CHANGELOG.rst

Community General Release Notes

Topics

• v7.5.8
  • Release Summary
  • Minor Changes
  • Security Fixes
  • Bugfixes
• v7.5.7
  • Release Summary
  • Bugfixes
• v7.5.6
  • Release Summary
  • Security Fixes
  • Bugfixes
• v7.5.5
  • Release Summary
  • Bugfixes
• v7.5.4
  • Release Summary
  • Bugfixes
• v7.5.3
  • Release Summary
  • Bugfixes
• v7.5.2
  • Release Summary
  • Minor Changes
  • Bugfixes
• v7.5.1
  • Release Summary
  • Bugfixes
• v7.5.0
  • Release Summary
  • Minor Changes
  • Deprecated Features
  • Bugfixes
  • New Modules
• v7.4.0
  • Release Summary
  • Minor Changes
  • Bugfixes
  • New Modules
• v7.3.0
  • Release Summary
  • Minor Changes
  • Deprecated Features
  • Bugfixes
• v7.2.1
  • Release Summary
  • Bugfixes
• v7.2.0
  • Release Summary
  • Minor Changes
  • Deprecated Features
  • Bugfixes
  • New Plugins
    • Lookup
  • New Modules
• v7.1.0
  • Release Summary
  • Minor Changes
  • Deprecated Features
  • Bugfixes
  • Known Issues
  • New Modules
• v7.0.1
  • Release Summary
  • Bugfixes
• v7.0.0
  • Release Summary
  • Minor Changes
  • Breaking Changes / Porting Guide
  • Deprecated Features
  • Removed Features (previously deprecated)
  • Bugfixes
  • New Plugins
    • Lookup
  • New Modules

This changelog describes changes after version 6.0.0.

v7.5.8

Release Summary

Regular bugfix release.

Note that this is the last regular bugfix release. From now on, the 7.x.y release train will only receive major and security bugfixes.

Minor Changes

• gitlab_deploy_key, gitlab_group_members, gitlab_group_variable, gitlab_hook, gitlab_instance_variable, gitlab_project_badge, gitlab_project_variable, gitlab_user - improve API pagination and compatibility with different versions of python-gitlab (#7790).

Security Fixes

• keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values proposed, existing, and end_state, as well as the diff, did contain the client secret unmasked (#8355).

Bugfixes

• gitlab_runner - fix pagination when checking for existing runners (#7790).
• keycloak_user_federation - fix diff of empty krbPrincipalAttribute (#8320).
• opentelemetry callback plugin - close spans always (#8367).
• opentelemetry callback plugin - honour the disable_logs option to avoid storing task results since they are not used regardless (#8373).

v7.5.7

Release Summary

Regular bugfix release.

Bugfixes

• aix_filesystem - fix _validate_vg not passing VG name to lsvg_cmd (#8151).
• apt_rpm - when checking whether packages were installed after running apt-get -y install <packages>, only the last package name was checked (#8263).
• bitwarden_secrets_manager lookup plugin - implements retry with exponential backoff to avoid lookup errors when Bitwardn's API rate limiting is encountered (#8230, #8238).
• haproxy - fix an issue where HAProxy could get stuck in DRAIN mode when the backend was unreachable (#8092).
• inventory plugins - add unsafe wrapper to avoid marking strings that do not contain { or } as unsafe, to work around a bug in AWX ((#8212, #8225).
• ipa - fix get version regex in IPA module_utils (#8175).
• keycloak_client - add sorted defaultClientScopes and optionalClientScopes to normalizations (#8223).
• keycloak_realm - add normalizations for enabledEventTypes and supportedLocales (#8224).
• puppet - add option environment_lang to set the environment language encoding. Defaults to lang C. It is recommended to set it to C.UTF-8 or en_US.UTF-8 depending on what is available on your system. (#8000)
• riak - support riak admin sub-command in newer Riak KV versions beside the legacy riak-admin main command (#8211).
• xml - make module work with lxml 5.1.1, which removed some internals that the module was relying on (#8169).

v7.5.6

Release Summary

Regular bugfix release with security fixes.

Security Fixes

• cobbler, gitlab_runners, icinga2, linode, lxd, nmap, online, opennebula, proxmox, scaleway, stackpath_compute, virtualbox, and xen_orchestra inventory plugin - make sure all data received from the remote servers is marked as unsafe, so remote code execution by obtaining texts that can be evaluated as templates is not possible (https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/, #8098).

Bugfixes

• aix_filesystem - fix issue with empty list items in crfs logic and option order (#8052).
• homebrew - error returned from brew command was ignored and tried to parse empty JSON. Fix now checks for an error and raises it to give accurate error message to users (#8047).
• ipa_hbacrule - the module uses a string for ipaenabledflag for new FreeIPA versions while the returned value is a boolean (#7880).
• ipa_sudorule - the module uses a string for ipaenabledflag for new FreeIPA versions while the returned value is a boolean (#7880).
• iptables_state - fix idempotency issues when restoring incomplete iptables dumps (#8029).
• linode inventory plugin - add descriptive error message for linode inventory plugin (#8133).
• pacemaker_cluster - actually implement check mode, which the module claims to support. This means that until now the module also did changes in check mode (#8081).
• pam_limits - when the file does not exist, do not create it in check mode (#8050, #8057).
• proxmox_kvm - fixed status check getting from node-specific API endpoint (#7817).

v7.5.5

Release Summary

Regular bugfix release.

Bugfixes

• cargo - fix idempotency issues when using a custom installation path for packages (using the --path parameter). The initial installation runs fine, but subsequent runs use the get_installed() function which did not check the given installation location, before running cargo install. This resulted in a false changed state. Also the removal of packeges using state: absent failed, as the installation check did not use the given parameter (#7970).
• keycloak_client - fixes issue when metadata is provided in desired state when task is in check mode (#1226, #7881).
• modprobe - listing modules files or modprobe files could trigger a FileNotFoundError if /etc/modprobe.d or /etc/modules-load.d did not exist. Relevant functions now return empty lists if the directories do not exist to avoid crashing the module (#7717).
• onepassword lookup plugin - failed for fields that were in sections and had uppercase letters in the label/ID. Field lookups are now case insensitive in all cases (#7919).
• pkgin - pkgin (pkgsrc package manager used by SmartOS) raises erratic exceptions and spurious changed=true (#7971).
• redfish_info - allow for a GET operation invoked by GetUpdateStatus to allow for an empty response body for cases where a service returns 204 No Content (#8003).
• redfish_info - correct uncaught exception when attempting to retrieve Chassis information (#7952).

v7.5.4

Release Summary

Regular bugfix release.

Bugfixes

• homebrew - detect already installed formulae and casks using JSON output from brew info (#864).
• ipa_otptoken - the module expect ipatokendisabled as string but the ipatokendisabled value is returned as a boolean (#7795).
• ldap - previously the order number (if present) was expected to follow an equals sign in the DN. This makes it so the order number string is identified correctly anywhere within the DN (#7646).
• mssql_script - make the module work with Python 2 (#7818, #7821).
• nmcli - fix connection.slave-type wired to bond and not with parameter slave_type in case of connection type wifi (#7389).

v7.5.3

Release Summary

Regular bugfix release.

Bugfixes

• keycloak_identity_provider - mappers processing was not idempotent if the mappers configuration list had not been sorted by name (in ascending order). Fix resolves the issue by sorting mappers in the desired state using the same key which is used for obtaining existing state (#7418).
• keycloak_identity_provider - it was not possible to reconfigure (add, remove) mappers once they were created initially. Removal was ignored, adding new ones resulted in dropping the pre-existing unmodified mappers. Fix resolves the issue by supplying correct input to the internal update call (#7418).
• keycloak_user - when force is set, but user does not exist, do not try to delete it (#7696).
• statusio_maintenance - fix error caused by incorrectly formed API data payload. Was raising "Failed to create maintenance HTTP Error 400 Bad Request" caused by bad data type for date/time and deprecated dict keys (#7754).

v7.5.2

Release Summary

Regular bugfix release.

Minor Changes

• elastic callback plugin - close elastic client to not leak resources (#7517).

Bugfixes

• cloudflare_dns - fix Cloudflare lookup of SHFP records (#7652).
• interface_files - also consider address_family when changing option=method (#7610, #7612).
• irc - replace ssl.wrap_socket that was removed from Python 3.12 with code for creating a proper SSL context (#7542).
• keycloak_* - fix Keycloak API client to quote / properly (#7641).
• keycloak_authz_permission - resource payload variable for scope-based permission was constructed as a string, when it needs to be a list, even for a single item (#7151).
• log_entries callback plugin - replace ssl.wrap_socket that was removed from Python 3.12 with code for creating a proper SSL context (#7542).
• lvol - test for output messages in both stdout and stderr (#7601, #7182).
• ocapi_utils, oci_utils, redfish_utils module utils - replace type() calls with isinstance() calls (#7501).
• onepassword lookup plugin - field and section titles are now case insensitive when using op CLI version two or later. This matches the behavior of version one (#7564).
• pipx module utils - change the CLI argument formatter for the pip_args parameter (#7497, #7506).
• redhat_subscription - use the D-Bus registration on RHEL 7 only on 7.4 and greater; older versions of RHEL 7 do not have it (#7622, #7624).
• terraform - fix multiline string handling in complex variables (#7535).

v7.5.1

Release Summary

Regular bugfix release.

Bugfixes

• composer - fix impossible to run working_dir dependent commands. The module was throwing an error when trying to run a working_dir dependent command, because it tried to get the command help without passing the working_dir (#3787).
• github_deploy_key - fix pagination behaviour causing a crash when only a single page of deploy keys exist (#7375).
• gitlab_group_members - fix gitlab constants call in gitlab_group_members module (#7467).
• gitlab_project_members - fix gitlab constants call in gitlab_project_members module (#7467).
• gitlab_protected_branches - fix gitlab constants call in gitlab_protected_branches module (#7467).
• gitlab_user - fix gitlab constants call in gitlab_user module (#7467).
• kernel_blacklist - simplified the mechanism to update the file, fixing the error (#7382, #7362).
• memset module utils - make compatible with ansible-core 2.17 (#7379).
• proxmox_pool_member - absent state for type VM did not delete VMs from the pools (#7464).
• redfish_command - fix usage of message parsing in SimpleUpdate and MultipartHTTPPushUpdate commands to treat the lack of a MessageId as no message (#7465, #7471).
• redhat_subscription - use the right D-Bus options for the consumer type when registering a RHEL system older than 9 or a RHEL 9 system older than 9.2 and using consumer_type (#7378).
• selective callback plugin - fix length of task name lines in output always being 3 characters longer than desired (#7374).

v7.5.0

Release Summary

Regular bugfix and feature release.

Please note that this is the last minor 7.x.0 release. Further releases with major version 7 will be bugfix releases 7.5.y.

Minor Changes

• cargo - add option executable, which allows user to specify path to the cargo binary (#7352).
• cargo - add option locked which allows user to specify install the locked version of dependency instead of latest compatible version (#6134).
• dig lookup plugin - add TCP option to enable the use of TCP connection during DNS lookup (#7343).
• gitlab_group - add option force_delete (default: false) which allows delete group even if projects exists in it (#7364).
• ini_file - add ignore_spaces option (#7273).
• newrelic_deployment - add option app_name_exact_match, which filters results for the exact app_name provided (#7355).
• onepassword lookup plugin - introduce account_id option which allows specifying which account to use (#7308).
• onepassword_raw lookup plugin - introduce account_id option which allows specifying which account to use (#7308).
• parted - on resize, use --fix option if available (#7304).
• pnpm - set correct version when state is latest or version is not mentioned. Resolves previous idempotency problem (#7339).
• proxmox - add vmid (and taskid when possible) to return values (#7263).
• random_string - added new ignore_similar_chars and similar_chars option to ignore certain chars (#7242).
• redfish_command - add new option update_oem_params for the MultipartHTTPPushUpdate command (#7331).
• redfish_config - add CreateVolume command to allow creation of volumes on servers (#6813).
• redfish_config - adding SetSecureBoot command (#7129).
• redfish_info - add support for GetBiosRegistries command (#7144).
• redfish_info - adds LinkStatus to NIC inventory (#7318).
• redis_info - refactor the redis_info module to use the redis module_utils enabling to pass TLS parameters to the Redis client (#7267).
• supervisorctl - allow to stop matching running processes before removing them with stop_before_removing=true (#7284).

Deprecated Features

• The next major release, community.general 8.0.0, will drop support for ansible-core 2.11 and 2.12, which have been End of Life for some time now. This means that this collection no longer supports Python 2.6 on the target. Individual content might still work with unsupported ansible-core versions, but that can change at any time. Also please note that from now on, for every new major community.general release, we will drop support for all ansible-core versions that have been End of Life for more than a few weeks on the date of the major release (ansible-community/community-topics#271, #7259).
• redfish_info, redfish_config, redfish_command - the default value 10 for the timeout option is deprecated and will change to 60 in community.general 9.0.0 (#7295).

Bugfixes

• gitlab_group_variable - deleted all variables when used with purge=true due to missing raw property in KNOWN attributes (#7250).
• gitlab_project_variable - deleted all variables when used with purge=true due to missing raw property in KNOWN attributes (#7250).
• ldap_search - fix string normalization and the base64_attributes option on Python 3 (#5704, #7264).
• lxc connection plugin - properly evaluate options (#7369).
• mail - skip headers containing equals characters due to missing maxsplit on header key/value parsing (#7303).
• nmap inventory plugin - fix get_option calls (#7323).
• onepassword - fix KeyError exception when trying to access value of a field that is not filled out in OnePassword item (#7241).
• snap - change the change detection mechanism from "parsing installation" to "comparing end state with initial state" (#7340, #7265).
• terraform - prevents -backend-config option double encapsulating with shlex_quote function. (#7301).

New Modules

• community.general.consul_role - Manipulate Consul roles
• community.general.gio_mime - Set default handler for MIME type, for applications using Gnome GIO
• community.general.keycloak_authz_custom_policy - Allows administration of Keycloak client custom Javascript policies via Keycloak API
• community.general.keycloak_realm_key - Allows administration of Keycloak realm keys via Keycloak API
• community.general.simpleinit_msb - Manage services on Source Mage GNU/Linux

v7.4.0

Release Summary

Bugfix and feature release.

Minor Changes

• cobbler inventory plugin - add exclude_mgmt_classes and include_mgmt_classes options to exclude or include hosts based on management classes (#7184).
• cpanm - minor refactor when creating the CmdRunner object (#7231).
• gitlab_group_variable - add support for raw variables suboption (#7132).
• gitlab_project_variable - add support for raw variables suboption (#7132).
• jenkins_build - add new detach option, which allows the module to exit successfully as long as the build is created (default functionality is still waiting for the build to end before exiting) (#7204).
• jenkins_build - add new time_between_checks option, which allows to configure the wait time between requests to the Jenkins server (#7204).
• make - allows params to be used without value (#7180).
• nmap inventory plugin - now has a use_arp_ping option to allow the user to disable the default ARP ping query for a more reliable form (#7119).
• pagerduty - adds in option to use v2 API for creating pagerduty incidents (#6151)
• pritunl module utils - ensure validate_certs parameter is honoured in all methods (#7156).
• redfish_info - report Id in the output of GetManagerInventory (#7140).
• redfish_utils module utils - support Volumes in response for GetDiskInventory (#6819).
• unixy callback plugin - add support for check_mode_markers option (#7179).

Bugfixes

• CmdRunner module utils - does not attempt to resolve path if executable is a relative or absolute path (#7200).
• nmap inventory plugin - now uses get_option in all cases to get its configuration information (#7119).
• nsupdate - fix a possible list index out of range exception (#836).
• oci_utils module util - fix inappropriate logical comparison expressions and makes them simpler. The previous checks had logical short circuits (#7125).
• pritunl module utils - fix incorrect URL parameter for orgnization add method (#7161).
• snap - an exception was being raised when snap list was empty (#7124, #7120).

New Modules

• community.general.jenkins_build_info - Get information about Jenkins builds
• community.general.pnpm - Manage node.js packages with pnpm

v7.3.0

Release Summary

Feature and bugfix release.

Minor Changes

• chroot connection plugin - add disable_root_check option (#7099).
• ejabberd_user - module now using CmdRunner to execute external command (#7075).
• ipa_config - add module parameters to manage FreeIPA user and group objectclasses (#7019).
• ipa_config - adds idp choice to ipauserauthtype parameter's choices (#7051).
• npm - module now using CmdRunner to execute external commands (#6989).
• proxmox_kvm - enabled force restart of VM, bringing the force parameter functionality in line with what is described in the docs (#6914).
• proxmox_vm_info - node parameter is no longer required. Information can be obtained for the whole cluster (#6976).
• proxmox_vm_info - non-existing provided by name/vmid VM would return empty results instead of failing (#7049).
• redfish_config - add DeleteAllVolumes command to allow deletion of all volumes on servers (#6814).
• redfish_utils - use Controllers key in redfish data to obtain Storage controllers properties (#7081).
• redfish_utils module utils - add support for PowerCycle reset type for redfish_command responses feature (#7083).
• redfish_utils module utils - add support for following @odata.nextLink pagination in software_inventory responses feature (#7020).
• shutdown - use shutdown -p ... with FreeBSD to halt and power off machine (#7102).
• sorcery - add grimoire (repository) management support (#7012).

Deprecated Features

• ejabberd_user - deprecate the parameter logging in favour of producing more detailed information in the module output (#7043).

Bugfixes

• bitwarden lookup plugin - the plugin made assumptions about the structure of a Bitwarden JSON object which may have been broken by an update in the Bitwarden API. Remove assumptions, and allow queries for general fields such as notes (#7061).
• ejabberd_user - module was failing to detect whether user was already created and/or password was changed (#7033).
• keycloak module util - fix missing http_agent, timeout, and validate_certs open_url() parameters (#7067).
• keycloak_client inventory plugin - fix missing client secret (#6931).
• lvol - add support for percentage of origin size specification when creating snapshot volumes (#1630, #7053).
• lxc connection plugin - now handles remote_addr defaulting to inventory_hostname correctly (#7104).
• oci_utils module utils - avoid direct type comparisons (#7085).
• proxmox_user_info - avoid direct type comparisons (#7085).
• snap - fix crash when multiple snaps are specified and one has --- in its description (#7046).
• sorcery - fix interruption of the multi-stage process (#7012).
• sorcery - fix queue generation before the whole system rebuild (#7012).
• sorcery - latest state no longer triggers update_cache (#7012).

v7.2.1

Release Summary

Bugfix release.

Bugfixes

• cmd_runner module utils - when a parameter in argument_spec has no type, meaning it is implicitly a str, CmdRunner would fail trying to find the type key in that dictionary (#6968).
• ejabberd_user - provide meaningful error message when the ejabberdctl command is not found (#7028, #6949).
• proxmox module utils - fix proxmoxer library version check (#6974, #6975, #6980).
• proxmox_kvm - when name option is provided without vmid and VM with that name already exists then no new VM will be created (#6911, #6981).
• rundeck - fix TypeError on 404 API response (#6983).

v7.2.0

Release Summary

Regular bugfix and feature release.

Minor Changes

• cobbler inventory plugin - convert Ansible unicode strings to native Python unicode strings before passing user/password to XMLRPC client (#6923).
• consul_session - drops requirement for the python-consul library to communicate with the Consul API, instead relying on the existing requests library requirement (#6755).
• gitlab_project_variable - minor refactor removing unnecessary code statements (#6928).
• gitlab_runner - minor refactor removing unnecessary code statements (#6927).
• htpasswd - the parameter crypt_scheme is being renamed as hash_scheme and added as an alias to it (#6841).
• keycloak_authentication - added provider ID choices, since Keycloak supports only those two specific ones (#6763).
• keyring - minor refactor removing unnecessary code statements (#6927).
• locale_gen - module has been refactored to use ModuleHelper and CmdRunner (#6903).
• locale_gen - module now using CmdRunner to execute external commands (#6820).
• make - add new targets parameter allowing multiple targets to be used with make (#6882, #4919).
• nmcli - add support for ipv4.dns-options and ipv6.dns-options (#6902).
• npm - minor improvement on parameter validation (#6848).
• opkg - add executable parameter allowing to specify the path of the opkg command (#6862).
• pubnub_blocks - minor refactor removing unnecessary code statements (#6928).
• redfish_command - add account_types and oem_account_types as optional inputs to AddUser (#6823, #6871).
• redfish_info - add AccountTypes and OEMAccountTypes to the output of ListUsers (#6823, #6871).
• redfish_info - adds ProcessorArchitecture to CPU inventory (#6864).
• redfish_info - fix for GetVolumeInventory, Controller name was getting populated incorrectly and duplicates were seen in the volumes retrieved (#6719).
• rhsm_repository - the interaction with subscription-manager was refactored by grouping things together, removing unused bits, and hardening the way it is run; also, the parsing of subscription-manager repos --list was improved and made slightly faster; no behaviour change is expected (#6783, #6837).
• scaleway_security_group_rule - minor refactor removing unnecessary code statements (#6928).
• snap - add option dangerous to the module, that will map into the command line argument --dangerous, allowing unsigned snap files to be installed (#6908, #5715).
• tss lookup plugin - allow to fetch secret by path. Previously, we could not fetch secret by path but now use secret_path option to indicate to fetch secret by secret path (#6881).
• xenserver_guest_info - minor refactor removing unnecessary code statements (#6928).
• xenserver_guest_powerstate - minor refactor removing unnecessary code statements (#6928).
• yum_versionlock - add support to pin specific package versions instead of only the package itself (#6861, #4470).

Deprecated Features

• flowdock - module relies entirely on no longer responsive API endpoints, and it will be removed in community.general 9.0.0 (#6930).
• proxmox - old feature flag proxmox_default_behavior will be removed in community.general 10.0.0 (#6836).
• stackdriver - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6887).
• webfaction_app - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_db - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_domain - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_mailbox - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_site - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).

Bugfixes

• cobbler inventory plugin - fix calculation of cobbler_ipv4/6_address (#6925).
• datadog_downtime - presence of rrule param lead to the Datadog API returning Bad Request due to a missing recurrence type (#6811).
• ipa_dnszone - fix 'idnsallowsyncptr' key error for reverse zone (#6906, #6905).
• keycloak_authentication - fix Keycloak authentication flow (step or sub-flow) indexing during update, if not specified by the user (#6734).
• locale_gen - now works for locales without the underscore character such as C.UTF-8 (#6774, #5142, #4305).
• machinectl become plugin - mark plugin as require_tty to automatically disable pipelining, with which this plugin is not compatible (#6932, #6935).
• nmcli - fix support for empty list (in compare and scrape) (#6769).
• openbsd_pkg - the pkg_info(1) behavior has changed in OpenBSD >7.3. The error message Can't find should not lead to an error case (#6785).
• pacman - module recognizes the output of yay running as root (#6713).
• proxmox - fix error when a configuration had no template field (#6838, #5372).
• proxmox module utils - add logic to detect whether an old Promoxer complains about the token_name and token_value parameters and provide a better error message when that happens (#6839, #5371).
• proxmox_disk - fix unable to create cdrom media due to size always being appended (#6770).
• proxmox_kvm - absent state with force specified failed to stop the VM due to the timeout value not being passed to stop_vm (#6827).
• proxmox_kvm - restarted state did not actually restart a VM in some VM configurations. The state now uses the Proxmox reboot endpoint instead of calling the stop_vm and start_vm functions (#6773).
• proxmox_template - require requests_toolbelt module to fix issue with uploading large templates (#5579, #6757).
• redfish_info - fix ListUsers to not show empty account slots (#6771, #6772).
• refish_utils module utils - changing variable names to avoid issues occuring when fetching Volumes data (#6883).
• snap - assume default track latest in parameter channel when not specified (#6835, #6821).
• snap - fix the processing of the commands' output, stripping spaces and newlines from it (#6826, #6803).

New Plugins

Lookup

• community.general.bitwarden_secrets_manager - Retrieve secrets from Bitwarden Secrets Manager

New Modules

• community.general.consul_policy - Manipulate Consul policies
• community.general.keycloak_authz_permission - Allows administration of Keycloak client authorization permissions via Keycloak API
• community.general.keycloak_authz_permission_info - Query Keycloak client authorization permissions information
• community.general.proxmox_vm_info - Retrieve information about one or more Proxmox VE virtual machines

v7.1.0

Release Summary

Regular bugfix and feature release.

From this version on, community.general is using the new Ansible semantic markup in its documentation. If you look at documentation with the ansible-doc CLI tool from ansible-core before 2.15, please note that it does not render the markup correctly. You should be still able to read it in most cases, but you need ansible-core 2.15 or later to see it as it is intended. Alternatively you can look at the devel docsite for the rendered HTML version of the documentation of the latest release.

Minor Changes

• The collection will start using semantic markup (#6539).
• VarDict module utils - add method VarDict.as_dict() to convert to a plain dict object (#6602).
• cobbler inventory plugin - add inventory_hostname option to allow using the system name for the inventory hostname (#6502).
• cobbler inventory plugin - add want_ip_addresses option to collect all interface DNS name to IP address mapping (#6711).
• cobbler inventory plugin - add primary IP addess to cobbler_ipv4_address and IPv6 address to cobbler_ipv6_address host variable (#6711).
• cobbler inventory plugin - add warning for systems with empty profiles (#6502).
• copr - respawn module to use the system python interpreter when the dnf python module is not available in ansible_python_interpreter (#6522).
• datadog_monitor - adds notification_preset_name, renotify_occurrences and renotify_statuses parameters (#6521).
• filesystem - add uuid parameter for UUID change feature (#6680).
• keycloak_client_rolemapping - adds support for subgroups with additional parameter parents (#6687).
• keycloak_role - add composite roles support for realm and client roles (#6469).
• ldap_* - add new arguments client_cert and client_key to the LDAP modules in order to allow certificate authentication (#6668).
• ldap_search - add a new page_size option to enable paged searches (#6648).
• lvg - add active and inactive values to the state option for active state management feature (#6682).
• lvg - add reset_vg_uuid, reset_pv_uuid options for UUID reset feature (#6682).
• mas - disable sign-in check for macOS 12+ as mas account is non-functional (#6520).
• onepassword lookup plugin - add service account support (#6635, #6660).
• onepassword_raw lookup plugin - add service account support (#6635, #6660).
• opentelemetry callback plugin - add span attributes in the span event (#6531).
• opkg - remove default value "" for parameter force as it causes the same behaviour of not having that parameter (#6513).
• proxmox - support timezone parameter at container creation (#6510).
• proxmox inventory plugin - add composite variables support for Proxmox nodes (#6640).
• proxmox_kvm - added support for tpmstate0 parameter to configure TPM (Trusted Platform Module) disk. TPM is required for Windows 11 installations (#6533).
• proxmox_kvm - re-use timeout module param to forcefully shutdown a virtual machine when state is stopped (#6257).
• proxmox_snap - add retention parameter to delete old snapshots (#6576).
• redfish_command - add MultipartHTTPPushUpdate command (#6471, #6612).
• redhat_subscription - the internal RegistrationBase class was folded into the other internal Rhsm class, as the separation had no purpose anymore (#6658).
• rhsm_release - improve/harden the way subscription-manager is run; no behaviour change is expected (#6669).
• snap - module is now aware of channel when deciding whether to install or refresh the snap (#6435, #1606).
• sorcery - minor refactor (#6525).
• tss lookup plugin - allow to fetch secret IDs which are in a folder based on folder ID. Previously, we could not fetch secrets based on folder ID but now use fetch_secret_ids_from_folder option to indicate to fetch secret IDs based on folder ID (#6223).

Deprecated Features

• CmdRunner module utils - deprecate cmd_runner_fmt.as_default_type() formatter (#6601).
• MH VarsMixin module utils - deprecates VarsMixin and supporting classes in favor of plain vardict module util (#6649).
• cpanm - value compatibility is deprecated as default for parameter mode (#6512).
• redhat module utils - the module_utils.redhat module is deprecated, as effectively unused: the Rhsm, RhsmPool, and RhsmPools classes will be removed in community.general 9.0.0; the RegistrationBase class will be removed in community.general 10.0.0 together with the rhn_register module, as it is the only user of this class; this means that the whole module_utils.redhat module will be dropped in community.general 10.0.0, so importing it without even using anything of it will fail (#6663).
• redhat_subscription - the autosubscribe alias for the auto_attach option has been deprecated for many years, although only in the documentation. Officially mark this alias as deprecated, and it will be removed in community.general 9.0.0 (#6646).
• redhat_subscription - the pool option is deprecated in favour of the more precise and flexible pool_ids option (#6650).
• rhsm_repository - state=present has not been working as expected for many years, and it seems it was not noticed so far; also, "presence" is not really a valid concept for subscription repositories, which can only be enabled or disabled. Hence, mark the present and absent values of the state option as deprecated, slating them for removal in community.general 10.0.0 (#6673).

Bugfixes

• MH DependencyMixin module utils - deprecation notice was popping up for modules not using dependencies (#6644, #6639).
• csv module utils - detects and remove unicode BOM markers from incoming CSV content (#6662).
• gitlab_group - the module passed parameters to the API call even when not set. The module is now filtering out None values to remediate this (#6712).
• icinga2_host - fix a key error when updating an existing host (#6748).
• ini_file - add the follow paramter to follow the symlinks instead of replacing them (#6546).
• ini_file - fix a bug where the inactive options were not used when possible (#6575).
• keycloak module utils - fix is_struct_included handling of lists of lists/dictionaries (#6688).
• keycloak module utils - the function get_user_by_username now return the user representation or None as stated in the documentation (#6758).
• proxmox_kvm - allow creation of VM with existing name but new vmid (#6155, #6709).
• rhsm_repository - when using the purge option, the repositories dictionary element in the returned JSON is now properly updated according to the pruning operation (#6676).
• tss lookup plugin - fix multiple issues when using fetch_attachments=true (#6720).

Known Issues

• Ansible markup will show up in raw form on ansible-doc text output for ansible-core before 2.15. If you have trouble deciphering the documentation markup, please upgrade to ansible-core 2.15 (or newer), or read the HTML documentation on https://docs.ansible.com/ansible/devel/collections/community/general/ (#6539).

New Modules

• community.general.gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
• community.general.gitlab_merge_request - Create, update, or delete GitLab merge requests
• community.general.keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
• community.general.keycloak_user - Create and configure a user in Keycloak
• community.general.lvg_rename - Renames LVM volume groups
• community.general.proxmox_pool - Pool management for Proxmox VE cluster
• community.general.proxmox_pool_member - Add or delete members from Proxmox VE cluster pools

v7.0.1

Release Summary

Bugfix release for Ansible 8.0.0rc1.

Bugfixes

• nmcli - fix bond option xmit_hash_policy (#6527).
• portage - fix changed_use and newuse not triggering rebuilds (#6008, #6548).
• proxmox_tasks_info - remove api_user + api_password constraint from required_together as it causes to require api_password even when API token param is used (#6201).
• zypper - added handling of zypper exitcode 102. Changed state is set correctly now and rc 102 is still preserved to be evaluated by the playbook (#6534).

v7.0.0

Release Summary

This is release 7.0.0 of community.general, released on 2023-05-09.

Minor Changes

• apache2_module - add module argument warn_mpm_absent to control whether warning are raised in some edge cases (#5793).
• apt_rpm - adds clean, dist_upgrade and update_kernel parameters for clear caches, complete upgrade system, and upgrade kernel packages (#5867).
• bitwarden lookup plugin - can now retrieve secrets from custom fields (#5694).
• bitwarden lookup plugin - implement filtering results by collection_id parameter (#5849).
• cmd_runner module utils - cmd_runner_fmt.as_bool() can now take an extra parameter to format when value is false (#5647).
• cpanm - minor change, use feature from ModuleHelper (#6385).
• dconf - be forgiving about boolean values: convert them to GVariant booleans automatically (#6206).
• dconf - if gi.repository.GLib is missing, try to respawn in a Python interpreter that has it (#6491).
• dconf - minor refactoring improving parameters and dependencies validation (#6336).
• dconf - parse GVariants for equality comparison when the Python module gi.repository is available (#6049).
• deps module utils - add function failed() providing the ability to check the dependency check result without triggering an exception (#6383).
• dig lookup plugin - Support multiple domains to be queried as indicated in docs (#6334).
• dig lookup plugin - support CAA record type (#5913).
• dnsimple - set custom User-Agent for API requests to DNSimple (#5927).
• dnsimple_info - minor refactor in the code (#6440).
• flatpak_remote - add new boolean option enabled. It controls, whether the remote is enabled or not (#5926).
• gconftool2 - refactor using ModuleHelper and CmdRunner (#5545).
• gitlab_group_variable, gitlab_project_variable - refactor function out to module utils (#6384).
• gitlab_project - add builds_access_level, container_registry_access_level and forking_access_level options (#5706).
• gitlab_project - add releases_access_level, environments_access_level, feature_flags_access_level, infrastructure_access_level, monitor_access_level, and security_and_compliance_access_level options (#5986).
• gitlab_project - add new option topics for adding topics to GitLab projects (#6278).
• gitlab_runner - add new boolean option access_level_on_creation. It controls, whether the value of access_level is used for runner registration or not. The option access_level has been ignored on registration so far and was only used on updates (#5907, #5908).
• gitlab_runner - allow to register group runner (#3935).
• homebrew_cask - allows passing --greedy option to upgrade_all (#6267).
• idrac_redfish_command - add job_id to CreateBiosConfigJob response (#5603).
• ilo_redfish_utils module utils - change implementation of DNS Server IP and NTP Server IP update (#5804).
• ipa_group - allow to add and remove external users with the external_user option (#5897).
• ipa_hostgroup - add append parameter for adding a new hosts to existing hostgroups without changing existing hostgroup members (#6203).
• iptables_state - minor refactoring within the module (#5844).
• java_certs - add more detailed error output when extracting certificate from PKCS12 fails (#5550).
• jc filter plugin - added the ability to use parser plugins (#6043).
• jenkins_plugin - refactor code to module util to fix sanity check (#5565).
• jira - add worklog functionality (#6209, #6210).
• keycloak_authentication - add flow type option to sub flows to allow the creation of 'form-flow' sub flows like in Keycloak's built-in registration flow (#6318).
• keycloak_group - add new optional module parameter parents to properly handle keycloak subgroups (#5814).
• keycloak_user_federation - make org.keycloak.storage.ldap.mappers.LDAPStorageMapper the default value for mappers providerType (#5863).
• ldap modules - add ca_path option (#6185).
• ldap modules - add xorder_discovery option (#6045, #6109).
• ldap_search - the new base64_attributes allows to specify which attribute values should be Base64 encoded (#6473).
• lxd_container - add diff and check mode (#5866).
• lxd_project - refactored code out to module utils to clear sanity check (#5549).
• make - add command return value to the module output (#6160).
• mattermost, rocketchat, slack - replace missing default favicon with docs.ansible.com favicon (#5928).
• mksysb - improved the output of the module in case of errors (#6263).
• modprobe - add persistent option (#4028, #542).
• module_helper module utils - updated the imports to make more MH features available at plugins/module_utils/module_helper.py (#6464).
• mssql_script - allow for GO statement to be mixed-case for scripts not using strict syntax (#6457).
• mssql_script - handle error condition for empty resultsets to allow for non-returning SQL statements (for example UPDATE and INSERT) (#6457).
• mssql_script - improve batching logic to allow a wider variety of input scripts. For example, SQL scripts slurped from Windows machines which may contain carriage return (''r'') characters (#6457).
• nmap inventory plugin - add new option open for only returning open ports (#6200).
• nmap inventory plugin - add new option port for port specific scan (#6165).
• nmap inventory plugin - add new options udp_scan, icmp_timestamp, and dns_resolve for different types of scans (#5566).
• nmap inventory plugin - added environment variables for configure address and exclude (#6351).
• nmcli - add default and default-or-eui64 to the list of valid choices for addr_gen_mode6 parameter (#5974).
• nmcli - add macvlan connection type (#6312).
• nmcli - add support for team.runner-fast-rate parameter for team connections (#6065).
• nmcli - new module option slave_type added to allow creation of various types of slave devices (#473, #6108).
• one_vm - add a new updateconf option which implements the one.vm.updateconf API call (#5812).
• openbsd_pkg - set TERM to 'dumb' in execute_command() to make module less dependant on the TERM environment variable set on the Ansible controller (#6149).
• opkg - allow installing a package in a certain version (#5688).
• opkg - refactored module to use CmdRunner for executing opkg (#5718).
• osx_defaults - include stderr in error messages (#6011).
• pipx - add system_site_packages parameter to give application access to system-wide packages (#6308).
• pipx - ensure include_injected parameter works with state=upgrade and state=latest (#6212).
• pipx - optional install_apps parameter added to install applications from injected packages (#6198).
• proxmox - added new module parameter tags for use with PVE 7+ (#5714).
• proxmox - suppress urllib3 InsecureRequestWarnings when validate_certs option is false (#5931).
• proxmox_kvm - add new archive parameter. This is needed to create a VM from an archive (backup) (#6159).
• proxmox_kvm - adds migrate parameter to manage online migrations between hosts (#6448)
• puppet - add new options skip_tags to exclude certain tagged resources during a puppet agent or apply (#6293).
• puppet - refactored module to use CmdRunner for executing puppet (#5612).
• rax_scaling_group - refactored out code to the rax module utils to clear the sanity check (#5563).
• redfish_command - add PerformRequestedOperations command to perform any operations necessary to continue the update flow (#4276).
• redfish_command - add update_apply_time to SimpleUpdate command (#3910).
• redfish_command - add update_status to output of SimpleUpdate command to allow a user monitor the update in progress (#4276).
• redfish_command - adding EnableSecureBoot functionality (#5899).
• redfish_command - adding VerifyBiosAttributes functionality (#5900).
• redfish_info - add GetUpdateStatus command to check the progress of a previous update request (#4276).
• redfish_info - adds commands to retrieve the HPE ThermalConfiguration and FanPercentMinimum settings from iLO (#6208).
• redfish_utils module utils - added PUT (put_request()) functionality (#5490).
• redhat_subscription - add a server_proxy_scheme parameter to configure the scheme for the proxy server (#5662).
• redhat_subscription - adds token parameter for subscription-manager authentication using Red Hat API token (#5725).
• redhat_subscription - credentials (username, activationkey, and so on) are required now only if a system needs to be registered, or force_register is specified (#5664).
• redhat_subscription - the registration is done using the D-Bus rhsm service instead of spawning a subscription-manager register command, if possible; this avoids passing plain-text credentials as arguments to subscription-manager register, which can be seen while that command runs (#6122).
• sefcontext - add support for path substitutions (#1193).
• shutdown - if no shutdown commands are found in the search_paths then the module will attempt to shutdown the system using systemctl shutdown (#4269, #6171).
• slack - add option prepend_hash which allows to control whether a # is prepended to channel_id. The current behavior (value auto) is to prepend # unless some specific prefixes are found. That list of prefixes is incomplete, and there does not seem to exist a documented condition on when exactly # must not be prepended. We recommend to explicitly set prepend_hash=always or prepend_hash=never to avoid any ambiguity (#5629).
• snap - minor refactor when executing module (#5773).
• snap - refactor module to use CmdRunner to execute external commands (#6468).
• snap_alias - refactor code to module utils (#6441).
• snap_alias - refactored module to use CmdRunner to execute snap (#5486).
• spotinst_aws_elastigroup - add elements attribute when missing in list parameters (#5553).
• ssh_config - add host_key_algorithms option (#5605).
• ssh_config - add proxyjump option (#5970).
• ssh_config - refactor code to module util to fix sanity check (#5720).
• ssh_config - vendored StormSSH's config parser to avoid having to install StormSSH to use the module (#6117).
• sudoers - add setenv parameters to support passing environment variables via sudo. (#5883)
• sudoers - adds host parameter for setting hostname restrictions in sudoers rules (#5702).
• terraform - remove state file check condition and error block, because in the native implementation of terraform will not cause errors due to the non-existent file (#6296).
• udm_dns_record - minor refactor to the code (#6382).
• udm_share - added elements attribute to list type parameters (#5557).
• udm_user - add elements attribute when missing in list parameters (#5559).
• znode module - optional use_tls parameter added for encrypted communication (#6154).

Breaking Changes / Porting Guide

• If you are not using this collection as part of Ansible, but installed (and/or upgraded) community.general manually, you need to make sure to also install community.sap_libs if you are using any of the sapcar_extract, sap_task_list_execute, and hana_query modules. Without that collection installed, the redirects for these modules do not work.
• ModuleHelper module utils - when the module sets output variables named msg, exception, output, vars, or changed, the actual output will prefix those names with _ (underscore symbol) only when they clash with output variables generated by ModuleHelper itself, which only occurs when handling exceptions. Please note that this breaking change does not require a new major release since before this release, it was not possible to add such variables to the output due to a bug (#5765).
• gconftool2 - fix processing of gconftool-2 when key does not exist, returning null instead of empty string for both value and previous_value return values (#6028).
• gitlab_runner - the default of access_level_on_creation changed from false to true (#6428).
• ldap_search - convert all string-like values to UTF-8 (#5704, #6473).
• nmcli - the default of the hairpin option changed from true to false (#6428).
• proxmox - the default of the unprivileged option changed from false to true (#6428).

Deprecated Features

• ModuleHelper module_utils - deps mixin for MH classes deprecated in favour of using the deps module_utils (#6465).
• consul - deprecate using parameters unused for state=absent (#5772).
• gitlab_runner - the default of the new option access_level_on_creation will change from false to true in community.general 7.0.0. This will cause access_level to be used during runner registration as well, and not only during updates (#5908).
• gitlab_runner - the option access_level will lose its default value in community.general 8.0.0. From that version on, you have set this option to ref_protected explicitly, if you want to have a protected runner (#5925).
• manageiq_policies - deprecate state=list in favour of using community.general.manageiq_policies_info (#5721).
• manageiq_tags - deprecate state=list in favour of using community.general.manageiq_tags_info (#5727).
• rax - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax module utils - module utils code relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_cbs - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_cbs_attachments - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_cdb - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_cdb_database - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_cdb_user - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_clb - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_clb_nodes - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_clb_ssl - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_dns - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_dns_record - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_facts - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_files - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_files_objects - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_identity - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_keypair - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_meta - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_mon_alarm - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_mon_check - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_mon_entity - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_mon_notification - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_mon_notification_plan - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_network - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_queue - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_scaling_group - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rax_scaling_policy - module relies on deprecated library pyrax and will be removed in community.general 9.0.0 (#5752).
• rhn_channel, rhn_register - RHN hosted at redhat.com was discontinued years ago, and Spacewalk 5 (which uses RHN) is EOL since 2020, May 31st; while these modules could work on Uyuni / SUSE Manager (fork of Spacewalk 5), we have not heard about anyone using them in those setups. Hence, these modules are deprecated, and will be removed in community.general 10.0.0 in case there are no reports about being still useful, and potentially no one that steps up to maintain them (#6493).

Removed Features (previously deprecated)

• All sap modules have been removed from this collection. They have been migrated to the community.sap_libs collection. Redirections have been provided. Following modules are affected: - sapcar_extract - sap_task_list_execute - hana_query
• cmd_runner module utils - the fmt alias of cmd_runner_fmt has been removed. Use cmd_runner_fmt instead (#6428).
• newrelic_deployment - the appname and environment options have been removed. They did not do anything (#6428).
• puppet - the alias show-diff of the show_diff option has been removed. Use show_diff instead (#6428).
• xfconf - generating facts was deprecated in community.general 3.0.0, however three factoids, property, channel and value continued to be generated by mistake. This behaviour has been removed and xfconf generate no facts whatsoever (#5502).
• xfconf - generating facts was deprecated in community.general 3.0.0, however two factoids, previous_value and type continued to be generated by mistake. This behaviour has been removed and xfconf generate no facts whatsoever (#5502).

Bugfixes

• ModuleHelper - fix bug when adjusting the name of reserved output variables (#5755).
• alternatives - support subcommands on Fedora 37, which uses follower instead of slave (#5794).
• ansible_galaxy_install - set default to raise exception if command's return code is different from zero (#5680).
• ansible_galaxy_install - try C.UTF-8 and then fall back to en_US.UTF-8 before failing (#5680).
• archive - avoid deprecated exception class on Python 3 (#6180).
• archive - reduce RAM usage by generating CRC32 checksum over chunks (#6274).
• bitwarden lookup plugin - clarify what to do, if the bitwarden vault is not unlocked (#5811).
• cartesian and flattened lookup plugins - adjust to parameter deprecation in ansible-core 2.14's listify_lookup_plugin_terms helper function (#6074).
• chroot connection plugin - add inventory_hostname to vars under remote_addr. This is needed for compatibility with ansible-core 2.13 (#5570).
• cloudflare_dns - fixed the idempotency for SRV DNS records (#5972).
• cloudflare_dns - fixed the possiblity of setting a root-level SRV DNS record (#5972).
• cmd_runner module utils - fixed bug when handling default cases in cmd_runner_fmt.as_map() (#5538).
• cmd_runner module utils - formatting arguments cmd_runner_fmt.as_fixed() was expecting an non-existing argument (#5538).
• dependent lookup plugin - avoid warning on deprecated parameter for Templar.template() (#5543).
• deps module utils - do not fail when dependency cannot be found (#6479).
• dig lookup plugin - correctly handle DNSKEY record type's algorithm field (#5914).
• flatpak - fixes idempotency detection issues. In some cases the module could fail to properly detect already existing Flatpaks because of a parameter witch only checks the installed apps (#6289).
• gconftool2 - fix changed result always being true (#6028).
• gconftool2 - remove requirement of parameter value when state=absent (#6028).
• gem - fix force parameter not being passed to gem command when uninstalling (#5822).
• gem - fix hang due to interactive prompt for confirmation on specific version uninstall (#5751).
• github_webhook - fix always changed state when no secret is provided (#5994).
• gitlab_deploy_key - also update title and not just can_push (#5888).
• gitlab_group_variables - fix dropping variables accidentally when GitLab introduced new properties (#5667).
• gitlab_project_variables - fix dropping variables accidentally when GitLab introduced new properties (#5667).
• gitlab_runner - fix KeyError on runner creation and update (#6112).
• icinga2_host - fix the data structure sent to Icinga to make use of host templates and template vars (#6286).
• idrac_redfish_command - allow user to specify resource_id for CreateBiosConfigJob to specify an exact manager (#2090).
• influxdb_user - fix running in check mode when the user does not exist yet (#6111).
• ini_file - make section parameter not required so it is possible to pass null as a value. This only was possible in the past due to a bug in ansible-core that now has been fixed (#6404).
• interfaces_file - fix reading options in lines not starting with a space (#6120).
• jail connection plugin - add inventory_hostname to vars under remote_addr. This is needed for compatibility with ansible-core 2.13 (#6118).
• jenkins_build - fix the logical flaw when deleting a Jenkins build (#5514).
• jenkins_plugin - fix error due to undefined variable when updates file is not downloaded (#6100).
• keycloak - improve error messages (#6318).
• keycloak_client - fix accidental replacement of value for attribute saml.signing.private.key with no_log in wrong contexts (#5934).
• keycloak_client_rolemapping - calculate proposed and after return values properly (#5619).
• keycloak_client_rolemapping - remove only listed mappings with state=absent (#5619).
• keycloak_user_federation - fixes federation creation issue. When a new federation was created and at the same time a default / standard mapper was also changed / updated the creation process failed as a bad None set variable led to a bad malformed url request (#5750).
• keycloak_user_federation - fixes idempotency detection issues. In some cases the module could fail to properly detect already existing user federations because of a buggy seemingly superflous extra query parameter (#5732).
• loganalytics callback plugin - adjust type of callback to notification, it was incorrectly classified as aggregate before (#5761).
• logdna callback plugin - adjust type of callback to notification, it was incorrectly classified as aggregate before (#5761).
• logstash callback plugin - adjust type of callback to notification, it was incorrectly classified as aggregate before (#5761).
• lxc_container - fix the arguments of the lxc command which broke the creation and cloning of containers (#5578).
• lxd_* modules, lxd inventory plugin - fix TLS/SSL certificate validation problems by using the correct purpose when creating the TLS context (#5616, #6034).
• memset - fix memset urlerror handling (#6114).
• nmcli - fix change handling of values specified as an integer 0 (#5431).
• nmcli - fix failure to handle WIFI settings when connection type not specified (#5431).
• nmcli - fix improper detection of changes to wifi.wake-on-wlan (#5431).
• nmcli - fixed idempotency issue for bridge connections. Module forced default value of bridge.priority to nmcli if not set; if bridge.stp is disabled nmcli ignores it and keep default (#3216, #4683).
• nmcli - fixed idempotency issue when module params is set to may_fail4=false and method4=disabled; in this case nmcli ignores change and keeps their own default value yes (#6106).
• nmcli - implemented changing mtu value on vlan interfaces (#4387).
• nmcli - order is significant for lists of addresses (#6048).
• nsupdate - fix zone lookup. The SOA record for an existing zone is returned as an answer RR and not as an authority RR (#5817, #5818).
• one_vm - avoid splitting labels that are None (#5489).
• one_vm - fix syntax error when creating VMs with a more complex template (#6225).
• onepassword lookup plugin - Changed to ignore errors from "op account get" calls. Previously, errors would prevent auto-signin code from executing (#5942).
• onepassword_raw - add missing parameter to plugin documentation (#5506).
• opkg - fix issue that force=reinstall would not reinstall an existing package (#5705).
• opkg - fixes bug when using update_cache=true (#6004).
• passwordstore lookup plugin - make compatible with ansible-core 2.16 (#6447).
• pipx - fixed handling of install_deps=true with state=latest and state=upgrade (#6303).
• portage - update the logic for generating the emerge command arguments to ensure that withbdeps: false results in a passing an n argument with the --with-bdeps emerge flag (#6451, #6456).
• proxmox inventory plugin - fix bug while templating when using templates for the url, user, password, token_id, or token_secret options (#5640).
• proxmox inventory plugin - handle tags delimited by semicolon instead of comma, which happens from Proxmox 7.3 on (#5602).
• proxmox_disk - avoid duplicate vmid reference (#5492, #5493).
• proxmox_disk - fixed issue with read timeout on import action (#5803).
• proxmox_disk - fixed possible issues with redundant vmid parameter (#5492, #5672).
• proxmox_nic - fixed possible issues with redundant vmid parameter (#5492, #5672).
• puppet - handling noop parameter was not working at all, now it is has been fixed (#6452, #6458).
• redfish_utils - removed basic auth HTTP header when performing a GET on the service root resource and when performing a POST to the session collection (#5886).
• redhat_subscription - do not ignore consumer_name and other variables if activationkey is specified (#3486, #5627).
• redhat_subscription - do not pass arguments to subscription-manager register for things already configured; now a specified rhsm_baseurl is properly set for subscription-manager (#5583).
• redhat_subscription - do not use D-Bus for registering when environment is specified, so it possible to specify again the environment names for registering, as the D-Bus APIs work only with IDs (#6319).
• redhat_subscription - try to unregister only when already registered when force_register is specified (#6258, #6259).
• redhat_subscription - use the right D-Bus options for environments when registering a CentOS Stream 8 system and using environment (#6275).
• redhat_subscription, rhsm_release, rhsm_repository - cleanly fail when not running as root, rather than hanging on an interactive console-helper prompt; they all interact with subscription-manager, which already requires to be run as root (#734, #6211).
• rhsm_release - make release parameter not required so it is possible to pass null as a value. This only was possible in the past due to a bug in ansible-core that now has been fixed (#6401).
• rundeck module utils - fix errors caused by the API empty responses (#6300)
• rundeck_acl_policy - fix TypeError - byte indices must be integers or slices, not str error caused by empty API response. Update the module to use module_utils.rundeck functions (#5887, #6300).
• rundeck_project - update the module to use module_utils.rundeck functions (#5742) (#6300)
• snap_alias - module would only recognize snap names containing letter, numbers or the underscore character, failing to identify valid snap names such as lxd.lxc (#6361).
• splunk callback plugin - adjust type of callback to notification, it was incorrectly classified as aggregate before (#5761).
• sumologic callback plugin - adjust type of callback to notification, it was incorrectly classified as aggregate before (#5761).
• syslog_json callback plugin - adjust type of callback to notification, it was incorrectly classified as aggregate before (#5761).
• terraform - fix current workspace never getting appended to the all key in the workspace_ctf object (#5735).
• terraform - fix terraform init failure when there are multiple workspaces on the remote backend and when default workspace is missing by setting TF_WORKSPACE environmental variable to the value of workspace when used (#5735).
• terraform - fix broken warn() call (#6497).
• terraform and timezone - slight refactoring to avoid linter reporting potentially undefined variables (#5933).
• terraform module - disable ANSI escape sequences during validation phase (#5843).
• tss lookup plugin - allow to download secret attachments. Previously, we could not download secret attachments but now use fetch_attachments and file_download_path variables to download attachments (#6224).
• unixy callback plugin - fix plugin to work with ansible-core 2.14 by using Ansible's configuration manager for handling options (#5600).
• unixy callback plugin - fix typo introduced when updating to use Ansible's configuration manager for handling options (#5600).
• various plugins and modules - remove unnecessary imports (#5940).
• vdo - now uses yaml.safe_load() to parse command output instead of the deprecated yaml.load() which is potentially unsafe. Using yaml.load() without explicitely setting a Loader= is also an error in pyYAML 6.0 (#5632).
• vmadm - fix for index out of range error in get_vm_uuid (#5628).
• xenorchestra inventory plugin - fix failure to receive objects from server due to not checking the id of the response (#6227).
• xfs_quota - in case of a project quota, the call to xfs_quota did not initialize/reset the project (#5143).
• xml - fixed a bug where empty children list would not be set (#5808).
• yarn - fix global=true to check for the configured global folder instead of assuming the default (#5829)
• yarn - fix global=true to not fail when executable wasn't specified (#6132)
• yarn - fix state=absent not working with global=true when the package does not include a binary (#5829)
• yarn - fix state=latest not working with global=true (#5712).
• yarn - fixes bug where yarn module tasks would fail when warnings were emitted from Yarn. The yarn.list method was not filtering out warnings (#6127).
• zfs_delegate_admin - zfs allow output can now be parsed when uids/gids are not known to the host system (#5943).
• zypper - make package managing work on readonly filesystem of openSUSE MicroOS (#5615).

New Plugins

Lookup

• community.general.merge_variables - merge variables with a certain suffix

New Modules

• community.general.btrfs_info - Query btrfs filesystem info
• community.general.btrfs_subvolume - Manage btrfs subvolumes
• community.general.gitlab_project_badge - Manage project badges on GitLab Server
• community.general.ilo_redfish_command - Manages Out-Of-Band controllers using Redfish APIs
• community.general.ipbase_info - Retrieve IP geolocation and other facts of a host's IP address using the ipbase.com API
• community.general.kdeconfig - Manage KDE configuration files
• community.general.keycloak_authz_authorization_scope - Allows administration of Keycloak client authorization scopes via Keycloak API
• community.general.keycloak_clientscope_type - Set the type of aclientscope in realm or client via Keycloak API
• community.general.keycloak_clientsecret_info - Retrieve client secret via Keycloak API
• community.general.keycloak_clientsecret_regenerate - Regenerate Keycloak client secret via Keycloak API
• community.general.ocapi_command - Manages Out-Of-Band controllers using Open Composable API (OCAPI)
• community.general.ocapi_info - Manages Out-Of-Band controllers using Open Composable API (OCAPI)