From 9f5193e40b7bb05171ac3cde9adad9de9008c246 Mon Sep 17 00:00:00 2001 From: aBUDmdBQ <135135848+aBUDmdBQ@users.noreply.github.com> Date: Sun, 24 Mar 2024 18:03:55 +0100 Subject: [PATCH] ipa_sudorule, ipa_hbacrule: change ipaenabledflag type to bool (#7880) * ipa_sudorule, ipa_hbacrule: change ipaenabledflag type to bool freeipa changed the type to bool with commit https://pagure.io/freeipa/c/6c5f2bcb301187f9844985ffe309c7d2262e16f3 * add changelog-fragment * ipa_sudorule, ipa_hbacrule: set ipaenabledflag according to version * ipa_sudorule, ipa_hbacrule: change version for backport it also got backported (https://pagure.io/freeipa/c/faeb656c77adf27a49ccaceb57fc1ba44e11cc1d) * ipa_sudorule, ipa_hbacrule: swap assigned values * Update changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml Co-authored-by: Felix Fontein --------- Co-authored-by: aBUDmdBQ <> Co-authored-by: Felix Fontein --- .../7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml | 3 +++ plugins/modules/ipa_hbacrule.py | 12 ++++++++++-- plugins/modules/ipa_sudorule.py | 12 ++++++++++-- 3 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml diff --git a/changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml b/changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml new file mode 100644 index 0000000000..cb2caa3780 --- /dev/null +++ b/changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml @@ -0,0 +1,3 @@ +bugfixes: + - ipa_sudorule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880). + - ipa_hbacrule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880). diff --git a/plugins/modules/ipa_hbacrule.py b/plugins/modules/ipa_hbacrule.py index b7633262b6..77a4d0d487 100644 --- a/plugins/modules/ipa_hbacrule.py +++ b/plugins/modules/ipa_hbacrule.py @@ -161,6 +161,7 @@ import traceback from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils.common.text.converters import to_native +from ansible_collections.community.general.plugins.module_utils.version import LooseVersion class HBACRuleIPAClient(IPAClient): @@ -231,10 +232,17 @@ def ensure(module, client): name = module.params['cn'] state = module.params['state'] + ipa_version = client.get_ipa_version() if state in ['present', 'enabled']: - ipaenabledflag = 'TRUE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'TRUE' + else: + ipaenabledflag = True else: - ipaenabledflag = 'FALSE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'FALSE' + else: + ipaenabledflag = False host = module.params['host'] hostcategory = module.params['hostcategory'] diff --git a/plugins/modules/ipa_sudorule.py b/plugins/modules/ipa_sudorule.py index 4f00e88059..223f6b6de7 100644 --- a/plugins/modules/ipa_sudorule.py +++ b/plugins/modules/ipa_sudorule.py @@ -202,6 +202,7 @@ import traceback from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils.common.text.converters import to_native +from ansible_collections.community.general.plugins.module_utils.version import LooseVersion class SudoRuleIPAClient(IPAClient): @@ -334,10 +335,17 @@ def ensure(module, client): runasgroupcategory = module.params['runasgroupcategory'] runasextusers = module.params['runasextusers'] + ipa_version = client.get_ipa_version() if state in ['present', 'enabled']: - ipaenabledflag = 'TRUE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'TRUE' + else: + ipaenabledflag = True else: - ipaenabledflag = 'FALSE' + if LooseVersion(ipa_version) < LooseVersion('4.9.10'): + ipaenabledflag = 'FALSE' + else: + ipaenabledflag = False sudoopt = module.params['sudoopt'] user = module.params['user']