redfish_config: fix `KeyError: 'ret'` when `SetManagerNic` cannot find a matching NIC (#12124)
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
(cherry picked from commit b799c6f579)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
portage: include msg in depclean failure fail_json (#12168)
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
(cherry picked from commit 1e3da48d70)
Co-authored-by: Yoann Gauthier-Colin <yoann@gwerlas.net>
htpasswd: fix `hash_scheme` aliases and Apache-compatible bcrypt (#12123)
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
* feat(changelog): add fragment for PR 12123
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
---------
(cherry picked from commit 49ca175f01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
parted: ignore MBR partition type codes in flags on SUSE systems (#12121)
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
---------
(cherry picked from commit 6e6199ae3d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
unixy callback: fix KeyError when task is delegated to host without ansible_host set (#12113)
* fixes issue #12112
* adjust PR ID
* adjust PR ID, mistake was made
* adjust PR ID
* I messed up all these numbers
---------
(cherry picked from commit ef5b22d18e)
Co-authored-by: Stefan Midjich <stemid@users.noreply.github.com>
Co-authored-by: Stefan Midjich <stefan@sydit.se>
nmcli: fix check/diff for bond arp_interval and arp_ip_target (#11588) (#12085)
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
(cherry picked from commit fdace38501)
Co-authored-by: Asif Draxi <47986843+AsifAd@users.noreply.github.com>
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
* Fix typing (#12078)
Fix typing.
ansible-core 2.21.0 is out and has more type definitions.
(cherry picked from commit e6ca0df592)
* Also add no-assert to 2.17 ignore file.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Fix flatpak id check (#12063)
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
* Update changelog fragment.
---------
(cherry picked from commit 3558e3c74a)
Co-authored-by: Gerben Welter <gerben@welter.nu>
Co-authored-by: Felix Fontein <felix@fontein.de>
apt_rpm: fix upgrade of local RPM not present in repository (#9161) (#12039)
(cherry picked from commit c2485ea57b)
Co-authored-by: bne1hm <67783534+bne1hm@users.noreply.github.com>
packet_project and packet_sshkey: fix broken example plays (#12055)
Fix example plays.
(cherry picked from commit a15d9a3510)
Co-authored-by: Felix Fontein <felix@fontein.de>
Remove as maintainer (#11911)
Remove ownership
I do not maintain those modules anymore since years. I think the time
has come to remove at least my name from them.
(cherry picked from commit fba7da4394)
Co-authored-by: keachi <1687482+keachi@users.noreply.github.com>
bundler: replace deprecated CLI flags with `BUNDLE_*` env vars (#12024)
* fix(bundler): replace deprecated CLI flags with BUNDLE_* env vars
Bundler 2.1 deprecated --deployment, --without, --path, --clean, and
--binstubs; Bundler 4 has removed --clean entirely. Pass these options
as BUNDLE_* environment variables instead, which have been supported
since Bundler 1.0.0 and are scoped to the process (no persistent
.bundle/config written).
Fixes#4583, fixes#11380
* fix(bundler): add changelog fragment for PR #12024
---------
(cherry picked from commit 00060263a5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
datadog_downtime: handle uuid.UUID type in API response (#12019)
* fix(datadog_downtime): convert uuid field to str for datadog-api-client>=2.28.0
* changelog: add fragment for PR 12019
---------
(cherry picked from commit 171feb5a2c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_user: update SSH keys when key material changes (#11996)
* gitlab_user: update SSH keys when key material changes
Compare SSH keys by key type and key material so comment-only differences remain idempotent while changed keys are replaced. Add unit and integration coverage for SSH key updates.
Fixes#6516
* gitlab_user: add SSH key update modes
Restore backward-compatible same-name SSH key handling by default and
add explicit update and deduplicate modes for controlled replacement
behavior.
Refs: #6516
* Apply suggestions from code review
---------
(cherry picked from commit 2cb4a5d4e7)
Co-authored-by: Fulvius <31437530+LCerebo@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
xml: fix `print_match` not populating `matches` return value (#12013)
* fix(xml): populate matches when print_match is set, fix returned doc
* test(xml): add integration tests for print_match
* changelog: add fragment for PR 12013
---------
(cherry picked from commit abef8f2aed)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
pam_limits: only create backup file when content actually changes (#12014)
* fix(pam_limits): only create backup when file is actually changed
Fixes#12011
* changelog: add fragment for PR 12014
---------
(cherry picked from commit b8659f5c61)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix gitlab_hook: add default value for releases_events parameter (#11917)
* Fix gitlab_hook: only pass releases_events to API when specified
The releases_events parameter now only gets passed to the GitLab API:
- On create: always passed (fixes 500 error when not specified)
- On update: only passed when explicitly specified by user
This avoids forcing the releases_events value during updates when not
intended by the user.
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add changelog fragment for gitlab_hook releases_events fix
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add PR link to changelog fragment
* Use .get() for safer dict access in releases_events handling
* Update plugins/modules/gitlab_hook.py
remove `.get()`
* Update plugins/modules/gitlab_hook.py
Remove the null check for `options[“releases_events”]`
---------
(cherry picked from commit 798439f1fe)
Co-authored-by: RealCharlesChia <161665317+RealCharlesChia@users.noreply.github.com>
Co-authored-by: Charles Chia <charleschia@email.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
jenkins_credential: improve example and description in documentation (#11922)
* Fixes and improvements for better undestanding of the module
- Fixed token generation syntax to use `name` instead of `id`.
- Changed `token: {{ token }}` to `token: {{ token_result.token }}` to show accessing token from the registered variable, essentially making the entire Example section a playbook capable of full execution.
- Added notes in the Example section about the intended approach for storing and accessing tokens.
- Mentioned about not using `id` for token generation in the parameter's description.
* Applying FQCN for the `ansible.builtin.copy` module
* Shortened the notes about storing and accessing Jenkins token.
* Added line breaks to reduce width of the shortened notes
- Added line breaks to reduce the width of the shortened note from commit #5bc225b.
- Numbered and indented the notes for clear distinction.
* Changed token storage example to use INI instead of CSV format
---------
(cherry picked from commit cdd0d2521e)
Co-authored-by: Sonal Karmakar <234934724+sonalkarmakar@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
filetree lookup: document RETURN value `state` (#11997)
* Clarify 'state' parameter description in filetree.py
Updated the description for the 'state' parameter to clarify entry types and their meanings.
* Apply suggestion from felixfontein related to description
---------
(cherry picked from commit 240ff65311)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
seport: fix idempotency when port is covered by an existing range (#11994)
* fix(seport): handle port overlap with existing ranges
Fixes idempotency when a requested port is already covered by an
existing range registered for the same setype/proto. Also improves
the error message when libsemanage raises FileNotFoundError on a
port overlap validation failure.
Fixes#10105
* chore(seport): add changelog fragment for #11994
---------
(cherry picked from commit a43006c7cb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ldap_attrs: fix case-insensitive attribute lookup in `state=exact` (#11990)
* fix(ldap_attrs): case-insensitive attribute lookup in _get_all_values_of
LDAP attribute names are case-insensitive (RFC 4512), but the previous
code used a case-sensitive dict lookup on the server's response. When
the server returns an attribute with different casing than requested,
the lookup returns [] causing state=exact to issue MOD_ADD instead of
MOD_REPLACE, which fails on single-valued attributes that already have
a value.
Fixes#1624
* feat(changelogs): add fragment for ldap_attrs fix#11990
---------
(cherry picked from commit 645dd2d448)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
xml: fail for non-string `value`s (#11959)
* fix(xml): coerce boolean values to string with a warning
Fixes#7171
* test(xml): add integration tests for boolean value handling
* changelog: add fragment for PR 11959
* adjustments from review
* test(xml): update boolean-value integration tests to expect failure
Now that xml fails on non-string values, replace the old success-path
tests with failure assertions and add a positive test for quoted strings.
Remove the no-longer-needed result XML fixtures.
* adjustments from review
* fix(xml): correct boolean test assertions to match actual error message format
---------
(cherry picked from commit d87a8a167f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
yarn: add Alpine Linux support in integration tests (#11943)
* test(yarn): add Alpine Linux support via apk
Install nodejs and yarn via apk on Alpine, sharing the functional
test block with the existing non-Alpine (pre-built binary) path.
Extracts the test block into tests.yml to avoid duplication.
Fixes#4270
* fix(yarn): skip Node.js runtime warnings in stderr processing
Node.js 24 emits DeprecationWarning lines to stderr (e.g. for url.parse())
that are not JSON, causing _process_yarn_error to fail with "Unexpected
stderr output from Yarn". Skip lines starting with "(node:" before
attempting JSON parsing.
* test(yarn): add changelog fragment for #11943
* fix(yarn): only JSON-parse lines starting with '{' in stderr
Node.js 24 emits multi-line DeprecationWarnings to stderr (e.g. the hint
line "(Use `node --trace-deprecation ...`") that are not JSON and were
tripping the "Unexpected stderr output from Yarn" failure. Yarn's
structured output always starts with '{', so skip any line that doesn't.
* test(yarn): install sqlite on Alpine to fix nodejs 22 symbol error
On Alpine 3.21 nodejs 22 requires SQLite session extension symbols
(sqlite3session_*) that are not present in sqlite-libs; installing
the full sqlite package provides them.
* test(yarn): refresh apk cache and upgrade sqlite-libs before installing nodejs
The CI Alpine container may have a stale sqlite-libs that lacks the
session extension symbols (sqlite3session_*) required by nodejs 22+.
Force a cache refresh and upgrade sqlite-libs to the latest revision.
* fix(yarn): warn on non-JSON stderr lines instead of silently skipping
Non-JSON lines in stderr (e.g. Node.js runtime DeprecationWarnings) are
surfaced to the user via module.warn() rather than being silently ignored,
since their content and meaning are not known in advance.
* prefix yarn output line
* Update changelogs/fragments/11943-yarn-nodejs-runtime-warnings.yml
---------
(cherry picked from commit 38d49d240e)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
cobbler_system: fix `KeyError` when adding new interface to existing system (#11995)
* fix(cobbler_system): handle missing interface device on existing system
When adding a new interface to an existing Cobbler system that does not
yet have that interface defined, the module raised a KeyError. Use .get()
with a fallback empty dict to safely handle that case. Also add a
continue after the unknown-property warning to prevent a secondary
KeyError on IFPROPS_MAPPING lookup.
Fixes: #7007
* chore(cobbler_system): add changelog fragment for #11995
---------
(cherry picked from commit 02b969ee4d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ipa_group: fix idempotency when `external: false` on existing non-external group (#11933)
* fix(ipa_group): skip group_mod when external flag matches IPA state
When external=false (the default), get_group_diff() left the external
key in the diff even though the group was already non-external, causing
a spurious group_mod call that IPA rejected with "no modifications to
be performed". The fix checks equality in both directions.
Fixes#5061
* fix(ipa_group): add changelog fragment for PR 11933
* add quoting to fragment
(cherry picked from commit c4fc0ff4e1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Improve module docs (#11981)
* Fix _facts module documentation.
* Get rid of some more 'type: complex'.
(cherry picked from commit de42aec78b)
Co-authored-by: Felix Fontein <felix@fontein.de>
odbc: fetch rows before commit to fix HY010 function sequence error (#11972)
* fix(odbc): fetch rows before committing to fix HY010 function sequence error
Fixes#5395
* chore(odbc): add changelog fragment for PR #11972
---------
(cherry picked from commit d7f248fb01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Docs: ohai examples are not YAML (#11975)
ohai examples are not YAML.
(cherry picked from commit 2e29b3204d)
Co-authored-by: Felix Fontein <felix@fontein.de>
apt_rpm: handle `update-kernel` rc=1 when no new kernel is available (#11949)
* fix(apt_rpm): do not fail when update-kernel finds no new kernel
update-kernel exits with rc=1 when the kernel is already at the latest
version. Handle this case gracefully by checking for the known
"There are no available kernels" message in stderr and returning
changed=False instead of raising an error.
Fixes#10055
* fix(apt_rpm): add changelog fragment for #11949
* Apply suggestion from review
---------
(cherry picked from commit dd5bd733fc)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
logstash_plugin: fix proxy support and improve error reporting (#11951)
* fix(logstash_plugin): use env vars for proxy, expose stderr on failure
Replace broken -DproxyHost/-DproxyPort JVM flags with http_proxy/https_proxy
environment variables, which are respected by modern Logstash bundled JDK.
Also include stderr in fail_json so the actual error output is visible.
Fixes#8650
* feat(changelog): add fragment for PR 11951
(cherry picked from commit 881f64c93b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
zypper_repository: allow `state=absent` when `.repo` URL/file is unreachable (#11947)
* fix(zypper_repository): allow state=absent when .repo URL/file is unreachable
When removing a repository by .repo URL, a download failure used to cause
an unconditional fail_json. Now, for state=absent, the module warns and
falls back to deriving the alias from the .repo filename basename.
* feat(changelog): add fragment for PR 11947
---------
(cherry picked from commit 2becfe45b5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace default favicon URL again (#11909)
* replace default favicon URL
* add changelog fragment for PR 11909
* fix syntax for change fragment
* use higher res favicon by default
---------
(cherry picked from commit d57a667274)
Co-authored-by: Lars Krahl <57526005+mmslkr@users.noreply.github.com>
Co-authored-by: Lars Krahl <lars.krahl@telekom.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
