From e30bcfd876bec39c8cd2c2fe0806c917eda04cfe Mon Sep 17 00:00:00 2001 From: Thomas Woerner <twoerner@redhat.com> Date: Wed, 23 Feb 2022 15:17:08 +0100 Subject: [PATCH] ipaconfig: Set allow_empty_string for user_auth_type, pac_type, configstring The parameters user_auth_type, pac_type and configstring are allowing to use "" to reset to the default value or for configstring to set an empty list. The new check in params_get is not allowing to use empty strings in lists, therefore allow_empty_string=True had to be added to the call. A test has been added to verify that the empty strings are supported and working. Additionally empty pac_type, user_auth_type and domain_resolution_order have been added to exit_args as if they have not been set. --- plugins/modules/ipaconfig.py | 15 +- .../test_config_empty_string_params.yml | 143 ++++++++++++++++++ 2 files changed, 157 insertions(+), 1 deletion(-) create mode 100644 tests/config/test_config_empty_string_params.yml diff --git a/plugins/modules/ipaconfig.py b/plugins/modules/ipaconfig.py index 2a155bdf..f7901f2c 100644 --- a/plugins/modules/ipaconfig.py +++ b/plugins/modules/ipaconfig.py @@ -346,11 +346,13 @@ def main(): "ca_renewal_master_server": "ca_renewal_master_server", "domain_resolution_order": "ipadomainresolutionorder" } + allow_empty_string = ["pac_type", "user_auth_type", "configstring"] reverse_field_map = {v: k for k, v in field_map.items()} params = {} for x in field_map: - val = ansible_module.params_get(x) + val = ansible_module.params_get( + x, allow_empty_string=(x in allow_empty_string)) if val is not None: params[field_map.get(x, x)] = val @@ -401,6 +403,10 @@ def main(): k: v for k, v in params.items() if k not in result or result[k] != v } + # Remove empty string args from params if result arg is not set + for k in ["ipakrbauthzdata", "ipauserauthtype", "ipaconfigstring"]: + if k not in result and k in params and params[k] == [""]: + del params[k] if params \ and not compare_args_ipa(ansible_module, params, result): changed = True @@ -441,6 +447,13 @@ def main(): raise ValueError( "Unexpected attribute type: %s" % arg_type) exit_args[k] = type_map[arg_type](value) + # Add empty pac_type and user_auth_type if they are not set + for key in ["pac_type", "user_auth_type"]: + if key not in exit_args: + exit_args[key] = "" + # Add empty domain_resolution_order if it is not set + if "domain_resolution_order" not in exit_args: + exit_args["domain_resolution_order"] = [] # Done ansible_module.exit_json(changed=changed, config=exit_args) diff --git a/tests/config/test_config_empty_string_params.yml b/tests/config/test_config_empty_string_params.yml new file mode 100644 index 00000000..5329c203 --- /dev/null +++ b/tests/config/test_config_empty_string_params.yml @@ -0,0 +1,143 @@ +--- +- name: Test config + hosts: "{{ ipa_test_host | default('ipaserver') }}" + become: yes + gather_facts: no + + tasks: + + # GET CURRENT CONFIG + + - name: Return current values of the global configuration options + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + register: previousconfig + + - name: Ensure config with empty pac_type, user_auth_type and configstring + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + pac_type: "" + user_auth_type: "" + configstring: "" + + # TESTS + + - name: Ensure config with pac_type "nfs:NONE" and PAD + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + pac_type: + - "nfs:NONE" + - PAD + register: result + failed_when: not result.changed or result.failed + + - name: Ensure config with pac_type "nfs:NONE" and PAD, again + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + pac_type: + - "nfs:NONE" + - PAD + register: result + failed_when: result.changed or result.failed + + - name: Ensure config with empty pac_type + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + pac_type: "" + register: result + failed_when: not result.changed or result.failed + + - name: Ensure config with empty pac_type, again + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + pac_type: "" + register: result + failed_when: result.changed or result.failed + + - name: Ensure config with user_auth_type otp and radius + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + user_auth_type: + - otp + - radius + register: result + failed_when: not result.changed or result.failed + + - name: Ensure config with user_auth_type otp and radius, again + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + user_auth_type: + - otp + - radius + register: result + failed_when: result.changed or result.failed + + - name: Ensure config with empty user_auth_type + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + user_auth_type: "" + register: result + failed_when: not result.changed or result.failed + + - name: Ensure config with empty user_auth_type, again + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + user_auth_type: "" + register: result + failed_when: result.changed or result.failed + + - name: Ensure config with configstring AllowNThash and "KDC:Disable Lockout" + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + configstring: + - AllowNThash + - "KDC:Disable Lockout" + register: result + failed_when: not result.changed or result.failed + + - name: Ensure config with configstring AllowNThash and "KDC:Disable Lockout", again + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + configstring: + - AllowNThash + - "KDC:Disable Lockout" + register: result + failed_when: result.changed or result.failed + + - name: Ensure config with empty configstring + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + configstring: "" + register: result + failed_when: not result.changed or result.failed + + - name: Ensure config with empty configstring, again + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + configstring: "" + register: result + failed_when: result.changed or result.failed + + # REVERT TO PREVIOUS CONFIG + + - name: Reset to previous pac_type and user_auth_type + ipaconfig: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + pac_type: '{{ previousconfig.config.pac_type }}' + user_auth_type: '{{ previousconfig.config.user_auth_type }}' + configstring: '{{ previousconfig.config.configstring }}' -- GitLab