Merge pull request #851 from rjeffman/dnszone_fix_bool_behavior

Fix handling of boolean values for FreeIPA 4.9.10+

plugins/module_utils/ansible_freeipa_module.py

@@ -88,9 +88,15 @@ else:
                 """
                 Split a version string A.B.C, into a tuple.
 
-                This will not work for `rc`, `dev` or similar version string.
+                This will not work for `rc`, `dev` or similar.
                 """
-                return tuple(re.split("[-_.]", version_str))  # noqa: W605
+                try:
+                    _version = tuple(
+                        (int(x) for x in re.split("[-_.]", version_str))
+                    )
+                except ValueError:
+                    _version = tuple(re.split("[-_.]", version_str))
+                return _version
 
     from ipalib import api
     from ipalib import errors as ipalib_errors  # noqa
@@ -866,7 +872,10 @@ else:
                 # Check if param_name is actually a param
                 if param_name in self.ansible_module.params:
                     value = self.ansible_module.params_get(param_name)
-                    if isinstance(value, bool):
+                    if (
+                        self.ansible_module.ipa_check_version("<", "4.9.10")
+                        and isinstance(value, bool)
+                    ):
                         value = "TRUE" if value else "FALSE"
 
                 # Since param wasn't a param check if it's a method name

plugins/modules/ipaconfig.py

@@ -441,7 +441,11 @@ def main():
                     elif (
                         isinstance(value, (tuple, list)) and arg_type == "bool"
                     ):
-                        exit_args[k] = (value[0] == "TRUE")
+                        # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+                        # boolean values, so we need to convert it to str
+                        # for comparison.
+                        # See: https://github.com/freeipa/freeipa/pull/6294
+                        exit_args[k] = (str(value[0]).upper() == "TRUE")
                     else:
                         if arg_type not in type_map:
                             raise ValueError(

plugins/modules/ipadnsforwardzone.py

@@ -344,7 +344,13 @@ def main():
 
             if state in ['enabled', 'disabled']:
                 if existing_resource is not None:
-                    is_enabled = existing_resource["idnszoneactive"][0]
+                    # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+                    # boolean values, so we need to convert it to str
+                    # for comparison.
+                    # See: https://github.com/freeipa/freeipa/pull/6294
+                    is_enabled = (
+                        str(existing_resource["idnszoneactive"][0]).upper()
+                    )
                 else:
                     ansible_module.fail_json(
                         msg="dnsforwardzone '%s' not found." % (name))

plugins/modules/ipadnszone.py

@@ -418,7 +418,11 @@ class DNSZoneModule(IPAAnsibleModule):
             is_zone_active = False
         else:
             zone = response["result"]
-            is_zone_active = "TRUE" in zone.get("idnszoneactive")
+            # FreeIPA 4.9.10+ and 4.10 use proper mapping for boolean vaalues.
+            # See: https://github.com/freeipa/freeipa/pull/6294
+            is_zone_active = (
+                str(zone.get("idnszoneactive")[0]).upper() == "TRUE"
+            )
 
         return zone, is_zone_active
 

plugins/modules/ipahbacrule.py

@@ -472,18 +472,26 @@ def main():
                 # hbacrule_enable is not failing on an enabled hbacrule
                 # Therefore it is needed to have a look at the ipaenabledflag
                 # in res_find.
-                if "ipaenabledflag" not in res_find or \
-                   res_find["ipaenabledflag"][0] != "TRUE":
+                # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+                # boolean values, so we need to convert it to str
+                # for comparison.
+                # See: https://github.com/freeipa/freeipa/pull/6294
+                enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+                if enabled_flag.upper() != "TRUE":
                     commands.append([name, "hbacrule_enable", {}])
 
             elif state == "disabled":
                 if res_find is None:
                     ansible_module.fail_json(msg="No hbacrule '%s'" % name)
-                # hbacrule_disable is not failing on an disabled hbacrule
+                # hbacrule_disable is not failing on an enabled hbacrule
                 # Therefore it is needed to have a look at the ipaenabledflag
                 # in res_find.
-                if "ipaenabledflag" not in res_find or \
-                   res_find["ipaenabledflag"][0] != "FALSE":
+                # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+                # boolean values, so we need to convert it to str
+                # for comparison.
+                # See: https://github.com/freeipa/freeipa/pull/6294
+                enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+                if enabled_flag.upper() != "FALSE":
                     commands.append([name, "hbacrule_disable", {}])
 
             else:

plugins/modules/ipasudorule.py

@@ -656,8 +656,12 @@ def main():
                 # sudorule_enable is not failing on an enabled sudorule
                 # Therefore it is needed to have a look at the ipaenabledflag
                 # in res_find.
-                if "ipaenabledflag" not in res_find or \
-                   res_find["ipaenabledflag"][0] != "TRUE":
+                # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+                # boolean values, so we need to convert it to str
+                # for comparison.
+                # See: https://github.com/freeipa/freeipa/pull/6294
+                enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+                if enabled_flag.upper() != "TRUE":
                     commands.append([name, "sudorule_enable", {}])
 
             elif state == "disabled":
@@ -666,8 +670,12 @@ def main():
                 # sudorule_disable is not failing on an disabled sudorule
                 # Therefore it is needed to have a look at the ipaenabledflag
                 # in res_find.
-                if "ipaenabledflag" not in res_find or \
-                   res_find["ipaenabledflag"][0] != "FALSE":
+                # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+                # boolean values, so we need to convert it to str
+                # for comparison.
+                # See: https://github.com/freeipa/freeipa/pull/6294
+                enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+                if enabled_flag.upper() != "FALSE":
                     commands.append([name, "sudorule_disable", {}])
 
             else:

tests/pytests/dnszone/test_dnszone.py

@@ -64,18 +64,26 @@ class TestDNSZone(AnsibleFreeIPATestCase):
     def test_dnszone_disable(self):
         """TC-30: Disable DNS Zone."""
         zone26 = "26testzone.test"
-        self.check_details(["Active zone: TRUE"], "dnszone-find", [zone26])
+        self.check_details(
+            ["Active zone: (TRUE|True)"], "dnszone-find", [zone26]
+        )
         # Disable dns zone
         self.run_playbook(BASE_PATH + "dnszone_disable.yaml")
-        self.check_details(["Active zone: FALSE"], "dnszone-find", [zone26])
+        self.check_details(
+            ["Active zone: (FALSE|False)"], "dnszone-find", [zone26]
+        )
 
     def test_dnszone_enable(self):
         """TC-31: Enable DNS Zone."""
         zone26 = "26testzone.test"
-        self.check_details(["Active zone: FALSE"], "dnszone-find", [zone26])
+        self.check_details(
+            ["Active zone: (FALSE|False)"], "dnszone-find", [zone26]
+        )
         # Enable dns zone
         self.run_playbook(BASE_PATH + "dnszone_enable.yaml")
-        self.check_details(["Active zone: TRUE"], "dnszone-find", [zone26])
+        self.check_details(
+            ["Active zone: (TRUE|True)"], "dnszone-find", [zone26]
+        )
 
     def test_dnszone_name_from_ip(self):
         """TC-35: Add dns zone with reverse zone IP. Bug#1845056."""

tests/utils.py

@@ -21,6 +21,7 @@
 
 import os
 import pytest
+import re
 import subprocess
 import tempfile
 import testinfra
@@ -314,6 +315,10 @@ class AnsibleFreeIPATestCase(TestCase):
             expected_msg in result.stderr.decode("utf8")
         )
 
+    @staticmethod
+    def __is_text_on_data(text, data):
+        return re.search(text, data) is not None
+
     def check_details(self, expected_output, cmd, extra_cmds=None):
         cmd = "ipa " + cmd
         if extra_cmds:
@@ -322,10 +327,16 @@ class AnsibleFreeIPATestCase(TestCase):
         res = self.master.run(cmd)
         if res.rc != 0:
             for output in expected_output:
-                assert output in res.stderr
+                assert self.__is_text_on_data(output, res.stderr), (
+                    f"\n{'='*40}\nExpected: {output}\n{'='*40}\n"
+                    + f"Output:\n{res.stderr}{'='*40}\n"
+                )
         else:
             for output in expected_output:
-                assert output in res.stdout
+                assert self.__is_text_on_data(output, res.stdout), (
+                    f"\n{'='*40}\nExpected: {output}\n{'='*40}\n"
+                    + f"Output:\n{res.stdout}{'='*40}\n"
+                )
         kdestroy(self.master)
 
     def check_notexists(self, members, cmd, extra_cmds=None):
@@ -335,7 +346,10 @@ class AnsibleFreeIPATestCase(TestCase):
         kinit_admin(self.master)
         res = self.master.run(cmd)
         for member in members:
-            assert member not in res.stdout
+            assert not self.__is_text_on_data(member, res.stdout), (
+                f"\n{'='*40}\nExpected: {member}\n{'='*40}\n"
+                + f"Output:\n{res.stdout}{'='*40}\n"
+            )
         kdestroy(self.master)
 
     def mark_xfail_using_ansible_freeipa_version(self, version, reason):