From b8488cb933ef3527972db21bd63b199f9c384e5c Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 19 Aug 2021 17:40:38 +0200
Subject: [PATCH] hbacrule: Create FQDN from single hostnames

Single hostnames can be used for hbacrule_add_host and will match fqdn
in IPA internally. Simple host names have to be extended to be FQDN to
be able to compare them for _host_add and _host_remove.

Two new functions have been added to ansible_freeipa_module:

- api_get_domain - Get the domain from the api
- ensure_fqdn - Extend a single name with the domain

This fixes #617 - hbacrule_add_host: already a member
---
 .../module_utils/ansible_freeipa_module.py    |  8 +++++++
 plugins/modules/ipahbacrule.py                | 11 +++++++++-
 tests/hbacrule/test_hbacrule.yml              | 22 +++++++++++++++++++
 3 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 71ce4063..c31f30af 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -370,6 +370,14 @@ else:
     def module_params_get(module, name):
         return _afm_convert(module.params.get(name))
 
+    def api_get_domain():
+        return api.env.domain
+
+    def ensure_fqdn(name, domain):
+        if "." not in name:
+            return "%s.%s" % (name, domain)
+        return name
+
     def api_get_realm():
         return api.env.realm
 
diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
index 010f68a9..d81112f6 100644
--- a/plugins/modules/ipahbacrule.py
+++ b/plugins/modules/ipahbacrule.py
@@ -159,7 +159,8 @@ RETURN = """
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
     temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
-    module_params_get, gen_add_del_lists, gen_add_list, gen_intersection_list
+    module_params_get, gen_add_del_lists, gen_add_list, \
+    gen_intersection_list, api_get_domain, ensure_fqdn
 
 
 def find_hbacrule(module, name):
@@ -325,6 +326,14 @@ def main():
                                                  ipaadmin_password)
         api_connect()
 
+        # Get default domain
+        default_domain = api_get_domain()
+
+        # Ensure fqdn host names, use default domain for simple names
+        if host is not None:
+            _host = [ensure_fqdn(x, default_domain) for x in host]
+            host = _host
+
         commands = []
 
         for name in names:
diff --git a/tests/hbacrule/test_hbacrule.yml b/tests/hbacrule/test_hbacrule.yml
index 6e1d4aef..e93a74dc 100644
--- a/tests/hbacrule/test_hbacrule.yml
+++ b/tests/hbacrule/test_hbacrule.yml
@@ -580,6 +580,28 @@
     register: result
     failed_when: result.changed or result.failed
 
+  # ENSURE SIMPLE HOSTNAMES MATCH
+
+  - name: Ensure HBAC rule hbacrule01 simple host members are usable
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: hbacrule01
+      host:
+      - "testhost01"
+      - "testhost03"
+    register: result
+    failed_when: not result.changed or result.failed
+
+  - name: Ensure HBAC rule hbacrule01 simple host members are usable again (and match)
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: hbacrule01
+      host:
+      - "testhost01"
+      - "testhost03"
+    register: result
+    failed_when: result.changed or result.failed
+
   # CLEANUP TEST ITEMS
 
   - name: Ensure test HBAC rule hbacrule01 is absent
-- 
GitLab