diff --git a/plugins/modules/ipasudocmdgroup.py b/plugins/modules/ipasudocmdgroup.py
index a5b0e4e4d0b3de6b3327be685756ff4731befde0..f1204fdb2ed08f1a491021a5bc3ac5a41f6ac836 100644
--- a/plugins/modules/ipasudocmdgroup.py
+++ b/plugins/modules/ipasudocmdgroup.py
@@ -50,10 +50,6 @@ options:
description: Suppress processing of membership attributes
required: false
type: bool
- sudocmdgroup:
- description: List of sudocmdgroup names assigned to this sudocmdgroup.
- required: false
- type: list
sudocmd:
description: List of sudocmds assigned to this sudocmdgroup.
required: false
@@ -113,22 +109,18 @@ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
gen_add_del_lists
+import ipalib
+
def find_sudocmdgroup(module, name):
- _args = {
- "all": True,
- "cn": to_text(name),
- }
-
- _result = api_command(module, "sudocmdgroup_find", to_text(name), _args)
-
- if len(_result["result"]) > 1:
- module.fail_json(
- msg="There is more than one sudocmdgroup '%s'" % (name))
- elif len(_result["result"]) == 1:
- return _result["result"][0]
- else:
+ args = {"all": True}
+
+ try:
+ _result = api_command(module, "sudocmdgroup_show", to_text(name), args)
+ except ipalib.errors.NotFound:
return None
+ else:
+ return _result["result"]
def gen_args(description, nomembers):
@@ -141,10 +133,10 @@ def gen_args(description, nomembers):
return _args
-def gen_member_args(sudocmdgroup):
+def gen_member_args(sudocmd):
_args = {}
- if sudocmdgroup is not None:
- _args["member_sudocmdgroup"] = sudocmdgroup
+ if sudocmd is not None:
+ _args["member_sudocmd"] = sudocmd
return _args
@@ -161,7 +153,6 @@ def main():
# present
description=dict(type="str", default=None),
nomembers=dict(required=False, type='bool', default=None),
- sudocmdgroup=dict(required=False, type='list', default=None),
sudocmd=dict(required=False, type='list', default=None),
action=dict(type="str", default="sudocmdgroup",
choices=["member", "sudocmdgroup"]),
@@ -184,7 +175,6 @@ def main():
# present
description = ansible_module.params.get("description")
nomembers = ansible_module.params.get("nomembers")
- sudocmdgroup = ansible_module.params.get("sudocmdgroup")
sudocmd = ansible_module.params.get("sudocmd")
action = ansible_module.params.get("action")
# state
@@ -258,28 +248,28 @@ def main():
if not compare_args_ipa(ansible_module, member_args,
res_find):
# Generate addition and removal lists
- sudocmdgroup_add, sudocmdgroup_del = \
+ sudocmd_add, sudocmd_del = \
gen_add_del_lists(
- sudocmdgroup,
- res_find.get("member_sudocmdgroup"))
+ sudocmd,
+ res_find.get("member_sudocmd"))
# Add members
- if len(sudocmdgroup_add) > 0:
+ if len(sudocmd_add) > 0:
commands.append([name, "sudocmdgroup_add_member",
{
"sudocmd": [to_text(c)
for c in
- sudocmdgroup_add]
+ sudocmd_add]
}
])
# Remove members
- if len(sudocmdgroup_del) > 0:
+ if len(sudocmd_del) > 0:
commands.append([name,
"sudocmdgroup_remove_member",
{
"sudocmd": [to_text(c)
for c in
- sudocmdgroup_del]
+ sudocmd_del]
}
])
elif action == "member":
diff --git a/tests/sudocmdgroup/test_sudocmdgroup.yml b/tests/sudocmdgroup/test_sudocmdgroup.yml
index ce149de64c848634b5ad80f080311c3c82b20c26..86b01f35610942634e201a9877baa270fff9bcb2 100644
--- a/tests/sudocmdgroup/test_sudocmdgroup.yml
+++ b/tests/sudocmdgroup/test_sudocmdgroup.yml
@@ -1,5 +1,4 @@
---
-
- name: Test sudocmdgroup
hosts: ipaserver
become: true
@@ -53,6 +52,52 @@
register: result
failed_when: result.changed
+ - name: Ensure sudocmdgroup is present, with sudocmds.
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ sudocmd:
+ - /usr/sbin/ifconfig
+ - /usr/sbin/iwlist
+ state: present
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure sudocmdgroup is present, with sudocmds, again.
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ sudocmd:
+ - /usr/sbin/ifconfig
+ - /usr/sbin/iwlist
+ state: present
+ register: result
+ failed_when: result.changed
+
+ - name: Verify sudocmdgroup creation with sudocmds
+ shell: |
+ echo SomeADMINpassword | kinit -c verify_sudocmdgroup admin
+ KRB5CCNAME="verify_sudocmdgroup" ipa sudocmdgroup-show network --all
+ kdestroy -A -q -c verify_sudocmdgroup
+ register: result
+ failed_when: result.failed or not("/usr/sbin/ifconfig" in result.stdout and "/usr/sbin/iwlist" in result.stdout)
+
+ - name: Ensure sudocmdgroup, with sudocmds, is absent
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure sudocmdgroup, with sudocmds, is absent again
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ state: absent
+ register: result
+ failed_when: result.changed
+
- name: Ensure testing sudocmdgroup is present
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword