diff --git a/plugins/modules/ipaautomember.py b/plugins/modules/ipaautomember.py
index 7230ea57f920fa3376cd561a8c953e4f64ef7499..19780115064a3c75cd8d97b05ee84dc6c4be904b 100644
--- a/plugins/modules/ipaautomember.py
+++ b/plugins/modules/ipaautomember.py
@@ -307,15 +307,21 @@ def main():
commands.append([name, 'automember_add', args])
res_find = {}
- inclusive_add, inclusive_del = gen_add_del_lists(
- transform_conditions(inclusive or []),
- res_find.get("automemberinclusiveregex", [])
- )
-
- exclusive_add, exclusive_del = gen_add_del_lists(
- transform_conditions(exclusive or []),
- res_find.get("automemberexclusiveregex", [])
- )
+ if inclusive is not None:
+ inclusive_add, inclusive_del = gen_add_del_lists(
+ transform_conditions(inclusive),
+ res_find.get("automemberinclusiveregex", [])
+ )
+ else:
+ inclusive_add, inclusive_del = [], []
+
+ if exclusive is not None:
+ exclusive_add, exclusive_del = gen_add_del_lists(
+ transform_conditions(exclusive),
+ res_find.get("automemberexclusiveregex", [])
+ )
+ else:
+ exclusive_add, exclusive_del = [], []
elif action == "member":
if res_find is None:
diff --git a/tests/automember/test_automember.yml b/tests/automember/test_automember.yml
index 4f1516df9cf34f6a492619c3b5f9d6b9b0697749..f34b5bbf5b74ffdcda08e3dd1c17fd87cb31b2bd 100644
--- a/tests/automember/test_automember.yml
+++ b/tests/automember/test_automember.yml
@@ -367,6 +367,83 @@
failed_when: result.changed or not result.failed or
"Invalid automember condition key 'cns'" not in result.msg
+ # Tests for issue https://bugzilla.redhat.com/show_bug.cgi?id=1976922
+ - name: Ensure group testgroup is absent
+ ipaautomember:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: testgroup
+ state: absent
+ automember_type: group
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure group testgroup is present
+ ipaautomember:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: testgroup
+ description: Automember rule.
+ automember_type: group
+ inclusive:
+ - key: cn
+ expression: "@1"
+ exclusive:
+ - key: cn
+ expression: s
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure group testgroup is present with updated description
+ ipaautomember:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: testgroup
+ description: New automember rule.
+ automember_type: group
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure group testgroup is present with updated description, again
+ ipaautomember:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: testgroup
+ description: New automember rule.
+ automember_type: group
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Verify inclusive and exclusive rules have not changed
+ ipaautomember:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: testgroup
+ automember_type: group
+ inclusive:
+ - key: cn
+ expression: "@1"
+ exclusive:
+ - key: cn
+ expression: s
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Verify no other rules existed.
+ ipaautomember:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: testgroup
+ automember_type: group
+ inclusive: []
+ exclusive: []
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
+ # End of ests for issue https://bugzilla.redhat.com/show_bug.cgi?id=1976922
+
# CLEANUP TEST ITEMS
- name: Ensure group testgroup is absent