Bug 2134375

Summary: [ansible-freeipa] Require a clear error message while updating netbios_name without enable_sid.
Product: Red Hat Enterprise Linux 9 Reporter: Varun Mylaraiah <mvarun>
Component: ansible-freeipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: Varun Mylaraiah <mvarun>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: ipa-qe, mjurasek, rjeffman, twoerner
Target Milestone: rcKeywords: Regression, Triaged, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ansible-freeipa-1.9.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2128460
: 2135756 (view as bug list) Environment:
Last Closed: 2023-05-09 07:25:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2128460    
Bug Blocks: 2135756    

Description Varun Mylaraiah 2022-10-13 09:43:53 UTC 
+++ This bug was initially created as a clone of Bug #2128460 +++

Description of problem:
Require a clear error message while updating netbios_name without enable_sid in ipaconfig module

Version-Release number of selected component (if applicable):
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.8 Beta (Ootpa)

ansible-freeipa-1.8.4-1.el9.noarch
ipa-server-4.9.10-6.module+el8.7.0+16405+581a7c1e.x86_64


[root@ansible ~]# cat config_module.yml
---
- name: Playbook to ensure not able to update netbios_name without enable_sid.
  hosts: ipaserver
 
  tasks:
  - ipaconfig:
      ipaadmin_password: <xxxxxxxx>
      netbios_name: NEWTESTNETBIOS
 
[root@ansible ~]# ansible-playbook -vv -i inventory/config.hosts config_module.yml
PLAYBOOK: config_module.yml **********************************************************************************************************
1 plays in config_module.yml
 
PLAY [Playbook to ensure not able to update netbios_name without enable_sid.] ********************************************************
 
TASK [Gathering Facts] ***************************************************************************************************************
task path: /root/config_module.yml:2
ok: [master.ipadomain.test]
META: ran handlers
 
TASK [ipaconfig] *********************************************************************************************************************
task path: /root/config_module.yml:6
fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "fail_json() takes 1 positional argument but 2 were given"}
 
PLAY RECAP ***************************************************************************************************************************
master.ipadomain.test      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0


Actual results:
FAILED! => {"changed": false, "msg": "fail_json() takes 1 positional argument but 2 were given"}

Expected results:
FAILED! => {"changed": false, "msg": "'enable-sid: yes' required for 'netbios_name' and 'add-sids'."}



Additional info:
This behavior is not observed in RHEL 9.2


ansible-playbook -vvv
======================
TASK [ipaconfig] *********************************************************************************************************************
task path: /root/config_module.yml:6
<master.ipadomain.test> ESTABLISH SSH CONNECTION FOR USER: None
<master.ipadomain.test> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/36a11f6e85 master.ipadomain.test '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<master.ipadomain.test> (0, b'/root\n', b'')
<master.ipadomain.test> ESTABLISH SSH CONNECTION FOR USER: None
<master.ipadomain.test> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/36a11f6e85 master.ipadomain.test '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000 `" && echo ansible-tmp-1663685132.7933602-31433-134751976044000="` echo /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000 `" ) && sleep 0'"'"''
<master.ipadomain.test> (0, b'ansible-tmp-1663685132.7933602-31433-134751976044000=/root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000\n', b'')
Using module file /root/ansible-freeipa/plugins/modules/ipaconfig.py
<master.ipadomain.test> PUT /root/.ansible/tmp/ansible-local-31416mb1sfqmf/tmplg6hfptp TO /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000/AnsiballZ_ipaconfig.py
<master.ipadomain.test> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/36a11f6e85 '[master.ipadomain.test]'
<master.ipadomain.test> (0, b'sftp> put /root/.ansible/tmp/ansible-local-31416mb1sfqmf/tmplg6hfptp /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000/AnsiballZ_ipaconfig.py\n', b'')
<master.ipadomain.test> ESTABLISH SSH CONNECTION FOR USER: None
<master.ipadomain.test> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/36a11f6e85 master.ipadomain.test '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000/ /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000/AnsiballZ_ipaconfig.py && sleep 0'"'"''
<master.ipadomain.test> (0, b'', b'')
<master.ipadomain.test> ESTABLISH SSH CONNECTION FOR USER: None
<master.ipadomain.test> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/36a11f6e85 -tt master.ipadomain.test '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000/AnsiballZ_ipaconfig.py && sleep 0'"'"''
<master.ipadomain.test> (1, b'\r\n{"msg": "fail_json() takes 1 positional argument but 2 were given", "failed": true, "exception": "  File \\"/tmp/ansible_ipaconfig_payload_t7bx019o/ansible_ipaconfig_payload.zip/ansible/module_utils/ansible_freeipa_module.py\\", line 995, in ipa_connect\\n    yield ccache_name\\n  File \\"/tmp/ansible_ipaconfig_payload_t7bx019o/ansible_ipaconfig_payload.zip/ansible/modules/ipaconfig.py\\", line 485, in main\\n", "invocation": {"module_args": {"ipaadmin_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "netbios_name": "NEWTESTNETBIOS", "ipaadmin_principal": "admin", "ipaapi_ldap_cache": true, "maxusername": null, "maxhostname": null, "homedirectory": null, "defaultshell": null, "defaultgroup": null, "emaildomain": null, "searchtimelimit": null, "searchrecordslimit": null, "usersearch": null, "groupsearch": null, "enable_migration": null, "groupobjectclasses": null, "userobjectclasses": null, "pwdexpnotify": null, "configstring": null, "selinuxusermaporder": null, "selinuxusermapdefault": null, "pac_type": null, "user_auth_type": null, "ca_renewal_master_server": null, "domain_resolution_order": null, "enable_sid": null, "add_sids": null, "ipaapi_context": null}}}\r\n', b'Shared connection to master.ipadomain.test closed.\r\n')
<master.ipadomain.test> Failed to connect to the host via ssh: Shared connection to master.ipadomain.test closed.
<master.ipadomain.test> ESTABLISH SSH CONNECTION FOR USER: None
<master.ipadomain.test> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/36a11f6e85 master.ipadomain.test '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1663685132.7933602-31433-134751976044000/ > /dev/null 2>&1 && sleep 0'"'"''
<master.ipadomain.test> (0, b'', b'')
The full traceback is:
  File "/tmp/ansible_ipaconfig_payload_t7bx019o/ansible_ipaconfig_payload.zip/ansible/module_utils/ansible_freeipa_module.py", line 995, in ipa_connect
    yield ccache_name
  File "/tmp/ansible_ipaconfig_payload_t7bx019o/ansible_ipaconfig_payload.zip/ansible/modules/ipaconfig.py", line 485, in main
fatal: [master.ipadomain.test]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "add_sids": null,
            "ca_renewal_master_server": null,
            "configstring": null,
            "defaultgroup": null,
            "defaultshell": null,
            "domain_resolution_order": null,
            "emaildomain": null,
            "enable_migration": null,
            "enable_sid": null,
            "groupobjectclasses": null,
            "groupsearch": null,
            "homedirectory": null,
            "ipaadmin_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "ipaadmin_principal": "admin",
            "ipaapi_context": null,
            "ipaapi_ldap_cache": true,
            "maxhostname": null,
            "maxusername": null,
            "netbios_name": "NEWTESTNETBIOS",
            "pac_type": null,
            "pwdexpnotify": null,
            "searchrecordslimit": null,
            "searchtimelimit": null,
            "selinuxusermapdefault": null,
            "selinuxusermaporder": null,
            "user_auth_type": null,
            "userobjectclasses": null,
            "usersearch": null
        }
    },
    "msg": "fail_json() takes 1 positional argument but 2 were given"
}

--- Additional comment from Rafael Jeffman on 2022-09-21 18:48:11 IST ---

The current code might fail depending on the Ansible version used.

Upstream PR: https://bugzilla.redhat.com/show_bug.cgi?id=2128460

--- Additional comment from Rafael Jeffman on 2022-09-21 18:53:53 IST ---

Upstream PR: https://github.com/freeipa/ansible-freeipa/pull/920

(sorry for the wrong URL paste.)

--- Additional comment from Thomas Woerner on 2022-10-13 14:43:39 IST ---

The upstream PR has been merged.
Comment 7 Varun Mylaraiah 2022-12-20 13:48:51 UTC 
Verified
ansible-core-2.14.1-1.el9.x86_64
ansible-freeipa-1.9.0-1.el9.noarch


PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_enable_sid
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_enable_sid_with_no
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_update_netbios_name
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_update_netbios_name_without_enable_sid
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_update_netbios_name_with_leading_space
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_update_netbios_name_with_empty_string
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_update_netbios_name_with_smallcase
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_update_netbios_name_with_more_than_15characters
PASSED ansible_freeipa_tests/config/test_config.py::TestConfigInvalid::test_add_sids

Based on the test result, marking the bug Verified
Comment 10 errata-xmlrpc 2023-05-09 07:25:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:2168