RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1747413 - [ansible-freeipa] user module throwing an error if there are no changes to apply
Summary: [ansible-freeipa] user module throwing an error if there are no changes to apply
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ansible-freeipa
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: Thomas Woerner
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-30 11:24 UTC by Varun Mylaraiah
Modified: 2023-02-12 22:55 UTC (History)
2 users (show)

Fixed In Version: ansible-freeipa-0.1.8-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 16:01:56 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FREEIPA-9441 0 None None None 2023-02-12 22:55:08 UTC
Red Hat Issue Tracker RHELPLAN-29915 0 None None None 2023-02-12 22:54:33 UTC
Red Hat Product Errata RHBA-2020:1705 0 None None None 2020-04-28 16:02:07 UTC

Description Varun Mylaraiah 2019-08-30 11:24:16 UTC 
Description of problem:
Seeing error while creating an existing user with no changes.


Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.6-3.el8.noarch


Steps to Reproduce:
# cat add-user.yml
---
- name: Playbook to handle users
  hosts: ipaserver
  become: true

  tasks:
  - ipauser:
      ipaadmin_principal: admin
      ipaadmin_password: <xxxx>
      name: testuser
      first: testuser
      last: First_test
      title: test_title
      uid: 10002
      gid: 101
      phone: "+445123457"
      email: testuser4
      passwordexpiration: "2023-01-19 23:59:59"
      password: "no-password"
      update_password: on_create



# ansible-playbook -vv -i inventory/hosts.server add-user.yml 
ansible-playbook 2.8.4
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.6.8 (default, Aug  6 2019, 19:43:07) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]
No config file found; using defaults

PLAYBOOK: add-user.yml **********************************************************************************************
1 plays in add-user.yml

PLAY [Playbook to handle users] *************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
task path: /root/add-user.yml:2
ok: [ipaserver.test.local]
META: ran handlers

TASK [ipauser] ******************************************************************************************************
task path: /root/add-user.yml:7
changed: [ipaserver.test.local] => {"changed": true}
META: ran handlers
META: ran handlers

PLAY RECAP **********************************************************************************************************
ipaserver.test.local       : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

# cat add-user.yml
---
- name: Playbook to handle users
  hosts: ipaserver
  become: true

  tasks:
  - ipauser:
      ipaadmin_principal: admin
      ipaadmin_password: <xxxx>
      name: testuser
      first: testuser
      last: First_test
      title: test_title
      uid: 10002
      gid: 101
      phone: "+445123457"
      email: testuser4
      passwordexpiration: "2023-01-19 23:59:59"
      password: "no-password"
      update_password: on_create


# ansible-playbook -vv -i inventory/hosts.server add-user.yml 
ansible-playbook 2.8.4
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.6.8 (default, Aug  6 2019, 19:43:07) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]
No config file found; using defaults

PLAYBOOK: add-user.yml **********************************************************************************************
1 plays in add-user.yml

PLAY [Playbook to handle users] *************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
task path: /root/add-user.yml:2
ok: [ipaserver.test.local]
META: ran handlers

TASK [ipauser] ******************************************************************************************************
task path: /root/add-user.yml:7
fatal: [ipaserver.test.local]: FAILED! => {"changed": false, "msg": "user_mod: no modifications to be performed"}

PLAY RECAP **********************************************************************************************************
ipaserver.test.local       : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0


with ansible-playbook -vvv
==========================
The full traceback is:
  File "/tmp/ansible_ipauser_payload_5ba8gh9n/ansible_ipauser_payload.zip/ansible/module_utils/ansible_freeipa_module.py", line 99, in api_command
    return api.Command[command](name, **args)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run
    return self.execute(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1477, in execute
    raise e
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1474, in execute
    self._exc_wrapper(keys, options, ldap.update_entry)(update)
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1107, in wrapped
    return func(*call_args, **call_kwargs)
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1116, in exc_func
    self, keys, options, e, call_func, *args, **kwargs)
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1519, in exc_callback
    raise exc
  File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1107, in wrapped
    return func(*call_args, **call_kwargs)
  File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1691, in update_entry
    raise errors.EmptyModlist()

fatal: [ipaserver.test.local]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "displayname": null,
            "email": [
                "testuser4"
            ],
            "first": "testuser",
            "fullname": null,
            "gid": 101,
            "homedir": null,
            "ipaadmin_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "ipaadmin_principal": "admin",
            "last": "First_test",
            "name": [
                "testuser"
            ],
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "passwordexpiration": "2023-01-19 23:59:59",
            "phone": [
                "+445123457"
            ],
            "preserve": null,
            "principalname": null,
            "shell": null,
            "state": "present",
            "title": "test_title",
            "uid": 10002,
            "update_password": "on_create"
        }
    },
    "msg": "user_mod: no modifications to be performed"
}


Actual results:
Falling if there are no changes to be applied

Expected results:
If there are no changes to be applied, then the module will simply succeed 

Additional info:
Comment 2 Thomas Woerner 2019-12-14 06:59:27 UTC 
This is the upstream PR for this:

- https://github.com/freeipa/ansible-freeipa/commit/bc3d3f41396f3b2c49a352ef8eb1f68f35b31672
  ipauser: Extend email addresses with default email domain if no domain is set

It also needs this:

- https://github.com/freeipa/ansible-freeipa/commit/0210899eb7187e5d70b490455647cb2bb595169a
  Allow execution of API commands that do not require a name.
Comment 4 Varun Mylaraiah 2020-02-14 07:18:47 UTC 
Verified 
ansible-freeipa-0.1.8-1.el8.noarch

cat add-user.yaml
---
- name: Playbook to handle users
  hosts: ipaserver
  become: true

  tasks:
  - ipauser:
      ipaadmin_principal: admin
      ipaadmin_password: <xxxx>
      name: testuser
      first: testuser
      last: First_test
      title: test_title
      uid: 10002
      gid: 101
      phone: "+445123457"
      email: testuser4
      passwordexpiration: "2023-01-19 23:59:59"
      password: "no-password"
      update_password: on_create


# ansible-playbook -vv -i inventory/server.hosts add-user.yaml 
ansible-playbook 2.9.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.6.8 (default, Dec  5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: add-user.yaml **********************************************************************************************
1 plays in add-user.yaml

PLAY [Playbook to handle users] **************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************
task path: /root/add-user.yaml:2
ok: [master.ipadomain.test]
META: ran handlers

TASK [ipauser] *******************************************************************************************************
task path: /root/add-user.yaml:7
changed: [master.ipadomain.test] => {"changed": true, "user": {}}
META: ran handlers
META: ran handlers

PLAY RECAP ***********************************************************************************************************
master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   


# cat add-user.yaml
---
- name: Playbook to handle users
  hosts: ipaserver
  become: true

  tasks:
  - ipauser:
      ipaadmin_principal: admin
      ipaadmin_password: <xxxx>
      name: testuser
      first: testuser
      last: First_test
      title: test_title
      uid: 10002
      gid: 101
      phone: "+445123457"
      email: testuser4
      passwordexpiration: "2023-01-19 23:59:59"
      password: "no-password"
      update_password: on_create
      
[root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts add-user.yaml 
ansible-playbook 2.9.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.6.8 (default, Dec  5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: add-user.yaml **********************************************************************************************
1 plays in add-user.yaml

PLAY [Playbook to handle users] **************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************
task path: /root/add-user.yaml:2
ok: [master.ipadomain.test]
META: ran handlers

TASK [ipauser] *******************************************************************************************************
task path: /root/add-user.yaml:7
ok: [master.ipadomain.test] => {"changed": false, "user": {}}
META: ran handlers
META: ran handlers

PLAY RECAP ***********************************************************************************************************
master.ipadomain.test      : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

No traceback while adding the same user again.
Based on the above observation, marking the bug VERIFIED
Comment 6 errata-xmlrpc 2020-04-28 16:01:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1705
Note You need to log in before you can comment on or make changes to this bug.