internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-07 22:02:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipa_group: fix idempotency when external: false on existing non-external group (#11933)

Browse Source 
* fix(ipa_group): skip group_mod when external flag matches IPA state

When external=false (the default), get_group_diff() left the external
key in the diff even though the group was already non-external, causing
a spurious group_mod call that IPA rejected with "no modifications to
be performed". The fix checks equality in both directions.

Fixes #5061

* fix(ipa_group): add changelog fragment for PR 11933

* add quoting to fragment
This commit is contained in:
Alexei Znamensky
2026-05-04 07:27:00 +12:00
committed by GitHub
parent de42aec78b
commit c4fc0ff4e1
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/11933-ipa-group-external-no-fix.yml Normal file
View File

@@ -0,0 +1,2 @@
bugfixes:
- "ipa_group - fix idempotency when ``external: false`` on an existing non-external group (https://github.com/ansible-collections/community.general/issues/5061, https://github.com/ansible-collections/community.general/pull/11933)."

3
plugins/modules/ipa_group.py
View File

@@ -238,7 +238,8 @@ def get_group_diff(client, ipa_group, module_group):
del module_group["nonposix"] del module_group["nonposix"]
if "external" in module_group: if "external" in module_group:
if module_group["external"] and "ipaexternalgroup" in ipa_group.get("objectclass"): is_external_in_ipa = "ipaexternalgroup" in ipa_group.get("objectclass", [])
if module_group["external"] == is_external_in_ipa:
del module_group["external"] del module_group["external"]
return client.get_diff(ipa_data=ipa_group, module_data=module_group) return client.get_diff(ipa_data=ipa_group, module_data=module_group)