diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 82f48e85a21db7704e0e236eb7ec30f59c438a27..862aaabb33e8945e0ce792b269a25d0e1aa6b258 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -845,7 +845,10 @@ else:
# Check if param_name is actually a param
if param_name in self.ansible_module.params:
value = self.ansible_module.params_get(param_name)
- if isinstance(value, bool):
+ if (
+ self.ansible_module.ipa_check_version("<", "4.9.10")
+ and isinstance(value, bool)
+ ):
value = "TRUE" if value else "FALSE"
# Since param wasn't a param check if it's a method name
diff --git a/plugins/modules/ipaconfig.py b/plugins/modules/ipaconfig.py
index f7901f2c23817c5016f832f86158db205875226b..6731e37df6bfdc71049c5c986c747294b3db82c7 100644
--- a/plugins/modules/ipaconfig.py
+++ b/plugins/modules/ipaconfig.py
@@ -441,7 +441,11 @@ def main():
elif (
isinstance(value, (tuple, list)) and arg_type == "bool"
):
- exit_args[k] = (value[0] == "TRUE")
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ exit_args[k] = (str(value[0]).upper() == "TRUE")
else:
if arg_type not in type_map:
raise ValueError(
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
index 99aa226da9d37656f47554e1d119fd2030829077..f4c6c634c5f45fbc3fdae564f2b52102b2d028cb 100644
--- a/plugins/modules/ipadnsforwardzone.py
+++ b/plugins/modules/ipadnsforwardzone.py
@@ -344,7 +344,13 @@ def main():
if state in ['enabled', 'disabled']:
if existing_resource is not None:
- is_enabled = existing_resource["idnszoneactive"][0]
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ is_enabled = (
+ str(existing_resource["idnszoneactive"][0]).upper()
+ )
else:
ansible_module.fail_json(
msg="dnsforwardzone '%s' not found." % (name))
diff --git a/plugins/modules/ipadnszone.py b/plugins/modules/ipadnszone.py
index ae9b75163cb4470f968744619fe672c7cf9d0352..d64e6e0ad2e6f44cb1bb4a2e1a97c0235f07a09f 100644
--- a/plugins/modules/ipadnszone.py
+++ b/plugins/modules/ipadnszone.py
@@ -418,7 +418,11 @@ class DNSZoneModule(IPAAnsibleModule):
is_zone_active = False
else:
zone = response["result"]
- is_zone_active = "TRUE" in zone.get("idnszoneactive")
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for boolean vaalues.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ is_zone_active = (
+ str(zone.get("idnszoneactive")[0]).upper() == "TRUE"
+ )
return zone, is_zone_active
diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
index 002004ad23f67be1e89048bda72bb78c56bc5006..f1e0a5c49500f4d2f0d55c7290a666b99dce18f7 100644
--- a/plugins/modules/ipahbacrule.py
+++ b/plugins/modules/ipahbacrule.py
@@ -472,18 +472,26 @@ def main():
# hbacrule_enable is not failing on an enabled hbacrule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "TRUE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "TRUE":
commands.append([name, "hbacrule_enable", {}])
elif state == "disabled":
if res_find is None:
ansible_module.fail_json(msg="No hbacrule '%s'" % name)
- # hbacrule_disable is not failing on an disabled hbacrule
+ # hbacrule_disable is not failing on an enabled hbacrule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "FALSE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "FALSE":
commands.append([name, "hbacrule_disable", {}])
else:
diff --git a/plugins/modules/ipasudorule.py b/plugins/modules/ipasudorule.py
index 7d6cd860c6b2cebf294100f24826a30ddc0735a1..fd3671edbbf56eb44c8cce42cf2b592d006cde58 100644
--- a/plugins/modules/ipasudorule.py
+++ b/plugins/modules/ipasudorule.py
@@ -656,8 +656,12 @@ def main():
# sudorule_enable is not failing on an enabled sudorule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "TRUE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "TRUE":
commands.append([name, "sudorule_enable", {}])
elif state == "disabled":
@@ -666,8 +670,12 @@ def main():
# sudorule_disable is not failing on an disabled sudorule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "FALSE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "FALSE":
commands.append([name, "sudorule_disable", {}])
else: