From 2e3f51db5df4a9871e30dcd2e469f4c3edf0412e Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Wed, 27 Dec 2023 15:55:08 -0300 Subject: [PATCH] ipadelegation: Fix idempotence issues due to case insensitive strings Several parameters for ipadelegation need to be compared in a case insensitive manner. Most should be stored in lowercase, but 'memberof' should preserve case to maintain the same behavior as IPA CLI commands. --- plugins/modules/ipadelegation.py | 14 +- ...est_delegation_member_case_insensitive.yml | 203 ++++++++++++++++++ 2 files changed, 211 insertions(+), 6 deletions(-) create mode 100644 tests/delegation/test_delegation_member_case_insensitive.yml diff --git a/plugins/modules/ipadelegation.py b/plugins/modules/ipadelegation.py index e30d3d7008..c0bab6c60f 100644 --- a/plugins/modules/ipadelegation.py +++ b/plugins/modules/ipadelegation.py @@ -124,7 +124,7 @@ from ansible.module_utils.ansible_freeipa_module import \ - IPAAnsibleModule, compare_args_ipa + IPAAnsibleModule, compare_args_ipa, CaseInsensitive def find_delegation(module, name): @@ -180,10 +180,10 @@ def main(): names = ansible_module.params_get("name") # present - permission = ansible_module.params_get("permission") - attribute = ansible_module.params_get("attribute") + permission = ansible_module.params_get_lowercase("permission") + attribute = ansible_module.params_get_lowercase("attribute") membergroup = ansible_module.params_get("membergroup") - group = ansible_module.params_get("group") + group = ansible_module.params_get_lowercase("group") action = ansible_module.params_get("action") # state state = ansible_module.params_get("state") @@ -248,8 +248,10 @@ def main(): # For all settings is args, check if there are # different settings in the find result. # If yes: modify - if not compare_args_ipa(ansible_module, args, - res_find): + if not compare_args_ipa( + ansible_module, args, res_find, + arg_conv={"memberof": CaseInsensitive()} + ): commands.append([name, "delegation_mod", args]) else: commands.append([name, "delegation_add", args]) diff --git a/tests/delegation/test_delegation_member_case_insensitive.yml b/tests/delegation/test_delegation_member_case_insensitive.yml new file mode 100644 index 0000000000..39ed68b167 --- /dev/null +++ b/tests/delegation/test_delegation_member_case_insensitive.yml @@ -0,0 +1,203 @@ +--- +- name: Test delegation + hosts: "{{ ipa_test_host | default('ipaserver') }}" + become: no + gather_facts: no + + tasks: + - name: Test delegation, and ensure cleanup is executed in case of an error + block: + # CLEANUP TEST ITEMS + + - name: Ensure delegation "basic manager attributes" is absent + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + state: absent + + # CREATE TEST ITEMS + + - name: Ensure test group managers is present + ipagroup: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: managers + + - name: Ensure test group employees is present + ipagroup: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: employees + + # TESTS + + - name: Ensure delegation "basic manager attributes" is present, with mixed case attributes + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: Read + attribute: + - BusinessCategory + group: Managers + membergroup: Employees + register: result + failed_when: not result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" is present, group lowercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: Read + attribute: + - BusinessCategory + group: "{{ 'Managers' | lower }}" + membergroup: Employees + register: result + failed_when: result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" is present, group uppercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: Read + attribute: + - BusinessCategory + group: "{{ 'Managers' | upper }}" + membergroup: Employees + register: result + failed_when: result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" is present, permission uppercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: "{{ 'read' | upper }}" + attribute: + - BusinessCategory + group: managers + membergroup: Employees + register: result + failed_when: result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" is present, permission lowercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: "{{ 'Read' | lower }}" + attribute: + - BusinessCategory + group: managers + membergroup: Employees + register: result + failed_when: result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" is present, attribute uppercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: read + attribute: + - "{{ 'BusinessCategory' | upper }}" + group: managers + membergroup: Employees + register: result + failed_when: result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" is present, attribute lowercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: read + attribute: + - "{{ 'BusinessCategory' | lower }}" + group: managers + membergroup: Employees + register: result + failed_when: result.changed or result.failed + + # membergroup uses case insensitive comparison, but is case preserving. + + - name: Ensure delegation "basic manager attributes" is present, membergroup lowercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: read + attribute: + - businesscategory + group: managers + membergroup: "{{ 'Employees' | lower }}" + register: result + failed_when: result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" is present, membergroup uppercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: read + attribute: + - businesscategory + group: managers + membergroup: "{{ 'Employees' | upper }}" + register: result + failed_when: result.changed or result.failed + + # tests for action: member + - name: Ensure delegation "basic manager attributes" is present, attribute mixed case + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + permission: read + attribute: + - BusinessCategory + group: managers + membergroup: employees + + - name: Ensure delegation "basic manager attributes" member is present, attribute uppercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + attribute: + - "{{ 'BusinessCategory' | upper }}" + action: member + register: result + failed_when: result.changed or result.failed + + - name: Ensure delegation "basic manager attributes" member is present, attribute lowercase + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + attribute: + - "{{ 'BusinessCategory' | lower }}" + action: member + register: result + failed_when: result.changed or result.failed + + always: + # CLEANUP TEST ITEMS + + - name: Ensure delegation "basic manager attributes" is absent + ipadelegation: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: "basic manager attributes" + state: absent + + - name: Ensure test groups are absent + ipagroup: + ipaadmin_password: SomeADMINpassword + ipaapi_context: "{{ ipa_context | default(omit) }}" + name: managers,employees + state: absent