Issue

ipahbacrule module fails to execute if hbacsvcgroup has uppercase letters. Reproducer: 1. Given the playbook "hbac_reproducer.yml": ``` — name: ipahbacrule idempotence issue reproducer host: ipaserver become: false gather_facts: false tasks: name: Ensure hbacsvcgroup Sudo is present. ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: Sudo state: present name: Ensure hbacrule with hbacsvcgroup is present. ipahbacrule: ipaadmin_password: SomeADMINpassword name: reproducer hbacgroup: sudo name: Ensure hbacrule with hbacsvcgroup is present. ipahbacrule: ipaadmin_password: SomeADMINpassword name: reproducer hbacgroup: sudo ``` 2. Execute the playbook against an IPA server: $ ansible-playbook -i inventory hbac_reproducer.yml 3. The result will be that at least one of the 'ipahbacrule' modules will fail with message "hbacrule_add_service: hbacsvcgroup sudo: This entry is already a member". Initial investigation: By debugging the issue, one can see that the command in the task that succeeds is: ['all-users/sudo', 'hbacrule_add_service', {'hbacsvc': [], 'hbacsvcgroup': ['sudo']} ]] And the commands in the task that fails are: ['all-users/sudo', 'hbacrule_add_service', {'hbacsvc': [], 'hbacsvcgroup': ['sudo']} ] ['all-users/sudo', 'hbacrule_remove_service', {'hbacsvc': [], 'hbacsvcgroup': ['Sudo']} ]

Release Notes

No. of Comments

Resolution

Done