Merge pull request #1072 from t-woerner/external_group_ipaexternalmember_fix

ipagroup: Fix ensuring external group group members (without trust-ad)
2026-03-26 21:33:05 +00:00 · 2023-04-04 17:56:11 -03:00
parent ecab42b9f5 80abf635c3
commit 82c0161245
2 changed files with 87 additions and 4 deletions
--- a/plugins/modules/ipagroup.py
+++ b/plugins/modules/ipagroup.py
@@ -818,10 +818,12 @@ def main():
                del_member_args["service"] = service_del

            if is_external_group(res_find):
-                add_member_args["ipaexternalmember"] = \
-                    externalmember_add
-                del_member_args["ipaexternalmember"] = \
-                    externalmember_del
+                if len(externalmember_add) > 0:
+                    add_member_args["ipaexternalmember"] = \
+                        externalmember_add
+                if len(externalmember_del) > 0:
+                    del_member_args["ipaexternalmember"] = \
+                        externalmember_del
            elif externalmember or external:
                ansible_module.fail_json(
                    msg="Cannot add external members to a "
--- a/tests/group/test_group_external_group_members_no_trust.yml
+++ b/tests/group/test_group_external_group_members_no_trust.yml
@@ -0,0 +1,81 @@
+---
+- name: Test external group group members (without trust-ad installed)
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Ensure external test groups are absent
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name:
+      - externaltestgroup01
+      - externaltestgroup02
+      state: absent
+
+  - name: Create external test group 01
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: externaltestgroup01
+      external: true
+    register: result
+    failed_when: result.failed or not result.changed
+
+  - name: Create external test group 02
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: externaltestgroup02
+      external: true
+    register: result
+    failed_when: result.failed or not result.changed
+
+  - name: Ensure externaltestgroup02 is a member of externaltestgroup01
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: externaltestgroup01
+      action: member
+      group:
+      - externaltestgroup02
+    register: result
+    failed_when: result.failed or not result.changed
+
+  - name: Ensure externaltestgroup02 is a member of externaltestgroup01, again
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: externaltestgroup01
+      action: member
+      group:
+      - externaltestgroup02
+    register: result
+    failed_when: result.failed or result.changed
+
+  - name: Ensure externaltestgroup02 is not a member of externaltestgroup01
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: externaltestgroup01
+      action: member
+      group:
+      - externaltestgroup02
+      state: absent
+    register: result
+    failed_when: result.failed or not result.changed
+
+  - name: Ensure externaltestgroup02 is not a member of externaltestgroup01, again
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: externaltestgroup01
+      action: member
+      group:
+      - externaltestgroup02
+      state: absent
+    register: result
+    failed_when: result.failed or result.changed
+
+  - name: Ensure external test groups are absent
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name:
+      - externaltestgroup01
+      - externaltestgroup02
+      state: absent
+    register: result
+    failed_when: result.failed or not result.changed