From adc8d607643c3406b88ea9a3b4a9a537f02aa991 Mon Sep 17 00:00:00 2001 From: Thomas Krahn Date: Wed, 27 Sep 2017 09:51:59 +0200 Subject: [PATCH] ipa_sudorule: Fix issue #25863 (#26285) --- .../modules/identity/ipa/ipa_sudorule.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/lib/ansible/modules/identity/ipa/ipa_sudorule.py b/lib/ansible/modules/identity/ipa/ipa_sudorule.py index c5e3e6f1b5..fd8905b52d 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudorule.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudorule.py @@ -277,9 +277,22 @@ def ensure(module, client): client.sudorule_add_host_hostgroup, client.sudorule_remove_host_hostgroup) or changed if sudoopt is not None: - changed = client.modify_if_diff(name, ipa_sudorule.get('ipasudoopt', []), sudoopt, - client.sudorule_add_option_ipasudoopt, - client.sudorule_remove_option_ipasudoopt) or changed + # client.modify_if_diff does not work as each option must be removed/added by its own + ipa_list = ipa_sudorule.get('ipasudoopt', []) + module_list = sudoopt + diff = list(set(ipa_list) - set(module_list)) + if len(diff) > 0: + changed = True + if not module.check_mode: + for item in diff: + client.sudorule_remove_option_ipasudoopt(name, item) + diff = list(set(module_list) - set(ipa_list)) + if len(diff) > 0: + changed = True + if not module.check_mode: + for item in diff: + client.sudorule_add_option_ipasudoopt(name, item) + if user is not None: changed = category_changed(module, client, 'usercategory', ipa_sudorule) or changed changed = client.modify_if_diff(name, ipa_sudorule.get('memberuser_user', []), user,