* osx_defaults: add dict support
* add changelog frag
* osx_defaults: fix dict idempotency by using plutil -extract for type-preserving read
The previous approach piped `defaults read` output (old-style plist text)
through `plutil -convert json`. Old-style plist loses boolean type info
(booleans appear as 1/0, indistinguishable from integers), causing the
comparison to fail and reporting changed=True on every run.
Fix by exporting the domain binary plist to a temp file and using
`plutil -extract key json` which correctly preserves all plist types
(booleans stay true/false, integers stay integers, etc.).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* change param from bool to str
* Apply suggestion from review
* Update plugins/modules/osx_defaults.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm: Add support for setting first broker login flow
* Update plugins/modules/keycloak_realm.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add changelog fragment
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix setting_types() to properly handle routing_rules as a list type
* Add changelog fragment for ipv6.routing-rules bugfix
* Update changelogs/fragments/11630-nmcli-ipv6-routing-rules.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add PR URL to changelog fragment
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* feat(supervisorctl): skip no such process for all
Do not fail, if there are no matching processes for name=all
* feat(supervisorctl): add changelog
* Update 11621-skip-no_such_process-for-name-all.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(supervisorctl): replace single quotes to double
---------
Co-authored-by: zr0dy <zr0dy@mail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* merge_variables: extended merge capabilities added
This extension gives you more control over the variable merging process of the lookup plugin `merge_variables`. It closes the gap between Puppet's Hiera merging capabilities and the limitations of Ansible's default variable plugin `host_group_vars` regarding fragment-based value definition. You can now decide which merge strategy should be applied to dicts, lists, and other types. Furthermore, you can specify a merge strategy that should be applied in case of type conflicts.
The default behavior of the plugin has been preserved so that it is fully backward-compatible with the already implemented state.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update changelogs/fragments/11536-merge-variables-extended-merging-capabilities.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Periods added at the end of each choice description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* ref: follow project standard for choice descriptions
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: more examples added and refactoring
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: some more comments to examples added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* fix: unused import removed
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: re-add "merge" to strategy map
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update comments
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Specification of transformations solely as string
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Comments updated
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: `append_rp` and `prepend_rp` removed
feat: options dict for list transformations re-added
feat: allow setting `keep` for dedup transformation with possible values: `first` (default) and `last`
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: improve options documentation
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: documentation improved, avoiding words like newer or older in merge description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: "prio" replaced by "dict"
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* feat: two integration tests added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
---------
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* github_secrets_info: new module
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* clean tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove pynacl dep
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* fqcn
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove excess output
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* just return result as sample
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* only print secrets, adapt tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* t is for typing, and typing is what we did
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* add info_module attributes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---------
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* add support for managing GitHub secrets
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* fix tab
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update for sanity
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* more sanity fixes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update botmeta
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* formating
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove list function
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove docstring, format text strings and return codes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* switch to deps
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* black and ruff doesnt get along
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* initial unit tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update non-existing secret test
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update description and details
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* handle when a secret cant be deleted
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* fail if not acceptable error codes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* add test for non-acceptable status codes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove local ruff config
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* allow empty strings
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* set required_
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* extend tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* cleanup
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* cover all, got a git urlopen error
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* cover all, got a git urlopen error
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* ensure value cant be None
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* check_mode
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* bump to 12.5.0
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* extend check_mode and related tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* split constants and return dict when checking secret
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* switch to HTTPStatus
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* replace DELETE and UPDATE with NO_CONTENT
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* update tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* ipa_dnsrecord fix error when using dnsttl and nothing to change
* Add changelog and bump version
* ipa_dnsrecord list comp in dnsrecord_find
Co-authored-by: Felix Fontein <felix@fontein.de>
* 11559 changelog fragment fix capitalization
* ipa_dnsrecord dnsrecord_find ttl transform to integer always
* ipa_dnsrecord dnsrecord_find method refactor
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add module logrotate
* add values for start
* fix docs
* version 12.5.0 and fix test
---------
Co-authored-by: Александр Габидуллин <agabidullin@astralinux.ru>
* Binary attribute support for `ldap_attrs` and `ldap_entry`
This commit implements binary attribute support for the `ldap_attrs` and
`ldap_entry` plugins. This used to be "supported" before, because it was
possible to simply load arbitrary binary data into the attributes, but
no longer functions on recent Ansible versions.
In order to support binary attributes, this commit introduces two new
options to both plugins:
* `binary_attributes`, a list of attribute names which will be
considered as being binary,
* `honor_binary_option`, a flag which is true by default and will
handle all attributes that include the binary option (see RFC 4522)
as binary automatically.
When an attribute is determined to be binary through either of these
means, the plugin will assume that the attribute's value is in fact
base64-encoded. It will proceed to decode it and handle it accordingly.
While changes to `ldap_entry` are pretty straightforward, more work was
required on `ldap_attrs`.
* First, because both `present` and `absent` state require checking
the attribute's current values and normally do that using LDAP search
queries for each value, a specific path for binary attributes was
added that loads and caches all values for the attribute and compares
the values in the Python code.
* In addition, generating both the modlist and the diff output require
re-encoding binary attributes' values into base64 so it can be
transmitted back to Ansible.
* Various fixes on `ldap_attrs`/`ldap_entry` from PR 11558 discussion
* Rename `honor_binary_option` to `honor_binary`
* Add some general documentation about binary attributes
* Fix changelog fragment after renaming one of the new options
* Add examples of `honor_binary` and `binary_attributes`
* Add note that indicates that binary values are supported from 12.5.0+
* Fix punctuation
* Add links to RFC 4522 to `ldap_attrs` and `ldap_entry`
* Catch base64 decoding errors
* Rephrase changelog fragment
* Use f-string to format the encoding error message
* nmcli: fix idempotency issue with macvlan
The nmcli module is not idempotent for macvlan interfaces.
Ansible running in diff mode for a case where the interface in question
already exists:
```
TASK [nm_macvlan : Check macvlan connection] *********************************************************************************
--- before
+++ after
@@ -11,5 +11,5 @@
"ipv6.method": "disabled",
"macvlan.mode": "2",
"macvlan.parent": "eth0",
- "macvlan.tap": "no"
+ "macvlan.tap": "False"
}
```
The problem is that `macvlan.tap` isn't treated as boolean option. Fix it.
* Update changelogs/fragments/11551-fix-nmcli-idempotency-for-macvlan.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* TIAAS-12174: fix(keycloak_authentication): handle None authenticationExecutions
When a flow is defined without authenticationExecutions, module.params.get()
returns None but the key still exists in the config dict. The 'in' check
passes but iterating over None raises TypeError.
Guard the iteration with an explicit None check.
* keycloak_authentication: add changelog fragment for NoneType fix
* keycloak_authentication: update changelog fragment with PR link
* Update plugins/modules/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Changelog polishing
---------
Co-authored-by: Ivan Kokalovic <ivan.kokalovic@example.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Allowing the domain suffix to be appended independent of the `host_fqdn`
setting enables the inventory plugin to construct proper FQDNs if a
network has the `dns.domain` property set. Otherwise you would always
end up with something like `host01.project.local.example.net` despite
`host01.example.net` being the expected result.
* Deprecate the Log Analytics callback plugin
The Azure Monitor "HTTP Data Collector API" has been deprecated by
Microsoft. The old API has been replaced by the new "Logs Ingestion
API", which will require a new callback plugin due to major differences
between the APIs.
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
