acl: now fails gracefully when nfsv4 permissions are missing (fixes #679)

changelogs/fragments/679-acl-nfsv4-typeerror.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - acl - fix a `TypeError` crash when `use_nfsv4_acls=true` and `permissions` are omitted by adding a validation check that fails gracefully with a helpful message (https://github.com/ansible-collections/ansible.posix/issues/679).

plugins/modules/acl.py

@@ -335,6 +335,9 @@ def main():
         if state == 'absent' and permissions and not use_nfsv4_acls:
             module.fail_json(msg="'permissions' MUST NOT be set when 'state=absent'.")
 
+        if use_nfsv4_acls and state in ['present', 'absent'] and permissions is None:
+            module.fail_json(msg="The 'permissions' parameter is required when 'use_nfsv4_acls' is true.")
+
         if state == 'absent' and not entity:
             module.fail_json(msg="'entity' MUST be set when 'state=absent'.")
 

tests/integration/targets/acl/tasks/acl.yml

@@ -249,3 +249,21 @@
       - "'default:mask::rwx' in getfacl_output.stdout_lines"
       - "'default:other::r-x' in getfacl_output.stdout_lines"
       - "'default:group:{{ test_group }}:rw-' not in getfacl_output.stdout_lines"
+
+- name: Trigger acl module with NFSv4 and no permissions
+  ansible.posix.acl:
+    path: "{{ test_dir }}"
+    entity: "{{ test_user }}"
+    etype: user
+    state: absent
+    use_nfsv4_acls: true
+  register: crash_test
+  ignore_errors: true
+
+- name: Verify the module did not crash with a TypeError
+  ansible.builtin.assert:
+    that:
+      - crash_test is failed
+      - "'unsupported operand type' not in (crash_test.module_stderr | default(''))"
+      - "crash_test.msg is search('permissions.*required')"
+    msg: "The module crashed with a TypeError instead of failing with a helpful error message!"