Release 8.1.0.

Change tab to space in SSHFP requests (#7653)

* Change tab to space in SSHFP requests

Cloudflare uses space and not tab when you search for SSHFP records

Cloudflare changes fingerprint to uppercase

Create 7653-fix-cloudflare-lookup.yml

* Update changelog fragment.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 3d0da92784)

Co-authored-by: Kalle Møller <git@k-moeller.dk>

.azure-pipelines/README.md

@@ -1,3 +1,9 @@
+<!--
 Copyright (c) Ansible Project
 GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+## Azure Pipelines Configuration
+
+Please see the [Documentation](https://github.com/ansible/community/wiki/Testing:-Azure-Pipelines) for more information.

.azure-pipelines/azure-pipelines.yml

@@ -0,0 +1,421 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+trigger:
+  batch: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+pr:
+  autoCancel: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+schedules:
+  - cron: 0 8 * * *
+    displayName: Nightly (main)
+    always: true
+    branches:
+      include:
+        - main
+  - cron: 0 10 * * *
+    displayName: Nightly (active stable branches)
+    always: true
+    branches:
+      include:
+        - stable-8
+        - stable-7
+  - cron: 0 11 * * 0
+    displayName: Weekly (old stable branches)
+    always: true
+    branches:
+      include:
+        - stable-6
+
+variables:
+  - name: checkoutPath
+    value: ansible_collections/community/general
+  - name: coverageBranches
+    value: main
+  - name: pipelinesCoverage
+    value: coverage
+  - name: entryPoint
+    value: tests/utils/shippable/shippable.sh
+  - name: fetchDepth
+    value: 0
+
+resources:
+  containers:
+    - container: default
+      image: quay.io/ansible/azure-pipelines-test-container:4.0.1
+
+pool: Standard
+
+stages:
+### Sanity
+  - stage: Sanity_devel
+    displayName: Sanity devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: devel/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+            - test: extra
+  - stage: Sanity_2_16
+    displayName: Sanity 2.16
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.16/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+  - stage: Sanity_2_15
+    displayName: Sanity 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.15/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+  - stage: Sanity_2_14
+    displayName: Sanity 2.14
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Test {0}
+          testFormat: 2.14/sanity/{0}
+          targets:
+            - test: 1
+            - test: 2
+            - test: 3
+            - test: 4
+### Units
+  - stage: Units_devel
+    displayName: Units devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: devel/units/{0}/1
+          targets:
+            - test: 3.7
+            - test: 3.8
+            - test: 3.9
+            - test: '3.10'
+            - test: '3.11'
+            - test: '3.12'
+  - stage: Units_2_16
+    displayName: Units 2.16
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.16/units/{0}/1
+          targets:
+            - test: 2.7
+            - test: 3.6
+            - test: "3.11"
+  - stage: Units_2_15
+    displayName: Units 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.15/units/{0}/1
+          targets:
+            - test: 3.5
+            - test: "3.10"
+  - stage: Units_2_14
+    displayName: Units 2.14
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.14/units/{0}/1
+          targets:
+            - test: 3.9
+
+## Remote
+  - stage: Remote_devel_extra_vms
+    displayName: Remote devel extra VMs
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/{0}
+          targets:
+            - name: Alpine 3.18
+              test: alpine/3.18
+            # - name: Fedora 39
+            #   test: fedora/39
+            - name: Ubuntu 22.04
+              test: ubuntu/22.04
+          groups:
+            - vm
+  - stage: Remote_devel
+    displayName: Remote devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/{0}
+          targets:
+            - name: macOS 13.2
+              test: macos/13.2
+            - name: RHEL 9.3
+              test: rhel/9.3
+            - name: FreeBSD 13.2
+              test: freebsd/13.2
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Remote_2_16
+    displayName: Remote 2.16
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.16/{0}
+          targets:
+            #- name: macOS 13.2
+            #  test: macos/13.2
+            - name: RHEL 9.2
+              test: rhel/9.2
+            - name: RHEL 8.8
+              test: rhel/8.8
+            #- name: FreeBSD 13.2
+            #  test: freebsd/13.2
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Remote_2_15
+    displayName: Remote 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.15/{0}
+          targets:
+            - name: RHEL 9.1
+              test: rhel/9.1
+            - name: RHEL 8.7
+              test: rhel/8.7
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: FreeBSD 13.1
+              test: freebsd/13.1
+            - name: FreeBSD 12.4
+              test: freebsd/12.4
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Remote_2_14
+    displayName: Remote 2.14
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.14/{0}
+          targets:
+            #- name: macOS 12.0
+            #  test: macos/12.0
+            - name: RHEL 9.0
+              test: rhel/9.0
+            #- name: FreeBSD 12.4
+            #  test: freebsd/12.4
+          groups:
+            - 1
+            - 2
+            - 3
+
+### Docker
+  - stage: Docker_devel
+    displayName: Docker devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/linux/{0}
+          targets:
+            - name: Fedora 39
+              test: fedora39
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Alpine 3
+              test: alpine3
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Docker_2_16
+    displayName: Docker 2.16
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.16/linux/{0}
+          targets:
+            - name: Fedora 38
+              test: fedora38
+            - name: openSUSE 15
+              test: opensuse15
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Docker_2_15
+    displayName: Docker 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.15/linux/{0}
+          targets:
+            - name: Fedora 37
+              test: fedora37
+            - name: CentOS 7
+              test: centos7
+          groups:
+            - 1
+            - 2
+            - 3
+  - stage: Docker_2_14
+    displayName: Docker 2.14
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.14/linux/{0}
+          targets:
+            - name: Alpine 3
+              test: alpine3
+          groups:
+            - 1
+            - 2
+            - 3
+
+### Community Docker
+  - stage: Docker_community_devel
+    displayName: Docker (community images) devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/linux-community/{0}
+          targets:
+            - name: Debian Bullseye
+              test: debian-bullseye/3.9
+            - name: Debian Bookworm
+              test: debian-bookworm/3.11
+            - name: ArchLinux
+              test: archlinux/3.11
+          groups:
+            - 1
+            - 2
+            - 3
+
+### Generic
+  - stage: Generic_devel
+    displayName: Generic devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: devel/generic/{0}/1
+          targets:
+            - test: '3.7'
+            - test: '3.12'
+  - stage: Generic_2_16
+    displayName: Generic 2.16
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.16/generic/{0}/1
+          targets:
+            - test: '2.7'
+            - test: '3.6'
+            - test: '3.11'
+  - stage: Generic_2_15
+    displayName: Generic 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.15/generic/{0}/1
+          targets:
+            - test: '3.9'
+  - stage: Generic_2_14
+    displayName: Generic 2.14
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: Python {0}
+          testFormat: 2.14/generic/{0}/1
+          targets:
+            - test: '3.10'
+
+  - stage: Summary
+    condition: succeededOrFailed()
+    dependsOn:
+      - Sanity_devel
+      - Sanity_2_16
+      - Sanity_2_15
+      - Sanity_2_14
+      - Units_devel
+      - Units_2_16
+      - Units_2_15
+      - Units_2_14
+      - Remote_devel_extra_vms
+      - Remote_devel
+      - Remote_2_16
+      - Remote_2_15
+      - Remote_2_14
+      - Docker_devel
+      - Docker_2_16
+      - Docker_2_15
+      - Docker_2_14
+      - Docker_community_devel
+# Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
+#      - Generic_devel
+#      - Generic_2_16
+#      - Generic_2_15
+#      - Generic_2_14
+    jobs:
+      - template: templates/coverage.yml

.azure-pipelines/scripts/aggregate-coverage.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Aggregate code coverage results for later processing.
+
+set -o pipefail -eu
+
+agent_temp_directory="$1"
+
+PATH="${PWD}/bin:${PATH}"
+
+mkdir "${agent_temp_directory}/coverage/"
+
+options=(--venv --venv-system-site-packages --color -v)
+
+ansible-test coverage combine --group-by command --export "${agent_temp_directory}/coverage/" "${options[@]}"
+
+if ansible-test coverage analyze targets generate --help >/dev/null 2>&1; then
+    # Only analyze coverage if the installed version of ansible-test supports it.
+    # Doing so allows this script to work unmodified for multiple Ansible versions.
+    ansible-test coverage analyze targets generate "${agent_temp_directory}/coverage/coverage-analyze-targets.json" "${options[@]}"
+fi

.azure-pipelines/scripts/combine-coverage.py

@@ -0,0 +1,64 @@
+#!/usr/bin/env python
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""
+Combine coverage data from multiple jobs, keeping the data only from the most recent attempt from each job.
+Coverage artifacts must be named using the format: "Coverage $(System.JobAttempt) {StableUniqueNameForEachJob}"
+The recommended coverage artifact name format is: Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)
+Keep in mind that Azure Pipelines does not enforce unique job display names (only names).
+It is up to pipeline authors to avoid name collisions when deviating from the recommended format.
+"""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import re
+import shutil
+import sys
+
+
+def main():
+    """Main program entry point."""
+    source_directory = sys.argv[1]
+
+    if '/ansible_collections/' in os.getcwd():
+        output_path = "tests/output"
+    else:
+        output_path = "test/results"
+
+    destination_directory = os.path.join(output_path, 'coverage')
+
+    if not os.path.exists(destination_directory):
+        os.makedirs(destination_directory)
+
+    jobs = {}
+    count = 0
+
+    for name in os.listdir(source_directory):
+        match = re.search('^Coverage (?P<attempt>[0-9]+) (?P<label>.+)$', name)
+        label = match.group('label')
+        attempt = int(match.group('attempt'))
+        jobs[label] = max(attempt, jobs.get(label, 0))
+
+    for label, attempt in jobs.items():
+        name = 'Coverage {attempt} {label}'.format(label=label, attempt=attempt)
+        source = os.path.join(source_directory, name)
+        source_files = os.listdir(source)
+
+        for source_file in source_files:
+            source_path = os.path.join(source, source_file)
+            destination_path = os.path.join(destination_directory, source_file + '.' + label)
+            print('"%s" -> "%s"' % (source_path, destination_path))
+            shutil.copyfile(source_path, destination_path)
+            count += 1
+
+    print('Coverage file count: %d' % count)
+    print('##vso[task.setVariable variable=coverageFileCount]%d' % count)
+    print('##vso[task.setVariable variable=outputPath]%s' % output_path)
+
+
+if __name__ == '__main__':
+    main()

.azure-pipelines/scripts/process-results.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Check the test results and set variables for use in later steps.
+
+set -o pipefail -eu
+
+if [[ "$PWD" =~ /ansible_collections/ ]]; then
+    output_path="tests/output"
+else
+    output_path="test/results"
+fi
+
+echo "##vso[task.setVariable variable=outputPath]${output_path}"
+
+if compgen -G "${output_path}"'/junit/*.xml' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveTestResults]true"
+fi
+
+if compgen -G "${output_path}"'/bot/ansible-test-*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveBotResults]true"
+fi
+
+if compgen -G "${output_path}"'/coverage/*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveCoverageData]true"
+fi

.azure-pipelines/scripts/publish-codecov.py

@@ -0,0 +1,105 @@
+#!/usr/bin/env python
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""
+Upload code coverage reports to codecov.io.
+Multiple coverage files from multiple languages are accepted and aggregated after upload.
+Python coverage, as well as PowerShell and Python stubs can all be uploaded.
+"""
+
+import argparse
+import dataclasses
+import pathlib
+import shutil
+import subprocess
+import tempfile
+import typing as t
+import urllib.request
+
+
+@dataclasses.dataclass(frozen=True)
+class CoverageFile:
+    name: str
+    path: pathlib.Path
+    flags: t.List[str]
+
+
+@dataclasses.dataclass(frozen=True)
+class Args:
+    dry_run: bool
+    path: pathlib.Path
+
+
+def parse_args() -> Args:
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-n', '--dry-run', action='store_true')
+    parser.add_argument('path', type=pathlib.Path)
+
+    args = parser.parse_args()
+
+    # Store arguments in a typed dataclass
+    fields = dataclasses.fields(Args)
+    kwargs = {field.name: getattr(args, field.name) for field in fields}
+
+    return Args(**kwargs)
+
+
+def process_files(directory: pathlib.Path) -> t.Tuple[CoverageFile, ...]:
+    processed = []
+    for file in directory.joinpath('reports').glob('coverage*.xml'):
+        name = file.stem.replace('coverage=', '')
+
+        # Get flags from name
+        flags = name.replace('-powershell', '').split('=')  # Drop '-powershell' suffix
+        flags = [flag if not flag.startswith('stub') else flag.split('-')[0] for flag in flags]  # Remove "-01" from stub files
+
+        processed.append(CoverageFile(name, file, flags))
+
+    return tuple(processed)
+
+
+def upload_files(codecov_bin: pathlib.Path, files: t.Tuple[CoverageFile, ...], dry_run: bool = False) -> None:
+    for file in files:
+        cmd = [
+            str(codecov_bin),
+            '--name', file.name,
+            '--file', str(file.path),
+        ]
+        for flag in file.flags:
+            cmd.extend(['--flags', flag])
+
+        if dry_run:
+            print(f'DRY-RUN: Would run command: {cmd}')
+            continue
+
+        subprocess.run(cmd, check=True)
+
+
+def download_file(url: str, dest: pathlib.Path, flags: int, dry_run: bool = False) -> None:
+    if dry_run:
+        print(f'DRY-RUN: Would download {url} to {dest} and set mode to {flags:o}')
+        return
+
+    with urllib.request.urlopen(url) as resp:
+        with dest.open('w+b') as f:
+            # Read data in chunks rather than all at once
+            shutil.copyfileobj(resp, f, 64 * 1024)
+
+    dest.chmod(flags)
+
+
+def main():
+    args = parse_args()
+    url = 'https://ansible-ci-files.s3.amazonaws.com/codecov/linux/codecov'
+    with tempfile.TemporaryDirectory(prefix='codecov-') as tmpdir:
+        codecov_bin = pathlib.Path(tmpdir) / 'codecov'
+        download_file(url, codecov_bin, 0o755, args.dry_run)
+
+        files = process_files(args.path)
+        upload_files(codecov_bin, files, args.dry_run)
+
+
+if __name__ == '__main__':
+    main()

.azure-pipelines/scripts/report-coverage.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Generate code coverage reports for uploading to Azure Pipelines and codecov.io.
+
+set -o pipefail -eu
+
+PATH="${PWD}/bin:${PATH}"
+
+if ! ansible-test --help >/dev/null 2>&1; then
+    # Install the devel version of ansible-test for generating code coverage reports.
+    # This is only used by Ansible Collections, which are typically tested against multiple Ansible versions (in separate jobs).
+    # Since a version of ansible-test is required that can work the output from multiple older releases, the devel version is used.
+    pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
+fi
+
+ansible-test coverage xml --group-by command --stub --venv --venv-system-site-packages --color -v

.azure-pipelines/scripts/run-tests.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Configure the test environment and run the tests.
+
+set -o pipefail -eu
+
+entry_point="$1"
+test="$2"
+read -r -a coverage_branches <<< "$3"  # space separated list of branches to run code coverage on for scheduled builds
+
+export COMMIT_MESSAGE
+export COMPLETE
+export COVERAGE
+export IS_PULL_REQUEST
+
+if [ "${SYSTEM_PULLREQUEST_TARGETBRANCH:-}" ]; then
+    IS_PULL_REQUEST=true
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD^2)
+else
+    IS_PULL_REQUEST=
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
+fi
+
+COMPLETE=
+COVERAGE=
+
+if [ "${BUILD_REASON}" = "Schedule" ]; then
+    COMPLETE=yes
+
+    if printf '%s\n' "${coverage_branches[@]}" | grep -q "^${BUILD_SOURCEBRANCHNAME}$"; then
+        COVERAGE=yes
+    fi
+fi
+
+"${entry_point}" "${test}" 2>&1 | "$(dirname "$0")/time-command.py"

.azure-pipelines/scripts/time-command.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""Prepends a relative timestamp to each input line from stdin and writes it to stdout."""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import sys
+import time
+
+
+def main():
+    """Main program entry point."""
+    start = time.time()
+
+    sys.stdin.reconfigure(errors='surrogateescape')
+    sys.stdout.reconfigure(errors='surrogateescape')
+
+    for line in sys.stdin:
+        seconds = time.time() - start
+        sys.stdout.write('%02d:%02d %s' % (seconds // 60, seconds % 60, line))
+        sys.stdout.flush()
+
+
+if __name__ == '__main__':
+    main()

.azure-pipelines/templates/coverage.yml

@@ -0,0 +1,44 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# This template adds a job for processing code coverage data.
+# It will upload results to Azure Pipelines and codecov.io.
+# Use it from a job stage that completes after all other jobs have completed.
+# This can be done by placing it in a separate summary stage that runs after the test stage(s) have completed.
+
+jobs:
+  - job: Coverage
+    displayName: Code Coverage
+    container: default
+    workspace:
+      clean: all
+    steps:
+      - checkout: self
+        fetchDepth: $(fetchDepth)
+        path: $(checkoutPath)
+      - task: DownloadPipelineArtifact@2
+        displayName: Download Coverage Data
+        inputs:
+          path: coverage/
+          patterns: "Coverage */*=coverage.combined"
+      - bash: .azure-pipelines/scripts/combine-coverage.py coverage/
+        displayName: Combine Coverage Data
+      - bash: .azure-pipelines/scripts/report-coverage.sh
+        displayName: Generate Coverage Report
+        condition: gt(variables.coverageFileCount, 0)
+      - task: PublishCodeCoverageResults@1
+        inputs:
+          codeCoverageTool: Cobertura
+          # Azure Pipelines only accepts a single coverage data file.
+          # That means only Python or PowerShell coverage can be uploaded, but not both.
+          # Set the "pipelinesCoverage" variable to determine which type is uploaded.
+          # Use "coverage" for Python and "coverage-powershell" for PowerShell.
+          summaryFileLocation: "$(outputPath)/reports/$(pipelinesCoverage).xml"
+        displayName: Publish to Azure Pipelines
+        condition: gt(variables.coverageFileCount, 0)
+      - bash: .azure-pipelines/scripts/publish-codecov.py "$(outputPath)"
+        displayName: Publish to codecov.io
+        condition: gt(variables.coverageFileCount, 0)
+        continueOnError: true

.azure-pipelines/templates/matrix.yml

@@ -0,0 +1,60 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# This template uses the provided targets and optional groups to generate a matrix which is then passed to the test template.
+# If this matrix template does not provide the required functionality, consider using the test template directly instead.
+
+parameters:
+  # A required list of dictionaries, one per test target.
+  # Each item in the list must contain a "test" or "name" key.
+  # Both may be provided. If one is omitted, the other will be used.
+  - name: targets
+    type: object
+
+  # An optional list of values which will be used to multiply the targets list into a matrix.
+  # Values can be strings or numbers.
+  - name: groups
+    type: object
+    default: []
+
+  # An optional format string used to generate the job name.
+  # - {0} is the name of an item in the targets list.
+  - name: nameFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to generate the test name.
+  # - {0} is the name of an item in the targets list.
+  - name: testFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to add the group to the job name.
+  # {0} is the formatted name of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: nameGroupFormat
+    type: string
+    default: "{0} - {{1}}"
+
+  # An optional format string used to add the group to the test name.
+  # {0} is the formatted test of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: testGroupFormat
+    type: string
+    default: "{0}/{{1}}"
+
+jobs:
+  - template: test.yml
+    parameters:
+      jobs:
+        - ${{ if eq(length(parameters.groups), 0) }}:
+          - ${{ each target in parameters.targets }}:
+            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
+              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
+        - ${{ if not(eq(length(parameters.groups), 0)) }}:
+          - ${{ each group in parameters.groups }}:
+            - ${{ each target in parameters.targets }}:
+              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
+                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}

.azure-pipelines/templates/test.yml

@@ -0,0 +1,50 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# This template uses the provided list of jobs to create test one or more test jobs.
+# It can be used directly if needed, or through the matrix template.
+
+parameters:
+  # A required list of dictionaries, one per test job.
+  # Each item in the list must contain a "job" and "name" key.
+  - name: jobs
+    type: object
+
+jobs:
+  - ${{ each job in parameters.jobs }}:
+    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
+      displayName: ${{ job.name }}
+      container: default
+      workspace:
+        clean: all
+      steps:
+        - checkout: self
+          fetchDepth: $(fetchDepth)
+          path: $(checkoutPath)
+        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
+          displayName: Run Tests
+        - bash: .azure-pipelines/scripts/process-results.sh
+          condition: succeededOrFailed()
+          displayName: Process Results
+        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Aggregate Coverage Data
+        - task: PublishTestResults@2
+          condition: eq(variables.haveTestResults, 'true')
+          inputs:
+            testResultsFiles: "$(outputPath)/junit/*.xml"
+          displayName: Publish Test Results
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveBotResults, 'true')
+          displayName: Publish Bot Results
+          inputs:
+            targetPath: "$(outputPath)/bot/"
+            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Publish Coverage Data
+          inputs:
+            targetPath: "$(Agent.TempDirectory)/coverage/"
+            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"

.github/BOTMETA.yml

@@ -119,7 +119,7 @@ files:
     labels: hwc
     maintainers: $team_huawei
   $doc_fragments/nomad.py:
-    maintainers: chris93111
+    maintainers: chris93111 apecnascimento
   $doc_fragments/xenserver.py:
     labels: xenserver
     maintainers: bvitnik
@@ -497,6 +497,9 @@ files:
   $modules/facter.py:
     labels: facter
     maintainers: $team_ansible_core gamethis
+  $modules/facter_facts.py:
+    labels: facter
+    maintainers: russoz $team_ansible_core gamethis
   $modules/filesize.py:
     maintainers: quidame
   $modules/filesystem.py:
@@ -523,6 +526,8 @@ files:
     maintainers: russoz
   $modules/git_config.py:
     maintainers: djmattyg007 mgedmin
+  $modules/git_config_info.py:
+    maintainers: guenhter
   $modules/github_:
     maintainers: stpierre
   $modules/github_deploy_key.py:
@@ -544,6 +549,8 @@ files:
     ignore: dj-wasabi
   $modules/gitlab_branch.py:
     maintainers: paytroff
+  $modules/gitlab_issue.py:
+    maintainers: zvaraondrej
   $modules/gitlab_merge_request.py:
     maintainers: zvaraondrej
   $modules/gitlab_project_variable.py:
@@ -642,7 +649,6 @@ files:
     maintainers: bregman-arie
   $modules/ipa_:
     maintainers: $team_ipa
-    ignore: fxfitz
   $modules/ipbase_info.py:
     maintainers: dominikkukacka
   $modules/ipa_pwpolicy.py:
@@ -868,7 +874,7 @@ files:
   $modules/nmcli.py:
     maintainers: alcamie101
   $modules/nomad_:
-    maintainers: chris93111
+    maintainers: chris93111 apecnascimento
   $modules/nosh.py:
     maintainers: tacatac
   $modules/npm.py:
@@ -1395,10 +1401,10 @@ files:
     ignore: matze
     labels: zypper
     maintainers: $team_suse
-  $plugin_utils/unsafe.py:
-    maintainers: felixfontein
   $tests/a_module.py:
     maintainers: felixfontein
+  $tests/fqdn_valid.py:
+    maintainers: vbotka
 #########################
   tests/:
     labels: tests
@@ -1416,6 +1422,7 @@ macros:
   becomes: plugins/become
   caches: plugins/cache
   callbacks: plugins/callback
+  cliconfs: plugins/cliconf
   connections: plugins/connection
   doc_fragments: plugins/doc_fragments
   filters: plugins/filter
@@ -1423,7 +1430,7 @@ macros:
   lookups: plugins/lookup
   module_utils: plugins/module_utils
   modules: plugins/modules
-  plugin_utils: plugins/plugin_utils
+  terminals: plugins/terminal
   tests: plugins/test
   team_ansible_core:
   team_aix: MorrisA bcoca d-little flynn1973 gforster kairoaraujo marvin-sinister mator molekuul ramooncamacho wtcross
@@ -1435,7 +1442,7 @@ macros:
   team_gitlab: Lunik Shaps marwatk waheedi zanssa scodeman metanovii sh0shin nejch lgatellier suukit
   team_hpux: bcoca davx8342
   team_huawei: QijunPan TommyLike edisonxiang freesky-edward hwDCN niuzhenguo xuxiaowei0512 yanzhangi zengchen1024 zhongjun2
-  team_ipa: Akasurde Nosmoht justchris1
+  team_ipa: Akasurde Nosmoht fxfitz justchris1
   team_jboss: Wolfant jairojunior wbrefvem
   team_keycloak: eikef ndclt mattock
   team_linode: InTheCloudDan decentral1se displague rmcintosh Charliekenney23 LBGarber

.github/workflows/ansible-test.yml

@@ -0,0 +1,181 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# For the comprehensive list of the inputs supported by the ansible-community/ansible-test-gh-action GitHub Action, see
+# https://github.com/marketplace/actions/ansible-test
+
+name: EOL CI
+on:
+  # Run EOL CI against all pushes (direct commits, also merged PRs), Pull Requests
+  push:
+    branches:
+      - main
+      - stable-*
+  pull_request:
+  # Run EOL CI once per day (at 08:00 UTC)
+  schedule:
+    - cron: '0 8 * * *'
+
+concurrency:
+  # Make sure there is at most one active run per PR, but do not cancel any non-PR runs
+  group: ${{ github.workflow }}-${{ (github.head_ref && github.event.number) || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  sanity:
+    name: EOL Sanity (Ⓐ${{ matrix.ansible }})
+    strategy:
+      matrix:
+        ansible:
+          - '2.13'
+    # Ansible-test on various stable branches does not yet work well with cgroups v2.
+    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
+    # image for these stable branches. The list of branches where this is necessary will
+    # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28
+    # for the latest list.
+    runs-on: ubuntu-latest
+    steps:
+      - name: Perform sanity testing
+        uses: felixfontein/ansible-test-gh-action@main
+        with:
+          ansible-core-version: stable-${{ matrix.ansible }}
+          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
+          pull-request-change-detection: 'true'
+          testing-type: sanity
+
+  units:
+    # Ansible-test on various stable branches does not yet work well with cgroups v2.
+    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
+    # image for these stable branches. The list of branches where this is necessary will
+    # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28
+    # for the latest list.
+    runs-on: ubuntu-latest
+    name: EOL Units (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
+    strategy:
+      # As soon as the first unit test fails, cancel the others to free up the CI queue
+      fail-fast: true
+      matrix:
+        ansible:
+          - ''
+        python:
+          - ''
+        exclude:
+          - ansible: ''
+        include:
+          - ansible: '2.13'
+            python: '2.7'
+          - ansible: '2.13'
+            python: '3.8'
+          - ansible: '2.13'
+            python: '2.7'
+          - ansible: '2.13'
+            python: '3.8'
+
+    steps:
+      - name: >-
+          Perform unit testing against
+          Ansible version ${{ matrix.ansible }}
+        uses: felixfontein/ansible-test-gh-action@main
+        with:
+          ansible-core-version: stable-${{ matrix.ansible }}
+          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
+          pre-test-cmd: >-
+            mkdir -p ../../ansible
+            ;
+            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools
+          pull-request-change-detection: 'true'
+          target-python-version: ${{ matrix.python }}
+          testing-type: units
+
+  integration:
+    # Ansible-test on various stable branches does not yet work well with cgroups v2.
+    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
+    # image for these stable branches. The list of branches where this is necessary will
+    # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28
+    # for the latest list.
+    runs-on: ubuntu-latest
+    name: EOL I (Ⓐ${{ matrix.ansible }}+${{ matrix.docker }}+py${{ matrix.python }}:${{ matrix.target }})
+    strategy:
+      fail-fast: false
+      matrix:
+        ansible:
+          - ''
+        docker:
+          - ''
+        python:
+          - ''
+        target:
+          - ''
+        exclude:
+          - ansible: ''
+        include:
+          # 2.13
+          - ansible: '2.13'
+            docker: fedora35
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.13'
+            docker: fedora35
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.13'
+            docker: fedora35
+            python: ''
+            target: azp/posix/3/
+          - ansible: '2.13'
+            docker: opensuse15py2
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.13'
+            docker: opensuse15py2
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.13'
+            docker: opensuse15py2
+            python: ''
+            target: azp/posix/3/
+          - ansible: '2.13'
+            docker: alpine3
+            python: ''
+            target: azp/posix/1/
+          - ansible: '2.13'
+            docker: alpine3
+            python: ''
+            target: azp/posix/2/
+          - ansible: '2.13'
+            docker: alpine3
+            python: ''
+            target: azp/posix/3/
+          # Right now all generic tests are disabled. Uncomment when at least one of them is re-enabled.
+          # - ansible: '2.13'
+          #   docker: default
+          #   python: '3.9'
+          #   target: azp/generic/1/
+
+    steps:
+      - name: >-
+          Perform integration testing against
+          Ansible version ${{ matrix.ansible }}
+          under Python ${{ matrix.python }}
+        uses: felixfontein/ansible-test-gh-action@main
+        with:
+          ansible-core-version: stable-${{ matrix.ansible }}
+          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
+          docker-image: ${{ matrix.docker }}
+          integration-continue-on-error: 'false'
+          integration-diff: 'false'
+          integration-retry-on-error: 'true'
+          pre-test-cmd: >-
+            mkdir -p ../../ansible
+            ;
+            git clone --depth=1 --single-branch https://github.com/ansible-collections/ansible.posix.git ../../ansible/posix
+            ;
+            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.crypto.git ../../community/crypto
+            ;
+            git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git ../../community/internal_test_tools
+          pull-request-change-detection: 'true'
+          target: ${{ matrix.target }}
+          target-python-version: ${{ matrix.python }}
+          testing-type: integration

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,36 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: "Code scanning - action"
+
+on:
+  schedule:
+    - cron: '26 19 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  CodeQL-Build:
+
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: python
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/reuse.yml

@@ -0,0 +1,35 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: Verify REUSE
+
+on:
+  push:
+    branches: [main]
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    branches: [main]
+  # Run CI once per day (at 07:30 UTC)
+  schedule:
+    - cron: '30 7 * * *'
+
+jobs:
+  check:
+    permissions:
+      contents: read
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || '' }}
+
+      - name: Install dependencies
+        run: |
+          pip install reuse
+
+      - name: Check REUSE compliance
+        run: |
+          reuse lint

CHANGELOG.md.license

@@ -1,3 +0,0 @@
-GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
-SPDX-License-Identifier: GPL-3.0-or-later
-SPDX-FileCopyrightText: Ansible Project

CONTRIBUTING.md

@@ -31,9 +31,7 @@ Also, consider taking up a valuable, reviewed, but abandoned pull request which
 * Try committing your changes with an informative but short commit message.
 * Do not squash your commits and force-push to your branch if not needed. Reviews of your pull request are much easier with individual commits to comprehend the pull request history. All commits of your pull request branch will be squashed into one commit by GitHub upon merge.
 * Do not add merge commits to your PR. The bot will complain and you will have to rebase ([instructions for rebasing](https://docs.ansible.com/ansible/latest/dev_guide/developing_rebasing.html)) to remove them before your PR can be merged. To avoid that git automatically does merges during pulls, you can configure it to do rebases instead by running `git config pull.rebase true` inside the repository checkout.
-* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/collection_development_process.html#creating-a-changelog-fragment).
-  * You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. (If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
-  * Please always include a link to the pull request itself, and if the PR is about an issue, also a link to the issue. Also make sure the fragment ends with a period, and begins with a lower-case letter after `-`. (Again, if you don't do this, we'll add suggestions to fix it, so don't worry too much :) )
+* Make sure your PR includes a [changelog fragment](https://docs.ansible.com/ansible/devel/community/development_process.html#creating-changelog-fragments). (You must not include a fragment for new modules or new plugins. Also you shouldn't include one for docs-only changes. If you're not sure, simply don't include one, we'll tell you whether one is needed or not :) )
 * Avoid reformatting unrelated parts of the codebase in your PR. These types of changes will likely be requested for reversion, create additional work for reviewers, and may cause approval to be delayed.
 
 You can also read [our Quick-start development guide](https://github.com/ansible/community-docs/blob/main/create_pr_quick_start_guide.rst).

README.md

@@ -6,10 +6,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 # Community General Collection
 
-[![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-7)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
+[![Build Status](https://dev.azure.com/ansible/community.general/_apis/build/status/CI?branchName=stable-8)](https://dev.azure.com/ansible/community.general/_build?definitionId=31)
 [![EOL CI](https://github.com/ansible-collections/community.general/workflows/EOL%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.general/actions)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.general)](https://codecov.io/gh/ansible-collections/community.general)
-[![REUSE status](https://api.reuse.software/badge/github.com/ansible-collections/community.general)](https://api.reuse.software/info/github.com/ansible-collections/community.general)
 
 This repository contains the `community.general` Ansible Collection. The collection is a part of the Ansible package and includes many modules and plugins supported by Ansible community which are not part of more specialized community collections.
 
@@ -25,9 +24,7 @@ If you encounter abusive behavior violating the [Ansible Code of Conduct](https:
 
 ## Tested with Ansible
 
-Tested with the current ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16, and ansible-core 2.17 releases. Ansible-core versions before 2.11.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
-
-Parts of this collection will not work with ansible-core 2.11 on Python 3.12+.
+Tested with the current ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, ansible-core 2.16 releases and the current development version of ansible-core. Ansible-core versions before 2.13.0 are not supported. This includes all ansible-base 2.10 and Ansible 2.9 releases.
 
 ## External requirements
 
@@ -74,13 +71,13 @@ We are actively accepting new contributors.
 
 All types of contributions are very welcome.
 
-You don't know how to start? Refer to our [contribution guide](https://github.com/ansible-collections/community.general/blob/stable-7/CONTRIBUTING.md)!
+You don't know how to start? Refer to our [contribution guide](https://github.com/ansible-collections/community.general/blob/main/CONTRIBUTING.md)!
 
-The current maintainers are listed in the [commit-rights.md](https://github.com/ansible-collections/community.general/blob/stable-7/commit-rights.md#people) file. If you have questions or need help, feel free to mention them in the proposals.
+The current maintainers are listed in the [commit-rights.md](https://github.com/ansible-collections/community.general/blob/main/commit-rights.md#people) file. If you have questions or need help, feel free to mention them in the proposals.
 
 You can find more information in the [developer guide for collections](https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#contributing-to-collections), and in the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).
 
-Also for some notes specific to this collection see [our CONTRIBUTING documentation](https://github.com/ansible-collections/community.general/blob/stable-7/CONTRIBUTING.md).
+Also for some notes specific to this collection see [our CONTRIBUTING documentation](https://github.com/ansible-collections/community.general/blob/main/CONTRIBUTING.md).
 
 ### Running tests
 
@@ -90,7 +87,7 @@ See [here](https://docs.ansible.com/ansible/devel/dev_guide/developing_collectio
 
 To learn how to maintain / become a maintainer of this collection, refer to:
 
-* [Committer guidelines](https://github.com/ansible-collections/community.general/blob/stable-7/commit-rights.md).
+* [Committer guidelines](https://github.com/ansible-collections/community.general/blob/main/commit-rights.md).
 * [Maintainer guidelines](https://github.com/ansible/community-docs/blob/main/maintaining.rst).
 
 It is necessary for maintainers of this collection to be subscribed to:
@@ -118,7 +115,7 @@ See the [Releasing guidelines](https://github.com/ansible/community-docs/blob/ma
 
 ## Release notes
 
-See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-7/CHANGELOG.md).
+See the [changelog](https://github.com/ansible-collections/community.general/blob/stable-8/CHANGELOG.rst).
 
 ## Roadmap
 
@@ -137,8 +134,8 @@ See [this issue](https://github.com/ansible-collections/community.general/issues
 
 This collection is primarily licensed and distributed as a whole under the GNU General Public License v3.0 or later.
 
-See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.general/blob/stable-7/COPYING) for the full text.
+See [LICENSES/GPL-3.0-or-later.txt](https://github.com/ansible-collections/community.general/blob/main/COPYING) for the full text.
 
-Parts of the collection are licensed under the [BSD 2-Clause license](https://github.com/ansible-collections/community.general/blob/stable-7/LICENSES/BSD-2-Clause.txt), the [MIT license](https://github.com/ansible-collections/community.general/blob/stable-7/LICENSES/MIT.txt), and the [PSF 2.0 license](https://github.com/ansible-collections/community.general/blob/stable-7/LICENSES/PSF-2.0.txt).
+Parts of the collection are licensed under the [BSD 2-Clause license](https://github.com/ansible-collections/community.general/blob/main/LICENSES/BSD-2-Clause.txt), the [MIT license](https://github.com/ansible-collections/community.general/blob/main/LICENSES/MIT.txt), and the [PSF 2.0 license](https://github.com/ansible-collections/community.general/blob/main/LICENSES/PSF-2.0.txt).
 
 All files have a machine readable `SDPX-License-Identifier:` comment denoting its respective license(s) or an equivalent entry in an accompanying `.license` file. Only changelog fragments (which will not be part of a release) are covered by a blanket statement in `.reuse/dep5`. This conforms to the [REUSE specification](https://reuse.software/spec/).

changelogs/config.yaml

@@ -12,31 +12,23 @@ mention_ancestor: true
 flatmap: true
 new_plugins_after_name: removed_features
 notesdir: fragments
-output_formats:
-  - md
-  - rst
 prelude_section_name: release_summary
 prelude_section_title: Release Summary
 sections:
-  - - major_changes
-    - Major Changes
-  - - minor_changes
-    - Minor Changes
-  - - breaking_changes
-    - Breaking Changes / Porting Guide
-  - - deprecated_features
-    - Deprecated Features
-  - - removed_features
-    - Removed Features (previously deprecated)
-  - - security_fixes
-    - Security Fixes
-  - - bugfixes
-    - Bugfixes
-  - - known_issues
-    - Known Issues
+- - major_changes
+  - Major Changes
+- - minor_changes
+  - Minor Changes
+- - breaking_changes
+  - Breaking Changes / Porting Guide
+- - deprecated_features
+  - Deprecated Features
+- - removed_features
+  - Removed Features (previously deprecated)
+- - security_fixes
+  - Security Fixes
+- - bugfixes
+  - Bugfixes
+- - known_issues
+  - Known Issues
 title: Community General
-trivial_section_name: trivial
-use_fqcn: true
-add_plugin_period: true
-changelog_nice_yaml: true
-changelog_sort: version

docs/docsite/links.yml

@@ -22,7 +22,6 @@ communication:
     - topic: General usage and support questions
       network: Libera
       channel: '#ansible'
-  forums:
-    - topic: Ansible Forum
-      # The following URL directly points to the "Get Help" section
-      url: https://forum.ansible.com/c/help/6/none
+  mailing_lists:
+    - topic: Ansible Project List
+      url: https://groups.google.com/g/ansible-project

galaxy.yml

@@ -5,17 +5,17 @@
 
 namespace: community
 name: general
-version: 7.5.9
+version: 8.1.0
 readme: README.md
 authors:
   - Ansible (https://github.com/ansible)
-description: null
+description: >-
+  The community.general collection is a part of the Ansible package and includes many modules and
+  plugins supported by Ansible community which are not part of more specialized community collections.
 license_file: COPYING
-tags: [community]
-# NOTE: No dependencies are expected to be added here
-# dependencies:
+tags:
+  - community
 repository: https://github.com/ansible-collections/community.general
 documentation: https://docs.ansible.com/ansible/latest/collections/community/general/
 homepage: https://github.com/ansible-collections/community.general
 issues: https://github.com/ansible-collections/community.general/issues
-#type: flatmap

meta/runtime.yml

@@ -3,7 +3,7 @@
 # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-requires_ansible: '>=2.11.0'
+requires_ansible: '>=2.13.0'
 plugin_routing:
   connection:
     docker:

plugins/callback/opentelemetry.py

@@ -350,8 +350,7 @@ class OpenTelemetrySource(object):
         if not disable_logs:
             # This will avoid populating span attributes to the logs
             span.add_event(task_data.dump, attributes={} if disable_attributes_in_logs else attributes)
-        # Close span always
-        span.end(end_time=host_data.finish)
+            span.end(end_time=host_data.finish)
 
     def set_span_attributes(self, span, attributes):
         """ update the span attributes with the given attributes if not None """
@@ -498,12 +497,6 @@ class CallbackModule(CallbackBase):
         # See https://github.com/open-telemetry/opentelemetry-specification/issues/740
         self.traceparent = self.get_option('traceparent')
 
-    def dump_results(self, result):
-        """ dump the results if disable_logs is not enabled """
-        if self.disable_logs:
-            return ""
-        return self._dump_results(result._result)
-
     def v2_playbook_on_start(self, playbook):
         self.ansible_playbook = basename(playbook._file_name)
 
@@ -553,7 +546,7 @@ class CallbackModule(CallbackBase):
             self.tasks_data,
             status,
             result,
-            self.dump_results(result)
+            self._dump_results(result._result)
         )
 
     def v2_runner_on_ok(self, result):
@@ -561,7 +554,7 @@ class CallbackModule(CallbackBase):
             self.tasks_data,
             'ok',
             result,
-            self.dump_results(result)
+            self._dump_results(result._result)
         )
 
     def v2_runner_on_skipped(self, result):
@@ -569,7 +562,7 @@ class CallbackModule(CallbackBase):
             self.tasks_data,
             'skipped',
             result,
-            self.dump_results(result)
+            self._dump_results(result._result)
         )
 
     def v2_playbook_on_include(self, included_file):

plugins/callback/say.py

@@ -18,8 +18,6 @@ DOCUMENTATION = '''
     short_description: notify using software speech synthesizer
     description:
       - This plugin will use the C(say) or C(espeak) program to "speak" about play events.
-    notes:
-      - In Ansible 2.8, this callback has been renamed from C(osx_say) into M(community.general.say).
 '''
 
 import platform

plugins/callback/selective.py

@@ -44,26 +44,17 @@ from ansible import constants as C
 from ansible.plugins.callback import CallbackBase
 from ansible.module_utils.common.text.converters import to_text
 
-try:
-    codeCodes = C.COLOR_CODES
-except AttributeError:
-    # This constant was moved to ansible.constants in
-    # https://github.com/ansible/ansible/commit/1202dd000f10b0e8959019484f1c3b3f9628fc67
-    # (will be included in ansible-core 2.11.0). For older Ansible/ansible-base versions,
-    # we include from the original location.
-    from ansible.utils.color import codeCodes
-
 
 DONT_COLORIZE = False
 COLORS = {
     'normal': '\033[0m',
-    'ok': '\033[{0}m'.format(codeCodes[C.COLOR_OK]),
+    'ok': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_OK]),
     'bold': '\033[1m',
     'not_so_bold': '\033[1m\033[34m',
-    'changed': '\033[{0}m'.format(codeCodes[C.COLOR_CHANGED]),
-    'failed': '\033[{0}m'.format(codeCodes[C.COLOR_ERROR]),
+    'changed': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_CHANGED]),
+    'failed': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_ERROR]),
     'endc': '\033[0m',
-    'skipped': '\033[{0}m'.format(codeCodes[C.COLOR_SKIP]),
+    'skipped': '\033[{0}m'.format(C.COLOR_CODES[C.COLOR_SKIP]),
 }
 
 

plugins/callback/slack.py

@@ -18,7 +18,6 @@ DOCUMENTATION = '''
     short_description: Sends play events to a Slack channel
     description:
         - This is an ansible callback plugin that sends status updates to a Slack channel during playbook execution.
-        - Before Ansible 2.4 only environment variables were available for configuring this plugin.
     options:
       webhook_url:
         required: true

plugins/callback/syslog_json.py

@@ -16,7 +16,6 @@ DOCUMENTATION = '''
     short_description: sends JSON events to syslog
     description:
       - This plugin logs ansible-playbook and ansible runs to a syslog server in JSON format.
-      - Before Ansible 2.9 only environment variables were available for configuration.
     options:
       server:
         description: Syslog server that will receive the event.

plugins/callback/yaml.py

@@ -19,16 +19,6 @@ DOCUMENTATION = '''
       - default_callback
     requirements:
       - set as stdout in configuration
-    seealso:
-      - plugin: ansible.builtin.default
-        plugin_type: callback
-        description: >
-          There is a parameter O(ansible.builtin.default#callback:result_format) in P(ansible.builtin.default#callback)
-          that allows you to change the output format to YAML.
-    notes:
-      - >
-        With ansible-core 2.13 or newer, you can instead specify V(yaml) for the parameter O(ansible.builtin.default#callback:result_format)
-        in P(ansible.builtin.default#callback).
 '''
 
 import yaml

plugins/connection/lxc.py

@@ -71,10 +71,11 @@ class Connection(ConnectionBase):
             msg = "lxc python bindings are not installed"
             raise errors.AnsibleError(msg)
 
-        if self.container:
+        container_name = self.get_option('remote_addr')
+        if self.container and self.container_name == container_name:
             return
 
-        self.container_name = self.get_option('remote_addr')
+        self.container_name = container_name
 
         self._display.vvv("THIS IS A LOCAL LXC DIR", host=self.container_name)
         self.container = _lxc.Container(self.container_name)

plugins/connection/lxd.py

@@ -10,13 +10,15 @@ __metaclass__ = type
 DOCUMENTATION = '''
     author: Matt Clay (@mattclay) <matt@mystile.com>
     name: lxd
-    short_description: Run tasks in LXD instances via C(lxc) CLI
+    short_description: Run tasks in lxc containers via lxc CLI
     description:
-        - Run commands or put/fetch files to an existing instance using C(lxc) CLI.
+        - Run commands or put/fetch files to an existing lxc container using lxc CLI
     options:
       remote_addr:
         description:
-            - Container identifier.
+            - Instance (container/VM) identifier.
+            - Since community.general 8.0.0, a FQDN can be provided; in that case, the first component (the part before C(.))
+              is used as the instance identifier.
         default: inventory_hostname
         vars:
             - name: inventory_hostname
@@ -24,7 +26,7 @@ DOCUMENTATION = '''
             - name: ansible_lxd_host
       executable:
         description:
-            - Shell to use for execution inside instance.
+            - shell to use for execution inside container
         default: /bin/sh
         vars:
             - name: ansible_executable
@@ -69,32 +71,38 @@ class Connection(ConnectionBase):
             raise AnsibleError("lxc command not found in PATH")
 
         if self._play_context.remote_user is not None and self._play_context.remote_user != 'root':
-            self._display.warning('lxd does not support remote_user, using default: root')
+            self._display.warning('lxd does not support remote_user, using container default: root')
+
+    def _host(self):
+        """ translate remote_addr to lxd (short) hostname """
+        return self.get_option("remote_addr").split(".", 1)[0]
 
     def _connect(self):
         """connect to lxd (nothing to do here) """
         super(Connection, self)._connect()
 
         if not self._connected:
-            self._display.vvv(u"ESTABLISH LXD CONNECTION FOR USER: root", host=self.get_option('remote_addr'))
+            self._display.vvv(u"ESTABLISH LXD CONNECTION FOR USER: root", host=self._host())
             self._connected = True
 
     def exec_command(self, cmd, in_data=None, sudoable=True):
         """ execute a command on the lxd host """
         super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
 
-        self._display.vvv(u"EXEC {0}".format(cmd), host=self.get_option('remote_addr'))
+        self._display.vvv(u"EXEC {0}".format(cmd), host=self._host())
 
         local_cmd = [self._lxc_cmd]
         if self.get_option("project"):
             local_cmd.extend(["--project", self.get_option("project")])
         local_cmd.extend([
             "exec",
-            "%s:%s" % (self.get_option("remote"), self.get_option("remote_addr")),
+            "%s:%s" % (self.get_option("remote"), self._host()),
             "--",
             self.get_option("executable"), "-c", cmd
         ])
 
+        self._display.vvvvv(u"EXEC {0}".format(local_cmd), host=self._host())
+
         local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
         in_data = to_bytes(in_data, errors='surrogate_or_strict', nonstring='passthru')
 
@@ -104,11 +112,13 @@ class Connection(ConnectionBase):
         stdout = to_text(stdout)
         stderr = to_text(stderr)
 
-        if stderr == "error: Container is not running.\n":
-            raise AnsibleConnectionFailure("container not running: %s" % self.get_option('remote_addr'))
+        self._display.vvvvv(u"EXEC lxc output: {0} {1}".format(stdout, stderr), host=self._host())
 
-        if stderr == "error: not found\n":
-            raise AnsibleConnectionFailure("container not found: %s" % self.get_option('remote_addr'))
+        if "is not running" in stderr:
+            raise AnsibleConnectionFailure("instance not running: %s" % self._host())
+
+        if stderr.strip() == "Error: Instance not found" or stderr.strip() == "error: not found":
+            raise AnsibleConnectionFailure("instance not found: %s" % self._host())
 
         return process.returncode, stdout, stderr
 
@@ -116,7 +126,7 @@ class Connection(ConnectionBase):
         """ put a file from local to lxd """
         super(Connection, self).put_file(in_path, out_path)
 
-        self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), host=self.get_option('remote_addr'))
+        self._display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), host=self._host())
 
         if not os.path.isfile(to_bytes(in_path, errors='surrogate_or_strict')):
             raise AnsibleFileNotFound("input path is not a file: %s" % in_path)
@@ -127,7 +137,7 @@ class Connection(ConnectionBase):
         local_cmd.extend([
             "file", "push",
             in_path,
-            "%s:%s/%s" % (self.get_option("remote"), self.get_option("remote_addr"), out_path)
+            "%s:%s/%s" % (self.get_option("remote"), self._host(), out_path)
         ])
 
         local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
@@ -139,14 +149,14 @@ class Connection(ConnectionBase):
         """ fetch a file from lxd to local """
         super(Connection, self).fetch_file(in_path, out_path)
 
-        self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), host=self.get_option('remote_addr'))
+        self._display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), host=self._host())
 
         local_cmd = [self._lxc_cmd]
         if self.get_option("project"):
             local_cmd.extend(["--project", self.get_option("project")])
         local_cmd.extend([
             "file", "pull",
-            "%s:%s/%s" % (self.get_option("remote"), self.get_option("remote_addr"), in_path),
+            "%s:%s/%s" % (self.get_option("remote"), self._host(), in_path),
             out_path
         ])
 

plugins/doc_fragments/alicloud.py

@@ -47,7 +47,7 @@ options:
     aliases: ['assume_role']
   alicloud_assume_role_arn:
     description:
-      - The Alibaba Cloud role_arn. The ARN of the role to assume. If ARN is set to an empty string,
+      - The Alibaba Cloud C(role_arn). The ARN of the role to assume. If ARN is set to an empty string,
         it does not perform role switching. It supports environment variable E(ALICLOUD_ASSUME_ROLE_ARN).
         ansible will execute with provided credentials.
     aliases: ['assume_role_arn']
@@ -61,7 +61,7 @@ options:
     type: str
   alicloud_assume_role_session_expiration:
     description:
-      - The Alibaba Cloud session_expiration. The time after which the established session for assuming
+      - The Alibaba Cloud C(session_expiration). The time after which the established session for assuming
         role expires. Valid value range 900-3600 seconds. Default to 3600 (in this case Alicloud use own default
         value). It supports environment variable E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION).
     aliases: ['assume_role_session_expiration']
@@ -85,12 +85,12 @@ options:
     description:
       - This is the path to the shared credentials file. It can also be sourced from the E(ALICLOUD_SHARED_CREDENTIALS_FILE)
         environment variable.
-      - If this is not set and a profile is specified,  ~/.aliyun/config.json will be used.
+      - If this is not set and a profile is specified, C(~/.aliyun/config.json) will be used.
     type: str
 author:
     - "He Guimin (@xiaozhu36)"
 requirements:
-    - "python >= 3.6"
+    - "Python >= 3.6"
 notes:
   - If parameters are not set within the module, the following
     environment variables can be used in decreasing order of precedence
@@ -103,7 +103,7 @@ notes:
     E(ALICLOUD_PROFILE),
     E(ALICLOUD_ASSUME_ROLE_ARN),
     E(ALICLOUD_ASSUME_ROLE_SESSION_NAME),
-    E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION),
+    E(ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION).
   - E(ALICLOUD_REGION) or E(ALICLOUD_REGION_ID) can be typically be used to specify the
-    ALICLOUD region, when required, but this can also be configured in the footmark config file
+    Alicloud region, when required, but this can also be configured in the footmark config file
 '''

plugins/doc_fragments/auth_basic.py

@@ -14,19 +14,19 @@ class ModuleDocFragment(object):
 options:
   api_url:
     description:
-      - The resolvable endpoint for the API
+      - The resolvable endpoint for the API.
     type: str
   api_username:
     description:
-      - The username to use for authentication against the API
+      - The username to use for authentication against the API.
     type: str
   api_password:
     description:
-      - The password to use for authentication against the API
+      - The password to use for authentication against the API.
     type: str
   validate_certs:
     description:
-      - Whether or not to validate SSL certs when supplying a https endpoint.
+      - Whether or not to validate SSL certs when supplying a HTTPS endpoint.
     type: bool
     default: true
 '''

plugins/doc_fragments/dimensiondata.py

@@ -20,10 +20,10 @@ options:
   region:
     description:
       - The target region.
-      - Regions are defined in Apache libcloud project [libcloud/common/dimensiondata.py]
-      - They are also listed in U(https://libcloud.readthedocs.io/en/latest/compute/drivers/dimensiondata.html)
-      - Note that the default value "na" stands for "North America".
-      - The module prepends 'dd-' to the region choice.
+      - Regions are defined in Apache libcloud project [libcloud/common/dimensiondata.py].
+      - They are also listed in U(https://libcloud.readthedocs.io/en/latest/compute/drivers/dimensiondata.html).
+      - Note that the default value C(na) stands for "North America".
+      - The module prepends C(dd-) to the region choice.
     type: str
     default: na
   mcp_user:

plugins/doc_fragments/dimensiondata_wait.py

@@ -34,4 +34,4 @@ options:
       - Only applicable if O(wait=true).
     type: int
     default: 2
-    '''
+'''

plugins/doc_fragments/emc.py

@@ -39,8 +39,7 @@ options:
         default: sysadmin
 requirements:
   - An EMC VNX Storage device.
-  - Ansible 2.7.
-  - storops (0.5.10 or greater). Install using 'pip install storops'.
+  - storops (0.5.10 or greater). Install using C(pip install storops).
 notes:
-  - The modules prefixed with emc_vnx are built to support the EMC VNX storage platform.
+  - The modules prefixed with C(emc_vnx) are built to support the EMC VNX storage platform.
 '''

plugins/doc_fragments/gitlab.py

@@ -29,4 +29,9 @@ options:
       - GitLab CI job token for logging in.
     type: str
     version_added: 4.2.0
+  ca_path:
+    description:
+      - The CA certificates bundle to use to verify GitLab server certificate.
+    type: str
+    version_added: 8.1.0
 '''

plugins/doc_fragments/hwc.py

@@ -19,8 +19,8 @@ options:
         required: true
     user:
         description:
-            - The user name to login with (currently only user names are
-              supported, and not user IDs).
+            - The user name to login with.
+            - Currently only user names are supported, and not user IDs.
         type: str
         required: true
     password:
@@ -31,14 +31,13 @@ options:
     domain:
         description:
             - The name of the Domain to scope to (Identity v3).
-              (currently only domain names are supported, and not domain IDs).
+            - Currently only domain names are supported, and not domain IDs.
         type: str
         required: true
     project:
         description:
             - The name of the Tenant (Identity v2) or Project (Identity v3).
-              (currently only project names are supported, and not
-               project IDs).
+            - Currently only project names are supported, and not project IDs.
         type: str
         required: true
     region:
@@ -47,20 +46,20 @@ options:
         type: str
     id:
         description:
-            - The id of resource to be managed.
+            - The ID of resource to be managed.
         type: str
 notes:
   - For authentication, you can set identity_endpoint using the
-    E(ANSIBLE_HWC_IDENTITY_ENDPOINT) env variable.
+    E(ANSIBLE_HWC_IDENTITY_ENDPOINT) environment variable.
   - For authentication, you can set user using the
-    E(ANSIBLE_HWC_USER) env variable.
-  - For authentication, you can set password using the E(ANSIBLE_HWC_PASSWORD) env
+    E(ANSIBLE_HWC_USER) environment variable.
+  - For authentication, you can set password using the E(ANSIBLE_HWC_PASSWORD) environment
     variable.
-  - For authentication, you can set domain using the E(ANSIBLE_HWC_DOMAIN) env
+  - For authentication, you can set domain using the E(ANSIBLE_HWC_DOMAIN) environment
     variable.
-  - For authentication, you can set project using the E(ANSIBLE_HWC_PROJECT) env
+  - For authentication, you can set project using the E(ANSIBLE_HWC_PROJECT) environment
     variable.
-  - For authentication, you can set region using the E(ANSIBLE_HWC_REGION) env variable.
+  - For authentication, you can set region using the E(ANSIBLE_HWC_REGION) environment variable.
   - Environment variables values will only be used if the playbook values are
     not set.
 '''

plugins/doc_fragments/ibm_storage.py

@@ -31,8 +31,7 @@ options:
         required: true
 notes:
   - This module requires pyxcli python library.
-    Use 'pip install pyxcli' in order to get pyxcli.
+    Use C(pip install pyxcli) in order to get pyxcli.
 requirements:
-  - python >= 2.7
   - pyxcli
 '''

plugins/doc_fragments/influxdb.py

@@ -16,32 +16,29 @@ options:
   hostname:
     description:
     - The hostname or IP address on which InfluxDB server is listening.
-    - Since Ansible 2.5, defaulted to localhost.
     type: str
     default: localhost
   username:
     description:
     - Username that will be used to authenticate against InfluxDB server.
-    - Alias O(login_username) added in Ansible 2.5.
     type: str
     default: root
     aliases: [ login_username ]
   password:
     description:
     - Password that will be used to authenticate against InfluxDB server.
-    - Alias O(login_password) added in Ansible 2.5.
     type: str
     default: root
     aliases: [ login_password ]
   port:
     description:
-    - The port on which InfluxDB server is listening
+    - The port on which InfluxDB server is listening.
     type: int
     default: 8086
   path:
     description:
-    - The path on which InfluxDB server is accessible
-    - Only available when using python-influxdb >= 5.1.0
+    - The path on which InfluxDB server is accessible.
+    - Only available when using python-influxdb >= 5.1.0.
     type: str
     default: ''
     version_added: '0.2.0'
@@ -64,7 +61,7 @@ options:
     description:
     - Number of retries client will try before aborting.
     - V(0) indicates try until success.
-    - Only available when using python-influxdb >= 4.1.0
+    - Only available when using python-influxdb >= 4.1.0.
     type: int
     default: 3
   use_udp:

plugins/doc_fragments/ipa.py

@@ -18,7 +18,6 @@ options:
     - Port of FreeIPA / IPA server.
     - If the value is not specified in the task, the value of environment variable E(IPA_PORT) will be used instead.
     - If both the environment variable E(IPA_PORT) and the value are not specified in the task, then default value is set.
-    - Environment variable fallback mechanism is added in Ansible 2.5.
     type: int
     default: 443
   ipa_host:
@@ -26,9 +25,8 @@ options:
     - IP or hostname of IPA server.
     - If the value is not specified in the task, the value of environment variable E(IPA_HOST) will be used instead.
     - If both the environment variable E(IPA_HOST) and the value are not specified in the task, then DNS will be used to try to discover the FreeIPA server.
-    - The relevant entry needed in FreeIPA is the 'ipa-ca' entry.
+    - The relevant entry needed in FreeIPA is the C(ipa-ca) entry.
     - If neither the DNS entry, nor the environment E(IPA_HOST), nor the value are available in the task, then the default value will be used.
-    - Environment variable fallback mechanism is added in Ansible 2.5.
     type: str
     default: ipa.example.com
   ipa_user:
@@ -36,7 +34,6 @@ options:
     - Administrative account used on IPA server.
     - If the value is not specified in the task, the value of environment variable E(IPA_USER) will be used instead.
     - If both the environment variable E(IPA_USER) and the value are not specified in the task, then default value is set.
-    - Environment variable fallback mechanism is added in Ansible 2.5.
     type: str
     default: admin
   ipa_pass:
@@ -47,14 +44,12 @@ options:
     - If the environment variable E(KRB5CCNAME) is available, the module will use this kerberos credentials cache to authenticate to the FreeIPA server.
     - If the environment variable E(KRB5_CLIENT_KTNAME) is available, and E(KRB5CCNAME) is not; the module will use this kerberos keytab to authenticate.
     - If GSSAPI is not available, the usage of O(ipa_pass) is required.
-    - Environment variable fallback mechanism is added in Ansible 2.5.
     type: str
   ipa_prot:
     description:
     - Protocol used by IPA server.
     - If the value is not specified in the task, the value of environment variable E(IPA_PROT) will be used instead.
     - If both the environment variable E(IPA_PROT) and the value are not specified in the task, then default value is set.
-    - Environment variable fallback mechanism is added in Ansible 2.5.
     type: str
     choices: [ http, https ]
     default: https

plugins/doc_fragments/keycloak.py

@@ -69,6 +69,7 @@ options:
         type: int
         default: 10
         version_added: 4.5.0
+
     http_agent:
         description:
             - Configures the HTTP User-Agent header.

plugins/doc_fragments/lxca_common.py

@@ -30,7 +30,7 @@ options:
 
   auth_url:
     description:
-    - lxca https full web address
+    - lxca HTTPS full web address.
     type: str
     required: true
 
@@ -38,7 +38,6 @@ requirements:
   - pylxca
 
 notes:
-  -  Additional detail about pylxca can be found at U(https://github.com/lenovo/pylxca)
-  -  Playbooks using these modules can be found at U(https://github.com/lenovo/ansible.lenovo-lxca)
-  -  Check mode is not supported.
+  - Additional detail about pylxca can be found at U(https://github.com/lenovo/pylxca).
+  - Playbooks using these modules can be found at U(https://github.com/lenovo/ansible.lenovo-lxca).
 '''

plugins/doc_fragments/nomad.py

@@ -18,6 +18,12 @@ options:
         - FQDN of Nomad server.
       required: true
       type: str
+    port:
+      description:
+        - Port of Nomad server.
+      type: int
+      default: 4646
+      version_added: 8.0.0
     use_ssl:
       description:
         - Use TLS/SSL connection.

plugins/doc_fragments/onepassword.py

@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2023, Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+    DOCUMENTATION = r'''
+requirements:
+  - See U(https://support.1password.com/command-line/)
+options:
+  master_password:
+    description: The password used to unlock the specified vault.
+    aliases: ['vault_password']
+    type: str
+  section:
+    description: Item section containing the field to retrieve (case-insensitive). If absent will return first match from any section.
+  domain:
+    description: Domain of 1Password.
+    default: '1password.com'
+    type: str
+  subdomain:
+    description: The 1Password subdomain to authenticate against.
+    type: str
+  account_id:
+    description: The account ID to target.
+    type: str
+  username:
+    description: The username used to sign in.
+    type: str
+  secret_key:
+    description: The secret key used when performing an initial sign in.
+    type: str
+  service_account_token:
+    description:
+      - The access key for a service account.
+      - Only works with 1Password CLI version 2 or later.
+    type: str
+  vault:
+    description: Vault containing the item to retrieve (case-insensitive). If absent will search all vaults.
+    type: str
+  connect_host:
+    description: The host for 1Password Connect. Must be used in combination with O(connect_token).
+    type: str
+    env:
+      - name: OP_CONNECT_HOST
+    version_added: 8.1.0
+  connect_token:
+    description: The token for 1Password Connect. Must be used in combination with O(connect_host).
+    type: str
+    env:
+      - name: OP_CONNECT_TOKEN
+    version_added: 8.1.0
+'''
+
+    LOOKUP = r'''
+options: {}
+notes:
+  - This lookup will use an existing 1Password session if one exists. If not, and you have already
+    performed an initial sign in (meaning C(~/.op/config), C(~/.config/op/config) or C(~/.config/.op/config) exists), then only the
+    O(master_password) is required. You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
+  - This lookup can perform an initial login by providing O(subdomain), O(username), O(secret_key), and O(master_password).
+  - Can target a specific account by providing the O(account_id).
+  - Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials
+    needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
+    to the 1Password master password.
+  - This lookup stores potentially sensitive data from 1Password as Ansible facts.
+    Facts are subject to caching if enabled, which means this data could be stored in clear text
+    on disk or in a database.
+  - Tested with C(op) version 2.7.2.
+'''

plugins/doc_fragments/oneview.py

@@ -15,7 +15,7 @@ class ModuleDocFragment(object):
 options:
     config:
         description:
-        - Path to a .json configuration file containing the OneView client configuration.
+        - Path to a JSON configuration file containing the OneView client configuration.
           The configuration file is optional and when used should be present in the host running the ansible commands.
           If the file path is not provided, the configuration will be loaded from environment variables.
           For links to example configuration files or how to use the environment variables verify the notes section.
@@ -42,7 +42,7 @@ options:
         type: str
 
 requirements:
-  - python >= 2.7.9
+  - Python >= 2.7.9
 
 notes:
     - "A sample configuration file for the config parameter can be found at:
@@ -70,11 +70,11 @@ options:
 options:
     params:
         description:
-        - List of params to delimit, filter and sort the list of resources.
-        - "params allowed:
-            - C(start): The first item to return, using 0-based indexing.
-            - C(count): The number of resources to return.
-            - C(filter): A general filter/query string to narrow the list of items returned.
-            - C(sort): The sort order of the returned data set."
+        - List of parameters to delimit, filter and sort the list of resources.
+        - "Parameter keys allowed are:"
+        - "C(start): The first item to return, using 0-based indexing."
+        - "C(count): The number of resources to return."
+        - "C(filter): A general filter/query string to narrow the list of items returned."
+        - "C(sort): The sort order of the returned data set."
         type: dict
 '''

plugins/doc_fragments/online.py

@@ -20,7 +20,7 @@ options:
     aliases: [ oauth_token ]
   api_url:
     description:
-      - Online API URL
+      - Online API URL.
     type: str
     default: 'https://api.online.net'
     aliases: [ base_url ]
@@ -36,7 +36,7 @@ options:
     type: bool
     default: true
 notes:
-  - Also see the API documentation on U(https://console.online.net/en/api/)
+  - Also see the API documentation on U(https://console.online.net/en/api/).
   - If O(api_token) is not set within the module, the following
     environment variables can be used in decreasing order of precedence
     E(ONLINE_TOKEN), E(ONLINE_API_KEY), E(ONLINE_OAUTH_TOKEN), E(ONLINE_API_TOKEN).

plugins/doc_fragments/openswitch.py

@@ -64,7 +64,7 @@ options:
     description:
       - Configures the transport connection to use when connecting to the
         remote device.  The transport argument supports connectivity to the
-        device over ssh, cli or REST.
+        device over SSH (V(ssh)), CLI (V(cli)), or REST (V(rest)).
     required: true
     type: str
     choices: [ cli, rest, ssh ]

plugins/doc_fragments/oracle.py

@@ -10,22 +10,21 @@ __metaclass__ = type
 class ModuleDocFragment(object):
     DOCUMENTATION = """
     requirements:
-        - "python >= 2.7"
-        -  Python SDK for Oracle Cloud Infrastructure U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io)
+        - Python SDK for Oracle Cloud Infrastructure U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io)
     notes:
-        - For OCI python sdk configuration, please refer to
-          U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html)
+        - For OCI Python SDK configuration, please refer to
+          U(https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html).
     options:
         config_file_location:
             description:
                 - Path to configuration file. If not set then the value of the E(OCI_CONFIG_FILE) environment variable,
-                  if any, is used. Otherwise, defaults to ~/.oci/config.
+                  if any, is used. Otherwise, defaults to C(~/.oci/config).
             type: str
         config_profile_name:
             description:
                 - The profile to load from the config file referenced by O(config_file_location). If not set, then the
                   value of the E(OCI_CONFIG_PROFILE) environment variable, if any, is used. Otherwise, defaults to the
-                  "DEFAULT" profile in O(config_file_location).
+                  C(DEFAULT) profile in O(config_file_location).
             default: "DEFAULT"
             type: str
         api_user:
@@ -70,8 +69,8 @@ class ModuleDocFragment(object):
             description:
                 - OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is
                   used. This option is required if the tenancy OCID is not specified through a configuration file
-                  (See O(config_file_location)). To get the tenancy OCID, please refer
-                  U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm)
+                  (See O(config_file_location)). To get the tenancy OCID, please refer to
+                  U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
             type: str
         region:
             description:

plugins/doc_fragments/oracle_wait_options.py

@@ -21,7 +21,7 @@ class ModuleDocFragment(object):
         wait_until:
             description: The lifecycle state to wait for the resource to transition into when O(wait=true). By default,
                          when O(wait=true), we wait for the resource to get into ACTIVE/ATTACHED/AVAILABLE/PROVISIONED/
-                         RUNNING applicable lifecycle state during create operation & to get into DELETED/DETACHED/
+                         RUNNING applicable lifecycle state during create operation and to get into DELETED/DETACHED/
                          TERMINATED lifecycle state during delete operation.
             type: str
     """

plugins/doc_fragments/purestorage.py

@@ -32,11 +32,10 @@ options:
       - FlashBlade API token for admin privileged user.
     type: str
 notes:
-  - This module requires the C(purity_fb) Python library
+  - This module requires the C(purity_fb) Python library.
   - You must set E(PUREFB_URL) and E(PUREFB_API) environment variables
-    if O(fb_url) and O(api_token) arguments are not passed to the module directly
+    if O(fb_url) and O(api_token) arguments are not passed to the module directly.
 requirements:
-  - python >= 2.7
   - purity_fb >= 1.1
 '''
 
@@ -54,10 +53,9 @@ options:
     type: str
     required: true
 notes:
-  - This module requires the C(purestorage) Python library
+  - This module requires the C(purestorage) Python library.
   - You must set E(PUREFA_URL) and E(PUREFA_API) environment variables
-    if O(fa_url) and O(api_token) arguments are not passed to the module directly
+    if O(fa_url) and O(api_token) arguments are not passed to the module directly.
 requirements:
-  - python >= 2.7
   - purestorage
 '''

plugins/doc_fragments/rackspace.py

@@ -43,15 +43,14 @@ options:
     type: bool
     aliases: [ verify_ssl ]
 requirements:
-  - python >= 2.6
   - pyrax
 notes:
   - The following environment variables can be used, E(RAX_USERNAME),
     E(RAX_API_KEY), E(RAX_CREDS_FILE), E(RAX_CREDENTIALS), E(RAX_REGION).
   - E(RAX_CREDENTIALS) and E(RAX_CREDS_FILE) point to a credentials file
-    appropriate for pyrax. See U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating)
-  - E(RAX_USERNAME) and E(RAX_API_KEY) obviate the use of a credentials file
-  - E(RAX_REGION) defines a Rackspace Public Cloud region (DFW, ORD, LON, ...)
+    appropriate for pyrax. See U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating).
+  - E(RAX_USERNAME) and E(RAX_API_KEY) obviate the use of a credentials file.
+  - E(RAX_REGION) defines a Rackspace Public Cloud region (DFW, ORD, LON, ...).
 '''
 
     # Documentation fragment including attributes to enable communication
@@ -67,7 +66,7 @@ options:
     type: str
     description:
       - The URI of the authentication service.
-      - If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/)
+      - If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/).
   credentials:
     type: path
     description:
@@ -110,13 +109,12 @@ deprecated:
   why: This module relies on the deprecated package pyrax.
   alternative: Use the Openstack modules instead.
 requirements:
-  - python >= 2.6
   - pyrax
 notes:
   - The following environment variables can be used, E(RAX_USERNAME),
     E(RAX_API_KEY), E(RAX_CREDS_FILE), E(RAX_CREDENTIALS), E(RAX_REGION).
   - E(RAX_CREDENTIALS) and E(RAX_CREDS_FILE) points to a credentials file
-    appropriate for pyrax. See U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating)
-  - E(RAX_USERNAME) and E(RAX_API_KEY) obviate the use of a credentials file
-  - E(RAX_REGION) defines a Rackspace Public Cloud region (DFW, ORD, LON, ...)
+    appropriate for pyrax. See U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating).
+  - E(RAX_USERNAME) and E(RAX_API_KEY) obviate the use of a credentials file.
+  - E(RAX_REGION) defines a Rackspace Public Cloud region (DFW, ORD, LON, ...).
 '''

plugins/doc_fragments/scaleway.py

@@ -42,7 +42,7 @@ options:
     type: bool
     default: true
 notes:
-  - Also see the API documentation on U(https://developer.scaleway.com/)
+  - Also see the API documentation on U(https://developer.scaleway.com/).
   - If O(api_token) is not set within the module, the following
     environment variables can be used in decreasing order of precedence
     E(SCW_TOKEN), E(SCW_API_KEY), E(SCW_OAUTH_TOKEN) or E(SCW_API_TOKEN).

plugins/doc_fragments/utm.py

@@ -14,7 +14,7 @@ options:
     headers:
         description:
           - A dictionary of additional headers to be sent to POST and PUT requests.
-          - Is needed for some modules
+          - Is needed for some modules.
         type: dict
         required: false
         default: {}
@@ -30,8 +30,9 @@ options:
         default: 4444
     utm_token:
         description:
-          - "The token used to identify at the REST-API. See U(https://www.sophos.com/en-us/medialibrary/\
-            PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en), Chapter 2.4.2."
+          - "The token used to identify at the REST-API. See
+            U(https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf?la=en),
+            Chapter 2.4.2."
         type: str
         required: true
     utm_protocol:
@@ -48,8 +49,8 @@ options:
     state:
         description:
           - The desired state of the object.
-          - V(present) will create or update an object
-          - V(absent) will delete an object if it was present
+          - V(present) will create or update an object.
+          - V(absent) will delete an object if it was present.
         type: str
         choices: [ absent, present ]
         default: present

plugins/doc_fragments/vexata.py

@@ -30,11 +30,13 @@ options:
   user:
     description:
       - Vexata API user with administrative privileges.
+      - Uses the E(VEXATA_USER) environment variable as a fallback.
     required: false
     type: str
   password:
     description:
       - Vexata API user password.
+      - Uses the E(VEXATA_PASSWORD) environment variable as a fallback.
     required: false
     type: str
   validate_certs:
@@ -48,7 +50,6 @@ options:
 requirements:
   - Vexata VX100 storage array with VXOS >= v3.5.0 on storage array
   - vexatapi >= 0.0.1
-  - python >= 2.7
-  - VEXATA_USER and VEXATA_PASSWORD environment variables must be set if
+  - E(VEXATA_USER) and E(VEXATA_PASSWORD) environment variables must be set if
     user and password arguments are not passed to the module directly.
 '''

plugins/inventory/cobbler.py

@@ -118,8 +118,6 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Cacheable, to_safe_group_name
 from ansible.module_utils.six import text_type
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 # xmlrpc
 try:
     import xmlrpclib as xmlrpc_client
@@ -276,9 +274,9 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
         for host in self._get_systems():
             # Get the FQDN for the host and add it to the right groups
             if self.inventory_hostname == 'system':
-                hostname = make_unsafe(host['name'])  # None
+                hostname = host['name']  # None
             else:
-                hostname = make_unsafe(host['hostname'])  # None
+                hostname = host['hostname']  # None
             interfaces = host['interfaces']
 
             if set(host['mgmt_classes']) & set(self.include_mgmt_classes):
@@ -298,7 +296,7 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
                     if ivalue['management'] or not ivalue['static']:
                         this_dns_name = ivalue.get('dns_name', None)
                         if this_dns_name is not None and this_dns_name != "":
-                            hostname = make_unsafe(this_dns_name)
+                            hostname = this_dns_name
                             self.display.vvvv('Set hostname to %s from %s\n' % (hostname, iname))
 
             if hostname == '':
@@ -363,18 +361,18 @@ class InventoryModule(BaseInventoryPlugin, Cacheable):
             if ip_address is None and ip_address_first is not None:
                 ip_address = ip_address_first
             if ip_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', make_unsafe(ip_address))
+                self.inventory.set_variable(hostname, 'cobbler_ipv4_address', ip_address)
             if ipv6_address is None and ipv6_address_first is not None:
                 ipv6_address = ipv6_address_first
             if ipv6_address is not None:
-                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', make_unsafe(ipv6_address))
+                self.inventory.set_variable(hostname, 'cobbler_ipv6_address', ipv6_address)
 
             if self.get_option('want_facts'):
                 try:
-                    self.inventory.set_variable(hostname, 'cobbler', make_unsafe(host))
+                    self.inventory.set_variable(hostname, 'cobbler', host)
                 except ValueError as e:
                     self.display.warning("Could not set host info for %s: %s" % (hostname, to_text(e)))
 
         if self.get_option('want_ip_addresses'):
-            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', make_unsafe(ip_addresses))
-            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', make_unsafe(ipv6_addresses))
+            self.inventory.set_variable(self.group, 'cobbler_ipv4_addresses', ip_addresses)
+            self.inventory.set_variable(self.group, 'cobbler_ipv6_addresses', ipv6_addresses)

plugins/inventory/gitlab_runners.py

@@ -14,7 +14,6 @@ DOCUMENTATION = '''
       - Stefan Heitmüller (@morph027) <stefan.heitmueller@gmx.com>
     short_description: Ansible dynamic inventory plugin for GitLab runners.
     requirements:
-        - python >= 2.7
         - python-gitlab > 1.8.0
     extends_documentation_fragment:
         - constructed
@@ -85,8 +84,6 @@ from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.common.text.converters import to_native
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 try:
     import gitlab
     HAS_GITLAB = True
@@ -108,11 +105,11 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
             else:
                 runners = gl.runners.all()
             for runner in runners:
-                host = make_unsafe(str(runner['id']))
+                host = str(runner['id'])
                 ip_address = runner['ip_address']
-                host_attrs = make_unsafe(vars(gl.runners.get(runner['id']))['_attrs'])
+                host_attrs = vars(gl.runners.get(runner['id']))['_attrs']
                 self.inventory.add_host(host, group='gitlab_runners')
-                self.inventory.set_variable(host, 'ansible_host', make_unsafe(ip_address))
+                self.inventory.set_variable(host, 'ansible_host', ip_address)
                 if self.get_option('verbose_output', True):
                     self.inventory.set_variable(host, 'gitlab_runner_attributes', host_attrs)
 

plugins/inventory/icinga2.py

@@ -72,7 +72,7 @@ url: http://localhost:5665
 user: ansible
 password: secure
 host_filter: \"linux-servers\" in host.groups
-validate_certs: false
+validate_certs: false  # only do this when connecting to localhost!
 inventory_attr: name
 groups:
   # simple name matching
@@ -97,8 +97,6 @@ from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.six.moves.urllib.error import HTTPError
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 
 class InventoryModule(BaseInventoryPlugin, Constructable):
     ''' Host inventory parser for ansible using Icinga2 as source. '''
@@ -235,15 +233,15 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
         """Convert Icinga2 API data to JSON format for Ansible"""
         groups_dict = {"_meta": {"hostvars": {}}}
         for entry in json_data:
-            host_attrs = make_unsafe(entry['attrs'])
+            host_attrs = entry['attrs']
             if self.inventory_attr == "name":
-                host_name = make_unsafe(entry.get('name'))
+                host_name = entry.get('name')
             if self.inventory_attr == "address":
                 # When looking for address for inventory, if missing fallback to object name
                 if host_attrs.get('address', '') != '':
-                    host_name = make_unsafe(host_attrs.get('address'))
+                    host_name = host_attrs.get('address')
                 else:
-                    host_name = make_unsafe(entry.get('name'))
+                    host_name = entry.get('name')
             if self.inventory_attr == "display_name":
                 host_name = host_attrs.get('display_name')
             if host_attrs['state'] == 0:
@@ -259,7 +257,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
             # If the address attribute is populated, override ansible_host with the value
             if host_attrs.get('address') != '':
                 self.inventory.set_variable(host_name, 'ansible_host', host_attrs.get('address'))
-            self.inventory.set_variable(host_name, 'hostname', make_unsafe(entry.get('name')))
+            self.inventory.set_variable(host_name, 'hostname', entry.get('name'))
             self.inventory.set_variable(host_name, 'display_name', host_attrs.get('display_name'))
             self.inventory.set_variable(host_name, 'state',
                                         host_attrs['state'])

plugins/inventory/linode.py

@@ -12,7 +12,6 @@ DOCUMENTATION = r'''
       - Luke Murphy (@decentral1se)
     short_description: Ansible dynamic inventory plugin for Linode.
     requirements:
-        - python >= 2.7
         - linode_api4 >= 2.0.0
     description:
         - Reads inventories from the Linode API v4.
@@ -124,8 +123,6 @@ compose:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 
 try:
     from linode_api4 import LinodeClient
@@ -201,21 +198,20 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
     def _add_instances_to_groups(self):
         """Add instance names to their dynamic inventory groups."""
         for instance in self.instances:
-            self.inventory.add_host(make_unsafe(instance.label), group=instance.group)
+            self.inventory.add_host(instance.label, group=instance.group)
 
     def _add_hostvars_for_instances(self):
         """Add hostvars for instances in the dynamic inventory."""
         ip_style = self.get_option('ip_style')
         for instance in self.instances:
             hostvars = instance._raw_json
-            hostname = make_unsafe(instance.label)
             for hostvar_key in hostvars:
                 if ip_style == 'api' and hostvar_key in ['ipv4', 'ipv6']:
                     continue
                 self.inventory.set_variable(
-                    hostname,
+                    instance.label,
                     hostvar_key,
-                    make_unsafe(hostvars[hostvar_key])
+                    hostvars[hostvar_key]
                 )
             if ip_style == 'api':
                 ips = instance.ips.ipv4.public + instance.ips.ipv4.private
@@ -224,9 +220,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
                 for ip_type in set(ip.type for ip in ips):
                     self.inventory.set_variable(
-                        hostname,
+                        instance.label,
                         ip_type,
-                        make_unsafe(self._ip_data([ip for ip in ips if ip.type == ip_type]))
+                        self._ip_data([ip for ip in ips if ip.type == ip_type])
                     )
 
     def _ip_data(self, ip_list):
@@ -257,44 +253,30 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         self._add_instances_to_groups()
         self._add_hostvars_for_instances()
         for instance in self.instances:
-            hostname = make_unsafe(instance.label)
-            variables = self.inventory.get_host(hostname).get_vars()
+            variables = self.inventory.get_host(instance.label).get_vars()
             self._add_host_to_composed_groups(
                 self.get_option('groups'),
                 variables,
-                hostname,
+                instance.label,
                 strict=strict)
             self._add_host_to_keyed_groups(
                 self.get_option('keyed_groups'),
                 variables,
-                hostname,
+                instance.label,
                 strict=strict)
             self._set_composite_vars(
                 self.get_option('compose'),
                 variables,
-                hostname,
+                instance.label,
                 strict=strict)
 
     def verify_file(self, path):
-        """Verify the Linode configuration file.
-
-        Return true/false if the config-file is valid for this plugin
-
-        Args:
-            str(path): path to the config
-        Kwargs:
-            None
-        Raises:
-            None
-        Returns:
-            bool(valid): is valid config file"""
-        valid = False
+        """Verify the Linode configuration file."""
         if super(InventoryModule, self).verify_file(path):
-            if path.endswith(("linode.yaml", "linode.yml")):
-                valid = True
-            else:
-                self.display.vvv('Inventory source not ending in "linode.yaml" or "linode.yml"')
-        return valid
+            endings = ('linode.yaml', 'linode.yml')
+            if any((path.endswith(ending) for ending in endings)):
+                return True
+        return False
 
     def parse(self, inventory, loader, path, cache=True):
         """Dynamically parse Linode the cloud inventory."""

plugins/inventory/lxd.py

@@ -41,6 +41,20 @@ DOCUMENTATION = r'''
             aliases: [ cert_file ]
             default: $HOME/.config/lxc/client.crt
             type: path
+        server_cert:
+            description:
+            - The server certificate file path.
+            type: path
+            version_added: 8.0.0
+        server_check_hostname:
+            description:
+            - This option controls if the server's hostname is checked as part of the HTTPS connection verification.
+              This can be useful to disable, if for example, the server certificate provided (see O(server_cert) option)
+              does not cover a name matching the one used to communicate with the server. Such mismatch is common as LXD
+              generates self-signed server certificates by default.
+            type: bool
+            default: true
+            version_added: 8.0.0
         trust_password:
             description:
             - The client trusted password.
@@ -161,7 +175,6 @@ from ansible.module_utils.six import raise_from
 from ansible.errors import AnsibleError, AnsibleParserError
 from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible_collections.community.general.plugins.module_utils.lxd import LXDClient, LXDClientException
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
 
 try:
     import ipaddress
@@ -287,7 +300,7 @@ class InventoryModule(BaseInventoryPlugin):
         urls = (url for url in url_list if self.validate_url(url))
         for url in urls:
             try:
-                socket_connection = LXDClient(url, self.client_key, self.client_cert, self.debug)
+                socket_connection = LXDClient(url, self.client_key, self.client_cert, self.debug, self.server_cert, self.server_check_hostname)
                 return socket_connection
             except LXDClientException as err:
                 error_storage[url] = err
@@ -457,7 +470,7 @@ class InventoryModule(BaseInventoryPlugin):
         Helper to get the preferred interface provide by neme pattern from 'prefered_instance_network_interface'.
 
         Args:
-            str(instance_name): name of instance
+            str(containe_name): name of instance
         Kwargs:
             None
         Raises:
@@ -482,7 +495,7 @@ class InventoryModule(BaseInventoryPlugin):
         Helper to get the VLAN_ID from the instance
 
         Args:
-            str(instance_name): name of instance
+            str(containe_name): name of instance
         Kwargs:
             None
         Raises:
@@ -657,7 +670,7 @@ class InventoryModule(BaseInventoryPlugin):
 
         if self._get_data_entry('inventory/{0}/network_interfaces'.format(instance_name)):  # instance have network interfaces
             self.inventory.set_variable(instance_name, 'ansible_connection', 'ssh')
-            self.inventory.set_variable(instance_name, 'ansible_host', make_unsafe(interface_selection(instance_name)))
+            self.inventory.set_variable(instance_name, 'ansible_host', interface_selection(instance_name))
         else:
             self.inventory.set_variable(instance_name, 'ansible_connection', 'local')
 
@@ -683,39 +696,31 @@ class InventoryModule(BaseInventoryPlugin):
                 if self.filter.lower() != instance_state:
                     continue
             # add instance
-            instance_name = make_unsafe(instance_name)
             self.inventory.add_host(instance_name)
             # add network information
             self.build_inventory_network(instance_name)
             # add os
             v = self._get_data_entry('inventory/{0}/os'.format(instance_name))
             if v:
-                self.inventory.set_variable(instance_name, 'ansible_lxd_os', make_unsafe(v.lower()))
+                self.inventory.set_variable(instance_name, 'ansible_lxd_os', v.lower())
             # add release
             v = self._get_data_entry('inventory/{0}/release'.format(instance_name))
             if v:
-                self.inventory.set_variable(
-                    instance_name, 'ansible_lxd_release', make_unsafe(v.lower()))
+                self.inventory.set_variable(instance_name, 'ansible_lxd_release', v.lower())
             # add profile
-            self.inventory.set_variable(
-                instance_name, 'ansible_lxd_profile', make_unsafe(self._get_data_entry('inventory/{0}/profile'.format(instance_name))))
+            self.inventory.set_variable(instance_name, 'ansible_lxd_profile', self._get_data_entry('inventory/{0}/profile'.format(instance_name)))
             # add state
-            self.inventory.set_variable(
-                instance_name, 'ansible_lxd_state', make_unsafe(instance_state))
+            self.inventory.set_variable(instance_name, 'ansible_lxd_state', instance_state)
             # add type
-            self.inventory.set_variable(
-                instance_name, 'ansible_lxd_type', make_unsafe(self._get_data_entry('inventory/{0}/type'.format(instance_name))))
+            self.inventory.set_variable(instance_name, 'ansible_lxd_type', self._get_data_entry('inventory/{0}/type'.format(instance_name)))
             # add location information
             if self._get_data_entry('inventory/{0}/location'.format(instance_name)) != "none":  # wrong type by lxd 'none' != 'None'
-                self.inventory.set_variable(
-                    instance_name, 'ansible_lxd_location', make_unsafe(self._get_data_entry('inventory/{0}/location'.format(instance_name))))
+                self.inventory.set_variable(instance_name, 'ansible_lxd_location', self._get_data_entry('inventory/{0}/location'.format(instance_name)))
             # add VLAN_ID information
             if self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)):
-                self.inventory.set_variable(
-                    instance_name, 'ansible_lxd_vlan_ids', make_unsafe(self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name))))
+                self.inventory.set_variable(instance_name, 'ansible_lxd_vlan_ids', self._get_data_entry('inventory/{0}/vlan_ids'.format(instance_name)))
             # add project
-            self.inventory.set_variable(
-                instance_name, 'ansible_lxd_project', make_unsafe(self._get_data_entry('inventory/{0}/project'.format(instance_name))))
+            self.inventory.set_variable(instance_name, 'ansible_lxd_project', self._get_data_entry('inventory/{0}/project'.format(instance_name)))
 
     def build_inventory_groups_location(self, group_name):
         """create group by attribute: location
@@ -988,7 +993,7 @@ class InventoryModule(BaseInventoryPlugin):
             for group_name in self.groupby:
                 if not group_name.isalnum():
                     raise AnsibleParserError('Invalid character(s) in groupname: {0}'.format(to_native(group_name)))
-                group_type(make_unsafe(group_name))
+                group_type(group_name)
 
     def build_inventory(self):
         """Build dynamic inventory
@@ -1087,6 +1092,8 @@ class InventoryModule(BaseInventoryPlugin):
         try:
             self.client_key = self.get_option('client_key')
             self.client_cert = self.get_option('client_cert')
+            self.server_cert = self.get_option('server_cert')
+            self.server_check_hostname = self.get_option('server_check_hostname')
             self.project = self.get_option('project')
             self.debug = self.DEBUG
             self.data = {}  # store for inventory-data

plugins/inventory/nmap.py

@@ -127,8 +127,6 @@ from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 
 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
@@ -145,7 +143,6 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         strict = self.get_option('strict')
 
         for host in hosts:
-            host = make_unsafe(host)
             hostname = host['name']
             self.inventory.add_host(hostname)
             for var, value in host.items():

plugins/inventory/online.py

@@ -69,8 +69,6 @@ from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.ansible_release import __version__ as ansible_version
 from ansible.module_utils.six.moves.urllib.parse import urljoin
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 
 class InventoryModule(BaseInventoryPlugin):
     NAME = 'community.general.online'
@@ -171,20 +169,20 @@ class InventoryModule(BaseInventoryPlugin):
             "support"
         )
         for attribute in targeted_attributes:
-            self.inventory.set_variable(hostname, attribute, make_unsafe(host_infos[attribute]))
+            self.inventory.set_variable(hostname, attribute, host_infos[attribute])
 
         if self.extract_public_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))
-            self.inventory.set_variable(hostname, "ansible_host", make_unsafe(self.extract_public_ipv4(host_infos=host_infos)))
+            self.inventory.set_variable(hostname, "public_ipv4", self.extract_public_ipv4(host_infos=host_infos))
+            self.inventory.set_variable(hostname, "ansible_host", self.extract_public_ipv4(host_infos=host_infos))
 
         if self.extract_private_ipv4(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "public_ipv4", make_unsafe(self.extract_private_ipv4(host_infos=host_infos)))
+            self.inventory.set_variable(hostname, "public_ipv4", self.extract_private_ipv4(host_infos=host_infos))
 
         if self.extract_os_name(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_name", make_unsafe(self.extract_os_name(host_infos=host_infos)))
+            self.inventory.set_variable(hostname, "os_name", self.extract_os_name(host_infos=host_infos))
 
         if self.extract_os_version(host_infos=host_infos):
-            self.inventory.set_variable(hostname, "os_version", make_unsafe(self.extract_os_name(host_infos=host_infos)))
+            self.inventory.set_variable(hostname, "os_version", self.extract_os_name(host_infos=host_infos))
 
     def _filter_host(self, host_infos, hostname_preferences):
 
@@ -203,8 +201,6 @@ class InventoryModule(BaseInventoryPlugin):
         if not hostname:
             return
 
-        hostname = make_unsafe(hostname)
-
         self.inventory.add_host(host=hostname)
         self._fill_host_variables(hostname=hostname, host_infos=host_infos)
 
@@ -214,8 +210,6 @@ class InventoryModule(BaseInventoryPlugin):
             if not group:
                 return
 
-            group = make_unsafe(group)
-
             self.inventory.add_group(group=group)
             self.inventory.add_host(group=group, host=hostname)
 

plugins/inventory/opennebula.py

@@ -98,8 +98,6 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible.module_utils.common.text.converters import to_native
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 from collections import namedtuple
 import os
 
@@ -217,7 +215,6 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
         filter_by_label = self.get_option('filter_by_label')
         servers = self._retrieve_servers(filter_by_label)
         for server in servers:
-            server = make_unsafe(server)
             hostname = server['name']
             # check for labels
             if group_by_labels and server['LABELS']:

plugins/inventory/proxmox.py

@@ -116,6 +116,11 @@ DOCUMENTATION = '''
           - The default of this option changed from V(true) to V(false) in community.general 6.0.0.
         type: bool
         default: false
+      exclude_nodes:
+        description: Exclude proxmox nodes and the nodes-group from the inventory output.
+        type: bool
+        default: false
+        version_added: 8.1.0
       filters:
         version_added: 4.6.0
         description: A list of Jinja templates that allow filtering hosts.
@@ -166,7 +171,6 @@ plugin: community.general.proxmox
 url: http://pve.domain.com:8006
 user: ansible@pve
 password: secure
-validate_certs: false
 want_facts: true
 keyed_groups:
     # proxmox_tags_parsed is an example of a fact only returned when 'want_facts=true'
@@ -187,10 +191,10 @@ want_proxmox_nodes_ansible_host: true
 # Note: my_inv_var demonstrates how to add a string variable to every host used by the inventory.
 # my.proxmox.yml
 plugin: community.general.proxmox
-url: http://pve.domain.com:8006
+url: http://192.168.1.2:8006
 user: ansible@pve
 password: secure
-validate_certs: false
+validate_certs: false  # only do this when you trust the network!
 want_facts: true
 want_proxmox_nodes_ansible_host: false
 compose:
@@ -224,7 +228,6 @@ from ansible.module_utils.six.moves.urllib.parse import urlencode
 from ansible.utils.display import Display
 
 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
 
 # 3rd party imports
 try:
@@ -331,7 +334,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
             self._cache[self.cache_key][url] = data
 
-        return make_unsafe(self._cache[self.cache_key][url])
+        return self._cache[self.cache_key][url]
 
     def _get_nodes(self):
         return self._get_json("%s/api2/json/nodes" % self.proxmox_url)
@@ -566,9 +569,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
         for group in default_groups:
             self.inventory.add_group(self._group('all_%s' % (group)))
-
         nodes_group = self._group('nodes')
-        self.inventory.add_group(nodes_group)
+        if not self.exclude_nodes:
+            self.inventory.add_group(nodes_group)
 
         want_proxmox_nodes_ansible_host = self.get_option("want_proxmox_nodes_ansible_host")
 
@@ -578,22 +581,23 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         for node in self._get_nodes():
             if not node.get('node'):
                 continue
-
-            self.inventory.add_host(node['node'])
-            if node['type'] == 'node':
+            if not self.exclude_nodes:
+                self.inventory.add_host(node['node'])
+            if node['type'] == 'node' and not self.exclude_nodes:
                 self.inventory.add_child(nodes_group, node['node'])
 
             if node['status'] == 'offline':
                 continue
 
             # get node IP address
-            if want_proxmox_nodes_ansible_host:
+            if want_proxmox_nodes_ansible_host and not self.exclude_nodes:
                 ip = self._get_node_ip(node['node'])
                 self.inventory.set_variable(node['node'], 'ansible_host', ip)
 
             # Setting composite variables
-            variables = self.inventory.get_host(node['node']).get_vars()
-            self._set_composite_vars(self.get_option('compose'), variables, node['node'], strict=self.strict)
+            if not self.exclude_nodes:
+                variables = self.inventory.get_host(node['node']).get_vars()
+                self._set_composite_vars(self.get_option('compose'), variables, node['node'], strict=self.strict)
 
             # add LXC/Qemu groups for the node
             for ittype in ('lxc', 'qemu'):
@@ -636,8 +640,8 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
         if self.get_option('qemu_extended_statuses') and not self.get_option('want_facts'):
             raise AnsibleError('You must set want_facts to True if you want to use qemu_extended_statuses.')
-
         # read rest of options
+        self.exclude_nodes = self.get_option('exclude_nodes')
         self.cache_key = self.get_cache_key(path)
         self.use_cache = cache and self.get_option('cache')
         self.host_filters = self.get_option('filters')

plugins/inventory/scaleway.py

@@ -121,7 +121,6 @@ else:
 from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable
 from ansible_collections.community.general.plugins.module_utils.scaleway import SCALEWAY_LOCATION, parse_pagination_link
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
 from ansible.module_utils.urls import open_url
 from ansible.module_utils.common.text.converters import to_native, to_text
 from ansible.module_utils.six import raise_from
@@ -280,7 +279,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
         zone_info = SCALEWAY_LOCATION[zone]
 
         url = _build_server_url(zone_info["api_endpoint"])
-        raw_zone_hosts_infos = make_unsafe(_fetch_information(url=url, token=token))
+        raw_zone_hosts_infos = _fetch_information(url=url, token=token)
 
         for host_infos in raw_zone_hosts_infos:
 
@@ -342,4 +341,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable):
         hostname_preference = self.get_option("hostnames")
 
         for zone in self._get_zones(config_zones):
-            self.do_zone_inventory(zone=make_unsafe(zone), token=token, tags=tags, hostname_preferences=hostname_preference)
+            self.do_zone_inventory(zone=zone, token=token, tags=tags, hostname_preferences=hostname_preference)

plugins/inventory/stackpath_compute.py

@@ -73,8 +73,6 @@ from ansible.plugins.inventory import (
 )
 from ansible.utils.display import Display
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 
 display = Display()
 
@@ -273,7 +271,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         if not cache or cache_needs_update:
             results = self._query()
 
-        self._populate(make_unsafe(results))
+        self._populate(results)
 
         # If the cache has expired/doesn't exist or
         # if refresh_inventory/flush cache is used

plugins/inventory/virtualbox.py

@@ -63,8 +63,6 @@ from ansible.module_utils.common._collections_compat import MutableMapping
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 from ansible.module_utils.common.process import get_bin_path
 
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
-
 
 class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
     ''' Host inventory parser for ansible using local virtualbox. '''
@@ -118,7 +116,6 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             self._add_host_to_keyed_groups(self.get_option('keyed_groups'), hostvars[host], host, strict=strict)
 
     def _populate_from_cache(self, source_data):
-        source_data = make_unsafe(source_data)
         hostvars = source_data.pop('_meta', {}).get('hostvars', {})
         for group in source_data:
             if group == 'all':
@@ -165,7 +162,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             v = v.strip()
             # found host
             if k.startswith('Name') and ',' not in v:  # some setting strings appear in Name
-                current_host = make_unsafe(v)
+                current_host = v
                 if current_host not in hostvars:
                     hostvars[current_host] = {}
                     self.inventory.add_host(current_host)
@@ -173,13 +170,12 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
                 # try to get network info
                 netdata = self._query_vbox_data(current_host, netinfo)
                 if netdata:
-                    self.inventory.set_variable(current_host, 'ansible_host', make_unsafe(netdata))
+                    self.inventory.set_variable(current_host, 'ansible_host', netdata)
 
             # found groups
             elif k == 'Groups':
                 for group in v.split('/'):
                     if group:
-                        group = make_unsafe(group)
                         group = self.inventory.add_group(group)
                         self.inventory.add_child(group, current_host)
                         if group not in cacheable_results:
@@ -189,17 +185,17 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
 
             else:
                 # found vars, accumulate in hostvars for clean inventory set
-                pref_k = make_unsafe('vbox_' + k.strip().replace(' ', '_'))
+                pref_k = 'vbox_' + k.strip().replace(' ', '_')
                 leading_spaces = len(k) - len(k.lstrip(' '))
                 if 0 < leading_spaces <= 2:
                     if prevkey not in hostvars[current_host] or not isinstance(hostvars[current_host][prevkey], dict):
                         hostvars[current_host][prevkey] = {}
-                    hostvars[current_host][prevkey][pref_k] = make_unsafe(v)
+                    hostvars[current_host][prevkey][pref_k] = v
                 elif leading_spaces > 2:
                     continue
                 else:
                     if v != '':
-                        hostvars[current_host][pref_k] = make_unsafe(v)
+                        hostvars[current_host][pref_k] = v
                 if self._ungrouped_host(current_host, cacheable_results):
                     if 'ungrouped' not in cacheable_results:
                         cacheable_results['ungrouped'] = {'hosts': []}

plugins/inventory/xen_orchestra.py

@@ -84,7 +84,6 @@ from ansible.errors import AnsibleError
 from ansible.plugins.inventory import BaseInventoryPlugin, Constructable, Cacheable
 
 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
-from ansible_collections.community.general.plugins.plugin_utils.unsafe import make_unsafe
 
 # 3rd party imports
 try:
@@ -348,4 +347,4 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             self.protocol = 'ws'
 
         objects = self._get_objects()
-        self._populate(make_unsafe(objects))
+        self._populate(objects)

plugins/lookup/bitwarden.py

@@ -25,10 +25,7 @@ DOCUMENTATION = """
         type: list
         elements: str
       search:
-        description:
-          - Field to retrieve, for example V(name) or V(id).
-          - If set to V(id), only zero or one element can be returned.
-            Use the Jinja C(first) filter to get the only list element.
+        description: Field to retrieve, for example V(name) or V(id).
         type: str
         default: name
         version_added: 5.7.0
@@ -42,27 +39,27 @@ DOCUMENTATION = """
 """
 
 EXAMPLES = """
-- name: "Get 'password' from all Bitwarden records named 'a_test'"
+- name: "Get 'password' from Bitwarden record named 'a_test'"
   ansible.builtin.debug:
     msg: >-
       {{ lookup('community.general.bitwarden', 'a_test', field='password') }}
 
-- name: "Get 'password' from Bitwarden record with ID 'bafba515-af11-47e6-abe3-af1200cd18b2'"
+- name: "Get 'password' from Bitwarden record with id 'bafba515-af11-47e6-abe3-af1200cd18b2'"
   ansible.builtin.debug:
     msg: >-
-      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') | first }}
+      {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') }}
 
-- name: "Get 'password' from all Bitwarden records named 'a_test' from collection"
+- name: "Get 'password' from Bitwarden record named 'a_test' from collection"
   ansible.builtin.debug:
     msg: >-
       {{ lookup('community.general.bitwarden', 'a_test', field='password', collection_id='bafba515-af11-47e6-abe3-af1200cd18b2') }}
 
-- name: "Get list of all full Bitwarden records named 'a_test'"
+- name: "Get full Bitwarden record named 'a_test'"
   ansible.builtin.debug:
     msg: >-
       {{ lookup('community.general.bitwarden', 'a_test') }}
 
-- name: "Get custom field 'api_key' from all Bitwarden records named 'a_test'"
+- name: "Get custom field 'api_key' from Bitwarden record named 'a_test'"
   ansible.builtin.debug:
     msg: >-
       {{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}
@@ -70,12 +67,9 @@ EXAMPLES = """
 
 RETURN = """
   _raw:
-    description:
-      - A one-element list that contains a list of requested fields or JSON objects of matches.
-      - If you use C(query), you get a list of lists. If you use C(lookup) without C(wantlist=true),
-        this always gets reduced to a list of field values or JSON objects.
+    description: List of requested field or JSON object of list of matches.
     type: list
-    elements: list
+    elements: raw
 """
 
 from subprocess import Popen, PIPE
@@ -110,6 +104,8 @@ class Bitwarden(object):
         out, err = p.communicate(to_bytes(stdin))
         rc = p.wait()
         if rc != expected_rc:
+            if len(args) > 2 and args[0] == 'get' and args[1] == 'item' and b'Not found.' in err:
+                return 'null', ''
             raise BitwardenException(err)
         return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict')
 
@@ -118,7 +114,10 @@ class Bitwarden(object):
         """
 
         # Prepare set of params for Bitwarden CLI
-        params = ['list', 'items', '--search', search_value]
+        if search_field == 'id':
+            params = ['get', 'item', search_value]
+        else:
+            params = ['list', 'items', '--search', search_value]
 
         if collection_id:
             params.extend(['--collectionid', collection_id])
@@ -127,7 +126,11 @@ class Bitwarden(object):
 
         # This includes things that matched in different fields.
         initial_matches = AnsibleJSONDecoder().raw_decode(out)[0]
-
+        if search_field == 'id':
+            if initial_matches is None:
+                initial_matches = []
+            else:
+                initial_matches = [initial_matches]
         # Filter to only include results from the right field.
         return [item for item in initial_matches if item[search_field] == search_value]
 

plugins/lookup/bitwarden_secrets_manager.py

@@ -70,7 +70,6 @@ RETURN = """
 """
 
 from subprocess import Popen, PIPE
-from time import sleep
 
 from ansible.errors import AnsibleLookupError
 from ansible.module_utils.common.text.converters import to_text
@@ -85,29 +84,11 @@ class BitwardenSecretsManagerException(AnsibleLookupError):
 class BitwardenSecretsManager(object):
     def __init__(self, path='bws'):
         self._cli_path = path
-        self._max_retries = 3
-        self._retry_delay = 1
 
     @property
     def cli_path(self):
         return self._cli_path
 
-    def _run_with_retry(self, args, stdin=None, retries=0):
-        out, err, rc = self._run(args, stdin)
-
-        if rc != 0:
-            if retries >= self._max_retries:
-                raise BitwardenSecretsManagerException("Max retries exceeded. Unable to retrieve secret.")
-
-            if "Too many requests" in err:
-                delay = self._retry_delay * (2 ** retries)
-                sleep(delay)
-                return self._run_with_retry(args, stdin, retries + 1)
-            else:
-                raise BitwardenSecretsManagerException("Command failed with return code {rc}: {err}".format(rc=rc, err=err))
-
-        return out, err, rc
-
     def _run(self, args, stdin=None):
         p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
         out, err = p.communicate(stdin)
@@ -126,7 +107,7 @@ class BitwardenSecretsManager(object):
             'get', 'secret', secret_id
         ]
 
-        out, err, rc = self._run_with_retry(params)
+        out, err, rc = self._run(params)
         if rc != 0:
             raise BitwardenSecretsManagerException(to_text(err))
 

plugins/lookup/collection_version.py

@@ -98,15 +98,10 @@ def load_collection_meta(collection_pkg, no_version='*'):
     if os.path.exists(manifest_path):
         return load_collection_meta_manifest(manifest_path)
 
-    # Try to load galaxy.y(a)ml
+    # Try to load galaxy.yml
     galaxy_path = os.path.join(path, 'galaxy.yml')
-    galaxy_alt_path = os.path.join(path, 'galaxy.yaml')
-    # galaxy.yaml was only supported in ansible-base 2.10 and ansible-core 2.11. Support was removed
-    # in https://github.com/ansible/ansible/commit/595413d11346b6f26bb3d9df2d8e05f2747508a3 for
-    # ansible-core 2.12.
-    for path in (galaxy_path, galaxy_alt_path):
-        if os.path.exists(path):
-            return load_collection_meta_galaxy(path, no_version=no_version)
+    if os.path.exists(galaxy_path):
+        return load_collection_meta_galaxy(galaxy_path, no_version=no_version)
 
     return {}
 

plugins/lookup/etcd.py

@@ -54,7 +54,7 @@ EXAMPLES = '''
   ansible.builtin.debug:
     msg: "{{ lookup('community.general.etcd', 'foo', 'bar', 'baz') }}"
 
-- name: "since Ansible 2.5 you can set server options inline"
+- name: "you can set server options inline"
   ansible.builtin.debug:
     msg: "{{ lookup('community.general.etcd', 'foo', version='v2', url='http://192.168.0.27:4001') }}"
 '''
@@ -62,7 +62,7 @@ EXAMPLES = '''
 RETURN = '''
     _raw:
         description:
-            - list of values associated with input keys
+            - List of values associated with input keys.
         type: list
         elements: string
 '''

plugins/lookup/merge_variables.py

@@ -11,7 +11,7 @@ DOCUMENTATION = """
       - Roy Lenferink (@rlenferink)
       - Mark Ettema (@m-a-r-k-e)
     name: merge_variables
-    short_description: merge variables whose names match a given pattern
+    short_description: merge variables with a certain suffix
     description:
         - This lookup returns the merged result of all variables in scope that match the given prefixes, suffixes, or
          regular expressions, optionally.

plugins/lookup/onepassword.py

@@ -14,59 +14,28 @@ DOCUMENTATION = '''
       - Scott Buchanan (@scottsb)
       - Andrew Zenk (@azenk)
       - Sam Doran (@samdoran)
-    requirements:
-      - C(op) 1Password command line utility. See U(https://support.1password.com/command-line/)
-    short_description: fetch field values from 1Password
+    short_description: Fetch field values from 1Password
     description:
       - P(community.general.onepassword#lookup) wraps the C(op) command line utility to fetch specific field values from 1Password.
+    requirements:
+      - C(op) 1Password command line utility
     options:
       _terms:
-        description: identifier(s) (UUID, name, or subdomain; case-insensitive) of item(s) to retrieve.
+        description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
         required: true
-      field:
-        description: field to return from each matching item (case-insensitive).
-        default: 'password'
-      master_password:
-        description: The password used to unlock the specified vault.
-        aliases: ['vault_password']
-      section:
-        description: Item section containing the field to retrieve (case-insensitive). If absent will return first match from any section.
-      domain:
-        description: Domain of 1Password.
-        version_added: 3.2.0
-        default: '1password.com'
-        type: str
-      subdomain:
-        description: The 1Password subdomain to authenticate against.
       account_id:
-        description: The account ID to target.
-        type: str
         version_added: 7.5.0
-      username:
-        description: The username used to sign in.
-      secret_key:
-        description: The secret key used when performing an initial sign in.
-      service_account_token:
-        description:
-          - The access key for a service account.
-          - Only works with 1Password CLI version 2 or later.
+      domain:
+        version_added: 3.2.0
+      field:
+        description: Field to return from each matching item (case-insensitive).
+        default: 'password'
         type: str
+      service_account_token:
         version_added: 7.1.0
-      vault:
-        description: Vault containing the item to retrieve (case-insensitive). If absent will search all vaults.
-    notes:
-      - This lookup will use an existing 1Password session if one exists. If not, and you have already
-        performed an initial sign in (meaning C(~/.op/config), C(~/.config/op/config) or C(~/.config/.op/config) exists), then only the
-        C(master_password) is required. You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
-      - This lookup can perform an initial login by providing O(subdomain), O(username), O(secret_key), and O(master_password).
-      - Can target a specific account by providing the O(account_id).
-      - Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials
-        needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
-        to the 1Password master password.
-      - This lookup stores potentially sensitive data from 1Password as Ansible facts.
-        Facts are subject to caching if enabled, which means this data could be stored in clear text
-        on disk or in a database.
-      - Tested with C(op) version 2.7.2
+    extends_documentation_fragment:
+      - community.general.onepassword
+      - community.general.onepassword.lookup
 '''
 
 EXAMPLES = """
@@ -108,7 +77,7 @@ EXAMPLES = """
 
 RETURN = """
   _raw:
-    description: field data requested
+    description: Field data requested.
     type: list
     elements: str
 """
@@ -119,7 +88,7 @@ import json
 import subprocess
 
 from ansible.plugins.lookup import LookupBase
-from ansible.errors import AnsibleLookupError
+from ansible.errors import AnsibleLookupError, AnsibleOptionsError
 from ansible.module_utils.common.process import get_bin_path
 from ansible.module_utils.common.text.converters import to_bytes, to_text
 from ansible.module_utils.six import with_metaclass
@@ -147,6 +116,8 @@ class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)):
         master_password=None,
         service_account_token=None,
         account_id=None,
+        connect_host=None,
+        connect_token=None,
     ):
         self.subdomain = subdomain
         self.domain = domain
@@ -155,6 +126,8 @@ class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)):
         self.secret_key = secret_key
         self.service_account_token = service_account_token
         self.account_id = account_id
+        self.connect_host = connect_host
+        self.connect_token = connect_token
 
         self._path = None
         self._version = None
@@ -333,6 +306,10 @@ class OnePassCLIv1(OnePassCLIBase):
         return not bool(rc)
 
     def full_signin(self):
+        if self.connect_host or self.connect_token:
+            raise AnsibleLookupError(
+                "1Password Connect is not available with 1Password CLI version 1. Please use version 2 or later.")
+
         if self.service_account_token:
             raise AnsibleLookupError(
                 "1Password CLI version 1 does not support Service Accounts. Please use version 2 or later.")
@@ -512,15 +489,18 @@ class OnePassCLIv2(OnePassCLIBase):
             current_section_title = section.get("label", section.get("id", "")).lower()
             if section_title == current_section_title:
                 # In the correct section. Check "label" then "id" for the desired field_name
-                if field.get("label", "").lower() == field_name:
+                if field.get("label") == field_name:
                     return field.get("value", "")
 
-                if field.get("id", "").lower() == field_name:
+                if field.get("id") == field_name:
                     return field.get("value", "")
 
         return ""
 
     def assert_logged_in(self):
+        if self.connect_host and self.connect_token:
+            return True
+
         if self.service_account_token:
             args = ["whoami"]
             environment_update = {"OP_SERVICE_ACCOUNT_TOKEN": self.service_account_token}
@@ -580,6 +560,15 @@ class OnePassCLIv2(OnePassCLIBase):
         if vault is not None:
             args += ["--vault={0}".format(vault)]
 
+        if self.connect_host and self.connect_token:
+            if vault is None:
+                raise AnsibleLookupError("'vault' is required with 1Password Connect")
+            environment_update = {
+                "OP_CONNECT_HOST": self.connect_host,
+                "OP_CONNECT_TOKEN": self.connect_token,
+            }
+            return self._run(args, environment_update=environment_update)
+
         if self.service_account_token:
             if vault is None:
                 raise AnsibleLookupError("'vault' is required with 'service_account_token'")
@@ -603,7 +592,7 @@ class OnePassCLIv2(OnePassCLIBase):
 
 class OnePass(object):
     def __init__(self, subdomain=None, domain="1password.com", username=None, secret_key=None, master_password=None,
-                 service_account_token=None, account_id=None):
+                 service_account_token=None, account_id=None, connect_host=None, connect_token=None, cli_class=None):
         self.subdomain = subdomain
         self.domain = domain
         self.username = username
@@ -611,19 +600,28 @@ class OnePass(object):
         self.master_password = master_password
         self.service_account_token = service_account_token
         self.account_id = account_id
+        self.connect_host = connect_host
+        self.connect_token = connect_token
 
         self.logged_in = False
         self.token = None
 
         self._config = OnePasswordConfig()
-        self._cli = self._get_cli_class()
+        self._cli = self._get_cli_class(cli_class)
+
+        if (self.connect_host or self.connect_token) and None in (self.connect_host, self.connect_token):
+            raise AnsibleOptionsError("connect_host and connect_token are required together")
+
+    def _get_cli_class(self, cli_class=None):
+        if cli_class is not None:
+            return cli_class(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token)
 
-    def _get_cli_class(self):
         version = OnePassCLIBase.get_current_version()
         for cls in OnePassCLIBase.__subclasses__():
             if cls.supports_version == version.split(".")[0]:
                 try:
-                    return cls(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token, self.account_id)
+                    return cls(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token,
+                               self.account_id, self.connect_host, self.connect_token)
                 except TypeError as e:
                     raise AnsibleLookupError(e)
 
@@ -688,8 +686,20 @@ class LookupModule(LookupBase):
         master_password = self.get_option("master_password")
         service_account_token = self.get_option("service_account_token")
         account_id = self.get_option("account_id")
+        connect_host = self.get_option("connect_host")
+        connect_token = self.get_option("connect_token")
 
-        op = OnePass(subdomain, domain, username, secret_key, master_password, service_account_token, account_id)
+        op = OnePass(
+            subdomain=subdomain,
+            domain=domain,
+            username=username,
+            secret_key=secret_key,
+            master_password=master_password,
+            service_account_token=service_account_token,
+            account_id=account_id,
+            connect_host=connect_host,
+            connect_token=connect_token,
+        )
         op.assert_logged_in()
 
         values = []

plugins/lookup/onepassword_doc.py

@@ -0,0 +1,104 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2023, Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+    name: onepassword_doc
+    author:
+      - Sam Doran (@samdoran)
+    requirements:
+      - C(op) 1Password command line utility version 2 or later.
+    short_description: Fetch documents stored in 1Password
+    version_added: "8.1.0"
+    description:
+      - P(community.general.onepassword_doc#lookup) wraps C(op) command line utility to fetch one or more documents from 1Password.
+    notes:
+      - The document contents are a string exactly as stored in 1Password.
+      - This plugin requires C(op) version 2 or later.
+
+    options:
+      _terms:
+        description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
+        required: true
+
+    extends_documentation_fragment:
+      - community.general.onepassword
+      - community.general.onepassword.lookup
+'''
+
+EXAMPLES = """
+- name: Retrieve a private key from 1Password
+  ansible.builtin.debug:
+    var: lookup('community.general.onepassword_doc', 'Private key')
+"""
+
+RETURN = """
+  _raw:
+    description: Requested document
+    type: list
+    elements: string
+"""
+
+from ansible_collections.community.general.plugins.lookup.onepassword import OnePass, OnePassCLIv2
+from ansible.errors import AnsibleLookupError
+from ansible.module_utils.common.text.converters import to_bytes
+from ansible.plugins.lookup import LookupBase
+
+
+class OnePassCLIv2Doc(OnePassCLIv2):
+    def get_raw(self, item_id, vault=None, token=None):
+        args = ["document", "get", item_id]
+        if vault is not None:
+            args = [*args, "--vault={0}".format(vault)]
+
+        if self.service_account_token:
+            if vault is None:
+                raise AnsibleLookupError("'vault' is required with 'service_account_token'")
+
+            environment_update = {"OP_SERVICE_ACCOUNT_TOKEN": self.service_account_token}
+            return self._run(args, environment_update=environment_update)
+
+        if token is not None:
+            args = [*args, to_bytes("--session=") + token]
+
+        return self._run(args)
+
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables=None, **kwargs):
+        self.set_options(var_options=variables, direct=kwargs)
+
+        vault = self.get_option("vault")
+        subdomain = self.get_option("subdomain")
+        domain = self.get_option("domain", "1password.com")
+        username = self.get_option("username")
+        secret_key = self.get_option("secret_key")
+        master_password = self.get_option("master_password")
+        service_account_token = self.get_option("service_account_token")
+        account_id = self.get_option("account_id")
+        connect_host = self.get_option("connect_host")
+        connect_token = self.get_option("connect_token")
+
+        op = OnePass(
+            subdomain=subdomain,
+            domain=domain,
+            username=username,
+            secret_key=secret_key,
+            master_password=master_password,
+            service_account_token=service_account_token,
+            account_id=account_id,
+            connect_host=connect_host,
+            connect_token=connect_token,
+            cli_class=OnePassCLIv2Doc,
+        )
+        op.assert_logged_in()
+
+        values = []
+        for term in terms:
+            values.append(op.get_raw(term, vault))
+
+        return values

plugins/lookup/onepassword_raw.py

@@ -15,55 +15,23 @@ DOCUMENTATION = '''
       - Andrew Zenk (@azenk)
       - Sam Doran (@samdoran)
     requirements:
-      - C(op) 1Password command line utility. See U(https://support.1password.com/command-line/)
-    short_description: fetch an entire item from 1Password
+      - C(op) 1Password command line utility
+    short_description: Fetch an entire item from 1Password
     description:
       - P(community.general.onepassword_raw#lookup) wraps C(op) command line utility to fetch an entire item from 1Password.
     options:
       _terms:
-        description: identifier(s) (UUID, name, or domain; case-insensitive) of item(s) to retrieve.
+        description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
         required: true
-      master_password:
-        description: The password used to unlock the specified vault.
-        aliases: ['vault_password']
-      section:
-        description: Item section containing the field to retrieve (case-insensitive). If absent will return first match from any section.
-      subdomain:
-        description: The 1Password subdomain to authenticate against.
-      domain:
-        description: Domain of 1Password.
-        version_added: 6.0.0
-        default: '1password.com'
-        type: str
       account_id:
-        description: The account ID to target.
-        type: str
         version_added: 7.5.0
-      username:
-        description: The username used to sign in.
-      secret_key:
-        description: The secret key used when performing an initial sign in.
+      domain:
+        version_added: 6.0.0
       service_account_token:
-        description:
-          - The access key for a service account.
-          - Only works with 1Password CLI version 2 or later.
-        type: string
         version_added: 7.1.0
-      vault:
-        description: Vault containing the item to retrieve (case-insensitive). If absent will search all vaults.
-    notes:
-      - This lookup will use an existing 1Password session if one exists. If not, and you have already
-        performed an initial sign in (meaning C(~/.op/config exists)), then only the O(master_password) is required.
-        You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
-      - This lookup can perform an initial login by providing O(subdomain), O(username), O(secret_key), and O(master_password).
-      - Can target a specific account by providing the O(account_id).
-      - Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials
-        needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
-        to the 1Password master password.
-      - This lookup stores potentially sensitive data from 1Password as Ansible facts.
-        Facts are subject to caching if enabled, which means this data could be stored in clear text
-        on disk or in a database.
-      - Tested with C(op) version 2.7.0
+    extends_documentation_fragment:
+      - community.general.onepassword
+      - community.general.onepassword.lookup
 '''
 
 EXAMPLES = """
@@ -78,7 +46,7 @@ EXAMPLES = """
 
 RETURN = """
   _raw:
-    description: field data requested
+    description: Entire item requested.
     type: list
     elements: dict
 """
@@ -102,8 +70,20 @@ class LookupModule(LookupBase):
         master_password = self.get_option("master_password")
         service_account_token = self.get_option("service_account_token")
         account_id = self.get_option("account_id")
+        connect_host = self.get_option("connect_host")
+        connect_token = self.get_option("connect_token")
 
-        op = OnePass(subdomain, domain, username, secret_key, master_password, service_account_token, account_id)
+        op = OnePass(
+            subdomain=subdomain,
+            domain=domain,
+            username=username,
+            secret_key=secret_key,
+            master_password=master_password,
+            service_account_token=service_account_token,
+            account_id=account_id,
+            connect_host=connect_host,
+            connect_token=connect_token,
+        )
         op.assert_logged_in()
 
         values = []

plugins/lookup/passwordstore.py

@@ -129,6 +129,16 @@ DOCUMENTATION = '''
           - pass
           - gopass
         version_added: 5.2.0
+      timestamp:
+        description: Add the password generation information to the end of the file.
+        type: bool
+        default: true
+        version_added: 8.1.0
+      preserve:
+        description: Include the old (edited) password inside the pass file.
+        type: bool
+        default: true
+        version_added: 8.1.0
     notes:
       - The lookup supports passing all options as lookup parameters since community.general 6.0.0.
 '''
@@ -386,11 +396,13 @@ class LookupModule(LookupBase):
         # generate new password, insert old lines from current result and return new password
         newpass = self.get_newpass()
         datetime = time.strftime("%d/%m/%Y %H:%M:%S")
-        msg = newpass + '\n'
-        if self.passoutput[1:]:
-            msg += '\n'.join(self.passoutput[1:]) + '\n'
-        if self.paramvals['backup']:
-            msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
+        msg = newpass
+        if self.paramvals['preserve'] or self.paramvals['timestamp']:
+            msg += '\n'
+            if self.paramvals['preserve'] and self.passoutput[1:]:
+                msg += '\n'.join(self.passoutput[1:]) + '\n'
+            if self.paramvals['timestamp'] and self.paramvals['backup']:
+                msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
         try:
             check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
@@ -402,7 +414,9 @@ class LookupModule(LookupBase):
         # use pwgen to generate the password and insert values with pass -m
         newpass = self.get_newpass()
         datetime = time.strftime("%d/%m/%Y %H:%M:%S")
-        msg = newpass + '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
+        msg = newpass
+        if self.paramvals['timestamp']:
+            msg += '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
         try:
             check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
@@ -465,6 +479,8 @@ class LookupModule(LookupBase):
             'backup': self.get_option('backup'),
             'missing': self.get_option('missing'),
             'umask': self.get_option('umask'),
+            'timestamp': self.get_option('timestamp'),
+            'preserve': self.get_option('preserve'),
         }
 
     def run(self, terms, variables, **kwargs):

plugins/module_utils/gitlab.py

@@ -21,34 +21,20 @@ except ImportError:
 
 import traceback
 
-
-def _determine_list_all_kwargs(version):
-    gitlab_version = LooseVersion(version)
-    if gitlab_version >= LooseVersion('4.0.0'):
-        # 4.0.0 removed 'as_list'
-        return {'iterator': True, 'per_page': 100}
-    elif gitlab_version >= LooseVersion('3.7.0'):
-        # 3.7.0 added 'get_all'
-        return {'as_list': False, 'get_all': True, 'per_page': 100}
-    else:
-        return {'as_list': False, 'all': True, 'per_page': 100}
-
-
 GITLAB_IMP_ERR = None
 try:
     import gitlab
     import requests
     HAS_GITLAB_PACKAGE = True
-    list_all_kwargs = _determine_list_all_kwargs(gitlab.__version__)
 except Exception:
     gitlab = None
     GITLAB_IMP_ERR = traceback.format_exc()
     HAS_GITLAB_PACKAGE = False
-    list_all_kwargs = {}
 
 
 def auth_argument_spec(spec=None):
     arg_spec = (dict(
+        ca_path=dict(type='str'),
         api_token=dict(type='str', no_log=True),
         api_oauth_token=dict(type='str', no_log=True),
         api_job_token=dict(type='str', no_log=True),
@@ -89,33 +75,36 @@ def ensure_gitlab_package(module):
 
 
 def gitlab_authentication(module):
+    ensure_gitlab_package(module)
+
     gitlab_url = module.params['api_url']
     validate_certs = module.params['validate_certs']
+    ca_path = module.params['ca_path']
     gitlab_user = module.params['api_username']
     gitlab_password = module.params['api_password']
     gitlab_token = module.params['api_token']
     gitlab_oauth_token = module.params['api_oauth_token']
     gitlab_job_token = module.params['api_job_token']
 
-    ensure_gitlab_package(module)
+    verify = ca_path if validate_certs and ca_path else validate_certs
 
     try:
         # python-gitlab library remove support for username/password authentication since 1.13.0
         # Changelog : https://github.com/python-gitlab/python-gitlab/releases/tag/v1.13.0
         # This condition allow to still support older version of the python-gitlab library
         if LooseVersion(gitlab.__version__) < LooseVersion("1.13.0"):
-            gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, email=gitlab_user, password=gitlab_password,
+            gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, email=gitlab_user, password=gitlab_password,
                                             private_token=gitlab_token, api_version=4)
         else:
             # We can create an oauth_token using a username and password
             # https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow
             if gitlab_user:
                 data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password}
-                resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=validate_certs)
+                resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify)
                 resp_data = resp.json()
                 gitlab_oauth_token = resp_data["access_token"]
 
-            gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, private_token=gitlab_token,
+            gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token,
                                             oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4)
 
         gitlab_instance.auth()

plugins/module_utils/identity/keycloak/keycloak.py

@@ -292,8 +292,8 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not obtain realm %s: %s' % (realm, str(e)),
-                                      exception=traceback.format_exc())
+                self.fail_open_url(e, msg='Could not obtain realm %s: %s' % (realm, str(e)),
+                                   exception=traceback.format_exc())
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain realm %s: %s' % (realm, str(e)),
                                   exception=traceback.format_exc())
@@ -317,8 +317,8 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not obtain realm %s: %s' % (realm, str(e)),
-                                      exception=traceback.format_exc())
+                self.fail_open_url(e, msg='Could not obtain realm %s: %s' % (realm, str(e)),
+                                   exception=traceback.format_exc())
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain realm %s: %s' % (realm, str(e)),
                                   exception=traceback.format_exc())
@@ -338,8 +338,8 @@ class KeycloakAPI(object):
             return open_url(realm_url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(realmrep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not update realm %s: %s' % (realm, str(e)),
-                                  exception=traceback.format_exc())
+            self.fail_open_url(e, msg='Could not update realm %s: %s' % (realm, str(e)),
+                               exception=traceback.format_exc())
 
     def create_realm(self, realmrep):
         """ Create a realm in keycloak
@@ -352,8 +352,8 @@ class KeycloakAPI(object):
             return open_url(realm_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(realmrep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create realm %s: %s' % (realmrep['id'], str(e)),
-                                  exception=traceback.format_exc())
+            self.fail_open_url(e, msg='Could not create realm %s: %s' % (realmrep['id'], str(e)),
+                               exception=traceback.format_exc())
 
     def delete_realm(self, realm="master"):
         """ Delete a realm from Keycloak
@@ -367,8 +367,8 @@ class KeycloakAPI(object):
             return open_url(realm_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete realm %s: %s' % (realm, str(e)),
-                                  exception=traceback.format_exc())
+            self.fail_open_url(e, msg='Could not delete realm %s: %s' % (realm, str(e)),
+                               exception=traceback.format_exc())
 
     def get_clients(self, realm='master', filter=None):
         """ Obtains client representations for clients in a realm
@@ -389,7 +389,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of clients for realm %s: %s'
                                       % (realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain list of clients for realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain list of clients for realm %s: %s'
                                       % (realm, str(e)))
 
     def get_client_by_clientid(self, client_id, realm='master'):
@@ -422,7 +422,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not obtain client %s for realm %s: %s'
+                self.fail_open_url(e, msg='Could not obtain client %s for realm %s: %s'
                                           % (id, realm, str(e)))
         except ValueError as e:
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain client %s for realm %s: %s'
@@ -457,7 +457,7 @@ class KeycloakAPI(object):
             return open_url(client_url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clientrep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not update client %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update client %s in realm %s: %s'
                                       % (id, realm, str(e)))
 
     def create_client(self, clientrep, realm="master"):
@@ -472,7 +472,7 @@ class KeycloakAPI(object):
             return open_url(client_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clientrep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create client %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create client %s in realm %s: %s'
                                       % (clientrep['clientId'], realm, str(e)))
 
     def delete_client(self, id, realm="master"):
@@ -488,7 +488,7 @@ class KeycloakAPI(object):
             return open_url(client_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete client %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not delete client %s in realm %s: %s'
                                       % (id, realm, str(e)))
 
     def get_client_roles_by_id(self, cid, realm="master"):
@@ -504,7 +504,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch rolemappings for client %s in realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch rolemappings for client %s in realm %s: %s"
                                       % (cid, realm, str(e)))
 
     def get_client_role_id_by_name(self, cid, name, realm="master"):
@@ -539,7 +539,7 @@ class KeycloakAPI(object):
                 if rid == role['id']:
                     return role
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch rolemappings for client %s in group %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch rolemappings for client %s in group %s, realm %s: %s"
                                       % (cid, gid, realm, str(e)))
         return None
 
@@ -557,7 +557,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
                                       % (cid, gid, realm, str(e)))
 
     def get_client_group_composite_rolemappings(self, gid, cid, realm="master"):
@@ -574,7 +574,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
                                       % (cid, gid, realm, str(e)))
 
     def get_role_by_id(self, rid, realm="master"):
@@ -590,7 +590,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch role for id %s in realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch role for id %s in realm %s: %s"
                                       % (rid, realm, str(e)))
 
     def get_client_roles_by_id_composite_rolemappings(self, rid, cid, realm="master"):
@@ -607,7 +607,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch role for id %s and cid %s in realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch role for id %s and cid %s in realm %s: %s"
                                       % (rid, cid, realm, str(e)))
 
     def add_client_roles_by_id_composite_rolemapping(self, rid, roles_rep, realm="master"):
@@ -623,7 +623,7 @@ class KeycloakAPI(object):
             open_url(available_rolemappings_url, method="POST", http_agent=self.http_agent, headers=self.restheaders, data=json.dumps(roles_rep),
                      validate_certs=self.validate_certs, timeout=self.connection_timeout)
         except Exception as e:
-            self.module.fail_json(msg="Could not assign roles to composite role %s and realm %s: %s"
+            self.fail_open_url(e, msg="Could not assign roles to composite role %s and realm %s: %s"
                                       % (rid, realm, str(e)))
 
     def add_group_rolemapping(self, gid, cid, role_rep, realm="master"):
@@ -640,7 +640,7 @@ class KeycloakAPI(object):
             open_url(available_rolemappings_url, method="POST", http_agent=self.http_agent, headers=self.restheaders, data=json.dumps(role_rep),
                      validate_certs=self.validate_certs, timeout=self.connection_timeout)
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch available rolemappings for client %s in group %s, realm %s: %s"
                                       % (cid, gid, realm, str(e)))
 
     def delete_group_rolemapping(self, gid, cid, role_rep, realm="master"):
@@ -657,7 +657,7 @@ class KeycloakAPI(object):
             open_url(available_rolemappings_url, method="DELETE", http_agent=self.http_agent, headers=self.restheaders, data=json.dumps(role_rep),
                      validate_certs=self.validate_certs, timeout=self.connection_timeout)
         except Exception as e:
-            self.module.fail_json(msg="Could not delete available rolemappings for client %s in group %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not delete available rolemappings for client %s in group %s, realm %s: %s"
                                       % (cid, gid, realm, str(e)))
 
     def get_client_user_rolemapping_by_id(self, uid, cid, rid, realm='master'):
@@ -678,7 +678,7 @@ class KeycloakAPI(object):
                 if rid == role['id']:
                     return role
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch rolemappings for client %s and user %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch rolemappings for client %s and user %s, realm %s: %s"
                                       % (cid, uid, realm, str(e)))
         return None
 
@@ -696,7 +696,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch effective rolemappings for client %s and user %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch effective rolemappings for client %s and user %s, realm %s: %s"
                                       % (cid, uid, realm, str(e)))
 
     def get_client_user_composite_rolemappings(self, uid, cid, realm="master"):
@@ -713,7 +713,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch available rolemappings for user %s of realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch available rolemappings for user %s of realm %s: %s"
                                       % (uid, realm, str(e)))
 
     def get_realm_user_rolemapping_by_id(self, uid, rid, realm='master'):
@@ -733,7 +733,7 @@ class KeycloakAPI(object):
                 if rid == role['id']:
                     return role
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch rolemappings for user %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch rolemappings for user %s, realm %s: %s"
                                       % (uid, realm, str(e)))
         return None
 
@@ -750,7 +750,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch available rolemappings for user %s of realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch available rolemappings for user %s of realm %s: %s"
                                       % (uid, realm, str(e)))
 
     def get_realm_user_composite_rolemappings(self, uid, realm="master"):
@@ -766,7 +766,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch effective rolemappings for user %s, realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch effective rolemappings for user %s, realm %s: %s"
                                       % (uid, realm, str(e)))
 
     def get_user_by_username(self, username, realm="master"):
@@ -793,7 +793,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain the user for realm %s and username %s: %s'
                                       % (realm, username, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain the user for realm %s and username %s: %s'
+            self.fail_open_url(e, msg='Could not obtain the user for realm %s and username %s: %s'
                                       % (realm, username, str(e)))
 
     def get_service_account_user_by_client_id(self, client_id, realm="master"):
@@ -814,7 +814,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain the service-account-user for realm %s and client_id %s: %s'
                                       % (realm, client_id, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain the service-account-user for realm %s and client_id %s: %s'
+            self.fail_open_url(e, msg='Could not obtain the service-account-user for realm %s and client_id %s: %s'
                                       % (realm, client_id, str(e)))
 
     def add_user_rolemapping(self, uid, cid, role_rep, realm="master"):
@@ -832,7 +832,7 @@ class KeycloakAPI(object):
                 open_url(user_realm_rolemappings_url, method="POST", http_agent=self.http_agent, headers=self.restheaders, data=json.dumps(role_rep),
                          validate_certs=self.validate_certs, timeout=self.connection_timeout)
             except Exception as e:
-                self.module.fail_json(msg="Could not map roles to userId %s for realm %s and roles %s: %s"
+                self.fail_open_url(e, msg="Could not map roles to userId %s for realm %s and roles %s: %s"
                                           % (uid, realm, json.dumps(role_rep), str(e)))
         else:
             user_client_rolemappings_url = URL_CLIENT_USER_ROLEMAPPINGS.format(url=self.baseurl, realm=realm, id=uid, client=cid)
@@ -840,7 +840,7 @@ class KeycloakAPI(object):
                 open_url(user_client_rolemappings_url, method="POST", http_agent=self.http_agent, headers=self.restheaders, data=json.dumps(role_rep),
                          validate_certs=self.validate_certs, timeout=self.connection_timeout)
             except Exception as e:
-                self.module.fail_json(msg="Could not map roles to userId %s for client %s, realm %s and roles %s: %s"
+                self.fail_open_url(e, msg="Could not map roles to userId %s for client %s, realm %s and roles %s: %s"
                                           % (cid, uid, realm, json.dumps(role_rep), str(e)))
 
     def delete_user_rolemapping(self, uid, cid, role_rep, realm="master"):
@@ -858,7 +858,7 @@ class KeycloakAPI(object):
                 open_url(user_realm_rolemappings_url, method="DELETE", http_agent=self.http_agent, headers=self.restheaders, data=json.dumps(role_rep),
                          validate_certs=self.validate_certs, timeout=self.connection_timeout)
             except Exception as e:
-                self.module.fail_json(msg="Could not remove roles %s from userId %s, realm %s: %s"
+                self.fail_open_url(e, msg="Could not remove roles %s from userId %s, realm %s: %s"
                                           % (json.dumps(role_rep), uid, realm, str(e)))
         else:
             user_client_rolemappings_url = URL_CLIENT_USER_ROLEMAPPINGS.format(url=self.baseurl, realm=realm, id=uid, client=cid)
@@ -866,7 +866,7 @@ class KeycloakAPI(object):
                 open_url(user_client_rolemappings_url, method="DELETE", http_agent=self.http_agent, headers=self.restheaders, data=json.dumps(role_rep),
                          validate_certs=self.validate_certs, timeout=self.connection_timeout)
             except Exception as e:
-                self.module.fail_json(msg="Could not remove roles %s for client %s from userId %s, realm %s: %s"
+                self.fail_open_url(e, msg="Could not remove roles %s for client %s from userId %s, realm %s: %s"
                                           % (json.dumps(role_rep), cid, uid, realm, str(e)))
 
     def get_client_templates(self, realm='master'):
@@ -884,7 +884,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of client templates for realm %s: %s'
                                       % (realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain list of client templates for realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain list of client templates for realm %s: %s'
                                       % (realm, str(e)))
 
     def get_client_template_by_id(self, id, realm='master'):
@@ -903,7 +903,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain client templates %s for realm %s: %s'
                                       % (id, realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain client template %s for realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain client template %s for realm %s: %s'
                                       % (id, realm, str(e)))
 
     def get_client_template_by_name(self, name, realm='master'):
@@ -946,7 +946,7 @@ class KeycloakAPI(object):
             return open_url(url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clienttrep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not update client template %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update client template %s in realm %s: %s'
                                       % (id, realm, str(e)))
 
     def create_client_template(self, clienttrep, realm="master"):
@@ -961,7 +961,7 @@ class KeycloakAPI(object):
             return open_url(url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clienttrep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create client template %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create client template %s in realm %s: %s'
                                       % (clienttrep['clientId'], realm, str(e)))
 
     def delete_client_template(self, id, realm="master"):
@@ -977,7 +977,7 @@ class KeycloakAPI(object):
             return open_url(url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete client template %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not delete client template %s in realm %s: %s'
                                       % (id, realm, str(e)))
 
     def get_clientscopes(self, realm="master"):
@@ -995,7 +995,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch list of clientscopes in realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch list of clientscopes in realm %s: %s"
                                       % (realm, str(e)))
 
     def get_clientscope_by_clientscopeid(self, cid, realm="master"):
@@ -1017,7 +1017,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg="Could not fetch clientscope %s in realm %s: %s"
+                self.fail_open_url(e, msg="Could not fetch clientscope %s in realm %s: %s"
                                           % (cid, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg="Could not clientscope group %s in realm %s: %s"
@@ -1058,7 +1058,7 @@ class KeycloakAPI(object):
             return open_url(clientscopes_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(clientscoperep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Could not create clientscope %s in realm %s: %s"
+            self.fail_open_url(e, msg="Could not create clientscope %s in realm %s: %s"
                                       % (clientscoperep['name'], realm, str(e)))
 
     def update_clientscope(self, clientscoperep, realm="master"):
@@ -1074,7 +1074,7 @@ class KeycloakAPI(object):
                             data=json.dumps(clientscoperep), validate_certs=self.validate_certs)
 
         except Exception as e:
-            self.module.fail_json(msg='Could not update clientscope %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update clientscope %s in realm %s: %s'
                                       % (clientscoperep['name'], realm, str(e)))
 
     def delete_clientscope(self, name=None, cid=None, realm="master"):
@@ -1112,7 +1112,7 @@ class KeycloakAPI(object):
                             validate_certs=self.validate_certs)
 
         except Exception as e:
-            self.module.fail_json(msg="Unable to delete clientscope %s: %s" % (cid, str(e)))
+            self.fail_open_url(e, msg="Unable to delete clientscope %s: %s" % (cid, str(e)))
 
     def get_clientscope_protocolmappers(self, cid, realm="master"):
         """ Fetch the name and ID of all clientscopes on the Keycloak server.
@@ -1130,7 +1130,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch list of protocolmappers in realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch list of protocolmappers in realm %s: %s"
                                       % (realm, str(e)))
 
     def get_clientscope_protocolmapper_by_protocolmapperid(self, pid, cid, realm="master"):
@@ -1154,7 +1154,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg="Could not fetch protocolmapper %s in realm %s: %s"
+                self.fail_open_url(e, msg="Could not fetch protocolmapper %s in realm %s: %s"
                                           % (pid, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch protocolmapper %s in realm %s: %s"
@@ -1197,7 +1197,7 @@ class KeycloakAPI(object):
             return open_url(protocolmappers_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(mapper_rep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Could not create protocolmapper %s in realm %s: %s"
+            self.fail_open_url(e, msg="Could not create protocolmapper %s in realm %s: %s"
                                       % (mapper_rep['name'], realm, str(e)))
 
     def update_clientscope_protocolmappers(self, cid, mapper_rep, realm="master"):
@@ -1214,7 +1214,7 @@ class KeycloakAPI(object):
                             data=json.dumps(mapper_rep), validate_certs=self.validate_certs)
 
         except Exception as e:
-            self.module.fail_json(msg='Could not update protocolmappers for clientscope %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update protocolmappers for clientscope %s in realm %s: %s'
                                       % (mapper_rep, realm, str(e)))
 
     def get_default_clientscopes(self, realm, client_id=None):
@@ -1261,7 +1261,7 @@ class KeycloakAPI(object):
                 return json.loads(to_native(open_url(clientscopes_url, method="GET", http_agent=self.http_agent, headers=self.restheaders,
                                                      timeout=self.connection_timeout, validate_certs=self.validate_certs).read()))
             except Exception as e:
-                self.module.fail_json(msg="Could not fetch list of %s clientscopes in realm %s: %s" % (scope_type, realm, str(e)))
+                self.fail_open_url(e, msg="Could not fetch list of %s clientscopes in realm %s: %s" % (scope_type, realm, str(e)))
         else:
             cid = self.get_client_id(client_id=client_id, realm=realm)
             clientscopes_url = url_template.format(url=self.baseurl, realm=realm, cid=cid)
@@ -1269,7 +1269,7 @@ class KeycloakAPI(object):
                 return json.loads(to_native(open_url(clientscopes_url, method="GET", http_agent=self.http_agent, headers=self.restheaders,
                                                      timeout=self.connection_timeout, validate_certs=self.validate_certs).read()))
             except Exception as e:
-                self.module.fail_json(msg="Could not fetch list of %s clientscopes in client %s: %s" % (scope_type, client_id, clientscopes_url))
+                self.fail_open_url(e, msg="Could not fetch list of %s clientscopes in client %s: %s" % (scope_type, client_id, clientscopes_url))
 
     def _decide_url_type_clientscope(self, client_id=None, scope_type="default"):
         """Decides which url to use.
@@ -1340,7 +1340,7 @@ class KeycloakAPI(object):
 
         except Exception as e:
             place = 'realm' if client_id is None else 'client ' + client_id
-            self.module.fail_json(msg="Unable to %s %s clientscope %s @ %s : %s" % (action, scope_type, id, place, str(e)))
+            self.fail_open_url(e, msg="Unable to %s %s clientscope %s @ %s : %s" % (action, scope_type, id, place, str(e)))
 
     def create_clientsecret(self, id, realm="master"):
         """ Generate a new client secret by id
@@ -1360,7 +1360,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not obtain clientsecret of client %s for realm %s: %s'
+                self.fail_open_url(e, msg='Could not obtain clientsecret of client %s for realm %s: %s'
                                           % (id, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg='Could not obtain clientsecret of client %s for realm %s: %s'
@@ -1384,7 +1384,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not obtain clientsecret of client %s for realm %s: %s'
+                self.fail_open_url(e, msg='Could not obtain clientsecret of client %s for realm %s: %s'
                                           % (id, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg='Could not obtain clientsecret of client %s for realm %s: %s'
@@ -1404,7 +1404,7 @@ class KeycloakAPI(object):
                                                  timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg="Could not fetch list of groups in realm %s: %s"
+            self.fail_open_url(e, msg="Could not fetch list of groups in realm %s: %s"
                                       % (realm, str(e)))
 
     def get_group_by_groupid(self, gid, realm="master"):
@@ -1425,7 +1425,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg="Could not fetch group %s in realm %s: %s"
+                self.fail_open_url(e, msg="Could not fetch group %s in realm %s: %s"
                                           % (gid, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg="Could not fetch group %s in realm %s: %s"
@@ -1572,7 +1572,7 @@ class KeycloakAPI(object):
             return open_url(groups_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(grouprep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Could not create group %s in realm %s: %s"
+            self.fail_open_url(e, msg="Could not create group %s in realm %s: %s"
                                       % (grouprep['name'], realm, str(e)))
 
     def create_subgroup(self, parents, grouprep, realm="master"):
@@ -1600,7 +1600,7 @@ class KeycloakAPI(object):
             return open_url(url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(grouprep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Could not create subgroup %s for parent group %s in realm %s: %s"
+            self.fail_open_url(e, msg="Could not create subgroup %s for parent group %s in realm %s: %s"
                                       % (grouprep['name'], parent_id, realm, str(e)))
 
     def update_group(self, grouprep, realm="master"):
@@ -1615,7 +1615,7 @@ class KeycloakAPI(object):
             return open_url(group_url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(grouprep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not update group %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update group %s in realm %s: %s'
                                       % (grouprep['name'], realm, str(e)))
 
     def delete_group(self, name=None, groupid=None, realm="master"):
@@ -1652,7 +1652,7 @@ class KeycloakAPI(object):
             return open_url(group_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Unable to delete group %s: %s" % (groupid, str(e)))
+            self.fail_open_url(e, msg="Unable to delete group %s: %s" % (groupid, str(e)))
 
     def get_realm_roles(self, realm='master'):
         """ Obtains role representations for roles in a realm
@@ -1669,7 +1669,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of roles for realm %s: %s'
                                       % (realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain list of roles for realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain list of roles for realm %s: %s'
                                       % (realm, str(e)))
 
     def get_realm_role(self, name, realm='master'):
@@ -1687,7 +1687,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not fetch role %s in realm %s: %s'
+                self.fail_open_url(e, msg='Could not fetch role %s in realm %s: %s'
                                           % (name, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg='Could not fetch role %s in realm %s: %s'
@@ -1707,7 +1707,7 @@ class KeycloakAPI(object):
             return open_url(roles_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(rolerep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create role %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create role %s in realm %s: %s'
                                       % (rolerep['name'], realm, str(e)))
 
     def update_realm_role(self, rolerep, realm='master'):
@@ -1728,7 +1728,7 @@ class KeycloakAPI(object):
                 self.update_role_composites(rolerep=rolerep, composites=composites, realm=realm)
             return role_response
         except Exception as e:
-            self.module.fail_json(msg='Could not update role %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update role %s in realm %s: %s'
                                       % (rolerep['name'], realm, str(e)))
 
     def get_role_composites(self, rolerep, clientid=None, realm='master'):
@@ -1749,7 +1749,7 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg='Could not get role %s composites in realm %s: %s'
+            self.fail_open_url(e, msg='Could not get role %s composites in realm %s: %s'
                                       % (rolerep['name'], realm, str(e)))
 
     def create_role_composites(self, rolerep, composites, clientid=None, realm='master'):
@@ -1766,7 +1766,7 @@ class KeycloakAPI(object):
             return open_url(composite_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(composites), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create role %s composites in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create role %s composites in realm %s: %s'
                                       % (rolerep['name'], realm, str(e)))
 
     def delete_role_composites(self, rolerep, composites, clientid=None, realm='master'):
@@ -1783,7 +1783,7 @@ class KeycloakAPI(object):
             return open_url(composite_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(composites), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create role %s composites in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create role %s composites in realm %s: %s'
                                       % (rolerep['name'], realm, str(e)))
 
     def update_role_composites(self, rolerep, composites, clientid=None, realm='master'):
@@ -1847,7 +1847,7 @@ class KeycloakAPI(object):
             return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Unable to delete role %s in realm %s: %s'
+            self.fail_open_url(e, msg='Unable to delete role %s in realm %s: %s'
                                       % (name, realm, str(e)))
 
     def get_client_roles(self, clientid, realm='master'):
@@ -1870,7 +1870,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of roles for client %s in realm %s: %s'
                                       % (clientid, realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain list of roles for client %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain list of roles for client %s in realm %s: %s'
                                       % (clientid, realm, str(e)))
 
     def get_client_role(self, name, clientid, realm='master'):
@@ -1894,7 +1894,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not fetch role %s in client %s of realm %s: %s'
+                self.fail_open_url(e, msg='Could not fetch role %s in client %s of realm %s: %s'
                                           % (name, clientid, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg='Could not fetch role %s for client %s in realm %s: %s'
@@ -1920,7 +1920,7 @@ class KeycloakAPI(object):
             return open_url(roles_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(rolerep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create role %s for client %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create role %s for client %s in realm %s: %s'
                                       % (rolerep['name'], clientid, realm, str(e)))
 
     def convert_role_composites(self, composites):
@@ -1962,7 +1962,7 @@ class KeycloakAPI(object):
                 self.update_role_composites(rolerep=rolerep, clientid=clientid, composites=composites, realm=realm)
             return update_role_response
         except Exception as e:
-            self.module.fail_json(msg='Could not update role %s for client %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update role %s for client %s in realm %s: %s'
                                       % (rolerep['name'], clientid, realm, str(e)))
 
     def delete_client_role(self, name, clientid, realm="master"):
@@ -1981,7 +1981,7 @@ class KeycloakAPI(object):
             return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Unable to delete role %s for client %s in realm %s: %s'
+            self.fail_open_url(e, msg='Unable to delete role %s for client %s in realm %s: %s'
                                       % (name, clientid, realm, str(e)))
 
     def get_authentication_flow_by_alias(self, alias, realm='master'):
@@ -2003,7 +2003,7 @@ class KeycloakAPI(object):
                     break
             return authentication_flow
         except Exception as e:
-            self.module.fail_json(msg="Unable get authentication flow %s: %s" % (alias, str(e)))
+            self.fail_open_url(e, msg="Unable get authentication flow %s: %s" % (alias, str(e)))
 
     def delete_authentication_flow_by_id(self, id, realm='master'):
         """
@@ -2018,8 +2018,8 @@ class KeycloakAPI(object):
             return open_url(flow_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete authentication flow %s in realm %s: %s'
-                                  % (id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not delete authentication flow %s in realm %s: %s'
+                                      % (id, realm, str(e)))
 
     def copy_auth_flow(self, config, realm='master'):
         """
@@ -2055,8 +2055,8 @@ class KeycloakAPI(object):
                     return flow
             return None
         except Exception as e:
-            self.module.fail_json(msg='Could not copy authentication flow %s in realm %s: %s'
-                                  % (config["alias"], realm, str(e)))
+            self.fail_open_url(e, msg='Could not copy authentication flow %s in realm %s: %s'
+                                      % (config["alias"], realm, str(e)))
 
     def create_empty_auth_flow(self, config, realm='master'):
         """
@@ -2095,8 +2095,8 @@ class KeycloakAPI(object):
                     return flow
             return None
         except Exception as e:
-            self.module.fail_json(msg='Could not create empty authentication flow %s in realm %s: %s'
-                                  % (config["alias"], realm, str(e)))
+            self.fail_open_url(e, msg='Could not create empty authentication flow %s in realm %s: %s'
+                                      % (config["alias"], realm, str(e)))
 
     def update_authentication_executions(self, flowAlias, updatedExec, realm='master'):
         """ Update authentication executions
@@ -2117,8 +2117,8 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs)
         except HTTPError as e:
-            self.module.fail_json(msg="Unable to update execution '%s': %s: %s %s" %
-                                      (flowAlias, repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(updatedExec)))
+            self.fail_open_url(e, msg="Unable to update execution '%s': %s: %s %s"
+                                      % (flowAlias, repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(updatedExec)))
         except Exception as e:
             self.module.fail_json(msg="Unable to update executions %s: %s" % (updatedExec, str(e)))
 
@@ -2141,7 +2141,7 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e)))
+            self.fail_open_url(e, msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e)))
 
     def create_subflow(self, subflowName, flowAlias, realm='master', flowType='basic-flow'):
         """ Create new sublow on the flow
@@ -2166,7 +2166,7 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Unable to create new subflow %s: %s" % (subflowName, str(e)))
+            self.fail_open_url(e, msg="Unable to create new subflow %s: %s" % (subflowName, str(e)))
 
     def create_execution(self, execution, flowAlias, realm='master'):
         """ Create new execution on the flow
@@ -2190,8 +2190,8 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs)
         except HTTPError as e:
-            self.module.fail_json(msg="Unable to create new execution '%s' %s: %s: %s %s" %
-                                  (flowAlias, execution["providerId"], repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(newExec)))
+            self.fail_open_url(e, msg="Unable to create new execution '%s' %s: %s: %s %s"
+                                      % (flowAlias, execution["providerId"], repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(newExec)))
         except Exception as e:
             self.module.fail_json(msg="Unable to create new execution '%s' %s: %s" % (flowAlias, execution["providerId"], repr(e)))
 
@@ -2227,7 +2227,7 @@ class KeycloakAPI(object):
                         timeout=self.connection_timeout,
                         validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg="Unable to change execution priority %s: %s" % (executionId, str(e)))
+            self.fail_open_url(e, msg="Unable to change execution priority %s: %s" % (executionId, str(e)))
 
     def get_executions_representation(self, config, realm='master'):
         """
@@ -2264,8 +2264,8 @@ class KeycloakAPI(object):
                     execution["authenticationConfig"] = execConfig
             return executions
         except Exception as e:
-            self.module.fail_json(msg='Could not get executions for authentication flow %s in realm %s: %s'
-                                  % (config["alias"], realm, str(e)))
+            self.fail_open_url(e, msg='Could not get executions for authentication flow %s in realm %s: %s'
+                                      % (config["alias"], realm, str(e)))
 
     def get_required_actions(self, realm='master'):
         """
@@ -2318,7 +2318,8 @@ class KeycloakAPI(object):
                 validate_certs=self.validate_certs
             )
         except Exception as e:
-            self.module.fail_json(
+            self.fail_open_url(
+                e,
                 msg='Unable to register required action %s in realm %s: %s'
                 % (rep["name"], realm, str(e))
             )
@@ -2346,7 +2347,8 @@ class KeycloakAPI(object):
                 validate_certs=self.validate_certs
             )
         except Exception as e:
-            self.module.fail_json(
+            self.fail_open_url(
+                e,
                 msg='Unable to update required action %s in realm %s: %s'
                 % (alias, realm, str(e))
             )
@@ -2372,7 +2374,8 @@ class KeycloakAPI(object):
                 validate_certs=self.validate_certs
             )
         except Exception as e:
-            self.module.fail_json(
+            self.fail_open_url(
+                e,
                 msg='Unable to delete required action %s in realm %s: %s'
                 % (alias, realm, str(e))
             )
@@ -2390,7 +2393,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of identity providers for realm %s: %s'
                                       % (realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain list of identity providers for realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain list of identity providers for realm %s: %s'
                                       % (realm, str(e)))
 
     def get_identity_provider(self, alias, realm='master'):
@@ -2407,7 +2410,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not fetch identity provider %s in realm %s: %s'
+                self.fail_open_url(e, msg='Could not fetch identity provider %s in realm %s: %s'
                                           % (alias, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg='Could not fetch identity provider %s in realm %s: %s'
@@ -2424,7 +2427,7 @@ class KeycloakAPI(object):
             return open_url(idps_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(idprep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create identity provider %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create identity provider %s in realm %s: %s'
                                       % (idprep['alias'], realm, str(e)))
 
     def update_identity_provider(self, idprep, realm='master'):
@@ -2438,7 +2441,7 @@ class KeycloakAPI(object):
             return open_url(idp_url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(idprep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not update identity provider %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update identity provider %s in realm %s: %s'
                                       % (idprep['alias'], realm, str(e)))
 
     def delete_identity_provider(self, alias, realm='master'):
@@ -2451,7 +2454,7 @@ class KeycloakAPI(object):
             return open_url(idp_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Unable to delete identity provider %s in realm %s: %s'
+            self.fail_open_url(e, msg='Unable to delete identity provider %s in realm %s: %s'
                                       % (alias, realm, str(e)))
 
     def get_identity_provider_mappers(self, alias, realm='master'):
@@ -2469,7 +2472,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of identity provider mappers for idp %s in realm %s: %s'
                                       % (alias, realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain list of identity provider mappers for idp %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain list of identity provider mappers for idp %s in realm %s: %s'
                                       % (alias, realm, str(e)))
 
     def get_identity_provider_mapper(self, mid, alias, realm='master'):
@@ -2488,7 +2491,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not fetch mapper %s for identity provider %s in realm %s: %s'
+                self.fail_open_url(e, msg='Could not fetch mapper %s for identity provider %s in realm %s: %s'
                                           % (mid, alias, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg='Could not fetch mapper %s for identity provider %s in realm %s: %s'
@@ -2506,7 +2509,7 @@ class KeycloakAPI(object):
             return open_url(mappers_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(mapper), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create identity provider mapper %s for idp %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create identity provider mapper %s for idp %s in realm %s: %s'
                                       % (mapper['name'], alias, realm, str(e)))
 
     def update_identity_provider_mapper(self, mapper, alias, realm='master'):
@@ -2521,7 +2524,7 @@ class KeycloakAPI(object):
             return open_url(mapper_url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(mapper), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not update mapper %s for identity provider %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update mapper %s for identity provider %s in realm %s: %s'
                                       % (mapper['id'], alias, realm, str(e)))
 
     def delete_identity_provider_mapper(self, mid, alias, realm='master'):
@@ -2535,7 +2538,7 @@ class KeycloakAPI(object):
             return open_url(mapper_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Unable to delete mapper %s for identity provider %s in realm %s: %s'
+            self.fail_open_url(e, msg='Unable to delete mapper %s for identity provider %s in realm %s: %s'
                                       % (mid, alias, realm, str(e)))
 
     def get_components(self, filter=None, realm='master'):
@@ -2555,7 +2558,7 @@ class KeycloakAPI(object):
             self.module.fail_json(msg='API returned incorrect JSON when trying to obtain list of components for realm %s: %s'
                                       % (realm, str(e)))
         except Exception as e:
-            self.module.fail_json(msg='Could not obtain list of components for realm %s: %s'
+            self.fail_open_url(e, msg='Could not obtain list of components for realm %s: %s'
                                       % (realm, str(e)))
 
     def get_component(self, cid, realm='master'):
@@ -2572,7 +2575,7 @@ class KeycloakAPI(object):
             if e.code == 404:
                 return None
             else:
-                self.module.fail_json(msg='Could not fetch component %s in realm %s: %s'
+                self.fail_open_url(e, msg='Could not fetch component %s in realm %s: %s'
                                           % (cid, realm, str(e)))
         except Exception as e:
             self.module.fail_json(msg='Could not fetch component %s in realm %s: %s'
@@ -2595,7 +2598,7 @@ class KeycloakAPI(object):
             return json.loads(to_native(open_url(comp_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                                                  validate_certs=self.validate_certs).read()))
         except Exception as e:
-            self.module.fail_json(msg='Could not create component in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create component in realm %s: %s'
                                       % (realm, str(e)))
 
     def update_component(self, comprep, realm='master'):
@@ -2612,7 +2615,7 @@ class KeycloakAPI(object):
             return open_url(comp_url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(comprep), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not update component %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update component %s in realm %s: %s'
                                       % (cid, realm, str(e)))
 
     def delete_component(self, cid, realm='master'):
@@ -2625,7 +2628,7 @@ class KeycloakAPI(object):
             return open_url(comp_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Unable to delete component %s in realm %s: %s'
+            self.fail_open_url(e, msg='Unable to delete component %s in realm %s: %s'
                                       % (cid, realm, str(e)))
 
     def get_authz_authorization_scope_by_name(self, name, client_id, realm):
@@ -2647,7 +2650,7 @@ class KeycloakAPI(object):
             return open_url(url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(payload), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create authorization scope %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not create authorization scope %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
 
     def update_authz_authorization_scope(self, payload, id, client_id, realm):
         """Update an authorization scope for a Keycloak client"""
@@ -2657,7 +2660,7 @@ class KeycloakAPI(object):
             return open_url(url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(payload), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create update scope %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not create update scope %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
 
     def remove_authz_authorization_scope(self, id, client_id, realm):
         """Remove an authorization scope from a Keycloak client"""
@@ -2667,7 +2670,7 @@ class KeycloakAPI(object):
             return open_url(url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete scope %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not delete scope %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
 
     def get_user_by_id(self, user_id, realm='master'):
         """
@@ -2690,7 +2693,7 @@ class KeycloakAPI(object):
                     validate_certs=self.validate_certs))
             return userrep
         except Exception as e:
-            self.module.fail_json(msg='Could not get user %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not get user %s in realm %s: %s'
                                       % (user_id, realm, str(e)))
 
     def create_user(self, userrep, realm='master'):
@@ -2718,7 +2721,7 @@ class KeycloakAPI(object):
                 realm=realm)
             return created_user
         except Exception as e:
-            self.module.fail_json(msg='Could not create user %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not create user %s in realm %s: %s'
                                       % (userrep['username'], realm, str(e)))
 
     def convert_user_attributes_to_keycloak_dict(self, attributes):
@@ -2764,7 +2767,7 @@ class KeycloakAPI(object):
                 realm=realm)
             return updated_user
         except Exception as e:
-            self.module.fail_json(msg='Could not update user %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not update user %s in realm %s: %s'
                                       % (userrep['username'], realm, str(e)))
 
     def delete_user(self, user_id, realm='master'):
@@ -2786,7 +2789,7 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete user %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not delete user %s in realm %s: %s'
                                       % (user_id, realm, str(e)))
 
     def get_user_groups(self, user_id, realm='master'):
@@ -2813,7 +2816,7 @@ class KeycloakAPI(object):
                 groups.append(user_group["name"])
             return groups
         except Exception as e:
-            self.module.fail_json(msg='Could not get groups for user %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not get groups for user %s in realm %s: %s'
                                       % (user_id, realm, str(e)))
 
     def add_user_in_group(self, user_id, group_id, realm='master'):
@@ -2837,7 +2840,7 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not add user %s in group %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not add user %s in group %s in realm %s: %s'
                                       % (user_id, group_id, realm, str(e)))
 
     def remove_user_from_group(self, user_id, group_id, realm='master'):
@@ -2861,7 +2864,7 @@ class KeycloakAPI(object):
                 timeout=self.connection_timeout,
                 validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not remove user %s from group %s in realm %s: %s'
+            self.fail_open_url(e, msg='Could not remove user %s from group %s in realm %s: %s'
                                       % (user_id, group_id, realm, str(e)))
 
     def update_user_groups_membership(self, userrep, groups, realm='master'):
@@ -2933,7 +2936,7 @@ class KeycloakAPI(object):
             return open_url(url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(payload), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not create permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
 
     def remove_authz_custom_policy(self, policy_id, client_id, realm):
         """Remove a custom policy from a Keycloak client"""
@@ -2944,7 +2947,7 @@ class KeycloakAPI(object):
             return open_url(delete_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete custom policy %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not delete custom policy %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
 
     def get_authz_permission_by_name(self, name, client_id, realm):
         """Get authorization permission by name"""
@@ -2966,7 +2969,7 @@ class KeycloakAPI(object):
             return open_url(url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(payload), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not create permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
 
     def remove_authz_permission(self, id, client_id, realm):
         """Create an authorization permission for a Keycloak client"""
@@ -2976,7 +2979,7 @@ class KeycloakAPI(object):
             return open_url(url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not delete permission %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not delete permission %s for client %s in realm %s: %s' % (id, client_id, realm, str(e)))
 
     def update_authz_permission(self, payload, permission_type, id, client_id, realm):
         """Update a permission for a Keycloak client"""
@@ -2986,7 +2989,7 @@ class KeycloakAPI(object):
             return open_url(url, method='PUT', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
                             data=json.dumps(payload), validate_certs=self.validate_certs)
         except Exception as e:
-            self.module.fail_json(msg='Could not create update permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
+            self.fail_open_url(e, msg='Could not create update permission %s for client %s in realm %s: %s' % (payload['name'], client_id, realm, str(e)))
 
     def get_authz_resource_by_name(self, name, client_id, realm):
         """Get authorization resource by name"""
@@ -3011,3 +3014,11 @@ class KeycloakAPI(object):
                                                  validate_certs=self.validate_certs).read()))
         except Exception:
             return False
+
+    def fail_open_url(self, e, msg, **kwargs):
+        try:
+            if isinstance(e, HTTPError):
+                msg = "%s: %s" % (msg, to_native(e.read()))
+        except Exception as ingore:
+            pass
+        self.module.fail_json(msg, **kwargs)

plugins/module_utils/ipa.py

@@ -104,7 +104,7 @@ class IPAClient(object):
 
     def get_ipa_version(self):
         response = self.ping()['summary']
-        ipa_ver_regex = re.compile(r'IPA server version (\d+\.\d+\.\d+).*')
+        ipa_ver_regex = re.compile(r'IPA server version (\d\.\d\.\d).*')
         version_match = ipa_ver_regex.match(response)
         ipa_version = None
         if version_match:

plugins/module_utils/ldap.py

@@ -139,7 +139,5 @@ class LdapGeneric(object):
 
     def _xorder_dn(self):
         # match X_ORDERed DNs
-        regex = r".+\{\d+\}.+"
-        explode_dn = ldap.dn.explode_dn(self.module.params['dn'])
-
-        return re.match(regex, explode_dn[0]) is not None
+        regex = r"\w+=\{\d+\}.+"
+        return re.match(regex, self.module.params['dn']) is not None

plugins/module_utils/lxd.py

@@ -41,7 +41,7 @@ class LXDClientException(Exception):
 
 
 class LXDClient(object):
-    def __init__(self, url, key_file=None, cert_file=None, debug=False):
+    def __init__(self, url, key_file=None, cert_file=None, debug=False, server_cert_file=None, server_check_hostname=True):
         """LXD Client.
 
         :param url: The URL of the LXD server. (e.g. unix:/var/lib/lxd/unix.socket or https://127.0.0.1)
@@ -52,6 +52,10 @@ class LXDClient(object):
         :type cert_file: ``str``
         :param debug: The debug flag. The request and response are stored in logs when debug is true.
         :type debug: ``bool``
+        :param server_cert_file: The path of the server certificate file.
+        :type server_cert_file: ``str``
+        :param server_check_hostname: Whether to check the server's hostname as part of TLS verification.
+        :type debug: ``bool``
         """
         self.url = url
         self.debug = debug
@@ -61,6 +65,10 @@ class LXDClient(object):
             self.key_file = key_file
             parts = generic_urlparse(urlparse(self.url))
             ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+            if server_cert_file:
+                # Check that the received cert is signed by the provided server_cert_file
+                ctx.load_verify_locations(cafile=server_cert_file)
+            ctx.check_hostname = server_check_hostname
             ctx.load_cert_chain(cert_file, keyfile=key_file)
             self.connection = HTTPSConnection(parts.get('netloc'), context=ctx)
         elif url.startswith('unix:'):

plugins/module_utils/mh/mixins/cmd.py

@@ -1,205 +0,0 @@
-# -*- coding: utf-8 -*-
-# (c) 2020, Alexei Znamensky <russoz@gmail.com>
-# Copyright (c) 2020, Ansible Project
-# Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause)
-# SPDX-License-Identifier: BSD-2-Clause
-
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-from functools import partial
-
-
-class ArgFormat(object):
-    """
-    Argument formatter for use as a command line parameter. Used in CmdMixin.
-    """
-    BOOLEAN = 0
-    PRINTF = 1
-    FORMAT = 2
-    BOOLEAN_NOT = 3
-
-    @staticmethod
-    def stars_deco(num):
-        if num == 1:
-            def deco(f):
-                return lambda v: f(*v)
-            return deco
-        elif num == 2:
-            def deco(f):
-                return lambda v: f(**v)
-            return deco
-
-        return lambda f: f
-
-    def __init__(self, name, fmt=None, style=FORMAT, stars=0):
-        """
-        THIS CLASS IS BEING DEPRECATED.
-        It was never meant to be used outside the scope of CmdMixin, and CmdMixin is being deprecated.
-        See the deprecation notice in ``CmdMixin.__init__()`` below.
-
-        Creates a CLI-formatter for one specific argument. The argument may be a module parameter or just a named parameter for
-        the CLI command execution.
-        :param name: Name of the argument to be formatted
-        :param fmt: Either a str to be formatted (using or not printf-style) or a callable that does that
-        :param style: Whether arg_format (as str) should use printf-style formatting.
-                             Ignored if arg_format is None or not a str (should be callable).
-        :param stars: A int with 0, 1 or 2 value, indicating to formatting the value as: value, *value or **value
-        """
-        def printf_fmt(_fmt, v):
-            try:
-                return [_fmt % v]
-            except TypeError as e:
-                if e.args[0] != 'not all arguments converted during string formatting':
-                    raise
-                return [_fmt]
-
-        _fmts = {
-            ArgFormat.BOOLEAN: lambda _fmt, v: ([_fmt] if bool(v) else []),
-            ArgFormat.BOOLEAN_NOT: lambda _fmt, v: ([] if bool(v) else [_fmt]),
-            ArgFormat.PRINTF: printf_fmt,
-            ArgFormat.FORMAT: lambda _fmt, v: [_fmt.format(v)],
-        }
-
-        self.name = name
-        self.stars = stars
-        self.style = style
-
-        if fmt is None:
-            fmt = "{0}"
-            style = ArgFormat.FORMAT
-
-        if isinstance(fmt, str):
-            func = _fmts[style]
-            self.arg_format = partial(func, fmt)
-        elif isinstance(fmt, list) or isinstance(fmt, tuple):
-            self.arg_format = lambda v: [_fmts[style](f, v)[0] for f in fmt]
-        elif hasattr(fmt, '__call__'):
-            self.arg_format = fmt
-        else:
-            raise TypeError('Parameter fmt must be either: a string, a list/tuple of '
-                            'strings or a function: type={0}, value={1}'.format(type(fmt), fmt))
-
-        if stars:
-            self.arg_format = (self.stars_deco(stars))(self.arg_format)
-
-    def to_text(self, value):
-        if value is None and self.style != ArgFormat.BOOLEAN_NOT:
-            return []
-        func = self.arg_format
-        return [str(p) for p in func(value)]
-
-
-class CmdMixin(object):
-    """
-    THIS CLASS IS BEING DEPRECATED.
-    See the deprecation notice in ``CmdMixin.__init__()`` below.
-
-    Mixin for mapping module options to running a CLI command with its arguments.
-    """
-    command = None
-    command_args_formats = {}
-    run_command_fixed_options = {}
-    check_rc = False
-    force_lang = "C"
-
-    @property
-    def module_formats(self):
-        result = {}
-        for param in self.module.params.keys():
-            result[param] = ArgFormat(param)
-        return result
-
-    @property
-    def custom_formats(self):
-        result = {}
-        for param, fmt_spec in self.command_args_formats.items():
-            result[param] = ArgFormat(param, **fmt_spec)
-        return result
-
-    def __init__(self, *args, **kwargs):
-        super(CmdMixin, self).__init__(*args, **kwargs)
-        self.module.deprecate(
-            'The CmdMixin used in classes CmdModuleHelper and CmdStateModuleHelper is being deprecated. '
-            'Modules should use community.general.plugins.module_utils.cmd_runner.CmdRunner instead.',
-            version='8.0.0',
-            collection_name='community.general',
-        )
-
-    def _calculate_args(self, extra_params=None, params=None):
-        def add_arg_formatted_param(_cmd_args, arg_format, _value):
-            args = list(arg_format.to_text(_value))
-            return _cmd_args + args
-
-        def find_format(_param):
-            return self.custom_formats.get(_param, self.module_formats.get(_param))
-
-        extra_params = extra_params or dict()
-        cmd_args = list([self.command]) if isinstance(self.command, str) else list(self.command)
-        try:
-            cmd_args[0] = self.module.get_bin_path(cmd_args[0], required=True)
-        except ValueError:
-            pass
-        param_list = params if params else self.vars.keys()
-
-        for param in param_list:
-            if isinstance(param, dict):
-                if len(param) != 1:
-                    self.do_raise("run_command parameter as a dict must contain only one key: {0}".format(param))
-                _param = list(param.keys())[0]
-                fmt = find_format(_param)
-                value = param[_param]
-            elif isinstance(param, str):
-                if param in self.vars.keys():
-                    fmt = find_format(param)
-                    value = self.vars[param]
-                elif param in extra_params:
-                    fmt = find_format(param)
-                    value = extra_params[param]
-                else:
-                    self.do_raise('Cannot determine value for parameter: {0}'.format(param))
-            else:
-                self.do_raise("run_command parameter must be either a str or a dict: {0}".format(param))
-            cmd_args = add_arg_formatted_param(cmd_args, fmt, value)
-
-        return cmd_args
-
-    def process_command_output(self, rc, out, err):
-        return rc, out, err
-
-    def run_command(self,
-                    extra_params=None,
-                    params=None,
-                    process_output=None,
-                    publish_rc=True,
-                    publish_out=True,
-                    publish_err=True,
-                    publish_cmd=True,
-                    *args, **kwargs):
-        cmd_args = self._calculate_args(extra_params, params)
-        options = dict(self.run_command_fixed_options)
-        options['check_rc'] = options.get('check_rc', self.check_rc)
-        options.update(kwargs)
-        env_update = dict(options.get('environ_update', {}))
-        if self.force_lang:
-            env_update.update({
-                'LANGUAGE': self.force_lang,
-                'LC_ALL': self.force_lang,
-            })
-            self.update_output(force_lang=self.force_lang)
-            options['environ_update'] = env_update
-        rc, out, err = self.module.run_command(cmd_args, *args, **options)
-        if publish_rc:
-            self.update_output(rc=rc)
-        if publish_out:
-            self.update_output(stdout=out)
-        if publish_err:
-            self.update_output(stderr=err)
-        if publish_cmd:
-            self.update_output(cmd_args=cmd_args)
-        if process_output is None:
-            _process = self.process_command_output
-        else:
-            _process = process_output
-
-        return _process(rc, out, err)

plugins/module_utils/mh/module_helper.py

@@ -12,7 +12,6 @@ from ansible.module_utils.common.dict_transformations import dict_merge
 
 # (TODO: remove AnsibleModule!) pylint: disable-next=unused-import
 from ansible_collections.community.general.plugins.module_utils.mh.base import ModuleHelperBase, AnsibleModule  # noqa: F401
-from ansible_collections.community.general.plugins.module_utils.mh.mixins.cmd import CmdMixin
 from ansible_collections.community.general.plugins.module_utils.mh.mixins.state import StateMixin
 from ansible_collections.community.general.plugins.module_utils.mh.mixins.deps import DependencyMixin
 from ansible_collections.community.general.plugins.module_utils.mh.mixins.vars import VarsMixin
@@ -66,19 +65,3 @@ class ModuleHelper(DeprecateAttrsMixin, VarsMixin, DependencyMixin, ModuleHelper
 
 class StateModuleHelper(StateMixin, ModuleHelper):
     pass
-
-
-class CmdModuleHelper(CmdMixin, ModuleHelper):
-    """
-    THIS CLASS IS BEING DEPRECATED.
-    See the deprecation notice in ``CmdMixin.__init__()``.
-    """
-    pass
-
-
-class CmdStateModuleHelper(CmdMixin, StateMixin, ModuleHelper):
-    """
-    THIS CLASS IS BEING DEPRECATED.
-    See the deprecation notice in ``CmdMixin.__init__()``.
-    """
-    pass

plugins/module_utils/module_helper.py

@@ -11,9 +11,8 @@ __metaclass__ = type
 
 
 from ansible_collections.community.general.plugins.module_utils.mh.module_helper import (
-    ModuleHelper, StateModuleHelper, CmdModuleHelper, CmdStateModuleHelper, AnsibleModule
+    ModuleHelper, StateModuleHelper, AnsibleModule
 )
-from ansible_collections.community.general.plugins.module_utils.mh.mixins.cmd import CmdMixin, ArgFormat  # noqa: F401
 from ansible_collections.community.general.plugins.module_utils.mh.mixins.state import StateMixin  # noqa: F401
 from ansible_collections.community.general.plugins.module_utils.mh.mixins.deps import DependencyCtxMgr, DependencyMixin  # noqa: F401
 from ansible_collections.community.general.plugins.module_utils.mh.exceptions import ModuleHelperException  # noqa: F401

plugins/module_utils/proxmox.py

@@ -7,12 +7,6 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-# (TODO: remove next line!)
-import atexit  # noqa: F401, pylint: disable=unused-import
-# (TODO: remove next line!)
-import time  # noqa: F401, pylint: disable=unused-import
-# (TODO: remove next line!)
-import re  # noqa: F401, pylint: disable=unused-import
 import traceback
 
 PROXMOXER_IMP_ERR = None
@@ -26,8 +20,6 @@ except ImportError:
 
 
 from ansible.module_utils.basic import env_fallback, missing_required_lib
-# (TODO: remove next line!)
-from ansible.module_utils.common.text.converters import to_native  # noqa: F401, pylint: disable=unused-import
 from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
 

plugins/module_utils/puppet.py

@@ -107,6 +107,5 @@ def puppet_runner(module):
             verbose=cmd_runner_fmt.as_bool("--verbose"),
         ),
         check_rc=False,
-        force_lang=module.params["environment_lang"],
     )
     return runner

plugins/module_utils/redfish_utils.py

@@ -20,8 +20,6 @@ from ansible.module_utils.six import text_type
 from ansible.module_utils.six.moves import http_client
 from ansible.module_utils.six.moves.urllib.error import URLError, HTTPError
 from ansible.module_utils.six.moves.urllib.parse import urlparse
-from ansible.module_utils.ansible_release import __version__ as ansible_version
-from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
 GET_HEADERS = {'accept': 'application/json', 'OData-Version': '4.0'}
 POST_HEADERS = {'content-type': 'application/json', 'accept': 'application/json',
@@ -132,7 +130,7 @@ class RedfishUtils(object):
         return resp
 
     # The following functions are to send GET/POST/PATCH/DELETE requests
-    def get_request(self, uri, override_headers=None, allow_no_resp=False):
+    def get_request(self, uri, override_headers=None):
         req_headers = dict(GET_HEADERS)
         if override_headers:
             req_headers.update(override_headers)
@@ -147,19 +145,13 @@ class RedfishUtils(object):
                             force_basic_auth=basic_auth, validate_certs=False,
                             follow_redirects='all',
                             use_proxy=True, timeout=self.timeout)
-            headers = dict((k.lower(), v) for (k, v) in resp.info().items())
-            try:
-                if headers.get('content-encoding') == 'gzip' and LooseVersion(ansible_version) < LooseVersion('2.14'):
-                    # Older versions of Ansible do not automatically decompress the data
-                    # Starting in 2.14, open_url will decompress the response data by default
-                    data = json.loads(to_native(gzip.open(BytesIO(resp.read()), 'rt', encoding='utf-8').read()))
-                else:
-                    data = json.loads(to_native(resp.read()))
-            except Exception as e:
-                # No response data; this is okay in certain cases
-                data = None
-                if not allow_no_resp:
-                    raise
+            if override_headers:
+                resp = gzip.open(BytesIO(resp.read()), 'rt', encoding='utf-8')
+                data = json.loads(to_native(resp.read()))
+                headers = req_headers
+            else:
+                data = json.loads(to_native(resp.read()))
+                headers = dict((k.lower(), v) for (k, v) in resp.info().items())
         except HTTPError as e:
             msg = self._get_extended_message(e)
             return {'ret': False,
@@ -1821,7 +1813,7 @@ class RedfishUtils(object):
             return {'ret': False, 'msg': 'Must provide a handle tracking the update.'}
 
         # Get the task or job tracking the update
-        response = self.get_request(self.root_uri + update_handle, allow_no_resp=True)
+        response = self.get_request(self.root_uri + update_handle)
         if response['ret'] is False:
             return response
 
@@ -2915,7 +2907,8 @@ class RedfishUtils(object):
 
         # Get a list of all Chassis and build URIs, then get all PowerSupplies
         # from each Power entry in the Chassis
-        for chassis_uri in self.chassis_uris:
+        chassis_uri_list = self.chassis_uris
+        for chassis_uri in chassis_uri_list:
             response = self.get_request(self.root_uri + chassis_uri)
             if response['ret'] is False:
                 return response
@@ -2962,7 +2955,7 @@ class RedfishUtils(object):
         result = {}
         inventory = {}
         # Get these entries, but does not fail if not found
-        properties = ['Status', 'HostName', 'PowerState', 'Model', 'Manufacturer',
+        properties = ['Status', 'HostName', 'PowerState', 'BootProgress', 'Model', 'Manufacturer',
                       'PartNumber', 'SystemType', 'AssetTag', 'ServiceTag',
                       'SerialNumber', 'SKU', 'BiosVersion', 'MemorySummary',
                       'ProcessorSummary', 'TrustedModules', 'Name', 'Id']
@@ -3477,30 +3470,33 @@ class RedfishUtils(object):
         result = {}
         key = "Thermal"
         # Go through list
-        for chassis_uri in self.chassis_uris:
+        for chassis_uri in self.chassis_uri_list:
             response = self.get_request(self.root_uri + chassis_uri)
             if response['ret'] is False:
                 return response
             result['ret'] = True
             data = response['data']
-            val = data.get('Oem', {}).get('Hpe', {}).get('ThermalConfiguration')
-            if val is not None:
-                return {"ret": True, "current_thermal_config": val}
-        return {"ret": False}
+            oem = data.get['Oem']
+            hpe = oem.get['Hpe']
+            thermal_config = hpe.get('ThermalConfiguration')
+        result["current_thermal_config"] = thermal_config
+        return result
 
     def get_hpe_fan_percent_min(self):
         result = {}
         key = "Thermal"
         # Go through list
-        for chassis_uri in self.chassis_uris:
+        for chassis_uri in self.chassis_uri_list:
             response = self.get_request(self.root_uri + chassis_uri)
             if response['ret'] is False:
                 return response
+            result['ret'] = True
             data = response['data']
-            val = data.get('Oem', {}).get('Hpe', {}).get('FanPercentMinimum')
-            if val is not None:
-                return {"ret": True, "fan_percent_min": val}
-        return {"ret": False}
+            oem = data.get['Oem']
+            hpe = oem.get['Hpe']
+            fan_percent_min_config = hpe.get('FanPercentMinimum')
+        result["fan_percent_min"] = fan_percent_min_config
+        return result
 
     def delete_volumes(self, storage_subsystem_id, volume_ids):
         # Find the Storage resource from the requested ComputerSystem resource

plugins/module_utils/vardict.py

@@ -66,6 +66,19 @@ class _Variable(object):
         if verbosity is not None:
             self.verbosity = verbosity
 
+    def as_dict(self, meta_only=False):
+        d = {
+            "diff": self.diff,
+            "change": self.change,
+            "output": self.output,
+            "fact": self.fact,
+            "verbosity": self.verbosity,
+        }
+        if not meta_only:
+            d["initial_value"] = copy.deepcopy(self.initial_value)
+            d["value"] = self.value
+        return d
+
     def set_value(self, value):
         if not self.init:
             self.initial_value = copy.deepcopy(value)
@@ -93,7 +106,7 @@ class _Variable(object):
 
 
 class VarDict(object):
-    reserved_names = ('__vars__', 'var', 'set_meta', 'set', 'output', 'diff', 'facts', 'has_changed')
+    reserved_names = ('__vars__', '_var', 'var', 'set_meta', 'get_meta', 'set', 'output', 'diff', 'facts', 'has_changed', 'as_dict')
 
     def __init__(self):
         self.__vars__ = dict()
@@ -119,6 +132,9 @@ class VarDict(object):
     def _var(self, name):
         return self.__vars__[name]
 
+    def var(self, name):
+        return self._var(name).as_dict()
+
     def set_meta(self, name, **kwargs):
         """Set the metadata for the variable
 
@@ -133,6 +149,9 @@ class VarDict(object):
         """
         self._var(name).set_meta(**kwargs)
 
+    def get_meta(self, name):
+        return self._var(name).as_dict(meta_only=True)
+
     def set(self, name, value, **kwargs):
         """Set the value and optionally metadata for a variable. The variable is not required to exist prior to calling `set`.
 
@@ -172,7 +191,7 @@ class VarDict(object):
 
     @property
     def has_changed(self):
-        return any(True for var in self.__vars__.values() if var.has_changed)
+        return any(var.has_changed for var in self.__vars__.values())
 
     def as_dict(self):
         return dict((name, var.value) for name, var in self.__vars__.items())

plugins/module_utils/version.py

@@ -10,13 +10,4 @@ from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
 
-from ansible.module_utils.six import raise_from
-
-try:
-    from ansible.module_utils.compat.version import LooseVersion  # noqa: F401, pylint: disable=unused-import
-except ImportError:
-    try:
-        from distutils.version import LooseVersion  # noqa: F401, pylint: disable=unused-import
-    except ImportError as exc:
-        msg = 'To use this plugin or module with ansible-core 2.11, you need to use Python < 3.12 with distutils.version present'
-        raise_from(ImportError(msg), exc)
+from ansible.module_utils.compat.version import LooseVersion  # noqa: F401, pylint: disable=unused-import

plugins/modules/aix_filesystem.py

@@ -38,8 +38,8 @@ options:
     type: list
     elements: str
     default:
-      - agblksize=4096
-      - isnapshot=no
+      - agblksize='4096'
+      - isnapshot='no'
   auto_mount:
     description:
       - File system is automatically mounted at system restart.
@@ -242,7 +242,7 @@ def _validate_vg(module, vg):
     if rc != 0:
         module.fail_json(msg="Failed executing %s command." % lsvg_cmd)
 
-    rc, current_all_vgs, err = module.run_command([lsvg_cmd])
+    rc, current_all_vgs, err = module.run_command([lsvg_cmd, "%s"])
     if rc != 0:
         module.fail_json(msg="Failed executing %s command." % lsvg_cmd)
 
@@ -365,53 +365,7 @@ def create_fs(
         # Creates a LVM file system.
         crfs_cmd = module.get_bin_path('crfs', True)
         if not module.check_mode:
-            cmd = [crfs_cmd]
-
-            cmd.append("-v")
-            cmd.append(fs_type)
-
-            if vg:
-                (flag, value) = vg.split()
-                cmd.append(flag)
-                cmd.append(value)
-
-            if device:
-                (flag, value) = device.split()
-                cmd.append(flag)
-                cmd.append(value)
-
-            cmd.append("-m")
-            cmd.append(filesystem)
-
-            if mount_group:
-                (flag, value) = mount_group.split()
-                cmd.append(flag)
-                cmd.append(value)
-
-            if auto_mount:
-                (flag, value) = auto_mount.split()
-                cmd.append(flag)
-                cmd.append(value)
-
-            if account_subsystem:
-                (flag, value) = account_subsystem.split()
-                cmd.append(flag)
-                cmd.append(value)
-
-            cmd.append("-p")
-            cmd.append(permissions)
-
-            if size:
-                (flag, value) = size.split()
-                cmd.append(flag)
-                cmd.append(value)
-
-            if attributes:
-                splitted_attributes = attributes.split()
-                cmd.append("-a")
-                for value in splitted_attributes:
-                    cmd.append(value)
-
+            cmd = [crfs_cmd, "-v", fs_type, "-m", filesystem, vg, device, mount_group, auto_mount, account_subsystem, "-p", permissions, size, "-a", attributes]
             rc, crfs_out, err = module.run_command(cmd)
 
             if rc == 10:
@@ -507,7 +461,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             account_subsystem=dict(type='bool', default=False),
-            attributes=dict(type='list', elements='str', default=["agblksize=4096", "isnapshot=no"]),
+            attributes=dict(type='list', elements='str', default=["agblksize='4096'", "isnapshot='no'"]),
             auto_mount=dict(type='bool', default=True),
             device=dict(type='str'),
             filesystem=dict(type='str', required=True),

plugins/modules/ali_instance.py

@@ -253,7 +253,7 @@ options:
 author:
     - "He Guimin (@xiaozhu36)"
 requirements:
-    - "python >= 3.6"
+    - "Python >= 3.6"
     - "footmark >= 1.19.0"
 extends_documentation_fragment:
     - community.general.alicloud

plugins/modules/ali_instance_info.py

@@ -31,7 +31,6 @@ short_description: Gather information on instances of Alibaba Cloud ECS
 description:
      - This module fetches data from the Open API in Alicloud.
        The module must be called from within the ECS instance itself.
-     - This module was called C(ali_instance_facts) before Ansible 2.9. The usage did not change.
 
 attributes:
     check_mode:
@@ -61,7 +60,7 @@ options:
 author:
     - "He Guimin (@xiaozhu36)"
 requirements:
-    - "python >= 3.6"
+    - "Python >= 3.6"
     - "footmark >= 1.13.0"
 extends_documentation_fragment:
     - community.general.alicloud

plugins/modules/ansible_galaxy_install.py

@@ -17,15 +17,13 @@ version_added: 3.5.0
 description:
   - This module allows the installation of Ansible collections or roles using C(ansible-galaxy).
 notes:
-  - >
-    B(Ansible 2.9/2.10): The C(ansible-galaxy) command changed significantly between Ansible 2.9 and
-    ansible-base 2.10 (later ansible-core 2.11). See comments in the parameters.
+  - Support for B(Ansible 2.9/2.10) was removed in community.general 8.0.0.
   - >
     The module will try and run using the C(C.UTF-8) locale.
     If that fails, it will try C(en_US.UTF-8).
     If that one also fails, the module will fail.
 requirements:
-  - Ansible 2.9, ansible-base 2.10, or ansible-core 2.11 or newer
+  - ansible-core 2.11 or newer
 extends_documentation_fragment:
   - community.general.attributes
 attributes:
@@ -39,7 +37,6 @@ options:
       - The type of installation performed by C(ansible-galaxy).
       - If O(type=both), then O(requirements_file) must be passed and it may contain both roles and collections.
       - "Note however that the opposite is not true: if using a O(requirements_file), then O(type) can be any of the three choices."
-      - "B(Ansible 2.9): The option V(both) will have the same effect as V(role)."
     type: str
     choices: [collection, role, both]
     required: true
@@ -56,7 +53,6 @@ options:
       - Path to a file containing a list of requirements to be installed.
       - It works for O(type) equals to V(collection) and V(role).
       - O(name) and O(requirements_file) are mutually exclusive.
-      - "B(Ansible 2.9): It can only be used to install either O(type=role) or O(type=collection), but not both at the same run."
     type: path
   dest:
     description:
@@ -75,24 +71,16 @@ options:
     description:
       - Force overwriting an existing role or collection.
       - Using O(force=true) is mandatory when downgrading.
-      - "B(Ansible 2.9 and 2.10): Must be V(true) to upgrade roles and collections."
     type: bool
     default: false
   ack_ansible29:
     description:
-      - Acknowledge using Ansible 2.9 with its limitations, and prevents the module from generating warnings about them.
-      - This option is completely ignored if using a version of Ansible greater than C(2.9.x).
-      - Note that this option will be removed without any further deprecation warning once support
-        for Ansible 2.9 is removed from this module.
+      - This option has no longer any effect and will be removed in community.general 9.0.0.
     type: bool
     default: false
   ack_min_ansiblecore211:
     description:
-      - Acknowledge the module is deprecating support for Ansible 2.9 and ansible-base 2.10.
-      - Support for those versions will be removed in community.general 8.0.0.
-        At the same time, this option will be removed without any deprecation warning!
-      - This option is completely ignored if using a version of ansible-core/ansible-base/Ansible greater than C(2.11).
-      - For the sake of conciseness, setting this parameter to V(true) implies O(ack_ansible29=true).
+      - This option has no longer any effect and will be removed in community.general 9.0.0.
     type: bool
     default: false
 """
@@ -147,7 +135,6 @@ RETURN = """
     description:
       - If O(requirements_file) is specified instead, returns dictionary with all the roles installed per path.
       - If O(name) is specified, returns that role name and the version installed per path.
-      - "B(Ansible 2.9): Returns empty because C(ansible-galaxy) has no C(list) subcommand."
     type: dict
     returned: always when installing roles
     contains:
@@ -164,7 +151,6 @@ RETURN = """
     description:
       - If O(requirements_file) is specified instead, returns dictionary with all the collections installed per path.
       - If O(name) is specified, returns that collection name and the version installed per path.
-      - "B(Ansible 2.9): Returns empty because C(ansible-galaxy) has no C(list) subcommand."
     type: dict
     returned: always when installing collections
     contains:
@@ -206,7 +192,6 @@ class AnsibleGalaxyInstall(ModuleHelper):
     _RE_LIST_ROLE = re.compile(r'^- (?P<elem>\w+\.\w+),\s+(?P<version>[\d\.]+)\s*$')
     _RE_INSTALL_OUTPUT = None  # Set after determining ansible version, see __init_module__()
     ansible_version = None
-    is_ansible29 = None
 
     output_params = ('type', 'name', 'dest', 'requirements_file', 'force', 'no_deps')
     module = dict(
@@ -217,8 +202,18 @@ class AnsibleGalaxyInstall(ModuleHelper):
             dest=dict(type='path'),
             force=dict(type='bool', default=False),
             no_deps=dict(type='bool', default=False),
-            ack_ansible29=dict(type='bool', default=False),
-            ack_min_ansiblecore211=dict(type='bool', default=False),
+            ack_ansible29=dict(
+                type='bool',
+                default=False,
+                removed_in_version='9.0.0',
+                removed_from_collection='community.general',
+            ),
+            ack_min_ansiblecore211=dict(
+                type='bool',
+                default=False,
+                removed_in_version='9.0.0',
+                removed_from_collection='community.general',
+            ),
         ),
         mutually_exclusive=[('name', 'requirements_file')],
         required_one_of=[('name', 'requirements_file')],
@@ -268,26 +263,22 @@ class AnsibleGalaxyInstall(ModuleHelper):
     def __init_module__(self):
         # self.runner = CmdRunner(self.module, command=self.command, arg_formats=self.command_args_formats, force_lang=self.force_lang)
         self.runner, self.ansible_version = self._get_ansible_galaxy_version()
-        if self.ansible_version < (2, 11) and not self.vars.ack_min_ansiblecore211:
-            self.module.deprecate(
-                "Support for Ansible 2.9 and ansible-base 2.10 is being deprecated. "
-                "At the same time support for them is ended, also the ack_ansible29 option will be removed. "
-                "Upgrading is strongly recommended, or set 'ack_min_ansiblecore211' to suppress this message.",
-                version="8.0.0",
-                collection_name="community.general",
+        if self.ansible_version < (2, 11):
+            self.module.fail_json(
+                msg="Support for Ansible 2.9 and ansible-base 2.10 has ben removed."
             )
-        self.is_ansible29 = self.ansible_version < (2, 10)
-        if self.is_ansible29:
-            self._RE_INSTALL_OUTPUT = re.compile(r"^(?:.*Installing '(?P<collection>\w+\.\w+):(?P<cversion>[\d\.]+)'.*"
-                                                 r'|- (?P<role>\w+\.\w+) \((?P<rversion>[\d\.]+)\)'
-                                                 r' was installed successfully)$')
-        else:
-            # Collection install output changed:
-            # ansible-base 2.10:  "coll.name (x.y.z)"
-            # ansible-core 2.11+: "coll.name:x.y.z"
-            self._RE_INSTALL_OUTPUT = re.compile(r'^(?:(?P<collection>\w+\.\w+)(?: \(|:)(?P<cversion>[\d\.]+)\)?'
-                                                 r'|- (?P<role>\w+\.\w+) \((?P<rversion>[\d\.]+)\))'
-                                                 r' was installed successfully$')
+        # Collection install output changed:
+        # ansible-base 2.10:  "coll.name (x.y.z)"
+        # ansible-core 2.11+: "coll.name:x.y.z"
+        self._RE_INSTALL_OUTPUT = re.compile(r'^(?:(?P<collection>\w+\.\w+)(?: \(|:)(?P<cversion>[\d\.]+)\)?'
+                                             r'|- (?P<role>\w+\.\w+) \((?P<rversion>[\d\.]+)\))'
+                                             r' was installed successfully$')
+        self.vars.set("new_collections", {}, change=True)
+        self.vars.set("new_roles", {}, change=True)
+        if self.vars.type != "collection":
+            self.vars.installed_roles = self._list_roles()
+        if self.vars.type != "roles":
+            self.vars.installed_collections = self._list_collections()
 
     def _list_element(self, _type, path_re, elem_re):
         def process(rc, out, err):
@@ -322,24 +313,8 @@ class AnsibleGalaxyInstall(ModuleHelper):
     def _list_roles(self):
         return self._list_element('role', self._RE_LIST_PATH, self._RE_LIST_ROLE)
 
-    def _setup29(self):
-        self.vars.set("new_collections", {})
-        self.vars.set("new_roles", {})
-        self.vars.set("ansible29_change", False, change=True, output=False)
-        if not (self.vars.ack_ansible29 or self.vars.ack_min_ansiblecore211):
-            self.warn("Ansible 2.9 or older: unable to retrieve lists of roles and collections already installed")
-            if self.vars.requirements_file is not None and self.vars.type == 'both':
-                self.warn("Ansible 2.9 or older: will install only roles from requirement files")
-
-    def _setup210plus(self):
-        self.vars.set("new_collections", {}, change=True)
-        self.vars.set("new_roles", {}, change=True)
-        if self.vars.type != "collection":
-            self.vars.installed_roles = self._list_roles()
-        if self.vars.type != "roles":
-            self.vars.installed_collections = self._list_collections()
-
     def __run__(self):
+
         def process(rc, out, err):
             for line in out.splitlines():
                 match = self._RE_INSTALL_OUTPUT.match(line)
@@ -347,19 +322,9 @@ class AnsibleGalaxyInstall(ModuleHelper):
                     continue
                 if match.group("collection"):
                     self.vars.new_collections[match.group("collection")] = match.group("cversion")
-                    if self.is_ansible29:
-                        self.vars.ansible29_change = True
                 elif match.group("role"):
                     self.vars.new_roles[match.group("role")] = match.group("rversion")
-                    if self.is_ansible29:
-                        self.vars.ansible29_change = True
 
-        if self.is_ansible29:
-            if self.vars.type == 'both':
-                raise ValueError("Type 'both' not supported in Ansible 2.9")
-            self._setup29()
-        else:
-            self._setup210plus()
         with self.runner("type galaxy_cmd force no_deps dest requirements_file name", output_process=process) as ctx:
             ctx.run(galaxy_cmd="install")
             if self.verbosity > 2:

plugins/modules/apk.py

@@ -35,9 +35,7 @@ options:
     default: false
   name:
     description:
-      - A package name, like V(foo), or multiple packages, like V(foo,bar).
-      - Do not include additional whitespace when specifying multiple packages as a string.
-        Prefer YAML lists over comma-separating multiple package names.
+      - A package name, like V(foo), or multiple packages, like V(foo, bar).
     type: list
     elements: str
   no_cache:
@@ -63,7 +61,7 @@ options:
     type: str
   update_cache:
     description:
-      - Update repository indexes. Can be run with other steps or on its own.
+      - Update repository indexes. Can be run with other steps or on it's own.
     type: bool
     default: false
   upgrade:

plugins/modules/apt_rpm.py

@@ -28,6 +28,9 @@ options:
   package:
     description:
       - List of packages to install, upgrade, or remove.
+      - Since community.general 8.0.0, may include paths to local C(.rpm) files
+        if O(state=installed) or O(state=present), requires C(rpm) python
+        module.
     aliases: [ name, pkg ]
     type: list
     elements: str
@@ -63,6 +66,9 @@ options:
     type: bool
     default: false
     version_added: 6.5.0
+requirements:
+  - C(rpm) python package (rpm bindings), optional. Required if O(package)
+    option includes local files.
 author:
 - Evgenii Terechkov (@evgkrsk)
 '''
@@ -109,15 +115,48 @@ EXAMPLES = '''
 '''
 
 import os
+import re
+import traceback
 
-from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.basic import (
+    AnsibleModule,
+    missing_required_lib,
+)
+from ansible.module_utils.common.text.converters import to_native
 
+try:
+    import rpm
+except ImportError:
+    HAS_RPM_PYTHON = False
+    RPM_PYTHON_IMPORT_ERROR = traceback.format_exc()
+else:
+    HAS_RPM_PYTHON = True
+    RPM_PYTHON_IMPORT_ERROR = None
+
+APT_CACHE = "/usr/bin/apt-cache"
 APT_PATH = "/usr/bin/apt-get"
 RPM_PATH = "/usr/bin/rpm"
 APT_GET_ZERO = "\n0 upgraded, 0 newly installed"
 UPDATE_KERNEL_ZERO = "\nTry to install new kernel "
 
 
+def local_rpm_package_name(path):
+    """return package name of a local rpm passed in.
+    Inspired by ansible.builtin.yum"""
+
+    ts = rpm.TransactionSet()
+    ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+    fd = os.open(path, os.O_RDONLY)
+    try:
+        header = ts.hdrFromFdno(fd)
+    except rpm.error as e:
+        return None
+    finally:
+        os.close(fd)
+
+    return to_native(header[rpm.RPMTAG_NAME])
+
+
 def query_package(module, name):
     # rpm -q returns 0 if the package is installed,
     # 1 if it is not installed
@@ -128,11 +167,38 @@ def query_package(module, name):
         return False
 
 
+def check_package_version(module, name):
+    # compare installed and candidate version
+    # if newest version already installed return True
+    # otherwise return False
+
+    rc, out, err = module.run_command([APT_CACHE, "policy", name], environ_update={"LANG": "C"})
+    installed = re.split("\n |: ", out)[2]
+    candidate = re.split("\n |: ", out)[4]
+    if installed >= candidate:
+        return True
+    return False
+
+
 def query_package_provides(module, name):
     # rpm -q returns 0 if the package is installed,
     # 1 if it is not installed
+    if name.endswith('.rpm'):
+        # Likely a local RPM file
+        if not HAS_RPM_PYTHON:
+            module.fail_json(
+                msg=missing_required_lib('rpm'),
+                exception=RPM_PYTHON_IMPORT_ERROR,
+            )
+
+        name = local_rpm_package_name(name)
+
     rc, out, err = module.run_command("%s -q --provides %s" % (RPM_PATH, name))
-    return rc == 0
+    if rc == 0:
+        if check_package_version(module, name):
+            return True
+    else:
+        return False
 
 
 def update_package_db(module):
@@ -204,7 +270,7 @@ def install_packages(module, pkgspec):
         rc, out, err = module.run_command("%s -y install %s" % (APT_PATH, packages), environ_update={"LANG": "C"})
 
         installed = True
-        for package in pkgspec:
+        for packages in pkgspec:
             if not query_package_provides(module, package):
                 installed = False
 

plugins/modules/archive.py

@@ -36,7 +36,6 @@ options:
   format:
     description:
       - The type of compression to use.
-      - Support for xz was added in Ansible 2.5.
     type: str
     choices: [ bz2, gz, tar, xz, zip ]
     default: gz