* fix(zypper_repository): stop .repo file content overriding user-specified enabled/autorefresh/gpgcheck
When repo= pointed to a .repo file, values parsed from that file were
overwriting the desired state set from module params, causing enabled: false
to have no effect.
Fixes#8783
* changelog: add fragment for PR 12022
* fix(zypper_repository): preserve .repo file settings when parameters are not explicitly provided
When enabled/autorefresh/disable_gpg_check are not provided by the user,
fall back to values from the .repo file before applying hard defaults,
so that existing tasks relying on the .repo file content are not broken.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(xml): preserve DOCTYPE declaration when writing XML files
Pass `doctype=tree.docinfo.doctype` to all `ElementTree.write()` calls
so lxml does not silently drop the DOCTYPE on serialization. Also replace
`etree.tostring()` with BytesIO+write() in the diff and xmlstring paths
for consistency.
Fixes#2762
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(xml): add integration test for DOCTYPE preservation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for xml DOCTYPE fix (#12148)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(launchd): restarted and reloaded always report changed
Both actions unconditionally execute commands (unload/load/start),
so changed must always be True in non-check mode, regardless of
whether the PID or state happened to match before and after.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12122
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(launchd): restarted and reloaded always report changed in check mode too
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* consolidate if branches
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(udm_dns_record): normalize IPv6 addresses before comparison
UCS stores IPv6 addresses in expanded form; providing a shortened address
causes obj.diff() to always detect a difference and report changed=True.
Normalize IPv6 values in the data dict to exploded form before updating
the Univention object.
Fixes#317
* changelog: add fragment for PR 12149
* add type hint
* fix(java_cert): remove -noprompt from keytool -list to allow stdin password
-noprompt is not a valid option for keytool -list (only for importkeystore/
importcert). On Java 8, passing it caused keytool to skip reading the store
password from stdin, resulting in a null password and NullPointerException.
Fixes#3023
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(java_cert): add idempotency test for pkcs12 import with password
Exercises _export_public_cert_from_pkcs12 when the alias already exists,
verifying the password is correctly read from stdin on the comparison path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12151
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(counter_enabled): display output for looped tasks with delegate_to
Implement v2_runner_item_on_ok, v2_runner_item_on_failed, and
v2_runner_item_on_skipped so that looped tasks (including those
using delegate_to: localhost) produce visible output.
Also extract _host_label, _display_result_ok, _display_result_failed,
and _display_result_skipped helpers to eliminate repeated delegation
and message-building logic across the callback methods.
Fixes#8187
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog(counter_enabled): add fragment for PR #12067
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(counter_enabled): add integration tests, adjust _host_label
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(counter_enabled): migrate integration tests to callback test framework
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(counter_enabled): fix integration tests to use set_fact instead of debug
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* xenserver_guest_info: use fallback chain for VDI format detection
* changelog: add PR URL to
changelog fragment
* test: set mismatched vdi_type in vm-3 fixture to test fallback chain precedence
Set vdi_type to "vhd" while image-format remains "qcow2" so the unit
test verifies that image-format takes precedence in the fallback chain.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: treat chdev execution failures as module errors in aix_devices
##### SUMMARY
Fix the aix_devices module so that a failed chdev command is reported as a module failure instead of a successful result.
The previous implementation called fail_json incorrectly by returning success through the normal completion path when chdev returned a non-zero exit status. This could allow a playbook to continue even though the requested device attribute change was not applied.
This change replaces the success-style error handling with proper failure handling in the chdev execution path, making task results consistent with the actual command outcome.
##### ISSUE TYPE
- Bugfix Pull Request
##### COMPONENT NAME
aix_devices
##### ADDITIONAL INFORMATION
The affected code path is in change_device_attr() when the module executes chdev to apply attribute updates.
Before this change:
- chdev could fail
- the module could still report success
- later tasks could run against an unexpected system state
After this change:
- chdev failures are returned through fail_json
- the task stops with an error
- playbook behavior matches the real execution result
```paste below
Before:
module.exit_json(msg="Failed to run chdev.", rc=rc, err=err)
After:
module.fail_json(msg="Failed to run chdev.", rc=rc, err=err)
```
* Add changelog fragment for aix_devices chdev failure fix (#12185)
---------
Co-authored-by: Hirofumi Arimoto <harimoto@jp.ibm.com>
* opkg - path_prefix needs to be a list
path_prefix is passed to get_bin_path() which expects opt_dirs to be a list
of paths. Passing in a string instead of a list of paths results in incorrect
values being adding to the path when searching for the command to run.
* Add changelog
* filetree lookup - handle invalid exclude regex with AnsibleError Wrap re.compile() for the exclude option so invalid regular expressions produce a clear AnsibleError instead of an uncaught re.error traceback.
* add changelog fragment
* add changelog fragment
* Fix changelog fragment line endings (LF)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Used AnsibleLookupError instead of AnsibleError
* Update changelogs/fragments/12140-filetree-exclude-regex-error.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Used AnsibleLookupError instead of AnsibleError
* Updated changelog format
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12123
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(consul_kv): add empty_value option for null Consul values
Add the ``empty_value`` option to the ``consul_kv`` lookup plugin, allowing
users to control what is returned when a key exists in Consul but has a
null/empty value. Defaults to ``'None'`` to preserve existing behaviour.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12120
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(consul_kv): make empty_value a choices option
Replace the free-form string empty_value with a choices option:
textual_none (default, legacy behaviour), python_none, empty_string.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs(consul_kv): use dict form for empty_value choices
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(pamd): handle non-PAM lines in authselect profile files
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(pamd): add test for authselect directive lines
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12137
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fixes issue #12112
* adjust PR ID
* adjust PR ID, mistake was made
* adjust PR ID
* I messed up all these numbers
---------
Co-authored-by: Stefan Midjich <stefan@sydit.se>
* xenserver_guest_info: add VDI uuid and vdi_type to disk info
Add uuid and vdi_type (VHD/QCOW2) fields to the disk information
returned by xenserver_guest_info module.
Fixes#11998
* changelog: add PR URL to changelog fragment
* xenserver_guest_info: add uuid and vdi_type to RETURN example output
* snap: enforce hold when installing at a specific revision
When `revision` is specified, run `snap refresh --hold` after install/refresh
to actually pin the snap and prevent automatic updates from overriding it.
Detects hold-mismatch idempotently via the Notes column of `snap list`.
Fixes#12088
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for snap hold fix (#12097)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(snap): remove incorrect manual-refresh assertion from hold test
snap refresh --hold only blocks the snapd auto-refresh daemon; a manual
snap refresh bypasses the hold. Remove the block that ran snap refresh
manually and asserted the revision was unchanged.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* snap: add bare-refresh hold test and docs warning for manual refresh bypass
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Get rid of unnecessary dummy variables.
* wrap_async isn't defined if the if condition isn't true.
* _back is in module_args if and only if both starter_cmd and confirm_cmd are not None.
* Add changelog.
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
* Start opentelemetry spans on host start instead of task start
v2_playbook_on_task_start does not have the host information, so spans
would always start at the same time for every host in that task, even if
they started at different times, like when hosts > forks with strategy
host_pinned. This also hides the duration of the task for that host.
This change uses the newer v2_runner_on_start callback and adds the acutal
host start time to the span. The change is backwards compatible with ansible
versions that do not have v2_runner_on_start and makes no assumptions around
the ordering of v2_runner_on_start and v2_playbook_on_task_start.
* Add changelog fragment
* Remove redundant callback hooks
v2_runner_on_starts gets called by ansible right after the strategy has called on_task_start or on_handler_start. So there is no need to keep this code as the minimum ansible-core version is guaranteed to have this function. on_cleanup (removed around ansible-core 2.0) and on_no_hosts (removed around ansible-core 2.5) never get called.
* Fix unreachable hosts causing exceptions
If finish_task is never called for a host the result object stays None, which caused an exception in update_span_data. This was the case for unreachable hosts, as the callback plugin did not implement v2_runner_on_unreachable.
* Fix import order in test_opentelemetry
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(xml): no-op when predicated xpath finds no match instead of creating nodes
When using xpath like element[text()='old'] with value=new, a no-match due
to the predicate not being satisfied incorrectly triggered node creation,
corrupting the XML. Now treats predicate misses as a no-op.
Fixes#8730
* changelog(xml): add fragment for PR #12031
* fix(xml): remove spurious test-unset-element-value include from main.yml
That file belongs to a different branch and was accidentally dragged in
during a stash conflict resolution.
* feat(xml): add create_if_missing option to control node creation on value no-match
Instead of implicitly creating nodes when value is set and xpath finds no match,
expose create_if_missing (default true, preserving old behavior) so callers
can opt into a silent no-op with create_if_missing=false.
Fixes#8730
* feat: Custom telegram api host
* fix: default param telegram api host
* fix: default api_host for DOCUMENTATION
* fix: Documentation and example
* changelog: add bugfix fragment for telegram api_host
* fix: use [] for module.params access
* feat(snap): support snap system configuration via name=system
Treat `system` as a virtual snap that is always considered installed,
bypassing snap info lookup and install/refresh logic, while still
allowing snap set/get operations via the options parameter.
Fixes#11266
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs(snap): note version_added for system support; add changelog fragment
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* gitlab_user: update SSH keys when key material changes
Compare SSH keys by key type and key material so comment-only differences remain idempotent while changed keys are replaced. Add unit and integration coverage for SSH key updates.
Fixes#6516
* gitlab_user: add SSH key update modes
Restore backward-compatible same-name SSH key handling by default and
add explicit update and deduplicate modes for controlled replacement
behavior.
Refs: #6516
* Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* fix(bundler): replace deprecated CLI flags with BUNDLE_* env vars
Bundler 2.1 deprecated --deployment, --without, --path, --clean, and
--binstubs; Bundler 4 has removed --clean entirely. Pass these options
as BUNDLE_* environment variables instead, which have been supported
since Bundler 1.0.0 and are scoped to the process (no persistent
.bundle/config written).
Fixes#4583, fixes#11380
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(bundler): add changelog fragment for PR #12024
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(datadog_downtime): convert uuid field to str for datadog-api-client>=2.28.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12019
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(nmap inventory): add skip_host_discovery option (-Pn)
Adds skip_host_discovery option to suppress nmap's default host
discovery probes (TCP SYN to 80/443), which caused unexpected traffic
when scanning remote hosts over VPN or through firewalls.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for nmap skip_host_discovery option (#11955)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(xml): populate matches when print_match is set, fix returned doc
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(xml): add integration tests for print_match
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12013
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(pam_limits): only create backup when file is actually changed
Fixes#12011
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12014
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
