-
Bug
-
Resolution: Done
-
Undefined
-
None
-
rhel-9.2.0
-
None
-
None
-
rhel-sst-idm-ipa
-
ssg_idm
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
ipahbacrule module fails to execute if hbacsvcgroup has uppercase letters.
Reproducer:
1. Given the playbook "hbac_reproducer.yml":
```
—
- name: ipahbacrule idempotence issue reproducer
host: ipaserver
become: false
gather_facts: false
tasks:
- name: Ensure hbacsvcgroup Sudo is present.
ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: Sudo
state: present
- name: Ensure hbacrule with hbacsvcgroup is present.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: reproducer
hbacgroup: sudo
- name: Ensure hbacrule with hbacsvcgroup is present.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: reproducer
hbacgroup: sudo
```
2. Execute the playbook against an IPA server:
$ ansible-playbook -i inventory hbac_reproducer.yml
3. The result will be that at least one of the 'ipahbacrule' modules will fail with message "hbacrule_add_service: hbacsvcgroup sudo: This entry is already a member".
Initial investigation:
By debugging the issue, one can see that the command in the task that succeeds is:
- ['all-users/sudo', 'hbacrule_add_service',
{'hbacsvc': [], 'hbacsvcgroup': ['sudo']}
]]
And the commands in the task that fails are:
- ['all-users/sudo', 'hbacrule_add_service',
{'hbacsvc': [], 'hbacsvcgroup': ['sudo']}
]
- ['all-users/sudo', 'hbacrule_remove_service',
{'hbacsvc': [], 'hbacsvcgroup': ['Sudo']}
]
- duplicates
-
-
- Closed
-
- external trackers
