ipapermission gives invalid changed status in check mode and fails in execute mode
arjanoosting opened this issue · comments
I am using the ipapermission module to create an additional permission but when the ipapermission is created and a rerun the playbook in check mode it gives an changed status and when running in normal mode it gives an error trying to update the permission:
TASK [configure-ipa : Create permission to read RADIUS profile attributes] *****
fatal: [REDACTED]: FAILED! => {"changed": false, "msg": "permission_mod: Read Radius Profile: no modifications to be performed"}
The task executed is
- name: Create permission to read RADIUS profile attributes
freeipa.ansible_freeipa.ipapermission:
name: Read Radius Profile
state: present
right: read
attrs:
- radiuscheckitem
- radiusreplyitem
subtree: 'cn=groups,cn=accounts,{{ ldap_suffix }}'
filter: '(objectclass=radiusprofile)'
After some debugging i figured out that the comparision of the value of the subtree is failing as the return value from ipapython is an DN object and the module uses an string:
[debug] Ansible arguments and IPA commands differed. Different set content: {'cn=groups,cn=accounts,dc=ipa,dc=REDACTED'} {ipapython.dn.DN('cn=groups,cn=accounts,dc=ipa,dc=REDACTED')}