ModuleHelper: ensure compatibility with `ModuleTestCase` (#11488)
* ModuleHelper: ensure compatibility with `ModuleTestCase`.
This change allows to configure the `module_fails_on_exception` decorator by passing a tuple of exception types that should not be handled by the decorator itself. In the context of `ModuleTestCase`, use `(AnsibleExitJson, AnsibleFailJson)` to let them pass through the decorator without modification.
* Another approach allowing user-defined exception types to pass through the decorator. When the decorator should have no arguments at all, we must hard code the name of the attribute that is looked up on self.
* Approach that removes decorator parametrization and relies on an object/class variable named `unhandled_exceptions`.
* context manager implemented that allows to pass through some exception types
* Update changelogs/fragments/11488-mh-ensure-compatibiliy-with-module-tests.yml
* Exception placeholder added
---------
(cherry picked from commit 5e0fd1201c)
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Christoph Fiehe <cfiehe@users.noreply.github.com>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
keycloak module utils: group search optimization (#11503)
* Updated get_group_by_name with a query based lookup for improved speed
* Add changelog fragment for keycloak group search optimization
* Address review feedback: update changelog text and reformat code with ruff
* improved changelog fragment
* Update changelogs/fragments/11503-keycloak-group-search-optimization.yml
---------
(cherry picked from commit 85a0deeeba)
Co-authored-by: Andreas Wegmann <andreas.we9mann@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
seport: Add support for dccp and sctp protocols (#11486)
Support for dccp and sctp protocols were added to SELinux userspace
python libraries in 3.0 version release in November 2019.
(cherry picked from commit c05c31334b)
Co-authored-by: Petr Lautrbach <lautrbach@redhat.com>
maven_artifact: resolve SNAPSHOT to latest using snapshot metadata block (#11501)
* fix(maven_artifact): resolve SNAPSHOT to latest using snapshot metadata block
Prefer the <snapshot> block (timestamp + buildNumber) from maven-metadata.xml
which always points to the latest build, instead of scanning <snapshotVersions>
and returning on the first match. Repositories like GitHub Packages keep all
historical entries in <snapshotVersions> (oldest first), causing the module to
resolve to the oldest snapshot instead of the latest.
Fixes#5117Fixes#11489
* fix(maven_artifact): address review feedback
- Check both timestamp and buildNumber before using snapshot block,
preventing IndexError when buildNumber is missing
- Remove unreliable snapshotVersions scanning fallback; use literal
-SNAPSHOT version for non-unique snapshot repos instead
- Add tests for incomplete snapshot block and non-SNAPSHOT versions
* fix(maven_artifact): restore snapshotVersions scanning with last-match
Restore <snapshotVersions> scanning as primary resolution (needed for
per-extension accuracy per MNG-5459), but collect the last match instead
of returning on the first. Fall back to <snapshot> block when no
<snapshotVersions> match is found, then to literal -SNAPSHOT version.
* docs: update changelog fragment to match final implementation
* fix(maven_artifact): use updated timestamp for snapshot resolution
Use the <updated> attribute to select the newest snapshotVersion entry
instead of relying on list order. This works independently of how the
repository manager sorts entries in maven-metadata.xml.
Also fix test docstring and update changelog fragment per reviewer
feedback.
* test(maven_artifact): shuffle entries to verify updated timestamp sorting
Reorder snapshotVersion entries so the newest JAR is in the middle,
not at the end. This ensures the test actually validates that resolution
uses the <updated> timestamp rather than relying on list position.
(cherry picked from commit ed7ccbe3d4)
Co-authored-by: Adam R. <ariwk@protonmail.com>
keycloak_identity_provider: add claims example for oidc-advanced-group-idp-mapper (#11500)
Add claims example for oidc-advanced-group-idp-mapper
For me it wasn't clear how to create claims using oidc-advanced-group-idp-mapper, perhaps other people can benefit from the following example.
(cherry picked from commit c9313af971)
Co-authored-by: David Filipe <68902816+daveopz@users.noreply.github.com>
Update check_availability_service to return data instead of boolean (#11504)
* Update check_availability_service to return data instead of boolean
* Add changelog fragment
(cherry picked from commit 8729f563b3)
Co-authored-by: Scott Seekamp <13857911+sseekamp@users.noreply.github.com>
python_requirements_info: use importlib.metadata when available (#11495)
Use importlib.metadata when available.
(cherry picked from commit 88adca3fb4)
Co-authored-by: Felix Fontein <felix@fontein.de>
Integration tests: replace ansible_xxx with ansible_facts.xxx (#11479)
Replace ansible_xxx with ansible_facts.xxx.
(cherry picked from commit 476f2bf641)
Co-authored-by: Felix Fontein <felix@fontein.de>
keycloak_client: add valid_post_logout_redirect_uris and backchannel_logout_url (#11473)
* feat(keycloak_client): add valid_post_logout_redirect_uris and backchannel_logout_url
Add two new convenience parameters that map to client attributes:
- valid_post_logout_redirect_uris: sets post.logout.redirect.uris
attribute (list items joined with ##)
- backchannel_logout_url: sets backchannel.logout.url attribute
These fields are not top-level in the Keycloak REST API but are stored
as client attributes. The new parameters provide a user-friendly
interface without requiring users to know the internal attribute names
and ##-separator format.
Fixes#6812, fixes#4892
* consolidate changelog and add PR link per review feedback
(cherry picked from commit df6d6269a6)
Co-authored-by: Ivan Kokalovic <67540157+koke1997@users.noreply.github.com>
community.general.copr: clarify includepkgs/excludepkgs (#11464)
At first glance, includepkgs seems to be something that would install
the package name from the given copr repo. This isn't helped by the
example that says "Install caddy" which very much looks like it is
installing the package from the repo. Not only did I, a human,
hallucinate this behaviour, so did a large search engine's AI
responses to related queries.
In fact these are labels to vary what packages DNF sees. Clarify this
by using wording and examples closer to the upstream documentation [1]
[1] https://dnf.readthedocs.io/en/latest/conf_ref.html
(cherry picked from commit 8b0ce3e28f)
Co-authored-by: Ian Wienand <ian@wienand.org>
keycloak_realm_key: handle missing config fields for default keys (#11470)
* fix(keycloak_realm_key): handle missing config fields for default keys
Keycloak API may not return 'active', 'enabled', or 'algorithm' fields
in the config response for default/auto-generated realm keys. This caused
a KeyError when the module tried to compare these fields during state
detection.
Use .get() with the expected value as default to handle missing fields
gracefully, treating them as unchanged if not present in the API response.
Fixes: #11459
* add PR link to changelog entry per review feedback
(cherry picked from commit 106817316d)
Co-authored-by: Ivan Kokalovic <67540157+koke1997@users.noreply.github.com>
keycloak: URL-encode query parameters for usernames with special characters (#11472)
* fix(keycloak): URL-encode query params for usernames with special chars
get_user_by_username() concatenates the username directly into the URL
query string. When the username contains a +, it is interpreted as a
space by the server, returning no match and causing a TypeError.
Use urllib.parse.quote() (already imported) for the username parameter.
Also replace three fragile .replace(' ', '%20') calls in the authz
search methods with proper quote() calls.
Fixes#10305
* Update changelogs/fragments/keycloak-url-encode-query-params.yml
---------
(cherry picked from commit c41de53dbb)
Co-authored-by: Ivan Kokalovic <67540157+koke1997@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
keycloak_client: remove id's as change from diff for protocol mappers (#11454)
* 11453 remove id's as change from diff for protocol mappers
* Update changelogs/fragments/11453-keycloak-client-protocol-mapper-ids.yml
---------
(cherry picked from commit b236772e57)
Co-authored-by: Simon Moosbrugger <707958+simonmoosbrugger@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
fix gem module compatibility with ruby-4-rubygems (#11442)
* fix gem module compatibility with ruby-4-rubygems
rubygem's `query` command has recently been removed, see ruby/rubygems#9083.
address this by using the `list` command instead.
resolves#11397
* add changelog
* Adjust changelog fragment.
---------
(cherry picked from commit 72220a2b15)
Co-authored-by: glaszig <mail+github@glasz.org>
Co-authored-by: Felix Fontein <felix@fontein.de>
Logstash plugin version fix (#11440)
* logstash_plugin: fix argument order when using version parameter
* logstash_plugin: add integration tests
* logstash_plugin: add changelog fragment
(cherry picked from commit 53e1e86bcc)
Co-authored-by: Nicolas Boutet <amd3002@gmail.com>
Adding 'project' parameter to Scaleway IP module. (#11368)
* Adding 'project' parameter to Scaleway IP module.
* Adding changelog fragment.
* Incrementing version.
* Updating docs to show both org and project ID options.
* Moving deprecated example to the end.
---------
(cherry picked from commit aada864718)
Co-authored-by: Greg Harvey <greg.harvey@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Adding 'project' parameter support for the Scaleway SG module. (#11366)
* Adding 'project' parameter support for the Scaleway SG module.
* Adding changelog fragment.
* Fixing documentation, organization is deprecated (although still available).
* Updating docs to show both org and project ID options.
* Incrementing version.
* Moving deprecated example to the end.
---------
(cherry picked from commit c0df366471)
Co-authored-by: Greg Harvey <greg.harvey@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Add `to_toml` filter (#11423)
* Add to_toml filter
This is based heavily on the to_yaml filter, but
with a pared-down feature set.
* Protect import
* Don't quote datetime as a string
* Use Ansible error types
* Import correct error types
* Don't use AnsibleTypeError
It doesn't seem to be available on older Ansible
core versions.
* Fix antsibull-nox errors
* Install dependencies for to_toml integration test
* Reduce author list to main contributor
* Update version added for to_toml
* Use AnsibleError for missing import
* Use AnsibleFilterError for runtime type check
* Move common code to plugin_utils/_tags.py
* Mark module util as private
* Update BOTMETA for to_toml
* Fix typo
* Correct version number
* Use to_text for to_toml dict key conversions
* Add tomlkit requirement to docs
* Add missing import
* Add aliases for for to_toml integration test
---------
(cherry picked from commit 864695f898)
Co-authored-by: Matt Williams <matt@milliams.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
nsupdate: add server FQDN and GSS-TSIG support (#11425)
* nsupdate: support server FQDN
Right now, the server has to be specified as an IPv4/IPv6 address. This
adds support for specifing the server as a FQDN as well.
* nsupdate: support GSS-TSIG/Kerberos
Add support for GSS-TSIG (Kerberos) keys to nsupdate. This makes life
easier when working with Windows DNS servers or Bind in a Kerberos
environment.
Inspiration taken from here:
https://github.com/rthalley/dnspython/pull/530#issuecomment-1363265732Closes: #5730
* nsupdate: introduce query helper function
This simplifies the code by moving the protocol checks, etc, into a
single place.
* nsupdate: try all server IP addresses
Change resolve_server() to generate a list of IPv[46] addresses, then
try all of them in a round-robin fashion in query().
* nsupdate: some more cleanups
As suggested in the PR review.
* nsupdate: apply suggestions from code review
---------
(cherry picked from commit 9fcd9338b1)
Co-authored-by: David Härdeman <david@hardeman.nu>
Co-authored-by: Felix Fontein <felix@fontein.de>
time-command.py: make sure seconds is an int (#11421)
Make sure seconds is an int.
(cherry picked from commit 9611dc258a)
Co-authored-by: Felix Fontein <felix@fontein.de>
Add option for wsl_shell_type, protect wsl.exe arguments if SSH shell is Powershell (#11308)
* feat(wsl): add option for wsl_shell_type, protect wsl arguments if SSH shell is Powershell
* docs(wsl): add changelog fragment
* docs(wsl): fix changelog fragment syntax, add issue link
* feat(wsl): improve new option documentation
* refactor(wsl): put integrasion test flag into a variable for convenience
* feat(wsl): rename option to wsl_remote_ssh_shell_type
* feat(wsl): escape "%" if shell is cmd, raise AnsibleError if powershell
* test(wsl): fix unit tests for wsl
- remove redundant check - moved to a separate function
- fix check for cmd escaping of "%"
- fix formatting / whitespace
* test(wsl): fix expected error message
* test(wsl): fix test - position of stop-parsing token changed
---------
(cherry picked from commit 4b67afc2b0)
Co-authored-by: fizmat <fizmat.r66@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Arch Linux switched to Python 3.14 (#11417)
Arch Linux switched to Python 3.14.
(cherry picked from commit a689bb8e8d)
Co-authored-by: Felix Fontein <felix@fontein.de>
Configure sorting imports in CI and formatting (#11410)
* Add reformat commit to .git-blame-ignore-revs.
* Make ruff also check the import order.
* Add ruff check --fix for imports to the nox formatting session.
(cherry picked from commit 91efa27cb9)
move imports from functions to the top of the file (#11396)
* move imports from functions to the top of the file
* add changelog frag
* Apply suggestions from code review
---------
(cherry picked from commit c8356981bb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Let the Python formatters and linters apply to all files in the collection (#11385)
Let the Python formatters and linters apply to all files in the collection.
(cherry picked from commit d1352702f9)
Co-authored-by: Felix Fontein <felix@fontein.de>
Update RHEL 9.x to 9.7 in CI (#11387)
* Update RHEL 9.x to 9.7 in CI.
* Add skips.
(cherry picked from commit d4089ca29a)
Co-authored-by: Felix Fontein <felix@fontein.de>
Support diff mode for netcup-dns module (#11376)
* support diff mode for netcup-dns module
* Fix issue with yaml encoding after testing
* Add changelog fragment
* Fixed: proper and robust yaml import
* Remove need for yaml import
* Show whole zone in diff for context
* Update changelogs/fragments/11376-netcup-dns-diff-mode.yml
* Update plugins/modules/netcup_dns.py
---------
(cherry picked from commit 75234597bc)
Co-authored-by: mqus <8398165+mqus@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Clean up other Python files (#11379)
* Address issues found by ruff check.
* Make mypy happy; remove some Python 2 compat code.
* Also declare port1.
(cherry picked from commit b3dc06a7dd)
Co-authored-by: Felix Fontein <felix@fontein.de>
