a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ipa_host: Maintain the host certificates (#9694) 

* ipa_host: Maintain the host certificates

Fix #9693

* Add changelog fragment

* Fix changelog message

* Fix changelog message again

(cherry picked from commit d5add1ed9f)
patchback/backports/stable-9/d5add1ed9f3addb4c99f6c3aae9002f033a8e9e7/pr-9694
sedrubal 2025-02-10 22:02:52 +01:00 committed by patchback[bot]
parent f9e4bc85e9
commit 165f09d90a
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/9694-ipa-host-certificate-revoked.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- ipa_host - module revoked existing host certificates even if ``user_certificate`` was not given (https://github.com/ansible-collections/community.general/pull/9694).

4
plugins/modules/ipa_host.py
View File

@ -272,6 +272,10 @@ def ensure(module, client):
data = {} data = {}
for key in diff: for key in diff:
data[key] = module_host.get(key) data[key] = module_host.get(key)
if "usercertificate" not in data:
data["usercertificate"] = [
cert['__base64__'] for cert in ipa_host.get("usercertificate", [])
]
ipa_host_show = client.host_show(name=name) ipa_host_show = client.host_show(name=name)
if ipa_host_show.get('has_keytab', True) and (state == 'disabled' or module.params.get('random_password')): if ipa_host_show.get('has_keytab', True) and (state == 'disabled' or module.params.get('random_password')):
client.host_disable(name=name) client.host_disable(name=name)