diff --git a/changelogs/fragments/pamd-make-idempotence-fix.yaml b/changelogs/fragments/pamd-make-idempotence-fix.yaml new file mode 100644 index 0000000000..fbafe7306a --- /dev/null +++ b/changelogs/fragments/pamd-make-idempotence-fix.yaml @@ -0,0 +1,2 @@ +bugfixes: + - pamd - fix idempotence issue when removing rules diff --git a/lib/ansible/modules/system/pamd.py b/lib/ansible/modules/system/pamd.py index 0179c9562e..d55c0126b4 100644 --- a/lib/ansible/modules/system/pamd.py +++ b/lib/ansible/modules/system/pamd.py @@ -482,7 +482,7 @@ class PamdService(object): else: self._head = current_line.next current_line.next.prev = None - changed += 1 + changed += 1 current_line = current_line.next return changed diff --git a/test/units/modules/system/test_pamd.py b/test/units/modules/system/test_pamd.py index 5d27edc729..35d4cb1c3a 100644 --- a/test/units/modules/system/test_pamd.py +++ b/test/units/modules/system/test_pamd.py @@ -349,5 +349,7 @@ session required pam_unix.so""" def test_remove_rule(self): self.assertTrue(self.pamd.remove('account', 'required', 'pam_unix.so')) + # Second run should not change anything + self.assertFalse(self.pamd.remove('account', 'required', 'pam_unix.so')) test_rule = PamdRule('account', 'required', 'pam_unix.so') self.assertNotIn(str(test_rule), str(self.pamd))