diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 6485ec8ff0960637c4016ea8c736f41d8acbd47a..aa40810a1c946ebeff7c52ca5bc303cc8449e872 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -551,7 +551,8 @@ else:
return False
return True
- def servicedelegation_normalize_principals(module, principal):
+ def servicedelegation_normalize_principals(module, principal,
+ check_exists=False):
"""
Normalize servicedelegation principals.
@@ -620,12 +621,13 @@ else:
_host = _host[:-len(realm) - 1]
# Seach for host
- if not _check_exists(module, "host", _host):
+ if check_exists and not _check_exists(module, "host", _host):
module.fail_json(msg="Host '%s' does not exist" % _host)
# Check the service principal exists
else:
- if not _check_exists(module, "service", princ):
+ if check_exists and \
+ not _check_exists(module, "service", princ):
module.fail_json(msg="Service %s does not exist" % princ)
_principal.append(princ)
diff --git a/plugins/modules/ipaservicedelegationrule.py b/plugins/modules/ipaservicedelegationrule.py
index 93e41b46f554c15396137976ff52938202601f63..aaff1115a8a3ba41f730e9e5ff6a46c32b504c25 100644
--- a/plugins/modules/ipaservicedelegationrule.py
+++ b/plugins/modules/ipaservicedelegationrule.py
@@ -221,9 +221,9 @@ def main():
# Normalize principals
if principal:
- principal = servicedelegation_normalize_principals(ansible_module,
- principal)
- if target:
+ principal = servicedelegation_normalize_principals(
+ ansible_module, principal, state == "present")
+ if target and state == "present":
check_targets(ansible_module, target)
commands = []
diff --git a/plugins/modules/ipaservicedelegationtarget.py b/plugins/modules/ipaservicedelegationtarget.py
index a17accaef267763cf42edc0481e3ef6f12754bfb..59b3418ce9306c221df5bfab543a632073bdd8f8 100644
--- a/plugins/modules/ipaservicedelegationtarget.py
+++ b/plugins/modules/ipaservicedelegationtarget.py
@@ -177,8 +177,8 @@ def main():
# Normalize principals
if principal:
- principal = servicedelegation_normalize_principals(ansible_module,
- principal)
+ principal = servicedelegation_normalize_principals(
+ ansible_module, principal, state == "present")
commands = []
principal_add = principal_del = []
diff --git a/tests/servicedelegationrule/test_servicedelegationrule.yml b/tests/servicedelegationrule/test_servicedelegationrule.yml
index 0e351e8b77de6506fefd563889e6d6938945bd9d..5b847359df11e5ec81282d9c049fba2f5f3f67cb 100644
--- a/tests/servicedelegationrule/test_servicedelegationrule.yml
+++ b/tests/servicedelegationrule/test_servicedelegationrule.yml
@@ -21,7 +21,9 @@
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
- name: "{{ 'test-service/' + ansible_facts['fqdn'] }}"
+ name:
+ - "{{ 'test-service/' + ansible_facts['fqdn'] }}"
+ - "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
state: absent
continue: yes
@@ -29,7 +31,9 @@
ipaservicedelegationtarget:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
- name: test-delegation-target
+ name:
+ - test-delegation-target
+ - not-existing-test-delegation-target
state: absent
# CREATE TEST ITEMS
@@ -68,6 +72,28 @@
register: result
failed_when: result.changed or result.failed
+ - name: Do not fail to ensure absence of not existing servicedelegationrule test-delegation-rule member principal
+ ipaservicedelegationrule:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: test-delegation-rule
+ principal: "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Do not fail to ensure absence of not existing servicedelegationrule test-delegation-rule member target
+ ipaservicedelegationrule:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: test-delegation-rule
+ target: not-existing-test-delegation-target
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
- name: Ensure servicedelegationrule test-delegation-rule member target test-delegation-target is present
ipaservicedelegationrule:
ipaadmin_password: SomeADMINpassword
diff --git a/tests/servicedelegationtarget/test_servicedelegationtarget.yml b/tests/servicedelegationtarget/test_servicedelegationtarget.yml
index aeb1aa4aff5df6489aeea36225972e03780e8625..acb9e3f127c32e73f295fcf9b44aa2b6029f34c7 100644
--- a/tests/servicedelegationtarget/test_servicedelegationtarget.yml
+++ b/tests/servicedelegationtarget/test_servicedelegationtarget.yml
@@ -25,6 +25,7 @@
- "{{ 'test-service1/' + ansible_facts['fqdn'] }}"
- "{{ 'test-service2/' + ansible_facts['fqdn'] }}"
- "{{ 'test-service3/' + ansible_facts['fqdn'] }}"
+ - "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
state: absent
continue: yes
@@ -72,6 +73,17 @@
register: result
failed_when: result.changed or result.failed
+ - name: Do not fail to ensure absence of not existing servicedelegationtarget test-delegation-target member principal
+ ipaservicedelegationtarget:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: test-delegation-target
+ principal: "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
- name: Ensure servicedelegationtarget test-delegation-target member principal "{{ 'test-service1/' + ansible_facts['fqdn'] }}" is present
ipaservicedelegationtarget:
ipaadmin_password: SomeADMINpassword