diff --git a/changelogs/fragments/4852-sudoers-state-absent.yml b/changelogs/fragments/4852-sudoers-state-absent.yml new file mode 100644 index 00000000000..013041a15f3 --- /dev/null +++ b/changelogs/fragments/4852-sudoers-state-absent.yml @@ -0,0 +1,2 @@ +bugfixes: + - "sudoers - fix incorrect handling of ``state: absent`` (https://github.com/ansible-collections/community.general/issues/4852)." diff --git a/plugins/modules/system/sudoers.py b/plugins/modules/system/sudoers.py index 8b8ad504058..d96716c7f99 100644 --- a/plugins/modules/system/sudoers.py +++ b/plugins/modules/system/sudoers.py @@ -168,9 +168,12 @@ def content(self): return "{owner} ALL={runas}{nopasswd} {commands}\n".format(owner=owner, runas=runas_str, nopasswd=nopasswd_str, commands=commands_str) def run(self): - if self.state == 'absent' and self.exists(): - self.delete() - return True + if self.state == 'absent': + if self.exists(): + self.delete() + return True + else: + return False if self.exists() and self.matches(): return False diff --git a/tests/integration/targets/sudoers/tasks/main.yml b/tests/integration/targets/sudoers/tasks/main.yml index 634eded7794..f3be2d80926 100644 --- a/tests/integration/targets/sudoers/tasks/main.yml +++ b/tests/integration/targets/sudoers/tasks/main.yml @@ -135,6 +135,18 @@ register: revoke_rule_1_stat +- name: Revoke non-existing rule + community.general.sudoers: + name: non-existing-rule + state: absent + register: revoke_non_existing_rule + +- name: Stat non-existing rule + ansible.builtin.stat: + path: "{{ sudoers_path }}/non-existing-rule" + register: revoke_non_existing_rule_stat + + # Run assertions - name: Check rule 1 file stat @@ -151,6 +163,7 @@ - rule_1_again is not changed - rule_5 is changed - revoke_rule_1 is changed + - revoke_non_existing_rule is not changed - name: Check contents ansible.builtin.assert: @@ -166,3 +179,4 @@ ansible.builtin.assert: that: - not revoke_rule_1_stat.stat.exists + - not revoke_non_existing_rule_stat.stat.exists