From e6da214bfb94ca50ef649716ad46fc7343717a3d Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Fri, 2 Sep 2022 11:49:50 -0300
Subject: [PATCH] ipabackup: Fix order of ipabackup_name parameter evaluation.

When performing a backup with 'state:present', if 'ipabackup_name' is
provided, the backup will be performed, but the role with return an
error since 'ipabackup_name' should not be set for this state.

This patch moves the parameter evaluation to be performed before the
actual backup is performed, so that the backup is not performed and an
error is reported.
---
 roles/ipabackup/tasks/main.yml    | 12 ++++++------
 tests/backup_role/test_backup.yml | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/roles/ipabackup/tasks/main.yml b/roles/ipabackup/tasks/main.yml
index 148913f7..1ae6b281 100644
--- a/roles/ipabackup/tasks/main.yml
+++ b/roles/ipabackup/tasks/main.yml
@@ -26,6 +26,12 @@
   fail: msg="ipabackup_from_controller and ipabackup_to_controller are set"
   when: ipabackup_from_controller | bool and ipabackup_to_controller | bool
 
+- name: Fail for given ipabackup_name if state is not copied, restored or absent
+  fail: msg="ipabackup_name is given and state is not copied, restored or absent"
+  when: state is not defined or
+        (state != "copied" and state != "restored" and state != "absent") and
+        ipabackup_name is defined
+
 - name: Get ipabackup_dir from IPA installation
   include_tasks: "{{ role_path }}/tasks/get_ipabackup_dir.yml"
 
@@ -33,12 +39,6 @@
   include_tasks: "{{ role_path }}/tasks/backup.yml"
   when: state|default("present") == "present"
 
-- name: Fail for given ipabackup_name if state is not copied, restored or absent
-  fail: msg="ipabackup_name is given and state is not copied, restored or absent"
-  when: state is not defined or
-        (state != "copied" and state != "restored" and state != "absent") and
-        ipabackup_name is defined
-
 - name: Fail on missing ipabackup_name
   fail: msg="ipabackup_name is not set"
   when: (ipabackup_name is not defined or not ipabackup_name) and
diff --git a/tests/backup_role/test_backup.yml b/tests/backup_role/test_backup.yml
index 5060e802..9f68656f 100644
--- a/tests/backup_role/test_backup.yml
+++ b/tests/backup_role/test_backup.yml
@@ -383,6 +383,31 @@
       loop_var: server_backup_data
       label: server_backup_data.path
 
+  # Test issue #900
+  - name: Remove all backup from server.
+    ansible.builtin.include_role:
+      name: ipabackup
+    vars:
+      state: absent
+      ipabackup_name: all
+
+  - name: Test issue 900 fix.
+    block:
+      - name: Invalid role configuration that should not produce a backup on the server.
+        ansible.builtin.include_role:
+          name: ipabackup
+        vars:
+          state: present
+          ipabackup_name: this_must_fail
+    rescue:
+      - name: List all existing backups on server
+        ansible.builtin.find:
+          path: /var/lib/ipa/backup
+          recurse: no
+          file_type: directory
+        register: server_backups
+        failed_when: server_backups.files
+
   # CLEANUP
 
   - name: List all existing backups on controller
-- 
GitLab