diff --git a/plugins/modules/ipaprivilege.py b/plugins/modules/ipaprivilege.py
index 18074f585d41ba077d717a6b7c905d850d6ae066..66af01e5a07a1f4850a18c9b49a6bbc84e4203d1 100644
--- a/plugins/modules/ipaprivilege.py
+++ b/plugins/modules/ipaprivilege.py
@@ -234,14 +234,22 @@ def main():
if action == "privilege":
# Found the privilege
if res_find is not None:
+ res_cmp = {
+ k: v for k, v in res_find.items()
+ if k not in [
+ "objectclass", "cn", "dn",
+ "memberof_permisssion"
+ ]
+ }
# For all settings is args, check if there are
# different settings in the find result.
# If yes: modify
- if not compare_args_ipa(ansible_module, args,
- res_find):
+ if args and not compare_args_ipa(ansible_module, args,
+ res_cmp):
commands.append([name, "privilege_mod", args])
else:
commands.append([name, "privilege_add", args])
+ res_find = {}
member_args = {}
if permission:
diff --git a/tests/privilege/test_privilege.yml b/tests/privilege/test_privilege.yml
index 2a13187d5b315be5a3d18e2614d24c821e4e7d64..0f6a29d7e7a9a4d8e102346cf02cc4d91bc55b29 100644
--- a/tests/privilege/test_privilege.yml
+++ b/tests/privilege/test_privilege.yml
@@ -140,6 +140,30 @@
register: result
failed_when: result.changed or result.failed
+ - name: Ensure "Broad Privilege" is absent.
+ ipaprivilege:
+ ipaadmin_password: SomeADMINpassword
+ name: Broad Privilege
+ state: absent
+
+ - name: Ensure privilege Broad Privilege is created with permission. (issue 529)
+ ipaprivilege:
+ ipaadmin_password: SomeADMINpassword
+ name: Broad Privilege
+ permission:
+ - "Write IPA Configuration"
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure privilege Broad Privilege is created with permission, again. (issue 529)
+ ipaprivilege:
+ ipaadmin_password: SomeADMINpassword
+ name: Broad Privilege
+ permission:
+ - "Write IPA Configuration"
+ register: result
+ failed_when: result.changed or result.failed
+
# CLEANUP TEST ITEMS
- name: Ensure privilege testing privileges are absent