search

ansible-collections / ansible.posix

Ansible Collection for Posix
Other
159 stars 153 forks source link

authorized_key message options breaks with default(omit) #328

Open nlvw opened 2 years ago

nlvw commented 2 years ago
SUMMARY

With the following task the comment value it is not correctly omitted. 

- name: set authorized keys
  authorized_key:
    user: "{{ item.user }}"
    state: "{{ item.state | default('present') }}"
    key: "{{ item.key }}"
    key_options: "{{ item.key_options | default(omit) }}"
    comment: "{{ item.comment | default(omit) }} "
    exclusive: "{{ item.exclusive | default(omit) }}"
    manage_dir: "{{ item.manage_dir | default(omit) }}"
    path: "{{ item.path | default(omit) }}"
    validate_certs: "{{ item.validate_certs | default(omit) }}"
  with_items: "{{ users_merged_authkeys }}"
  when:
    - (item.user is defined) and (item.user | length > 0)
    - (item.key is defined) and (item.key | length > 0)

Using a list item such as:

  - user: tester
    key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiChtXZDvU1G5oCwaoDHXoecnfMo7ff8w6k4zoG8OK6 tester@example.com'
    exclusive: yes
    state: present

Results in:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiChtXZDvU1G5oCwaoDHXoecnfMo7ff8w6k4zoG8OK6 __omit_place_holder__851f359da303d826eed18a55bf466943415f2145

if I instead provide:

  - user: tester
    comment: tester@example.com
    key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiChtXZDvU1G5oCwaoDHXoecnfMo7ff8w6k4zoG8OK6'
    exclusive: yes
    state: present

Results are:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiChtXZDvU1G5oCwaoDHXoecnfMo7ff8w6k4zoG8OK6 tester@example.com

So the jinja default(omit) functionality does not work correctly with the comment option.

ISSUE TYPE
COMPONENT NAME

ansible.posix.authorized_key

ANSIBLE VERSION
ansible [core 2.12.2]
  config file = /home/nvonwolf/nmsu/ansible/usa-project/ansible.cfg
  configured module search path = ['/home/nvonwolf/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/nvonwolf/nmsu/ansible/usa-project/.cache/python-venv/lib64/python3.10/site-packages/ansible
  ansible collection location = /home/nvonwolf/nmsu/ansible/usa-project/.cache/collections:/home/nvonwolf/nmsu/ansible/usa-project/collections
  executable location = /home/nvonwolf/nmsu/ansible/usa-project/.cache/python-venv/bin/ansible
  python version = 3.10.2 (main, Jan 17 2022, 00:00:00) [GCC 11.2.1 20211203 (Red Hat 11.2.1-7)]
  jinja version = 3.0.3
  libyaml = True
COLLECTION VERSION
Collection                    Version
----------------------------- -------
amazon.aws                    2.1.0
ansible.netcommon             2.5.0
ansible.posix                 1.3.0
ansible.utils                 2.4.3
ansible.windows               1.9.0
arista.eos                    3.1.0
awx.awx                       19.4.0
azure.azcollection            1.11.0
check_point.mgmt              2.2.2
chocolatey.chocolatey         1.1.0
cisco.aci                     2.1.0
cisco.asa                     2.1.0
cisco.intersight              1.0.18
cisco.ios                     2.6.0
cisco.iosxr                   2.6.0
cisco.ise                     1.2.1
cisco.meraki                  2.6.0
cisco.mso                     1.3.0
cisco.nso                     1.0.3
cisco.nxos                    2.8.2
cisco.ucs                     1.6.0
cloud.common                  2.1.0
cloudscale_ch.cloud           2.2.0
community.aws                 2.2.0
community.azure               1.1.0
community.ciscosmb            1.0.4
community.crypto              2.2.0
community.digitalocean        1.15.0
community.dns                 2.0.6
community.docker              2.1.1
community.fortios             1.0.0
community.general             4.4.0
community.google              1.0.0
community.grafana             1.3.0
community.hashi_vault         2.2.0
community.hrobot              1.2.2
community.kubernetes          2.0.1
community.kubevirt            1.0.0
community.libvirt             1.0.2
community.mongodb             1.3.2
community.mysql               2.3.3
community.network             3.0.0
community.okd                 2.1.0
community.postgresql          1.6.1
community.proxysql            1.3.1
community.rabbitmq            1.1.0
community.routeros            2.0.0
community.skydive             1.0.0
community.sops                1.2.0
community.vmware              1.17.1
community.windows             1.9.0
community.zabbix              1.5.1
containers.podman             1.9.1
cyberark.conjur               1.1.0
cyberark.pas                  1.0.13
dellemc.enterprise_sonic      1.1.0
dellemc.openmanage            4.4.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.14.0
fortinet.fortimanager         2.1.4
fortinet.fortios              2.1.3
frr.frr                       1.0.3
gluster.gluster               1.0.2
google.cloud                  1.0.2
hetzner.hcloud                1.6.0
hpe.nimble                    1.1.4
ibm.qradar                    1.0.3
infinidat.infinibox           1.3.3
infoblox.nios_modules         1.2.1
inspur.sm                     1.3.0
junipernetworks.junos         2.8.0
kubernetes.core               2.2.3
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.13.0
netapp.elementsw              21.7.0
netapp.ontap                  21.15.1
netapp.storagegrid            21.9.0
netapp.um_info                21.8.0
netapp_eseries.santricity     1.2.13
netbox.netbox                 3.5.1
ngine_io.cloudstack           2.2.2
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.0
openstack.cloud               1.6.0
openvswitch.openvswitch       2.1.0
ovirt.ovirt                   1.6.6
purestorage.flasharray        1.12.1
purestorage.flashblade        1.9.0
sensu.sensu_go                1.13.0
servicenow.servicenow         1.0.6
splunk.es                     1.0.2
t_systems_mms.icinga_director 1.27.0
theforeman.foreman            2.2.0
vyos.vyos                     2.6.0
wti.remote                    1.0.3

# /home/redacted/redacted/ansible/usa-project/.cache/python-venv/lib64/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    2.1.0
ansible.netcommon             2.5.0
ansible.posix                 1.3.0
ansible.utils                 2.4.3
ansible.windows               1.9.0
arista.eos                    3.1.0
awx.awx                       19.4.0
azure.azcollection            1.11.0
check_point.mgmt              2.2.2
chocolatey.chocolatey         1.1.0
cisco.aci                     2.1.0
cisco.asa                     2.1.0
cisco.intersight              1.0.18
cisco.ios                     2.6.0
cisco.iosxr                   2.6.0
cisco.ise                     1.2.1
cisco.meraki                  2.6.0
cisco.mso                     1.3.0
cisco.nso                     1.0.3
cisco.nxos                    2.8.2
cisco.ucs                     1.6.0
cloud.common                  2.1.0
cloudscale_ch.cloud           2.2.0
community.aws                 2.2.0
community.azure               1.1.0
community.ciscosmb            1.0.4
community.crypto              2.2.0
community.digitalocean        1.15.0
community.dns                 2.0.6
community.docker              2.1.1
community.fortios             1.0.0
community.general             4.4.0
community.google              1.0.0
community.grafana             1.3.0
community.hashi_vault         2.2.0
community.hrobot              1.2.2
community.kubernetes          2.0.1
community.kubevirt            1.0.0
community.libvirt             1.0.2
community.mongodb             1.3.2
community.mysql               2.3.3
community.network             3.0.0
community.okd                 2.1.0
community.postgresql          1.6.1
community.proxysql            1.3.1
community.rabbitmq            1.1.0
community.routeros            2.0.0
community.skydive             1.0.0
community.sops                1.2.0
community.vmware              1.17.1
community.windows             1.9.0
community.zabbix              1.5.1
containers.podman             1.9.1
cyberark.conjur               1.1.0
cyberark.pas                  1.0.13
dellemc.enterprise_sonic      1.1.0
dellemc.openmanage            4.4.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.14.0
fortinet.fortimanager         2.1.4
fortinet.fortios              2.1.3
frr.frr                       1.0.3
gluster.gluster               1.0.2
google.cloud                  1.0.2
hetzner.hcloud                1.6.0
hpe.nimble                    1.1.4
ibm.qradar                    1.0.3
infinidat.infinibox           1.3.3
infoblox.nios_modules         1.2.1
inspur.sm                     1.3.0
junipernetworks.junos         2.8.0
kubernetes.core               2.2.3
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.13.0
netapp.elementsw              21.7.0
netapp.ontap                  21.15.1
netapp.storagegrid            21.9.0
netapp.um_info                21.8.0
netapp_eseries.santricity     1.2.13
netbox.netbox                 3.5.1
ngine_io.cloudstack           2.2.2
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.0
openstack.cloud               1.6.0
openvswitch.openvswitch       2.1.0
ovirt.ovirt                   1.6.6
purestorage.flasharray        1.12.1
purestorage.flashblade        1.9.0
sensu.sensu_go                1.13.0
servicenow.servicenow         1.0.6
splunk.es                     1.0.2
t_systems_mms.icinga_director 1.27.0
theforeman.foreman            2.2.0
vyos.vyos                     2.6.0
wti.remote                    1.0.3

# /home/redacted/redacted/ansible/usa-project/.cache/collections/ansible_collections
Collection           Version
-------------------- -------
ansible.netcommon    2.5.0
ansible.posix        1.3.0
ansible.utils        2.5.0
ansible.windows      1.9.0
community.crypto     2.2.0
community.general    4.4.0
community.mysql      2.3.3
community.postgresql 1.6.1
community.zabbix     1.5.1
redacted.usa             3.0.0
saito-hideki commented 2 years ago

@nlvw thank you for reporting this issue. I think it should be handled properly like the user module. So I will set a bug label for this issue.

For example

---
- hosts: all
  gather_facts: false
  become: yes

  vars:
    users:
      - name: foo
        comment: "Test User Foo"
      - name: bar
        comment: "Test User Bar"
      - name: baz

  tasks:
    - user:
        name: "{{ item.name }}"
        comment: "{{ item.comment | default(omit) }}"
        state: present
$ ansible-playbook -i inventory/issue_328 playbook/issue_328/test_omit.yml

PLAY [all] *************************************************************************************************************

TASK [user] ************************************************************************************************************
changed: [server10] => (item={'name': 'foo', 'comment': 'Test User Foo'})
changed: [server10] => (item={'name': 'bar', 'comment': 'Test User Bar'})
changed: [server10] => (item={'name': 'baz'})

PLAY RECAP *************************************************************************************************************
server10                   : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[server10] $ cat /etc/passwd
...snip...
foo:x:1004:1004:Test User Foo:/home/foo:/bin/bash
bar:x:1005:1005:Test User Bar:/home/bar:/bin/bash
baz:x:1006:1006::/home/baz:/bin/bash
...snip...

In addition, the omit string __omit_place_holder_[HASH], [HASH] string is generated each playbook run, so I think this is the cause of https://github.com/ansible-collections/ansible.posix/issues/327#issuecomment-1046146238 that you reported in #327