servicedelegation: Do not fail for not existing members with state absent

Ensuring absence of members (services and targets) that do not exist may not fail as they are not members for servicedelegationtarget and servicedelegationrule. servicedelegation_normalize_principals in ansible_freeipa_module has been extended with a check_exists argument that defaults to False. state == "present" is now given as this argument to turn on the element exists check only if elements should be added.
2026-06-11 19:25:54 +00:00 · 2022-02-14 17:57:04 +01:00
parent 892cb037eb
commit 8010d19be9
5 changed files with 50 additions and 10 deletions
--- a/tests/servicedelegationrule/test_servicedelegationrule.yml
+++ b/tests/servicedelegationrule/test_servicedelegationrule.yml
@@ -21,7 +21,9 @@
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
-      name: "{{ 'test-service/' + ansible_facts['fqdn'] }}"
+      name:
+      - "{{ 'test-service/' + ansible_facts['fqdn'] }}"
+      - "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
      state: absent
      continue: yes

@@ -29,7 +31,9 @@
    ipaservicedelegationtarget:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
-      name: test-delegation-target
+      name:
+      - test-delegation-target
+      - not-existing-test-delegation-target
      state: absent

  # CREATE TEST ITEMS
@@ -68,6 +72,28 @@
    register: result
    failed_when: result.changed or result.failed

+  - name: Do not fail to ensure absence of not existing servicedelegationrule test-delegation-rule member principal
+    ipaservicedelegationrule:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: test-delegation-rule
+      principal: "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
+  - name: Do not fail to ensure absence of not existing servicedelegationrule test-delegation-rule member target
+    ipaservicedelegationrule:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: test-delegation-rule
+      target: not-existing-test-delegation-target
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: Ensure servicedelegationrule test-delegation-rule member target test-delegation-target is present
    ipaservicedelegationrule:
      ipaadmin_password: SomeADMINpassword