snap: enforce hold when installing at a specific revision (#12097)
* snap: enforce hold when installing at a specific revision
When `revision` is specified, run `snap refresh --hold` after install/refresh
to actually pin the snap and prevent automatic updates from overriding it.
Detects hold-mismatch idempotently via the Notes column of `snap list`.
Fixes#12088
* feat(changelog): add fragment for snap hold fix (#12097)
* test(snap): remove incorrect manual-refresh assertion from hold test
snap refresh --hold only blocks the snapd auto-refresh daemon; a manual
snap refresh bypasses the hold. Remove the block that ran snap refresh
manually and asserted the revision was unchanged.
* snap: add bare-refresh hold test and docs warning for manual refresh bypass
---------
(cherry picked from commit 850ef03fe7)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
multiple: mark integration tests that run `pip install` as destructive (#12095)
test(integration): mark pip-installing tests as destructive
(cherry picked from commit b1c7700a1b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
iptables_state: clean up code (#12093)
* Get rid of unnecessary dummy variables.
* wrap_async isn't defined if the if condition isn't true.
* _back is in module_args if and only if both starter_cmd and confirm_cmd are not None.
* Add changelog.
(cherry picked from commit 1bf5e6e69a)
Co-authored-by: Felix Fontein <felix@fontein.de>
nmcli: fix check/diff for bond arp_interval and arp_ip_target (#11588) (#12085)
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
(cherry picked from commit fdace38501)
Co-authored-by: Asif Draxi <47986843+AsifAd@users.noreply.github.com>
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
Fix typing (#12078)
Fix typing.
ansible-core 2.21.0 is out and has more type definitions.
(cherry picked from commit e6ca0df592)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Start opentelemetry spans on host start instead of task start
v2_playbook_on_task_start does not have the host information, so spans
would always start at the same time for every host in that task, even if
they started at different times, like when hosts > forks with strategy
host_pinned. This also hides the duration of the task for that host.
This change uses the newer v2_runner_on_start callback and adds the acutal
host start time to the span. The change is backwards compatible with ansible
versions that do not have v2_runner_on_start and makes no assumptions around
the ordering of v2_runner_on_start and v2_playbook_on_task_start.
* Add changelog fragment
* Remove redundant callback hooks
v2_runner_on_starts gets called by ansible right after the strategy has called on_task_start or on_handler_start. So there is no need to keep this code as the minimum ansible-core version is guaranteed to have this function. on_cleanup (removed around ansible-core 2.0) and on_no_hosts (removed around ansible-core 2.5) never get called.
* Fix unreachable hosts causing exceptions
If finish_task is never called for a host the result object stays None, which caused an exception in update_span_data. This was the case for unreachable hosts, as the callback plugin did not implement v2_runner_on_unreachable.
* Fix import order in test_opentelemetry
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(xml): no-op when predicated xpath finds no match instead of creating nodes
When using xpath like element[text()='old'] with value=new, a no-match due
to the predicate not being satisfied incorrectly triggered node creation,
corrupting the XML. Now treats predicate misses as a no-op.
Fixes#8730
* changelog(xml): add fragment for PR #12031
* fix(xml): remove spurious test-unset-element-value include from main.yml
That file belongs to a different branch and was accidentally dragged in
during a stash conflict resolution.
* feat(xml): add create_if_missing option to control node creation on value no-match
Instead of implicitly creating nodes when value is set and xpath finds no match,
expose create_if_missing (default true, preserving old behavior) so callers
can opt into a silent no-op with create_if_missing=false.
Fixes#8730
* Add minimal uv_python module
uv_python module: add integration tests
* uv_python module: handle absent state
uv_python module: add integration tests
* uv_python module: restrict accepted version formats to X.Y and X.Y.Z
uv_python module: add integration tests for version format
* uv_python module: add _list_python and _get_latest_patch_release methods
* uv_python module: add support for latest state
uv_python module: add integration tests for latest state
* uv_python module: add integration tests for check mode
* uv_python module: improve latest state check mode to show version that will be installed
* uv_python module: make latest state more deterministic by using install with explicite version
* uv_python module: improve absent state check mode and add corresponding integration test
* uv_python module: update latest state handling to sort versions without relying on uv behavior
uv_python module: improve integration tests
uv_python module: improve module return values
* uv_python module: add integration test for when uv executable does not exist
uv_python module: improve exception handling
* uv_python module: add integration test for case when specified version does not exist
* uv_python module: handle case when provided python version does not exist in latest state
uv_python module: improve methods' return values and add docstrings
uv_python module: improve integration tests
* uv_python module: improve check mode for present state to fail when no patch version is available
* uv_python module: return commands' stderr and return code as a variable of stdout
* uv_python module: add python version to module return values for present state
* uv_python module: add python version to module return values for absent state
* uv_python module: add python version to module return values for latest state
uv_python module: fix integration tests
* uv_python module: add installation paths to return values for present state
* uv_python module: add installation paths to return values for absent state
* uv_python module: add installation paths to return values for latest state
* uv_python module: update present, absent and latest state to only include versions managed by uv in return values
uv_python module: improve integration tests
uv_python module: update module documentation
* uv_python module: use LooseVersion instead of StrictVersion to allow specifying threaded and major python versions
* uv_python module: fail module if used uv version is less than the minimal supported version
uv_python module: update documentation
* uv_python module: add uv command options to executed commands to disable unneeded features
* uv_python module: use packaging.version to only accept canonical python versions
uv_python module: update integration tests
uv_python module: improve error messages
* uv_python module: pin uv version used in tests
Improve module documentation
Co-authored-by: Felix Fontein <felix@fontein.de>
Add integration tests' aliases file for uv_python module
* Use StrictVersion instead of packaging Version
* make integration tests more deterministic
Update attributes field in documentation
Save uv bin path in an attribute
Add another example in documentation
Apply PR feedback and refactor code
Fix typing to be compatible with python versions <= 3.8
Update example to use quotes for major.minor example and update documentation
Update test aliases
Use documentation fragment for uv_python attributes
* Add aliases to skip running tests on freebsd and rhel
Make uv_python tests more deterministic
Clean uv_python documentation
* Handle case when version given is an empty string in uv_python module
* Apply linguistic guidelines for plugins/modules/uv_python.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Add Python version requirement in uv_python documentation
* Update tests to install uv using pip and fix some tests
Add typing to plugins/modules/uv_python.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Update plugins/modules/uv_python.py documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add task to uv_python tests to add uv installation directory to PATH
* Update uv_python to log unparsed versions in debug mode
Refactor uv_python code
Remove uv python label in .github/BOTMETA.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Add typing to plugins/modules/uv_python.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Fix uv python documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Allow testing using Python versions lower or equal to 3.8
skip running ci tests in macos
Co-authored-by: Felix Fontein <felix@fontein.de>
* Make uv version check more resilient to cli output format change in uv_python module
Improve tests/integration/targets/uv_python/tasks/main.yaml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
fix mypy union attr error
* update uv_python tests to run on rhel and freebsd
Update uv_python tests to use generic packge manager to install uv
Install uv with curl for freebsd in uv python tests
Install rust needed by uv in freebsd for uv python tests
Update up_python tests to fix uv installation path in RHEL
skip testing uv_python on freebsd as it only has tier 3 support by uv
Fix fragment name in uv_python.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update version_added in plugins/modules/uv_python.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update tests/integration/targets/uv_python/tasks/main.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Make version shown on debug message more precise in uv_python module
* Handle case when uv python returns relative paths instead of absolute in uv_python module
Add more typing to uv_python module
* uv_python module: update debug message fo unsupported versions to be more clear
---------
Co-authored-by: Mariam Ahhttouche <mariam.ahhttouche@etu.univ-grenoble-alpes.fr>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Custom telegram api host
* fix: default param telegram api host
* fix: default api_host for DOCUMENTATION
* fix: Documentation and example
* changelog: add bugfix fragment for telegram api_host
* fix: use [] for module.params access
* apk: document non-interactive mode requirement
* apk: fix file path markup in documentation
Change file path markup from E() to C() in the notes section.
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* setup_pip_path: use sysconfig to build pip scripts path generically
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* setup_pip_path: calculate PATH prepended with pip installation path
* move environment up to block
* obtain path from pip itself
* apparently the python interpreter doesnt go into ansible_facts
* rename role to setup_pip_scripts_path
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(snap): support snap system configuration via name=system
Treat `system` as a virtual snap that is always considered installed,
bypassing snap info lookup and install/refresh logic, while still
allowing snap set/get operations via the options parameter.
Fixes#11266
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs(snap): note version_added for system support; add changelog fragment
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* gitlab_user: update SSH keys when key material changes
Compare SSH keys by key type and key material so comment-only differences remain idempotent while changed keys are replaced. Add unit and integration coverage for SSH key updates.
Fixes#6516
* gitlab_user: add SSH key update modes
Restore backward-compatible same-name SSH key handling by default and
add explicit update and deduplicate modes for controlled replacement
behavior.
Refs: #6516
* Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* fix(bundler): replace deprecated CLI flags with BUNDLE_* env vars
Bundler 2.1 deprecated --deployment, --without, --path, --clean, and
--binstubs; Bundler 4 has removed --clean entirely. Pass these options
as BUNDLE_* environment variables instead, which have been supported
since Bundler 1.0.0 and are scoped to the process (no persistent
.bundle/config written).
Fixes#4583, fixes#11380
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(bundler): add changelog fragment for PR #12024
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(datadog_downtime): convert uuid field to str for datadog-api-client>=2.28.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12019
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(nmap inventory): add skip_host_discovery option (-Pn)
Adds skip_host_discovery option to suppress nmap's default host
discovery probes (TCP SYN to 80/443), which caused unexpected traffic
when scanning remote hosts over VPN or through firewalls.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for nmap skip_host_discovery option (#11955)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(xml): populate matches when print_match is set, fix returned doc
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(xml): add integration tests for print_match
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12013
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(pam_limits): only create backup when file is actually changed
Fixes#12011
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12014
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Fix gitlab_hook: only pass releases_events to API when specified
The releases_events parameter now only gets passed to the GitLab API:
- On create: always passed (fixes 500 error when not specified)
- On update: only passed when explicitly specified by user
This avoids forcing the releases_events value during updates when not
intended by the user.
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add changelog fragment for gitlab_hook releases_events fix
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add PR link to changelog fragment
* Use .get() for safer dict access in releases_events handling
* Update plugins/modules/gitlab_hook.py
remove `.get()`
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/gitlab_hook.py
Remove the null check for `options[“releases_events”]`
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Charles Chia <charleschia@email.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fixes and improvements for better undestanding of the module
- Fixed token generation syntax to use `name` instead of `id`.
- Changed `token: {{ token }}` to `token: {{ token_result.token }}` to show accessing token from the registered variable, essentially making the entire Example section a playbook capable of full execution.
- Added notes in the Example section about the intended approach for storing and accessing tokens.
- Mentioned about not using `id` for token generation in the parameter's description.
* Applying FQCN for the `ansible.builtin.copy` module
Co-authored-by: Felix Fontein <felix@fontein.de>
* Shortened the notes about storing and accessing Jenkins token.
* Added line breaks to reduce width of the shortened notes
- Added line breaks to reduce the width of the shortened note from commit #5bc225b.
- Numbered and indented the notes for clear distinction.
* Changed token storage example to use INI instead of CSV format
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* refactor(nomad): extract common connection logic into _nomad module_utils
Fixes#7688
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 11957
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor(nomad): use direct param access instead of params.get()
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(nomad): fix mypy errors in _nomad module utils
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(iso_create): add bootable ISO support via El Torito boot_options
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelogs): add fragment for iso_create bootable ISO support #11991
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Update plugins/modules/iso_create.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Clarify 'state' parameter description in filetree.py
Updated the description for the 'state' parameter to clarify entry types and their meanings.
* Apply suggestion from felixfontein related to description
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
