ipauser: Fix idempotence issue when using 'preserved'.

When trying to ensure 'state: absent' with 'preserved: yes' in ipauser, after the first execution the playbook would fail with "user is already present". Similar idempotence issue would happen when 'state: undelete' was used. This PR fixes both issues, and improve tests for the states where user is preserved, enabled and disabled. The 'find_user' function now uses IPA API 'user_show' instead of 'user_find' so that only the requested user is actually returned.
2026-03-26 21:33:05 +00:00 · 2022-01-24 17:35:36 -03:00
parent 2de1dccbf5
commit 7f61e72a2c
3 changed files with 151 additions and 42 deletions
--- a/tests/user/test_user.yml
+++ b/tests/user/test_user.yml
@@ -249,6 +249,16 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: User pinky absent and preserved, again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: User pinky undeleted (preserved before)
    ipauser:
      ipaadmin_password: SomeADMINpassword
@@ -258,6 +268,15 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: User pinky undeleted (preserved before), again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      state: undeleted
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: Users pinky disabled
    ipauser:
      ipaadmin_password: SomeADMINpassword
@@ -267,6 +286,15 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: Users pinky disabled, again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      state: disabled
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: User pinky enabled
    ipauser:
      ipaadmin_password: SomeADMINpassword
@@ -276,6 +304,44 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: User pinky enabled, again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      state: enabled
+    register: result
+    failed_when: result.changed or result.failed
+
+  - name: User pinky absent and preserved for future exclusion.
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: not result.changed or result.failed
+
+  - name: User pinky absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      state: absent
+    register: result
+    failed_when: not result.changed or result.failed
+
+  - name: User pinky absent and preserved, when already absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: Remove test users
    ipauser:
      ipaadmin_password: SomeADMINpassword
--- a/tests/user/test_users.yml
+++ b/tests/user/test_users.yml
@@ -369,6 +369,15 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: User pinky absent and preserved, again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: User pinky undeleted (preserved before)
    ipauser:
      ipaadmin_password: SomeADMINpassword
@@ -377,6 +386,14 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: User pinky undeleted (preserved before), again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: undeleted
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: Users pinky disabled
    ipauser:
      ipaadmin_password: SomeADMINpassword
@@ -385,6 +402,14 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: Users pinky disabled, again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: disabled
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: User pinky enabled
    ipauser:
      ipaadmin_password: SomeADMINpassword
@@ -393,6 +418,43 @@
    register: result
    failed_when: not result.changed or result.failed

+  - name: User pinky enabled, again
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: enabled
+    register: result
+    failed_when: result.changed or result.failed
+
+  - name: User pinky absent and preserved for future exclusion.
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: not result.changed or result.failed
+
+  - name: User pinky absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      state: absent
+    register: result
+    failed_when: not result.changed or result.failed
+
+  - name: User pinky absent and preserved, when already absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: pinky
+      preserve: yes
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: Remove test users
    ipauser:
      ipaadmin_password: SomeADMINpassword