* add support for management of keycloak localizations
* unit test for keycloak localization support
* keycloak_realm_localization botmeta record
* rev: improvements after code review
* fix(maven_artifact): resolve SNAPSHOT to latest using snapshot metadata block
Prefer the <snapshot> block (timestamp + buildNumber) from maven-metadata.xml
which always points to the latest build, instead of scanning <snapshotVersions>
and returning on the first match. Repositories like GitHub Packages keep all
historical entries in <snapshotVersions> (oldest first), causing the module to
resolve to the oldest snapshot instead of the latest.
Fixes#5117Fixes#11489
* fix(maven_artifact): address review feedback
- Check both timestamp and buildNumber before using snapshot block,
preventing IndexError when buildNumber is missing
- Remove unreliable snapshotVersions scanning fallback; use literal
-SNAPSHOT version for non-unique snapshot repos instead
- Add tests for incomplete snapshot block and non-SNAPSHOT versions
* fix(maven_artifact): restore snapshotVersions scanning with last-match
Restore <snapshotVersions> scanning as primary resolution (needed for
per-extension accuracy per MNG-5459), but collect the last match instead
of returning on the first. Fall back to <snapshot> block when no
<snapshotVersions> match is found, then to literal -SNAPSHOT version.
* docs: update changelog fragment to match final implementation
* fix(maven_artifact): use updated timestamp for snapshot resolution
Use the <updated> attribute to select the newest snapshotVersion entry
instead of relying on list order. This works independently of how the
repository manager sorts entries in maven-metadata.xml.
Also fix test docstring and update changelog fragment per reviewer
feedback.
* test(maven_artifact): shuffle entries to verify updated timestamp sorting
Reorder snapshotVersion entries so the newest JAR is in the middle,
not at the end. This ensures the test actually validates that resolution
uses the <updated> timestamp rather than relying on list position.
* feat(keycloak_client): add valid_post_logout_redirect_uris and backchannel_logout_url
Add two new convenience parameters that map to client attributes:
- valid_post_logout_redirect_uris: sets post.logout.redirect.uris
attribute (list items joined with ##)
- backchannel_logout_url: sets backchannel.logout.url attribute
These fields are not top-level in the Keycloak REST API but are stored
as client attributes. The new parameters provide a user-friendly
interface without requiring users to know the internal attribute names
and ##-separator format.
Fixes#6812, fixes#4892
* consolidate changelog and add PR link per review feedback
* fix(keycloak): URL-encode query params for usernames with special chars
get_user_by_username() concatenates the username directly into the URL
query string. When the username contains a +, it is interpreted as a
space by the server, returning no match and causing a TypeError.
Use urllib.parse.quote() (already imported) for the username parameter.
Also replace three fragile .replace(' ', '%20') calls in the authz
search methods with proper quote() calls.
Fixes#10305
* Update changelogs/fragments/keycloak-url-encode-query-params.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add to_toml filter
This is based heavily on the to_yaml filter, but
with a pared-down feature set.
* Protect import
* Don't quote datetime as a string
* Use Ansible error types
* Import correct error types
* Don't use AnsibleTypeError
It doesn't seem to be available on older Ansible
core versions.
* Fix antsibull-nox errors
* Install dependencies for to_toml integration test
Co-authored-by: Felix Fontein <felix@fontein.de>
* Reduce author list to main contributor
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version added for to_toml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use AnsibleError for missing import
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use AnsibleFilterError for runtime type check
Co-authored-by: Felix Fontein <felix@fontein.de>
* Move common code to plugin_utils/_tags.py
* Mark module util as private
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update BOTMETA for to_toml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix typo
* Correct version number
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use to_text for to_toml dict key conversions
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add tomlkit requirement to docs
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add missing import
* Add aliases for for to_toml integration test
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(wsl): add option for wsl_shell_type, protect wsl arguments if SSH shell is Powershell
* docs(wsl): add changelog fragment
* docs(wsl): fix changelog fragment syntax, add issue link
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(wsl): improve new option documentation
Co-authored-by: Felix Fontein <felix@fontein.de>
* refactor(wsl): put integrasion test flag into a variable for convenience
* feat(wsl): rename option to wsl_remote_ssh_shell_type
* feat(wsl): escape "%" if shell is cmd, raise AnsibleError if powershell
* test(wsl): fix unit tests for wsl
- remove redundant check - moved to a separate function
- fix check for cmd escaping of "%"
- fix formatting / whitespace
* test(wsl): fix expected error message
* test(wsl): fix test - position of stop-parsing token changed
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add sssd_info module
* fix f-stings and remove support python2
* fix imports custom lib
* fix whitespace and add missing_required_lib
* fix str and add version
* try add mock test
* fix module and mock tests check
* fix required in main module
* fix spaces
* fix linters
* add final newline
* fix version of module
* fix description and error handling
* swap literal to dict
* fix str
* remove comment in methods
* remove _get in methods
* fix name method in test
* add botmeta
* fix description of server_type
* fix name of maintainer
* remove choices
* fix author
* fix type hint
* fix result
* fix spaces
* fix choices and empty returns
* fix mypy test result
* fix result
* run andebox yaml-doc
* remake simple try/exc for result
* fix tests
* add any type for testing mypy
* ruff formated
* fix docs
* remove unittest.main
* rename acc on git for official name
---------
Co-authored-by: Александр Габидуллин <agabidullin@astralinux.ru>
* add missing validations-parameters as config options and add documentation for them; fixes https://github.com/ansible-collections/community.general/issues/9048
* fix parameter names
* extend unit tests
* support for camel casing for new validations and add changelog fragment
* Fix fragment format
* add 'version_added' documentation
* Update changelogs/fragments/11285-extended-keycloak-user-profile-validations.yml
mention fixed issue in fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix ruff formatting
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add monit version to successful exit
* install the standard monit - if 5.34, then bail out
* add 3sec wait after service restart
- that restart happens exactly before the task receiving the SIGTERM, so maybe, just maybe, it just needs time to get ready for the party
* wait for monit initialisation after restart
* monit tests: check service-specific status in readiness wait
The wait task was checking 'monit status' (general), but the actual
failing command is 'monit status -B httpd_echo' (service-specific).
This causes a race where general status succeeds but service queries
fail. Update to check the exact command format that will be used.
* monit tests: remove 5.34.x version restriction
The version restriction was based on incorrect diagnosis. The actual
issue was the readiness check validating general status instead of
service-specific queries. Now that we check the correct command
format, the tests should work across all monit versions.
* monit tests: add stabilization delay after readiness check
After the readiness check succeeds, add a 1-second pause before
running actual tests. Monit 5.34.x and 5.35 appear to have a
concurrency issue where rapid successive 'monit status -B' calls
can cause hangs even though the first call succeeds.
* monit tests: add retry logic for state changes to handle monit daemon hangs
Monit daemon has an intermittent concurrency bug across versions 5.27-5.35
where 'monit status -B' commands can hang (receiving SIGTERM) even after
the daemon has successfully responded to previous queries. This appears
to be a monit daemon issue, not a timing problem.
Add retry logic with 2-second delays to the state change task to work
around these intermittent hangs. Skip retries if the failure is not
SIGTERM (rc=-15) to avoid masking real errors.
* monit tests: capture and display monit.log for debugging
Add tasks in the always block to capture and display the monit log file.
This will help diagnose the intermittent hanging issues by showing what
monit daemon was doing when 'monit status -B' commands hang.
* monit tests: enable verbose logging (-v flag)
Modify the monit systemd service to start with -v flag for verbose
logging. This should provide more detailed information in the monit
log about what's happening when status commands hang.
* monit: add 0.5s delay after state change command
After extensive testing and analysis with verbose logging enabled, identified
that monit's HTTP interface can become temporarily unresponsive immediately
after processing state change commands (stop, start, restart, etc.).
This manifests as intermittent SIGTERM (rc=-15) failures when the module
calls 'monit status -B <service>' to verify the state change. The issue
affects all monit versions tested (5.27-5.35) and is intermittent, suggesting
a race condition or brief lock in monit's HTTP request handling.
Verbose logging confirmed:
- State change commands complete successfully
- HTTP server reports as 'started'
- But subsequent status checks can hang without any log entry
Adding a 0.5 second sleep after sending state change commands gives the
monit daemon time to fully process the command and become responsive again
before the first status verification check.
This complements the existing readiness check after daemon restart and
the retry logic for SIGTERM failures in the tests.
* tests(monit): remove workarounds after module race condition fix
After 10+ successful CI runs with no SIGTERM failures, removing test-level
workarounds that are now redundant due to the 0.5s delay fix in the module:
- Remove 1-second stabilization pause after daemon restart
The module's built-in 0.5s delay after state changes makes this unnecessary
- Remove retry logic for SIGTERM failures in state change tests
The race condition is now prevented at the module level
- Remove verbose logging setup and log capture
Verbose mode didn't log HTTP requests, so it didn't help diagnose the issue
and adds unnecessary overhead
Kept the readiness check with retries after daemon restart - still needed
to validate daemon is responsive after service restart (different scenario
than the state change race condition).
* restore tasks/main.yml
* monit tests: reduce readiness check retries from 60 to 10
After successful CI runs, observed that monit daemon becomes responsive
within 1-2 seconds after restart. The readiness check typically passes
on the first attempt.
Reducing from 60 retries (30s timeout) to 10 retries (5s timeout) is
more appropriate and allows tests to fail faster if something is
genuinely broken.
* add changelog frag
* Update changelogs/fragments/11255-monit-integrationtests.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
VxLan virtual devices can be added to bridge ports, like any other
devices. And when using multicast remote addresses,
NetworkManager need to know the parent device as well.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix mistaken rebase
* plugins/modules/lxd_storage_: include error codes, clean up notes
* plugins/modules/lxd_storage_: snap_url, ruff fix
* plugins/modules/lxd_storage_volume_info.py: remove checks on expected api returned bits
* plugins/modules/lxd_storage_volume_info.py: required: true
* tests/integration/targets/lxd_storage_volume_info/tasks/main.yaml: add Test fetching specific volume by name
* tests/unit/plugins/modules/test_lxd_storage_: add unit tests
* tests/integration/targets/lxd_storage_pool_info/tasks/main.yaml: add integratio tests
* tests/integration/targets/lxd_storage_: not required
* tests/integration/targets/lxd_storage_: not required perhaps, lxd_project has them
* tests/unit/plugins/modules/test_lxd_storage_volume_info.py: fix python3.8 tests
* tests/unit/plugins/modules/test_lxd_storage_pool_info.py: fix python3.8
* tests/integration/targets/lxd_storage_: correct paths for aliases
* tests/unit/plugins/modules/test_lxd_storage_volume_info.py: remove backticks
* tests/unit/plugins/modules/test_lxd_storage_volume_info.py: remove blank line
* tests/unit/plugins/modules/test_lxd_storage_: python3.8 changes
* tests/unit/plugins/modules/test_lxd_storage_: python3.8 changes
* tests/unit/plugins/lookup/test_github_app_access_token.py: restore
* tests/unit/plugins/connection/test_wsl.py: restore
* plugins/modules/lxd_storage_: use ANSIBLE_LXD_DEFAULT_SNAP_URL and put API version into const
* lxd_storage_volume_info: use recursion to gather all volume details
* tests/integration/targets/lxd_storage_volume_info/tasks/main.yaml: fix silet skipped failures
* tests/integration/targets/lxd_storage_pool_info/tasks/main.yaml: fix silet failures
* lxd_storage_pool_info: update to use recursion to gather all details in one shot
* Remove unnecessary change.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix ruff case UP031
* refactor backslashout of f-string for the sake of old Pythons
* add changelog frag
* Update plugins/modules/imc_rest.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* scaleway_user_data: fix bug and make it an f-string
* reformat
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add type hints to action and test plugins and to plugin utils. Also fix some bugs and add proper input validation.
* Combine lines.
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Extend changelog fragment.
* Move task_vars initialization up.
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* locale_gen: search for available locales in /usr/local as well
* better var name
* add test for /usr/local
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* skip /usr/local/ for Archlinux
* improve/update documentation
* add license file for the custom locale
* add changelog frag
* Update plugins/modules/locale_gen.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/11046-locale-gen-usrlocal.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
