ipa_host: Maintain the host certificates (#9694)

* ipa_host: Maintain the host certificates Fix #9693 * Add changelog fragment * Fix changelog message * Fix changelog message again (cherry picked from commit d5add1ed9f)
2025-02-10 22:02:52 +01:00 · 2025-02-10 22:02:52 +01:00 · 165f09d90a
parent f9e4bc85e9
commit 165f09d90a
2 changed files with 6 additions and 0 deletions
--- a/changelogs/fragments/9694-ipa-host-certificate-revoked.yml
+++ b/changelogs/fragments/9694-ipa-host-certificate-revoked.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - ipa_host - module revoked existing host certificates even if ``user_certificate`` was not given (https://github.com/ansible-collections/community.general/pull/9694).
--- a/plugins/modules/ipa_host.py
+++ b/plugins/modules/ipa_host.py
@ -272,6 +272,10 @@ def ensure(module, client):
                    data = {}
                    for key in diff:
                        data[key] = module_host.get(key)
+                    if "usercertificate" not in data:
+                        data["usercertificate"] = [
+                            cert['__base64__'] for cert in ipa_host.get("usercertificate", [])
+                        ]
                    ipa_host_show = client.host_show(name=name)
                    if ipa_host_show.get('has_keytab', True) and (state == 'disabled' or module.params.get('random_password')):
                        client.host_disable(name=name)