Re-enable most filesystem tests (#12258)
* Re-enable most filesystem tests.
* Fix conditionals (ansible-core 2.19).
* Fedora also needs gfs2-utils.
* fatresize seems to be broken on Ubuntu.
* Install util-linux-extra on Debian/Ubuntu.
* Fix conditionals.
* Temporarily disable bcachefs tests on Arch (and thus on all platforms).
(cherry picked from commit ed8afeb16b)
counter_enabled callback: display output for looped tasks (#12067)
* fix(counter_enabled): display output for looped tasks with delegate_to
Implement v2_runner_item_on_ok, v2_runner_item_on_failed, and
v2_runner_item_on_skipped so that looped tasks (including those
using delegate_to: localhost) produce visible output.
Also extract _host_label, _display_result_ok, _display_result_failed,
and _display_result_skipped helpers to eliminate repeated delegation
and message-building logic across the callback methods.
Fixes#8187
* changelog(counter_enabled): add fragment for PR #12067
* test(counter_enabled): add integration tests, adjust _host_label
* test(counter_enabled): migrate integration tests to callback test framework
* test(counter_enabled): fix integration tests to use set_fact instead of debug
---------
(cherry picked from commit f677c2ab7d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
java_cert: fix PKCS12 password not passed to `keytool -list` (#12151)
* fix(java_cert): remove -noprompt from keytool -list to allow stdin password
-noprompt is not a valid option for keytool -list (only for importkeystore/
importcert). On Java 8, passing it caused keytool to skip reading the store
password from stdin, resulting in a null password and NullPointerException.
Fixes#3023
* test(java_cert): add idempotency test for pkcs12 import with password
Exercises _export_public_cert_from_pkcs12 when the alias already exists,
verifying the password is correctly read from stdin on the comparison path.
* changelog: add fragment for PR 12151
---------
(cherry picked from commit 994b756026)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
xml: preserve DOCTYPE declaration when writing XML files (#12148)
* fix(xml): preserve DOCTYPE declaration when writing XML files
Pass `doctype=tree.docinfo.doctype` to all `ElementTree.write()` calls
so lxml does not silently drop the DOCTYPE on serialization. Also replace
`etree.tostring()` with BytesIO+write() in the diff and xmlstring paths
for consistency.
Fixes#2762
* test(xml): add integration test for DOCTYPE preservation
* feat(changelog): add fragment for xml DOCTYPE fix (#12148)
---------
(cherry picked from commit 5004c9f70f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
test(integration): explicitly add executable to iso_extract on Fedora (#12162)
This provides a (temporary) workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2373874:
On Fedora 43+ 7zip is unable to find the 7z.so module when it is not in the
same path as the 7z binary or in /usr/bin/
(cherry picked from commit cdd9c1ddde)
Co-authored-by: spike77453 <spike77453@users.noreply.github.com>
htpasswd: fix `hash_scheme` aliases and Apache-compatible bcrypt (#12123)
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
* feat(changelog): add fragment for PR 12123
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
---------
(cherry picked from commit 49ca175f01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
zpool: reduce disk usage in integration tests by using sparse files (#12128)
* zpool: use sparse files in integration tests to reduce diskspace usage
* changelog: add PR link to zpool disk space fragment
* remove changelog fragment for test-only change
(cherry picked from commit a794ccf127)
Co-authored-by: Shreyashxredhat <shrbhosa@redhat.com>
multiple: mark integration tests that run `pip install` as destructive (#12095)
test(integration): mark pip-installing tests as destructive
(cherry picked from commit b1c7700a1b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Mark nomad tests as unstable (#12072)
Mark nomad tests as unstable.
(cherry picked from commit 528c2879d5)
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Replace Ubuntu 22.04 with 26.04 for ansible-core devel (#12052)
Replace Ubuntu 22.04 with 26.04 for devel.
(cherry picked from commit 2f96093dbf)
Co-authored-by: Felix Fontein <felix@fontein.de>
Setup pip path generic (#12045)
* setup_pip_path: use sysconfig to build pip scripts path generically
* setup_pip_path: calculate PATH prepended with pip installation path
* move environment up to block
* obtain path from pip itself
* apparently the python interpreter doesnt go into ansible_facts
* rename role to setup_pip_scripts_path
---------
(cherry picked from commit 5447d0eb4f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_user: update SSH keys when key material changes (#11996)
* gitlab_user: update SSH keys when key material changes
Compare SSH keys by key type and key material so comment-only differences remain idempotent while changed keys are replaced. Add unit and integration coverage for SSH key updates.
Fixes#6516
* gitlab_user: add SSH key update modes
Restore backward-compatible same-name SSH key handling by default and
add explicit update and deduplicate modes for controlled replacement
behavior.
Refs: #6516
* Apply suggestions from code review
---------
(cherry picked from commit 2cb4a5d4e7)
Co-authored-by: Fulvius <31437530+LCerebo@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
xml: fix `print_match` not populating `matches` return value (#12013)
* fix(xml): populate matches when print_match is set, fix returned doc
* test(xml): add integration tests for print_match
* changelog: add fragment for PR 12013
---------
(cherry picked from commit abef8f2aed)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
xml: fail for non-string `value`s (#11959)
* fix(xml): coerce boolean values to string with a warning
Fixes#7171
* test(xml): add integration tests for boolean value handling
* changelog: add fragment for PR 11959
* adjustments from review
* test(xml): update boolean-value integration tests to expect failure
Now that xml fails on non-string values, replace the old success-path
tests with failure assertions and add a positive test for quoted strings.
Remove the no-longer-needed result XML fixtures.
* adjustments from review
* fix(xml): correct boolean test assertions to match actual error message format
---------
(cherry picked from commit d87a8a167f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
yarn: add Alpine Linux support in integration tests (#11943)
* test(yarn): add Alpine Linux support via apk
Install nodejs and yarn via apk on Alpine, sharing the functional
test block with the existing non-Alpine (pre-built binary) path.
Extracts the test block into tests.yml to avoid duplication.
Fixes#4270
* fix(yarn): skip Node.js runtime warnings in stderr processing
Node.js 24 emits DeprecationWarning lines to stderr (e.g. for url.parse())
that are not JSON, causing _process_yarn_error to fail with "Unexpected
stderr output from Yarn". Skip lines starting with "(node:" before
attempting JSON parsing.
* test(yarn): add changelog fragment for #11943
* fix(yarn): only JSON-parse lines starting with '{' in stderr
Node.js 24 emits multi-line DeprecationWarnings to stderr (e.g. the hint
line "(Use `node --trace-deprecation ...`") that are not JSON and were
tripping the "Unexpected stderr output from Yarn" failure. Yarn's
structured output always starts with '{', so skip any line that doesn't.
* test(yarn): install sqlite on Alpine to fix nodejs 22 symbol error
On Alpine 3.21 nodejs 22 requires SQLite session extension symbols
(sqlite3session_*) that are not present in sqlite-libs; installing
the full sqlite package provides them.
* test(yarn): refresh apk cache and upgrade sqlite-libs before installing nodejs
The CI Alpine container may have a stale sqlite-libs that lacks the
session extension symbols (sqlite3session_*) required by nodejs 22+.
Force a cache refresh and upgrade sqlite-libs to the latest revision.
* fix(yarn): warn on non-JSON stderr lines instead of silently skipping
Non-JSON lines in stderr (e.g. Node.js runtime DeprecationWarnings) are
surfaced to the user via module.warn() rather than being silently ignored,
since their content and meaning are not known in advance.
* prefix yarn output line
* Update changelogs/fragments/11943-yarn-nodejs-runtime-warnings.yml
---------
(cherry picked from commit 38d49d240e)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
odbc: add Arch Linux support via AUR psqlodbc (#11944)
* test(odbc): add Arch Linux support via AUR psqlodbc
Fixes#4267
* test(setup_postgresql_db): guard Arch Linux initdb with creates
* test(odbc): add setup_remote_tmp_dir dependency
(cherry picked from commit c7be9e4d5b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
test(integration): enable homectl test for ArchLinux (#11945)
* test(integration): enable homectl test for ArchLinux
* install passlib in Arch Linux
* test: requires vm in homectl aliases
(cherry picked from commit 036811e668)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
parted: add unit_preserve_case option to fix unit case in return value (#11813)
* parted: add unit_preserve_case option to fix unit case in return value
Adds O(unit_preserve_case) feature flag (bool, default None) to control
the case of the ``unit`` field in the module return value.
Previously the unit was always lowercased (e.g. ``kib``), making it
impossible to feed ``disk.unit`` back as the ``unit`` parameter without
a validation error. With O(unit_preserve_case=true) the unit is returned
in its original mixed case (e.g. ``KiB``), matching the accepted input
values.
The default (None) emits a deprecation notice; the default will become
V(true) in community.general 14.0.0.
Fixes#1860
* parted: add changelog fragment for PR #11813
* adjustments from review
* Comment 15.0.0 deprecation in option decription.
* parted: fix unit test calls to parse_partition_info after signature change
* parted: fix unit_preserve_case - parted outputs lowercase units in machine mode
Parted's machine-parseable output always uses lowercase unit suffixes
(e.g. ``kib``, ``mib``) regardless of what was passed to the ``unit``
parameter. Removing the explicit ``.lower()`` call was therefore not
enough to preserve case.
Add a ``canonical_unit()`` helper that maps a unit string to its canonical
mixed-case form using ``parted_units`` as the reference, and use it
instead of a bare identity when ``unit_preserve_case=true``.
Also fix a yamllint violation in the DOCUMENTATION block (missing space
after ``#`` in inline comments).
* Update plugins/modules/parted.py
* Update plugins/modules/parted.py
---------
(cherry picked from commit edf8f24959)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Replace Fedora 43 with 44 for devel (#11836)
* Replace Fedora 43 with 44 for devel in CI.
* Adjust tests.
* Adjust flatpak module to Fedora 44.
(cherry picked from commit ef656cb9b6)
Co-authored-by: Felix Fontein <felix@fontein.de>
flatpak: add from_url parameter, deprecate URLs in name (#11748)
* flatpak: add from_url parameter, deprecate URLs in name
Adds a new `from_url` parameter for installing flatpaks from a
.flatpakref URL, using `flatpak install --from <url>`. The `name`
parameter then carries the reverse DNS application ID, enabling
reliable idempotency checks.
Passing URLs directly in `name` is now deprecated and will be
removed in community.general 14.0.0.
Fixes#4000
* flatpak: add changelog fragment for PR #11748
* flatpak: remove deprecation, adjust docs tone
* flatpak: add integration tests for from_url parameter
---------
(cherry picked from commit 972bed66f4)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
integration tests: remove CentOS conditionals (#11715)
* test(integration): remove CentOS references
* further simplification
* more removals
* rollback systemd_info for now
* ufw: not trivially used with RHEL9 and RHEL10, simplifying tests
* remove tasks for setup_epel where unused
* adjustments from review
(cherry picked from commit 79431c36b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
consul integration tests: re-enable on macOS (#11697)
* consul integration tests: re-enable on macOS
- Update consul version to 1.22.6
- Add arm64/aarch64 architecture support
- Fix macOS Gatekeeper quarantine on downloaded binary
- Add wait_for before ACL bootstrap (race condition fix)
- Update HCL config to use tls stanza (required in 1.22)
- Disable gRPC port (conflicts with tls stanza when not configured)
- Remove skip/macos from aliases
Fixes: https://github.com/ansible-collections/community.general/issues/1016
* changelogs/fragments: add PR number for consul tests fix
* remove changelog fragment (test-only PR)
---------
(cherry picked from commit 8b114e999e)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
etcd3: re-enable and fix tests, add unit tests (#11678)
* etcd3: re-enable and fix tests, add unit tests
- Add unit tests for community.general.etcd3 module (12 tests covering
state=present/absent, idempotency, check mode, and error paths)
- Fix integration test setup: update etcd binary to v3.6.9 (from v3.2.14),
download from GitHub releases, add health-check retry loop after start
- Work around etcd3 Python library incompatibility with protobuf >= 4.x
by setting PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python
- Update to FQCNs throughout integration tests
- Re-enable both etcd3 and lookup_etcd3 integration targets
Fixes https://github.com/ansible-collections/community.general/issues/322
* improve use of multiple context managers
---------
(cherry picked from commit d06c83eb68)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
osx_defaults: add dict support (#11659)
* osx_defaults: add dict support
* add changelog frag
* osx_defaults: fix dict idempotency by using plutil -extract for type-preserving read
The previous approach piped `defaults read` output (old-style plist text)
through `plutil -convert json`. Old-style plist loses boolean type info
(booleans appear as 1/0, indistinguishable from integers), causing the
comparison to fail and reporting changed=True on every run.
Fix by exporting the domain binary plist to a temp file and using
`plutil -extract key json` which correctly preserves all plist types
(booleans stay true/false, integers stay integers, etc.).
* change param from bool to str
* Apply suggestion from review
* Update plugins/modules/osx_defaults.py
---------
(cherry picked from commit d6cb56c022)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Remove FreeBSD 14.3 for devel, and replace macOS 15.3 with 26.3 (#11631)
* Replace FreeBSD 14.3 with 14.4, and macOS 15.3 with 26.3.
* FreeBSD 14.4 seems to have the same problem as FreeBSD 15.0, disabling for now.
(cherry picked from commit b4336659f6)
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Replace apt_repository and apt_key with deb822_repository (#11625)
Replace apt_repository and apt_key with deb822_repository.
(cherry picked from commit bc22fbcaa0)
Co-authored-by: Felix Fontein <felix@fontein.de>
merge_variables: extended merge capabilities added (#11536)
* merge_variables: extended merge capabilities added
This extension gives you more control over the variable merging process of the lookup plugin `merge_variables`. It closes the gap between Puppet's Hiera merging capabilities and the limitations of Ansible's default variable plugin `host_group_vars` regarding fragment-based value definition. You can now decide which merge strategy should be applied to dicts, lists, and other types. Furthermore, you can specify a merge strategy that should be applied in case of type conflicts.
The default behavior of the plugin has been preserved so that it is fully backward-compatible with the already implemented state.
* Update changelogs/fragments/11536-merge-variables-extended-merging-capabilities.yml
* Update plugins/lookup/merge_variables.py
* Periods added at the end of each choice description
* Update plugins/lookup/merge_variables.py
* ref: follow project standard for choice descriptions
* ref: more examples added and refactoring
* Update plugins/lookup/merge_variables.py
* ref: some more comments to examples added
* fix: unused import removed
* ref: re-add "merge" to strategy map
* Update comments
* Specification of transformations solely as string
* Comments updated
* ref: `append_rp` and `prepend_rp` removed
feat: options dict for list transformations re-added
feat: allow setting `keep` for dedup transformation with possible values: `first` (default) and `last`
* ref: improve options documentation
* ref: documentation improved, avoiding words like newer or older in merge description
* Update plugins/lookup/merge_variables.py
* ref: "prio" replaced by "dict"
* feat: two integration tests added
---------
(cherry picked from commit dae2157bb7)
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Christoph Fiehe <cfiehe@users.noreply.github.com>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
