Giters

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ipapermission gives invalid changed status in check mode and fails in execute mode

arjanoosting opened this issue · comments

commented

I am using the ipapermission module to create an additional permission but when the ipapermission is created and a rerun the playbook in check mode it gives an changed status and when running in normal mode it gives an error trying to update the permission:

TASK [configure-ipa : Create permission to read RADIUS profile attributes] *****
fatal: [REDACTED]: FAILED! => {"changed": false, "msg": "permission_mod: Read Radius Profile: no modifications to be performed"}

The task executed is

- name: Create permission to read RADIUS profile attributes
  freeipa.ansible_freeipa.ipapermission:
    name: Read Radius Profile
    state: present
    right: read
    attrs:
      - radiuscheckitem
      - radiusreplyitem
    subtree: 'cn=groups,cn=accounts,{{ ldap_suffix }}'
    filter: '(objectclass=radiusprofile)'

After some debugging i figured out that the comparision of the value of the subtree is failing as the return value from ipapython is an DN object and the module uses an string:

[debug] Ansible arguments and IPA commands differed. Different set content: {'cn=groups,cn=accounts,dc=ipa,dc=REDACTED'} {ipapython.dn.DN('cn=groups,cn=accounts,dc=ipa,dc=REDACTED')}