_PROTOCOL
+    ini:
+      - section: callback_opentelemetry
+        key: otel_exporter_otlp_traces_protocol
+    version_added: 9.0.0
+requirements:
+  - opentelemetry-api (Python library)
+  - opentelemetry-exporter-otlp (Python library)
+  - opentelemetry-sdk (Python library)
+"""


-EXAMPLES = '''
-examples: |
+EXAMPLES = r"""
+examples: |-
  Enable the plugin in ansible.cfg:
    [defaults]
    callbacks_enabled = community.general.opentelemetry
@@ -130,15 +130,14 @@ examples: |
    export OTEL_EXPORTER_OTLP_HEADERS="authorization=Bearer your_otel_token"
    export OTEL_SERVICE_NAME=your_service_name
    export ANSIBLE_OPENTELEMETRY_ENABLED=true
-'''
+"""

 import getpass
 import json
 import os
 import socket
-import sys
-import time
 import uuid
+from time import time_ns

 from collections import OrderedDict
 from os.path import basename
@@ -164,31 +163,12 @@ try:
    from opentelemetry.sdk.trace.export.in_memory_span_exporter import (
        InMemorySpanExporter
    )
-    # Support for opentelemetry-api <= 1.12
-    try:
-        from opentelemetry.util._time import _time_ns
-    except ImportError as imp_exc:
-        OTEL_LIBRARY_TIME_NS_ERROR = imp_exc
-    else:
-        OTEL_LIBRARY_TIME_NS_ERROR = None
-
 except ImportError as imp_exc:
    OTEL_LIBRARY_IMPORT_ERROR = imp_exc
-    OTEL_LIBRARY_TIME_NS_ERROR = imp_exc
 else:
    OTEL_LIBRARY_IMPORT_ERROR = None


-if sys.version_info >= (3, 7):
-    time_ns = time.time_ns
-elif not OTEL_LIBRARY_TIME_NS_ERROR:
-    time_ns = _time_ns
-else:
-    def time_ns():
-        # Support versions older than 3.7 with opentelemetry-api > 1.12
-        return int(time.time() * 1e9)
-
-
 class TaskData:
    """
    Data about an individual task.
@@ -209,7 +189,7 @@ class TaskData:
        if host.uuid in self.host_data:
            if host.status == 'included':
                # concatenate task include output from multiple items
-                host.result = '%s\n%s' % (self.host_data[host.uuid].result, host.result)
+                host.result = f'{self.host_data[host.uuid].result}\n{host.result}'
            else:
                return

@@ -347,7 +327,7 @@ class OpenTelemetrySource(object):
    def update_span_data(self, task_data, host_data, span, disable_logs, disable_attributes_in_logs):
        """ update the span with the given TaskData and HostData """

-        name = '[%s] %s: %s' % (host_data.name, task_data.play, task_data.name)
+        name = f'[{host_data.name}] {task_data.play}: {task_data.name}'

        message = 'success'
        res = {}
@@ -470,7 +450,7 @@ class OpenTelemetrySource(object):
    def get_error_message_from_results(results, action):
        for result in results:
            if result.get('failed', False):
-                return ('{0}({1}) - {2}').format(action, result.get('item', 'none'), OpenTelemetrySource.get_error_message(result))
+                return f"{action}({result.get('item', 'none')}) - {OpenTelemetrySource.get_error_message(result)}"

    @staticmethod
    def _last_line(text):
@@ -482,14 +462,14 @@ class OpenTelemetrySource(object):
        message = result.get('msg', 'failed')
        exception = result.get('exception')
        stderr = result.get('stderr')
-        return ('message: "{0}"\nexception: "{1}"\nstderr: "{2}"').format(message, exception, stderr)
+        return f"message: \"{message}\"\nexception: \"{exception}\"\nstderr: \"{stderr}\""

    @staticmethod
    def enrich_error_message_from_results(results, action):
        message = ""
        for result in results:
            if result.get('failed', False):
-                message = ('{0}({1}) - {2}\n{3}').format(action, result.get('item', 'none'), OpenTelemetrySource.enrich_error_message(result), message)
+                message = f"{action}({result.get('item', 'none')}) - {OpenTelemetrySource.enrich_error_message(result)}\n{message}"
        return message


@@ -535,8 +515,9 @@ class CallbackModule(CallbackBase):
        environment_variable = self.get_option('enable_from_environment')
        if environment_variable is not None and os.environ.get(environment_variable, 'false').lower() != 'true':
            self.disabled = True
-            self._display.warning("The `enable_from_environment` option has been set and {0} is not enabled. "
-                                  "Disabling the `opentelemetry` callback plugin.".format(environment_variable))
+            self._display.warning(
+                f"The `enable_from_environment` option has been set and {environment_variable} is not enabled. Disabling the `opentelemetry` callback plugin."
+            )

        self.hide_task_arguments = self.get_option('hide_task_arguments')

--- a/plugins/callback/print_task.py
+++ b/plugins/callback/print_task.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2025, Max Mitschke <maxmitschke@fastmail.com>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+name: print_task
+type: aggregate
+short_description: Prints playbook task snippet to job output
+description:
+  - This plugin prints the currently executing playbook task to the job output.
+version_added: 10.7.0
+requirements:
+  - enable in configuration
+'''
+
+EXAMPLES = r'''
+ansible.cfg: >
+    # Enable plugin
+    [defaults]
+    callbacks_enabled=community.general.print_task
+'''
+
+from yaml import load, dump
+
+try:
+    from yaml import CSafeDumper as SafeDumper
+    from yaml import CSafeLoader as SafeLoader
+except ImportError:
+    from yaml import SafeDumper, SafeLoader
+
+from ansible.plugins.callback import CallbackBase
+
+
+class CallbackModule(CallbackBase):
+    """
+    This callback module tells you how long your plays ran for.
+    """
+    CALLBACK_VERSION = 2.0
+    CALLBACK_TYPE = 'aggregate'
+    CALLBACK_NAME = 'community.general.print_task'
+
+    CALLBACK_NEEDS_ENABLED = True
+
+    def __init__(self):
+        super(CallbackModule, self).__init__()
+        self._printed_message = False
+
+    def _print_task(self, task):
+        if hasattr(task, '_ds'):
+            task_snippet = load(str([task._ds.copy()]), Loader=SafeLoader)
+            task_yaml = dump(task_snippet, sort_keys=False, Dumper=SafeDumper)
+            self._display.display(f"\n{task_yaml}\n")
+            self._printed_message = True
+
+    def v2_playbook_on_task_start(self, task, is_conditional):
+        self._printed_message = False
+
+    def v2_runner_on_start(self, host, task):
+        if not self._printed_message:
+            self._print_task(task)
--- a/plugins/callback/say.py
+++ b/plugins/callback/say.py
@@ -5,20 +5,19 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: say
-    type: notification
-    requirements:
-      - whitelisting in configuration
-      - the C(/usr/bin/say) command line program (standard on macOS) or C(espeak) command line program
-    short_description: notify using software speech synthesizer
-    description:
-      - This plugin will use the C(say) or C(espeak) program to "speak" about play events.
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: say
+type: notification
+requirements:
+  - whitelisting in configuration
+  - the C(/usr/bin/say) command line program (standard on macOS) or C(espeak) command line program
+short_description: notify using software speech synthesizer
+description:
+  - This plugin will use the C(say) or C(espeak) program to "speak" about play events.
+"""

 import platform
 import subprocess
@@ -50,7 +49,7 @@ class CallbackModule(CallbackBase):
            self.synthesizer = get_bin_path('say')
            if platform.system() != 'Darwin':
                # 'say' binary available, it might be GNUstep tool which doesn't support 'voice' parameter
-                self._display.warning("'say' executable found but system is '%s': ignoring voice parameter" % platform.system())
+                self._display.warning(f"'say' executable found but system is '{platform.system()}': ignoring voice parameter")
            else:
                self.FAILED_VOICE = 'Zarvox'
                self.REGULAR_VOICE = 'Trinoids'
@@ -69,7 +68,7 @@ class CallbackModule(CallbackBase):
        # ansible will not call any callback if disabled is set to True
        if not self.synthesizer:
            self.disabled = True
-            self._display.warning("Unable to find either 'say' or 'espeak' executable, plugin %s disabled" % os.path.basename(__file__))
+            self._display.warning(f"Unable to find either 'say' or 'espeak' executable, plugin {os.path.basename(__file__)} disabled")

    def say(self, msg, voice):
        cmd = [self.synthesizer, msg]
@@ -78,7 +77,7 @@ class CallbackModule(CallbackBase):
        subprocess.call(cmd)

    def runner_on_failed(self, host, res, ignore_errors=False):
-        self.say("Failure on host %s" % host, self.FAILED_VOICE)
+        self.say(f"Failure on host {host}", self.FAILED_VOICE)

    def runner_on_ok(self, host, res):
        self.say("pew", self.LASER_VOICE)
@@ -87,13 +86,13 @@ class CallbackModule(CallbackBase):
        self.say("pew", self.LASER_VOICE)

    def runner_on_unreachable(self, host, res):
-        self.say("Failure on host %s" % host, self.FAILED_VOICE)
+        self.say(f"Failure on host {host}", self.FAILED_VOICE)

    def runner_on_async_ok(self, host, res, jid):
        self.say("pew", self.LASER_VOICE)

    def runner_on_async_failed(self, host, res, jid):
-        self.say("Failure on host %s" % host, self.FAILED_VOICE)
+        self.say(f"Failure on host {host}", self.FAILED_VOICE)

    def playbook_on_start(self):
        self.say("Running Playbook", self.REGULAR_VOICE)
@@ -103,15 +102,15 @@ class CallbackModule(CallbackBase):

    def playbook_on_task_start(self, name, is_conditional):
        if not is_conditional:
-            self.say("Starting task: %s" % name, self.REGULAR_VOICE)
+            self.say(f"Starting task: {name}", self.REGULAR_VOICE)
        else:
-            self.say("Notifying task: %s" % name, self.REGULAR_VOICE)
+            self.say(f"Notifying task: {name}", self.REGULAR_VOICE)

    def playbook_on_setup(self):
        self.say("Gathering facts", self.REGULAR_VOICE)

    def playbook_on_play_start(self, name):
-        self.say("Starting play: %s" % name, self.HAPPY_VOICE)
+        self.say(f"Starting play: {name}", self.HAPPY_VOICE)

    def playbook_on_stats(self, stats):
        self.say("Play complete", self.HAPPY_VOICE)
--- a/plugins/callback/selective.py
+++ b/plugins/callback/selective.py
@@ -4,38 +4,37 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: selective
-    type: stdout
-    requirements:
-      - set as main display callback
-    short_description: only print certain tasks
-    description:
-      - This callback only prints tasks that have been tagged with C(print_action) or that have failed.
-        This allows operators to focus on the tasks that provide value only.
-      - Tasks that are not printed are placed with a C(.).
-      - If you increase verbosity all tasks are printed.
-    options:
-      nocolor:
-        default: false
-        description: This setting allows suppressing colorizing output.
-        env:
-          - name: ANSIBLE_NOCOLOR
-          - name: ANSIBLE_SELECTIVE_DONT_COLORIZE
-        ini:
-          - section: defaults
-            key: nocolor
-        type: boolean
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: selective
+type: stdout
+requirements:
+  - set as main display callback
+short_description: only print certain tasks
+description:
+  - This callback only prints tasks that have been tagged with C(print_action) or that have failed. This allows operators
+    to focus on the tasks that provide value only.
+  - Tasks that are not printed are placed with a C(.).
+  - If you increase verbosity all tasks are printed.
+options:
+  nocolor:
+    default: false
+    description: This setting allows suppressing colorizing output.
+    env:
+      - name: ANSIBLE_NOCOLOR
+      - name: ANSIBLE_SELECTIVE_DONT_COLORIZE
+    ini:
+      - section: defaults
+        key: nocolor
+    type: boolean
+"""

-EXAMPLES = """
-  - ansible.builtin.debug: msg="This will not be printed"
-  - ansible.builtin.debug: msg="But this will"
-    tags: [print_action]
+EXAMPLES = r"""
+- ansible.builtin.debug: msg="This will not be printed"
+- ansible.builtin.debug: msg="But this will"
+  tags: [print_action]
 """

 import difflib
@@ -48,13 +47,13 @@ from ansible.module_utils.common.text.converters import to_text
 DONT_COLORIZE = False
 COLORS = {
    'normal': '\033[0m',
-    'ok': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_OK]),
+    'ok': f'\x1b[{C.COLOR_CODES[C.COLOR_OK]}m',
    'bold': '\033[1m',
    'not_so_bold': '\033[1m\033[34m',
-    'changed': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_CHANGED]),
-    'failed': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_ERROR]),
+    'changed': f'\x1b[{C.COLOR_CODES[C.COLOR_CHANGED]}m',
+    'failed': f'\x1b[{C.COLOR_CODES[C.COLOR_ERROR]}m',
    'endc': '\033[0m',
-    'skipped': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_SKIP]),
+    'skipped': f'\x1b[{C.COLOR_CODES[C.COLOR_SKIP]}m',
 }


@@ -73,7 +72,7 @@ def colorize(msg, color):
    if DONT_COLORIZE:
        return msg
    else:
-        return '{0}{1}{2}'.format(COLORS[color], msg, COLORS['endc'])
+        return f"{COLORS[color]}{msg}{COLORS['endc']}"


 class CallbackModule(CallbackBase):
@@ -106,15 +105,15 @@ class CallbackModule(CallbackBase):
            line_length = 120
            if self.last_skipped:
                print()
-            line = "# {0} ".format(task_name)
-            msg = colorize("{0}{1}".format(line, '*' * (line_length - len(line))), 'bold')
+            line = f"# {task_name} "
+            msg = colorize(f"{line}{'*' * (line_length - len(line))}", 'bold')
            print(msg)

    def _indent_text(self, text, indent_level):
        lines = text.splitlines()
        result_lines = []
        for l in lines:
-            result_lines.append("{0}{1}".format(' ' * indent_level, l))
+            result_lines.append(f"{' ' * indent_level}{l}")
        return '\n'.join(result_lines)

    def _print_diff(self, diff, indent_level):
@@ -147,19 +146,19 @@ class CallbackModule(CallbackBase):
            change_string = colorize('FAILED!!!', color)
        else:
            color = 'changed' if changed else 'ok'
-            change_string = colorize("changed={0}".format(changed), color)
+            change_string = colorize(f"changed={changed}", color)

        msg = colorize(msg, color)

        line_length = 120
        spaces = ' ' * (40 - len(name) - indent_level)
-        line = "{0}  * {1}{2}- {3}".format(' ' * indent_level, name, spaces, change_string)
+        line = f"{' ' * indent_level}  * {name}{spaces}- {change_string}"

        if len(msg) < 50:
-            line += ' -- {0}'.format(msg)
-            print("{0} {1}---------".format(line, '-' * (line_length - len(line))))
+            line += f' -- {msg}'
+            print(f"{line} {'-' * (line_length - len(line))}---------")
        else:
-            print("{0} {1}".format(line, '-' * (line_length - len(line))))
+            print(f"{line} {'-' * (line_length - len(line))}")
            print(self._indent_text(msg, indent_level + 4))

        if diff:
@@ -239,8 +238,10 @@ class CallbackModule(CallbackBase):
            else:
                color = 'ok'

-            msg = '{0}    : ok={1}\tchanged={2}\tfailed={3}\tunreachable={4}\trescued={5}\tignored={6}'.format(
-                host, s['ok'], s['changed'], s['failures'], s['unreachable'], s['rescued'], s['ignored'])
+            msg = (
+                f"{host}    : ok={s['ok']}\tchanged={s['changed']}\tfailed={s['failures']}\tunreachable="
+                f"{s['unreachable']}\trescued={s['rescued']}\tignored={s['ignored']}"
+            )
            print(colorize(msg, color))

    def v2_runner_on_skipped(self, result, **kwargs):
@@ -252,17 +253,15 @@ class CallbackModule(CallbackBase):
            line_length = 120
            spaces = ' ' * (31 - len(result._host.name) - 4)

-            line = "  * {0}{1}- {2}".format(colorize(result._host.name, 'not_so_bold'),
-                                            spaces,
-                                            colorize("skipped", 'skipped'),)
+            line = f"  * {colorize(result._host.name, 'not_so_bold')}{spaces}- {colorize('skipped', 'skipped')}"

            reason = result._result.get('skipped_reason', '') or \
                result._result.get('skip_reason', '')
            if len(reason) < 50:
-                line += ' -- {0}'.format(reason)
-                print("{0} {1}---------".format(line, '-' * (line_length - len(line))))
+                line += f' -- {reason}'
+                print(f"{line} {'-' * (line_length - len(line))}---------")
            else:
-                print("{0} {1}".format(line, '-' * (line_length - len(line))))
+                print(f"{line} {'-' * (line_length - len(line))}")
                print(self._indent_text(reason, 8))
                print(reason)

--- a/plugins/callback/slack.py
+++ b/plugins/callback/slack.py
@@ -5,64 +5,67 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: slack
-    type: notification
-    requirements:
-      - whitelist in configuration
-      - prettytable (python library)
-    short_description: Sends play events to a Slack channel
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: slack
+type: notification
+requirements:
+  - whitelist in configuration
+  - prettytable (python library)
+short_description: Sends play events to a Slack channel
+description:
+  - This is an ansible callback plugin that sends status updates to a Slack channel during playbook execution.
+options:
+  http_agent:
    description:
-        - This is an ansible callback plugin that sends status updates to a Slack channel during playbook execution.
-    options:
-      webhook_url:
-        required: true
-        description: Slack Webhook URL.
-        type: str
-        env:
-          - name: SLACK_WEBHOOK_URL
-        ini:
-          - section: callback_slack
-            key: webhook_url
-      channel:
-        default: "#ansible"
-        description: Slack room to post in.
-        type: str
-        env:
-          - name: SLACK_CHANNEL
-        ini:
-          - section: callback_slack
-            key: channel
-      username:
-        description: Username to post as.
-        type: str
-        env:
-          - name: SLACK_USERNAME
-        default: ansible
-        ini:
-          - section: callback_slack
-            key: username
-      validate_certs:
-        description: Validate the SSL certificate of the Slack server for HTTPS URLs.
-        env:
-          - name: SLACK_VALIDATE_CERTS
-        ini:
-          - section: callback_slack
-            key: validate_certs
-        default: true
-        type: bool
-'''
+      - HTTP user agent to use for requests to Slack.
+    type: string
+    version_added: "10.5.0"
+  webhook_url:
+    required: true
+    description: Slack Webhook URL.
+    type: str
+    env:
+      - name: SLACK_WEBHOOK_URL
+    ini:
+      - section: callback_slack
+        key: webhook_url
+  channel:
+    default: "#ansible"
+    description: Slack room to post in.
+    type: str
+    env:
+      - name: SLACK_CHANNEL
+    ini:
+      - section: callback_slack
+        key: channel
+  username:
+    description: Username to post as.
+    type: str
+    env:
+      - name: SLACK_USERNAME
+    default: ansible
+    ini:
+      - section: callback_slack
+        key: username
+  validate_certs:
+    description: Validate the SSL certificate of the Slack server for HTTPS URLs.
+    env:
+      - name: SLACK_VALIDATE_CERTS
+    ini:
+      - section: callback_slack
+        key: validate_certs
+    default: true
+    type: bool
+"""

 import json
 import os
 import uuid

 from ansible import context
-from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.urls import open_url
 from ansible.plugins.callback import CallbackBase

@@ -108,7 +111,7 @@ class CallbackModule(CallbackBase):
        self.username = self.get_option('username')
        self.show_invocation = (self._display.verbosity > 1)
        self.validate_certs = self.get_option('validate_certs')
-
+        self.http_agent = self.get_option('http_agent')
        if self.webhook_url is None:
            self.disabled = True
            self._display.warning('Slack Webhook URL was not provided. The '
@@ -134,18 +137,22 @@ class CallbackModule(CallbackBase):
        self._display.debug(data)
        self._display.debug(self.webhook_url)
        try:
-            response = open_url(self.webhook_url, data=data, validate_certs=self.validate_certs,
-                                headers=headers)
+            response = open_url(
+                self.webhook_url,
+                data=data,
+                validate_certs=self.validate_certs,
+                headers=headers,
+                http_agent=self.http_agent,
+            )
            return response.read()
        except Exception as e:
-            self._display.warning(u'Could not submit message to Slack: %s' %
-                                  to_text(e))
+            self._display.warning(f'Could not submit message to Slack: {e}')

    def v2_playbook_on_start(self, playbook):
        self.playbook_name = os.path.basename(playbook._file_name)

        title = [
-            '*Playbook initiated* (_%s_)' % self.guid
+            f'*Playbook initiated* (_{self.guid}_)'
        ]

        invocation_items = []
@@ -156,23 +163,23 @@ class CallbackModule(CallbackBase):
            subset = context.CLIARGS['subset']
            inventory = [os.path.abspath(i) for i in context.CLIARGS['inventory']]

-            invocation_items.append('Inventory:  %s' % ', '.join(inventory))
+            invocation_items.append(f"Inventory:  {', '.join(inventory)}")
            if tags and tags != ['all']:
-                invocation_items.append('Tags:       %s' % ', '.join(tags))
+                invocation_items.append(f"Tags:       {', '.join(tags)}")
            if skip_tags:
-                invocation_items.append('Skip Tags:  %s' % ', '.join(skip_tags))
+                invocation_items.append(f"Skip Tags:  {', '.join(skip_tags)}")
            if subset:
-                invocation_items.append('Limit:      %s' % subset)
+                invocation_items.append(f'Limit:      {subset}')
            if extra_vars:
-                invocation_items.append('Extra Vars: %s' %
-                                        ' '.join(extra_vars))
+                invocation_items.append(f"Extra Vars: {' '.join(extra_vars)}")

-            title.append('by *%s*' % context.CLIARGS['remote_user'])
+            title.append(f"by *{context.CLIARGS['remote_user']}*")

-        title.append('\n\n*%s*' % self.playbook_name)
+        title.append(f'\n\n*{self.playbook_name}*')
        msg_items = [' '.join(title)]
        if invocation_items:
-            msg_items.append('```\n%s\n```' % '\n'.join(invocation_items))
+            _inv_item = '\n'.join(invocation_items)
+            msg_items.append(f'```\n{_inv_item}\n```')

        msg = '\n'.join(msg_items)

@@ -192,8 +199,8 @@ class CallbackModule(CallbackBase):
    def v2_playbook_on_play_start(self, play):
        """Display Play start messages"""

-        name = play.name or 'Play name not specified (%s)' % play._uuid
-        msg = '*Starting play* (_%s_)\n\n*%s*' % (self.guid, name)
+        name = play.name or f'Play name not specified ({play._uuid})'
+        msg = f'*Starting play* (_{self.guid}_)\n\n*{name}*'
        attachments = [
            {
                'fallback': msg,
@@ -228,7 +235,7 @@ class CallbackModule(CallbackBase):

        attachments = []
        msg_items = [
-            '*Playbook Complete* (_%s_)' % self.guid
+            f'*Playbook Complete* (_{self.guid}_)'
        ]
        if failures or unreachable:
            color = 'danger'
@@ -237,7 +244,7 @@ class CallbackModule(CallbackBase):
            color = 'good'
            msg_items.append('\n*Success!*')

-        msg_items.append('```\n%s\n```' % t)
+        msg_items.append(f'```\n{t}\n```')

        msg = '\n'.join(msg_items)

--- a/plugins/callback/splunk.py
+++ b/plugins/callback/splunk.py
@@ -3,76 +3,75 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: splunk
-    type: notification
-    short_description: Sends task result events to Splunk HTTP Event Collector
-    author: "Stuart Hirst (!UNKNOWN) <support@convergingdata.com>"
+DOCUMENTATION = r"""
+name: splunk
+type: notification
+short_description: Sends task result events to Splunk HTTP Event Collector
+author: "Stuart Hirst (!UNKNOWN) <support@convergingdata.com>"
+description:
+  - This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector.
+  - The companion Splunk Monitoring & Diagnostics App is available here U(https://splunkbase.splunk.com/app/4023/).
+  - Credit to "Ryan Currah (@ryancurrah)" for original source upon which this is based.
+requirements:
+  - Whitelisting this callback plugin
+  - 'Create a HTTP Event Collector in Splunk'
+  - 'Define the URL and token in C(ansible.cfg)'
+options:
+  url:
+    description: URL to the Splunk HTTP collector source.
+    type: str
+    env:
+      - name: SPLUNK_URL
+    ini:
+      - section: callback_splunk
+        key: url
+  authtoken:
+    description: Token to authenticate the connection to the Splunk HTTP collector.
+    type: str
+    env:
+      - name: SPLUNK_AUTHTOKEN
+    ini:
+      - section: callback_splunk
+        key: authtoken
+  validate_certs:
+    description: Whether to validate certificates for connections to HEC. It is not recommended to set to V(false) except
+      when you are sure that nobody can intercept the connection between this plugin and HEC, as setting it to V(false) allows
+      man-in-the-middle attacks!
+    env:
+      - name: SPLUNK_VALIDATE_CERTS
+    ini:
+      - section: callback_splunk
+        key: validate_certs
+    type: bool
+    default: true
+    version_added: '1.0.0'
+  include_milliseconds:
+    description: Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk
+      HTTP collector.
+    env:
+      - name: SPLUNK_INCLUDE_MILLISECONDS
+    ini:
+      - section: callback_splunk
+        key: include_milliseconds
+    type: bool
+    default: false
+    version_added: 2.0.0
+  batch:
    description:
-      - This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector.
-      - The companion Splunk Monitoring & Diagnostics App is available here U(https://splunkbase.splunk.com/app/4023/).
-      - Credit to "Ryan Currah (@ryancurrah)" for original source upon which this is based.
-    requirements:
-      - Whitelisting this callback plugin
-      - 'Create a HTTP Event Collector in Splunk'
-      - 'Define the URL and token in C(ansible.cfg)'
-    options:
-      url:
-        description: URL to the Splunk HTTP collector source.
-        type: str
-        env:
-          - name: SPLUNK_URL
-        ini:
-          - section: callback_splunk
-            key: url
-      authtoken:
-        description: Token to authenticate the connection to the Splunk HTTP collector.
-        type: str
-        env:
-          - name: SPLUNK_AUTHTOKEN
-        ini:
-          - section: callback_splunk
-            key: authtoken
-      validate_certs:
-        description: Whether to validate certificates for connections to HEC. It is not recommended to set to
-                     V(false) except when you are sure that nobody can intercept the connection
-                     between this plugin and HEC, as setting it to V(false) allows man-in-the-middle attacks!
-        env:
-          - name: SPLUNK_VALIDATE_CERTS
-        ini:
-          - section: callback_splunk
-            key: validate_certs
-        type: bool
-        default: true
-        version_added: '1.0.0'
-      include_milliseconds:
-        description: Whether to include milliseconds as part of the generated timestamp field in the event
-                     sent to the Splunk HTTP collector.
-        env:
-          - name: SPLUNK_INCLUDE_MILLISECONDS
-        ini:
-          - section: callback_splunk
-            key: include_milliseconds
-        type: bool
-        default: false
-        version_added: 2.0.0
-      batch:
-        description:
-          - Correlation ID which can be set across multiple playbook executions.
-        env:
-          - name: SPLUNK_BATCH
-        ini:
-          - section: callback_splunk
-            key: batch
-        type: str
-        version_added: 3.3.0
-'''
+      - Correlation ID which can be set across multiple playbook executions.
+    env:
+      - name: SPLUNK_BATCH
+    ini:
+      - section: callback_splunk
+        key: batch
+    type: str
+    version_added: 3.3.0
+"""

-EXAMPLES = '''
-examples: >
+EXAMPLES = r"""
+examples: >-
  To enable, add this to your ansible.cfg file in the defaults block
    [defaults]
    callback_whitelist = community.general.splunk
@@ -83,7 +82,7 @@ examples: >
    [callback_splunk]
    url = http://mysplunkinstance.datapaas.io:8088/services/collector/event
    authtoken = f23blad6-5965-4537-bf69-5b5a545blabla88
-'''
+"""

 import json
 import uuid
@@ -153,15 +152,14 @@ class SplunkHTTPCollectorSource(object):
        data['ansible_result'] = result._result

        # This wraps the json payload in and outer json event needed by Splunk
-        jsondata = json.dumps(data, cls=AnsibleJSONEncoder, sort_keys=True)
-        jsondata = '{"event":' + jsondata + "}"
+        jsondata = json.dumps({"event": data}, cls=AnsibleJSONEncoder, sort_keys=True)

        open_url(
            url,
            jsondata,
            headers={
                'Content-type': 'application/json',
-                'Authorization': 'Splunk ' + authtoken
+                'Authorization': f"Splunk {authtoken}"
            },
            method='POST',
            validate_certs=validate_certs
--- a/plugins/callback/sumologic.py
+++ b/plugins/callback/sumologic.py
@@ -3,10 +3,9 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = r'''
+DOCUMENTATION = r"""
 name: sumologic
 type: notification
 short_description: Sends task result events to Sumologic
@@ -15,8 +14,8 @@ description:
  - This callback plugin will send task results as JSON formatted events to a Sumologic HTTP collector source.
 requirements:
  - Whitelisting this callback plugin
-  - 'Create a HTTP collector source in Sumologic and specify a custom timestamp format of V(yyyy-MM-dd HH:mm:ss ZZZZ) and a custom timestamp locator
-    of V("timestamp": "(.*\)")'
+  - 'Create a HTTP collector source in Sumologic and specify a custom timestamp format of V(yyyy-MM-dd HH:mm:ss ZZZZ) and
+    a custom timestamp locator of V("timestamp": "(.*\)")'
 options:
  url:
    description: URL to the Sumologic HTTP collector source.
@@ -26,10 +25,10 @@ options:
    ini:
      - section: callback_sumologic
        key: url
-'''
+"""

-EXAMPLES = '''
-examples: |
+EXAMPLES = r"""
+examples: |-
  To enable, add this to your ansible.cfg file in the defaults block
    [defaults]
    callback_whitelist = community.general.sumologic
@@ -40,7 +39,7 @@ examples: |
  Set the ansible.cfg variable in the callback_sumologic block
    [callback_sumologic]
    url = https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/R8moSv1d8EW9LAUFZJ6dbxCFxwLH6kfCdcBfddlfxCbLuL-BN5twcTpMk__pYy_cDmp==
-'''
+"""

 import json
 import uuid
--- a/plugins/callback/syslog_json.py
+++ b/plugins/callback/syslog_json.py
@@ -4,57 +4,56 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: syslog_json
-    type: notification
-    requirements:
-      - whitelist in configuration
-    short_description: sends JSON events to syslog
-    description:
-      - This plugin logs ansible-playbook and ansible runs to a syslog server in JSON format.
-    options:
-      server:
-        description: Syslog server that will receive the event.
-        type: str
-        env:
-        - name: SYSLOG_SERVER
-        default: localhost
-        ini:
-          - section: callback_syslog_json
-            key: syslog_server
-      port:
-        description: Port on which the syslog server is listening.
-        type: int
-        env:
-          - name: SYSLOG_PORT
-        default: 514
-        ini:
-          - section: callback_syslog_json
-            key: syslog_port
-      facility:
-        description: Syslog facility to log as.
-        type: str
-        env:
-          - name: SYSLOG_FACILITY
-        default: user
-        ini:
-          - section: callback_syslog_json
-            key: syslog_facility
-      setup:
-        description: Log setup tasks.
-        env:
-          - name: ANSIBLE_SYSLOG_SETUP
-        type: bool
-        default: true
-        ini:
-          - section: callback_syslog_json
-            key: syslog_setup
-        version_added: 4.5.0
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: syslog_json
+type: notification
+requirements:
+  - whitelist in configuration
+short_description: sends JSON events to syslog
+description:
+  - This plugin logs ansible-playbook and ansible runs to a syslog server in JSON format.
+options:
+  server:
+    description: Syslog server that will receive the event.
+    type: str
+    env:
+      - name: SYSLOG_SERVER
+    default: localhost
+    ini:
+      - section: callback_syslog_json
+        key: syslog_server
+  port:
+    description: Port on which the syslog server is listening.
+    type: int
+    env:
+      - name: SYSLOG_PORT
+    default: 514
+    ini:
+      - section: callback_syslog_json
+        key: syslog_port
+  facility:
+    description: Syslog facility to log as.
+    type: str
+    env:
+      - name: SYSLOG_FACILITY
+    default: user
+    ini:
+      - section: callback_syslog_json
+        key: syslog_facility
+  setup:
+    description: Log setup tasks.
+    env:
+      - name: ANSIBLE_SYSLOG_SETUP
+    type: bool
+    default: true
+    ini:
+      - section: callback_syslog_json
+        key: syslog_setup
+    version_added: 4.5.0
+"""

 import logging
 import logging.handlers
--- a/plugins/callback/timestamp.py
+++ b/plugins/callback/timestamp.py
@@ -5,51 +5,49 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import absolute_import, division, print_function
+from __future__ import annotations

-__metaclass__ = type

 DOCUMENTATION = r"""
-  name: timestamp
-  type: stdout
-  short_description: Adds simple timestamp for each header
-  version_added: 9.0.0
-  description:
-    - This callback adds simple timestamp for each header.
-  author: kurokobo (@kurokobo)
-  options:
-    timezone:
-      description:
-        - Timezone to use for the timestamp in IANA time zone format.
-        - For example C(America/New_York), C(Asia/Tokyo)). Ignored on Python < 3.9.
-      ini:
-        - section: callback_timestamp
-          key: timezone
-      env:
-        - name: ANSIBLE_CALLBACK_TIMESTAMP_TIMEZONE
-      type: string
-    format_string:
-      description:
-        - Format of the timestamp shown to user in 1989 C standard format.
-        - >
-          Refer to L(the Python documentation,https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes)
-          for the available format codes.
-      ini:
-        - section: callback_timestamp
-          key: format_string
-      env:
-        - name: ANSIBLE_CALLBACK_TIMESTAMP_FORMAT_STRING
-      default: "%H:%M:%S"
-      type: string
-  seealso:
-    - plugin: ansible.posix.profile_tasks
-      plugin_type: callback
-      description: >
-        You can use P(ansible.posix.profile_tasks#callback) callback plugin to time individual tasks and overall execution time
-        with detailed timestamps.
-  extends_documentation_fragment:
-    - ansible.builtin.default_callback
-    - ansible.builtin.result_format_callback
+name: timestamp
+type: stdout
+short_description: Adds simple timestamp for each header
+version_added: 9.0.0
+description:
+  - This callback adds simple timestamp for each header.
+author: kurokobo (@kurokobo)
+options:
+  timezone:
+    description:
+      - Timezone to use for the timestamp in IANA time zone format.
+      - For example V(America/New_York), V(Asia/Tokyo)). Ignored on Python < 3.9.
+    ini:
+      - section: callback_timestamp
+        key: timezone
+    env:
+      - name: ANSIBLE_CALLBACK_TIMESTAMP_TIMEZONE
+    type: string
+  format_string:
+    description:
+      - Format of the timestamp shown to user in 1989 C standard format.
+      - Refer to L(the Python documentation,https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes)
+        for the available format codes.
+    ini:
+      - section: callback_timestamp
+        key: format_string
+    env:
+      - name: ANSIBLE_CALLBACK_TIMESTAMP_FORMAT_STRING
+    default: "%H:%M:%S"
+    type: string
+seealso:
+  - plugin: ansible.posix.profile_tasks
+    plugin_type: callback
+    description: >-
+      You can use P(ansible.posix.profile_tasks#callback) callback plugin to time individual tasks and overall execution time
+      with detailed timestamps.
+extends_documentation_fragment:
+  - ansible.builtin.default_callback
+  - ansible.builtin.result_format_callback
 """


@@ -85,7 +83,7 @@ def banner(self, msg, color=None, cows=True):
    msg = to_text(msg)
    if self.b_cowsay and cows:
        try:
-            self.banner_cowsay("%s @ %s" % (msg, timestamp))
+            self.banner_cowsay(f"{msg} @ {timestamp}")
            return
        except OSError:
            self.warning("somebody cleverly deleted cowsay or something during the PB run.  heh.")
@@ -98,7 +96,7 @@ def banner(self, msg, color=None, cows=True):
    if star_len <= 3:
        star_len = 3
    stars = "*" * star_len
-    self.display("\n%s %s %s" % (msg, stars, timestamp), color=color)
+    self.display(f"\n{msg} {stars} {timestamp}", color=color)


 class CallbackModule(Default):
--- a/plugins/callback/unixy.py
+++ b/plugins/callback/unixy.py
@@ -5,21 +5,20 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    name: unixy
-    type: stdout
-    author: Al Bowles (@akatch)
-    short_description: condensed Ansible output
-    description:
-      - Consolidated Ansible output in the style of LINUX/UNIX startup logs.
-    extends_documentation_fragment:
-      - default_callback
-    requirements:
-      - set as stdout in configuration
-'''
+DOCUMENTATION = r"""
+name: unixy
+type: stdout
+author: Al Bowles (@akatch)
+short_description: condensed Ansible output
+description:
+  - Consolidated Ansible output in the style of LINUX/UNIX startup logs.
+extends_documentation_fragment:
+  - default_callback
+requirements:
+  - set as stdout in configuration
+"""

 from os.path import basename
 from ansible import constants as C
@@ -67,24 +66,24 @@ class CallbackModule(CallbackModule_default):

    def _process_result_output(self, result, msg):
        task_host = result._host.get_name()
-        task_result = "%s %s" % (task_host, msg)
+        task_result = f"{task_host} {msg}"

        if self._run_is_verbose(result):
-            task_result = "%s %s: %s" % (task_host, msg, self._dump_results(result._result, indent=4))
+            task_result = f"{task_host} {msg}: {self._dump_results(result._result, indent=4)}"
            return task_result

        if self.delegated_vars:
            task_delegate_host = self.delegated_vars['ansible_host']
-            task_result = "%s -> %s %s" % (task_host, task_delegate_host, msg)
+            task_result = f"{task_host} -> {task_delegate_host} {msg}"

        if result._result.get('msg') and result._result.get('msg') != "All items completed":
-            task_result += " | msg: " + to_text(result._result.get('msg'))
+            task_result += f" | msg: {to_text(result._result.get('msg'))}"

        if result._result.get('stdout'):
-            task_result += " | stdout: " + result._result.get('stdout')
+            task_result += f" | stdout: {result._result.get('stdout')}"

        if result._result.get('stderr'):
-            task_result += " | stderr: " + result._result.get('stderr')
+            task_result += f" | stderr: {result._result.get('stderr')}"

        return task_result

@@ -92,30 +91,30 @@ class CallbackModule(CallbackModule_default):
        self._get_task_display_name(task)
        if self.task_display_name is not None:
            if task.check_mode and self.get_option('check_mode_markers'):
-                self._display.display("%s (check mode)..." % self.task_display_name)
+                self._display.display(f"{self.task_display_name} (check mode)...")
            else:
-                self._display.display("%s..." % self.task_display_name)
+                self._display.display(f"{self.task_display_name}...")

    def v2_playbook_on_handler_task_start(self, task):
        self._get_task_display_name(task)
        if self.task_display_name is not None:
            if task.check_mode and self.get_option('check_mode_markers'):
-                self._display.display("%s (via handler in check mode)... " % self.task_display_name)
+                self._display.display(f"{self.task_display_name} (via handler in check mode)... ")
            else:
-                self._display.display("%s (via handler)... " % self.task_display_name)
+                self._display.display(f"{self.task_display_name} (via handler)... ")

    def v2_playbook_on_play_start(self, play):
        name = play.get_name().strip()
        if play.check_mode and self.get_option('check_mode_markers'):
            if name and play.hosts:
-                msg = u"\n- %s (in check mode) on hosts: %s -" % (name, ",".join(play.hosts))
+                msg = f"\n- {name} (in check mode) on hosts: {','.join(play.hosts)} -"
            else:
-                msg = u"- check mode -"
+                msg = "- check mode -"
        else:
            if name and play.hosts:
-                msg = u"\n- %s on hosts: %s -" % (name, ",".join(play.hosts))
+                msg = f"\n- {name} on hosts: {','.join(play.hosts)} -"
            else:
-                msg = u"---"
+                msg = "---"

        self._display.display(msg)

@@ -126,7 +125,7 @@ class CallbackModule(CallbackModule_default):
            msg = "skipped"

            task_result = self._process_result_output(result, msg)
-            self._display.display("  " + task_result, display_color)
+            self._display.display(f"  {task_result}", display_color)
        else:
            return

@@ -136,10 +135,10 @@ class CallbackModule(CallbackModule_default):
        msg = "failed"
        item_value = self._get_item_label(result._result)
        if item_value:
-            msg += " | item: %s" % (item_value,)
+            msg += f" | item: {item_value}"

        task_result = self._process_result_output(result, msg)
-        self._display.display("  " + task_result, display_color, stderr=self.get_option('display_failed_stderr'))
+        self._display.display(f"  {task_result}", display_color, stderr=self.get_option('display_failed_stderr'))

    def v2_runner_on_ok(self, result, msg="ok", display_color=C.COLOR_OK):
        self._preprocess_result(result)
@@ -149,13 +148,13 @@ class CallbackModule(CallbackModule_default):
            msg = "done"
            item_value = self._get_item_label(result._result)
            if item_value:
-                msg += " | item: %s" % (item_value,)
+                msg += f" | item: {item_value}"
            display_color = C.COLOR_CHANGED
            task_result = self._process_result_output(result, msg)
-            self._display.display("  " + task_result, display_color)
+            self._display.display(f"  {task_result}", display_color)
        elif self.get_option('display_ok_hosts'):
            task_result = self._process_result_output(result, msg)
-            self._display.display("  " + task_result, display_color)
+            self._display.display(f"  {task_result}", display_color)

    def v2_runner_item_on_skipped(self, result):
        self.v2_runner_on_skipped(result)
@@ -173,7 +172,7 @@ class CallbackModule(CallbackModule_default):
        display_color = C.COLOR_UNREACHABLE
        task_result = self._process_result_output(result, msg)

-        self._display.display("  " + task_result, display_color, stderr=self.get_option('display_failed_stderr'))
+        self._display.display(f"  {task_result}", display_color, stderr=self.get_option('display_failed_stderr'))

    def v2_on_file_diff(self, result):
        if result._task.loop and 'results' in result._result:
@@ -195,25 +194,17 @@ class CallbackModule(CallbackModule_default):
            # TODO how else can we display these?
            t = stats.summarize(h)

-            self._display.display(u"  %s : %s %s %s %s %s %s" % (
-                hostcolor(h, t),
-                colorize(u'ok', t['ok'], C.COLOR_OK),
-                colorize(u'changed', t['changed'], C.COLOR_CHANGED),
-                colorize(u'unreachable', t['unreachable'], C.COLOR_UNREACHABLE),
-                colorize(u'failed', t['failures'], C.COLOR_ERROR),
-                colorize(u'rescued', t['rescued'], C.COLOR_OK),
-                colorize(u'ignored', t['ignored'], C.COLOR_WARN)),
+            self._display.display(
+                f"  {hostcolor(h, t)} : {colorize('ok', t['ok'], C.COLOR_OK)} {colorize('changed', t['changed'], C.COLOR_CHANGED)} "
+                f"{colorize('unreachable', t['unreachable'], C.COLOR_UNREACHABLE)} {colorize('failed', t['failures'], C.COLOR_ERROR)} "
+                f"{colorize('rescued', t['rescued'], C.COLOR_OK)} {colorize('ignored', t['ignored'], C.COLOR_WARN)}",
                screen_only=True
            )

-            self._display.display(u"  %s : %s %s %s %s %s %s" % (
-                hostcolor(h, t, False),
-                colorize(u'ok', t['ok'], None),
-                colorize(u'changed', t['changed'], None),
-                colorize(u'unreachable', t['unreachable'], None),
-                colorize(u'failed', t['failures'], None),
-                colorize(u'rescued', t['rescued'], None),
-                colorize(u'ignored', t['ignored'], None)),
+            self._display.display(
+                f"  {hostcolor(h, t, False)} : {colorize('ok', t['ok'], None)} {colorize('changed', t['changed'], None)} "
+                f"{colorize('unreachable', t['unreachable'], None)} {colorize('failed', t['failures'], None)} {colorize('rescued', t['rescued'], None)} "
+                f"{colorize('ignored', t['ignored'], None)}",
                log_only=True
            )
        if stats.custom and self.get_option('show_custom_stats'):
@@ -223,12 +214,14 @@ class CallbackModule(CallbackModule_default):
            for k in sorted(stats.custom.keys()):
                if k == '_run':
                    continue
-                self._display.display('\t%s: %s' % (k, self._dump_results(stats.custom[k], indent=1).replace('\n', '')))
+                stat_val = self._dump_results(stats.custom[k], indent=1).replace('\n', '')
+                self._display.display(f'\t{k}: {stat_val}')

            # print per run custom stats
            if '_run' in stats.custom:
                self._display.display("", screen_only=True)
-                self._display.display('\tRUN: %s' % self._dump_results(stats.custom['_run'], indent=1).replace('\n', ''))
+                stat_val_run = self._dump_results(stats.custom['_run'], indent=1).replace('\n', '')
+                self._display.display(f'\tRUN: {stat_val_run}')
            self._display.display("", screen_only=True)

    def v2_playbook_on_no_hosts_matched(self):
@@ -239,23 +232,23 @@ class CallbackModule(CallbackModule_default):

    def v2_playbook_on_start(self, playbook):
        if context.CLIARGS['check'] and self.get_option('check_mode_markers'):
-            self._display.display("Executing playbook %s in check mode" % basename(playbook._file_name))
+            self._display.display(f"Executing playbook {basename(playbook._file_name)} in check mode")
        else:
-            self._display.display("Executing playbook %s" % basename(playbook._file_name))
+            self._display.display(f"Executing playbook {basename(playbook._file_name)}")

        # show CLI arguments
        if self._display.verbosity > 3:
            if context.CLIARGS.get('args'):
-                self._display.display('Positional arguments: %s' % ' '.join(context.CLIARGS['args']),
+                self._display.display(f"Positional arguments: {' '.join(context.CLIARGS['args'])}",
                                      color=C.COLOR_VERBOSE, screen_only=True)

            for argument in (a for a in context.CLIARGS if a != 'args'):
                val = context.CLIARGS[argument]
                if val:
-                    self._display.vvvv('%s: %s' % (argument, val))
+                    self._display.vvvv(f'{argument}: {val}')

    def v2_runner_retry(self, result):
-        msg = "  Retrying... (%d of %d)" % (result._result['attempts'], result._result['retries'])
+        msg = f"  Retrying... ({result._result['attempts']} of {result._result['retries']})"
        if self._run_is_verbose(result):
-            msg += "Result was: %s" % self._dump_results(result._result)
+            msg += f"Result was: {self._dump_results(result._result)}"
        self._display.display(msg, color=C.COLOR_DEBUG)
--- a/plugins/callback/yaml.py
+++ b/plugins/callback/yaml.py
@@ -4,40 +4,42 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 # Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Unknown (!UNKNOWN)
-    name: yaml
-    type: stdout
-    short_description: YAML-ized Ansible screen output
-    description:
-        - Ansible output that can be quite a bit easier to read than the
-          default JSON formatting.
-    extends_documentation_fragment:
-      - default_callback
-    requirements:
-      - set as stdout in configuration
-    seealso:
-      - plugin: ansible.builtin.default
-        plugin_type: callback
-        description: >
-          There is a parameter O(ansible.builtin.default#callback:result_format) in P(ansible.builtin.default#callback)
-          that allows you to change the output format to YAML.
-    notes:
-      - >
-        With ansible-core 2.13 or newer, you can instead specify V(yaml) for the parameter O(ansible.builtin.default#callback:result_format)
-        in P(ansible.builtin.default#callback).
-'''
+DOCUMENTATION = r"""
+author: Unknown (!UNKNOWN)
+name: yaml
+type: stdout
+short_description: YAML-ized Ansible screen output
+deprecated:
+  removed_in: 12.0.0
+  why: Starting in ansible-core 2.13, the P(ansible.builtin.default#callback) callback has support for printing output in
+    YAML format.
+  alternative: Use O(ansible.builtin.default#callback:result_format=yaml).
+description:
+  - Ansible output that can be quite a bit easier to read than the default JSON formatting.
+extends_documentation_fragment:
+  - default_callback
+requirements:
+  - set as stdout in configuration
+seealso:
+  - plugin: ansible.builtin.default
+    plugin_type: callback
+    description: >-
+      There is a parameter O(ansible.builtin.default#callback:result_format) in P(ansible.builtin.default#callback) that allows
+      you to change the output format to YAML.
+notes:
+  - With ansible-core 2.13 or newer, you can instead specify V(yaml) for the parameter O(ansible.builtin.default#callback:result_format)
+    in P(ansible.builtin.default#callback).
+"""

 import yaml
 import json
 import re
 import string
+from collections.abc import Mapping, Sequence

 from ansible.module_utils.common.text.converters import to_text
-from ansible.parsing.yaml.dumper import AnsibleDumper
 from ansible.plugins.callback import strip_internal_keys, module_response_deepcopy
 from ansible.plugins.callback.default import CallbackModule as Default

@@ -45,35 +47,83 @@ from ansible.plugins.callback.default import CallbackModule as Default
 # from http://stackoverflow.com/a/15423007/115478
 def should_use_block(value):
    """Returns true if string should be in block format"""
-    for c in u"\u000a\u000d\u001c\u001d\u001e\u0085\u2028\u2029":
+    for c in "\u000a\u000d\u001c\u001d\u001e\u0085\u2028\u2029":
        if c in value:
            return True
    return False


-class MyDumper(AnsibleDumper):
-    def represent_scalar(self, tag, value, style=None):
-        """Uses block style for multi-line strings"""
-        if style is None:
-            if should_use_block(value):
-                style = '|'
-                # we care more about readable than accuracy, so...
-                # ...no trailing space
-                value = value.rstrip()
-                # ...and non-printable characters
-                value = ''.join(x for x in value if x in string.printable or ord(x) >= 0xA0)
-                # ...tabs prevent blocks from expanding
-                value = value.expandtabs()
-                # ...and odd bits of whitespace
-                value = re.sub(r'[\x0b\x0c\r]', '', value)
-                # ...as does trailing space
-                value = re.sub(r' +\n', '\n', value)
-            else:
-                style = self.default_style
-        node = yaml.representer.ScalarNode(tag, value, style=style)
-        if self.alias_key is not None:
-            self.represented_objects[self.alias_key] = node
-        return node
+def adjust_str_value_for_block(value):
+    # we care more about readable than accuracy, so...
+    # ...no trailing space
+    value = value.rstrip()
+    # ...and non-printable characters
+    value = ''.join(x for x in value if x in string.printable or ord(x) >= 0xA0)
+    # ...tabs prevent blocks from expanding
+    value = value.expandtabs()
+    # ...and odd bits of whitespace
+    value = re.sub(r'[\x0b\x0c\r]', '', value)
+    # ...as does trailing space
+    value = re.sub(r' +\n', '\n', value)
+    return value
+
+
+def create_string_node(tag, value, style, default_style):
+    if style is None:
+        if should_use_block(value):
+            style = '|'
+            value = adjust_str_value_for_block(value)
+        else:
+            style = default_style
+    return yaml.representer.ScalarNode(tag, value, style=style)
+
+
+try:
+    from ansible.module_utils.common.yaml import HAS_LIBYAML
+    # import below was added in https://github.com/ansible/ansible/pull/85039,
+    # first contained in ansible-core 2.19.0b2:
+    from ansible.utils.vars import transform_to_native_types
+
+    if HAS_LIBYAML:
+        from yaml.cyaml import CSafeDumper as SafeDumper
+    else:
+        from yaml import SafeDumper
+
+    class MyDumper(SafeDumper):
+        def represent_scalar(self, tag, value, style=None):
+            """Uses block style for multi-line strings"""
+            node = create_string_node(tag, value, style, self.default_style)
+            if self.alias_key is not None:
+                self.represented_objects[self.alias_key] = node
+            return node
+
+except ImportError:
+    # In case transform_to_native_types cannot be imported, we either have ansible-core 2.19.0b1
+    # (or some random commit from the devel or stable-2.19 branch after merging the DT changes
+    # and before transform_to_native_types was added), or we have a version without the DT changes.
+
+    # Here we simply assume we have a version without the DT changes, and thus can continue as
+    # with ansible-core 2.18 and before.
+
+    transform_to_native_types = None
+
+    from ansible.parsing.yaml.dumper import AnsibleDumper
+
+    class MyDumper(AnsibleDumper):  # pylint: disable=inherit-non-class
+        def represent_scalar(self, tag, value, style=None):
+            """Uses block style for multi-line strings"""
+            node = create_string_node(tag, value, style, self.default_style)
+            if self.alias_key is not None:
+                self.represented_objects[self.alias_key] = node
+            return node
+
+
+def transform_recursively(value, transform):
+    if isinstance(value, Mapping):
+        return {transform(k): transform(v) for k, v in value.items()}
+    if isinstance(value, Sequence) and not isinstance(value, (str, bytes)):
+        return [transform(e) for e in value]
+    return transform(value)


 class CallbackModule(Default):
@@ -113,11 +163,11 @@ class CallbackModule(Default):

        # put changed and skipped into a header line
        if 'changed' in abridged_result:
-            dumped += 'changed=' + str(abridged_result['changed']).lower() + ' '
+            dumped += f"changed={str(abridged_result['changed']).lower()} "
            del abridged_result['changed']

        if 'skipped' in abridged_result:
-            dumped += 'skipped=' + str(abridged_result['skipped']).lower() + ' '
+            dumped += f"skipped={str(abridged_result['skipped']).lower()} "
            del abridged_result['skipped']

        # if we already have stdout, we don't need stdout_lines
@@ -130,6 +180,8 @@ class CallbackModule(Default):

        if abridged_result:
            dumped += '\n'
+            if transform_to_native_types is not None:
+                abridged_result = transform_recursively(abridged_result, lambda v: transform_to_native_types(v, redact=False))
            dumped += to_text(yaml.dump(abridged_result, allow_unicode=True, width=1000, Dumper=MyDumper, default_flow_style=False))

        # indent by a couple of spaces
--- a/plugins/connection/chroot.py
+++ b/plugins/connection/chroot.py
@@ -7,82 +7,68 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Maykel Moya (!UNKNOWN) <mmoya@speedyrails.com>
-    name: chroot
-    short_description: Interact with local chroot
+DOCUMENTATION = r"""
+author: Maykel Moya (!UNKNOWN) <mmoya@speedyrails.com>
+name: chroot
+short_description: Interact with local chroot
+description:
+  - Run commands or put/fetch files to an existing chroot on the Ansible controller.
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing chroot on the Ansible controller.
-    options:
-      remote_addr:
-        description:
-            - The path of the chroot you want to access.
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: inventory_hostname
-            - name: ansible_host
-      executable:
-        description:
-            - User specified executable shell
-        type: string
-        ini:
-          - section: defaults
-            key: executable
-        env:
-          - name: ANSIBLE_EXECUTABLE
-        vars:
-          - name: ansible_executable
-        default: /bin/sh
-      chroot_exe:
-        description:
-            - User specified chroot binary
-        type: string
-        ini:
-          - section: chroot_connection
-            key: exe
-        env:
-          - name: ANSIBLE_CHROOT_EXE
-        vars:
-          - name: ansible_chroot_exe
-        default: chroot
-      disable_root_check:
-        description:
-            - Do not check that the user is not root.
-        ini:
-          - section: chroot_connection
-            key: disable_root_check
-        env:
-          - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
-        vars:
-          - name: ansible_chroot_disable_root_check
-        default: false
-        type: bool
-        version_added: 7.3.0
-'''
+      - The path of the chroot you want to access.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: inventory_hostname
+      - name: ansible_host
+  executable:
+    description:
+      - User specified executable shell.
+    type: string
+    ini:
+      - section: defaults
+        key: executable
+    env:
+      - name: ANSIBLE_EXECUTABLE
+    vars:
+      - name: ansible_executable
+    default: /bin/sh
+  chroot_exe:
+    description:
+      - User specified chroot binary.
+    type: string
+    ini:
+      - section: chroot_connection
+        key: exe
+    env:
+      - name: ANSIBLE_CHROOT_EXE
+    vars:
+      - name: ansible_chroot_exe
+    default: chroot
+  disable_root_check:
+    description:
+      - Do not check that the user is not root.
+    ini:
+      - section: chroot_connection
+        key: disable_root_check
+    env:
+      - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
+    vars:
+      - name: ansible_chroot_disable_root_check
+    default: false
+    type: bool
+    version_added: 7.3.0
+"""

 EXAMPLES = r"""
-# Plugin requires root privileges for chroot, -E preserves your env (and location of ~/.ansible):
-# sudo -E ansible-playbook ...
-#
-# Static inventory file
-# [chroots]
-# /path/to/debootstrap
-# /path/to/feboostrap
-# /path/to/lxc-image
-# /path/to/chroot
-
-# playbook
---
 - hosts: chroots
  connection: community.general.chroot
  tasks:
    - debug:
        msg: "This is coming from chroot environment"
-
 """

 import os
@@ -94,7 +80,7 @@ from ansible.errors import AnsibleError
 from ansible.module_utils.basic import is_executable
 from ansible.module_utils.common.process import get_bin_path
 from ansible.module_utils.six.moves import shlex_quote
-from ansible.module_utils.common.text.converters import to_bytes, to_native
+from ansible.module_utils.common.text.converters import to_bytes
 from ansible.plugins.connection import ConnectionBase, BUFSIZE
 from ansible.utils.display import Display

@@ -120,15 +106,15 @@ class Connection(ConnectionBase):

        # do some trivial checks for ensuring 'host' is actually a chroot'able dir
        if not os.path.isdir(self.chroot):
-            raise AnsibleError("%s is not a directory" % self.chroot)
+            raise AnsibleError(f"{self.chroot} is not a directory")

        chrootsh = os.path.join(self.chroot, 'bin/sh')
        # Want to check for a usable bourne shell inside the chroot.
        # is_executable() == True is sufficient.  For symlinks it
        # gets really complicated really fast.  So we punt on finding that
-        # out.  As long as it's a symlink we assume that it will work
+        # out.  As long as it is a symlink we assume that it will work
        if not (is_executable(chrootsh) or (os.path.lexists(chrootsh) and os.path.islink(chrootsh))):
-            raise AnsibleError("%s does not look like a chrootable dir (/bin/sh missing)" % self.chroot)
+            raise AnsibleError(f"{self.chroot} does not look like a chrootable dir (/bin/sh missing)")

    def _connect(self):
        """ connect to the chroot """
@@ -143,7 +129,7 @@ class Connection(ConnectionBase):
            try:
                self.chroot_cmd = get_bin_path(self.get_option('chroot_exe'))
            except ValueError as e:
-                raise AnsibleError(to_native(e))
+                raise AnsibleError(str(e))

        super(Connection, self)._connect()
        if not self._connected:
@@ -161,7 +147,7 @@ class Connection(ConnectionBase):
        executable = self.get_option('executable')
        local_cmd = [self.chroot_cmd, self.chroot, executable, '-c', cmd]

-        display.vvv("EXEC %s" % local_cmd, host=self.chroot)
+        display.vvv(f"EXEC {local_cmd}", host=self.chroot)
        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
        p = subprocess.Popen(local_cmd, shell=False, stdin=stdin,
                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@@ -186,7 +172,7 @@ class Connection(ConnectionBase):
            exist in any given chroot.  So for now we're choosing "/" instead.
            This also happens to be the former default.

-            Can revisit using $HOME instead if it's a problem
+            Can revisit using $HOME instead if it is a problem
        """
        if not remote_path.startswith(os.path.sep):
            remote_path = os.path.join(os.path.sep, remote_path)
@@ -195,7 +181,7 @@ class Connection(ConnectionBase):
    def put_file(self, in_path, out_path):
        """ transfer a file from local to chroot """
        super(Connection, self).put_file(in_path, out_path)
-        display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.chroot)
+        display.vvv(f"PUT {in_path} TO {out_path}", host=self.chroot)

        out_path = shlex_quote(self._prefix_login_path(out_path))
        try:
@@ -205,27 +191,27 @@ class Connection(ConnectionBase):
                else:
                    count = ''
                try:
-                    p = self._buffered_exec_command('dd of=%s bs=%s%s' % (out_path, BUFSIZE, count), stdin=in_file)
+                    p = self._buffered_exec_command(f'dd of={out_path} bs={BUFSIZE}{count}', stdin=in_file)
                except OSError:
                    raise AnsibleError("chroot connection requires dd command in the chroot")
                try:
                    stdout, stderr = p.communicate()
                except Exception:
                    traceback.print_exc()
-                    raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
+                    raise AnsibleError(f"failed to transfer file {in_path} to {out_path}")
                if p.returncode != 0:
-                    raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
+                    raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}")
        except IOError:
-            raise AnsibleError("file or module does not exist at: %s" % in_path)
+            raise AnsibleError(f"file or module does not exist at: {in_path}")

    def fetch_file(self, in_path, out_path):
        """ fetch a file from chroot to local """
        super(Connection, self).fetch_file(in_path, out_path)
-        display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.chroot)
+        display.vvv(f"FETCH {in_path} TO {out_path}", host=self.chroot)

        in_path = shlex_quote(self._prefix_login_path(in_path))
        try:
-            p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE))
+            p = self._buffered_exec_command(f'dd if={in_path} bs={BUFSIZE}')
        except OSError:
            raise AnsibleError("chroot connection requires dd command in the chroot")

@@ -237,10 +223,10 @@ class Connection(ConnectionBase):
                    chunk = p.stdout.read(BUFSIZE)
            except Exception:
                traceback.print_exc()
-                raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
+                raise AnsibleError(f"failed to transfer file {in_path} to {out_path}")
            stdout, stderr = p.communicate()
            if p.returncode != 0:
-                raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
+                raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}")

    def close(self):
        """ terminate the connection; nothing to do here """
--- a/plugins/connection/funcd.py
+++ b/plugins/connection/funcd.py
@@ -6,27 +6,26 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Michael Scherer (@mscherer) <misc@zarb.org>
-    name: funcd
-    short_description: Use funcd to connect to target
+DOCUMENTATION = r"""
+author: Michael Scherer (@mscherer) <misc@zarb.org>
+name: funcd
+short_description: Use funcd to connect to target
+description:
+  - This transport permits you to use Ansible over Func.
+  - For people who have already setup func and that wish to play with ansible, this permit to move gradually to ansible without
+    having to redo completely the setup of the network.
+options:
+  remote_addr:
    description:
-        - This transport permits you to use Ansible over Func.
-        - For people who have already setup func and that wish to play with ansible,
-          this permit to move gradually to ansible without having to redo completely the setup of the network.
-    options:
-      remote_addr:
-        description:
-            - The path of the chroot you want to access.
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: ansible_host
-            - name: ansible_func_host
-'''
+      - The path of the chroot you want to access.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: ansible_host
+      - name: ansible_func_host
+"""

 HAVE_FUNC = False
 try:
@@ -72,7 +71,7 @@ class Connection(ConnectionBase):
            raise AnsibleError("Internal Error: this module does not support optimized module pipelining")

        # totally ignores privilege escalation
-        display.vvv("EXEC %s" % cmd, host=self.host)
+        display.vvv(f"EXEC {cmd}", host=self.host)
        p = self.client.command.run(cmd)[self.host]
        return p[0], p[1], p[2]

@@ -87,14 +86,14 @@ class Connection(ConnectionBase):
        """ transfer a file from local to remote """

        out_path = self._normalize_path(out_path, '/')
-        display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.host)
+        display.vvv(f"PUT {in_path} TO {out_path}", host=self.host)
        self.client.local.copyfile.send(in_path, out_path)

    def fetch_file(self, in_path, out_path):
        """ fetch a file from remote to local """

        in_path = self._normalize_path(in_path, '/')
-        display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host)
+        display.vvv(f"FETCH {in_path} TO {out_path}", host=self.host)
        # need to use a tmp dir due to difference of semantic for getfile
        # ( who take a # directory as destination) and fetch_file, who
        # take a file directly
--- a/plugins/connection/incus.py
+++ b/plugins/connection/incus.py
@@ -5,50 +5,74 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = """
-    author: Stéphane Graber (@stgraber)
-    name: incus
-    short_description: Run tasks in Incus instances via the Incus CLI.
+DOCUMENTATION = r"""
+author: Stéphane Graber (@stgraber)
+name: incus
+short_description: Run tasks in Incus instances using the Incus CLI
+description:
+  - Run commands or put/fetch files to an existing Incus instance using Incus CLI.
+version_added: "8.2.0"
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing Incus instance using Incus CLI.
-    version_added: "8.2.0"
-    options:
-      remote_addr:
-        description:
-            - The instance identifier.
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: inventory_hostname
-            - name: ansible_host
-            - name: ansible_incus_host
-      executable:
-        description:
-            - The shell to use for execution inside the instance.
-        type: string
-        default: /bin/sh
-        vars:
-            - name: ansible_executable
-            - name: ansible_incus_executable
-      remote:
-        description:
-            - The name of the Incus remote to use (per C(incus remote list)).
-            - Remotes are used to access multiple servers from a single client.
-        type: string
-        default: local
-        vars:
-            - name: ansible_incus_remote
-      project:
-        description:
-            - The name of the Incus project to use (per C(incus project list)).
-            - Projects are used to divide the instances running on a server.
-        type: string
-        default: default
-        vars:
-            - name: ansible_incus_project
+      - The instance identifier.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: inventory_hostname
+      - name: ansible_host
+      - name: ansible_incus_host
+  executable:
+    description:
+      - The shell to use for execution inside the instance.
+    type: string
+    default: /bin/sh
+    vars:
+      - name: ansible_executable
+      - name: ansible_incus_executable
+  incus_become_method:
+    description:
+      - Become command used to switch to a non-root user.
+      - Is only used when O(remote_user) is not V(root).
+    type: str
+    default: /bin/su
+    vars:
+      - name: incus_become_method
+    version_added: 10.4.0
+  remote:
+    description:
+      - The name of the Incus remote to use (per C(incus remote list)).
+      - Remotes are used to access multiple servers from a single client.
+    type: string
+    default: local
+    vars:
+      - name: ansible_incus_remote
+  remote_user:
+    description:
+      - User to login/authenticate as.
+      - Can be set from the CLI via the C(--user) or C(-u) options.
+    type: string
+    default: root
+    vars:
+      - name: ansible_user
+    env:
+      - name: ANSIBLE_REMOTE_USER
+    ini:
+      - section: defaults
+        key: remote_user
+    keyword:
+      - name: remote_user
+    version_added: 10.4.0
+  project:
+    description:
+      - The name of the Incus project to use (per C(incus project list)).
+      - Projects are used to divide the instances running on a server.
+    type: string
+    default: default
+    vars:
+      - name: ansible_incus_project
 """

 import os
@@ -65,7 +89,6 @@ class Connection(ConnectionBase):

    transport = "incus"
    has_pipelining = True
-    default_user = 'root'

    def __init__(self, play_context, new_stdin, *args, **kwargs):
        super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
@@ -80,10 +103,34 @@ class Connection(ConnectionBase):
        super(Connection, self)._connect()

        if not self._connected:
-            self._display.vvv(u"ESTABLISH Incus CONNECTION FOR USER: root",
+            self._display.vvv(f"ESTABLISH Incus CONNECTION FOR USER: {self.get_option('remote_user')}",
                              host=self._instance())
            self._connected = True

+    def _build_command(self, cmd) -> str:
+        """build the command to execute on the incus host"""
+
+        exec_cmd = [
+            self._incus_cmd,
+            "--project", self.get_option("project"),
+            "exec",
+            f"{self.get_option('remote')}:{self._instance()}",
+            "--"]
+
+        if self.get_option("remote_user") != "root":
+            self._display.vvv(
+                f"INFO: Running as non-root user: {self.get_option('remote_user')}, \
+                trying to run 'incus exec' with become method: {self.get_option('incus_become_method')}",
+                host=self._instance(),
+            )
+            exec_cmd.extend(
+                [self.get_option("incus_become_method"), self.get_option("remote_user"), "-c"]
+            )
+
+        exec_cmd.extend([self.get_option("executable"), "-c", cmd])
+
+        return exec_cmd
+
    def _instance(self):
        # Return only the leading part of the FQDN as the instance name
        # as Incus instance names cannot be a FQDN.
@@ -93,16 +140,11 @@ class Connection(ConnectionBase):
        """ execute a command on the Incus host """
        super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)

-        self._display.vvv(u"EXEC {0}".format(cmd),
+        self._display.vvv(f"EXEC {cmd}",
                          host=self._instance())

-        local_cmd = [
-            self._incus_cmd,
-            "--project", self.get_option("project"),
-            "exec",
-            "%s:%s" % (self.get_option("remote"), self._instance()),
-            "--",
-            self._play_context.executable, "-c", cmd]
+        local_cmd = self._build_command(cmd)
+        self._display.vvvvv(f"EXEC {local_cmd}", host=self._instance())

        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
        in_data = to_bytes(in_data, errors='surrogate_or_strict', nonstring='passthru')
@@ -113,34 +155,96 @@ class Connection(ConnectionBase):
        stdout = to_text(stdout)
        stderr = to_text(stderr)

-        if stderr == "Error: Instance is not running.\n":
-            raise AnsibleConnectionFailure("instance not running: %s" %
-                                           self._instance())
+        if stderr.startswith("Error: ") and stderr.rstrip().endswith(
+            ": Instance is not running"
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance not running: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )

-        if stderr == "Error: Instance not found\n":
-            raise AnsibleConnectionFailure("instance not found: %s" %
-                                           self._instance())
+        if stderr.startswith("Error: ") and stderr.rstrip().endswith(
+            ": Instance not found"
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance not found: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )
+
+        if (
+            stderr.startswith("Error: ")
+            and ": User does not have permission " in stderr
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance access denied: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )
+
+        if (
+            stderr.startswith("Error: ")
+            and ": User does not have entitlement " in stderr
+        ):
+            raise AnsibleConnectionFailure(
+                f"instance access denied: {self._instance()} (remote={self.get_option('remote')}, project={self.get_option('project')})"
+            )

        return process.returncode, stdout, stderr

+    def _get_remote_uid_gid(self) -> tuple[int, int]:
+        """Get the user and group ID of 'remote_user' from the instance."""
+
+        rc, uid_out, err = self.exec_command("/bin/id -u")
+        if rc != 0:
+            raise AnsibleError(
+                f"Failed to get remote uid for user {self.get_option('remote_user')}: {err}"
+            )
+        uid = uid_out.strip()
+
+        rc, gid_out, err = self.exec_command("/bin/id -g")
+        if rc != 0:
+            raise AnsibleError(
+                f"Failed to get remote gid for user {self.get_option('remote_user')}: {err}"
+            )
+        gid = gid_out.strip()
+
+        return int(uid), int(gid)
+
    def put_file(self, in_path, out_path):
        """ put a file from local to Incus """
        super(Connection, self).put_file(in_path, out_path)

-        self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path),
+        self._display.vvv(f"PUT {in_path} TO {out_path}",
                          host=self._instance())

        if not os.path.isfile(to_bytes(in_path, errors='surrogate_or_strict')):
-            raise AnsibleFileNotFound("input path is not a file: %s" % in_path)
+            raise AnsibleFileNotFound(f"input path is not a file: {in_path}")

-        local_cmd = [
-            self._incus_cmd,
-            "--project", self.get_option("project"),
-            "file", "push", "--quiet",
-            in_path,
-            "%s:%s/%s" % (self.get_option("remote"),
-                          self._instance(),
-                          out_path)]
+        if self.get_option("remote_user") != "root":
+            uid, gid = self._get_remote_uid_gid()
+            local_cmd = [
+                self._incus_cmd,
+                "--project",
+                self.get_option("project"),
+                "file",
+                "push",
+                "--uid",
+                str(uid),
+                "--gid",
+                str(gid),
+                "--quiet",
+                in_path,
+                f"{self.get_option('remote')}:{self._instance()}/{out_path}",
+            ]
+        else:
+            local_cmd = [
+                self._incus_cmd,
+                "--project",
+                self.get_option("project"),
+                "file",
+                "push",
+                "--quiet",
+                in_path,
+                f"{self.get_option('remote')}:{self._instance()}/{out_path}",
+            ]
+
+        self._display.vvvvv(f"PUT {local_cmd}", host=self._instance())

        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]

@@ -150,16 +254,14 @@ class Connection(ConnectionBase):
        """ fetch a file from Incus to local """
        super(Connection, self).fetch_file(in_path, out_path)

-        self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path),
+        self._display.vvv(f"FETCH {in_path} TO {out_path}",
                          host=self._instance())

        local_cmd = [
            self._incus_cmd,
            "--project", self.get_option("project"),
            "file", "pull", "--quiet",
-            "%s:%s/%s" % (self.get_option("remote"),
-                          self._instance(),
-                          in_path),
+            f"{self.get_option('remote')}:{self._instance()}/{in_path}",
            out_path]

        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
--- a/plugins/connection/iocage.py
+++ b/plugins/connection/iocage.py
@@ -7,31 +7,30 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Stephan Lohse (!UNKNOWN) <dev-github@ploek.org>
-    name: iocage
-    short_description: Run tasks in iocage jails
+DOCUMENTATION = r"""
+author: Stephan Lohse (!UNKNOWN) <dev-github@ploek.org>
+name: iocage
+short_description: Run tasks in iocage jails
+description:
+  - Run commands or put/fetch files to an existing iocage jail.
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing iocage jail
-    options:
-      remote_addr:
-        description:
-            - Path to the jail
-        type: string
-        vars:
-            - name: ansible_host
-            - name: ansible_iocage_host
-      remote_user:
-        description:
-            - User to execute as inside the jail
-        type: string
-        vars:
-            - name: ansible_user
-            - name: ansible_iocage_user
-'''
+      - Path to the jail.
+    type: string
+    vars:
+      - name: ansible_host
+      - name: ansible_iocage_host
+  remote_user:
+    description:
+      - User to execute as inside the jail.
+    type: string
+    vars:
+      - name: ansible_user
+      - name: ansible_iocage_user
+"""

 import subprocess

@@ -55,11 +54,12 @@ class Connection(Jail):

        jail_uuid = self.get_jail_uuid()

-        kwargs[Jail.modified_jailname_key] = 'ioc-{0}'.format(jail_uuid)
+        kwargs[Jail.modified_jailname_key] = f'ioc-{jail_uuid}'

-        display.vvv(u"Jail {iocjail} has been translated to {rawjail}".format(
-            iocjail=self.ioc_jail, rawjail=kwargs[Jail.modified_jailname_key]),
-            host=kwargs[Jail.modified_jailname_key])
+        display.vvv(
+            f"Jail {self.ioc_jail} has been translated to {kwargs[Jail.modified_jailname_key]}",
+            host=kwargs[Jail.modified_jailname_key]
+        )

        super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)

@@ -81,6 +81,6 @@ class Connection(Jail):
        p.wait()

        if p.returncode != 0:
-            raise AnsibleError(u"iocage returned an error: {0}".format(stdout))
+            raise AnsibleError(f"iocage returned an error: {stdout}")

        return stdout.strip('\n')
--- a/plugins/connection/jail.py
+++ b/plugins/connection/jail.py
@@ -7,33 +7,32 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Ansible Core Team
-    name: jail
-    short_description: Run tasks in jails
+DOCUMENTATION = r"""
+author: Ansible Core Team
+name: jail
+short_description: Run tasks in jails
+description:
+  - Run commands or put/fetch files to an existing jail.
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing jail
-    options:
-      remote_addr:
-        description:
-            - Path to the jail
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: inventory_hostname
-            - name: ansible_host
-            - name: ansible_jail_host
-      remote_user:
-        description:
-            - User to execute as inside the jail
-        type: string
-        vars:
-            - name: ansible_user
-            - name: ansible_jail_user
-'''
+      - Path to the jail.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: inventory_hostname
+      - name: ansible_host
+      - name: ansible_jail_host
+  remote_user:
+    description:
+      - User to execute as inside the jail.
+    type: string
+    vars:
+      - name: ansible_user
+      - name: ansible_jail_user
+"""

 import os
 import os.path
@@ -75,14 +74,14 @@ class Connection(ConnectionBase):
        self.jexec_cmd = self._search_executable('jexec')

        if self.jail not in self.list_jails():
-            raise AnsibleError("incorrect jail name %s" % self.jail)
+            raise AnsibleError(f"incorrect jail name {self.jail}")

    @staticmethod
    def _search_executable(executable):
        try:
            return get_bin_path(executable)
        except ValueError:
-            raise AnsibleError("%s command not found in PATH" % executable)
+            raise AnsibleError(f"{executable} command not found in PATH")

    def list_jails(self):
        p = subprocess.Popen([self.jls_cmd, '-q', 'name'],
@@ -97,7 +96,7 @@ class Connection(ConnectionBase):
        """ connect to the jail; nothing to do here """
        super(Connection, self)._connect()
        if not self._connected:
-            display.vvv(u"ESTABLISH JAIL CONNECTION FOR USER: {0}".format(self._play_context.remote_user), host=self.jail)
+            display.vvv(f"ESTABLISH JAIL CONNECTION FOR USER: {self._play_context.remote_user}", host=self.jail)
            self._connected = True

    def _buffered_exec_command(self, cmd, stdin=subprocess.PIPE):
@@ -115,11 +114,11 @@ class Connection(ConnectionBase):
        if self._play_context.remote_user is not None:
            local_cmd += ['-U', self._play_context.remote_user]
            # update HOME since -U does not update the jail environment
-            set_env = 'HOME=~' + self._play_context.remote_user + ' '
+            set_env = f"HOME=~{self._play_context.remote_user} "

        local_cmd += [self.jail, self._play_context.executable, '-c', set_env + cmd]

-        display.vvv("EXEC %s" % (local_cmd,), host=self.jail)
+        display.vvv(f"EXEC {local_cmd}", host=self.jail)
        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
        p = subprocess.Popen(local_cmd, shell=False, stdin=stdin,
                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@@ -144,7 +143,7 @@ class Connection(ConnectionBase):
            exist in any given chroot.  So for now we're choosing "/" instead.
            This also happens to be the former default.

-            Can revisit using $HOME instead if it's a problem
+            Can revisit using $HOME instead if it is a problem
        """
        if not remote_path.startswith(os.path.sep):
            remote_path = os.path.join(os.path.sep, remote_path)
@@ -153,7 +152,7 @@ class Connection(ConnectionBase):
    def put_file(self, in_path, out_path):
        """ transfer a file from local to jail """
        super(Connection, self).put_file(in_path, out_path)
-        display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.jail)
+        display.vvv(f"PUT {in_path} TO {out_path}", host=self.jail)

        out_path = shlex_quote(self._prefix_login_path(out_path))
        try:
@@ -163,27 +162,27 @@ class Connection(ConnectionBase):
                else:
                    count = ''
                try:
-                    p = self._buffered_exec_command('dd of=%s bs=%s%s' % (out_path, BUFSIZE, count), stdin=in_file)
+                    p = self._buffered_exec_command(f'dd of={out_path} bs={BUFSIZE}{count}', stdin=in_file)
                except OSError:
                    raise AnsibleError("jail connection requires dd command in the jail")
                try:
                    stdout, stderr = p.communicate()
                except Exception:
                    traceback.print_exc()
-                    raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
+                    raise AnsibleError(f"failed to transfer file {in_path} to {out_path}")
                if p.returncode != 0:
-                    raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, to_native(stdout), to_native(stderr)))
+                    raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{to_native(stdout)}\n{to_native(stderr)}")
        except IOError:
-            raise AnsibleError("file or module does not exist at: %s" % in_path)
+            raise AnsibleError(f"file or module does not exist at: {in_path}")

    def fetch_file(self, in_path, out_path):
        """ fetch a file from jail to local """
        super(Connection, self).fetch_file(in_path, out_path)
-        display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.jail)
+        display.vvv(f"FETCH {in_path} TO {out_path}", host=self.jail)

        in_path = shlex_quote(self._prefix_login_path(in_path))
        try:
-            p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE))
+            p = self._buffered_exec_command(f'dd if={in_path} bs={BUFSIZE}')
        except OSError:
            raise AnsibleError("jail connection requires dd command in the jail")

@@ -195,10 +194,10 @@ class Connection(ConnectionBase):
                    chunk = p.stdout.read(BUFSIZE)
            except Exception:
                traceback.print_exc()
-                raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
+                raise AnsibleError(f"failed to transfer file {in_path} to {out_path}")
            stdout, stderr = p.communicate()
            if p.returncode != 0:
-                raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, to_native(stdout), to_native(stderr)))
+                raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{to_native(stdout)}\n{to_native(stderr)}")

    def close(self):
        """ terminate the connection; nothing to do here """
--- a/plugins/connection/lxc.py
+++ b/plugins/connection/lxc.py
@@ -4,34 +4,33 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Joerg Thalheim (!UNKNOWN) <joerg@higgsboson.tk>
-    name: lxc
-    short_description: Run tasks in lxc containers via lxc python library
+DOCUMENTATION = r"""
+author: Joerg Thalheim (!UNKNOWN) <joerg@higgsboson.tk>
+name: lxc
+short_description: Run tasks in LXC containers using lxc python library
+description:
+  - Run commands or put/fetch files to an existing LXC container using lxc python library.
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing lxc container using lxc python library
-    options:
-      remote_addr:
-        description:
-            - Container identifier
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: inventory_hostname
-            - name: ansible_host
-            - name: ansible_lxc_host
-      executable:
-        default: /bin/sh
-        description:
-            - Shell executable
-        type: string
-        vars:
-            - name: ansible_executable
-            - name: ansible_lxc_executable
-'''
+      - Container identifier.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: inventory_hostname
+      - name: ansible_host
+      - name: ansible_lxc_host
+  executable:
+    default: /bin/sh
+    description:
+      - Shell executable.
+    type: string
+    vars:
+      - name: ansible_executable
+      - name: ansible_lxc_executable
+"""

 import os
 import shutil
@@ -82,7 +81,7 @@ class Connection(ConnectionBase):
        self._display.vvv("THIS IS A LOCAL LXC DIR", host=self.container_name)
        self.container = _lxc.Container(self.container_name)
        if self.container.state == "STOPPED":
-            raise errors.AnsibleError("%s is not running" % self.container_name)
+            raise errors.AnsibleError(f"{self.container_name} is not running")

    @staticmethod
    def _communicate(pid, in_data, stdin, stdout, stderr):
@@ -144,10 +143,10 @@ class Connection(ConnectionBase):
                read_stdin, write_stdin = os.pipe()
                kwargs['stdin'] = self._set_nonblocking(read_stdin)

-            self._display.vvv("EXEC %s" % (local_cmd), host=self.container_name)
+            self._display.vvv(f"EXEC {local_cmd}", host=self.container_name)
            pid = self.container.attach(_lxc.attach_run_command, local_cmd, **kwargs)
            if pid == -1:
-                msg = "failed to attach to container %s" % self.container_name
+                msg = f"failed to attach to container {self.container_name}"
                raise errors.AnsibleError(msg)

            write_stdout = os.close(write_stdout)
@@ -174,18 +173,18 @@ class Connection(ConnectionBase):
    def put_file(self, in_path, out_path):
        ''' transfer a file from local to lxc '''
        super(Connection, self).put_file(in_path, out_path)
-        self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.container_name)
+        self._display.vvv(f"PUT {in_path} TO {out_path}", host=self.container_name)
        in_path = to_bytes(in_path, errors='surrogate_or_strict')
        out_path = to_bytes(out_path, errors='surrogate_or_strict')

        if not os.path.exists(in_path):
-            msg = "file or module does not exist: %s" % in_path
+            msg = f"file or module does not exist: {in_path}"
            raise errors.AnsibleFileNotFound(msg)
        try:
            src_file = open(in_path, "rb")
        except IOError:
            traceback.print_exc()
-            raise errors.AnsibleError("failed to open input file to %s" % in_path)
+            raise errors.AnsibleError(f"failed to open input file to {in_path}")
        try:
            def write_file(args):
                with open(out_path, 'wb+') as dst_file:
@@ -194,7 +193,7 @@ class Connection(ConnectionBase):
                self.container.attach_wait(write_file, None)
            except IOError:
                traceback.print_exc()
-                msg = "failed to transfer file to %s" % out_path
+                msg = f"failed to transfer file to {out_path}"
                raise errors.AnsibleError(msg)
        finally:
            src_file.close()
@@ -202,7 +201,7 @@ class Connection(ConnectionBase):
    def fetch_file(self, in_path, out_path):
        ''' fetch a file from lxc to local '''
        super(Connection, self).fetch_file(in_path, out_path)
-        self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.container_name)
+        self._display.vvv(f"FETCH {in_path} TO {out_path}", host=self.container_name)
        in_path = to_bytes(in_path, errors='surrogate_or_strict')
        out_path = to_bytes(out_path, errors='surrogate_or_strict')

@@ -210,7 +209,7 @@ class Connection(ConnectionBase):
            dst_file = open(out_path, "wb")
        except IOError:
            traceback.print_exc()
-            msg = "failed to open output file %s" % out_path
+            msg = f"failed to open output file {out_path}"
            raise errors.AnsibleError(msg)
        try:
            def write_file(args):
@@ -225,7 +224,7 @@ class Connection(ConnectionBase):
                self.container.attach_wait(write_file, None)
            except IOError:
                traceback.print_exc()
-                msg = "failed to transfer file from %s to %s" % (in_path, out_path)
+                msg = f"failed to transfer file from {in_path} to {out_path}"
                raise errors.AnsibleError(msg)
        finally:
            dst_file.close()
--- a/plugins/connection/lxd.py
+++ b/plugins/connection/lxd.py
@@ -4,51 +4,75 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Matt Clay (@mattclay) <matt@mystile.com>
-    name: lxd
-    short_description: Run tasks in LXD instances via C(lxc) CLI
+DOCUMENTATION = r"""
+author: Matt Clay (@mattclay) <matt@mystile.com>
+name: lxd
+short_description: Run tasks in LXD instances using C(lxc) CLI
+description:
+  - Run commands or put/fetch files to an existing instance using C(lxc) CLI.
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing instance using C(lxc) CLI.
-    options:
-      remote_addr:
-        description:
-            - Instance (container/VM) identifier.
-            - Since community.general 8.0.0, a FQDN can be provided; in that case, the first component (the part before C(.))
-              is used as the instance identifier.
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: inventory_hostname
-            - name: ansible_host
-            - name: ansible_lxd_host
-      executable:
-        description:
-            - Shell to use for execution inside instance.
-        type: string
-        default: /bin/sh
-        vars:
-            - name: ansible_executable
-            - name: ansible_lxd_executable
-      remote:
-        description:
-            - Name of the LXD remote to use.
-        type: string
-        default: local
-        vars:
-            - name: ansible_lxd_remote
-        version_added: 2.0.0
-      project:
-        description:
-            - Name of the LXD project to use.
-        type: string
-        vars:
-            - name: ansible_lxd_project
-        version_added: 2.0.0
-'''
+      - Instance (container/VM) identifier.
+      - Since community.general 8.0.0, a FQDN can be provided; in that case, the first component (the part before C(.)) is
+        used as the instance identifier.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: inventory_hostname
+      - name: ansible_host
+      - name: ansible_lxd_host
+  executable:
+    description:
+      - Shell to use for execution inside instance.
+    type: string
+    default: /bin/sh
+    vars:
+      - name: ansible_executable
+      - name: ansible_lxd_executable
+  lxd_become_method:
+    description:
+      - Become command used to switch to a non-root user.
+      - Is only used when O(remote_user) is not V(root).
+    type: str
+    default: /bin/su
+    vars:
+      - name: lxd_become_method
+    version_added: 10.4.0
+  remote:
+    description:
+      - Name of the LXD remote to use.
+    type: string
+    default: local
+    vars:
+      - name: ansible_lxd_remote
+    version_added: 2.0.0
+  remote_user:
+    description:
+      - User to login/authenticate as.
+      - Can be set from the CLI via the C(--user) or C(-u) options.
+    type: string
+    default: root
+    vars:
+      - name: ansible_user
+    env:
+      - name: ANSIBLE_REMOTE_USER
+    ini:
+      - section: defaults
+        key: remote_user
+    keyword:
+      - name: remote_user
+    version_added: 10.4.0
+  project:
+    description:
+      - Name of the LXD project to use.
+    type: string
+    vars:
+      - name: ansible_lxd_project
+    version_added: 2.0.0
+"""

 import os
 from subprocess import Popen, PIPE
@@ -64,7 +88,6 @@ class Connection(ConnectionBase):

    transport = 'community.general.lxd'
    has_pipelining = True
-    default_user = 'root'

    def __init__(self, play_context, new_stdin, *args, **kwargs):
        super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
@@ -74,9 +97,6 @@ class Connection(ConnectionBase):
        except ValueError:
            raise AnsibleError("lxc command not found in PATH")

-        if self._play_context.remote_user is not None and self._play_context.remote_user != 'root':
-            self._display.warning('lxd does not support remote_user, using default: root')
-
    def _host(self):
        """ translate remote_addr to lxd (short) hostname """
        return self.get_option("remote_addr").split(".", 1)[0]
@@ -86,26 +106,41 @@ class Connection(ConnectionBase):
        super(Connection, self)._connect()

        if not self._connected:
-            self._display.vvv(u"ESTABLISH LXD CONNECTION FOR USER: root", host=self._host())
+            self._display.vvv(f"ESTABLISH LXD CONNECTION FOR USER: {self.get_option('remote_user')}", host=self._host())
            self._connected = True

+    def _build_command(self, cmd) -> str:
+        """build the command to execute on the lxd host"""
+
+        exec_cmd = [self._lxc_cmd]
+
+        if self.get_option("project"):
+            exec_cmd.extend(["--project", self.get_option("project")])
+
+        exec_cmd.extend(["exec", f"{self.get_option('remote')}:{self._host()}", "--"])
+
+        if self.get_option("remote_user") != "root":
+            self._display.vvv(
+                f"INFO: Running as non-root user: {self.get_option('remote_user')}, \
+                trying to run 'lxc exec' with become method: {self.get_option('lxd_become_method')}",
+                host=self._host(),
+            )
+            exec_cmd.extend(
+                [self.get_option("lxd_become_method"), self.get_option("remote_user"), "-c"]
+            )
+
+        exec_cmd.extend([self.get_option("executable"), "-c", cmd])
+
+        return exec_cmd
+
    def exec_command(self, cmd, in_data=None, sudoable=True):
        """ execute a command on the lxd host """
        super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)

-        self._display.vvv(u"EXEC {0}".format(cmd), host=self._host())
+        self._display.vvv(f"EXEC {cmd}", host=self._host())

-        local_cmd = [self._lxc_cmd]
-        if self.get_option("project"):
-            local_cmd.extend(["--project", self.get_option("project")])
-        local_cmd.extend([
-            "exec",
-            "%s:%s" % (self.get_option("remote"), self._host()),
-            "--",
-            self.get_option("executable"), "-c", cmd
-        ])
-
-        self._display.vvvvv(u"EXEC {0}".format(local_cmd), host=self._host())
+        local_cmd = self._build_command(cmd)
+        self._display.vvvvv(f"EXEC {local_cmd}", host=self._host())

        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
        in_data = to_bytes(in_data, errors='surrogate_or_strict', nonstring='passthru')
@@ -116,33 +151,73 @@ class Connection(ConnectionBase):
        stdout = to_text(stdout)
        stderr = to_text(stderr)

-        self._display.vvvvv(u"EXEC lxc output: {0} {1}".format(stdout, stderr), host=self._host())
+        self._display.vvvvv(f"EXEC lxc output: {stdout} {stderr}", host=self._host())

        if "is not running" in stderr:
-            raise AnsibleConnectionFailure("instance not running: %s" % self._host())
+            raise AnsibleConnectionFailure(f"instance not running: {self._host()}")

        if stderr.strip() == "Error: Instance not found" or stderr.strip() == "error: not found":
-            raise AnsibleConnectionFailure("instance not found: %s" % self._host())
+            raise AnsibleConnectionFailure(f"instance not found: {self._host()}")

        return process.returncode, stdout, stderr

+    def _get_remote_uid_gid(self) -> tuple[int, int]:
+        """Get the user and group ID of 'remote_user' from the instance."""
+
+        rc, uid_out, err = self.exec_command("/bin/id -u")
+        if rc != 0:
+            raise AnsibleError(
+                f"Failed to get remote uid for user {self.get_option('remote_user')}: {err}"
+            )
+        uid = uid_out.strip()
+
+        rc, gid_out, err = self.exec_command("/bin/id -g")
+        if rc != 0:
+            raise AnsibleError(
+                f"Failed to get remote gid for user {self.get_option('remote_user')}: {err}"
+            )
+        gid = gid_out.strip()
+
+        return int(uid), int(gid)
+
    def put_file(self, in_path, out_path):
        """ put a file from local to lxd """
        super(Connection, self).put_file(in_path, out_path)

-        self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), host=self._host())
+        self._display.vvv(f"PUT {in_path} TO {out_path}", host=self._host())

        if not os.path.isfile(to_bytes(in_path, errors='surrogate_or_strict')):
-            raise AnsibleFileNotFound("input path is not a file: %s" % in_path)
+            raise AnsibleFileNotFound(f"input path is not a file: {in_path}")

        local_cmd = [self._lxc_cmd]
        if self.get_option("project"):
            local_cmd.extend(["--project", self.get_option("project")])
-        local_cmd.extend([
-            "file", "push",
-            in_path,
-            "%s:%s/%s" % (self.get_option("remote"), self._host(), out_path)
-        ])
+
+        if self.get_option("remote_user") != "root":
+            uid, gid = self._get_remote_uid_gid()
+            local_cmd.extend(
+                [
+                    "file",
+                    "push",
+                    "--uid",
+                    str(uid),
+                    "--gid",
+                    str(gid),
+                    in_path,
+                    f"{self.get_option('remote')}:{self._host()}/{out_path}",
+                ]
+            )
+        else:
+            local_cmd.extend(
+                [
+                    "file",
+                    "push",
+                    in_path,
+                    f"{self.get_option('remote')}:{self._host()}/{out_path}",
+                ]
+            )
+
+        self._display.vvvvv(f"PUT {local_cmd}", host=self._host())

        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]

@@ -153,14 +228,14 @@ class Connection(ConnectionBase):
        """ fetch a file from lxd to local """
        super(Connection, self).fetch_file(in_path, out_path)

-        self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), host=self._host())
+        self._display.vvv(f"FETCH {in_path} TO {out_path}", host=self._host())

        local_cmd = [self._lxc_cmd]
        if self.get_option("project"):
            local_cmd.extend(["--project", self.get_option("project")])
        local_cmd.extend([
            "file", "pull",
-            "%s:%s/%s" % (self.get_option("remote"), self._host(), in_path),
+            f"{self.get_option('remote')}:{self._host()}/{in_path}",
            out_path
        ])

--- a/plugins/connection/proxmox_pct_remote.py
+++ b/plugins/connection/proxmox_pct_remote.py
@@ -0,0 +1,857 @@
+# -*- coding: utf-8 -*-
+# Derived from ansible/plugins/connection/paramiko_ssh.py (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
+# Copyright (c) 2024 Nils Stein (@mietzen) <github.nstein@mailbox.org>
+# Copyright (c) 2024 Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import annotations
+
+DOCUMENTATION = r"""
+author: Nils Stein (@mietzen) <github.nstein@mailbox.org>
+name: proxmox_pct_remote
+short_description: Run tasks in Proxmox LXC container instances using pct CLI via SSH
+requirements:
+  - paramiko
+description:
+  - Run commands or put/fetch files to an existing Proxmox LXC container using pct CLI via SSH.
+  - Uses the Python SSH implementation (Paramiko) to connect to the Proxmox host.
+version_added: "10.3.0"
+options:
+  remote_addr:
+    description:
+      - Address of the remote target.
+    default: inventory_hostname
+    type: string
+    vars:
+      - name: inventory_hostname
+      - name: ansible_host
+      - name: ansible_ssh_host
+      - name: ansible_paramiko_host
+  port:
+    description: Remote port to connect to.
+    type: int
+    default: 22
+    ini:
+      - section: defaults
+        key: remote_port
+      - section: paramiko_connection
+        key: remote_port
+    env:
+      - name: ANSIBLE_REMOTE_PORT
+      - name: ANSIBLE_REMOTE_PARAMIKO_PORT
+    vars:
+      - name: ansible_port
+      - name: ansible_ssh_port
+      - name: ansible_paramiko_port
+    keyword:
+      - name: port
+  remote_user:
+    description:
+      - User to login/authenticate as.
+      - Can be set from the CLI via the C(--user) or C(-u) options.
+    type: string
+    vars:
+      - name: ansible_user
+      - name: ansible_ssh_user
+      - name: ansible_paramiko_user
+    env:
+      - name: ANSIBLE_REMOTE_USER
+      - name: ANSIBLE_PARAMIKO_REMOTE_USER
+    ini:
+      - section: defaults
+        key: remote_user
+      - section: paramiko_connection
+        key: remote_user
+    keyword:
+      - name: remote_user
+  password:
+    description:
+      - Secret used to either login the SSH server or as a passphrase for SSH keys that require it.
+      - Can be set from the CLI via the C(--ask-pass) option.
+    type: string
+    vars:
+      - name: ansible_password
+      - name: ansible_ssh_pass
+      - name: ansible_ssh_password
+      - name: ansible_paramiko_pass
+      - name: ansible_paramiko_password
+  use_rsa_sha2_algorithms:
+    description:
+      - Whether or not to enable RSA SHA2 algorithms for pubkeys and hostkeys.
+      - On paramiko versions older than 2.9, this only affects hostkeys.
+      - For behavior matching paramiko<2.9 set this to V(false).
+    vars:
+      - name: ansible_paramiko_use_rsa_sha2_algorithms
+    ini:
+      - {key: use_rsa_sha2_algorithms, section: paramiko_connection}
+    env:
+      - {name: ANSIBLE_PARAMIKO_USE_RSA_SHA2_ALGORITHMS}
+    default: true
+    type: boolean
+  host_key_auto_add:
+    description: "Automatically add host keys to C(~/.ssh/known_hosts)."
+    env:
+      - name: ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD
+    ini:
+      - key: host_key_auto_add
+        section: paramiko_connection
+    type: boolean
+  look_for_keys:
+    default: True
+    description: "Set to V(false) to disable searching for private key files in C(~/.ssh/)."
+    env:
+      - name: ANSIBLE_PARAMIKO_LOOK_FOR_KEYS
+    ini:
+      - {key: look_for_keys, section: paramiko_connection}
+    type: boolean
+  proxy_command:
+    default: ""
+    description:
+      - Proxy information for running the connection via a jumphost.
+    type: string
+    env:
+      - name: ANSIBLE_PARAMIKO_PROXY_COMMAND
+    ini:
+      - {key: proxy_command, section: paramiko_connection}
+    vars:
+      - name: ansible_paramiko_proxy_command
+  pty:
+    default: True
+    description: "C(sudo) usually requires a PTY, V(true) to give a PTY and V(false) to not give a PTY."
+    env:
+      - name: ANSIBLE_PARAMIKO_PTY
+    ini:
+      - section: paramiko_connection
+        key: pty
+    type: boolean
+  record_host_keys:
+    default: True
+    description: "Save the host keys to a file."
+    env:
+      - name: ANSIBLE_PARAMIKO_RECORD_HOST_KEYS
+    ini:
+      - section: paramiko_connection
+        key: record_host_keys
+    type: boolean
+  host_key_checking:
+    description: "Set this to V(false) if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host."
+    type: boolean
+    default: true
+    env:
+      - name: ANSIBLE_HOST_KEY_CHECKING
+      - name: ANSIBLE_SSH_HOST_KEY_CHECKING
+      - name: ANSIBLE_PARAMIKO_HOST_KEY_CHECKING
+    ini:
+      - section: defaults
+        key: host_key_checking
+      - section: paramiko_connection
+        key: host_key_checking
+    vars:
+      - name: ansible_host_key_checking
+      - name: ansible_ssh_host_key_checking
+      - name: ansible_paramiko_host_key_checking
+  use_persistent_connections:
+    description: "Toggles the use of persistence for connections."
+    type: boolean
+    default: False
+    env:
+      - name: ANSIBLE_USE_PERSISTENT_CONNECTIONS
+    ini:
+      - section: defaults
+        key: use_persistent_connections
+  banner_timeout:
+    type: float
+    default: 30
+    description:
+      - Configures, in seconds, the amount of time to wait for the SSH
+        banner to be presented. This option is supported by paramiko
+        version 1.15.0 or newer.
+    ini:
+      - section: paramiko_connection
+        key: banner_timeout
+    env:
+      - name: ANSIBLE_PARAMIKO_BANNER_TIMEOUT
+  timeout:
+    type: int
+    default: 10
+    description: Number of seconds until the plugin gives up on failing to establish a TCP connection.
+    ini:
+      - section: defaults
+        key: timeout
+      - section: ssh_connection
+        key: timeout
+      - section: paramiko_connection
+        key: timeout
+    env:
+      - name: ANSIBLE_TIMEOUT
+      - name: ANSIBLE_SSH_TIMEOUT
+      - name: ANSIBLE_PARAMIKO_TIMEOUT
+    vars:
+      - name: ansible_ssh_timeout
+      - name: ansible_paramiko_timeout
+    cli:
+      - name: timeout
+  lock_file_timeout:
+    type: int
+    default: 60
+    description: Number of seconds until the plugin gives up on trying to write a lock file when writing SSH known host keys.
+    vars:
+      - name: ansible_lock_file_timeout
+    env:
+      - name: ANSIBLE_LOCK_FILE_TIMEOUT
+  private_key_file:
+    description:
+      - Path to private key file to use for authentication.
+    type: string
+    ini:
+      - section: defaults
+        key: private_key_file
+      - section: paramiko_connection
+        key: private_key_file
+    env:
+      - name: ANSIBLE_PRIVATE_KEY_FILE
+      - name: ANSIBLE_PARAMIKO_PRIVATE_KEY_FILE
+    vars:
+      - name: ansible_private_key_file
+      - name: ansible_ssh_private_key_file
+      - name: ansible_paramiko_private_key_file
+    cli:
+      - name: private_key_file
+        option: "--private-key"
+  vmid:
+    description:
+      - LXC Container ID
+    type: int
+    vars:
+      - name: proxmox_vmid
+  proxmox_become_method:
+    description:
+      - Become command used in proxmox
+    type: str
+    default: sudo
+    vars:
+      - name: proxmox_become_method
+notes:
+  - >
+    When NOT using this plugin as root, you need to have a become mechanism,
+    e.g. C(sudo), installed on Proxmox and setup so we can run it without prompting for the password.
+    Inside the container, we need a shell, for example C(sh) and the C(cat) command to be available in the C(PATH) for this plugin to work.
+"""
+
+EXAMPLES = r"""
+# --------------------------------------------------------------
+# Setup sudo with password less access to pct for user 'ansible':
+# --------------------------------------------------------------
+#
+# Open a Proxmox root shell and execute:
+# $ useradd -d /opt/ansible-pct -r -m -s /bin/sh ansible
+# $ mkdir -p /opt/ansible-pct/.ssh
+# $ ssh-keygen -t ed25519 -C 'ansible' -N "" -f /opt/ansible-pct/.ssh/ansible <<< y > /dev/null
+# $ cat /opt/ansible-pct/.ssh/ansible
+# $ mv /opt/ansible-pct/.ssh/ansible.pub /opt/ansible-pct/.ssh/authorized-keys
+# $ rm /opt/ansible-pct/.ssh/ansible*
+# $ chown -R ansible:ansible /opt/ansible-pct/.ssh
+# $ chmod 700 /opt/ansible-pct/.ssh
+# $ chmod 600 /opt/ansible-pct/.ssh/authorized-keys
+# $ echo 'ansible ALL = (root) NOPASSWD: /usr/sbin/pct' > /etc/sudoers.d/ansible_pct
+#
+# Save the displayed private key and add it to your ssh-agent
+#
+# Or use ansible:
+# ---
+# - name: Setup ansible-pct user and configure environment on Proxmox host
+#   hosts: proxmox
+#   become: true
+#   gather_facts: false
+#
+#   tasks:
+#     - name: Create ansible user
+#       ansible.builtin.user:
+#         name: ansible
+#         comment: Ansible User
+#         home: /opt/ansible-pct
+#         shell: /bin/sh
+#         create_home: true
+#         system: true
+#
+#     - name: Create .ssh directory
+#       ansible.builtin.file:
+#         path: /opt/ansible-pct/.ssh
+#         state: directory
+#         owner: ansible
+#         group: ansible
+#         mode: '0700'
+#
+#     - name: Generate SSH key for ansible user
+#       community.crypto.openssh_keypair:
+#         path: /opt/ansible-pct/.ssh/ansible
+#         type: ed25519
+#         comment: 'ansible'
+#         force: true
+#         mode: '0600'
+#         owner: ansible
+#         group: ansible
+#
+#     - name: Set public key as authorized key
+#       ansible.builtin.copy:
+#         src: /opt/ansible-pct/.ssh/ansible.pub
+#         dest: /opt/ansible-pct/.ssh/authorized-keys
+#         remote_src: yes
+#         owner: ansible
+#         group: ansible
+#         mode: '0600'
+#
+#     - name: Add sudoers entry for ansible user
+#       ansible.builtin.copy:
+#         content: 'ansible ALL = (root) NOPASSWD: /usr/sbin/pct'
+#         dest: /etc/sudoers.d/ansible_pct
+#         owner: root
+#         group: root
+#         mode: '0440'
+#
+#     - name: Fetch private SSH key to localhost
+#       ansible.builtin.fetch:
+#         src: /opt/ansible-pct/.ssh/ansible
+#         dest: ~/.ssh/proxmox_ansible_private_key
+#         flat: yes
+#         fail_on_missing: true
+#
+#     - name: Clean up generated SSH keys
+#       ansible.builtin.file:
+#         path: /opt/ansible-pct/.ssh/ansible*
+#         state: absent
+#
+# - name: Configure private key permissions on localhost
+#   hosts: localhost
+#   tasks:
+#     - name: Set permissions for fetched private key
+#       ansible.builtin.file:
+#         path: ~/.ssh/proxmox_ansible_private_key
+#         mode: '0600'
+#
+# --------------------------------
+# Static inventory file: hosts.yml
+# --------------------------------
+# all:
+#   children:
+#     lxc:
+#       hosts:
+#         container-1:
+#           ansible_host: 10.0.0.10
+#           proxmox_vmid: 100
+#           ansible_connection: community.general.proxmox_pct_remote
+#           ansible_user: ansible
+#         container-2:
+#           ansible_host: 10.0.0.10
+#           proxmox_vmid: 200
+#           ansible_connection: community.general.proxmox_pct_remote
+#           ansible_user: ansible
+#     proxmox:
+#       hosts:
+#         proxmox-1:
+#           ansible_host: 10.0.0.10
+#
+#
+# ---------------------------------------------
+# Dynamic inventory file: inventory.proxmox.yml
+# ---------------------------------------------
+# plugin: community.general.proxmox
+# url: https://10.0.0.10:8006
+# validate_certs: false
+# user: ansible@pam
+# token_id: ansible
+# token_secret: !vault |
+#           $ANSIBLE_VAULT;1.1;AES256
+#           ...
+
+# want_facts: true
+# exclude_nodes: true
+# filters:
+#   - proxmox_vmtype == "lxc"
+# want_proxmox_nodes_ansible_host: false
+# compose:
+#   ansible_host: "'10.0.0.10'"
+#   ansible_connection: "'community.general.proxmox_pct_remote'"
+#   ansible_user: "'ansible'"
+#
+#
+# ----------------------
+# Playbook: playbook.yml
+# ----------------------
+---
+- hosts: lxc
+  # On nodes with many containers you might want to deactivate the devices facts
+  # or set `gather_facts: false` if you don't need them.
+  # More info on gathering fact subsets:
+  # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/setup_module.html
+  #
+  # gather_facts: true
+  #   gather_subset:
+  #     - "!devices"
+  tasks:
+    - name: Ping LXC container
+      ansible.builtin.ping:
+"""
+
+import os
+import pathlib
+import socket
+import tempfile
+import typing as t
+
+from ansible.errors import (
+    AnsibleAuthenticationFailure,
+    AnsibleConnectionFailure,
+    AnsibleError,
+)
+from ansible_collections.community.general.plugins.module_utils._filelock import FileLock, LockTimeout
+from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text
+from ansible.module_utils.compat.paramiko import PARAMIKO_IMPORT_ERR, paramiko
+from ansible.module_utils.compat.version import LooseVersion
+from ansible.plugins.connection import ConnectionBase
+from ansible.utils.display import Display
+from ansible.utils.path import makedirs_safe
+from binascii import hexlify
+
+
+display = Display()
+
+
+def authenticity_msg(hostname: str, ktype: str, fingerprint: str) -> str:
+    msg = f"""
+    paramiko: The authenticity of host '{hostname}' can't be established.
+    The {ktype} key fingerprint is {fingerprint}.
+    Are you sure you want to continue connecting (yes/no)?
+    """
+    return msg
+
+
+MissingHostKeyPolicy: type = object
+if paramiko:
+    MissingHostKeyPolicy = paramiko.MissingHostKeyPolicy
+
+
+class MyAddPolicy(MissingHostKeyPolicy):
+    """
+    Based on AutoAddPolicy in paramiko so we can determine when keys are added
+
+    and also prompt for input.
+
+    Policy for automatically adding the hostname and new host key to the
+    local L{HostKeys} object, and saving it. This is used by L{SSHClient}.
+    """
+
+    def __init__(self, connection: Connection) -> None:
+        self.connection = connection
+        self._options = connection._options
+
+    def missing_host_key(self, client, hostname, key) -> None:
+
+        if all((self.connection.get_option('host_key_checking'), not self.connection.get_option('host_key_auto_add'))):
+
+            fingerprint = hexlify(key.get_fingerprint())
+            ktype = key.get_name()
+
+            if self.connection.get_option('use_persistent_connections') or self.connection.force_persistence:
+                # don't print the prompt string since the user cannot respond
+                # to the question anyway
+                raise AnsibleError(authenticity_msg(hostname, ktype, fingerprint)[1:92])
+
+            inp = to_text(
+                display.prompt_until(authenticity_msg(hostname, ktype, fingerprint), private=False),
+                errors='surrogate_or_strict'
+            )
+
+            if inp.lower() not in ['yes', 'y', '']:
+                raise AnsibleError('host connection rejected by user')
+
+        key._added_by_ansible_this_time = True
+
+        # existing implementation below:
+        client._host_keys.add(hostname, key.get_name(), key)
+
+        # host keys are actually saved in close() function below
+        # in order to control ordering.
+
+
+class Connection(ConnectionBase):
+    """ SSH based connections (paramiko) to Proxmox pct """
+
+    transport = 'community.general.proxmox_pct_remote'
+    _log_channel: str | None = None
+
+    def __init__(self, play_context, new_stdin, *args, **kwargs):
+        super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
+
+    def _set_log_channel(self, name: str) -> None:
+        """ Mimic paramiko.SSHClient.set_log_channel """
+        self._log_channel = name
+
+    def _parse_proxy_command(self, port: int = 22) -> dict[str, t.Any]:
+        proxy_command = self.get_option('proxy_command') or None
+
+        sock_kwarg = {}
+        if proxy_command:
+            replacers = {
+                '%h': self.get_option('remote_addr'),
+                '%p': port,
+                '%r': self.get_option('remote_user')
+            }
+            for find, replace in replacers.items():
+                proxy_command = proxy_command.replace(find, str(replace))
+            try:
+                sock_kwarg = {'sock': paramiko.ProxyCommand(proxy_command)}
+                display.vvv(f'CONFIGURE PROXY COMMAND FOR CONNECTION: {proxy_command}', host=self.get_option('remote_addr'))
+            except AttributeError:
+                display.warning('Paramiko ProxyCommand support unavailable. '
+                                'Please upgrade to Paramiko 1.9.0 or newer. '
+                                'Not using configured ProxyCommand')
+
+        return sock_kwarg
+
+    def _connect(self) -> Connection:
+        """ activates the connection object """
+
+        if paramiko is None:
+            raise AnsibleError(f'paramiko is not installed: {to_native(PARAMIKO_IMPORT_ERR)}')
+
+        port = self.get_option('port')
+        display.vvv(f'ESTABLISH PARAMIKO SSH CONNECTION FOR USER: {self.get_option("remote_user")} on PORT {to_text(port)} TO {self.get_option("remote_addr")}',
+                    host=self.get_option('remote_addr'))
+
+        ssh = paramiko.SSHClient()
+
+        # Set pubkey and hostkey algorithms to disable, the only manipulation allowed currently
+        # is keeping or omitting rsa-sha2 algorithms
+        # default_keys: t.Tuple[str] = ()
+        paramiko_preferred_pubkeys = getattr(paramiko.Transport, '_preferred_pubkeys', ())
+        paramiko_preferred_hostkeys = getattr(paramiko.Transport, '_preferred_keys', ())
+        use_rsa_sha2_algorithms = self.get_option('use_rsa_sha2_algorithms')
+        disabled_algorithms: t.Dict[str, t.Iterable[str]] = {}
+        if not use_rsa_sha2_algorithms:
+            if paramiko_preferred_pubkeys:
+                disabled_algorithms['pubkeys'] = tuple(a for a in paramiko_preferred_pubkeys if 'rsa-sha2' in a)
+            if paramiko_preferred_hostkeys:
+                disabled_algorithms['keys'] = tuple(a for a in paramiko_preferred_hostkeys if 'rsa-sha2' in a)
+
+        # override paramiko's default logger name
+        if self._log_channel is not None:
+            ssh.set_log_channel(self._log_channel)
+
+        self.keyfile = os.path.expanduser('~/.ssh/known_hosts')
+
+        if self.get_option('host_key_checking'):
+            for ssh_known_hosts in ('/etc/ssh/ssh_known_hosts', '/etc/openssh/ssh_known_hosts'):
+                try:
+                    ssh.load_system_host_keys(ssh_known_hosts)
+                    break
+                except IOError:
+                    pass  # file was not found, but not required to function
+                except paramiko.hostkeys.InvalidHostKey as e:
+                    raise AnsibleConnectionFailure(f'Invalid host key: {to_text(e.line)}')
+            try:
+                ssh.load_system_host_keys()
+            except paramiko.hostkeys.InvalidHostKey as e:
+                raise AnsibleConnectionFailure(f'Invalid host key: {to_text(e.line)}')
+
+        ssh_connect_kwargs = self._parse_proxy_command(port)
+        ssh.set_missing_host_key_policy(MyAddPolicy(self))
+        conn_password = self.get_option('password')
+        allow_agent = True
+
+        if conn_password is not None:
+            allow_agent = False
+
+        try:
+            key_filename = None
+            if self.get_option('private_key_file'):
+                key_filename = os.path.expanduser(self.get_option('private_key_file'))
+
+            # paramiko 2.2 introduced auth_timeout parameter
+            if LooseVersion(paramiko.__version__) >= LooseVersion('2.2.0'):
+                ssh_connect_kwargs['auth_timeout'] = self.get_option('timeout')
+
+            # paramiko 1.15 introduced banner timeout parameter
+            if LooseVersion(paramiko.__version__) >= LooseVersion('1.15.0'):
+                ssh_connect_kwargs['banner_timeout'] = self.get_option('banner_timeout')
+
+            ssh.connect(
+                self.get_option('remote_addr').lower(),
+                username=self.get_option('remote_user'),
+                allow_agent=allow_agent,
+                look_for_keys=self.get_option('look_for_keys'),
+                key_filename=key_filename,
+                password=conn_password,
+                timeout=self.get_option('timeout'),
+                port=port,
+                disabled_algorithms=disabled_algorithms,
+                **ssh_connect_kwargs,
+            )
+        except paramiko.ssh_exception.BadHostKeyException as e:
+            raise AnsibleConnectionFailure(f'host key mismatch for {to_text(e.hostname)}')
+        except paramiko.ssh_exception.AuthenticationException as e:
+            msg = f'Failed to authenticate: {e}'
+            raise AnsibleAuthenticationFailure(msg)
+        except Exception as e:
+            msg = to_text(e)
+            if u'PID check failed' in msg:
+                raise AnsibleError('paramiko version issue, please upgrade paramiko on the machine running ansible')
+            elif u'Private key file is encrypted' in msg:
+                msg = f'ssh {self.get_option("remote_user")}@{self.get_options("remote_addr")}:{port} : ' + \
+                    f'{msg}\nTo connect as a different user, use -u <username>.'
+                raise AnsibleConnectionFailure(msg)
+            else:
+                raise AnsibleConnectionFailure(msg)
+        self.ssh = ssh
+        self._connected = True
+        return self
+
+    def _any_keys_added(self) -> bool:
+        for hostname, keys in self.ssh._host_keys.items():
+            for keytype, key in keys.items():
+                added_this_time = getattr(key, '_added_by_ansible_this_time', False)
+                if added_this_time:
+                    return True
+        return False
+
+    def _save_ssh_host_keys(self, filename: str) -> None:
+        """
+        not using the paramiko save_ssh_host_keys function as we want to add new SSH keys at the bottom so folks
+        don't complain about it :)
+        """
+
+        if not self._any_keys_added():
+            return
+
+        path = os.path.expanduser('~/.ssh')
+        makedirs_safe(path)
+
+        with open(filename, 'w') as f:
+            for hostname, keys in self.ssh._host_keys.items():
+                for keytype, key in keys.items():
+                    # was f.write
+                    added_this_time = getattr(key, '_added_by_ansible_this_time', False)
+                    if not added_this_time:
+                        f.write(f'{hostname} {keytype} {key.get_base64()}\n')
+
+            for hostname, keys in self.ssh._host_keys.items():
+                for keytype, key in keys.items():
+                    added_this_time = getattr(key, '_added_by_ansible_this_time', False)
+                    if added_this_time:
+                        f.write(f'{hostname} {keytype} {key.get_base64()}\n')
+
+    def _build_pct_command(self, cmd: str) -> str:
+        cmd = ['/usr/sbin/pct', 'exec', str(self.get_option('vmid')), '--', cmd]
+        if self.get_option('remote_user') != 'root':
+            cmd = [self.get_option('proxmox_become_method')] + cmd
+            display.vvv(f'INFO Running as non root user: {self.get_option("remote_user")}, trying to run pct with become method: ' +
+                        f'{self.get_option("proxmox_become_method")}',
+                        host=self.get_option('remote_addr'))
+        return ' '.join(cmd)
+
+    def exec_command(self, cmd: str, in_data: bytes | None = None, sudoable: bool = True) -> tuple[int, bytes, bytes]:
+        """ run a command on inside the LXC container """
+
+        cmd = self._build_pct_command(cmd)
+
+        super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
+
+        bufsize = 4096
+
+        try:
+            self.ssh.get_transport().set_keepalive(5)
+            chan = self.ssh.get_transport().open_session()
+        except Exception as e:
+            text_e = to_text(e)
+            msg = 'Failed to open session'
+            if text_e:
+                msg += f': {text_e}'
+            raise AnsibleConnectionFailure(to_native(msg))
+
+        # sudo usually requires a PTY (cf. requiretty option), therefore
+        # we give it one by default (pty=True in ansible.cfg), and we try
+        # to initialise from the calling environment when sudoable is enabled
+        if self.get_option('pty') and sudoable:
+            chan.get_pty(term=os.getenv('TERM', 'vt100'), width=int(os.getenv('COLUMNS', 0)), height=int(os.getenv('LINES', 0)))
+
+        display.vvv(f'EXEC {cmd}', host=self.get_option('remote_addr'))
+
+        cmd = to_bytes(cmd, errors='surrogate_or_strict')
+
+        no_prompt_out = b''
+        no_prompt_err = b''
+        become_output = b''
+
+        try:
+            chan.exec_command(cmd)
+            if self.become and self.become.expect_prompt():
+                password_prompt = False
+                become_success = False
+                while not (become_success or password_prompt):
+                    display.debug('Waiting for Privilege Escalation input')
+
+                    chunk = chan.recv(bufsize)
+                    display.debug(f'chunk is: {to_text(chunk)}')
+                    if not chunk:
+                        if b'unknown user' in become_output:
+                            n_become_user = to_native(self.become.get_option('become_user'))
+                            raise AnsibleError(f'user {n_become_user} does not exist')
+                        else:
+                            break
+                            # raise AnsibleError('ssh connection closed waiting for password prompt')
+                    become_output += chunk
+
+                    # need to check every line because we might get lectured
+                    # and we might get the middle of a line in a chunk
+                    for line in become_output.splitlines(True):
+                        if self.become.check_success(line):
+                            become_success = True
+                            break
+                        elif self.become.check_password_prompt(line):
+                            password_prompt = True
+                            break
+
+                if password_prompt:
+                    if self.become:
+                        become_pass = self.become.get_option('become_pass')
+                        chan.sendall(to_bytes(become_pass, errors='surrogate_or_strict') + b'\n')
+                    else:
+                        raise AnsibleError('A password is required but none was supplied')
+                else:
+                    no_prompt_out += become_output
+                    no_prompt_err += become_output
+
+            if in_data:
+                for i in range(0, len(in_data), bufsize):
+                    chan.send(in_data[i:i + bufsize])
+                chan.shutdown_write()
+            elif in_data == b'':
+                chan.shutdown_write()
+
+        except socket.timeout:
+            raise AnsibleError('ssh timed out waiting for privilege escalation.\n' + to_text(become_output))
+
+        stdout = b''.join(chan.makefile('rb', bufsize))
+        stderr = b''.join(chan.makefile_stderr('rb', bufsize))
+        returncode = chan.recv_exit_status()
+
+        if 'pct: not found' in stderr.decode('utf-8'):
+            raise AnsibleError(
+                f'pct not found in path of host: {to_text(self.get_option("remote_addr"))}')
+
+        return (returncode, no_prompt_out + stdout, no_prompt_out + stderr)
+
+    def put_file(self, in_path: str, out_path: str) -> None:
+        """ transfer a file from local to remote """
+
+        display.vvv(f'PUT {in_path} TO {out_path}', host=self.get_option('remote_addr'))
+        try:
+            with open(in_path, 'rb') as f:
+                data = f.read()
+                returncode, stdout, stderr = self.exec_command(
+                    ' '.join([
+                        self._shell.executable, '-c',
+                        self._shell.quote(f'cat > {out_path}')]),
+                    in_data=data,
+                    sudoable=False)
+            if returncode != 0:
+                if 'cat: not found' in stderr.decode('utf-8'):
+                    raise AnsibleError(
+                        f'cat not found in path of container: {to_text(self.get_option("vmid"))}')
+                raise AnsibleError(
+                    f'{to_text(stdout)}\n{to_text(stderr)}')
+        except Exception as e:
+            raise AnsibleError(
+                f'error occurred while putting file from {in_path} to {out_path}!\n{to_text(e)}')
+
+    def fetch_file(self, in_path: str, out_path: str) -> None:
+        """ save a remote file to the specified path """
+
+        display.vvv(f'FETCH {in_path} TO {out_path}', host=self.get_option('remote_addr'))
+        try:
+            returncode, stdout, stderr = self.exec_command(
+                ' '.join([
+                    self._shell.executable, '-c',
+                    self._shell.quote(f'cat {in_path}')]),
+                sudoable=False)
+            if returncode != 0:
+                if 'cat: not found' in stderr.decode('utf-8'):
+                    raise AnsibleError(
+                        f'cat not found in path of container: {to_text(self.get_option("vmid"))}')
+                raise AnsibleError(
+                    f'{to_text(stdout)}\n{to_text(stderr)}')
+            with open(out_path, 'wb') as f:
+                f.write(stdout)
+        except Exception as e:
+            raise AnsibleError(
+                f'error occurred while fetching file from {in_path} to {out_path}!\n{to_text(e)}')
+
+    def reset(self) -> None:
+        """ reset the connection """
+
+        if not self._connected:
+            return
+        self.close()
+        self._connect()
+
+    def close(self) -> None:
+        """ terminate the connection """
+
+        if self.get_option('host_key_checking') and self.get_option('record_host_keys') and self._any_keys_added():
+            # add any new SSH host keys -- warning -- this could be slow
+            # (This doesn't acquire the connection lock because it needs
+            # to exclude only other known_hosts writers, not connections
+            # that are starting up.)
+            lockfile = os.path.basename(self.keyfile)
+            dirname = os.path.dirname(self.keyfile)
+            makedirs_safe(dirname)
+            tmp_keyfile_name = None
+            try:
+                with FileLock().lock_file(lockfile, dirname, self.get_option('lock_file_timeout')):
+                    # just in case any were added recently
+
+                    self.ssh.load_system_host_keys()
+                    self.ssh._host_keys.update(self.ssh._system_host_keys)
+
+                    # gather information about the current key file, so
+                    # we can ensure the new file has the correct mode/owner
+
+                    key_dir = os.path.dirname(self.keyfile)
+                    if os.path.exists(self.keyfile):
+                        key_stat = os.stat(self.keyfile)
+                        mode = key_stat.st_mode & 0o777
+                        uid = key_stat.st_uid
+                        gid = key_stat.st_gid
+                    else:
+                        mode = 0o644
+                        uid = os.getuid()
+                        gid = os.getgid()
+
+                    # Save the new keys to a temporary file and move it into place
+                    # rather than rewriting the file. We set delete=False because
+                    # the file will be moved into place rather than cleaned up.
+
+                    with tempfile.NamedTemporaryFile(dir=key_dir, delete=False) as tmp_keyfile:
+                        tmp_keyfile_name = tmp_keyfile.name
+                        os.chmod(tmp_keyfile_name, mode)
+                        os.chown(tmp_keyfile_name, uid, gid)
+                        self._save_ssh_host_keys(tmp_keyfile_name)
+
+                    os.rename(tmp_keyfile_name, self.keyfile)
+            except LockTimeout:
+                raise AnsibleError(
+                    f'writing lock file for {self.keyfile} ran in to the timeout of {self.get_option("lock_file_timeout")}s')
+            except paramiko.hostkeys.InvalidHostKey as e:
+                raise AnsibleConnectionFailure(f'Invalid host key: {e.line}')
+            except Exception as e:
+                # unable to save keys, including scenario when key was invalid
+                # and caught earlier
+                raise AnsibleError(
+                    f'error occurred while writing SSH host keys!\n{to_text(e)}')
+            finally:
+                if tmp_keyfile_name is not None:
+                    pathlib.Path(tmp_keyfile_name).unlink(missing_ok=True)
+
+        self.ssh.close()
+        self._connected = False
--- a/plugins/connection/qubes.py
+++ b/plugins/connection/qubes.py
@@ -8,38 +8,36 @@
 #
 # Written by: Kushal Das (https://github.com/kushaldas)

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations


-DOCUMENTATION = '''
-    name: qubes
-    short_description: Interact with an existing QubesOS AppVM
+DOCUMENTATION = r"""
+name: qubes
+short_description: Interact with an existing QubesOS AppVM

+description:
+  - Run commands or put/fetch files to an existing Qubes AppVM using qubes tools.
+author: Kushal Das (@kushaldas)
+
+
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing Qubes AppVM using qubes tools.
-
-    author: Kushal Das (@kushaldas)
-
-
-    options:
-      remote_addr:
-        description:
-            - VM name.
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: ansible_host
-      remote_user:
-        description:
-            - The user to execute as inside the VM.
-        type: string
-        default: The I(user) account as default in Qubes OS.
-        vars:
-            - name: ansible_user
+      - VM name.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: ansible_host
+  remote_user:
+    description:
+      - The user to execute as inside the VM.
+    type: string
+    default: The I(user) account as default in Qubes OS.
+    vars:
+      - name: ansible_user
 #        keyword:
 #            - name: hosts
-'''
+"""

 import subprocess

@@ -78,7 +76,7 @@ class Connection(ConnectionBase):
        """
        display.vvvv("CMD: ", cmd)
        if not cmd.endswith("\n"):
-            cmd = cmd + "\n"
+            cmd = f"{cmd}\n"
        local_cmd = []

        # For dom0
@@ -95,7 +93,7 @@ class Connection(ConnectionBase):

        display.vvvv("Local cmd: ", local_cmd)

-        display.vvv("RUN %s" % (local_cmd,), host=self._remote_vmname)
+        display.vvv(f"RUN {local_cmd}", host=self._remote_vmname)
        p = subprocess.Popen(local_cmd, shell=False, stdin=subprocess.PIPE,
                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)

@@ -114,42 +112,42 @@ class Connection(ConnectionBase):
        """Run specified command in a running QubesVM """
        super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)

-        display.vvvv("CMD IS: %s" % cmd)
+        display.vvvv(f"CMD IS: {cmd}")

        rc, stdout, stderr = self._qubes(cmd)

-        display.vvvvv("STDOUT %r STDERR %r" % (stderr, stderr))
+        display.vvvvv(f"STDOUT {stdout!r} STDERR {stderr!r}")
        return rc, stdout, stderr

    def put_file(self, in_path, out_path):
        """ Place a local file located in 'in_path' inside VM at 'out_path' """
        super(Connection, self).put_file(in_path, out_path)
-        display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._remote_vmname)
+        display.vvv(f"PUT {in_path} TO {out_path}", host=self._remote_vmname)

        with open(in_path, "rb") as fobj:
            source_data = fobj.read()

-        retcode, dummy, dummy = self._qubes('cat > "{0}"\n'.format(out_path), source_data, "qubes.VMRootShell")
+        retcode, dummy, dummy = self._qubes(f'cat > "{out_path}\"\n', source_data, "qubes.VMRootShell")
        # if qubes.VMRootShell service not supported, fallback to qubes.VMShell and
        # hope it will have appropriate permissions
        if retcode == 127:
-            retcode, dummy, dummy = self._qubes('cat > "{0}"\n'.format(out_path), source_data)
+            retcode, dummy, dummy = self._qubes(f'cat > "{out_path}\"\n', source_data)

        if retcode != 0:
-            raise AnsibleConnectionFailure('Failed to put_file to {0}'.format(out_path))
+            raise AnsibleConnectionFailure(f'Failed to put_file to {out_path}')

    def fetch_file(self, in_path, out_path):
        """Obtain file specified via 'in_path' from the container and place it at 'out_path' """
        super(Connection, self).fetch_file(in_path, out_path)
-        display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self._remote_vmname)
+        display.vvv(f"FETCH {in_path} TO {out_path}", host=self._remote_vmname)

        # We are running in dom0
-        cmd_args_list = ["qvm-run", "--pass-io", self._remote_vmname, "cat {0}".format(in_path)]
+        cmd_args_list = ["qvm-run", "--pass-io", self._remote_vmname, f"cat {in_path}"]
        with open(out_path, "wb") as fobj:
            p = subprocess.Popen(cmd_args_list, shell=False, stdout=fobj)
            p.communicate()
            if p.returncode != 0:
-                raise AnsibleConnectionFailure('Failed to fetch file to {0}'.format(out_path))
+                raise AnsibleConnectionFailure(f'Failed to fetch file to {out_path}')

    def close(self):
        """ Closing the connection """
--- a/plugins/connection/saltstack.py
+++ b/plugins/connection/saltstack.py
@@ -7,16 +7,15 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Michael Scherer (@mscherer) <misc@zarb.org>
-    name: saltstack
-    short_description: Allow ansible to piggyback on salt minions
-    description:
-        - This allows you to use existing Saltstack infrastructure to connect to targets.
-'''
+DOCUMENTATION = r"""
+author: Michael Scherer (@mscherer) <misc@zarb.org>
+name: saltstack
+short_description: Allow ansible to piggyback on salt minions
+description:
+  - This allows you to use existing Saltstack infrastructure to connect to targets.
+"""

 import os
 import base64
@@ -59,11 +58,11 @@ class Connection(ConnectionBase):
        if in_data:
            raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining")

-        self._display.vvv("EXEC %s" % cmd, host=self.host)
+        self._display.vvv(f"EXEC {cmd}", host=self.host)
        # need to add 'true;' to work around https://github.com/saltstack/salt/issues/28077
-        res = self.client.cmd(self.host, 'cmd.exec_code_all', ['bash', 'true;' + cmd])
+        res = self.client.cmd(self.host, 'cmd.exec_code_all', ['bash', f"true;{cmd}"])
        if self.host not in res:
-            raise errors.AnsibleError("Minion %s didn't answer, check if salt-minion is running and the name is correct" % self.host)
+            raise errors.AnsibleError(f"Minion {self.host} didn't answer, check if salt-minion is running and the name is correct")

        p = res[self.host]
        return p['retcode'], p['stdout'], p['stderr']
@@ -81,7 +80,7 @@ class Connection(ConnectionBase):
        super(Connection, self).put_file(in_path, out_path)

        out_path = self._normalize_path(out_path, '/')
-        self._display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.host)
+        self._display.vvv(f"PUT {in_path} TO {out_path}", host=self.host)
        with open(in_path, 'rb') as in_fh:
            content = in_fh.read()
        self.client.cmd(self.host, 'hashutil.base64_decodefile', [base64.b64encode(content), out_path])
@@ -93,7 +92,7 @@ class Connection(ConnectionBase):
        super(Connection, self).fetch_file(in_path, out_path)

        in_path = self._normalize_path(in_path, '/')
-        self._display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host)
+        self._display.vvv(f"FETCH {in_path} TO {out_path}", host=self.host)
        content = self.client.cmd(self.host, 'cp.get_file_str', [in_path])[self.host]
        open(out_path, 'wb').write(content)

--- a/plugins/connection/wsl.py
+++ b/plugins/connection/wsl.py
@@ -0,0 +1,786 @@
+# -*- coding: utf-8 -*-
+# Derived from ansible/plugins/connection/proxmox_pct_remote.py (c) 2024 Nils Stein (@mietzen) <github.nstein@mailbox.org>
+# Derived from ansible/plugins/connection/paramiko_ssh.py (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
+# Copyright (c) 2025 Rui Lopes (@rgl) <ruilopes.com>
+# Copyright (c) 2025 Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import annotations
+
+DOCUMENTATION = r"""
+author: Rui Lopes (@rgl) <ruilopes.com>
+name: wsl
+short_description: Run tasks in WSL distribution using wsl.exe CLI via SSH
+requirements:
+  - paramiko
+description:
+  - Run commands or put/fetch files to an existing WSL distribution using wsl.exe CLI via SSH.
+  - Uses the Python SSH implementation (Paramiko) to connect to the WSL host.
+version_added: "10.6.0"
+options:
+  remote_addr:
+    description:
+      - Address of the remote target.
+    default: inventory_hostname
+    type: string
+    vars:
+      - name: inventory_hostname
+      - name: ansible_host
+      - name: ansible_ssh_host
+      - name: ansible_paramiko_host
+  port:
+    description: Remote port to connect to.
+    type: int
+    default: 22
+    ini:
+      - section: defaults
+        key: remote_port
+      - section: paramiko_connection
+        key: remote_port
+    env:
+      - name: ANSIBLE_REMOTE_PORT
+      - name: ANSIBLE_REMOTE_PARAMIKO_PORT
+    vars:
+      - name: ansible_port
+      - name: ansible_ssh_port
+      - name: ansible_paramiko_port
+    keyword:
+      - name: port
+  remote_user:
+    description:
+      - User to login/authenticate as.
+      - Can be set from the CLI via the C(--user) or C(-u) options.
+    type: string
+    vars:
+      - name: ansible_user
+      - name: ansible_ssh_user
+      - name: ansible_paramiko_user
+    env:
+      - name: ANSIBLE_REMOTE_USER
+      - name: ANSIBLE_PARAMIKO_REMOTE_USER
+    ini:
+      - section: defaults
+        key: remote_user
+      - section: paramiko_connection
+        key: remote_user
+    keyword:
+      - name: remote_user
+  password:
+    description:
+      - Secret used to either login the SSH server or as a passphrase for SSH keys that require it.
+      - Can be set from the CLI via the C(--ask-pass) option.
+    type: string
+    vars:
+      - name: ansible_password
+      - name: ansible_ssh_pass
+      - name: ansible_ssh_password
+      - name: ansible_paramiko_pass
+      - name: ansible_paramiko_password
+  use_rsa_sha2_algorithms:
+    description:
+      - Whether or not to enable RSA SHA2 algorithms for pubkeys and hostkeys.
+      - On paramiko versions older than 2.9, this only affects hostkeys.
+      - For behavior matching paramiko<2.9 set this to V(false).
+    vars:
+      - name: ansible_paramiko_use_rsa_sha2_algorithms
+    ini:
+      - {key: use_rsa_sha2_algorithms, section: paramiko_connection}
+    env:
+      - {name: ANSIBLE_PARAMIKO_USE_RSA_SHA2_ALGORITHMS}
+    default: true
+    type: boolean
+  host_key_auto_add:
+    description: "Automatically add host keys to C(~/.ssh/known_hosts)."
+    env:
+      - name: ANSIBLE_PARAMIKO_HOST_KEY_AUTO_ADD
+    ini:
+      - key: host_key_auto_add
+        section: paramiko_connection
+    type: boolean
+  look_for_keys:
+    default: true
+    description: "Set to V(false) to disable searching for private key files in C(~/.ssh/)."
+    env:
+      - name: ANSIBLE_PARAMIKO_LOOK_FOR_KEYS
+    ini:
+      - {key: look_for_keys, section: paramiko_connection}
+    type: boolean
+  proxy_command:
+    default: ""
+    description:
+      - Proxy information for running the connection via a jumphost.
+      - This option is supported by paramiko version 1.9.0 or newer.
+    type: string
+    env:
+      - name: ANSIBLE_PARAMIKO_PROXY_COMMAND
+    ini:
+      - {key: proxy_command, section: paramiko_connection}
+    vars:
+      - name: ansible_paramiko_proxy_command
+  record_host_keys:
+    default: true
+    description: "Save the host keys to a file."
+    env:
+      - name: ANSIBLE_PARAMIKO_RECORD_HOST_KEYS
+    ini:
+      - section: paramiko_connection
+        key: record_host_keys
+    type: boolean
+  host_key_checking:
+    description: "Set this to V(false) if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host."
+    type: boolean
+    default: true
+    env:
+      - name: ANSIBLE_HOST_KEY_CHECKING
+      - name: ANSIBLE_SSH_HOST_KEY_CHECKING
+      - name: ANSIBLE_PARAMIKO_HOST_KEY_CHECKING
+    ini:
+      - section: defaults
+        key: host_key_checking
+      - section: paramiko_connection
+        key: host_key_checking
+    vars:
+      - name: ansible_host_key_checking
+      - name: ansible_ssh_host_key_checking
+      - name: ansible_paramiko_host_key_checking
+  use_persistent_connections:
+    description: "Toggles the use of persistence for connections."
+    type: boolean
+    default: false
+    env:
+      - name: ANSIBLE_USE_PERSISTENT_CONNECTIONS
+    ini:
+      - section: defaults
+        key: use_persistent_connections
+  banner_timeout:
+    type: float
+    default: 30
+    description:
+      - Configures, in seconds, the amount of time to wait for the SSH
+        banner to be presented.
+      - This option is supported by paramiko version 1.15.0 or newer.
+    ini:
+      - section: paramiko_connection
+        key: banner_timeout
+    env:
+      - name: ANSIBLE_PARAMIKO_BANNER_TIMEOUT
+  timeout:
+    type: int
+    default: 10
+    description:
+      - Number of seconds until the plugin gives up on failing to establish a TCP connection.
+      - This option is supported by paramiko version 2.2.0 or newer.
+    ini:
+      - section: defaults
+        key: timeout
+      - section: ssh_connection
+        key: timeout
+      - section: paramiko_connection
+        key: timeout
+    env:
+      - name: ANSIBLE_TIMEOUT
+      - name: ANSIBLE_SSH_TIMEOUT
+      - name: ANSIBLE_PARAMIKO_TIMEOUT
+    vars:
+      - name: ansible_ssh_timeout
+      - name: ansible_paramiko_timeout
+    cli:
+      - name: timeout
+  lock_file_timeout:
+    type: int
+    default: 60
+    description: Number of seconds until the plugin gives up on trying to write a lock file when writing SSH known host keys.
+    vars:
+      - name: ansible_lock_file_timeout
+    env:
+      - name: ANSIBLE_LOCK_FILE_TIMEOUT
+  private_key_file:
+    description:
+      - Path to private key file to use for authentication.
+    type: path
+    ini:
+      - section: defaults
+        key: private_key_file
+      - section: paramiko_connection
+        key: private_key_file
+    env:
+      - name: ANSIBLE_PRIVATE_KEY_FILE
+      - name: ANSIBLE_PARAMIKO_PRIVATE_KEY_FILE
+    vars:
+      - name: ansible_private_key_file
+      - name: ansible_ssh_private_key_file
+      - name: ansible_paramiko_private_key_file
+    cli:
+      - name: private_key_file
+        option: "--private-key"
+  user_known_hosts_file:
+    description:
+      - Path to the user known hosts file.
+      - Used to verify the ssh hosts keys.
+    type: path
+    default: ~/.ssh/known_hosts
+    ini:
+      - section: paramiko_connection
+        key: user_known_hosts_file
+    vars:
+      - name: ansible_paramiko_user_known_hosts_file
+  wsl_distribution:
+    description:
+      - WSL distribution name
+    type: string
+    required: true
+    vars:
+      - name: wsl_distribution
+  wsl_user:
+    description:
+      - WSL distribution user
+    type: string
+    vars:
+      - name: wsl_user
+  become_user:
+    description:
+      - WSL distribution user
+    type: string
+    default: root
+    vars:
+      - name: become_user
+      - name: ansible_become_user
+  become:
+    description:
+      - whether to use the user defined by ansible_become_user.
+    type: bool
+    default: false
+    vars:
+      - name: become
+      - name: ansible_become
+"""
+
+EXAMPLES = r"""
+# ------------------------
+# Inventory: inventory.yml
+# ------------------------
+---
+all:
+  children:
+    wsl:
+      hosts:
+        example-wsl-ubuntu:
+          ansible_host: 10.0.0.10
+          wsl_distribution: ubuntu
+          wsl_user: ubuntu
+      vars:
+        ansible_connection: community.general.wsl
+        ansible_user: vagrant
+# ----------------------
+# Playbook: playbook.yml
+# ----------------------
+---
+- name: WSL Example
+  hosts: wsl
+  gather_facts: true
+  become: true
+  tasks:
+    - name: Ping
+      ansible.builtin.ping:
+    - name: Id (with become false)
+      become: false
+      changed_when: false
+      args:
+        executable: /bin/bash
+      ansible.builtin.shell: |
+        exec 2>&1
+        set -x
+        echo "$0"
+        pwd
+        id
+    - name: Id (with become true)
+      changed_when: false
+      args:
+        executable: /bin/bash
+      ansible.builtin.shell: |
+        exec 2>&1
+        set -x
+        echo "$0"
+        pwd
+        id
+    - name: Reboot
+      ansible.builtin.reboot:
+        boot_time_command: systemctl show -p ActiveEnterTimestamp init.scope
+"""
+
+import io
+import os
+import pathlib
+import shlex
+import socket
+import tempfile
+import typing as t
+
+from ansible.errors import (
+    AnsibleAuthenticationFailure,
+    AnsibleConnectionFailure,
+    AnsibleError,
+)
+from ansible_collections.community.general.plugins.module_utils._filelock import FileLock, LockTimeout
+from ansible.module_utils.common.text.converters import to_bytes, to_native, to_text
+from ansible.module_utils.compat.paramiko import PARAMIKO_IMPORT_ERR, paramiko
+from ansible.module_utils.compat.version import LooseVersion
+from ansible.playbook.play_context import PlayContext
+from ansible.plugins.connection import ConnectionBase
+from ansible.utils.display import Display
+from ansible.utils.path import makedirs_safe
+from binascii import hexlify
+from subprocess import list2cmdline
+
+
+if t.TYPE_CHECKING and paramiko:
+    from paramiko import MissingHostKeyPolicy
+    from paramiko.client import SSHClient
+    from paramiko.pkey import PKey
+else:
+    MissingHostKeyPolicy: type = object
+    SSHClient: type = object
+    PKey: type = object
+
+
+display = Display()
+
+
+def authenticity_msg(hostname: str, ktype: str, fingerprint: str) -> str:
+    msg = f"""
+    paramiko: The authenticity of host '{hostname}' can't be established.
+    The {ktype} key fingerprint is {fingerprint}.
+    Are you sure you want to continue connecting (yes/no)?
+    """
+    return msg
+
+
+class MyAddPolicy(MissingHostKeyPolicy):
+    """
+    Based on AutoAddPolicy in paramiko so we can determine when keys are added
+
+    and also prompt for input.
+
+    Policy for automatically adding the hostname and new host key to the
+    local L{HostKeys} object, and saving it. This is used by L{SSHClient}.
+    """
+
+    def __init__(self, connection: Connection) -> None:
+        self.connection = connection
+        self._options = connection._options
+
+    def missing_host_key(self, client: SSHClient, hostname: str, key: PKey) -> None:
+
+        if all((self.connection.get_option('host_key_checking'), not self.connection.get_option('host_key_auto_add'))):
+
+            fingerprint = hexlify(key.get_fingerprint())
+            ktype = key.get_name()
+
+            if self.connection.get_option('use_persistent_connections') or self.connection.force_persistence:
+                # don't print the prompt string since the user cannot respond
+                # to the question anyway
+                raise AnsibleError(authenticity_msg(hostname, ktype, fingerprint)[1:92])
+
+            inp = to_text(
+                display.prompt_until(authenticity_msg(hostname, ktype, fingerprint), private=False),
+                errors='surrogate_or_strict'
+            )
+
+            if inp.lower() not in ['yes', 'y', '']:
+                raise AnsibleError('host connection rejected by user')
+
+        key._added_by_ansible_this_time = True
+
+        # existing implementation below:
+        client._host_keys.add(hostname, key.get_name(), key)
+
+        # host keys are actually saved in close() function below
+        # in order to control ordering.
+
+
+class Connection(ConnectionBase):
+    """ SSH based connections (paramiko) to WSL """
+
+    transport = 'community.general.wsl'
+    _log_channel: str | None = None
+
+    def __init__(self, play_context: PlayContext, new_stdin: io.TextIOWrapper | None = None, *args: t.Any, **kwargs: t.Any):
+        super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
+
+    def _set_log_channel(self, name: str) -> None:
+        """ Mimic paramiko.SSHClient.set_log_channel """
+        self._log_channel = name
+
+    def _parse_proxy_command(self, port: int = 22) -> dict[str, t.Any]:
+        proxy_command = self.get_option('proxy_command') or None
+
+        sock_kwarg = {}
+        if proxy_command:
+            replacers: t.Dict[str, str] = {
+                '%h': self.get_option('remote_addr'),
+                '%p': str(port),
+                '%r': self.get_option('remote_user')
+            }
+            for find, replace in replacers.items():
+                proxy_command = proxy_command.replace(find, replace)
+            try:
+                sock_kwarg = {'sock': paramiko.ProxyCommand(proxy_command)}
+                display.vvv(f'CONFIGURE PROXY COMMAND FOR CONNECTION: {proxy_command}', host=self.get_option('remote_addr'))
+            except AttributeError:
+                display.warning('Paramiko ProxyCommand support unavailable. '
+                                'Please upgrade to Paramiko 1.9.0 or newer. '
+                                'Not using configured ProxyCommand')
+
+        return sock_kwarg
+
+    def _connect(self) -> Connection:
+        """ activates the connection object """
+
+        if paramiko is None:
+            raise AnsibleError(f'paramiko is not installed: {to_native(PARAMIKO_IMPORT_ERR)}')
+
+        port = self.get_option('port')
+        display.vvv(f'ESTABLISH PARAMIKO SSH CONNECTION FOR USER: {self.get_option("remote_user")} on PORT {to_text(port)} TO {self.get_option("remote_addr")}',
+                    host=self.get_option('remote_addr'))
+
+        ssh = paramiko.SSHClient()
+
+        # Set pubkey and hostkey algorithms to disable, the only manipulation allowed currently
+        # is keeping or omitting rsa-sha2 algorithms
+        # default_keys: t.Tuple[str] = ()
+        paramiko_preferred_pubkeys = getattr(paramiko.Transport, '_preferred_pubkeys', ())
+        paramiko_preferred_hostkeys = getattr(paramiko.Transport, '_preferred_keys', ())
+        use_rsa_sha2_algorithms = self.get_option('use_rsa_sha2_algorithms')
+        disabled_algorithms: t.Dict[str, t.Iterable[str]] = {}
+        if not use_rsa_sha2_algorithms:
+            if paramiko_preferred_pubkeys:
+                disabled_algorithms['pubkeys'] = tuple(a for a in paramiko_preferred_pubkeys if 'rsa-sha2' in a)
+            if paramiko_preferred_hostkeys:
+                disabled_algorithms['keys'] = tuple(a for a in paramiko_preferred_hostkeys if 'rsa-sha2' in a)
+
+        # override paramiko's default logger name
+        if self._log_channel is not None:
+            ssh.set_log_channel(self._log_channel)
+
+        self.keyfile = os.path.expanduser(self.get_option('user_known_hosts_file'))
+
+        if self.get_option('host_key_checking'):
+            for ssh_known_hosts in ('/etc/ssh/ssh_known_hosts', '/etc/openssh/ssh_known_hosts', self.keyfile):
+                try:
+                    ssh.load_system_host_keys(ssh_known_hosts)
+                    break
+                except IOError:
+                    pass  # file was not found, but not required to function
+                except paramiko.hostkeys.InvalidHostKey as e:
+                    raise AnsibleConnectionFailure(f'Invalid host key: {to_text(e.line)}')
+            try:
+                ssh.load_system_host_keys()
+            except paramiko.hostkeys.InvalidHostKey as e:
+                raise AnsibleConnectionFailure(f'Invalid host key: {to_text(e.line)}')
+
+        ssh_connect_kwargs = self._parse_proxy_command(port)
+        ssh.set_missing_host_key_policy(MyAddPolicy(self))
+        conn_password = self.get_option('password')
+        allow_agent = True
+
+        if conn_password is not None:
+            allow_agent = False
+
+        try:
+            key_filename = None
+            if self.get_option('private_key_file'):
+                key_filename = os.path.expanduser(self.get_option('private_key_file'))
+
+            # paramiko 2.2 introduced auth_timeout parameter
+            if LooseVersion(paramiko.__version__) >= LooseVersion('2.2.0'):
+                ssh_connect_kwargs['auth_timeout'] = self.get_option('timeout')
+
+            # paramiko 1.15 introduced banner timeout parameter
+            if LooseVersion(paramiko.__version__) >= LooseVersion('1.15.0'):
+                ssh_connect_kwargs['banner_timeout'] = self.get_option('banner_timeout')
+
+            ssh.connect(
+                self.get_option('remote_addr').lower(),
+                username=self.get_option('remote_user'),
+                allow_agent=allow_agent,
+                look_for_keys=self.get_option('look_for_keys'),
+                key_filename=key_filename,
+                password=conn_password,
+                timeout=self.get_option('timeout'),
+                port=port,
+                disabled_algorithms=disabled_algorithms,
+                **ssh_connect_kwargs,
+            )
+        except paramiko.ssh_exception.BadHostKeyException as e:
+            raise AnsibleConnectionFailure(f'host key mismatch for {to_text(e.hostname)}')
+        except paramiko.ssh_exception.AuthenticationException as e:
+            msg = f'Failed to authenticate: {e}'
+            raise AnsibleAuthenticationFailure(msg)
+        except Exception as e:
+            msg = to_text(e)
+            if u'PID check failed' in msg:
+                raise AnsibleError('paramiko version issue, please upgrade paramiko on the machine running ansible')
+            elif u'Private key file is encrypted' in msg:
+                msg = f'ssh {self.get_option("remote_user")}@{self.get_options("remote_addr")}:{port} : ' + \
+                    f'{msg}\nTo connect as a different user, use -u <username>.'
+                raise AnsibleConnectionFailure(msg)
+            else:
+                raise AnsibleConnectionFailure(msg)
+        self.ssh = ssh
+        self._connected = True
+        return self
+
+    def _any_keys_added(self) -> bool:
+        for hostname, keys in self.ssh._host_keys.items():
+            for keytype, key in keys.items():
+                added_this_time = getattr(key, '_added_by_ansible_this_time', False)
+                if added_this_time:
+                    return True
+        return False
+
+    def _save_ssh_host_keys(self, filename: str) -> None:
+        """
+        not using the paramiko save_ssh_host_keys function as we want to add new SSH keys at the bottom so folks
+        don't complain about it :)
+        """
+
+        if not self._any_keys_added():
+            return
+
+        path = os.path.expanduser('~/.ssh')
+        makedirs_safe(path)
+
+        with open(filename, 'w') as f:
+            for hostname, keys in self.ssh._host_keys.items():
+                for keytype, key in keys.items():
+                    # was f.write
+                    added_this_time = getattr(key, '_added_by_ansible_this_time', False)
+                    if not added_this_time:
+                        f.write(f'{hostname} {keytype} {key.get_base64()}\n')
+
+            for hostname, keys in self.ssh._host_keys.items():
+                for keytype, key in keys.items():
+                    added_this_time = getattr(key, '_added_by_ansible_this_time', False)
+                    if added_this_time:
+                        f.write(f'{hostname} {keytype} {key.get_base64()}\n')
+
+    def _build_wsl_command(self, cmd: str) -> str:
+        wsl_distribution = self.get_option('wsl_distribution')
+        become = self.get_option('become')
+        become_user = self.get_option('become_user')
+        if become and become_user:
+            wsl_user = become_user
+        else:
+            wsl_user = self.get_option('wsl_user')
+        args = ['wsl.exe', '--distribution', wsl_distribution]
+        if wsl_user:
+            args.extend(['--user', wsl_user])
+        args.extend(['--'])
+        args.extend(shlex.split(cmd))
+        if os.getenv('_ANSIBLE_TEST_WSL_CONNECTION_PLUGIN_Waeri5tepheeSha2fae8'):
+            return shlex.join(args)
+        return list2cmdline(args)   # see https://github.com/python/cpython/blob/3.11/Lib/subprocess.py#L576
+
+    def exec_command(self, cmd: str, in_data: bytes | None = None, sudoable: bool = True) -> tuple[int, bytes, bytes]:
+        """ run a command on inside a WSL distribution """
+
+        cmd = self._build_wsl_command(cmd)
+
+        super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
+
+        bufsize = 4096
+
+        try:
+            self.ssh.get_transport().set_keepalive(5)
+            chan = self.ssh.get_transport().open_session()
+        except Exception as e:
+            text_e = to_text(e)
+            msg = 'Failed to open session'
+            if text_e:
+                msg += f': {text_e}'
+            raise AnsibleConnectionFailure(to_native(msg))
+
+        display.vvv(f'EXEC {cmd}', host=self.get_option('remote_addr'))
+
+        cmd = to_bytes(cmd, errors='surrogate_or_strict')
+
+        no_prompt_out = b''
+        no_prompt_err = b''
+        become_output = b''
+
+        try:
+            chan.exec_command(cmd)
+            if self.become and self.become.expect_prompt():
+                password_prompt = False
+                become_success = False
+                while not (become_success or password_prompt):
+                    display.debug('Waiting for Privilege Escalation input')
+
+                    chunk = chan.recv(bufsize)
+                    display.debug(f'chunk is: {to_text(chunk)}')
+                    if not chunk:
+                        if b'unknown user' in become_output:
+                            n_become_user = to_native(self.become.get_option('become_user'))
+                            raise AnsibleError(f'user {n_become_user} does not exist')
+                        else:
+                            break
+                            # raise AnsibleError('ssh connection closed waiting for password prompt')
+                    become_output += chunk
+
+                    # need to check every line because we might get lectured
+                    # and we might get the middle of a line in a chunk
+                    for line in become_output.splitlines(True):
+                        if self.become.check_success(line):
+                            become_success = True
+                            break
+                        elif self.become.check_password_prompt(line):
+                            password_prompt = True
+                            break
+
+                if password_prompt:
+                    if self.become:
+                        become_pass = self.become.get_option('become_pass')
+                        chan.sendall(to_bytes(become_pass + '\n', errors='surrogate_or_strict'))
+                    else:
+                        raise AnsibleError('A password is required but none was supplied')
+                else:
+                    no_prompt_out += become_output
+                    no_prompt_err += become_output
+
+            if in_data:
+                for i in range(0, len(in_data), bufsize):
+                    chan.send(in_data[i:i + bufsize])
+                chan.shutdown_write()
+            elif in_data == b'':
+                chan.shutdown_write()
+
+        except socket.timeout:
+            raise AnsibleError('ssh timed out waiting for privilege escalation.\n' + to_text(become_output))
+
+        stdout = b''.join(chan.makefile('rb', bufsize))
+        stderr = b''.join(chan.makefile_stderr('rb', bufsize))
+        returncode = chan.recv_exit_status()
+
+        # NB the full english error message is:
+        #     'wsl.exe' is not recognized as an internal or external command,
+        #     operable program or batch file.
+        if "'wsl.exe' is not recognized" in stderr.decode('utf-8'):
+            raise AnsibleError(
+                f'wsl.exe not found in path of host: {to_text(self.get_option("remote_addr"))}')
+
+        return (returncode, no_prompt_out + stdout, no_prompt_out + stderr)
+
+    def put_file(self, in_path: str, out_path: str) -> None:
+        """ transfer a file from local to remote """
+
+        display.vvv(f'PUT {in_path} TO {out_path}', host=self.get_option('remote_addr'))
+        try:
+            with open(in_path, 'rb') as f:
+                data = f.read()
+                returncode, stdout, stderr = self.exec_command(
+                    ' '.join([
+                        self._shell.executable, '-c',
+                        self._shell.quote(f'cat > {out_path}')]),
+                    in_data=data,
+                    sudoable=False)
+            if returncode != 0:
+                if 'cat: not found' in stderr.decode('utf-8'):
+                    raise AnsibleError(
+                        f'cat not found in path of WSL distribution: {to_text(self.get_option("wsl_distribution"))}')
+                raise AnsibleError(
+                    f'{to_text(stdout)}\n{to_text(stderr)}')
+        except Exception as e:
+            raise AnsibleError(
+                f'error occurred while putting file from {in_path} to {out_path}!\n{to_text(e)}')
+
+    def fetch_file(self, in_path: str, out_path: str) -> None:
+        """ save a remote file to the specified path """
+
+        display.vvv(f'FETCH {in_path} TO {out_path}', host=self.get_option('remote_addr'))
+        try:
+            returncode, stdout, stderr = self.exec_command(
+                ' '.join([
+                    self._shell.executable, '-c',
+                    self._shell.quote(f'cat {in_path}')]),
+                sudoable=False)
+            if returncode != 0:
+                if 'cat: not found' in stderr.decode('utf-8'):
+                    raise AnsibleError(
+                        f'cat not found in path of WSL distribution: {to_text(self.get_option("wsl_distribution"))}')
+                raise AnsibleError(
+                    f'{to_text(stdout)}\n{to_text(stderr)}')
+            with open(out_path, 'wb') as f:
+                f.write(stdout)
+        except Exception as e:
+            raise AnsibleError(
+                f'error occurred while fetching file from {in_path} to {out_path}!\n{to_text(e)}')
+
+    def reset(self) -> None:
+        """ reset the connection """
+
+        if not self._connected:
+            return
+        self.close()
+        self._connect()
+
+    def close(self) -> None:
+        """ terminate the connection """
+
+        if self.get_option('host_key_checking') and self.get_option('record_host_keys') and self._any_keys_added():
+            # add any new SSH host keys -- warning -- this could be slow
+            # (This doesn't acquire the connection lock because it needs
+            # to exclude only other known_hosts writers, not connections
+            # that are starting up.)
+            lockfile = os.path.basename(self.keyfile)
+            dirname = os.path.dirname(self.keyfile)
+            makedirs_safe(dirname)
+            tmp_keyfile_name = None
+            try:
+                with FileLock().lock_file(lockfile, dirname, self.get_option('lock_file_timeout')):
+                    # just in case any were added recently
+
+                    self.ssh.load_system_host_keys()
+                    self.ssh._host_keys.update(self.ssh._system_host_keys)
+
+                    # gather information about the current key file, so
+                    # we can ensure the new file has the correct mode/owner
+
+                    key_dir = os.path.dirname(self.keyfile)
+                    if os.path.exists(self.keyfile):
+                        key_stat = os.stat(self.keyfile)
+                        mode = key_stat.st_mode & 0o777
+                        uid = key_stat.st_uid
+                        gid = key_stat.st_gid
+                    else:
+                        mode = 0o644
+                        uid = os.getuid()
+                        gid = os.getgid()
+
+                    # Save the new keys to a temporary file and move it into place
+                    # rather than rewriting the file. We set delete=False because
+                    # the file will be moved into place rather than cleaned up.
+
+                    with tempfile.NamedTemporaryFile(dir=key_dir, delete=False) as tmp_keyfile:
+                        tmp_keyfile_name = tmp_keyfile.name
+                        os.chmod(tmp_keyfile_name, mode)
+                        os.chown(tmp_keyfile_name, uid, gid)
+                        self._save_ssh_host_keys(tmp_keyfile_name)
+
+                    os.rename(tmp_keyfile_name, self.keyfile)
+            except LockTimeout:
+                raise AnsibleError(
+                    f'writing lock file for {self.keyfile} ran in to the timeout of {self.get_option("lock_file_timeout")}s')
+            except paramiko.hostkeys.InvalidHostKey as e:
+                raise AnsibleConnectionFailure(f'Invalid host key: {e.line}')
+            except Exception as e:
+                # unable to save keys, including scenario when key was invalid
+                # and caught earlier
+                raise AnsibleError(
+                    f'error occurred while writing SSH host keys!\n{to_text(e)}')
+            finally:
+                if tmp_keyfile_name is not None:
+                    pathlib.Path(tmp_keyfile_name).unlink(missing_ok=True)
+
+        self.ssh.close()
+        self._connected = False
--- a/plugins/connection/zone.py
+++ b/plugins/connection/zone.py
@@ -8,25 +8,24 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later

-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations

-DOCUMENTATION = '''
-    author: Ansible Core Team
-    name: zone
-    short_description: Run tasks in a zone instance
+DOCUMENTATION = r"""
+author: Ansible Core Team
+name: zone
+short_description: Run tasks in a zone instance
+description:
+  - Run commands or put/fetch files to an existing zone.
+options:
+  remote_addr:
    description:
-        - Run commands or put/fetch files to an existing zone.
-    options:
-      remote_addr:
-        description:
-            - Zone identifier
-        type: string
-        default: inventory_hostname
-        vars:
-            - name: ansible_host
-            - name: ansible_zone_host
-'''
+      - Zone identifier.
+    type: string
+    default: inventory_hostname
+    vars:
+      - name: ansible_host
+      - name: ansible_zone_host
+"""

 import os
 import os.path
@@ -62,14 +61,14 @@ class Connection(ConnectionBase):
        self.zlogin_cmd = to_bytes(self._search_executable('zlogin'))

        if self.zone not in self.list_zones():
-            raise AnsibleError("incorrect zone name %s" % self.zone)
+            raise AnsibleError(f"incorrect zone name {self.zone}")

    @staticmethod
    def _search_executable(executable):
        try:
            return get_bin_path(executable)
        except ValueError:
-            raise AnsibleError("%s command not found in PATH" % executable)
+            raise AnsibleError(f"{executable} command not found in PATH")

    def list_zones(self):
        process = subprocess.Popen([self.zoneadm_cmd, 'list', '-ip'],
@@ -94,7 +93,7 @@ class Connection(ConnectionBase):

        # stdout, stderr = p.communicate()
        path = process.stdout.readlines()[0].split(':')[3]
-        return path + '/root'
+        return f"{path}/root"

    def _connect(self):
        """ connect to the zone; nothing to do here """
@@ -117,7 +116,7 @@ class Connection(ConnectionBase):
        local_cmd = [self.zlogin_cmd, self.zone, cmd]
        local_cmd = map(to_bytes, local_cmd)

-        display.vvv("EXEC %s" % (local_cmd), host=self.zone)
+        display.vvv(f"EXEC {local_cmd}", host=self.zone)
        p = subprocess.Popen(local_cmd, shell=False, stdin=stdin,
                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)

@@ -140,7 +139,7 @@ class Connection(ConnectionBase):
            exist in any given chroot.  So for now we're choosing "/" instead.
            This also happens to be the former default.

-            Can revisit using $HOME instead if it's a problem
+            Can revisit using $HOME instead if it is a problem
        """
        if not remote_path.startswith(os.path.sep):
            remote_path = os.path.join(os.path.sep, remote_path)
@@ -149,7 +148,7 @@ class Connection(ConnectionBase):
    def put_file(self, in_path, out_path):
        """ transfer a file from local to zone """
        super(Connection, self).put_file(in_path, out_path)
-        display.vvv("PUT %s TO %s" % (in_path, out_path), host=self.zone)
+        display.vvv(f"PUT {in_path} TO {out_path}", host=self.zone)

        out_path = shlex_quote(self._prefix_login_path(out_path))
        try:
@@ -159,27 +158,27 @@ class Connection(ConnectionBase):
                else:
                    count = ''
                try:
-                    p = self._buffered_exec_command('dd of=%s bs=%s%s' % (out_path, BUFSIZE, count), stdin=in_file)
+                    p = self._buffered_exec_command(f'dd of={out_path} bs={BUFSIZE}{count}', stdin=in_file)
                except OSError:
                    raise AnsibleError("jail connection requires dd command in the jail")
                try:
                    stdout, stderr = p.communicate()
                except Exception:
                    traceback.print_exc()
-                    raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
+                    raise AnsibleError(f"failed to transfer file {in_path} to {out_path}")
                if p.returncode != 0:
-                    raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
+                    raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}")
        except IOError:
-            raise AnsibleError("file or module does not exist at: %s" % in_path)
+            raise AnsibleError(f"file or module does not exist at: {in_path}")

    def fetch_file(self, in_path, out_path):
        """ fetch a file from zone to local """
        super(Connection, self).fetch_file(in_path, out_path)
-        display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self.zone)
+        display.vvv(f"FETCH {in_path} TO {out_path}", host=self.zone)

        in_path = shlex_quote(self._prefix_login_path(in_path))
        try:
-            p = self._buffered_exec_command('dd if=%s bs=%s' % (in_path, BUFSIZE))
+            p = self._buffered_exec_command(f'dd if={in_path} bs={BUFSIZE}')
        except OSError:
            raise AnsibleError("zone connection requires dd command in the zone")

@@ -191,10 +190,10 @@ class Connection(ConnectionBase):
                    chunk = p.stdout.read(BUFSIZE)
            except Exception:
                traceback.print_exc()
-                raise AnsibleError("failed to transfer file %s to %s" % (in_path, out_path))
+                raise AnsibleError(f"failed to transfer file {in_path} to {out_path}")
            stdout, stderr = p.communicate()
            if p.returncode != 0:
-                raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
+                raise AnsibleError(f"failed to transfer file {in_path} to {out_path}:\n{stdout}\n{stderr}")

    def close(self):
        """ terminate the connection; nothing to do here """
--- a/plugins/doc_fragments/alicloud.py
+++ b/plugins/doc_fragments/alicloud.py
@@ -11,75 +11,73 @@ __metaclass__ = type
 class ModuleDocFragment(object):

    # Alicloud only documentation fragment
-    DOCUMENTATION = r'''
+    DOCUMENTATION = r"""
 options:
  alicloud_access_key:
    description:
-      - Alibaba Cloud access key. If not set then the value of environment variable E(ALICLOUD_ACCESS_KEY),
-        E(ALICLOUD_ACCESS_KEY_ID) will be used instead.
+      - Alibaba Cloud access key. If not set then the value of environment variable E(ALICLOUD_ACCESS_KEY), E(ALICLOUD_ACCESS_KEY_ID)
+        will be used instead.
    aliases: ['access_key_id', 'access_key']
    type: str
  alicloud_secret_key:
    description:
-      - Alibaba Cloud secret key. If not set then the value of environment variable E(ALICLOUD_SECRET_KEY),
-        E(ALICLOUD_SECRET_ACCESS_KEY) will be used instead.
+      - Alibaba Cloud secret key. If not set then the value of environment variable E(ALICLOUD_SECRET_KEY), E(ALICLOUD_SECRET_ACCESS_KEY)
+        will be used instead.
    aliases: ['secret_access_key', 'secret_key']
    type: str
  alicloud_region:
    description:
-      - The Alibaba Cloud region to use. If not specified then the value of environment variable
-        E(ALICLOUD_REGION), E(ALICLOUD_REGION_ID) will be used instead.
+      - The Alibaba Cloud region to use. If not specified then the value of environment variable E(ALICLOUD_REGION), E(ALICLOUD_REGION_ID)
+        will be used instead.
    aliases: ['region', 'region_id']
    required: true
    type: str
  alicloud_security_token:
    description:
-      - The Alibaba Cloud security token. If not specified then the value of environment variable
-        E(ALICLOUD_SECURITY_TOKEN) will be used instead.
+      - The Alibaba Cloud security token. If not specified then the value of environment variable E(ALICLOUD_SECURITY_TOKEN)
+        will be used instead.
    aliases: ['security_token']
    type: str
  alicloud_assume_role:
    description:
      - If provided with a role ARN, Ansible will attempt to assume this role using the supplied credentials.
-      - The nested assume_role block supports C(alicloud_assume_role_arn), C(alicloud_assume_role_session_name),
-        C(alicloud_assume_role_session_expiration) and C(alicloud_assume_role_policy).
+      - The nested assume_role block supports C(alicloud_assume_role_arn), C(alicloud_assume_role_session_name), C(alicloud_assume_role_session_expiration)
+        and C(alicloud_assume_role_policy).
    type: dict
    aliases: ['assume_role']
  alicloud_assume_role_arn:
    description:
-      - The Alibaba Cloud C(role_arn). The ARN of the role to assume. If ARN is set to an empty string,
-        it does not perform role switching. It supports environment variable E(ALICLOUD_ASSUME_ROLE_ARN).
-        ansible will execute with provided credentials.
+      - The Alibaba Cloud C(role_arn). The ARN of the role to assume. If ARN is set to an empty string, it does not perform
+        role switching. It supports environment variable E(ALICLOUD_ASSUME_ROLE_ARN). ansible will execute with provided credentials.
    aliases: ['assume_role_arn']
    type: str
  alicloud_assume_role_session_name:
    description:
-      - The Alibaba Cloud session_name. The session name to use when assuming the role. If omitted,
-        'ansible' is passed to the AssumeRole call as session name. It supports environment variable
-        E(ALICLOUD_ASSUME_ROLE_SESSION_NAME).
+      - The Alibaba Cloud session_name. The session name to use when assuming the role. If omitted, 'ansible' is passed to
+        the AssumeRole call as session name. It supports environment variable E(ALICLOUD_ASSUME_ROLE_SESSION_NAME).
    aliases: ['assume_role_session_name']
    type: str
  alicloud_assume_role_session_expiration:
    description:
-      - The Alibaba Cloud C(session_expiration). The time after which the established session for assuming
-        role expires. Valid value range 900-3600 seconds. Default to 3600 (in this case Alicloud use own default
-        value). It supports environment variable E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION).
+      - The Alibaba Cloud C(session_expiration). The time after which the established session for assuming role expires. Valid
+        value range 900-3600 seconds. Default to 3600 (in this case Alicloud use own default value). It supports environment
+        variable E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION).
    aliases: ['assume_role_session_expiration']
    type: int
  ecs_role_name:
    description:
-      - The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control'
-        section of the Alibaba Cloud console.
-      - If you're running Ansible from an ECS instance with RAM Instance using RAM Role, Ansible will just access the
-        metadata U(http://100.100.100.200/latest/meta-data/ram/security-credentials/<ecs_role_name>) to obtain the STS
-        credential. This is a preferred approach over any other when running in ECS as you can avoid hard coding
-        credentials. Instead these are leased on-the-fly by Ansible which reduces the chance of leakage.
+      - The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section
+        of the Alibaba Cloud console.
+      - If you are running Ansible from an ECS instance with RAM Instance using RAM Role, Ansible will just access the metadata
+        U(http://100.100.100.200/latest/meta-data/ram/security-credentials/<ecs_role_name>) to obtain the STS credential.
+        This is a preferred approach over any other when running in ECS as you can avoid hard coding credentials. Instead
+        these are leased on-the-fly by Ansible which reduces the chance of leakage.
    aliases: ['role_name']
    type: str
  profile:
    description:
-      - This is the Alicloud profile name as set in the shared credentials file. It can also be sourced from the
-        E(ALICLOUD_PROFILE) environment variable.
+      - This is the Alicloud profile name as set in the shared credentials file. It can also be sourced from the E(ALICLOUD_PROFILE)
+        environment variable.
    type: str
  shared_credentials_file:
    description:
@@ -88,22 +86,14 @@ options:
      - If this is not set and a profile is specified, C(~/.aliyun/config.json) will be used.
    type: str
 author:
-    - "He Guimin (@xiaozhu36)"
+  - "He Guimin (@xiaozhu36)"
 requirements:
-    - "Python >= 3.6"
+  - "Python >= 3.6"
 notes:
-  - If parameters are not set within the module, the following
-    environment variables can be used in decreasing order of precedence
-    E(ALICLOUD_ACCESS_KEY) or E(ALICLOUD_ACCESS_KEY_ID),
-    E(ALICLOUD_SECRET_KEY) or E(ALICLOUD_SECRET_ACCESS_KEY),
-    E(ALICLOUD_REGION) or E(ALICLOUD_REGION_ID),
-    E(ALICLOUD_SECURITY_TOKEN),
-    E(ALICLOUD_ECS_ROLE_NAME),
-    E(ALICLOUD_SHARED_CREDENTIALS_FILE),
-    E(ALICLOUD_PROFILE),
-    E(ALICLOUD_ASSUME_ROLE_ARN),
-    E(ALICLOUD_ASSUME_ROLE_SESSION_NAME),
-    E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION).
-  - E(ALICLOUD_REGION) or E(ALICLOUD_REGION_ID) can be typically be used to specify the
-    Alicloud region, when required, but this can also be configured in the footmark config file
-'''
+  - If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence
+    E(ALICLOUD_ACCESS_KEY) or E(ALICLOUD_ACCESS_KEY_ID), E(ALICLOUD_SECRET_KEY) or E(ALICLOUD_SECRET_ACCESS_KEY), E(ALICLOUD_REGION)
+    or E(ALICLOUD_REGION_ID), E(ALICLOUD_SECURITY_TOKEN), E(ALICLOUD_ECS_ROLE_NAME), E(ALICLOUD_SHARED_CREDENTIALS_FILE),
+    E(ALICLOUD_PROFILE), E(ALICLOUD_ASSUME_ROLE_ARN), E(ALICLOUD_ASSUME_ROLE_SESSION_NAME), E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION).
+  - E(ALICLOUD_REGION) or E(ALICLOUD_REGION_ID) can be typically be used to specify the Alicloud region, when required, but
+    this can also be configured in the footmark config file.
+"""
--- a/plugins/doc_fragments/attributes.py
+++ b/plugins/doc_fragments/attributes.py
@@ -11,83 +11,83 @@ __metaclass__ = type
 class ModuleDocFragment(object):

    # Standard documentation fragment
-    DOCUMENTATION = r'''
+    DOCUMENTATION = r"""
 options: {}
 attributes:
-    check_mode:
-      description: Can run in C(check_mode) and return changed status prediction without modifying target.
-    diff_mode:
-      description: Will return details on what has changed (or possibly needs changing in C(check_mode)), when in diff mode.
-'''
+  check_mode:
+    description: Can run in C(check_mode) and return changed status prediction without modifying target.
+  diff_mode:
+    description: Will return details on what has changed (or possibly needs changing in C(check_mode)), when in diff mode.
+"""

-    PLATFORM = r'''
+    PLATFORM = r"""
 options: {}
 attributes:
-    platform:
-      description: Target OS/families that can be operated against.
-      support: N/A
-'''
+  platform:
+    description: Target OS/families that can be operated against.
+    support: N/A
+"""

    # Should be used together with the standard fragment
    INFO_MODULE = r'''
 options: {}
 attributes:
-    check_mode:
-      support: full
-      details:
-        - This action does not modify state.
-    diff_mode:
-      support: N/A
-      details:
-        - This action does not modify state.
+  check_mode:
+    support: full
+    details:
+      - This action does not modify state.
+  diff_mode:
+    support: N/A
+    details:
+      - This action does not modify state.
 '''

-    CONN = r'''
+    CONN = r"""
 options: {}
 attributes:
-    become:
-      description: Is usable alongside C(become) keywords.
-    connection:
-      description: Uses the target's configured connection information to execute code on it.
-    delegation:
-      description: Can be used in conjunction with C(delegate_to) and related keywords.
-'''
+  become:
+    description: Is usable alongside C(become) keywords.
+  connection:
+    description: Uses the target's configured connection information to execute code on it.
+  delegation:
+    description: Can be used in conjunction with C(delegate_to) and related keywords.
+"""

-    FACTS = r'''
+    FACTS = r"""
 options: {}
 attributes:
-    facts:
-      description: Action returns an C(ansible_facts) dictionary that will update existing host facts.
-'''
+  facts:
+    description: Action returns an C(ansible_facts) dictionary that will update existing host facts.
+"""

    # Should be used together with the standard fragment and the FACTS fragment
    FACTS_MODULE = r'''
 options: {}
 attributes:
-    check_mode:
-      support: full
-      details:
-        - This action does not modify state.
-    diff_mode:
-      support: N/A
-      details:
-        - This action does not modify state.
-    facts:
-      support: full
+  check_mode:
+    support: full
+    details:
+      - This action does not modify state.
+  diff_mode:
+    support: N/A
+    details:
+      - This action does not modify state.
+  facts:
+    support: full
 '''

-    FILES = r'''
+    FILES = r"""
 options: {}
 attributes:
-    safe_file_operations:
-      description: Uses Ansible's strict file operation functions to ensure proper permissions and avoid data corruption.
-'''
+  safe_file_operations:
+    description: Uses Ansible's strict file operation functions to ensure proper permissions and avoid data corruption.
+"""

-    FLOW = r'''
+    FLOW = r"""
 options: {}
 attributes:
-    action:
-      description: Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller.
-    async:
-      description: Supports being used with the C(async) keyword.
-'''
+  action:
+    description: Indicates this has a corresponding action plugin so some parts of the options can be executed on the controller.
+  async:
+    description: Supports being used with the C(async) keyword.
+"""
--- a/plugins/doc_fragments/auth_basic.py
+++ b/plugins/doc_fragments/auth_basic.py
@@ -10,7 +10,7 @@ __metaclass__ = type
 class ModuleDocFragment(object):

    # Standard files documentation fragment
-    DOCUMENTATION = r'''
+    DOCUMENTATION = r"""
 options:
  api_url:
    description:
@@ -29,4 +29,4 @@ options:
      - Whether or not to validate SSL certs when supplying a HTTPS endpoint.
    type: bool
    default: true
-'''
+"""
--- a/plugins/doc_fragments/bitbucket.py
+++ b/plugins/doc_fragments/bitbucket.py
@@ -11,7 +11,7 @@ __metaclass__ = type
 class ModuleDocFragment(object):

    # Standard documentation fragment
-    DOCUMENTATION = r'''
+    DOCUMENTATION = r"""
 options:
  client_id:
    description:
@@ -30,7 +30,7 @@ options:
      - O(ignore:username) is an alias of O(user) since community.general 6.0.0. It was an alias of O(workspace) before.
    type: str
    version_added: 4.0.0
-    aliases: [ username ]
+    aliases: [username]
  password:
    description:
      - The App password.
@@ -41,4 +41,4 @@ notes:
  - Bitbucket OAuth consumer key and secret can be obtained from Bitbucket profile -> Settings -> Access Management -> OAuth.
  - Bitbucket App password can be created from Bitbucket profile -> Personal Settings -> App passwords.
  - If both OAuth and Basic Auth credentials are passed, OAuth credentials take precedence.
-'''
+"""
--- a/plugins/doc_fragments/clc.py
+++ b/plugins/doc_fragments/clc.py
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2024, Alexei Znamensky <russoz@gmail.com>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+    # Standard documentation fragment
+    DOCUMENTATION = r"""
+options: {}
+requirements:
+  - requests >= 2.5.0
+  - clc-sdk
+notes:
+  - To use this module, it is required to set the below environment variables which enables access to the Centurylink Cloud.
+  - E(CLC_V2_API_USERNAME), the account login ID for the Centurylink Cloud.
+  - E(CLC_V2_API_PASSWORD), the account password for the Centurylink Cloud.
+  - Alternatively, the module accepts the API token and account alias. The API token can be generated using the CLC account
+    login and password using the HTTP API call @ U(https://api.ctl.io/v2/authentication/login).
+  - E(CLC_V2_API_TOKEN), the API token generated from U(https://api.ctl.io/v2/authentication/login).
+  - E(CLC_ACCT_ALIAS), the account alias associated with the Centurylink Cloud.
+  - Users can set E(CLC_V2_API_URL) to specify an endpoint for pointing to a different CLC environment.
+"""
--- a/Show More
+++ b/Show More