[PR #11487/5eaa22b0 backport][stable-12] ipa_host: fix errors when disabling host (#11789)

ipa_host: fix errors when disabling host (#11487) * fix errors when disabling host - Fix the logic to actually allow disabling hosts - Fix the dict != string error when error does happen - Add has_keytab to returned dicts to allow users see if host is disabled or not * Add changelog-fragments * Run formatters * More formatting * Remove feature, only fix the logic * Update changelogs/fragments/11487-ipa-host-fix-disable.yml * Update changelogs/fragments/11487-ipa-host-fix-disable.yml * Back to fstring * Update plugins/modules/ipa_host.py * Use more Pythonic way to for if * Nox * Revert back to working if * Simplify if * Remove extra get --------- (cherry picked from commit 5eaa22b067) Co-authored-by: quasd <quasd@users.noreply.github.com> Co-authored-by: quasd <1747330+quasd@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2026-04-13 04:11:00 +00:00 · 2026-04-12 13:37:56 +02:00
parent 59fe80ef94
commit 8fe227d456
2 changed files with 14 additions and 8 deletions
--- a/changelogs/fragments/11487-ipa-host-fix-disable.yml
+++ b/changelogs/fragments/11487-ipa-host-fix-disable.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - ipa_host - fix logic to disable existing hosts (https://github.com/ansible-collections/community.general/issues/11483, https://github.com/ansible-collections/community.general/pull/11487).
--- a/plugins/modules/ipa_host.py
+++ b/plugins/modules/ipa_host.py
@@ -289,11 +289,15 @@ def ensure(module, client):
                # so, return directly from here.
                return changed, client.host_add(name=name, host=module_host)
        else:
-            if state in ["disabled", "enabled"]:
-                module.fail_json(msg=f"No host with name {ipa_host} found")
+            if not ipa_host and state in ["disabled", "enabled"]:
+                module.fail_json(msg=f"No host with name {name} found")

            diff = get_host_diff(client, ipa_host, module_host)
-            if len(diff) > 0:
+            ipa_host_show = client.host_show(name=name)
+            host_needs_to_be_disabled = ipa_host_show.get("has_keytab", True) and (
+                module.params["random_password"] or state == "disabled"
+            )
+            if diff or host_needs_to_be_disabled:
                changed = True
                if not module.check_mode:
                    data = {}
@@ -301,12 +305,12 @@ def ensure(module, client):
                        data[key] = module_host.get(key)
                    if "usercertificate" not in data:
                        data["usercertificate"] = [cert["__base64__"] for cert in ipa_host.get("usercertificate", [])]
-                    ipa_host_show = client.host_show(name=name)
-                    if ipa_host_show.get("has_keytab", True) and (
-                        state == "disabled" or module.params.get("random_password")
-                    ):
+                    if host_needs_to_be_disabled:
                        client.host_disable(name=name)
-                    return changed, client.host_mod(name=name, host=data)
+                    if diff:
+                        return changed, client.host_mod(name=name, host=data)
+                    else:
+                        return changed, client.host_find(name=name)
    elif state == "absent":
        if ipa_host:
            changed = True