From 791c4703b177f2d461ac7e268c3ec4dd40864d6e Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 6 May 2020 13:03:47 +0200
Subject: [PATCH] ipauser: Use encode_certificate for certificates in find_user
 result

The find_user function was not using encode_certificate for certificates
that are stored in the user record. This could lead to some issues with
older ipa releases and Python 2.
---
 plugins/modules/ipauser.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/plugins/modules/ipauser.py b/plugins/modules/ipauser.py
index d854ba5a..791a0d4d 100644
--- a/plugins/modules/ipauser.py
+++ b/plugins/modules/ipauser.py
@@ -467,7 +467,7 @@ from ansible.module_utils._text import to_text
 from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
     temp_kdestroy, valid_creds, api_connect, api_command, date_format, \
     compare_args_ipa, module_params_get, api_check_param, api_get_realm, \
-    api_command_no_name, gen_add_del_lists
+    api_command_no_name, gen_add_del_lists, encode_certificate
 import six
 
 
@@ -497,6 +497,11 @@ def find_user(module, name, preserved=False):
             for x in _result["krbprincipalname"]:
                 _list.append(str(x))
             _result["krbprincipalname"] = _list
+        certs = _result.get("usercertificate")
+        if certs is not None:
+            _result["usercertificate"] = [encode_certificate(x)
+                                          for x in certs]
+
         return _result
     else:
         return None
-- 
GitLab