From 3627aa3391be74bf4bfcb5a25854b75938a16c14 Mon Sep 17 00:00:00 2001
From: James Cassell <code@james.cassell.me>
Date: Fri, 29 Jun 2018 17:34:20 -0400
Subject: [PATCH] pamd module regression fix (#42025)

* pamd: typo fix sufficicent->sufficient

* pamd: is_valid is a property, not a method; return a tuple

* pamd: define is_valid for all PamdLine classes

* pamd: use validate() for verbose errors, define generically

* pamd: PamdRule: rule_control is always str, use _control

Fixes https://github.com/ansible/ansible/issues/41179
---
 lib/ansible/modules/system/pamd.py | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/lib/ansible/modules/system/pamd.py b/lib/ansible/modules/system/pamd.py
index 56a805dc407..59add7fb650 100644
--- a/lib/ansible/modules/system/pamd.py
+++ b/lib/ansible/modules/system/pamd.py
@@ -290,6 +290,17 @@ class PamdLine(object):
         self.prev = None
         self.next = None
 
+    @property
+    def is_valid(self):
+        if self.line == '':
+            return True
+        return False
+
+    def validate(self):
+        if not self.is_valid:
+            return False, "Rule is not valid " + self.line
+        return True, "Rule is valid " + self.line
+
     # Method to check if a rule matches the type, control and path.
     def matches(self, rule_type, rule_control, rule_path, rule_args=None):
         return False
@@ -324,7 +335,7 @@ class PamdInclude(PamdLine):
 class PamdRule(PamdLine):
 
     valid_types = ['account', 'auth', 'password', 'session']
-    valid_simple_controls = ['required', 'requisite', 'sufficicent', 'optional', 'include', 'substack']
+    valid_simple_controls = ['required', 'requisite', 'sufficient', 'optional', 'include', 'substack']
     valid_control_values = ['success', 'open_err', 'symbol_err', 'service_err', 'system_err', 'buf_err',
                             'perm_denied', 'auth_err', 'cred_insufficient', 'authinfo_unavail', 'user_unknown',
                             'maxtries', 'new_authtok_reqd', 'acct_expired', 'session_err', 'cred_unavail',
@@ -405,15 +416,19 @@ class PamdRule(PamdLine):
             return True
         return False
 
+    @property
+    def is_valid(self):
+        return self.validate()[0]
+
     def validate(self):
         # Validate the rule type
         if self.rule_type not in PamdRule.valid_types:
             return False, "Rule type, " + self.rule_type + ", is not valid in rule " + self.line
         # Validate the rule control
-        if isinstance(self.rule_control, str) and self.rule_control not in PamdRule.valid_simple_controls:
+        if isinstance(self._control, str) and self.rule_control not in PamdRule.valid_simple_controls:
             return False, "Rule control, " + self.rule_control + ", is not valid in rule " + self.line
-        elif isinstance(self.rule_control, list):
-            for control in self.rule_control:
+        elif isinstance(self._control, list):
+            for control in self._control:
                 value, action = control.split("=")
                 if value not in PamdRule.valid_control_values:
                     return False, "Rule control value, " + value + ", is not valid in rule " + self.line
@@ -653,8 +668,8 @@ class PamdService(object):
         current_line = self._head
 
         while current_line is not None:
-            if not current_line.is_valid()[0]:
-                return current_line.is_valid()
+            if not current_line.validate()[0]:
+                return current_line.validate()
             current_line = current_line.next
         return True, "Module is valid"