From c236fe3d62a3bcd6110f5e66784a1282b86a0dc9 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Wed, 29 Apr 2020 15:29:04 -0300
Subject: [PATCH] Fixes behavior of ipavault when no user, service or shared is
 given.

IPA CLI allows the creation of vaults without specifying user, service or a
shared vault, defaulting to create a user vault for the `admin` user. The
vault module, required that one of user, service or shared was explicitly
provided, and this patch makes the module behave like the CLI command.

Tests were added to reflect this change.
---
 README-vault.md             |  2 +-
 plugins/modules/ipavault.py |  1 -
 tests/vault/test_vault.yml  | 43 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/README-vault.md b/README-vault.md
index 9c0c833c..70e2fac4 100644
--- a/README-vault.md
+++ b/README-vault.md
@@ -181,8 +181,8 @@ Variable | Description | Required
 `vault_public_key` \| `ipavaultpublickey` | Vault public key. | no
 `vault_salt` \| `ipavaultsalt` | Vault salt. | no
 `vault_type` \| `ipavaulttype` | Vault types are based on security level. It can be one of `standard`, `symmetric` or `asymmetric`, default: `symmetric` | no
+`user` \| `username` | Any user can own one or more user vaults. | no
 `service` | Any service can own one or more service vaults. | no
-`user` | Any user can own one or more user vaults. | no
 `shared` | Vault is shared. Default to false. (bool) | no
 `users` | Users that are members of the vault. | no
 `groups` | Groups that are member of the vault. | no
diff --git a/plugins/modules/ipavault.py b/plugins/modules/ipavault.py
index d102202e..093cd425 100644
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -402,7 +402,6 @@ def main():
         ),
         supports_check_mode=True,
         mutually_exclusive=[['username', 'service', 'shared']],
-        required_one_of=[['username', 'service', 'shared']]
     )
 
     ansible_module._ansible_debug = True
diff --git a/tests/vault/test_vault.yml b/tests/vault/test_vault.yml
index 5b467f61..4f74f5e5 100644
--- a/tests/vault/test_vault.yml
+++ b/tests/vault/test_vault.yml
@@ -65,13 +65,54 @@
       shared: True
       state: absent
 
-  - name: Ensure service vaults are absent
+  - name: Ensure standard vault is absent
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      state: absent
+
+  - name: Ensure service vault is absent
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: svcvault
       service: "HTTP/{{ groups.ipaserver[0] }}"
       state: absent
 
+  # tests
+  - name: Ensure standard vault is present
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      vault_type: standard
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure standard vault is present, again
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      vault_type: standard
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure standard vault is absent
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      vault_type: standard
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure standard vault is absent, again
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      vault_type: standard
+      state: absent
+    register: result
+    failed_when: result.changed
+
   - name: Ensure symmetric vault is present
     ipavault:
       ipaadmin_password: SomeADMINpassword
-- 
GitLab