ipahost: Honour update_password also for random

If random is enabled and update_password is limited to "create_only", the random password may only be changed if the host does not exist yet. Additionally the generation of the random password will fail, if the host is already enrolled if update_password is "always" (default value). An error will be reported early in this case now. The command host_show is now used instead of host_find, as `has_password` and `has_keytab` are only returned by host_show, but not by host_find. The find_host function has been adapated for this change. Resolves: #253 (ipahost is not idempotent)
2026-05-13 21:12:02 +00:00 · 2020-05-11 12:38:11 +02:00
parent 67261c3dcd
commit b3d5b32e31
3 changed files with 56 additions and 23 deletions
--- a/tests/host/test_host_random.yml
+++ b/tests/host/test_host_random.yml
@@ -77,6 +77,22 @@
    debug:
      var: ipahost.host["{{host2_fqdn }}"].randompassword

+  - name: Enrolled host "{{ groups.ipaserver[0] }}" fails to set random password with update_password always
+    ipahost:
+      ipaadmin_password: SomeADMINpassword
+      hosts:
+      - name: "{{ groups.ipaserver[0] }}"
+        random: yes
+      update_password: always
+    register: ipahost
+    failed_when: ipahost.changed
+
+  - assert:
+      that:
+      - ipahost.host["{{ groups.ipaserver[0] }}"].randompassword is
+        not defined
+      - "'Password cannot be set on enrolled host' in ipahost.msg"
+
  - name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" absent
    ipahost:
      ipaadmin_password: SomeADMINpassword