Merge branch 'main' into dependabot/github_actions/github/codeql-action-4

Author: lakshmj

.github/workflows/trivy.yml

@@ -13,7 +13,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
         with:
           scan-type: "fs"
           ignore-unfixed: true

CHANGELOG.md

@@ -7,6 +7,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.14.0] - 2026-03-05
+
+# Added
+
+- Supporting routerdynamicrouting_info in netscaler.adc collections
+
+## [2.13.0] - 2025-12-14
+
+# Fixed
+
+- Issue with running cli commands through ansible using ssh connection against 13.1 ADC.
+
+## [2.12.0] - 2025-12-8
+
+# Added
+
+- supporting reboot action
+
+# Fixed
+
+- Issue with running cli commands through ansible using ssh connection.
+- Resolving url builder issue when filterargs has bool datatype.
+- Issue with get_args keys in HAnode module.
+
 ## [2.11.0] - 2025-10-31
 
 # Added 
@@ -212,7 +236,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Initial Release
 
-[unreleased]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.11.0...HEAD
+[unreleased]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.14.0...HEAD
+[2.14.0]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.13.0...2.14.0
+[2.13.0]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.12.0...2.13.0
+[2.12.0]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.11.0...2.12.0
 [2.11.0]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.10.1...2.11.0
 [2.10.1]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.10.0...2.10.1
 [2.10.0]: https://github.com/netscaler/ansible-collection-netscaleradc/compare/2.9.2...2.10.0

Makefile

@@ -42,7 +42,7 @@ build:
 	ansible-galaxy collection build --force
 
 galaxy_importer: build
-	python3 -m galaxy_importer.main netscaler-adc-2.11.0.tar.gz
+	python3 -m galaxy_importer.main netscaler-adc-2.14.0.tar.gz
 
 # build_docs:
 # 	rm -rf _built_docs

README.md

@@ -132,9 +132,128 @@ Refer to the [NetScaler ADM as an API proxy server](https://docs.netscaler.com/e
 Refer to the [sample_playboook](https://github.com/netscaler/ansible-collection-netscaleradc/tree/main/examples) and [playbook_anatomy.md](https://github.com/netscaler/ansible-collection-netscaleradc/blob/main/playbook_anatomy.md). 
 
 
-### SSH_connections 
+### SSH Connection Plugin
 
-Refer to [SSH_connections examples](https://github.com/netscaler/ansible-collection-netscaleradc/tree/main/examples/ssh_connections) to know how `ansible.builtins.` plugins can be used to configure the NetScaler ADC. 
+The collection provides an SSH connection plugin (`netscaler.adc.ssh_netscaler_adc`) that enables direct SSH connectivity to NetScaler ADC devices for executing shell commands and CLI operations.
+The collection supports both SSH key-based authentication and SSH password based authentication.
+
+#### Prerequisites
+
+- SSH access to the NetScaler ADC device.
+- Private SSH key file available on the control machine (required when using SSH key-based authentication). Refer [Configure SSH key-based authentication](https://docs.netscaler.com/en-us/citrix-adc/current-release/system/authentication-and-authorization-for-system-user/ssh-key-based-authentication-for-system-users.html#configure-ssh-key-based-authentication-for-the-netscaler-local-system-users-by-using-cli)
+- SSH username and password (required when using SSH password based authentication).
+
+#### Inventory Configuration
+
+Configure your inventory file with the required SSH parameters:
+
+**Example 1: Group-based inventory**
+```ini
+[demo_netscaler1]
+demo_netscalers
+
+[demo_netscaler1:vars]
+ansible_host=10.10.10.10
+ansible_user=nsroot
+ansible_ssh_private_key_file=~/.ssh/id_rsa
+nitro_pass=YourPassword
+```
+
+**Example 2: Inline inventory**
+```ini
+[demo_netscalers]
+netscaler_adc ansible_host=10.10.10.10 ansible_user=nsroot ansible_ssh_private_key_file=~/.ssh/id_rsa
+```
+
+**Required inventory parameters:**
+- `ansible_host` - IP address or hostname of NetScaler ADC
+- `ansible_user` - SSH username (typically `nsroot`)
+- `ansible_ssh_private_key_file` - Path to SSH private key (required when using SSH key-based authentication)
+- `nitro_pass` - Password for nscli commands (required when using CLI commands)
+
+#### Playbook Structure for Shell Commands
+
+To execute FreeBSD shell commands on the NetScaler appliance:
+
+```yaml
+---
+- name: Execute shell commands on NetScaler
+  hosts: demo_netscalers
+  connection: netscaler.adc.ssh_netscaler_adc
+  remote_user: nsroot
+  gather_facts: false
+
+  vars:
+    ansible_python_interpreter: /var/python/bin/python
+
+  tasks:
+    - name: List files in /var/tmp
+      ansible.builtin.command: "ls -lhrt /var/tmp/"
+      register: result
+      changed_when: false
+
+    - name: Display output
+      ansible.builtin.debug:
+        msg: "{{ result.stdout_lines }}"
+```
+
+**Required settings for shell access:**
+- `connection: netscaler.adc.ssh_netscaler_adc` - Use the SSH connection plugin
+- `ansible_python_interpreter: /var/python/bin/python` - Required for shell command execution
+- `gather_facts: false` - Fact gathering is not supported
+
+#### Playbook Structure for NetScaler CLI Commands
+
+To execute NetScaler CLI commands using nscli:
+
+```yaml
+---
+- name: Execute NetScaler CLI commands
+  hosts: demo_netscalers
+  connection: netscaler.adc.ssh_netscaler_adc
+  remote_user: nsroot
+  gather_facts: false
+
+  vars:
+    ansible_python_interpreter: /var/python/bin/python
+    nscli_command: "show ns version"
+
+  tasks:
+    - name: Run NetScaler CLI command
+      ansible.builtin.command: "nscli -s -U :nsroot:{{ nitro_pass }} {{ nscli_command }}"
+      register: cli_result
+      changed_when: false
+
+    - name: Display CLI output
+      ansible.builtin.debug:
+        msg: "{{ cli_result.stdout_lines }}"
+```
+
+**CLI command format:**
+- Use `nscli -s -U :nsroot:{{ nitro_pass }} <command>` to execute NetScaler CLI commands
+- The `-s` flag runs in non-interactive mode
+- The `-U :nsroot:{{ nitro_pass }}` provides authentication credentials
+- Replace `<command>` with any valid NetScaler CLI command (e.g., `show ns ip`, `show lb vserver`)
+
+#### Running the Playbook
+
+```bash
+ansible-playbook playbook.yaml -i inventory.ini
+```
+
+Use --ask-pass to key in SSH password on demand in case of SSH password based authentication.
+```bash
+ansible-playbook playbook.yaml -i inventory.ini --ask-pass
+```
+
+Add `-vvvv` for verbose debugging output if needed:
+```bash
+ansible-playbook playbook.yaml -i inventory.ini -vvvv
+```
+
+#### Additional Examples
+
+For more complete examples and use cases, refer to the [SSH connections examples](https://github.com/netscaler/ansible-collection-netscaleradc/tree/main/examples/ssh_connections) directory. 
 
 ### Authentication
 

examples/routerdynamicrouting_info.yaml

@@ -0,0 +1,49 @@
+---
+- name: Sample routerdynamicrouting_info playbook
+  hosts: demo_netscalers
+  gather_facts: false
+  tasks:
+    - name: Get BGP routing summary
+      delegate_to: localhost
+      netscaler.adc.routerdynamicrouting_info:
+        nsip: "{{ nsip }}"
+        nitro_user: "{{ nitro_user }}"
+        nitro_pass: "{{ nitro_pass }}"
+        nitro_protocol: "{{ nitro_protocol }}"
+        validate_certs: false
+        commandstring: "show ip bgp summary"
+      register: bgp_summary
+
+    - name: Display BGP summary
+      ansible.builtin.debug:
+        var: bgp_summary.info
+
+    - name: Get IP routing table
+      delegate_to: localhost
+      netscaler.adc.routerdynamicrouting_info:
+        nsip: "{{ nsip }}"
+        nitro_user: "{{ nitro_user }}"
+        nitro_pass: "{{ nitro_pass }}"
+        nitro_protocol: "{{ nitro_protocol }}"
+        validate_certs: false
+        commandstring: "sh ip route"
+      register: ip_route
+
+    - name: Display routing table
+      ansible.builtin.debug:
+        var: ip_route.info
+
+    - name: Get OSPF neighbor information
+      delegate_to: localhost
+      netscaler.adc.routerdynamicrouting_info:
+        nsip: "{{ nsip }}"
+        nitro_user: "{{ nitro_user }}"
+        nitro_pass: "{{ nitro_pass }}"
+        nitro_protocol: "{{ nitro_protocol }}"
+        validate_certs: false
+        commandstring: "show ip ospf neighbor"
+      register: ospf_neighbors
+
+    - name: Display OSPF neighbors
+      ansible.builtin.debug:
+        var: ospf_neighbors.info

galaxy.yml

@@ -7,14 +7,15 @@ namespace: netscaler
 # The name of the collection. Has the same character restrictions as 'namespace'
 name: adc
 # The version of the collection. Must be compatible with semantic versioning
-version: 2.11.0
+version: 2.14.0
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
-  - Sumanth Lingappa <[email protected]>
-  - Shiva Shankar Vaddepally <[email protected]>
+  - Sumanth Lingappa <[email protected]>
+  - Shiva Shankar Vaddepally <[email protected]>
+  - Lakshman M J <[email protected]>
 ### OPTIONAL but strongly recommended
 # A short summary description of the collection
 description: Ansible Collection Modules for NetScaler ADC

plugins/connection/ssh_netscaler_adc.py

@@ -391,25 +391,49 @@ def _return_tuple_manipulate(func):
     def wrapped(self, *args, **kwargs):
         return_tuple = func(self, *args, **kwargs)
         return_tuple = list(return_tuple)
-        subst = ""
+
+        # Decode stdout
+        stdout = codecs.decode(return_tuple[1], errors='ignore')
+
+        # Remove "Done" messages with surrounding newlines
         regex = r"(\r\n|\r|\n|)( Done)(\r\n|\r|\n)+"
-        return_tuple[1] = re.sub(regex, subst, codecs.decode(return_tuple[1]), 0, re.UNICODE)
+        stdout = re.sub(regex, "", stdout, 0, re.UNICODE)
+
+        # Remove Warning messages (multi-line)
+        warning_regex = r"Warning: \[[\s\S]*?\]\s*"
+        stdout = re.sub(warning_regex, "", stdout, 0, re.UNICODE)
+
+        # Remove RPC node password warnings that contaminate stdout
+        rpc_warning_regex = (
+            r"Warning: One or more RPC nodes are configured with default "
+            r"passwords. For enhanced security, you must change the default "
+            r"RPC node password."
+        )
+        stdout = re.sub(rpc_warning_regex, "", stdout, 0, re.UNICODE)
+
+        # Remove leading "]" characters that might remain
+        stdout = re.sub(r"^\]\s*", "", stdout, re.MULTILINE)
+
+        # Remove extra blank lines
+        stdout = re.sub(r"\n\s*\n", "\n", stdout)
 
-        # Ansible needs some data from return_tuple[1](or stdout). So, we are returning the same to ansible
+        # Try to extract JSON if present
         regex2 = r'{.*}'
         try:
-            return_tuple[1] = re.findall(regex2, str(return_tuple[1]))[0]
-        except IndexError:
+            json_match = re.findall(regex2, stdout)
+            if json_match:
+                stdout = json_match[0]
+        except (IndexError, AttributeError):
             pass
-            # If no match, return the old `return_tuple[1]` (i.e., stdout)
+            # If no match, use the cleaned stdout
 
+        return_tuple[1] = stdout.encode() if isinstance(return_tuple[1], bytes) else stdout
         return_tuple = tuple(return_tuple)
         return return_tuple
     return wrapped
 
 
 def _manipulate_cmd(func):
-
     @wraps(func)
     def wrapped(self, cmd, *args, **kwargs):
         # Adding the 'shell' command for the citrix adc cli
@@ -455,3 +479,48 @@ def exec_command(self, cmd, in_data=None, sudoable=True):
         ''' run a command on the remote host '''
 
         return super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
+
+    @_return_tuple_manipulate
+    def _bare_run(self, cmd, in_data, sudoable=True, checkrc=True):
+        """
+        Wrapper around parent _bare_run to clean NetScaler output
+        """
+        return super(Connection, self)._bare_run(cmd, in_data, sudoable=sudoable, checkrc=checkrc)
+
+    def put_file(self, in_path, out_path):
+        """
+        Transfer a file from local to remote using piped method due to NetScaler limitations
+        """
+        display.vvv(u"PUT {0} TO {1}".format(in_path, out_path), host=self.host)
+
+        # Force piped transfer for NetScaler
+        # Save original transfer method
+        original_method = self.get_option('ssh_transfer_method')
+
+        try:
+            # Temporarily set to piped
+            self._options['ssh_transfer_method'] = 'piped'
+            return super(Connection, self).put_file(in_path, out_path)
+        finally:
+            # Restore original method
+            if original_method:
+                self._options['ssh_transfer_method'] = original_method
+
+    def fetch_file(self, in_path, out_path):
+        """
+        Fetch a file from remote to local using piped method due to NetScaler limitations
+        """
+        display.vvv(u"FETCH {0} TO {1}".format(in_path, out_path), host=self.host)
+
+        # Force piped transfer for NetScaler
+        # Save original transfer method
+        original_method = self.get_option('ssh_transfer_method')
+
+        try:
+            # Temporarily set to piped
+            self._options['ssh_transfer_method'] = 'piped'
+            return super(Connection, self).fetch_file(in_path, out_path)
+        finally:
+            # Restore original method
+            if original_method:
+                self._options['ssh_transfer_method'] = original_method

plugins/module_utils/client.py

@@ -137,7 +137,10 @@ def format_value(val):
             return str(val)
 
         args_val = ",".join(
-            ["%s:%s" % (k, quote(codecs.encode(format_value(args[k])), safe="")) for k in args]
+            [
+                "%s:%s" % (k, quote(codecs.encode(format_value(args[k])), safe=""))
+                for k in args
+            ]
         )
         args_val = ("args=%s" % args_val) if args_val != "" else ""
 

plugins/module_utils/module_executor.py

@@ -325,7 +325,10 @@ def filter_values(value):
 
         log("DEBUG: self.module.params: %s" % self.module.params)
         for k, v in self.module.params.items():
-            if not k.endswith("_binding") and k in NITRO_RESOURCE_MAP[self.resource_name]["readwrite_arguments"]:
+            if (
+                not k.endswith("_binding")
+                and k in NITRO_RESOURCE_MAP[self.resource_name]["readwrite_arguments"]
+            ):
                 cleaned_value = filter_values(v)
                 if cleaned_value is not None:
                     self.resource_module_params[k] = cleaned_value