From 2e6819354f96a0b5205dbbd31659bf02bd479f21 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Tue, 16 Feb 2021 19:20:29 +0100
Subject: [PATCH] ipa/client: Don't trip over undefined group vars

With set_facts, if an element of a list is undefined, the containing
fact variable becomes a string. Something Sirius Cybernetics Corporation
something something.

Signed-off-by: Nils Philippsen <nils@redhat.com>
---
 roles/ipa/client/tasks/common.yml           |  6 +++---
 roles/ipa/client/tasks/hbac.yml             |  2 +-
 roles/ipa/client/tasks/prepare-ipa-info.yml | 10 +---------
 roles/ipa/client/tasks/sudo.yml             |  2 +-
 4 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/roles/ipa/client/tasks/common.yml b/roles/ipa/client/tasks/common.yml
index b064783769..76326af053 100644
--- a/roles/ipa/client/tasks/common.yml
+++ b/roles/ipa/client/tasks/common.yml
@@ -36,6 +36,6 @@
     ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}"
     action: member
     state: present
-    host: "{{ item[4] | list }}"
-  loop: "{{ ipa_server_host_user_groups_hosts }}"
-  when: ipa_server_host_user_groups_hosts is defined
+    host: "{{ item[2] | list }}"
+  loop: "{{ ipa_server_host_groups_hosts }}"
+  when: ipa_server_host_groups_hosts is defined
diff --git a/roles/ipa/client/tasks/hbac.yml b/roles/ipa/client/tasks/hbac.yml
index a453645fd2..ef21c2cafc 100644
--- a/roles/ipa/client/tasks/hbac.yml
+++ b/roles/ipa/client/tasks/hbac.yml
@@ -120,4 +120,4 @@
     state: present
     group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] }}"
   loop: "{{ ipa_server_host_groups }}"
-  when: ipa_server_host_groups is defined
+  when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] is defined
diff --git a/roles/ipa/client/tasks/prepare-ipa-info.yml b/roles/ipa/client/tasks/prepare-ipa-info.yml
index 54cf952095..cf8df73849 100644
--- a/roles/ipa/client/tasks/prepare-ipa-info.yml
+++ b/roles/ipa/client/tasks/prepare-ipa-info.yml
@@ -120,28 +120,22 @@
   loop: "{{ ipa_server_all_groups_hosts_dict | dict2items }}"
   when: ipa_server_all_groups_hosts_dict is defined
 
-# ipa_server_host_user_groups_hosts ->
+# ipa_server_host_groups_hosts ->
 #   [
 #     [
 #       "ipa_server_1",
 #       "host_group_1",
-#       ["user_group_1", ...],  # <-- shell access user groups
-#       ["user_group_2", ...],  # <-- sudo access user groups
 #       ["host_1", ...],
 #     ],
 #     [
 #       "ipa_server_1",
 #       "host_group_2",
-#       ["user_group_3", ...],
-#       ["user_group_4", ...],
 #       ["host_2", ...],
 #     ],
 #     ...
 #     [
 #       "ipa_server_2",
 #       "host_group_1",
-#       ["user_group_5", ...],
-#       ["user_group_6", ...],
 #       ["host_3", ...],
 #     ],
 #     ...
@@ -155,8 +149,6 @@
             [
               item[0],
               item[1],
-              ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'],
-              ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'],
               ipa_server_host_groups_dict[item[0]][item[1]]['hosts'] | list,
             ]
           ]
diff --git a/roles/ipa/client/tasks/sudo.yml b/roles/ipa/client/tasks/sudo.yml
index 2f1afa0003..8507c69b34 100644
--- a/roles/ipa/client/tasks/sudo.yml
+++ b/roles/ipa/client/tasks/sudo.yml
@@ -31,4 +31,4 @@
     runasusercategory: "all"
     runasgroupcategory: "all"
   loop: "{{ ipa_server_host_groups }}"
-  when: ipa_server_host_groups is defined
+  when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] is defined