diff --git a/plugins/modules/ipasudocmdgroup.py b/plugins/modules/ipasudocmdgroup.py
index a5b0e4e4d0b3de6b3327be685756ff4731befde0..9d9ce674495fc8eb66228905c61e465a3e25e860 100644
--- a/plugins/modules/ipasudocmdgroup.py
+++ b/plugins/modules/ipasudocmdgroup.py
@@ -113,22 +113,18 @@ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
gen_add_del_lists
+import ipalib
+
def find_sudocmdgroup(module, name):
- _args = {
- "all": True,
- "cn": to_text(name),
- }
-
- _result = api_command(module, "sudocmdgroup_find", to_text(name), _args)
-
- if len(_result["result"]) > 1:
- module.fail_json(
- msg="There is more than one sudocmdgroup '%s'" % (name))
- elif len(_result["result"]) == 1:
- return _result["result"][0]
- else:
+ args = {"all": True}
+
+ try:
+ _result = api_command(module, "sudocmdgroup_show", to_text(name), args)
+ except ipalib.errors.NotFound:
return None
+ else:
+ return _result["result"]
def gen_args(description, nomembers):
@@ -141,10 +137,10 @@ def gen_args(description, nomembers):
return _args
-def gen_member_args(sudocmdgroup):
+def gen_member_args(sudocmd):
_args = {}
- if sudocmdgroup is not None:
- _args["member_sudocmdgroup"] = sudocmdgroup
+ if sudocmd is not None:
+ _args["member_sudocmd"] = sudocmd
return _args
@@ -258,28 +254,28 @@ def main():
if not compare_args_ipa(ansible_module, member_args,
res_find):
# Generate addition and removal lists
- sudocmdgroup_add, sudocmdgroup_del = \
+ sudocmd_add, sudocmd_del = \
gen_add_del_lists(
- sudocmdgroup,
- res_find.get("member_sudocmdgroup"))
+ sudocmd,
+ res_find.get("member_sudocmd"))
# Add members
- if len(sudocmdgroup_add) > 0:
+ if len(sudocmd_add) > 0:
commands.append([name, "sudocmdgroup_add_member",
{
"sudocmd": [to_text(c)
for c in
- sudocmdgroup_add]
+ sudocmd_add]
}
])
# Remove members
- if len(sudocmdgroup_del) > 0:
+ if len(sudocmd_del) > 0:
commands.append([name,
"sudocmdgroup_remove_member",
{
"sudocmd": [to_text(c)
for c in
- sudocmdgroup_del]
+ sudocmd_del]
}
])
elif action == "member":
diff --git a/tests/sudocmdgroup/test_sudocmdgroup.yml b/tests/sudocmdgroup/test_sudocmdgroup.yml
index ce149de64c848634b5ad80f080311c3c82b20c26..0b039d3aae1c844d76a06bc17d15233a7a86034a 100644
--- a/tests/sudocmdgroup/test_sudocmdgroup.yml
+++ b/tests/sudocmdgroup/test_sudocmdgroup.yml
@@ -1,5 +1,4 @@
---
-
- name: Test sudocmdgroup
hosts: ipaserver
become: true
@@ -53,6 +52,57 @@
register: result
failed_when: result.changed
+ - name: Ensure sudocmdgroup is present, with sudocmds.
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ sudocmd:
+ - /usr/sbin/ifconfig
+ - /usr/sbin/iwlist
+ state: present
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure sudocmdgroup is present, with sudocmds, again.
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ sudocmd:
+ - /usr/sbin/ifconfig
+ - /usr/sbin/iwlist
+ state: present
+ register: result
+ failed_when: result.changed
+
+ - name: Verify sudocmdgroup creation with sudocmds
+ block:
+ - name: Get Kerberos ticket for `admin`.
+ shell: echo SomeADMINpassword | kinit -c test_sudocmdgroup_krb5ccname admin
+
+ - name: Check sudocmdgroup-show output.
+ shell: ipa sudocmdgroup-show network --all
+ register: result
+ failed_when: result.failed or not("/usr/sbin/ifconfig" in result.stdout and "/usr/sbin/iwlist" in result.stdout)
+
+ - name: Destroy Kerberos tickets.
+ shell: kdestroy -A -q -c test_sudocmdgroup_krb5ccname
+
+ - name: Ensure sudocmdgroup, with sudocmds, is absent
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure sudocmdgroup, with sudocmds, is absent again
+ ipasudocmdgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: network
+ state: absent
+ register: result
+ failed_when: result.changed
+
- name: Ensure testing sudocmdgroup is present
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword