Merge pull request #1022 from t-woerner/pwpolicy_bool_checks

pwpolicy: Fix new bool checks for IPA prior to 4.9.10
freeipa · Jan 17, 2023 · 7b470ce · 7b470ce
2 parents 77f5d87 + 9108065
commit 7b470ce
Showing 1 changed file with 19 additions and 7 deletions.
diff --git a/plugins/modules/ipapwpolicy.py b/plugins/modules/ipapwpolicy.py
@@ -171,7 +171,8 @@ def find_pwpolicy(module, name):
     return None
 
 
-def gen_args(maxlife, minlife, history, minclasses, minlength, priority,
+def gen_args(module,
+             maxlife, minlife, history, minclasses, minlength, priority,
              maxfail, failinterval, lockouttime, maxrepeat, maxsequence,
              dictcheck, usercheck, gracelimit):
     _args = {}
@@ -198,9 +199,19 @@ def gen_args(maxlife, minlife, history, minclasses, minlength, priority,
     if maxsequence is not None:
         _args["ipapwdmaxrsequence"] = maxsequence
     if dictcheck is not None:
-        _args["ipapwddictcheck"] = dictcheck
+        if module.ipa_check_version("<", "4.9.10"):
+            # Allowed values: "TRUE", "FALSE", ""
+            _args["ipapwddictcheck"] = "TRUE" if dictcheck is True else \
+                "FALSE" if dictcheck is False else dictcheck
+        else:
+            _args["ipapwddictcheck"] = dictcheck
     if usercheck is not None:
-        _args["ipapwdusercheck"] = usercheck
+        if module.ipa_check_version("<", "4.9.10"):
+            # Allowed values: "TRUE", "FALSE", ""
+            _args["ipapwdusercheck"] = "TRUE" if usercheck is True else \
+                "FALSE" if usercheck is False else usercheck
+        else:
+            _args["ipapwdusercheck"] = usercheck
     if gracelimit is not None:
         _args["passwordgracelimit"] = gracelimit
 
@@ -349,7 +360,7 @@ def int_or_empty_param(value, param):
     maxsequence = int_or_empty_param(maxsequence, "maxsequence")
     gracelimit = int_or_empty_param(gracelimit, "gracelimit")
 
-    def bool_param(value, param):  # pylint: disable=R1710
+    def bool_or_empty_param(value, param):  # pylint: disable=R1710
         # As of Ansible 2.14, values True, False, Yes an No, with variable
         # capitalization are accepted by Ansible.
         if not value:
@@ -362,8 +373,8 @@ def bool_param(value, param):  # pylint: disable=R1710
             msg="Invalid value '%s' for argument '%s'." % (value, param)
         )
 
-    dictcheck = bool_param(dictcheck, "dictcheck")
-    usercheck = bool_param(usercheck, "usercheck")
+    dictcheck = bool_or_empty_param(dictcheck, "dictcheck")
+    usercheck = bool_or_empty_param(usercheck, "usercheck")
 
     # Ensure gracelimit has proper limit.
     if gracelimit:
@@ -392,7 +403,8 @@ def bool_param(value, param):  # pylint: disable=R1710
             # Create command
             if state == "present":
                 # Generate args
-                args = gen_args(maxlife, minlife, history, minclasses,
+                args = gen_args(ansible_module,
+                                maxlife, minlife, history, minclasses,
                                 minlength, priority, maxfail, failinterval,
                                 lockouttime, maxrepeat, maxsequence, dictcheck,
                                 usercheck, gracelimit)