ipaclient: Use omit (None) for password, keytab, no string length checks

Password and keytab do not need to be set explicitely to an empty string when they are not set. Also there is no need to have string length checks in the role tasks.
2026-03-26 21:33:05 +00:00 · 2019-06-14 17:26:12 +02:00
parent 813d5bbf97
commit da14fa29bb
2 changed files with 11 additions and 13 deletions
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -161,8 +161,7 @@ def main():
    kinit_attempts = module.params.get('kinit_attempts')
    debug = module.params.get('debug')

-    if password is not None and password != "" and \
-       keytab is not None and keytab != "":
+    if password is not None and keytab is not None:
        module.fail_json(msg="Password and keytab cannot be used together")

    client_domain = hostname[hostname.find(".")+1:]
@@ -174,7 +173,7 @@ def main():

    options.ca_cert_file = ca_cert_file
    options.unattended = True
-    options.principal = principal if principal != "" else None
+    options.principal = principal
    options.force = False
    options.password = password

@@ -207,7 +206,7 @@ def main():
            env['XMLRPC_TRACE_CURL'] = 'yes'
        if force_join:
            join_args.append("-f")
-        if principal:
+        if principal is not None:
            if principal.find('@') == -1:
                principal = '%s@%s' % (principal, realm)
            try:
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -115,7 +115,7 @@
      no_log: yes
      ipaclient_get_otp:
        state: present
-        principal: "{{ ipaadmin_principal | default('admin') }}"
+        principal: "{{ ipaadmin_principal | default(omit) }}"
        password: "{{ ipaadmin_password | default(omit) }}"
        keytab: "{{ ipaadmin_keytab | default(omit) }}"
        fqdn: "{{ result_ipaclient_test.hostname }}"
@@ -150,14 +150,13 @@

    - name: Install - Check if principal and keytab are set
      fail: msg="Principal and keytab cannot be used together"
-      when: ipaadmin_principal is defined and ipaadmin_principal|length > 0
-            and ipaclient_keytab is defined and ipaclient_keytab|length > 0
+      when: ipaadmin_principal is defined and ipaclient_keytab is defined

-    - name: Install - Check if one of password and keytab are set
-      fail: msg="At least one of password or keytab must be specified"
-      when: not result_ipaclient_test_keytab.krb5_keytab_ok and
-            (ipaadmin_password is undefined or ipaadmin_password|length == 0)
-            and (ipaclient_keytab is undefined or ipaclient_keytab|length == 0)
+    - name: Install - Check if one of password or keytabs are set
+      fail: msg="At least one of password or keytabs must be specified"
+      when: not result_ipaclient_test_keytab.krb5_keytab_ok
+            and ipaadmin_password is undefined
+            and ipaclient_keytab is undefined
    when: not ipaclient_on_master | bool

  - name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
@@ -188,7 +187,7 @@
      hostname: "{{ result_ipaclient_test.hostname }}"
      force_join: "{{ ipaclient_force_join | default(omit) }}"
      principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and
-                     ipaclient_keytab is not defined else '' }}"
+                     ipaclient_keytab is not defined else omit }}"
      password: "{{ ipaadmin_password | default(omit) }}"
      keytab: "{{ ipaclient_keytab | default(omit) }}"
      # ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"