ipadelegation: Fix idempotence issues due to capitalization.

This patch force processing of permission, attribute and group attributes in lower case, to match behavior of IPA CLI, transforming all of them into lowercase characters. The new behavior fixes idempotence issues when mixing different capitalization in different tasks for the same attribute. A new test playbook is avaiable at: tests/delegation/test_delegation_member_case_insensitive.yml
2026-05-08 22:34:26 +00:00 · 2022-02-07 14:54:14 -03:00
parent c0c3394d8d
commit e9c6e93608
2 changed files with 241 additions and 19 deletions
--- a/plugins/modules/ipadelegation.py
+++ b/plugins/modules/ipadelegation.py
@@ -180,10 +180,10 @@ def main():
    names = ansible_module.params_get("name")

    # present
-    permission = ansible_module.params_get("permission")
-    attribute = ansible_module.params_get("attribute")
+    permission = ansible_module.params_get_lowercase("permission")
+    attribute = ansible_module.params_get_lowercase("attribute")
    membergroup = ansible_module.params_get("membergroup")
-    group = ansible_module.params_get("group")
+    group = ansible_module.params_get_lowercase("group")
    action = ansible_module.params_get("action")
    # state
    state = ansible_module.params_get("state")
@@ -233,6 +233,7 @@ def main():

        commands = []
        for name in names:
+            args = {}
            # Make sure delegation exists
            res_find = find_delegation(ansible_module, name)

@@ -244,14 +245,7 @@ def main():

                if action == "delegation":
                    # Found the delegation
-                    if res_find is not None:
-                        # For all settings is args, check if there are
-                        # different settings in the find result.
-                        # If yes: modify
-                        if not compare_args_ipa(ansible_module, args,
-                                                res_find):
-                            commands.append([name, "delegation_mod", args])
-                    else:
+                    if res_find is None:
                        commands.append([name, "delegation_add", args])

                elif action == "member":
@@ -265,9 +259,7 @@ def main():
                    # New attribute list (add given ones to find result)
                    # Make list with unique entries
                    attrs = list(set(list(res_find["attrs"]) + attribute))
-                    if len(attrs) > len(res_find["attrs"]):
-                        commands.append([name, "delegation_mod",
-                                         {"attrs": attrs}])
+                    args["attrs"] = attrs

            elif state == "absent":
                if action == "delegation":
@@ -288,15 +280,18 @@ def main():
                    if len(attrs) < 1:
                        ansible_module.fail_json(
                            msg="At minimum one attribute is needed.")
-
-                    # Entries New number of attributes is smaller
-                    if len(attrs) < len(res_find["attrs"]):
-                        commands.append([name, "delegation_mod",
-                                         {"attrs": attrs}])
+                    args["attrs"] = attrs

            else:
                ansible_module.fail_json(msg="Unkown state '%s'" % state)

+            # Manage members
+            if (
+                args and res_find and
+                not compare_args_ipa(ansible_module, args, res_find)
+            ):
+                commands.append([name, "delegation_mod", args])
+
        # Execute commands

        changed = ansible_module.execute_ipa_commands(commands)