plugins/modules/ipahbacrule.py

@@ -186,7 +186,17 @@ def find_hbacrule(module, name):
         module.fail_json(
             msg="There is more than one hbacrule '%s'" % (name))
     elif len(_result["result"]) == 1:
-        return _result["result"][0]
+        res = _result["result"][0]
+        # hbacsvcgroup names are converted to lower case while creation with
+        # hbacsvcgroup_add.
+        # The hbacsvcgroup for sudo is builtin with the name "Sudo" though.
+        # This breaks the lower case comparison. Therefore all
+        # memberservice_hbacsvcgroup items are converted to lower case if
+        # "Sudo" is in the list.
+        _member = "memberservice_hbacsvcgroup"
+        if _member in res and "Sudo" in res[_member]:
+            res[_member] = [item.lower() for item in res[_member]]
+        return res
 
     return None
 

plugins/modules/ipahbacsvcgroup.py

@@ -146,21 +146,6 @@ def gen_member_args(hbacsvc):
     return _args
 
 
-# pylint: disable=unused-argument
-def result_handler(module, result, command, name, args, errors):
-    # Get all errors
-    # All "already a member" and "not a member" failures in the
-    # result are ignored. All others are reported.
-    if "failed" in result and "member" in result["failed"]:
-        failed = result["failed"]["member"]
-        for member_type in failed:
-            for member, failure in failed[member_type]:
-                if "already a member" not in failure \
-                   and "not a member" not in failure:
-                    errors.append("%s: %s %s: %s" % (
-                        command, member_type, member, failure))
-
-
 def main():
     ansible_module = IPAAnsibleModule(
         argument_spec=dict(
@@ -303,7 +288,8 @@ def main():
                                  }])
 
         # Execute commands
-        changed = ansible_module.execute_ipa_commands(commands, result_handler)
+        changed = ansible_module.execute_ipa_commands(
+            commands, fail_on_member_errors=True)
 
     # Done
 

plugins/modules/ipaidview.py

@@ -127,7 +127,7 @@ RETURN = """
 
 from ansible.module_utils.ansible_freeipa_module import \
     IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, gen_add_list, \
-    gen_intersection_list
+    gen_intersection_list, ipalib_errors
 from ansible.module_utils import six
 
 if six.PY3:
@@ -144,6 +144,14 @@ def find_idview(module, name):
     return _result["result"]
 
 
+def valid_host(module, name):
+    try:
+        module.ipa_command("host_show", name, {})
+    except ipalib_errors.NotFound:
+        return False
+    return True
+
+
 def gen_args(description, domain_resolution_order):
     _args = {}
     if description is not None:
@@ -327,6 +335,9 @@ def main():
 
             # Add members
             if host_add:
+                for host in host_add:
+                    if not valid_host(ansible_module, host):
+                        ansible_module.fail_json("Invalid host '%s'" % host)
                 commands.append([name, "idview_apply", {"host": host_add}])
 
             # Remove members

tests/hbacrule/test_hbacrule_member_case_insensitive.yml

@@ -100,6 +100,7 @@
           - "{{ hbacsvc_list[1] }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] }}"
+          - Sudo
         check_mode: yes
         register: result
         failed_when: not result.changed or result.failed
@@ -124,6 +125,7 @@
           - "{{ hbacsvc_list[1] }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] }}"
+          - Sudo
         register: result
         failed_when: not result.changed or result.failed
 
@@ -147,6 +149,7 @@
           - "{{ hbacsvc_list[1] }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] }}"
+          - Sudo
         check_mode: yes
         register: result
         failed_when: result.changed or result.failed
@@ -171,6 +174,7 @@
           - "{{ hbacsvc_list[1] | lower }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | lower }}"
+          - sudo
         register: result
         failed_when: result.changed or result.failed
 
@@ -194,6 +198,7 @@
           - "{{ hbacsvc_list[1] | upper }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | upper }}"
+          - SUDO
         register: result
         failed_when: result.changed or result.failed
 
@@ -230,6 +235,7 @@
           - "{{ hbacsvc_list[1] }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] }}"
+          - Sudo
         check_mode: yes
         register: result
         failed_when: not result.changed or result.failed
@@ -254,6 +260,7 @@
           - "{{ hbacsvc_list[1] }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] }}"
+          - Sudo
           action: member
         register: result
         failed_when: not result.changed or result.failed
@@ -278,6 +285,7 @@
           - "{{ hbacsvc_list[1] }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] }}"
+          - Sudo
         check_mode: yes
         register: result
         failed_when: result.changed or result.failed
@@ -302,6 +310,7 @@
           - "{{ hbacsvc_list[1] | lower }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | lower }}"
+          - sudo
           action: member
         register: result
         failed_when: result.changed or result.failed
@@ -326,6 +335,7 @@
           - "{{ hbacsvc_list[1] | upper }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | upper }}"
+          - SUDO
           action: member
         register: result
         failed_when: result.changed or result.failed
@@ -352,6 +362,7 @@
           - "{{ hbacsvc_list[1] | upper }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | upper }}"
+          - SUDO
           action: member
           state: absent
         check_mode: yes
@@ -378,6 +389,7 @@
           - "{{ hbacsvc_list[1] | upper }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | upper }}"
+          - SUDO
           action: member
           state: absent
         register: result
@@ -403,6 +415,7 @@
           - "{{ hbacsvc_list[1] | upper }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | upper }}"
+          - SUDO
           action: member
           state: absent
         check_mode: yes
@@ -449,6 +462,7 @@
           - "{{ hbacsvc_list[1] | lower }}"
           hbacsvcgroup:
           - "{{ hbacsvcgroup_list[0] | lower }}"
+          - sudo
           action: member
           state: absent
         register: result

tests/idview/test_idview.yml

@@ -25,6 +25,7 @@
     ansible.builtin.set_fact:
       host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
       host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
+      host3_fqdn: "{{ 'host3.' + ipaserver_domain }}"
 
   # CLEANUP TEST ITEMS
 
@@ -182,6 +183,27 @@
     register: result
     failed_when: result.changed or result.failed
 
+  - name: Ensure invalid host "{{ host3_fqdn }}" fails to applied to idview test1_idview
+    ipaidview:
+      name: test1_idview
+      host:
+      - "{{ host3_fqdn }}"
+      action: member
+    register: result
+    failed_when: result.changed or not result.failed or
+                 "Invalid host" not in result.msg or
+                 host3_fqdn not in result.msg
+
+  - name: Ensure invalid host "{{ host3_fqdn }}" does not fail to unapply from idview test1_idview
+    ipaidview:
+      name: test1_idview
+      host:
+      - "{{ host3_fqdn }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
   - name: Ensure host "{{ host2_fqdn }}" is applied to idview test1_idview
     ipaidview:
       name: test1_idview