From c8d5cb7ee2a3b4d9550a08dd231c9020fa5ccc18 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Wed, 29 Jun 2022 18:54:04 -0300
Subject: [PATCH] Fix handling of boolean values for FreeIPA 4.9.10+
FreeIPA 4.9.10+ and 4.10 use proper mapping for boolean values, and
only searching for "TRUE" does not work anymore.
This patch fix ipadnszone plugin and IPAParamMapping class handling
of boolean values.
---
plugins/module_utils/ansible_freeipa_module.py | 5 ++++-
plugins/modules/ipaconfig.py | 6 +++++-
plugins/modules/ipadnsforwardzone.py | 8 +++++++-
plugins/modules/ipadnszone.py | 6 +++++-
plugins/modules/ipahbacrule.py | 18 +++++++++++++-----
plugins/modules/ipasudorule.py | 16 ++++++++++++----
6 files changed, 46 insertions(+), 13 deletions(-)
diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 82f48e85..862aaabb 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -845,7 +845,10 @@ else:
# Check if param_name is actually a param
if param_name in self.ansible_module.params:
value = self.ansible_module.params_get(param_name)
- if isinstance(value, bool):
+ if (
+ self.ansible_module.ipa_check_version("<", "4.9.10")
+ and isinstance(value, bool)
+ ):
value = "TRUE" if value else "FALSE"
# Since param wasn't a param check if it's a method name
diff --git a/plugins/modules/ipaconfig.py b/plugins/modules/ipaconfig.py
index f7901f2c..6731e37d 100644
--- a/plugins/modules/ipaconfig.py
+++ b/plugins/modules/ipaconfig.py
@@ -441,7 +441,11 @@ def main():
elif (
isinstance(value, (tuple, list)) and arg_type == "bool"
):
- exit_args[k] = (value[0] == "TRUE")
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ exit_args[k] = (str(value[0]).upper() == "TRUE")
else:
if arg_type not in type_map:
raise ValueError(
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
index 99aa226d..f4c6c634 100644
--- a/plugins/modules/ipadnsforwardzone.py
+++ b/plugins/modules/ipadnsforwardzone.py
@@ -344,7 +344,13 @@ def main():
if state in ['enabled', 'disabled']:
if existing_resource is not None:
- is_enabled = existing_resource["idnszoneactive"][0]
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ is_enabled = (
+ str(existing_resource["idnszoneactive"][0]).upper()
+ )
else:
ansible_module.fail_json(
msg="dnsforwardzone '%s' not found." % (name))
diff --git a/plugins/modules/ipadnszone.py b/plugins/modules/ipadnszone.py
index ae9b7516..d64e6e0a 100644
--- a/plugins/modules/ipadnszone.py
+++ b/plugins/modules/ipadnszone.py
@@ -418,7 +418,11 @@ class DNSZoneModule(IPAAnsibleModule):
is_zone_active = False
else:
zone = response["result"]
- is_zone_active = "TRUE" in zone.get("idnszoneactive")
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for boolean vaalues.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ is_zone_active = (
+ str(zone.get("idnszoneactive")[0]).upper() == "TRUE"
+ )
return zone, is_zone_active
diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
index 002004ad..f1e0a5c4 100644
--- a/plugins/modules/ipahbacrule.py
+++ b/plugins/modules/ipahbacrule.py
@@ -472,18 +472,26 @@ def main():
# hbacrule_enable is not failing on an enabled hbacrule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "TRUE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "TRUE":
commands.append([name, "hbacrule_enable", {}])
elif state == "disabled":
if res_find is None:
ansible_module.fail_json(msg="No hbacrule '%s'" % name)
- # hbacrule_disable is not failing on an disabled hbacrule
+ # hbacrule_disable is not failing on an enabled hbacrule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "FALSE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "FALSE":
commands.append([name, "hbacrule_disable", {}])
else:
diff --git a/plugins/modules/ipasudorule.py b/plugins/modules/ipasudorule.py
index 7d6cd860..fd3671ed 100644
--- a/plugins/modules/ipasudorule.py
+++ b/plugins/modules/ipasudorule.py
@@ -656,8 +656,12 @@ def main():
# sudorule_enable is not failing on an enabled sudorule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "TRUE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "TRUE":
commands.append([name, "sudorule_enable", {}])
elif state == "disabled":
@@ -666,8 +670,12 @@ def main():
# sudorule_disable is not failing on an disabled sudorule
# Therefore it is needed to have a look at the ipaenabledflag
# in res_find.
- if "ipaenabledflag" not in res_find or \
- res_find["ipaenabledflag"][0] != "FALSE":
+ # FreeIPA 4.9.10+ and 4.10 use proper mapping for
+ # boolean values, so we need to convert it to str
+ # for comparison.
+ # See: https://github.com/freeipa/freeipa/pull/6294
+ enabled_flag = str(res_find.get("ipaenabledflag", [False])[0])
+ if enabled_flag.upper() != "FALSE":
commands.append([name, "sudorule_disable", {}])
else:
--
GitLab