Merge pull request #1003 from dkarpele/dkarpele-2144724

Use netgroup_find instead of netgroup_show to workaround IPA bug.
2026-05-07 22:03:18 +00:00 · 2023-01-05 09:13:43 -03:00
parent ba353a9b16 483d51b418
commit 5c630d6021
2 changed files with 52 additions and 9 deletions
--- a/plugins/modules/ipanetgroup.py
+++ b/plugins/modules/ipanetgroup.py
@@ -157,18 +157,29 @@ RETURN = """

 from ansible.module_utils.ansible_freeipa_module import \
    IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, \
-    gen_add_list, gen_intersection_list, ipalib_errors, ensure_fqdn
+    gen_add_list, gen_intersection_list, ensure_fqdn


 def find_netgroup(module, name):
    """Find if a netgroup with the given name already exist."""
-    try:
-        _result = module.ipa_command("netgroup_show", name, {"all": True})
-    except ipalib_errors.NotFound:
-        # An exception is raised if netgroup name is not found.
-        return None
-    else:
-        return _result["result"]
+    _args = {
+        "all": True,
+        "cn": name,
+    }
+
+    # `netgroup_find` is used here instead of `netgroup_show` to workaround
+    # FreeIPA bug https://pagure.io/freeipa/issue/9284.
+    # `ipa netgroup-show hostgroup` shows hostgroup - it's a bug.
+    # `ipa netgroup-find hostgroup` doesn't show hostgroup - it's correct.
+    _result = module.ipa_command("netgroup_find", name, _args)
+
+    if len(_result["result"]) > 1:
+        module.fail_json(
+            msg="There is more than one netgroup '%s'" % name)
+    elif len(_result["result"]) == 1:
+        return _result["result"][0]
+
+    return None


 def gen_args(description, nisdomain, nomembers):
--- a/tests/netgroup/test_netgroup.yml
+++ b/tests/netgroup/test_netgroup.yml
@@ -17,6 +17,14 @@
          - my_netgroup3
        state: absent

+    - name: Ensure hostgroup is absent
+      ipahostgroup:
+        ipaadmin_password: SomeADMINpassword
+        ipaapi_context: "{{ ipa_context | default(omit) }}"
+        name:
+          - my_hostgroup1
+        state: absent
+
    # CREATE TEST ITEMS
    - name: Get Domain from server name
      ansible.builtin.set_fact:
@@ -35,6 +43,12 @@
        ipaapi_context: "{{ ipa_context | default(omit) }}"
        name: my_netgroup3

+    - name: Ensure hostgroup my_hostgroup1 is present
+      ipahostgroup:
+        ipaadmin_password: SomeADMINpassword
+        ipaapi_context: "{{ ipa_context | default(omit) }}"
+        name: my_hostgroup1
+
    # TESTS

    - name: Ensure netgroup my_netgroup1 is present
@@ -115,7 +129,7 @@
      register: result
      failed_when: result.changed or result.failed

-    # netgroup and hostgroup with the same name are deprecated
+    # netgroup and hostgroup with the same name are deprecated (check hostgroup)
    - name: Ensure hostgroup my_netgroup2 isn't present
      ipahostgroup:
        ipaadmin_password: SomeADMINpassword
@@ -125,6 +139,16 @@
      failed_when: result.changed or not result.failed or
        "Hostgroups and netgroups share a common namespace" not in result.msg

+    # netgroup and hostgroup with the same name are deprecated (check netgroup)
+    - name: Ensure netgroup my_hostgroup1 isn't present
+      ipanetgroup:
+        ipaadmin_password: SomeADMINpassword
+        ipaapi_context: "{{ ipa_context | default(omit) }}"
+        name: my_hostgroup1
+      register: result
+      failed_when: result.changed or not result.failed or
+        "Hostgroups and netgroups share a common namespace" not in result.msg
+
    - name: Ensure netgroups my_netgroup2, my_netgroup3 are absent
      ipanetgroup:
        ipaadmin_password: SomeADMINpassword
@@ -147,3 +171,11 @@
          - my_netgroup2
          - my_netgroup3
        state: absent
+
+    - name: Ensure hostgroups are absent
+      ipahostgroup:
+        ipaadmin_password: SomeADMINpassword
+        ipaapi_context: "{{ ipa_context | default(omit) }}"
+        name:
+          - my_hostgroup1
+        state: absent