From da14fa29bb4418268bf5da1cf160e8ba75edb888 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 14 Jun 2019 17:26:12 +0200
Subject: [PATCH] ipaclient: Use omit (None) for password, keytab, no string
length checks
Password and keytab do not need to be set explicitely to an empty string
when they are not set. Also there is no need to have string length checks
in the role tasks.
---
roles/ipaclient/library/ipaclient_join.py | 7 +++----
roles/ipaclient/tasks/install.yml | 19 +++++++++----------
2 files changed, 12 insertions(+), 14 deletions(-)
diff --git a/roles/ipaclient/library/ipaclient_join.py b/roles/ipaclient/library/ipaclient_join.py
index 5b58858d..a11f3f25 100644
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -161,8 +161,7 @@ def main():
kinit_attempts = module.params.get('kinit_attempts')
debug = module.params.get('debug')
- if password is not None and password != "" and \
- keytab is not None and keytab != "":
+ if password is not None and keytab is not None:
module.fail_json(msg="Password and keytab cannot be used together")
client_domain = hostname[hostname.find(".")+1:]
@@ -174,7 +173,7 @@ def main():
options.ca_cert_file = ca_cert_file
options.unattended = True
- options.principal = principal if principal != "" else None
+ options.principal = principal
options.force = False
options.password = password
@@ -207,7 +206,7 @@ def main():
env['XMLRPC_TRACE_CURL'] = 'yes'
if force_join:
join_args.append("-f")
- if principal:
+ if principal is not None:
if principal.find('@') == -1:
principal = '%s@%s' % (principal, realm)
try:
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 0098af8b..74b3ea14 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -115,7 +115,7 @@
no_log: yes
ipaclient_get_otp:
state: present
- principal: "{{ ipaadmin_principal | default('admin') }}"
+ principal: "{{ ipaadmin_principal | default(omit) }}"
password: "{{ ipaadmin_password | default(omit) }}"
keytab: "{{ ipaadmin_keytab | default(omit) }}"
fqdn: "{{ result_ipaclient_test.hostname }}"
@@ -150,14 +150,13 @@
- name: Install - Check if principal and keytab are set
fail: msg="Principal and keytab cannot be used together"
- when: ipaadmin_principal is defined and ipaadmin_principal|length > 0
- and ipaclient_keytab is defined and ipaclient_keytab|length > 0
-
- - name: Install - Check if one of password and keytab are set
- fail: msg="At least one of password or keytab must be specified"
- when: not result_ipaclient_test_keytab.krb5_keytab_ok and
- (ipaadmin_password is undefined or ipaadmin_password|length == 0)
- and (ipaclient_keytab is undefined or ipaclient_keytab|length == 0)
+ when: ipaadmin_principal is defined and ipaclient_keytab is defined
+
+ - name: Install - Check if one of password or keytabs are set
+ fail: msg="At least one of password or keytabs must be specified"
+ when: not result_ipaclient_test_keytab.krb5_keytab_ok
+ and ipaadmin_password is undefined
+ and ipaclient_keytab is undefined
when: not ipaclient_on_master | bool
- name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
@@ -188,7 +187,7 @@
hostname: "{{ result_ipaclient_test.hostname }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and
- ipaclient_keytab is not defined else '' }}"
+ ipaclient_keytab is not defined else omit }}"
password: "{{ ipaadmin_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
# ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
--
GitLab