search

ansible-middleware / amq

A collection to manage AMQ brokers
Apache License 2.0
19 stars 11 forks source link

mask_password.yaml task: 'existing_user' is undefined #196

Closed AWD09 closed 2 weeks ago

AWD09 commented 2 weeks ago
SUMMARY

When running the amq_broker role one AAP with an already hashed password I get the error:

TASK [redhat.amq_broker.amq_broker : Parse passwd for existing user salt] ** fatal: [srv1.example.com]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}

ISSUE TYPE
ANSIBLE VERSION
ansible [core 2.11.12]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/user/.local/lib/python3.6/site-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/user/.local/bin/ansible
  python version = 3.6.8 (default, Sep  9 2024, 06:12:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)]
  jinja version = 3.0.3
  libyaml = True
COLLECTION VERSION
Collection                   Version
---------------------------- -------
ansible.posix                1.5.4
ansible.utils                5.1.0
middleware_automation.amq    2.2.6
middleware_automation.common 1.1.4
STEPS TO REPRODUCE

when running the playbook below (/tmp/ansible-test/testplaybook.yml on my server) manually I get the error:

TASK [Parse passwd for existing user salt] **** fatal: [localhost]: FAILED! => {"msg": "The conditional check 'existing_user | length > 0' failed. The error was: error while evaluating conditional (existing_user | length > 0): 'existing_user' is undefined\n\nThe error appears to be in '/tmp/ansible-test/testplaybook.yml': line 20, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Parse passwd for existing user salt\n ^ here\n"}

This playbook is a copy past of the 2 first tasks in mask_password.yaml in this collection.

---
- name: test playbook
  hosts: localhost
  vars:
    user: aUser
    password: ENC(1024:0E58900B956BBEED271D71CA393BF7C893853EE94491F391D5F0CB45C18E1FB5:3587268B3DF2287A486301ED900C599AFD549955A4A9D08A743B5E9D90F2DFCF425B654B012DD1474DEBCBB97D9242990C7D35E7EF74C4BC8607A526BCD43D03)
    activemq_mask_password_hashname: sha1
    activemq_mask_password_iterations: 1024

  tasks:
  - name: Parse passwd hash for existing user
    ansible.builtin.set_fact:
      existing_user: "{{ existing_users.content | b64decode
                       | regex_search('\\b' + user + ' ?= ?ENC\\([0-9]+:([^:]+):([^)]+)\\)', '\\1', '\\2') | default([]) }}"
      mask_pwd: ''
    when:
      - not password is defined or not password is regex('^ENC\\([0-9]{4,}:[^:]+:[^:]+\\)')

  - name: Parse passwd for existing user salt
    ansible.builtin.set_fact:
      hash_password: "{{ password | middleware_automation.amq.pbkdf2_hmac(
                         hashname=activemq_mask_password_hashname, iterations=activemq_mask_password_iterations, hexsalt=existing_user[0]) }}"
    when: existing_user | length > 0
EXPECTED RESULTS

That allredy masked passwod are ignored without error.

ACTUAL RESULTS
$ ansible-playbook -v --connection=local -i localhost testplaybook.yml
Using /etc/ansible/ansible.cfg as config file

PLAY [test playbook] **********************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Parse passwd hash for existing user] ************************************************************************************************************************************************************************************************************************************
skipping: [localhost] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [Parse passwd for existing user salt] ************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'existing_user | length > 0' failed. The error was: error while evaluating conditional (existing_user | length > 0): 'existing_user' is undefined\n\nThe error appears to be in '/tmp/ansible-test/testplaybook.yml': line 20, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - name: Parse passwd for existing user salt\n    ^ here\n"}

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=1    rescued=0    ignored=0
guidograzioli commented 2 weeks ago

Hello; can you confirm the version of redhat.amq_broker in use? (the logs seems to indicate redhat.amq_broker but in the output of ansible-galaxy list I only see middleware_automation.amq 2.2.6)

AWD09 commented 2 weeks ago

hi @guidograzioli, I am running redhat.amq_broker 2.2.6 but to repoduce the error with log I am using middleware_automation.amq 2.2.6. This is why the logs are reporting "different" versions. So yes I confirm the version