search

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
480 stars 231 forks source link

ipahost: Fix idempotency issues #1237

Closed t-woerner closed 1 month ago

t-woerner commented 1 month ago

This simplified the result_handler and also made the exception_handler superfluous.

ansible_freeipa_module: Import and provide normalize_sshpubkey

normalize_sshpubkey is imported from ipalib.util and also added to all for use in modules.

varunmylaraiah commented 1 month ago

@t-woerner I noticed that one host test is failing due to this PR. The test case is 'test_delete_host_with_incorrect_cert,' where we expect the error message 'Base64 decoding failed: Incorrect padding.' However, instead of receiving an error message, the host got deleted.

PLAY [Playbook to ensure host is not able to delete incorrect certificate] *****

 TASK [Gathering Facts] *********************************************************
 task path: /root/host_module.yml:2
 ok: [master.ipadomain.test]

 TASK [Get Domain from server name] *********************************************
 task path: /root/host_module.yml:7
 ok: [master.ipadomain.test] => {"ansible_facts": {"ipaserver_domain": "ipadomain.test"}, "changed": false}

 TASK [ipahost] *****************************************************************
 task path: /root/host_module.yml:12
 ok: [master.ipadomain.test] => {"changed": false, "host": {}}

 PLAY RECAP *********************************************************************
 master.ipadomain.test      : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
t-woerner commented 1 month ago

@t-woerner I noticed that one host test is failing due to this PR. The test case is 'test_delete_host_with_incorrect_cert,' where we expect the error message 'Base64 decoding failed: Incorrect padding.' However, instead of receiving an error message, the host got deleted.

PLAY [Playbook to ensure host is not able to delete incorrect certificate] *****

 TASK [Gathering Facts] *********************************************************
 task path: /root/host_module.yml:2
 ok: [master.ipadomain.test]

 TASK [Get Domain from server name] *********************************************
 task path: /root/host_module.yml:7
 ok: [master.ipadomain.test] => {"ansible_facts": {"ipaserver_domain": "ipadomain.test"}, "changed": false}

 TASK [ipahost] *****************************************************************
 task path: /root/host_module.yml:12
 ok: [master.ipadomain.test] => {"changed": false, "host": {}}

 PLAY RECAP *********************************************************************
 master.ipadomain.test      : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

This is expected due to the new convert_certificate that elimitates all leading and trailing white space for certificates.