Skip to content
Snippets Groups Projects
Unverified Commit 81906ede authored by Thomas Woerner's avatar Thomas Woerner Committed by GitHub
Browse files

Merge pull request #1322 from rjeffman/rhel70023 

ipagroup: Correctly handle externalmember in member actions
parents 5071653d 431dc866
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
plugins/modules/ipagroup.py
+ 15
3
View file @ 81906ede
......@@ -746,7 +746,11 @@ def main():
(externalmember_add,
externalmember_del) = gen_add_del_lists(
externalmember, res_find.get("member_external"))
externalmember, (
list(res_find.get("member_external", []))
+ list(res_find.get("ipaexternalmember", []))
)
)
(idoverrides_add,
idoverrides_del) = gen_add_del_lists(
......@@ -780,7 +784,11 @@ def main():
service_add = gen_add_list(
service, res_find.get("member_service"))
externalmember_add = gen_add_list(
externalmember, res_find.get("member_external"))
externalmember, (
list(res_find.get("member_external", []))
+ list(res_find.get("ipaexternalmember", []))
)
)
idoverrides_add = gen_add_list(
idoverrideuser, res_find.get("member_idoverrideuser"))
......@@ -815,7 +823,11 @@ def main():
service_del = gen_intersection_list(
service, res_find.get("member_service"))
externalmember_del = gen_intersection_list(
externalmember, res_find.get("member_external"))
externalmember, (
list(res_find.get("member_external", []))
+ list(res_find.get("ipaexternalmember", []))
)
)
idoverrides_del = gen_intersection_list(
idoverrideuser, res_find.get("member_idoverrideuser"))
......
tests/group/test_group_external_members.yml
+ 66
24
View file @ 81906ede
---
- name: Find trust
hosts: ipaserver
become: true
become: false
gather_facts: false
module_defaults:
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
tasks:
- name: Include tasks ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Ensure tests groups are absent
ipagroup:
name:
- extgroup
- extgroup_members
state: absent
- name: Execute group tests if trust test environment is supported
when: trust_test_is_supported | default(false)
block:
- name: Add nonposix group.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
nonposix: yes
nonposix: true
register: result
failed_when: result.failed or not result.changed
- name: Set group to be external
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external: yes
external: true
register: result
failed_when: result.failed or not result.changed
- name: Add AD users to group
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external_member: "AD\\Domain Users"
register: result
......@@ -39,7 +47,6 @@
- name: Add AD users to group, again
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external_member: "AD\\Domain Users"
register: result
......@@ -47,7 +54,6 @@
- name: Remove external group
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
state: absent
register: result
......@@ -55,27 +61,24 @@
- name: Add nonposix, external group, with AD users.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
nonposix: yes
external: yes
nonposix: true
external: true
external_member: "AD\\Domain Users"
register: result
failed_when: result.failed or not result.changed
- name: Add nonposix, external group, with AD users, again.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
nonposix: yes
external: yes
nonposix: true
external: true
external_member: "AD\\Domain Users"
register: result
failed_when: result.failed or result.changed
- name: Remove group
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
state: absent
register: result
......@@ -83,32 +86,71 @@
- name: Add nonposix group.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
nonposix: yes
nonposix: true
register: result
failed_when: result.failed or not result.changed
- name: Set group to be external, and add users.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external: yes
external: true
external_member: "AD\\Domain Users"
register: result
failed_when: result.failed or not result.changed
- name: Set group to be external, and add users, again.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external: yes
external: true
external_member: "AD\\Domain Users"
register: result
failed_when: result.failed or result.changed
- name: Cleanup environment.
- name: Ensure external group for external member exist
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
name: extgroup_members
external: true
register: result
failed_when: result.failed or not result.changed
- name: Ensure external group members are present
ipagroup:
name: extgroup_members
external_member: "AD\\Domain Users"
action: member
register: result
failed_when: result.failed or not result.changed
- name: Ensure external group members are present, again
ipagroup:
name: extgroup_members
external_member: "AD\\Domain Users"
action: member
register: result
failed_when: result.failed or result.changed
- name: Ensure external group members are absent
ipagroup:
name: extgroup_members
external_member: "AD\\Domain Users"
action: member
state: absent
register: result
failed_when: result.failed or not result.changed
- name: Ensure external group members are absent, again
ipagroup:
name: extgroup_members
external_member: "AD\\Domain Users"
action: member
state: absent
register: result
failed_when: result.failed or result.changed
- name: Ensure tests groups are absent
ipagroup:
name:
- extgroup
- extgroup_members
state: absent
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment