diff --git a/plugins/modules/ipagroup.py b/plugins/modules/ipagroup.py
index 98204219394524783db7ee40c320a6cb211809b0..e16f978c862fcd5414b494e08f0728741761224c 100644
--- a/plugins/modules/ipagroup.py
+++ b/plugins/modules/ipagroup.py
@@ -181,6 +181,7 @@ EXAMPLES = """
RETURN = """
"""
+from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import \
IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, \
gen_add_list, gen_intersection_list
@@ -198,7 +199,14 @@ def find_group(module, name):
module.fail_json(
msg="There is more than one group '%s'" % (name))
elif len(_result["result"]) == 1:
- return _result["result"][0]
+ _res = _result["result"][0]
+ # The returned services are of type ipapython.kerberos.Principal,
+ # also services are not case sensitive. Therefore services are
+ # converted to lowercase strings to be able to do the comparison.
+ if "member_service" in _res:
+ _res["member_service"] = \
+ [to_text(svc).lower() for svc in _res["member_service"]]
+ return _res
return None
@@ -308,7 +316,8 @@ def main():
nomembers = ansible_module.params_get("nomembers")
user = ansible_module.params_get("user")
group = ansible_module.params_get("group")
- service = ansible_module.params_get("service")
+ # Services are not case sensitive
+ service = ansible_module.params_get_lowercase("service")
membermanager_user = ansible_module.params_get("membermanager_user")
membermanager_group = ansible_module.params_get("membermanager_group")
externalmember = ansible_module.params_get("externalmember")
diff --git a/tests/group/test_group.yml b/tests/group/test_group.yml
index eaf484f54e4f6061883fef7e1493bbf942d84b03..b5572512322253459b20cab78e59d5fa5634f9d0 100644
--- a/tests/group/test_group.yml
+++ b/tests/group/test_group.yml
@@ -5,6 +5,23 @@
gather_facts: false
tasks:
+ # setup
+ - include_tasks: ../env_freeipa_facts.yml
+
+ # GET DOMAIN AND REALM
+
+ - name: Get Domain from server name
+ set_fact:
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
+ when: ipaserver_domain is not defined
+
+ - name: Get Realm from server name
+ set_fact:
+ ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}"
+ when: ipaserver_realm is not defined
+
+ # CLEANUP TEST ITEMS
+
- name: Ensure users user1, user2 and user3 are absent
ipauser:
ipaadmin_password: SomeADMINpassword
@@ -19,6 +36,8 @@
name: group3,group2,group1
state: absent
+ # CREATE TEST ITEMS
+
- name: Ensure users user1..user3 are present
ipauser:
ipaadmin_password: SomeADMINpassword
@@ -36,6 +55,8 @@
register: result
failed_when: not result.changed or result.failed
+ # TESTS
+
- name: Ensure group1 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
@@ -119,6 +140,156 @@
register: result
failed_when: result.changed or result.failed
+ # service
+
+ - block:
+
+ - name: Ensure service "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is present in group group1
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure service "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is present in group group1, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure service "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is present in group group1
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure service "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is present in group group1, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure service "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is absent in group group1
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure service "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is absent in group group1, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure service "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is absent in group group1
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure service "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}" is absent in group group1, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure services are present in group group1
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ - "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure services are present in group group1, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'http/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ - "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure services are absent in group group1
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ - "{{ 'LDAP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure services are absent in group group1, again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
+ name: group1
+ service:
+ - "{{ 'HTTP/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ - "{{ 'ldap/ipaserver.' + ipaserver_domain + '@' + ipaserver_realm }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
+ when: ipa_version is version('4.7.0', '>=')
+
+ # user
+
- name: Ensure users user1, user2 and user3 are present in group group1
ipagroup:
ipaadmin_password: SomeADMINpassword
@@ -297,6 +468,8 @@
register: result
failed_when: not result.changed or result.failed
+ # CLEANUP TEST ITEMS
+
- name: Ensure group group3, group2 and group1 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword