ipaclient: Use omit (None) for password, keytab, no string length checks

Password and keytab do not need to be set explicitely to an empty string
when they are not set. Also there is no need to have string length checks
in the role tasks.

roles/ipaclient/library/ipaclient_join.py

@@ -161,8 +161,7 @@ def main():
     kinit_attempts = module.params.get('kinit_attempts')
     debug = module.params.get('debug')
 
-    if password is not None and password != "" and \
+    if password is not None and keytab is not None:
-       keytab is not None and keytab != "":
         module.fail_json(msg="Password and keytab cannot be used together")
 
     client_domain = hostname[hostname.find(".")+1:]
@@ -174,7 +173,7 @@ def main():
 
     options.ca_cert_file = ca_cert_file
     options.unattended = True
-    options.principal = principal if principal != "" else None
+    options.principal = principal
     options.force = False
     options.password = password
 
@@ -207,7 +206,7 @@ def main():
             env['XMLRPC_TRACE_CURL'] = 'yes'
         if force_join:
             join_args.append("-f")
-        if principal:
+        if principal is not None:
             if principal.find('@') == -1:
                 principal = '%s@%s' % (principal, realm)
             try:

roles/ipaclient/tasks/install.yml

@@ -115,7 +115,7 @@
       no_log: yes
       ipaclient_get_otp:
         state: present
-        principal: "{{ ipaadmin_principal | default('admin') }}"
+        principal: "{{ ipaadmin_principal | default(omit) }}"
         password: "{{ ipaadmin_password | default(omit) }}"
         keytab: "{{ ipaadmin_keytab | default(omit) }}"
         fqdn: "{{ result_ipaclient_test.hostname }}"
@@ -150,14 +150,13 @@
 
     - name: Install - Check if principal and keytab are set
       fail: msg="Principal and keytab cannot be used together"
-      when: ipaadmin_principal is defined and ipaadmin_principal|length > 0
+      when: ipaadmin_principal is defined and ipaclient_keytab is defined
-            and ipaclient_keytab is defined and ipaclient_keytab|length > 0
 
-    - name: Install - Check if one of password and keytab are set
+    - name: Install - Check if one of password or keytabs are set
-      fail: msg="At least one of password or keytab must be specified"
+      fail: msg="At least one of password or keytabs must be specified"
-      when: not result_ipaclient_test_keytab.krb5_keytab_ok and
+      when: not result_ipaclient_test_keytab.krb5_keytab_ok
-            (ipaadmin_password is undefined or ipaadmin_password|length == 0)
+            and ipaadmin_password is undefined
-            and (ipaclient_keytab is undefined or ipaclient_keytab|length == 0)
+            and ipaclient_keytab is undefined
     when: not ipaclient_on_master | bool
 
   - name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
@@ -188,7 +187,7 @@
       hostname: "{{ result_ipaclient_test.hostname }}"
       force_join: "{{ ipaclient_force_join | default(omit) }}"
       principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and
-                     ipaclient_keytab is not defined else '' }}"
+                     ipaclient_keytab is not defined else omit }}"
       password: "{{ ipaadmin_password | default(omit) }}"
       keytab: "{{ ipaclient_keytab | default(omit) }}"
       # ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"