From 483d51b4180c75bc32094666735899a18122a7e1 Mon Sep 17 00:00:00 2001
From: Denis Karpelevich <dkarpele@redhat.com>
Date: Wed, 7 Dec 2022 22:33:26 +0100
Subject: [PATCH] Use netgroup_find instead of netgroup_show to workaround IPA
bug.
Patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=2144724 which
depends on https://pagure.io/freeipa/issue/9284.
Add comment why replacing `netgroup_show` with `netgroup_find`.
Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
---
plugins/modules/ipanetgroup.py | 27 +++++++++++++++++--------
tests/netgroup/test_netgroup.yml | 34 +++++++++++++++++++++++++++++++-
2 files changed, 52 insertions(+), 9 deletions(-)
diff --git a/plugins/modules/ipanetgroup.py b/plugins/modules/ipanetgroup.py
index bb5b4c13..e0789323 100644
--- a/plugins/modules/ipanetgroup.py
+++ b/plugins/modules/ipanetgroup.py
@@ -157,18 +157,29 @@ RETURN = """
from ansible.module_utils.ansible_freeipa_module import \
IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, \
- gen_add_list, gen_intersection_list, ipalib_errors, ensure_fqdn
+ gen_add_list, gen_intersection_list, ensure_fqdn
def find_netgroup(module, name):
"""Find if a netgroup with the given name already exist."""
- try:
- _result = module.ipa_command("netgroup_show", name, {"all": True})
- except ipalib_errors.NotFound:
- # An exception is raised if netgroup name is not found.
- return None
- else:
- return _result["result"]
+ _args = {
+ "all": True,
+ "cn": name,
+ }
+
+ # `netgroup_find` is used here instead of `netgroup_show` to workaround
+ # FreeIPA bug https://pagure.io/freeipa/issue/9284.
+ # `ipa netgroup-show hostgroup` shows hostgroup - it's a bug.
+ # `ipa netgroup-find hostgroup` doesn't show hostgroup - it's correct.
+ _result = module.ipa_command("netgroup_find", name, _args)
+
+ if len(_result["result"]) > 1:
+ module.fail_json(
+ msg="There is more than one netgroup '%s'" % name)
+ elif len(_result["result"]) == 1:
+ return _result["result"][0]
+
+ return None
def gen_args(description, nisdomain, nomembers):
diff --git a/tests/netgroup/test_netgroup.yml b/tests/netgroup/test_netgroup.yml
index ffc8cef1..0cc1efe1 100644
--- a/tests/netgroup/test_netgroup.yml
+++ b/tests/netgroup/test_netgroup.yml
@@ -17,6 +17,14 @@
- my_netgroup3
state: absent
+ - name: Ensure hostgroup is absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name:
+ - my_hostgroup1
+ state: absent
+
# CREATE TEST ITEMS
- name: Get Domain from server name
ansible.builtin.set_fact:
@@ -35,6 +43,12 @@
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: my_netgroup3
+ - name: Ensure hostgroup my_hostgroup1 is present
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: my_hostgroup1
+
# TESTS
- name: Ensure netgroup my_netgroup1 is present
@@ -115,7 +129,7 @@
register: result
failed_when: result.changed or result.failed
- # netgroup and hostgroup with the same name are deprecated
+ # netgroup and hostgroup with the same name are deprecated (check hostgroup)
- name: Ensure hostgroup my_netgroup2 isn't present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
@@ -125,6 +139,16 @@
failed_when: result.changed or not result.failed or
"Hostgroups and netgroups share a common namespace" not in result.msg
+ # netgroup and hostgroup with the same name are deprecated (check netgroup)
+ - name: Ensure netgroup my_hostgroup1 isn't present
+ ipanetgroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: my_hostgroup1
+ register: result
+ failed_when: result.changed or not result.failed or
+ "Hostgroups and netgroups share a common namespace" not in result.msg
+
- name: Ensure netgroups my_netgroup2, my_netgroup3 are absent
ipanetgroup:
ipaadmin_password: SomeADMINpassword
@@ -147,3 +171,11 @@
- my_netgroup2
- my_netgroup3
state: absent
+
+ - name: Ensure hostgroups are absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name:
+ - my_hostgroup1
+ state: absent
--
GitLab