Skip to content

Commit

Permalink
ipadelegation: Fix idempotence issues due to case insensitive strings
Browse files Browse the repository at this point in the history 
Several parameters for ipadelegation need to be compared in a case
insensitive manner. Most should be stored in lowercase, but 'memberof'
should preserve case to maintain the same behavior as IPA CLI commands.
  • Loading branch information
@rjeffman
rjeffman committed Dec 27, 2023
1 parent 12ecb03 commit 2e3f51d
Show file tree
Hide file tree
Showing 2 changed files with 211 additions and 6 deletions.
14 changes: 8 additions & 6 deletions plugins/modules/ipadelegation.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@


from ansible.module_utils.ansible_freeipa_module import \
IPAAnsibleModule, compare_args_ipa
IPAAnsibleModule, compare_args_ipa, CaseInsensitive


def find_delegation(module, name):
Expand Down Expand Up @@ -180,10 +180,10 @@ def main():
names = ansible_module.params_get("name")

# present
permission = ansible_module.params_get("permission")
attribute = ansible_module.params_get("attribute")
permission = ansible_module.params_get_lowercase("permission")
attribute = ansible_module.params_get_lowercase("attribute")
membergroup = ansible_module.params_get("membergroup")
group = ansible_module.params_get("group")
group = ansible_module.params_get_lowercase("group")
action = ansible_module.params_get("action")
# state
state = ansible_module.params_get("state")
Expand Down Expand Up @@ -248,8 +248,10 @@ def main():
# For all settings is args, check if there are
# different settings in the find result.
# If yes: modify
if not compare_args_ipa(ansible_module, args,
res_find):
if not compare_args_ipa(
ansible_module, args, res_find,
arg_conv={"memberof": CaseInsensitive()}
):
commands.append([name, "delegation_mod", args])
else:
commands.append([name, "delegation_add", args])
Expand Down
203 changes: 203 additions & 0 deletions tests/delegation/test_delegation_member_case_insensitive.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,203 @@
---
- name: Test delegation
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: no
gather_facts: no

tasks:
- name: Test delegation, and ensure cleanup is executed in case of an error
block:
# CLEANUP TEST ITEMS

- name: Ensure delegation "basic manager attributes" is absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
state: absent

# CREATE TEST ITEMS

- name: Ensure test group managers is present
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: managers

- name: Ensure test group employees is present
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: employees

# TESTS

- name: Ensure delegation "basic manager attributes" is present, with mixed case attributes
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: Read
attribute:
- BusinessCategory
group: Managers
membergroup: Employees
register: result
failed_when: not result.changed or result.failed

- name: Ensure delegation "basic manager attributes" is present, group lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: Read
attribute:
- BusinessCategory
group: "{{ 'Managers' | lower }}"
membergroup: Employees
register: result
failed_when: result.changed or result.failed

- name: Ensure delegation "basic manager attributes" is present, group uppercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: Read
attribute:
- BusinessCategory
group: "{{ 'Managers' | upper }}"
membergroup: Employees
register: result
failed_when: result.changed or result.failed

- name: Ensure delegation "basic manager attributes" is present, permission uppercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: "{{ 'read' | upper }}"
attribute:
- BusinessCategory
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed

- name: Ensure delegation "basic manager attributes" is present, permission lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: "{{ 'Read' | lower }}"
attribute:
- BusinessCategory
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed

- name: Ensure delegation "basic manager attributes" is present, attribute uppercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- "{{ 'BusinessCategory' | upper }}"
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed

- name: Ensure delegation "basic manager attributes" is present, attribute lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- "{{ 'BusinessCategory' | lower }}"
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed

# membergroup uses case insensitive comparison, but is case preserving.

- name: Ensure delegation "basic manager attributes" is present, membergroup lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: managers
membergroup: "{{ 'Employees' | lower }}"
register: result
failed_when: result.changed or result.failed

- name: Ensure delegation "basic manager attributes" is present, membergroup uppercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: managers
membergroup: "{{ 'Employees' | upper }}"
register: result
failed_when: result.changed or result.failed

# tests for action: member
- name: Ensure delegation "basic manager attributes" is present, attribute mixed case
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- BusinessCategory
group: managers
membergroup: employees

- name: Ensure delegation "basic manager attributes" member is present, attribute uppercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
attribute:
- "{{ 'BusinessCategory' | upper }}"
action: member
register: result
failed_when: result.changed or result.failed

- name: Ensure delegation "basic manager attributes" member is present, attribute lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
attribute:
- "{{ 'BusinessCategory' | lower }}"
action: member
register: result
failed_when: result.changed or result.failed

always:
# CLEANUP TEST ITEMS

- name: Ensure delegation "basic manager attributes" is absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
state: absent

- name: Ensure test groups are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: managers,employees
state: absent

0 comments on commit 2e3f51d

Please sign in to comment.