CHANGELOG.md

Community General Release Notes

Topics

• v8.6.5
  • Release Summary
  • Bugfixes
• v8.6.4
  • Release Summary
  • Minor Changes
  • Bugfixes
• v8.6.3
  • Release Summary
  • Minor Changes
  • Bugfixes
• v8.6.2
  • Release Summary
  • Bugfixes
  • Known Issues
• v8.6.1
  • Release Summary
  • Security Fixes
  • Bugfixes
• v8.6.0
  • Release Summary
  • Minor Changes
  • Deprecated Features
  • Bugfixes
  • New Modules
• v8.5.0
  • Release Summary
  • Minor Changes
  • Security Fixes
  • Bugfixes
  • New Modules
• v8.4.0
  • Release Summary
  • Minor Changes
  • Bugfixes
  • New Plugins
    • Callback
    • Filter
  • New Modules
• v8.3.0
  • Release Summary
  • Minor Changes
  • Deprecated Features
  • Bugfixes
  • New Modules
• v8.2.0
  • Release Summary
  • Minor Changes
  • Bugfixes
  • New Plugins
    • Connection
    • Filter
    • Lookup
  • New Modules
• v8.1.0
  • Release Summary
  • Minor Changes
  • Bugfixes
  • New Plugins
    • Lookup
    • Test
  • New Modules
• v8.0.2
  • Release Summary
  • Bugfixes
• v8.0.1
  • Release Summary
  • Bugfixes
• v8.0.0
  • Release Summary
  • Minor Changes
  • Breaking Changes / Porting Guide
  • Deprecated Features
  • Removed Features (previously deprecated)
  • Bugfixes
  • Known Issues
  • New Plugins
    • Lookup
  • New Modules This changelog describes changes after version 7.0.0.

v8.6.5

Release Summary

Regular bugfix release.

Bugfixes

• gitlab_group_access_token - fix crash in check mode caused by attempted access to a newly created access token (#8796).
• gitlab_project_access_token - fix crash in check mode caused by attempted access to a newly created access token (#8796).
• keycloak_realm_key - fix invalid usage of parent_id (#7850, #8823).
• keycloak_user_federation - fix key error when removing mappers during an update and new mappers are specified in the module args (#8762).
• keycloak_user_federation - fix the UnboundLocalError that occurs when an ID is provided for a user federation mapper (#8831).
• keycloak_user_federation - sort desired and after mapper list by name (analog to before mapper list) to minimize diff and make change detection more accurate (#8761).
• proxmox inventory plugin - fixed a possible error on concatenating responses from proxmox. In case an API call unexpectedly returned an empty result, the inventory failed with a fatal error. Added check for empty response (#8798, #8794).

v8.6.4

Release Summary

Regular bugfix release.

Minor Changes

• passwordstore lookup plugin - add the current user to the lockfile file name to address issues on multi-user systems (#8689).

Bugfixes

• gitlab_runner - fix paused parameter being ignored (#8648).
• homebrew_cask - fix upgrade_all returns changed when nothing upgraded (#8707, #8708).
• keycloak_user_federation - get cleartext IDP clientSecret from full realm info to detect changes to it (#8294, #8735).
• keycloak_user_federation - remove existing user federation mappers if they are not present in the federation configuration and will not be updated (#7169, #8695).

v8.6.3

Release Summary

Regular bugfix release.

Minor Changes

• wdc_redfish_command - minor change to handle upgrade file for Redfish WD platforms (#8444).

Bugfixes

• bitwarden lookup plugin - fix KeyError in search_field (#8549, #8557).
• keycloak_clientscope - remove IDs from clientscope and its protocol mappers on comparison for changed check (#8545).
• nsupdate - fix 'index out of range' error when changing NS records by falling back to authority section of the response (#8612, #8614).
• redfish_utils module utils - do not fail when language is not exactly "en" (#8613).

v8.6.2

Release Summary

Regular bugfix release.

Bugfixes

• git_config - fix behavior of state=absent if value is present (#8436, #8452).
• homebrew - do not fail when brew prints warnings (#8406, #7044).
• keycloak_client - fix TypeError when sanitizing the saml.signing.private.key attribute in the module's diff or state output. The sanitize_cr function expected a dict where in some cases a list might occur (#8403).
• keycloak_realm - add normalizations for attributes and protocol_mappers (#8496).
• launched - correctly report changed status in check mode (#8406).
• opennebula inventory plugin - fix invalid reference to IP when inventory runs against NICs with no IPv4 address (#8489).
• opentelemetry callback - do not save the JSON response when using the ansible.builtin.uri module (#8430).
• opentelemetry callback - do not save the content response when using the ansible.builtin.slurp module (#8430).
• paman - do not fail if an empty list of packages has been provided and there is nothing to do (#8514).

Known Issues

• homectl - the module does not work under Python 3.13 or newer, since it relies on the removed crypt standard library module (#4691, #8497).
• udm_user - the module does not work under Python 3.13 or newer, since it relies on the removed crypt standard library module (#4690, #8497).

v8.6.1

Release Summary

Regular bugfix release.

Security Fixes

• keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values proposed, existing, and end_state, as well as the diff, did contain the client secret unmasked (#8355).

Bugfixes

• keycloak_user_federation - fix diff of empty krbPrincipalAttribute (#8320).
• merge_variables lookup plugin - fixing cross host merge: providing access to foreign hosts variables to the perspective of the host that is performing the merge (#8303).
• opentelemetry callback plugin - close spans always (#8367).
• opentelemetry callback plugin - honour the disable_logs option to avoid storing task results since they are not used regardless (#8373).

v8.6.0

Release Summary

Regular bugfix and features release.

Minor Changes

• Use offset-aware datetime.datetime objects (with timezone UTC) instead of offset-naive UTC timestamps, which are deprecated in Python 3.12 (#8222).
• apt_rpm - add new states latest and present_not_latest. The value latest is equivalent to the current behavior of present, which will upgrade a package if a newer version exists. present_not_latest does what most users would expect present to do: it does not upgrade if the package is already installed. The current behavior of present will be deprecated in a later version, and eventually changed to that of present_not_latest (#8217, #8247).
• bitwarden lookup plugin - add support to filter by organization ID (#8188).
• filesystem - add bcachefs support (#8126).
• ini_file - add an optional parameter section_has_values. If the target ini file contains more than one section, use section_has_values to specify which one should be updated (#7505).
• java_cert - add cert_content argument (#8153).
• keycloak_client, keycloak_clientscope, keycloak_clienttemplate - added docker-v2 protocol support, enhancing alignment with Keycloak's protocol options (#8215, #8216).
• nmcli - adds OpenvSwitch support with new type values ovs-port, ovs-interface, and ovs-bridge, and new slave_type value ovs-port (#8154).
• osx_defaults - add option check_types to enable changing the type of existing defaults on the fly (#8173).
• passwordstore lookup - add missing_subkey parameter defining the behavior of the lookup when a passwordstore subkey is missing (#8166).
• portage - adds the possibility to explicitely tell portage to write packages to world file (#6226, #8236).
• redfish_command - add command ResetToDefaults to reset manager to default state (#8163).
• redfish_info - add boolean return value MultipartHttpPush to GetFirmwareUpdateCapabilities (#8194, #8195).
• ssh_config - allow accept-new as valid value for strict_host_key_checking (#8257).

Deprecated Features

• hipchat callback plugin - the hipchat service has been discontinued and the self-hosted variant has been End of Life since 2020. The callback plugin is therefore deprecated and will be removed from community.general 10.0.0 if nobody provides compelling reasons to still keep it (#8184, #8189).

Bugfixes

• aix_filesystem - fix _validate_vg not passing VG name to lsvg_cmd (#8151).
• apt_rpm - when checking whether packages were installed after running apt-get -y install <packages>, only the last package name was checked (#8263).
• bitwarden_secrets_manager lookup plugin - implements retry with exponential backoff to avoid lookup errors when Bitwardn's API rate limiting is encountered (#8230, #8238).
• from_ini filter plugin - disabling interpolation of ConfigParser to allow converting values with a % sign (#8183, #8185).
• gitlab_issue, gitlab_label, gitlab_milestone - avoid crash during version comparison when the python-gitlab Python module is not installed (#8158).
• haproxy - fix an issue where HAProxy could get stuck in DRAIN mode when the backend was unreachable (#8092).
• inventory plugins - add unsafe wrapper to avoid marking strings that do not contain { or } as unsafe, to work around a bug in AWX ((#8212, #8225).
• ipa - fix get version regex in IPA module_utils (#8175).
• keycloak_client - add sorted defaultClientScopes and optionalClientScopes to normalizations (#8223).
• keycloak_realm - add normalizations for enabledEventTypes and supportedLocales (#8224).
• puppet - add option environment_lang to set the environment language encoding. Defaults to lang C. It is recommended to set it to C.UTF-8 or en_US.UTF-8 depending on what is available on your system. (#8000)
• riak - support riak admin sub-command in newer Riak KV versions beside the legacy riak-admin main command (#8211).
• to_ini filter plugin - disabling interpolation of ConfigParser to allow converting values with a % sign (#8183, #8185).
• xml - make module work with lxml 5.1.1, which removed some internals that the module was relying on (#8169).

New Modules

• community.general.keycloak_client_rolescope - Allows administration of Keycloak client roles scope to restrict the usage of certain roles to a other specific client applications.

v8.5.0

Release Summary

Regular feature and bugfix release with security fixes.

Minor Changes

• bitwarden lookup plugin - allows to fetch all records of a given collection ID, by allowing to pass an empty value for search_value when collection_id is provided (#8013).
• icinga2 inventory plugin - adds new parameter group_by_hostgroups in order to make grouping by Icinga2 hostgroups optional (#7998).
• ini_file - support optional spaces between section names and their surrounding brackets (#8075).
• java_cert - enable owner, group, mode, and other generic file arguments (#8116).
• ldap_attrs - module now supports diff mode, showing which attributes are changed within an operation (#8073).
• lxd_container - uses /1.0/instances API endpoint, if available. Falls back to /1.0/containers or /1.0/virtual-machines. Fixes issue when using Incus or LXD 5.19 due to migrating to /1.0/instances endpoint (#7980).
• nmcli - allow setting MTU for bond-slave interface types (#8118).
• proxmox - adds startup parameters to configure startup order, startup delay and shutdown delay (#8038).
• revbitspss lookup plugin - removed a redundant unicode prefix. The prefix was not necessary for Python 3 and has been cleaned up to streamline the code (#8087).

Security Fixes

• cobbler, gitlab_runners, icinga2, linode, lxd, nmap, online, opennebula, proxmox, scaleway, stackpath_compute, virtualbox, and xen_orchestra inventory plugin - make sure all data received from the remote servers is marked as unsafe, so remote code execution by obtaining texts that can be evaluated as templates is not possible (https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/, #8098).

Bugfixes

• aix_filesystem - fix issue with empty list items in crfs logic and option order (#8052).
• consul_token - fix token creation without accessor_id (#8091).
• homebrew - error returned from brew command was ignored and tried to parse empty JSON. Fix now checks for an error and raises it to give accurate error message to users (#8047).
• ipa_hbacrule - the module uses a string for ipaenabledflag for new FreeIPA versions while the returned value is a boolean (#7880).
• ipa_sudorule - the module uses a string for ipaenabledflag for new FreeIPA versions while the returned value is a boolean (#7880).
• iptables_state - fix idempotency issues when restoring incomplete iptables dumps (#8029).
• linode inventory plugin - add descriptive error message for linode inventory plugin (#8133).
• pacemaker_cluster - actually implement check mode, which the module claims to support. This means that until now the module also did changes in check mode (#8081).
• pam_limits - when the file does not exist, do not create it in check mode (#8050, #8057).
• proxmox_kvm - fixed status check getting from node-specific API endpoint (#7817).

New Modules

• community.general.usb_facts - Allows listing information about USB devices

v8.4.0

Release Summary

Regular bugfix and feature release.

Minor Changes

• bitwarden lookup plugin - add bw_session option, to pass session key instead of reading from env (#7994).
• gitlab_deploy_key, gitlab_group_members, gitlab_group_variable, gitlab_hook, gitlab_instance_variable, gitlab_project_badge, gitlab_project_variable, gitlab_user - improve API pagination and compatibility with different versions of python-gitlab (#7790).
• gitlab_hook - adds releases_events parameter for supporting Releases events triggers on GitLab hooks (#7956).
• icinga2 inventory plugin - add Jinja2 templating support to url, user, and password paramenters (#7074, #7996).
• mssql_script - adds transactional (rollback/commit) support via optional boolean param transaction (#7976).
• proxmox_kvm - add parameter update_unsafe to avoid limitations when updating dangerous values (#7843).
• redfish_config - add command SetServiceIdentification to set service identification (#7916).
• sudoers - add support for the NOEXEC tag in sudoers rules (#7983).
• terraform - fix diff_mode in state absent and when terraform resource_changes does not exist (#7963).

Bugfixes

• cargo - fix idempotency issues when using a custom installation path for packages (using the --path parameter). The initial installation runs fine, but subsequent runs use the get_installed() function which did not check the given installation location, before running cargo install. This resulted in a false changed state. Also the removal of packeges using state: absent failed, as the installation check did not use the given parameter (#7970).
• gitlab_issue - fix behavior to search GitLab issue, using search keyword instead of title (#7846).
• gitlab_runner - fix pagination when checking for existing runners (#7790).
• keycloak_client - fixes issue when metadata is provided in desired state when task is in check mode (#1226, #7881).
• modprobe - listing modules files or modprobe files could trigger a FileNotFoundError if /etc/modprobe.d or /etc/modules-load.d did not exist. Relevant functions now return empty lists if the directories do not exist to avoid crashing the module (#7717).
• onepassword lookup plugin - failed for fields that were in sections and had uppercase letters in the label/ID. Field lookups are now case insensitive in all cases (#7919).
• pkgin - pkgin (pkgsrc package manager used by SmartOS) raises erratic exceptions and spurious changed=true (#7971).
• redfish_info - allow for a GET operation invoked by GetUpdateStatus to allow for an empty response body for cases where a service returns 204 No Content (#8003).
• redfish_info - correct uncaught exception when attempting to retrieve Chassis information (#7952).

New Plugins

Callback

• community.general.default_without_diff - The default ansible callback without diff output

Filter

• community.general.lists_difference - Difference of lists with a predictive order
• community.general.lists_intersect - Intersection of lists with a predictive order
• community.general.lists_symmetric_difference - Symmetric Difference of lists with a predictive order
• community.general.lists_union - Union of lists with a predictive order

New Modules

• community.general.gitlab_group_access_token - Manages GitLab group access tokens
• community.general.gitlab_project_access_token - Manages GitLab project access tokens

v8.3.0

Release Summary

Regular bugfix and feature release.

Minor Changes

• consul_auth_method, consul_binding_rule, consul_policy, consul_role, consul_session, consul_token - added action group community.general.consul (#7897).
• consul_policy - added support for diff and check mode (#7878).
• consul_policy, consul_role, consul_session - removed dependency on requests and factored out common parts (#7826, #7878).
• consul_role - node_identities now expects a node_name option to match the Consul API, the old name is still supported as alias (#7878).
• consul_role - service_identities now expects a service_name option to match the Consul API, the old name is still supported as alias (#7878).
• consul_role - added support for diff mode (#7878).
• consul_role - added support for templated policies (#7878).
• redfish_info - add command GetServiceIdentification to get service identification (#7882).
• terraform - add support for diff_mode for terraform resource_changes (#7896).

Deprecated Features

• consul_acl - the module has been deprecated and will be removed in community.general 10.0.0. consul_token and consul_policy can be used instead (#7901).

Bugfixes

• homebrew - detect already installed formulae and casks using JSON output from brew info (#864).
• incus connection plugin - treats inventory_hostname as a variable instead of a literal in remote connections (#7874).
• ipa_otptoken - the module expect ipatokendisabled as string but the ipatokendisabled value is returned as a boolean (#7795).
• ldap - previously the order number (if present) was expected to follow an equals sign in the DN. This makes it so the order number string is identified correctly anywhere within the DN (#7646).
• mssql_script - make the module work with Python 2 (#7818, #7821).
• nmcli - fix connection.slave-type wired to bond and not with parameter slave_type in case of connection type wifi (#7389).
• proxmox - fix updating a container config if the setting does not already exist (#7872).

New Modules

• community.general.consul_acl_bootstrap - Bootstrap ACLs in Consul
• community.general.consul_auth_method - Manipulate Consul auth methods
• community.general.consul_binding_rule - Manipulate Consul binding rules
• community.general.consul_token - Manipulate Consul tokens
• community.general.gitlab_label - Creates/updates/deletes GitLab Labels belonging to project or group.
• community.general.gitlab_milestone - Creates/updates/deletes GitLab Milestones belonging to project or group

v8.2.0

Release Summary

Regular bugfix and feature release.

Minor Changes

• ipa_dnsrecord - adds ability to manage NS record types (#7737).
• ipa_pwpolicy - refactor module and exchange a sequence if statements with a for loop (#7723).
• ipa_pwpolicy - update module to support maxrepeat, maxsequence, dictcheck, usercheck, gracelimit parameters in FreeIPA password policies (#7723).
• keycloak_realm_key - the config.algorithm option now supports 8 additional key algorithms (#7698).
• keycloak_realm_key - the config.certificate option value is no longer defined with no_log=True (#7698).
• keycloak_realm_key - the provider_id option now supports RSA encryption key usage (value rsa-enc) (#7698).
• keycloak_user_federation - allow custom user storage providers to be set through provider_id (#7789).
• mail - add Message-ID header; which is required by some mail servers (#7740).
• mail module, mail callback plugin - allow to configure the domain name of the Message-ID header with a new message_id_domain option (#7765).
• ssh_config - new feature to set AddKeysToAgent option to yes or no (#7703).
• ssh_config - new feature to set IdentitiesOnly option to yes or no (#7704).
• xcc_redfish_command - added support for raw POSTs (command=PostResource in category=Raw) without a specific action info (#7746).

Bugfixes

• keycloak_identity_provider - mappers processing was not idempotent if the mappers configuration list had not been sorted by name (in ascending order). Fix resolves the issue by sorting mappers in the desired state using the same key which is used for obtaining existing state (#7418).
• keycloak_identity_provider - it was not possible to reconfigure (add, remove) mappers once they were created initially. Removal was ignored, adding new ones resulted in dropping the pre-existing unmodified mappers. Fix resolves the issue by supplying correct input to the internal update call (#7418).
• keycloak_user - when force is set, but user does not exist, do not try to delete it (#7696).
• proxmox_kvm - running state=template will first check whether VM is already a template (#7792).
• statusio_maintenance - fix error caused by incorrectly formed API data payload. Was raising "Failed to create maintenance HTTP Error 400 Bad Request" caused by bad data type for date/time and deprecated dict keys (#7754).

New Plugins

Connection

• community.general.incus - Run tasks in Incus instances via the Incus CLI.

Filter

• community.general.from_ini - Converts INI text input into a dictionary
• community.general.to_ini - Converts a dictionary to the INI file format

Lookup

• community.general.github_app_access_token - Obtain short-lived Github App Access tokens

New Modules

• community.general.dnf_config_manager - Enable or disable dnf repositories using config-manager
• community.general.keycloak_component_info - Retrive component info in Keycloak
• community.general.keycloak_realm_rolemapping - Allows administration of Keycloak realm role mappings into groups with the Keycloak API
• community.general.proxmox_node_info - Retrieve information about one or more Proxmox VE nodes
• community.general.proxmox_storage_contents_info - List content from a Proxmox VE storage

v8.1.0

Release Summary

Regular bugfix and feature release.

Minor Changes

• bitwarden lookup plugin - when looking for items using an item ID, the item is now accessed directly with bw get item instead of searching through all items. This doubles the lookup speed (#7468).
• elastic callback plugin - close elastic client to not leak resources (#7517).
• git_config - allow multiple git configs for the same name with the new add_mode option (#7260).
• git_config - the after and before fields in the diff of the return value can be a list instead of a string in case more configs with the same key are affected (#7260).
• git_config - when a value is unset, all configs with the same key are unset (#7260).
• gitlab modules - add ca_path option (#7472).
• gitlab modules - remove duplicate gitlab package check (#7486).
• gitlab_runner - add support for new runner creation workflow (#7199).
• ipa_config - adds passkey choice to ipauserauthtype parameter's choices (#7588).
• ipa_sudorule - adds options to include denied commands or command groups (#7415).
• ipa_user - adds idp and passkey choice to ipauserauthtype parameter's choices (#7589).
• irc - add validate_certs option, and rename use_ssl to use_tls, while keeping use_ssl as an alias. The default value for validate_certs is false for backwards compatibility. We recommend to every user of this module to explicitly set use_tls=true and validate_certs=true` whenever possible, especially when communicating to IRC servers over the internet (#7550).
• keycloak module utils - expose error message from Keycloak server for HTTP errors in some specific situations (#7645).
• keycloak_user_federation - add option for krbPrincipalAttribute (#7538).
• lvol - change pvs argument type to list of strings (#7676, #7504).
• lxd connection plugin - tighten the detection logic for lxd Instance not found errors, to avoid false detection on unrelated errors such as /usr/bin/python3: not found (#7521).
• netcup_dns - adds support for record types OPENPGPKEY, SMIMEA, and SSHFP (#7489).
• nmcli - add support for new connection type loopback (#6572).
• nmcli - allow for infiniband slaves of bond interface types (#7569).
• nmcli - allow for the setting of MTU for infiniband and bond interface types (#7499).
• onepassword lookup plugin - support 1Password Connect with the opv2 client by setting the connect_host and connect_token parameters (#7116).
• onepassword_raw lookup plugin - support 1Password Connect with the opv2 client by setting the connect_host and connect_token parameters (#7116)
• passwordstore - adds timestamp and preserve parameters to modify the stored password format (#7426).
• proxmox - adds template value to the state parameter, allowing conversion of container to a template (#7143).
• proxmox - adds update parameter, allowing update of an already existing containers configuration (#7540).
• proxmox inventory plugin - adds an option to exclude nodes from the dynamic inventory generation. The new setting is optional, not using this option will behave as usual (#6714, #7461).
• proxmox_disk - add ability to manipulate CD-ROM drive (#7495).
• proxmox_kvm - adds template value to the state parameter, allowing conversion of a VM to a template (#7143).
• proxmox_kvm - support the hookscript parameter (#7600).
• proxmox_ostype - it is now possible to specify the ostype when creating an LXC container (#7462).
• proxmox_vm_info - add ability to retrieve configuration info (#7485).
• redfish_info - adding the BootProgress property when getting Systems info (#7626).
• ssh_config - adds controlmaster, controlpath and controlpersist parameters (#7456).

Bugfixes

• apt-rpm - the module did not upgrade packages if a newer version exists. Now the package will be reinstalled if the candidate is newer than the installed version (#7414).
• cloudflare_dns - fix Cloudflare lookup of SHFP records (#7652).
• interface_files - also consider address_family when changing option=method (#7610, #7612).
• irc - replace ssl.wrap_socket that was removed from Python 3.12 with code for creating a proper SSL context (#7542).
• keycloak_* - fix Keycloak API client to quote / properly (#7641).
• keycloak_authz_permission - resource payload variable for scope-based permission was constructed as a string, when it needs to be a list, even for a single item (#7151).
• log_entries callback plugin - replace ssl.wrap_socket that was removed from Python 3.12 with code for creating a proper SSL context (#7542).
• lvol - test for output messages in both stdout and stderr (#7601, #7182).
• onepassword lookup plugin - field and section titles are now case insensitive when using op CLI version two or later. This matches the behavior of version one (#7564).
• redhat_subscription - use the D-Bus registration on RHEL 7 only on 7.4 and greater; older versions of RHEL 7 do not have it (#7622, #7624).
• terraform - fix multiline string handling in complex variables (#7535).

New Plugins

Lookup

• community.general.onepassword_doc - Fetch documents stored in 1Password

Test

• community.general.fqdn_valid - Validates fully-qualified domain names against RFC 1123

New Modules

• community.general.git_config_info - Read git configuration
• community.general.gitlab_issue - Create, update, or delete GitLab issues
• community.general.nomad_token - Manage Nomad ACL tokens

v8.0.2

Release Summary

Bugfix release for inclusion in Ansible 9.0.0rc1.

Bugfixes

• ocapi_utils, oci_utils, redfish_utils module utils - replace type() calls with isinstance() calls (#7501).
• pipx module utils - change the CLI argument formatter for the pip_args parameter (#7497, #7506).

v8.0.1

Release Summary

Bugfix release for inclusion in Ansible 9.0.0b1.

Bugfixes

• gitlab_group_members - fix gitlab constants call in gitlab_group_members module (#7467).
• gitlab_project_members - fix gitlab constants call in gitlab_project_members module (#7467).
• gitlab_protected_branches - fix gitlab constants call in gitlab_protected_branches module (#7467).
• gitlab_user - fix gitlab constants call in gitlab_user module (#7467).
• proxmox_pool_member - absent state for type VM did not delete VMs from the pools (#7464).
• redfish_command - fix usage of message parsing in SimpleUpdate and MultipartHTTPPushUpdate commands to treat the lack of a MessageId as no message (#7465, #7471).

v8.0.0

Release Summary

This is release 8.0.0 of community.general, released on 2023-11-01.

Minor Changes

• The collection will start using semantic markup (#6539).
• VarDict module utils - add method VarDict.as_dict() to convert to a plain dict object (#6602).
• apt_rpm - extract package name from local .rpm path when verifying installation success. Allows installing packages from local .rpm files (#7396).
• cargo - add option executable, which allows user to specify path to the cargo binary (#7352).
• cargo - add option locked which allows user to specify install the locked version of dependency instead of latest compatible version (#6134).
• chroot connection plugin - add disable_root_check option (#7099).
• cloudflare_dns - add CAA record support (#7399).
• cobbler inventory plugin - add exclude_mgmt_classes and include_mgmt_classes options to exclude or include hosts based on management classes (#7184).
• cobbler inventory plugin - add inventory_hostname option to allow using the system name for the inventory hostname (#6502).
• cobbler inventory plugin - add want_ip_addresses option to collect all interface DNS name to IP address mapping (#6711).
• cobbler inventory plugin - add primary IP addess to cobbler_ipv4_address and IPv6 address to cobbler_ipv6_address host variable (#6711).
• cobbler inventory plugin - add warning for systems with empty profiles (#6502).
• cobbler inventory plugin - convert Ansible unicode strings to native Python unicode strings before passing user/password to XMLRPC client (#6923).
• consul_session - drops requirement for the python-consul library to communicate with the Consul API, instead relying on the existing requests library requirement (#6755).
• copr - respawn module to use the system python interpreter when the dnf python module is not available in ansible_python_interpreter (#6522).
• cpanm - minor refactor when creating the CmdRunner object (#7231).
• datadog_monitor - adds notification_preset_name, renotify_occurrences and renotify_statuses parameters (#6521).
• dig lookup plugin - add TCP option to enable the use of TCP connection during DNS lookup (#7343).
• ejabberd_user - module now using CmdRunner to execute external command (#7075).
• filesystem - add uuid parameter for UUID change feature (#6680).
• gitlab_group - add option force_delete (default: false) which allows delete group even if projects exists in it (#7364).
• gitlab_group_variable - add support for raw variables suboption (#7132).
• gitlab_project_variable - add support for raw variables suboption (#7132).
• gitlab_project_variable - minor refactor removing unnecessary code statements (#6928).
• gitlab_runner - minor refactor removing unnecessary code statements (#6927).
• htpasswd - minor code improvements in the module (#6901).
• htpasswd - the parameter crypt_scheme is being renamed as hash_scheme and added as an alias to it (#6841).
• icinga2_host - the ip option is no longer required, since Icinga 2 allows for an empty address attribute (#7452).
• ini_file - add ignore_spaces option (#7273).
• ini_file - add modify_inactive_option option (#7401).
• ipa_config - add module parameters to manage FreeIPA user and group objectclasses (#7019).
• ipa_config - adds idp choice to ipauserauthtype parameter's choices (#7051).
• jenkins_build - add new detach option, which allows the module to exit successfully as long as the build is created (default functionality is still waiting for the build to end before exiting) (#7204).
• jenkins_build - add new time_between_checks option, which allows to configure the wait time between requests to the Jenkins server (#7204).
• keycloak_authentication - added provider ID choices, since Keycloak supports only those two specific ones (#6763).
• keycloak_client_rolemapping - adds support for subgroups with additional parameter parents (#6687).
• keycloak_role - add composite roles support for realm and client roles (#6469).
• keyring - minor refactor removing unnecessary code statements (#6927).
• ldap_* - add new arguments client_cert and client_key to the LDAP modules in order to allow certificate authentication (#6668).
• ldap_search - add a new page_size option to enable paged searches (#6648).
• locale_gen - module has been refactored to use ModuleHelper and CmdRunner (#6903).
• locale_gen - module now using CmdRunner to execute external commands (#6820).
• lvg - add active and inactive values to the state option for active state management feature (#6682).
• lvg - add reset_vg_uuid, reset_pv_uuid options for UUID reset feature (#6682).
• lxc connection plugin - properly handle a change of the remote_addr option (#7373).
• lxd connection plugin - automatically translate remote_addr from FQDN to (short) hostname (#7360).
• lxd connection plugin - update error parsing to work with newer messages mentioning instances (#7360).
• lxd inventory plugin - add server_cert option for trust anchor to use for TLS verification of server certificates (#7392).
• lxd inventory plugin - add server_check_hostname option to disable hostname verification of server certificates (#7392).
• make - add new targets parameter allowing multiple targets to be used with make (#6882, #4919).
• make - allows params to be used without value (#7180).
• mas - disable sign-in check for macOS 12+ as mas account is non-functional (#6520).
• newrelic_deployment - add option app_name_exact_match, which filters results for the exact app_name provided (#7355).
• nmap inventory plugin - now has a use_arp_ping option to allow the user to disable the default ARP ping query for a more reliable form (#7119).
• nmcli - add support for ipv4.dns-options and ipv6.dns-options (#6902).
• nomad_job, nomad_job_info - add port parameter (#7412).
• npm - minor improvement on parameter validation (#6848).
• npm - module now using CmdRunner to execute external commands (#6989).
• onepassword lookup plugin - add service account support (#6635, #6660).
• onepassword lookup plugin - introduce account_id option which allows specifying which account to use (#7308).
• onepassword_raw lookup plugin - add service account support (#6635, #6660).
• onepassword_raw lookup plugin - introduce account_id option which allows specifying which account to use (#7308).
• opentelemetry callback plugin - add span attributes in the span event (#6531).
• opkg - add executable parameter allowing to specify the path of the opkg command (#6862).
• opkg - remove default value "" for parameter force as it causes the same behaviour of not having that parameter (#6513).
• pagerduty - adds in option to use v2 API for creating pagerduty incidents (#6151)
• parted - on resize, use --fix option if available (#7304).
• pnpm - set correct version when state is latest or version is not mentioned. Resolves previous idempotency problem (#7339).
• pritunl module utils - ensure validate_certs parameter is honoured in all methods (#7156).
• proxmox - add vmid (and taskid when possible) to return values (#7263).
• proxmox - support timezone parameter at container creation (#6510).
• proxmox inventory plugin - add composite variables support for Proxmox nodes (#6640).
• proxmox_kvm - added support for tpmstate0 parameter to configure TPM (Trusted Platform Module) disk. TPM is required for Windows 11 installations (#6533).
• proxmox_kvm - enabled force restart of VM, bringing the force parameter functionality in line with what is described in the docs (#6914).
• proxmox_kvm - re-use timeout module param to forcefully shutdown a virtual machine when state is stopped (#6257).
• proxmox_snap - add retention parameter to delete old snapshots (#6576).
• proxmox_vm_info - node parameter is no longer required. Information can be obtained for the whole cluster (#6976).
• proxmox_vm_info - non-existing provided by name/vmid VM would return empty results instead of failing (#7049).
• pubnub_blocks - minor refactor removing unnecessary code statements (#6928).
• random_string - added new ignore_similar_chars and similar_chars option to ignore certain chars (#7242).
• redfish_command - add MultipartHTTPPushUpdate command (#6471, #6612).
• redfish_command - add account_types and oem_account_types as optional inputs to AddUser (#6823, #6871).
• redfish_command - add new option update_oem_params for the MultipartHTTPPushUpdate command (#7331).
• redfish_config - add CreateVolume command to allow creation of volumes on servers (#6813).
• redfish_config - add DeleteAllVolumes command to allow deletion of all volumes on servers (#6814).
• redfish_config - adding SetSecureBoot command (#7129).
• redfish_info - add AccountTypes and OEMAccountTypes to the output of ListUsers (#6823, #6871).
• redfish_info - add support for GetBiosRegistries command (#7144).
• redfish_info - adds LinkStatus to NIC inventory (#7318).
• redfish_info - adds ProcessorArchitecture to CPU inventory (#6864).
• redfish_info - fix for GetVolumeInventory, Controller name was getting populated incorrectly and duplicates were seen in the volumes retrieved (#6719).
• redfish_info - report Id in the output of GetManagerInventory (#7140).
• redfish_utils - use Controllers key in redfish data to obtain Storage controllers properties (#7081).
• redfish_utils module utils - add support for PowerCycle reset type for redfish_command responses feature (#7083).
• redfish_utils module utils - add support for following @odata.nextLink pagination in software_inventory responses feature (#7020).
• redfish_utils module utils - support Volumes in response for GetDiskInventory (#6819).
• redhat_subscription - the internal RegistrationBase class was folded into the other internal Rhsm class, as the separation had no purpose anymore (#6658).
• redis_info - refactor the redis_info module to use the redis module_utils enabling to pass TLS parameters to the Redis client (#7267).
• rhsm_release - improve/harden the way subscription-manager is run; no behaviour change is expected (#6669).
• rhsm_repository - the interaction with subscription-manager was refactored by grouping things together, removing unused bits, and hardening the way it is run; also, the parsing of subscription-manager repos --list was improved and made slightly faster; no behaviour change is expected (#6783, #6837).
• scaleway_security_group_rule - minor refactor removing unnecessary code statements (#6928).
• shutdown - use shutdown -p ... with FreeBSD to halt and power off machine (#7102).
• snap - add option dangerous to the module, that will map into the command line argument --dangerous, allowing unsigned snap files to be installed (#6908, #5715).
• snap - module is now aware of channel when deciding whether to install or refresh the snap (#6435, #1606).
• sorcery - add grimoire (repository) management support (#7012).
• sorcery - minor refactor (#6525).
• supervisorctl - allow to stop matching running processes before removing them with stop_before_removing=true (#7284).
• tss lookup plugin - allow to fetch secret IDs which are in a folder based on folder ID. Previously, we could not fetch secrets based on folder ID but now use fetch_secret_ids_from_folder option to indicate to fetch secret IDs based on folder ID (#6223).
• tss lookup plugin - allow to fetch secret by path. Previously, we could not fetch secret by path but now use secret_path option to indicate to fetch secret by secret path (#6881).
• unixy callback plugin - add support for check_mode_markers option (#7179).
• vardict module utils - added convenience methods to VarDict (#6647).
• xenserver_guest_info - minor refactor removing unnecessary code statements (#6928).
• xenserver_guest_powerstate - minor refactor removing unnecessary code statements (#6928).
• yum_versionlock - add support to pin specific package versions instead of only the package itself (#6861, #4470).

Breaking Changes / Porting Guide

• collection_version lookup plugin - remove compatibility code for ansible-base 2.10 and ansible-core 2.11 (#7269).
• gitlab_project - add default_branch support for project update. If you used the module so far with default_branch to update a project, the value of default_branch was ignored. Make sure that you either do not pass a value if you are not sure whether it is the one you want to have to avoid unexpected breaking changes (#7158).
• selective callback plugin - remove compatibility code for Ansible 2.9 and ansible-core 2.10 (#7269).
• vardict module utils - VarDict will no longer accept variables named _var, get_meta, and as_dict (#6647).
• version module util - remove fallback for ansible-core 2.11. All modules and plugins that do version collections no longer work with ansible-core 2.11 (#7269).

Deprecated Features

• CmdRunner module utils - deprecate cmd_runner_fmt.as_default_type() formatter (#6601).
• MH VarsMixin module utils - deprecates VarsMixin and supporting classes in favor of plain vardict module util (#6649).
• ansible_galaxy_install - the ack_ansible29 and ack_min_ansiblecore211 options have been deprecated and will be removed in community.general 9.0.0 (#7358).
• consul - the ack_params_state_absent option has been deprecated and will be removed in community.general 10.0.0 (#7358).
• cpanm - value compatibility is deprecated as default for parameter mode (#6512).
• ejabberd_user - deprecate the parameter logging in favour of producing more detailed information in the module output (#7043).
• flowdock - module relies entirely on no longer responsive API endpoints, and it will be removed in community.general 9.0.0 (#6930).
• proxmox - old feature flag proxmox_default_behavior will be removed in community.general 10.0.0 (#6836).
• proxmox_kvm - deprecate the option proxmox_default_behavior (#7377).
• redfish_info, redfish_config, redfish_command - the default value 10 for the timeout option is deprecated and will change to 60 in community.general 9.0.0 (#7295).
• redhat module utils - the module_utils.redhat module is deprecated, as effectively unused: the Rhsm, RhsmPool, and RhsmPools classes will be removed in community.general 9.0.0; the RegistrationBase class will be removed in community.general 10.0.0 together with the rhn_register module, as it is the only user of this class; this means that the whole module_utils.redhat module will be dropped in community.general 10.0.0, so importing it without even using anything of it will fail (#6663).
• redhat_subscription - the autosubscribe alias for the auto_attach option has been deprecated for many years, although only in the documentation. Officially mark this alias as deprecated, and it will be removed in community.general 9.0.0 (#6646).
• redhat_subscription - the pool option is deprecated in favour of the more precise and flexible pool_ids option (#6650).
• rhsm_repository - state=present has not been working as expected for many years, and it seems it was not noticed so far; also, "presence" is not really a valid concept for subscription repositories, which can only be enabled or disabled. Hence, mark the present and absent values of the state option as deprecated, slating them for removal in community.general 10.0.0 (#6673).
• stackdriver - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6887).
• webfaction_app - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_db - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_domain - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_mailbox - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).
• webfaction_site - module relies entirely on no longer existent API endpoints, and it will be removed in community.general 9.0.0 (#6909).

Removed Features (previously deprecated)

• The collection no longer supports ansible-core 2.11 and ansible-core 2.12. Parts of the collection might still work on these ansible-core versions, but others might not (#7269).
• ansible_galaxy_install - support for Ansible 2.9 and ansible-base 2.10 has been removed (#7358).
• consul - when state=absent, the options script, ttl, tcp, http, and interval can no longer be specified (#7358).
• gconftool2 - state=get has been removed. Use the module community.general.gconftool2_info instead (#7358).
• gitlab_runner - remove the default value for the access_level option. To restore the previous behavior, explicitly set it to ref_protected (#7358).
• htpasswd - removed code for passlib <1.6 (#6901).
• manageiq_polices - state=list has been removed. Use the module community.general.manageiq_policies_info instead (#7358).
• manageiq_tags - state=list has been removed. Use the module community.general.manageiq_tags_info instead (#7358).
• mh.mixins.cmd module utils - the ArgFormat class has been removed (#7358).
• mh.mixins.cmd module utils - the CmdMixin mixin has been removed. Use community.general.plugins.module_utils.cmd_runner.CmdRunner instead (#7358).
• mh.mixins.cmd module utils - the mh.mixins.cmd module utils has been removed after all its contents were removed (#7358).
• mh.module_helper module utils - the CmdModuleHelper and CmdStateModuleHelper classes have been removed. Use community.general.plugins.module_utils.cmd_runner.CmdRunner instead (#7358).
• proxmox module utils - removed unused imports (#6873).
• xfconf - the deprecated disable_facts option was removed (#7358).

Bugfixes

• CmdRunner module utils - does not attempt to resolve path if executable is a relative or absolute path (#7200).
• MH DependencyMixin module utils - deprecation notice was popping up for modules not using dependencies (#6644, #6639).
• bitwarden lookup plugin - the plugin made assumptions about the structure of a Bitwarden JSON object which may have been broken by an update in the Bitwarden API. Remove assumptions, and allow queries for general fields such as notes (#7061).
• cmd_runner module utils - when a parameter in argument_spec has no type, meaning it is implicitly a str, CmdRunner would fail trying to find the type key in that dictionary (#6968).
• cobbler inventory plugin - fix calculation of cobbler_ipv4/6_address (#6925).
• composer - fix impossible to run working_dir dependent commands. The module was throwing an error when trying to run a working_dir dependent command, because it tried to get the command help without passing the working_dir (#3787).
• csv module utils - detects and remove unicode BOM markers from incoming CSV content (#6662).
• datadog_downtime - presence of rrule param lead to the Datadog API returning Bad Request due to a missing recurrence type (#6811).
• ejabberd_user - module was failing to detect whether user was already created and/or password was changed (#7033).
• ejabberd_user - provide meaningful error message when the ejabberdctl command is not found (#7028, #6949).
• github_deploy_key - fix pagination behaviour causing a crash when only a single page of deploy keys exist (#7375).
• gitlab_group - the module passed parameters to the API call even when not set. The module is now filtering out None values to remediate this (#6712).
• gitlab_group_variable - deleted all variables when used with purge=true due to missing raw property in KNOWN attributes (#7250).
• gitlab_project_variable - deleted all variables when used with purge=true due to missing raw property in KNOWN attributes (#7250).
• icinga2_host - fix a key error when updating an existing host (#6748).
• ini_file - add the follow paramter to follow the symlinks instead of replacing them (#6546).
• ini_file - fix a bug where the inactive options were not used when possible (#6575).
• ipa_dnszone - fix 'idnsallowsyncptr' key error for reverse zone (#6906, #6905).
• kernel_blacklist - simplified the mechanism to update the file, fixing the error (#7382, #7362).
• keycloak module util - fix missing http_agent, timeout, and validate_certs open_url() parameters (#7067).
• keycloak module utils - fix is_struct_included handling of lists of lists/dictionaries (#6688).
• keycloak module utils - the function get_user_by_username now return the user representation or None as stated in the documentation (#6758).
• keycloak_authentication - fix Keycloak authentication flow (step or sub-flow) indexing during update, if not specified by the user (#6734).
• keycloak_client inventory plugin - fix missing client secret (#6931).
• ldap_search - fix string normalization and the base64_attributes option on Python 3 (#5704, #7264).
• locale_gen - now works for locales without the underscore character such as C.UTF-8 (#6774, #5142, #4305).
• lvol - add support for percentage of origin size specification when creating snapshot volumes (#1630, #7053).
• lxc connection plugin - now handles remote_addr defaulting to inventory_hostname correctly (#7104).
• lxc connection plugin - properly evaluate options (#7369).
• machinectl become plugin - mark plugin as require_tty to automatically disable pipelining, with which this plugin is not compatible (#6932, #6935).
• mail - skip headers containing equals characters due to missing maxsplit on header key/value parsing (#7303).
• memset module utils - make compatible with ansible-core 2.17 (#7379).
• nmap inventory plugin - fix get_option calls (#7323).
• nmap inventory plugin - now uses get_option in all cases to get its configuration information (#7119).
• nmcli - fix bond option xmit_hash_policy (#6527).
• nmcli - fix support for empty list (in compare and scrape) (#6769).
• nsupdate - fix a possible list index out of range exception (#836).
• oci_utils module util - fix inappropriate logical comparison expressions and makes them simpler. The previous checks had logical short circuits (#7125).
• oci_utils module utils - avoid direct type comparisons (#7085).
• onepassword - fix KeyError exception when trying to access value of a field that is not filled out in OnePassword item (#7241).
• openbsd_pkg - the pkg_info(1) behavior has changed in OpenBSD >7.3. The error message Can't find should not lead to an error case (#6785).
• pacman - module recognizes the output of yay running as root (#6713).
• portage - fix changed_use and newuse not triggering rebuilds (#6008, #6548).
• pritunl module utils - fix incorrect URL parameter for orgnization add method (#7161).
• proxmox - fix error when a configuration had no template field (#6838, #5372).
• proxmox module utils - add logic to detect whether an old Promoxer complains about the token_name and token_value parameters and provide a better error message when that happens (#6839, #5371).
• proxmox module utils - fix proxmoxer library version check (#6974, #6975, #6980).
• proxmox_disk - fix unable to create cdrom media due to size always being appended (#6770).
• proxmox_kvm - absent state with force specified failed to stop the VM due to the timeout value not being passed to stop_vm (#6827).
• proxmox_kvm - restarted state did not actually restart a VM in some VM configurations. The state now uses the Proxmox reboot endpoint instead of calling the stop_vm and start_vm functions (#6773).
• proxmox_kvm - allow creation of VM with existing name but new vmid (#6155, #6709).
• proxmox_kvm - when name option is provided without vmid and VM with that name already exists then no new VM will be created (#6911, #6981).
• proxmox_tasks_info - remove api_user + api_password constraint from required_together as it causes to require api_password even when API token param is used (#6201).
• proxmox_template - require requests_toolbelt module to fix issue with uploading large templates (#5579, #6757).
• proxmox_user_info - avoid direct type comparisons (#7085).
• redfish_info - fix ListUsers to not show empty account slots (#6771, #6772).
• redhat_subscription - use the right D-Bus options for the consumer type when registering a RHEL system older than 9 or a RHEL 9 system older than 9.2 and using consumer_type (#7378).
• refish_utils module utils - changing variable names to avoid issues occuring when fetching Volumes data (#6883).
• rhsm_repository - when using the purge option, the repositories dictionary element in the returned JSON is now properly updated according to the pruning operation (#6676).
• rundeck - fix TypeError on 404 API response (#6983).
• selective callback plugin - fix length of task name lines in output always being 3 characters longer than desired (#7374).
• snap - an exception was being raised when snap list was empty (#7124, #7120).
• snap - assume default track latest in parameter channel when not specified (#6835, #6821).
• snap - change the change detection mechanism from "parsing installation" to "comparing end state with initial state" (#7340, #7265).
• snap - fix crash when multiple snaps are specified and one has --- in its description (#7046).
• snap - fix the processing of the commands' output, stripping spaces and newlines from it (#6826, #6803).
• sorcery - fix interruption of the multi-stage process (#7012).
• sorcery - fix queue generation before the whole system rebuild (#7012).
• sorcery - latest state no longer triggers update_cache (#7012).
• terraform - prevents -backend-config option double encapsulating with shlex_quote function. (#7301).
• tss lookup plugin - fix multiple issues when using fetch_attachments=true (#6720).
• zypper - added handling of zypper exitcode 102. Changed state is set correctly now and rc 102 is still preserved to be evaluated by the playbook (#6534).

Known Issues

• Ansible markup will show up in raw form on ansible-doc text output for ansible-core before 2.15. If you have trouble deciphering the documentation markup, please upgrade to ansible-core 2.15 (or newer), or read the HTML documentation on https://docs.ansible.com/ansible/devel/collections/community/general/ (#6539).

New Plugins

Lookup

• community.general.bitwarden_secrets_manager - Retrieve secrets from Bitwarden Secrets Manager

New Modules

• community.general.consul_policy - Manipulate Consul policies
• community.general.consul_role - Manipulate Consul roles
• community.general.facter_facts - Runs the discovery program C(facter) on the remote system and return Ansible facts
• community.general.gio_mime - Set default handler for MIME type, for applications using Gnome GIO
• community.general.gitlab_instance_variable - Creates, updates, or deletes GitLab instance variables
• community.general.gitlab_merge_request - Create, update, or delete GitLab merge requests
• community.general.jenkins_build_info - Get information about Jenkins builds
• community.general.keycloak_authentication_required_actions - Allows administration of Keycloak authentication required actions
• community.general.keycloak_authz_custom_policy - Allows administration of Keycloak client custom Javascript policies via Keycloak API
• community.general.keycloak_authz_permission - Allows administration of Keycloak client authorization permissions via Keycloak API
• community.general.keycloak_authz_permission_info - Query Keycloak client authorization permissions information
• community.general.keycloak_realm_key - Allows administration of Keycloak realm keys via Keycloak API
• community.general.keycloak_user - Create and configure a user in Keycloak
• community.general.lvg_rename - Renames LVM volume groups
• community.general.pnpm - Manage node.js packages with pnpm
• community.general.proxmox_pool - Pool management for Proxmox VE cluster
• community.general.proxmox_pool_member - Add or delete members from Proxmox VE cluster pools
• community.general.proxmox_vm_info - Retrieve information about one or more Proxmox VE virtual machines
• community.general.simpleinit_msb - Manage services on Source Mage GNU/Linux