From 846fdc0698dffa550b29a975fc7ccb5061237598 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 11 Nov 2021 19:32:43 -0300
Subject: [PATCH] iparole: Fix idempotence issues with members.
IPA role members users, groups, hostgroups and privilege must be
compared in a case insensitive way, and either are stored in lowercase
or IPA API fixes the value for proper representation.
This patch forces all comparisons of this values to be performed in
lowercase, and also only modify the values if it is really needed.
---
plugins/modules/iparole.py | 62 ++++++++++++++++++++------------------
1 file changed, 32 insertions(+), 30 deletions(-)
diff --git a/plugins/modules/iparole.py b/plugins/modules/iparole.py
index 0f3643ed..f9cc823b 100644
--- a/plugins/modules/iparole.py
+++ b/plugins/modules/iparole.py
@@ -190,22 +190,22 @@ def ensure_absent_state(module, name, action, res_find):
if action == "member":
- members = gen_intersection_list(
- module.params_get("privilege"),
- res_find.get("memberof_privilege")
- )
- if members:
- commands.append([name, "role_remove_privilege",
- {"privilege": members}])
+ _members = module.params_get_lowercase("privilege")
+ if _members is not None:
+ del_list = gen_intersection_list(
+ _members, get_lowercase(res_find, "memberof_privilege"))
+ if del_list:
+ commands.append([name, "role_remove_privilege",
+ {"privilege": del_list}])
member_args = {}
for key in ['user', 'group', 'hostgroup']:
- items = gen_intersection_list(
- module.params_get(key),
- res_find.get("member_%s" % key)
- )
- if items:
- member_args[key] = items
+ _members = module.params_get_lowercase(key)
+ if _members:
+ del_list = gen_intersection_list(
+ _members, get_lowercase(res_find, "member_%s" % key))
+ if del_list:
+ member_args[key] = del_list
# ensure hosts are FQDN.
_members = get_member_host_with_fqdn_lowercase(module, "host")
@@ -285,29 +285,31 @@ def gen_services_add_del_lists(module, mod_member, res_find, res_member):
def ensure_role_with_members_is_present(module, name, res_find, action):
"""Define commands to ensure member are present for action `role`."""
commands = []
- privilege_add, privilege_del = gen_add_del_lists(
- module.params_get("privilege"),
- res_find.get('memberof_privilege', []))
- if privilege_add:
- commands.append([name, "role_add_privilege",
- {"privilege": privilege_add}])
- if action == "role" and privilege_del:
- commands.append([name, "role_remove_privilege",
- {"privilege": privilege_del}])
+ _members = module.params_get_lowercase("privilege")
+ if _members:
+ add_list, del_list = gen_add_del_lists(
+ _members, get_lowercase(res_find, "memberof_privilege"))
+
+ if add_list:
+ commands.append([name, "role_add_privilege",
+ {"privilege": add_list}])
+ if action == "role" and del_list:
+ commands.append([name, "role_remove_privilege",
+ {"privilege": del_list}])
add_members = {}
del_members = {}
for key in ["user", "group", "hostgroup"]:
- add_list, del_list = gen_add_del_lists(
- module.params_get(key),
- res_find.get('member_%s' % key, [])
- )
- if add_list:
- add_members[key] = add_list
- if del_list:
- del_members[key] = [to_text(item) for item in del_list]
+ _members = module.params_get_lowercase(key)
+ if _members is not None:
+ add_list, del_list = gen_add_del_lists(
+ _members, get_lowercase(res_find, "member_%s" % key))
+ if add_list:
+ add_members[key] = add_list
+ if del_list:
+ del_members[key] = del_list
# ensure hosts are FQDN.
_members = get_member_host_with_fqdn_lowercase(module, "host")
--
GitLab