ipapwpolicy: Use global_policy if name is not set

If the name is not set, the policy global_policy is now used. It was needed before to explicitly name the global_policy. Also a check has been added to fail early if global_policy is used with state absent. The README for pwpolicy has been extended with an example for global_policy and also the description of the name variable. The test has also been extended to check a change of maxlife for global_policy and that global_policy can not be used with state: absent Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1797532
2026-05-07 22:03:18 +00:00 · 2020-02-06 15:38:00 +01:00
parent e88c5a06d8
commit 4dd1d25eac
3 changed files with 73 additions and 4 deletions
--- a/plugins/modules/ipapwpolicy.py
+++ b/plugins/modules/ipapwpolicy.py
@@ -167,7 +167,7 @@ def main():
            ipaadmin_password=dict(type="str", required=False, no_log=True),

            name=dict(type="list", aliases=["cn"], default=None,
-                      required=True),
+                      required=False),
            # present

            maxlife=dict(type="int", aliases=["krbmaxpwdlife"], default=None),
@@ -218,6 +218,9 @@ def main():

    # Check parameters

+    if names is None:
+        names = ["global_policy"]
+
    if state == "present":
        if len(names) != 1:
            ansible_module.fail_json(
@@ -225,8 +228,10 @@ def main():

    if state == "absent":
        if len(names) < 1:
+            ansible_module.fail_json(msg="No name given.")
+        if "global_policy" in names:
            ansible_module.fail_json(
-                msg="No name given.")
+                msg="'global_policy' can not be made absent.")
        invalid = ["maxlife", "minlife", "history", "minclasses",
                   "minlength", "priority", "maxfail", "failinterval",
                   "lockouttime"]