From 663f99241776441514ef0d0e32dd49406a82fdbf Mon Sep 17 00:00:00 2001 From: Packit Date: Sep 03 2020 10:11:48 +0000 Subject: Apply patch ansible-freeipa-0.1.8-ipauser-Allow-reset-of-userauthtype-do-not-depend-on-first-last-for-mod_rhbz#1784474.patch patch_name: ansible-freeipa-0.1.8-ipauser-Allow-reset-of-userauthtype-do-not-depend-on-first-last-for-mod_rhbz#1784474.patch present_in_specfile: true --- diff --git a/README-user.md b/README-user.md index 56772a7..991121c 100644 --- a/README-user.md +++ b/README-user.md @@ -408,7 +408,7 @@ Variable | Description | Required `manager` | List of manager user names. | no `carlicense` | List of car licenses. | no `sshpubkey` \| `ipasshpubkey` | List of SSH public keys. | no -`userauthtype` | List of supported user authentication types. Choices: `password`, `radius` and `otp` | no +`userauthtype` | List of supported user authentication types. Choices: `password`, `radius`, `otp` and ``. Use empty string to reset userauthtype to the initial value. | no `userclass` | User category. (semantics placed on this attribute are for local interpretation). | no `radius` | RADIUS proxy configuration | no `radiususer` | RADIUS proxy username | no diff --git a/plugins/modules/ipauser.py b/plugins/modules/ipauser.py index 3722b32..8d54759 100644 --- a/plugins/modules/ipauser.py +++ b/plugins/modules/ipauser.py @@ -153,9 +153,12 @@ options: required: false aliases: ["ipasshpubkey"] userauthtype: - description: List of supported user authentication types - choices=['password', 'radius', 'otp'] + description: + List of supported user authentication types + Use empty string to reset userauthtype to the initial value. + choices=['password', 'radius', 'otp', ''] required: false + aliases: ["ipauserauthtype"] userclass: description: - User category @@ -310,9 +313,12 @@ options: required: false aliases: ["ipasshpubkey"] userauthtype: - description: List of supported user authentication types - choices=['password', 'radius', 'otp'] + description: + List of supported user authentication types + Use empty string to reset userauthtype to the initial value. + choices=['password', 'radius', 'otp', ''] required: false + aliases: ["ipauserauthtype"] userclass: description: - User category @@ -710,7 +716,7 @@ def main(): default=None), userauthtype=dict(type='list', aliases=["ipauserauthtype"], default=None, - choices=['password', 'radius', 'otp']), + choices=['password', 'radius', 'otp', '']), userclass=dict(type="list", aliases=["class"], default=None), radius=dict(type="str", aliases=["ipatokenradiusconfiglink"], @@ -854,13 +860,6 @@ def main(): if names is not None and len(names) != 1: ansible_module.fail_json( msg="Only one user can be added at a time using name.") - if action != "member": - # Only check first and last here if names is set - if names is not None: - if first is None: - ansible_module.fail_json(msg="First name is needed") - if last is None: - ansible_module.fail_json(msg="Last name is needed") check_parameters( ansible_module, state, action, @@ -1035,6 +1034,13 @@ def main(): if "noprivate" in args: del args["noprivate"] + # Ignore userauthtype if it is empty (for resetting) + # and not set in for the user + if "ipauserauthtype" not in res_find and \ + "ipauserauthtype" in args and \ + args["ipauserauthtype"] == ['']: + del args["ipauserauthtype"] + # For all settings is args, check if there are # different settings in the find result. # If yes: modify @@ -1043,6 +1049,14 @@ def main(): commands.append([name, "user_mod", args]) else: + # Make sure we have a first and last name + if first is None: + ansible_module.fail_json( + msg="First name is needed") + if last is None: + ansible_module.fail_json( + msg="Last name is needed") + commands.append([name, "user_add", args]) # Handle members: principal, manager, certificate and