From 80abf635c37229c56d1881f17771d663c64d0c43 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 3 Apr 2023 14:44:34 +0200
Subject: [PATCH] ipagroup: Fix ensuring external group group members (without
trust-ad)
Due to an API misbehaviour in FreeIPA, ipaexternalmembers need to be
treated differently than other group members parameters. Even an empty
array triggers all tests for external members, including the check for
installed dcerpc bindings.
Therefore ipagroup module has been changed to not set ipaexternalmember
to an empty list if there are no external members to be added or
removed.
---
plugins/modules/ipagroup.py | 10 ++-
..._group_external_group_members_no_trust.yml | 81 +++++++++++++++++++
2 files changed, 87 insertions(+), 4 deletions(-)
create mode 100644 tests/group/test_group_external_group_members_no_trust.yml
diff --git a/plugins/modules/ipagroup.py b/plugins/modules/ipagroup.py
index 2488f17f..dccc478b 100644
--- a/plugins/modules/ipagroup.py
+++ b/plugins/modules/ipagroup.py
@@ -593,10 +593,12 @@ def main():
del_member_args["service"] = service_del
if is_external_group(res_find):
- add_member_args["ipaexternalmember"] = \
- externalmember_add
- del_member_args["ipaexternalmember"] = \
- externalmember_del
+ if len(externalmember_add) > 0:
+ add_member_args["ipaexternalmember"] = \
+ externalmember_add
+ if len(externalmember_del) > 0:
+ del_member_args["ipaexternalmember"] = \
+ externalmember_del
elif externalmember or external:
ansible_module.fail_json(
msg="Cannot add external members to a "
diff --git a/tests/group/test_group_external_group_members_no_trust.yml b/tests/group/test_group_external_group_members_no_trust.yml
new file mode 100644
index 00000000..c2794b0e
--- /dev/null
+++ b/tests/group/test_group_external_group_members_no_trust.yml
@@ -0,0 +1,81 @@
+---
+- name: Test external group group members (without trust-ad installed)
+ hosts: ipaserver
+ become: true
+
+ tasks:
+ - name: Ensure external test groups are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - externaltestgroup01
+ - externaltestgroup02
+ state: absent
+
+ - name: Create external test group 01
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: externaltestgroup01
+ external: true
+ register: result
+ failed_when: result.failed or not result.changed
+
+ - name: Create external test group 02
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: externaltestgroup02
+ external: true
+ register: result
+ failed_when: result.failed or not result.changed
+
+ - name: Ensure externaltestgroup02 is a member of externaltestgroup01
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: externaltestgroup01
+ action: member
+ group:
+ - externaltestgroup02
+ register: result
+ failed_when: result.failed or not result.changed
+
+ - name: Ensure externaltestgroup02 is a member of externaltestgroup01, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: externaltestgroup01
+ action: member
+ group:
+ - externaltestgroup02
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Ensure externaltestgroup02 is not a member of externaltestgroup01
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: externaltestgroup01
+ action: member
+ group:
+ - externaltestgroup02
+ state: absent
+ register: result
+ failed_when: result.failed or not result.changed
+
+ - name: Ensure externaltestgroup02 is not a member of externaltestgroup01, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: externaltestgroup01
+ action: member
+ group:
+ - externaltestgroup02
+ state: absent
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Ensure external test groups are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - externaltestgroup01
+ - externaltestgroup02
+ state: absent
+ register: result
+ failed_when: result.failed or not result.changed
--
GitLab