Fixes removal of all from HBAC rule categories.

This patch allows the removal of option `all` from user, host, and service categories, by allowing an empty string as a valid choice for each option.
2026-05-07 22:03:18 +00:00 · 2020-04-07 18:29:51 -03:00
parent 9d348cb368
commit 5e734e847e
3 changed files with 126 additions and 9 deletions
--- a/tests/hbacrule/test_hbacrule_categories.yml
+++ b/tests/hbacrule/test_hbacrule_categories.yml
@@ -0,0 +1,117 @@
+---
+- name: Test HBAC rule user category
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+
+  - name: Ensure HBAC rules are absent
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name:
+      - testrule
+      state: absent
+
+  - name: Ensure HBAC rule is present, with usercategory 'all'
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      usercategory: all
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure HBAC rule is present, with usercategory 'all', again.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      usercategory: all
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure HBAC rule is present, with no usercategory.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      usercategory: ""
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure HBAC rule is present, with no usercategory, again.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      usercategory: ""
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure HBAC rule is present, with hostcategory 'all'
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      hostcategory: all
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure HBAC rule is present, with hostcategory 'all', again.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      hostcategory: all
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure HBAC rule is present, with no hostcategory.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      hostcategory: ""
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure HBAC rule is present, with no hostcategory, again.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      hostcategory: ""
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure HBAC rule is present, with servicecategory 'all'
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      servicecategory: all
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure HBAC rule is present, with servicecategory 'all', again.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      servicecategory: all
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure HBAC rule is present, with no servicecategory.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      servicecategory: ""
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure HBAC rule is present, with no servicecategory, again.
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name: testrule
+      servicecategory: ""
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure HBAC rules are absent
+    ipahbacrule:
+      ipaadmin_password: SomeADMINpassword
+      name:
+      - testrule
+      state: absent