ipaclient: Use omit (None) for password, keytab, no string length checks

Password and keytab do not need to be set explicitely to an empty string when they are not set. Also there is no need to have string length checks in the role tasks.

ipaclient: Use omit (None) for password, keytab, no string length checks
da14fa29 · Thomas Woerner · 813d5bbf · da14fa29 · da14fa29
Commit da14fa29 authored 5 years ago by Thomas Woerner
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -161,8 +161,7 @@ def main():
    kinit_attempts = module.params.get('kinit_attempts')
    debug = module.params.get('debug')
-    if password is not None and password != "" and \
+    if password is not None and keytab is not None:
-       keytab is not None and keytab != "":
        module.fail_json(msg="Password and keytab cannot be used together")
    client_domain = hostname[hostname.find(".")+1:]
@@ -174,7 +173,7 @@ def main():
    options.ca_cert_file = ca_cert_file
    options.unattended = True
-    options.principal = principal if principal != "" else None
+    options.principal = principal
    options.force = False
    options.password = password
@@ -207,7 +206,7 @@ def main():
            env['XMLRPC_TRACE_CURL'] = 'yes'
        if force_join:
            join_args.append("-f")
-        if principal:
+        if principal is not None:
            if principal.find('@') == -1:
                principal = '%s@%s' % (principal, realm)
            try:

--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -115,7 +115,7 @@
      no_log: yes
      ipaclient_get_otp:
        state: present
-        principal: "{{ ipaadmin_principal | default('admin') }}"
+        principal: "{{ ipaadmin_principal | default(omit) }}"
        password: "{{ ipaadmin_password | default(omit) }}"
        keytab: "{{ ipaadmin_keytab | default(omit) }}"
        fqdn: "{{ result_ipaclient_test.hostname }}"
@@ -150,14 +150,13 @@
    - name: Install - Check if principal and keytab are set
      fail: msg="Principal and keytab cannot be used together"
-      when: ipaadmin_principal is defined and ipaadmin_principal|length > 0
+      when: ipaadmin_principal is defined and ipaclient_keytab is defined
-            and ipaclient_keytab is defined and ipaclient_keytab|length > 0
+    - name: Install - Check if one of password or keytabs are set
-    - name: Install - Check if one of password and keytab are set
+      fail: msg="At least one of password or keytabs must be specified"
-      fail: msg="At least one of password or keytab must be specified"
+      when: not result_ipaclient_test_keytab.krb5_keytab_ok
-      when: not result_ipaclient_test_keytab.krb5_keytab_ok and
+            and ipaadmin_password is undefined
-            (ipaadmin_password is undefined or ipaadmin_password|length == 0)
+            and ipaclient_keytab is undefined
-            and (ipaclient_keytab is undefined or ipaclient_keytab|length == 0)
    when: not ipaclient_on_master | bool
  - name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
@@ -188,7 +187,7 @@
      hostname: "{{ result_ipaclient_test.hostname }}"
      force_join: "{{ ipaclient_force_join | default(omit) }}"
      principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and
-                     ipaclient_keytab is not defined else '' }}"
+                     ipaclient_keytab is not defined else omit }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      keytab: "{{ ipaclient_keytab | default(omit) }}"
      # ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"