Fix creation of privilege with permissions.

Module was raising exceptions when trying to create a new privilege with permissions. This change fixes the behavior and ensuure idempotence with trying to create a privilege with the same values. Tests for this behavior have been appended to: tests/privilege/test_privilege.yml
2026-05-06 13:23:14 +00:00 · 2021-04-13 19:16:39 -03:00
parent c17e9fe24a
commit f4a8cf4ec7
2 changed files with 34 additions and 2 deletions
--- a/plugins/modules/ipaprivilege.py
+++ b/plugins/modules/ipaprivilege.py
@@ -234,14 +234,22 @@ def main():
                if action == "privilege":
                    # Found the privilege
                    if res_find is not None:
+                        res_cmp = {
+                            k: v for k, v in res_find.items()
+                            if k not in [
+                                "objectclass", "cn", "dn",
+                                "memberof_permisssion"
+                            ]
+                        }
                        # For all settings is args, check if there are
                        # different settings in the find result.
                        # If yes: modify
-                        if not compare_args_ipa(ansible_module, args,
-                                                res_find):
+                        if args and not compare_args_ipa(ansible_module, args,
+                                                         res_cmp):
                            commands.append([name, "privilege_mod", args])
                    else:
                        commands.append([name, "privilege_add", args])
+                        res_find = {}

                    member_args = {}
                    if permission:
--- a/tests/privilege/test_privilege.yml
+++ b/tests/privilege/test_privilege.yml
@@ -140,6 +140,30 @@
    register: result
    failed_when: result.changed or result.failed

+  - name: Ensure "Broad Privilege" is absent.
+    ipaprivilege:
+      ipaadmin_password: SomeADMINpassword
+      name: Broad Privilege
+      state: absent
+
+  - name: Ensure privilege Broad Privilege is created with permission. (issue 529)
+    ipaprivilege:
+      ipaadmin_password: SomeADMINpassword
+      name: Broad Privilege
+      permission:
+      - "Write IPA Configuration"
+    register: result
+    failed_when: not result.changed or result.failed
+
+  - name: Ensure privilege Broad Privilege is created with permission, again. (issue 529)
+    ipaprivilege:
+      ipaadmin_password: SomeADMINpassword
+      name: Broad Privilege
+      permission:
+      - "Write IPA Configuration"
+    register: result
+    failed_when: result.changed or result.failed
+
  # CLEANUP TEST ITEMS

  - name: Ensure privilege testing privileges are absent