Open
Description
Summary
linter interprets freeipa.ansible_freeipa.userauthtype as string if it is defined as variable.
freeipa.ansible_freeipa.ipauser module.
Issue Type
- Bug Report
OS / ENVIRONMENT
ansible-lint --version
ansible-lint 24.9.0 using ansible-core:2.17.4 ansible-compat:24.9.0 ruamel-yaml:0.18.6 ruamel-yaml-clib:0.2.8
ansible-galaxy collection list freeipa.ansible_freeipa
# /Users/MohammedH/.ansible/collections/ansible_collections
Collection Version
----------------------- -------
freeipa.ansible_freeipa 1.12.1
ansible --version
ansible [core 2.17.4]
config file = /Users/MohammedH/.ansible.cfg
configured module search path = ['/Users/MohammedH/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.12/site-packages/ansible
ansible collection location = /Users/MohammedH/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.12.4 (main, Jun 6 2024, 18:26:44) [Clang 15.0.0 (clang-1500.3.9.4)] (/usr/local/opt/[email protected]/bin/python3.12)
jinja version = 3.1.4
libyaml = True
macOS: Sonoma 14.5
- ansible installation method: one of source, pip, OS package
Brew Cellar - ansible-lint installation method: one of source, pip, OS package
pip
STEPS TO REPRODUCE
ansible-galaxy collection install freeipa.ansible_freeipaDesired Behavior
passing the linter
Possible security bugs should be reported via email to [email protected]
Actual Behavior
Please give some details of what is happening. Include a minimum complete
verifiable example with:
- minimized playbook to reproduce the error
- the output of running ansible-lint including the command line used
- if you're getting a stack trace, also the output of
ansible-playbook --syntax-check playbook
Reproduce
Lint OK
cat > freeipa_lintok.yml << EOF
---
- hosts: "localhost"
gather_facts: false
tasks:
- name: "Ensure IPA users are present"
freeipa.ansible_freeipa.ipauser:
ipaadmin_password: "secret_freeipa_server_admin_password"
name: "{{ item.key }}"
userauthtype:
- "password"
state: "present"
loop: "{{ freeipa_users | dict2items }}"
vars:
freeipa_users:
user1:
present: yes
realname: "User One"
groups:
- users
- admins
EOF
ansible-lint freeipa_lintok.yml
Lint fail
cat > freeipa_lintfail.yml << EOF
---
- hosts: "localhost"
gather_facts: false
tasks:
- name: "Ensure IPA users are present"
freeipa.ansible_freeipa.ipauser:
ipaadmin_password: "secret_freeipa_server_admin_password"
name: "{{ item.key }}"
userauthtype: "{{ item.value.authtype | d(['password']) }}"
state: "present"
loop: "{{ freeipa_users | dict2items }}"
vars:
freeipa_users:
user1:
present: yes
realname: "User One"
groups:
- users
- admins
EOF
ansible-lint freeipa_lintfail.yml
args[module]: value of userauthtype must be one or more of: password, radius, otp, pkinit, hardened, idp, . Got no match for: {{ item.value.authtype | d(['password']) }}
freeipa_lintfail.yml:6 Task/Handler: Ensure IPA users are present
Read documentation for instructions on how to ignore specific rule violations.
Rule Violation Summary
count tag profile rule associated tags
1 args[module] syntax, experimental
Failed: 1 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'production'. Rating: 5/5 star
Metadata
Metadata
Assignees
Type
Projects
Status
Roadmap
Activity