Merge pull request #773 from t-woerner/servicedelegation_do_no_fail_on_not_existing_members_with_state_absent

servicedelegation: Do not fail for not existing members with state absent
2026-05-06 13:23:14 +00:00 · 2022-02-14 18:10:46 -03:00
parent 892cb037eb 8010d19be9
commit e681f25e5c
5 changed files with 50 additions and 10 deletions
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -551,7 +551,8 @@ else:
            return False
        return True

-    def servicedelegation_normalize_principals(module, principal):
+    def servicedelegation_normalize_principals(module, principal,
+                                               check_exists=False):
        """
        Normalize servicedelegation principals.

@@ -620,12 +621,13 @@ else:
                    _host = _host[:-len(realm) - 1]

                # Seach for host
-                if not _check_exists(module, "host", _host):
+                if check_exists and not _check_exists(module, "host", _host):
                    module.fail_json(msg="Host '%s' does not exist" % _host)

            # Check the service principal exists
            else:
-                if not _check_exists(module, "service", princ):
+                if check_exists and \
+                   not _check_exists(module, "service", princ):
                    module.fail_json(msg="Service %s does not exist" % princ)

            _principal.append(princ)
--- a/plugins/modules/ipaservicedelegationrule.py
+++ b/plugins/modules/ipaservicedelegationrule.py
@@ -221,9 +221,9 @@ def main():

        # Normalize principals
        if principal:
-            principal = servicedelegation_normalize_principals(ansible_module,
-                                                               principal)
-        if target:
+            principal = servicedelegation_normalize_principals(
+                ansible_module, principal, state == "present")
+        if target and state == "present":
            check_targets(ansible_module, target)

        commands = []
--- a/plugins/modules/ipaservicedelegationtarget.py
+++ b/plugins/modules/ipaservicedelegationtarget.py
@@ -177,8 +177,8 @@ def main():

        # Normalize principals
        if principal:
-            principal = servicedelegation_normalize_principals(ansible_module,
-                                                               principal)
+            principal = servicedelegation_normalize_principals(
+                ansible_module, principal, state == "present")

        commands = []
        principal_add = principal_del = []
--- a/tests/servicedelegationrule/test_servicedelegationrule.yml
+++ b/tests/servicedelegationrule/test_servicedelegationrule.yml
@@ -21,7 +21,9 @@
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
-      name: "{{ 'test-service/' + ansible_facts['fqdn'] }}"
+      name:
+      - "{{ 'test-service/' + ansible_facts['fqdn'] }}"
+      - "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
      state: absent
      continue: yes

@@ -29,7 +31,9 @@
    ipaservicedelegationtarget:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
-      name: test-delegation-target
+      name:
+      - test-delegation-target
+      - not-existing-test-delegation-target
      state: absent

  # CREATE TEST ITEMS
@@ -68,6 +72,28 @@
    register: result
    failed_when: result.changed or result.failed

+  - name: Do not fail to ensure absence of not existing servicedelegationrule test-delegation-rule member principal
+    ipaservicedelegationrule:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: test-delegation-rule
+      principal: "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
+  - name: Do not fail to ensure absence of not existing servicedelegationrule test-delegation-rule member target
+    ipaservicedelegationrule:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: test-delegation-rule
+      target: not-existing-test-delegation-target
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: Ensure servicedelegationrule test-delegation-rule member target test-delegation-target is present
    ipaservicedelegationrule:
      ipaadmin_password: SomeADMINpassword
--- a/tests/servicedelegationtarget/test_servicedelegationtarget.yml
+++ b/tests/servicedelegationtarget/test_servicedelegationtarget.yml
@@ -25,6 +25,7 @@
      - "{{ 'test-service1/' + ansible_facts['fqdn'] }}"
      - "{{ 'test-service2/' + ansible_facts['fqdn'] }}"
      - "{{ 'test-service3/' + ansible_facts['fqdn'] }}"
+      - "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
      state: absent
      continue: yes

@@ -72,6 +73,17 @@
    register: result
    failed_when: result.changed or result.failed

+  - name: Do not fail to ensure absence of not existing servicedelegationtarget test-delegation-target member principal
+    ipaservicedelegationtarget:
+      ipaadmin_password: SomeADMINpassword
+      ipaapi_context: "{{ ipa_context | default(omit) }}"
+      name: test-delegation-target
+      principal: "{{ 'not-existing-test-service/' + ansible_facts['fqdn'] }}"
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed or result.failed
+
  - name: Ensure servicedelegationtarget test-delegation-target member principal "{{ 'test-service1/' + ansible_facts['fqdn'] }}" is present
    ipaservicedelegationtarget:
      ipaadmin_password: SomeADMINpassword