Skip to content
Snippets Groups Projects
Unverified Commit fa4a90e6 authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman Committed by GitHub
Browse files

Merge pull request #1259 from t-woerner/permission_DN_parameters_idempotency_fixes 

permission: Fix idempotency issues for DN parameters
parents c38ff9b7 173acf28
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
plugins/modules/ipapermission.py
+ 7
2
View file @ fa4a90e6
...@@ -154,7 +154,7 @@ RETURN = """ ...@@ -154,7 +154,7 @@ RETURN = """
from ansible.module_utils.ansible_freeipa_module import \ from ansible.module_utils.ansible_freeipa_module import \
IPAAnsibleModule, compare_args_ipa IPAAnsibleModule, compare_args_ipa, to_text
def find_permission(module, name): def find_permission(module, name):
...@@ -164,7 +164,12 @@ def find_permission(module, name): ...@@ -164,7 +164,12 @@ def find_permission(module, name):
except Exception: # pylint: disable=broad-except except Exception: # pylint: disable=broad-except
# An exception is raised if permission name is not found. # An exception is raised if permission name is not found.
return None return None
return _result["result"] _res = _result["result"]
for param in ["ipapermlocation", "ipapermtarget", "ipapermtargetto",
"ipapermtargetfrom"]:
if param in _res:
_res[param] = [to_text(elem) for elem in _res[param]]
return _res
def gen_args(right, attrs, bindtype, subtree, def gen_args(right, attrs, bindtype, subtree,
......
tests/permission/test_permission.yml
+ 98
0
View file @ fa4a90e6
...@@ -247,6 +247,104 @@ ...@@ -247,6 +247,104 @@
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
- name: Ensure permission perm-test-1 is present with subtree
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
subtree: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: not result.changed or result.failed
- name: Ensure permission perm-test-1 is present with subtree again
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
subtree: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-1 with target is present
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
target: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: not result.changed or result.failed
- name: Ensure permission perm-test-1 with target is present, again
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
target: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-1 with targetto is present
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
targetto: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: not result.changed or result.failed
- name: Ensure permission perm-test-1 with targetto is present, again
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
targetto: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-1 with targetfrom is present
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
targetfrom: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: not result.changed or result.failed
- name: Ensure permission perm-test-1 with targetfrom is present, again
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
right: write
targetfrom: "cn=computers,cn=accounts,dc={{ ipaserver_domain | replace('.', ',dc=') }}"
attrs: locality
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-1 with object_type and right is present
ipapermission:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: perm-test-1
object_type: host
right: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure attributes carlicense and displayname are present in permission "System{{ ':' }} Update DNS Entries" - name: Ensure attributes carlicense and displayname are present in permission "System{{ ':' }} Update DNS Entries"
ipapermission: ipapermission:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment