[PR #11933/c4fc0ff4 backport][stable-12] ipa_group: fix idempotency when external: false on existing non-external group (#11987)

ipa_group: fix idempotency when `external: false` on existing non-external group (#11933)

* fix(ipa_group): skip group_mod when external flag matches IPA state

When external=false (the default), get_group_diff() left the external
key in the diff even though the group was already non-external, causing
a spurious group_mod call that IPA rejected with "no modifications to
be performed". The fix checks equality in both directions.

Fixes #5061

* fix(ipa_group): add changelog fragment for PR 11933

* add quoting to fragment

(cherry picked from commit c4fc0ff4e1)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

plugins/modules/ipa_group.py

@@ -238,7 +238,8 @@ def get_group_diff(client, ipa_group, module_group):
         del module_group["nonposix"]
 
     if "external" in module_group:
-        if module_group["external"] and "ipaexternalgroup" in ipa_group.get("objectclass"):
+        is_external_in_ipa = "ipaexternalgroup" in ipa_group.get("objectclass", [])
+        if module_group["external"] == is_external_in_ipa:
             del module_group["external"]
 
     return client.get_diff(ipa_data=ipa_group, module_data=module_group)