* merge_variables: extended merge capabilities added
This extension gives you more control over the variable merging process of the lookup plugin `merge_variables`. It closes the gap between Puppet's Hiera merging capabilities and the limitations of Ansible's default variable plugin `host_group_vars` regarding fragment-based value definition. You can now decide which merge strategy should be applied to dicts, lists, and other types. Furthermore, you can specify a merge strategy that should be applied in case of type conflicts.
The default behavior of the plugin has been preserved so that it is fully backward-compatible with the already implemented state.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update changelogs/fragments/11536-merge-variables-extended-merging-capabilities.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Periods added at the end of each choice description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* ref: follow project standard for choice descriptions
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: more examples added and refactoring
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: some more comments to examples added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* fix: unused import removed
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: re-add "merge" to strategy map
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update comments
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Specification of transformations solely as string
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Comments updated
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: `append_rp` and `prepend_rp` removed
feat: options dict for list transformations re-added
feat: allow setting `keep` for dedup transformation with possible values: `first` (default) and `last`
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: improve options documentation
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: documentation improved, avoiding words like newer or older in merge description
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/lookup/merge_variables.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: "prio" replaced by "dict"
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* feat: two integration tests added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
---------
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* github_secrets_info: new module
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* clean tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove pynacl dep
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* fqcn
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove excess output
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* just return result as sample
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* only print secrets, adapt tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* t is for typing, and typing is what we did
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* add info_module attributes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---------
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* add support for managing GitHub secrets
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* fix tab
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update for sanity
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* more sanity fixes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update botmeta
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* formating
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove list function
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove docstring, format text strings and return codes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* switch to deps
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* black and ruff doesnt get along
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* initial unit tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update non-existing secret test
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* update description and details
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* handle when a secret cant be deleted
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* fail if not acceptable error codes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* add test for non-acceptable status codes
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* remove local ruff config
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* allow empty strings
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* set required_
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* extend tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* cleanup
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* cover all, got a git urlopen error
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* cover all, got a git urlopen error
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* ensure value cant be None
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* check_mode
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* bump to 12.5.0
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* extend check_mode and related tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* split constants and return dict when checking secret
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* switch to HTTPStatus
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* replace DELETE and UPDATE with NO_CONTENT
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* update tests
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/github_secrets.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* add module logrotate
* add values for start
* fix docs
* version 12.5.0 and fix test
---------
Co-authored-by: Александр Габидуллин <agabidullin@astralinux.ru>
Allowing the domain suffix to be appended independent of the `host_fqdn`
setting enables the inventory plugin to construct proper FQDNs if a
network has the `dns.domain` property set. Otherwise you would always
end up with something like `host01.project.local.example.net` despite
`host01.example.net` being the expected result.
* adds parameter delimiters to from_ini filter
fixes issue #11506
* adds changelog fragment
* fixes pylint dangerous-default-value / W0102
* does not assume default delimiters
let that be decided in the super class
* Update plugins/filter/from_ini.py
verbose description
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/11512-from_ini-delimiters.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* adds input validation
* adss check for delimiters not None
* adds missing import
* removes the negation
* adds suggestions from russoz
* adds ruff format suggestion
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Icinga 2 downtime module added allowing to schedule and remove downtimes through its REST API.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ensure compatibility with ModuleTestCase
feat: errors raised from MH now contain the changed flag
ref: move module exit out of the decorated run method
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* revised module
ref: module refactored using StateModuleHelper now
ref: suggested changes by reviewer added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* revert change regarding changed flag in MH
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* refactoring and set changed flag explicitly on error
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Check whether there was a state change on module failure removed.
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: test cases migrated to the new feature that allows passing through exceptions
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/module_utils/icinga2.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/icinga2.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: make module helper private
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* fix: ensure that all non-null values are added to the request otherwise a `false` value is dropped
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: module description extended with the note that check mode is not supported
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: documentation updated
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: documentation updated
ref: doc fragment added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/doc_fragments/icinga2_api.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* ref: doc fragment renamed to `_icinga2_api.py`
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* ref: maintainer to doc fragment in BOTMETA.yml added
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update plugins/modules/icinga2_downtime.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Signed-off-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Fiehe Christoph <c.fiehe@eurodata.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add Azure Log Analytics Ingestion API plugin
The Ingestion API allows sending data to a Log Analytics workspace in
Azure Monitor.
* Fix LogAnalytics Ingestion shebang
* Fix Log Analytics Ingestion pep8 tests
* Fix Log Analytics Ingestion pylint tests
* Fix Log Analytics Ingestion import tests
* Fix Log Analytics Ingestion pylint test
* Add Log Analytics Ingestion auth timeout
Previous behavior was to use the 'request' module's default timeout;
this makes auth timeout value consistent with the task submission
timeout value.
* Display Log Analytics Ingestion event data as JSON
Previous behavior was to display the data as a Python dictionary.
The new behavior makes it easier to generate a sample JSON file in order
to import into Azure when creating the table.
* Add Azure Log Analytics Ingestion timeout param
This parameter controls how long the plugin will wait for an HTTP response
from the Azure Log Analytics API before considering the request a failure.
Previous behavior was hardcoded to 2 seconds.
* Fix Azure Log Ingestion unit test
The class instantiation was missing an additional argument that was added
in a previous patch; add it. Converting to JSON also caused the Mock
TaskResult object to throw a serialization error; override the function
for JSON conversion to just return bogus data instead.
* Fix loganalytics_ingestion linter errors
* Fix LogAnalytics Ingestion env vars
Prefix the LogAnalytics Ingestion plugin's environment variable names
with 'ANSIBLE_' in order to align with plugin best practices.
* Remove LogAnalytics 'requests' dep from docs
The LogAnalytics callback plugin does not actually require 'requests',
so remove it from the documented dependencies.
* Refactor LogAnalytics Ingestion to use URL utils
This replaces the previous behavior of depending on the external
'requests' library.
* Simplify LogAnalytics Ingestion token valid check
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove LogAnalytics Ingestion extra arg validation
Argument validation should be handled by ansible-core, so remove the
extra argument validation in the plugin itself.
* Update LogAnalytics Ingestion version added
* Remove LogAnalytics Ingestion coding marker
The marker is no longer needed as Python2 is no longer supported.
* Fix some LogAnalytics Ingestion grammar errors
* Refactor LogAnalytics Ingestion plugin messages
Consistently use "plugin" instead of module, and refer to the module by
its FQCN instead of its prose name.
* Remove LogAnalytics Ingestion extra logic
A few unused vars were being set; stop setting them.
* Fix LogAnalytics Ingestion nox sanity tests
* Fix LogAnalytics Ingestion unit tests
The refactor to move away from the 'requests' dependency to use
module_utils broke the plugin's unit tests; re-write the plugin's unit
tests for module_utils.
* Add nox formatting to LogAnalytics Ingestion
* Fix Log Analytics Ingestion urllib import
Remove the compatibility import via 'six' for 'urllib' since Python 2
support is no longer supported.
* Bump LogAnalytics Ingestion plugin version added
* Remove LogAnalytics Ingestion required: false docs
Required being false is the default, so no need to explicitly add it.
* Simplify LogAnalytics Ingestion role name logic
* Clean LogAnalytics Ingestion redundant comments
* Clean LogAnalytics Ingestion unit test code
Rename all Mock objects to use snake_case and consistently use '_mock'
as a suffix instead of sometimes using it as a prefix and sometimes
using it as a suffix.
* Refactor LogAnalytics Ingestion unit tests
Move all of the tests outside of the 'setUp' method.
* Refactor LogAnalytics Ingestion test
Add a test to validate that part of the contents sent match what was
supposed to be sent.
* Refactor LogAnalytics Ingestion test
Make the names consistent again.
* Add LogAnalytics Ingestion sample data docs
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(keycloak_user_rolemapping): handle None response for client role lookup
When adding a client role to a user who has no existing roles for that
client, get_client_user_rolemapping_by_id() returns None. The existing
code indexed directly into the result causing a TypeError. Add the same
None check that already existed for realm roles since PR #11256.
Fixes#10960
* fix(tests): use dict format for task vars in keycloak_user_rolemapping tests
Task-level vars requires a YAML mapping, not a sequence. The leading
dash (- roles:) produced a list instead of a dict, which ansible-core
2.20 rejects with "Vars in a Task must be specified as a dictionary".
* Update changelogs/fragments/keycloak-user-rolemapping-client-none-check.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(keycloak_realm_key): add support for auto-generated key providers
Add support for Keycloak's auto-generated key providers where Keycloak
manages the key material automatically:
- rsa-generated: Auto-generates RSA signing keys
- hmac-generated: Auto-generates HMAC signing keys
- aes-generated: Auto-generates AES encryption keys
- ecdsa-generated: Auto-generates ECDSA signing keys
New algorithms:
- HMAC: HS256, HS384, HS512
- ECDSA: ES256, ES384, ES512
- AES: AES (no algorithm parameter needed)
New config options:
- secret_size: For HMAC/AES providers (key size in bytes)
- key_size: For RSA-generated provider (key size in bits)
- elliptic_curve: For ECDSA-generated provider (P-256, P-384, P-521)
Changes:
- Make private_key/certificate optional (only required for rsa/rsa-enc)
- Add provider-algorithm validation with clear error messages
- Fix KeyError when managing default realm keys (issue #11459)
- Maintain backward compatibility: RS256 default works for rsa/rsa-generated
Fixes: #11459
* fix: address sanity test failures
- Add 'default: RS256' to algorithm documentation to match spec
- Add no_log=True to secret_size parameter per sanity check
* feat(keycloak_realm_key): extend support for all Keycloak key providers
Add support for remaining auto-generated key providers:
- rsa-enc-generated (RSA encryption keys with RSA1_5, RSA-OAEP, RSA-OAEP-256)
- ecdh-generated (ECDH key exchange with ECDH_ES, ECDH_ES_A128KW/A192KW/A256KW)
- eddsa-generated (EdDSA signing with Ed25519, Ed448 curves)
Changes:
- Add provider-specific elliptic curve config key mapping
(ecdsaEllipticCurveKey, ecdhEllipticCurveKey, eddsaEllipticCurveKey)
- Add PROVIDERS_WITHOUT_ALGORITHM constant for providers that don't need algorithm
- Add elliptic curve validation per provider type
- Update documentation with all supported algorithms and examples
- Add comprehensive integration tests for all new providers
This completes full coverage of all Keycloak key provider types.
* style: apply ruff formatting
* feat(keycloak_realm_key): add java-keystore provider and update_password
Add support for java-keystore provider to import keys from Java
Keystore (JKS or PKCS12) files on the Keycloak server filesystem.
Add update_password parameter to control password handling for
java-keystore provider:
- always (default): Always send passwords to Keycloak
- on_create: Only send passwords when creating, preserve existing
passwords when updating (enables idempotent playbooks)
The on_create mode sends the masked value ("**********") that Keycloak
recognizes as "preserve existing password", matching the behavior when
re-importing an exported realm.
Replace password_checksum with update_password - the checksum approach
was complex and error-prone. The update_password parameter is simpler
and follows the pattern used by ansible.builtin.user module.
Also adds key_info return value containing kid, certificate fingerprint,
status, and expiration for java-keystore keys.
* address PR review feedback
- Remove no_log=True from secret_size (just an int, not sensitive)
- Add version_added: 12.4.0 to new parameters and return values
- Remove "Added in community.general 12.4.0" from description text
- Consolidate changelog entries into 4 focused entries
- Remove bugfix from changelog (now in separate PR #11470)
* address review feedback from russoz and felixfontein
- remove docstrings from module-local helpers
- remove line-by-line comments and unnecessary null guard
- use specific exceptions instead of bare except Exception
- use module.params["key"] instead of .get("key")
- consolidate changelog into single entry
- avoid "complete set" claim, reference Keycloak 26 instead
* address round 2 review feedback
- Extract remove_sensitive_config_keys() helper (DRY refactor)
- Simplify RS256 validation to single code path
- Add TypeError to inner except in compute_certificate_fingerprint()
- Remove redundant comments (L812, L1031)
- Switch .get() to direct dict access for module.params
* add support for management of keycloak localizations
* unit test for keycloak localization support
* keycloak_realm_localization botmeta record
* rev: improvements after code review
