fix: fix code to check for idempotency

richm · richm · commit 25188a742283 · 2024-10-17T07:34:42.000-06:00
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -9,18 +9,14 @@
 #  no_log: true
   when: sudo_check_if_configured | bool
 
-- name: Compare
-  set_fact:
-    comparison_result: "{{ ansible_facts['sudoers'].sudoers_files
-              | combine({'include_files': omit})
-              == sudo_sudoers_files }}"
-  when: sudo_check_if_configured | bool
-
-- name: Sudo is already configured
+- name: Sudo is already configured - skip rest of role
   ansible.builtin.meta: end_host
   when:
-    - (comparison_result | default(false))  | bool
+    - __actual == sudo_sudoers_files
     - sudo_check_if_configured | bool
+  vars:
+    __actual: "{{ ansible_facts['sudoers'].sudoers_files | map('dict2items') |
+      map('rejectattr', 'key', 'match', '^include_files$') | map('items2dict') }}"
 
 - name: Ensure sudo is installed
   package:
diff --git a/tests/roles/linux-system-roles.sudo/handlers b/tests/roles/linux-system-roles.sudo/handlers
diff --git a/tests/roles/linux-system-roles.sudo/library b/tests/roles/linux-system-roles.sudo/library
@@ -0,0 +1 @@
+../../../library/
diff --git a/tests/tests_check_if_configured.yml b/tests/tests_check_if_configured.yml
@@ -9,7 +9,6 @@
         - name: Test setup
           include_tasks: tasks/setup.yml
 
-
         - name: Install new sudoers file
           ansible.builtin.copy:
             src: files/tests_default_sudoers.in  # Local file path
@@ -18,31 +17,27 @@
             group: root
             mode: '0440'                    # Correct permission for the sudoers file
 
-
-        - name: print file
+        - name: Print file
           command: cat /etc/sudoers
-
-
-        - name: Check if the directory exists
-          stat:
-            path: /path/to/directory
-          register: dir_stat
-
+          changed_when: false
 
         - name: Remove all files from sudoers.d directory
-          ansible.builtin.file:
-              path: /etc/sudoers.d
-              state: absent                   # Recursively remove the entire directory
-          when: dir_stat.stat.exists
-
+          shell: |
+            set -euxo pipefail
+            for file in /etc/sudoers.d/*; do
+              if [ -f "$file" ]; then
+                rm "$file"
+              fi
+            done
+          changed_when: true
 
         - name: Run the role
           include_role:
             name: linux-system-roles.sudo
           vars:
             sudo_check_if_configured: true
 
-        - name: Check header for ansible_managed, fingerprint
+        - name: Check that there is no header for ansible_managed, fingerprint
           include_tasks: tasks/check_not_present_header.yml
           vars:
             __file: /etc/sudoers
