From b9c42fed9b6f60801f908c368d0d97a2a69f7bb2 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Wed, 15 Dec 2021 10:47:02 +0100
Subject: [PATCH] Config plugin: return EmptyModlist when no change is applied

When ipa config-mod is called with the option --enable-sid,
the code needs to trap EmptyModlist exception (it is expected
that no LDAP attribute is modified by this operation).
The code had a flaw and was checking:
    'enable_sid' in options
instead of
    options['enable_sid']

"'enable_sid' in options" always returns true as this option
is a Flag with a default value, hence always present even if
not specified on the command line.

Fixes: https://pagure.io/freeipa/issue/9063
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 ipaserver/plugins/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
index eae401fc3f7a1b7628eb211db206ba4bc2b36754..24446beb0b03a1510a96316eae915780817db102 100644
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -707,7 +707,7 @@ class config_mod(LDAPUpdate):
         if (isinstance(exc, errors.EmptyModlist) and
                 call_func.__name__ == 'update_entry' and
                 ('ca_renewal_master_server' in options or
-                 'enable_sid' in options)):
+                 options['enable_sid'])):
             return
 
         super(config_mod, self).exc_callback(
-- 
2.34.1