* fix: treat chdev execution failures as module errors in aix_devices
##### SUMMARY
Fix the aix_devices module so that a failed chdev command is reported as a module failure instead of a successful result.
The previous implementation called fail_json incorrectly by returning success through the normal completion path when chdev returned a non-zero exit status. This could allow a playbook to continue even though the requested device attribute change was not applied.
This change replaces the success-style error handling with proper failure handling in the chdev execution path, making task results consistent with the actual command outcome.
##### ISSUE TYPE
- Bugfix Pull Request
##### COMPONENT NAME
aix_devices
##### ADDITIONAL INFORMATION
The affected code path is in change_device_attr() when the module executes chdev to apply attribute updates.
Before this change:
- chdev could fail
- the module could still report success
- later tasks could run against an unexpected system state
After this change:
- chdev failures are returned through fail_json
- the task stops with an error
- playbook behavior matches the real execution result
```paste below
Before:
module.exit_json(msg="Failed to run chdev.", rc=rc, err=err)
After:
module.fail_json(msg="Failed to run chdev.", rc=rc, err=err)
```
* Add changelog fragment for aix_devices chdev failure fix (#12185)
---------
Co-authored-by: Hirofumi Arimoto <harimoto@jp.ibm.com>
* opkg - path_prefix needs to be a list
path_prefix is passed to get_bin_path() which expects opt_dirs to be a list
of paths. Passing in a string instead of a list of paths results in incorrect
values being adding to the path when searching for the command to run.
* Add changelog
* filetree lookup - handle invalid exclude regex with AnsibleError Wrap re.compile() for the exclude option so invalid regular expressions produce a clear AnsibleError instead of an uncaught re.error traceback.
* add changelog fragment
* add changelog fragment
* Fix changelog fragment line endings (LF)
Co-authored-by: Cursor <cursoragent@cursor.com>
* Used AnsibleLookupError instead of AnsibleError
* Update changelogs/fragments/12140-filetree-exclude-regex-error.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Used AnsibleLookupError instead of AnsibleError
* Updated changelog format
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12123
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(consul_kv): add empty_value option for null Consul values
Add the ``empty_value`` option to the ``consul_kv`` lookup plugin, allowing
users to control what is returned when a key exists in Consul but has a
null/empty value. Defaults to ``'None'`` to preserve existing behaviour.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12120
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(consul_kv): make empty_value a choices option
Replace the free-form string empty_value with a choices option:
textual_none (default, legacy behaviour), python_none, empty_string.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs(consul_kv): use dict form for empty_value choices
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(pamd): handle non-PAM lines in authselect profile files
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(pamd): add test for authselect directive lines
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for PR 12137
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fixes issue #12112
* adjust PR ID
* adjust PR ID, mistake was made
* adjust PR ID
* I messed up all these numbers
---------
Co-authored-by: Stefan Midjich <stefan@sydit.se>
* xenserver_guest_info: add VDI uuid and vdi_type to disk info
Add uuid and vdi_type (VHD/QCOW2) fields to the disk information
returned by xenserver_guest_info module.
Fixes#11998
* changelog: add PR URL to changelog fragment
* xenserver_guest_info: add uuid and vdi_type to RETURN example output
* snap: enforce hold when installing at a specific revision
When `revision` is specified, run `snap refresh --hold` after install/refresh
to actually pin the snap and prevent automatic updates from overriding it.
Detects hold-mismatch idempotently via the Notes column of `snap list`.
Fixes#12088
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelog): add fragment for snap hold fix (#12097)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(snap): remove incorrect manual-refresh assertion from hold test
snap refresh --hold only blocks the snapd auto-refresh daemon; a manual
snap refresh bypasses the hold. Remove the block that ran snap refresh
manually and asserted the revision was unchanged.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* snap: add bare-refresh hold test and docs warning for manual refresh bypass
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Get rid of unnecessary dummy variables.
* wrap_async isn't defined if the if condition isn't true.
* _back is in module_args if and only if both starter_cmd and confirm_cmd are not None.
* Add changelog.
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
* Start opentelemetry spans on host start instead of task start
v2_playbook_on_task_start does not have the host information, so spans
would always start at the same time for every host in that task, even if
they started at different times, like when hosts > forks with strategy
host_pinned. This also hides the duration of the task for that host.
This change uses the newer v2_runner_on_start callback and adds the acutal
host start time to the span. The change is backwards compatible with ansible
versions that do not have v2_runner_on_start and makes no assumptions around
the ordering of v2_runner_on_start and v2_playbook_on_task_start.
* Add changelog fragment
* Remove redundant callback hooks
v2_runner_on_starts gets called by ansible right after the strategy has called on_task_start or on_handler_start. So there is no need to keep this code as the minimum ansible-core version is guaranteed to have this function. on_cleanup (removed around ansible-core 2.0) and on_no_hosts (removed around ansible-core 2.5) never get called.
* Fix unreachable hosts causing exceptions
If finish_task is never called for a host the result object stays None, which caused an exception in update_span_data. This was the case for unreachable hosts, as the callback plugin did not implement v2_runner_on_unreachable.
* Fix import order in test_opentelemetry
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(xml): no-op when predicated xpath finds no match instead of creating nodes
When using xpath like element[text()='old'] with value=new, a no-match due
to the predicate not being satisfied incorrectly triggered node creation,
corrupting the XML. Now treats predicate misses as a no-op.
Fixes#8730
* changelog(xml): add fragment for PR #12031
* fix(xml): remove spurious test-unset-element-value include from main.yml
That file belongs to a different branch and was accidentally dragged in
during a stash conflict resolution.
* feat(xml): add create_if_missing option to control node creation on value no-match
Instead of implicitly creating nodes when value is set and xpath finds no match,
expose create_if_missing (default true, preserving old behavior) so callers
can opt into a silent no-op with create_if_missing=false.
Fixes#8730
* feat: Custom telegram api host
* fix: default param telegram api host
* fix: default api_host for DOCUMENTATION
* fix: Documentation and example
* changelog: add bugfix fragment for telegram api_host
* fix: use [] for module.params access
* feat(snap): support snap system configuration via name=system
Treat `system` as a virtual snap that is always considered installed,
bypassing snap info lookup and install/refresh logic, while still
allowing snap set/get operations via the options parameter.
Fixes#11266
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs(snap): note version_added for system support; add changelog fragment
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* gitlab_user: update SSH keys when key material changes
Compare SSH keys by key type and key material so comment-only differences remain idempotent while changed keys are replaced. Add unit and integration coverage for SSH key updates.
Fixes#6516
* gitlab_user: add SSH key update modes
Restore backward-compatible same-name SSH key handling by default and
add explicit update and deduplicate modes for controlled replacement
behavior.
Refs: #6516
* Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* fix(bundler): replace deprecated CLI flags with BUNDLE_* env vars
Bundler 2.1 deprecated --deployment, --without, --path, --clean, and
--binstubs; Bundler 4 has removed --clean entirely. Pass these options
as BUNDLE_* environment variables instead, which have been supported
since Bundler 1.0.0 and are scoped to the process (no persistent
.bundle/config written).
Fixes#4583, fixes#11380
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(bundler): add changelog fragment for PR #12024
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(datadog_downtime): convert uuid field to str for datadog-api-client>=2.28.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12019
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(nmap inventory): add skip_host_discovery option (-Pn)
Adds skip_host_discovery option to suppress nmap's default host
discovery probes (TCP SYN to 80/443), which caused unexpected traffic
when scanning remote hosts over VPN or through firewalls.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for nmap skip_host_discovery option (#11955)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(xml): populate matches when print_match is set, fix returned doc
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(xml): add integration tests for print_match
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12013
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(pam_limits): only create backup when file is actually changed
Fixes#12011
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12014
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Fix gitlab_hook: only pass releases_events to API when specified
The releases_events parameter now only gets passed to the GitLab API:
- On create: always passed (fixes 500 error when not specified)
- On update: only passed when explicitly specified by user
This avoids forcing the releases_events value during updates when not
intended by the user.
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add changelog fragment for gitlab_hook releases_events fix
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add PR link to changelog fragment
* Use .get() for safer dict access in releases_events handling
* Update plugins/modules/gitlab_hook.py
remove `.get()`
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/gitlab_hook.py
Remove the null check for `options[“releases_events”]`
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Charles Chia <charleschia@email.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* refactor(nomad): extract common connection logic into _nomad module_utils
Fixes#7688
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 11957
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor(nomad): use direct param access instead of params.get()
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(nomad): fix mypy errors in _nomad module utils
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(iso_create): add bootable ISO support via El Torito boot_options
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelogs): add fragment for iso_create bootable ISO support #11991
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Update plugins/modules/iso_create.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add support for AddressFamily parameter in ssh_config.
* Added changelog fragment.
* Update changelog fragment with PR link placeholder
* Fixed formatting.
* Fixed format of changelog fragment.
* Add PR number to changelog fragment.
* Incorporated review findings.
* Typo fix.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Limit to allowed values.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(ldap_attrs): case-insensitive attribute lookup in _get_all_values_of
LDAP attribute names are case-insensitive (RFC 4512), but the previous
code used a case-sensitive dict lookup on the server's response. When
the server returns an attribute with different casing than requested,
the lookup returns [] causing state=exact to issue MOD_ADD instead of
MOD_REPLACE, which fails on single-valued attributes that already have
a value.
Fixes#1624
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelogs): add fragment for ldap_attrs fix#11990
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(seport): handle port overlap with existing ranges
Fixes idempotency when a requested port is already covered by an
existing range registered for the same setype/proto. Also improves
the error message when libsemanage raises FileNotFoundError on a
port overlap validation failure.
Fixes#10105
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore(seport): add changelog fragment for #11994
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(cobbler_system): handle missing interface device on existing system
When adding a new interface to an existing Cobbler system that does not
yet have that interface defined, the module raised a KeyError. Use .get()
with a fallback empty dict to safely handle that case. Also add a
continue after the unknown-property warning to prevent a secondary
KeyError on IFPROPS_MAPPING lookup.
Fixes: #7007
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore(cobbler_system): add changelog fragment for #11995
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(yarn): add Alpine Linux support via apk
Install nodejs and yarn via apk on Alpine, sharing the functional
test block with the existing non-Alpine (pre-built binary) path.
Extracts the test block into tests.yml to avoid duplication.
Fixes#4270
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(yarn): skip Node.js runtime warnings in stderr processing
Node.js 24 emits DeprecationWarning lines to stderr (e.g. for url.parse())
that are not JSON, causing _process_yarn_error to fail with "Unexpected
stderr output from Yarn". Skip lines starting with "(node:" before
attempting JSON parsing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(yarn): add changelog fragment for #11943
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(yarn): only JSON-parse lines starting with '{' in stderr
Node.js 24 emits multi-line DeprecationWarnings to stderr (e.g. the hint
line "(Use `node --trace-deprecation ...`") that are not JSON and were
tripping the "Unexpected stderr output from Yarn" failure. Yarn's
structured output always starts with '{', so skip any line that doesn't.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(yarn): install sqlite on Alpine to fix nodejs 22 symbol error
On Alpine 3.21 nodejs 22 requires SQLite session extension symbols
(sqlite3session_*) that are not present in sqlite-libs; installing
the full sqlite package provides them.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(yarn): refresh apk cache and upgrade sqlite-libs before installing nodejs
The CI Alpine container may have a stale sqlite-libs that lacks the
session extension symbols (sqlite3session_*) required by nodejs 22+.
Force a cache refresh and upgrade sqlite-libs to the latest revision.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(yarn): warn on non-JSON stderr lines instead of silently skipping
Non-JSON lines in stderr (e.g. Node.js runtime DeprecationWarnings) are
surfaced to the user via module.warn() rather than being silently ignored,
since their content and meaning are not known in advance.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* prefix yarn output line
* Update changelogs/fragments/11943-yarn-nodejs-runtime-warnings.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(xml): coerce boolean values to string with a warning
Fixes#7171
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(xml): add integration tests for boolean value handling
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 11959
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* adjustments from review
* test(xml): update boolean-value integration tests to expect failure
Now that xml fails on non-string values, replace the old success-path
tests with failure assertions and add a positive test for quoted strings.
Remove the no-longer-needed result XML fixtures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* adjustments from review
* fix(xml): correct boolean test assertions to match actual error message format
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
