From 544da3d0c8eb67e190c6e3ebc61c7484e94e91de Mon Sep 17 00:00:00 2001 From: quasd Date: Mon, 9 Feb 2026 16:18:20 +0200 Subject: [PATCH] fix errors when disabling host - Fix the logic to actually allow disabling hosts - Fix the dict != string error when error does happen - Add has_keytab to returned dicts to allow users see if host is disabled or not --- plugins/modules/ipa_host.py | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/plugins/modules/ipa_host.py b/plugins/modules/ipa_host.py index 6a120167dd..77f6f01844 100644 --- a/plugins/modules/ipa_host.py +++ b/plugins/modules/ipa_host.py @@ -192,17 +192,24 @@ class HostIPAClient(IPAClient): def __init__(self, module, host, port, protocol): super().__init__(module, host, port, protocol) + def _append_keytab_status(self, result, name): + """Append has_keytab status to result from host_show""" + if result: + show_result = self.host_show(name=name) + result["has_keytab"] = show_result.get("has_keytab", False) + return result + def host_show(self, name): return self._post_json(method="host_show", name=name) def host_find(self, name): - return self._post_json(method="host_find", name=None, item={"all": True, "fqdn": name}) + return self._append_keytab_status(self._post_json(method="host_find", name=None, item={"all": True, "fqdn": name}), name) def host_add(self, name, host): - return self._post_json(method="host_add", name=name, item=host) + return self._append_keytab_status(self._post_json(method="host_add", name=name, item=host), name) def host_mod(self, name, host): - return self._post_json(method="host_mod", name=name, item=host) + return self._append_keytab_status(self._post_json(method="host_mod", name=name, item=host), name) def host_del(self, name, update_dns): return self._post_json(method="host_del", name=name, item={"updatedns": update_dns}) @@ -289,11 +296,19 @@ def ensure(module, client): # so, return directly from here. return changed, client.host_add(name=name, host=module_host) else: - if state in ["disabled", "enabled"]: - module.fail_json(msg=f"No host with name {ipa_host} found") + if not ipa_host and state in ["disabled", "enabled"]: + module.fail_json(msg="No host with name " + name + " found") diff = get_host_diff(client, ipa_host, module_host) - if len(diff) > 0: + host_needs_to_be_disabled = ( + True + if ( + ipa_host.get("has_keytab", True) + and (state == "disabled" or module.params.get("random_password")) + ) + else False + ) + if len(diff) > 0 or host_needs_to_be_disabled: changed = True if not module.check_mode: data = {} @@ -301,12 +316,12 @@ def ensure(module, client): data[key] = module_host.get(key) if "usercertificate" not in data: data["usercertificate"] = [cert["__base64__"] for cert in ipa_host.get("usercertificate", [])] - ipa_host_show = client.host_show(name=name) - if ipa_host_show.get("has_keytab", True) and ( - state == "disabled" or module.params.get("random_password") - ): + if host_needs_to_be_disabled: client.host_disable(name=name) - return changed, client.host_mod(name=name, host=data) + if len(diff) > 0: + return changed, client.host_mod(name=name, host=data) + else: + return changed, client.host_find(name=name) elif state == "absent": if ipa_host: changed = True