StarlingX

manage_local_ldap_account playbook argument "mode" does not have default value

Bug #2024259 reported by Karla Felix
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Low
Karla Felix

Bug Description

Brief Description

As per documentation at https://docs.starlingx.io/security/kubernetes/manage-local-ldap-39fe3a85a528.html ,, ldap playbook, manage_local_ldap_account.yml, should allow default value for argument "mode" to be "create". In reality not setting argument "mode" gives an error.

Severity

Minor

Steps to Reproduce
Execute playbook command:

ansible-playbook --inventory secure-inventory --ask-vault-pass --extra-vars='user_id=johnkung sys_protected=yes' /usr/share/ansible/stx-ansible/playbooks/manage_local_ldap_account.yml

Expected Behavior

Executes with no errors

Actual Behavior

The following error shows:

TASK [Validate in_mode] ********************************************************
Thursday 27 April 2023 15:58:16 +0000 (0:00:00.037) 0:00:00.059 ********
fatal: [systemcontroller-0]: FAILED! =>
msg: |-
The conditional check 'in_mode not in ['create', 'delete']' failed. The error was: error while evaluating conditional (in_mode not in ['create', 'delete']): 'in_mode' is undefined

The error appears to be in '/usr/share/ansible/stx-ansible/playbooks/manage_local_ldap_account.yml': line 63, column 5, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

    name: Validate in_mode
    ^ here

Reproducibility

100%

System Configuration

AIO-SX and DC system

Load info

Workaround

Argument "mode" needs a value.

Karla Felix (kkarolin)
Changed in starlingx:
assignee: nobody → Karla Felix (kkarolin)
OpenStack Infra (hudson-openstack)
Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-playbooks (master)

Reviewed: https://review.opendev.org/c/starlingx/ansible-playbooks/+/886002
Committed: https://opendev.org/starlingx/ansible-playbooks/commit/3692951871015733e5eca9bac7313e9c791a0a2a
Submitter: "Zuul (22348)"
Branch: master

commit 3692951871015733e5eca9bac7313e9c791a0a2a
Author: Karla Felix <email address hidden>
Date: Tue Jun 13 11:28:18 2023 -0300

    Refactoring manage_local_ldap_account inputs

    Refactoring manage_local_ldap_account input params, validations for
    params("password_change_period, password warning_period,
    sys_protected"), adding the default values for "mode", and fixed
    password validation.

    Test Plan:

    PASS: Run "manage_local_ldap_account" and pass all validations.
    PASS: Run "manage_local_ldap_account" with custom values for
          "password_change_period" and "password_warning_period"
          and verify if the validation was OK.
    PASS: Run "manage_local_ldap_account" with custom values that
          shouldn't be accepted and verify if the validation will
          fail.
    PASS: Try to input values out of the pre-defition and verify if
          the default value was added to the variables.
    PASS: In a DC environment with one subcloud, successfully execute
          the playbook with extra vars 'user_id=user8', 'mode=create',
          'sudo_permission=yes', 'sys_protected=yes', log in the
          subcloud using the new user, check that it is part of
          groups [users root sys_protected], source its openrc file
          and execute 'system host-list' command.
    PASS: In a AIO-SX environment, successfully execute the playbook
          with extra vars 'user_id=user5', 'mode=create',
          'sudo_permission=yes', 'sys_protected=yes', log in the
          subcloud using the new user, check that it is part of
          groups [user root sys_protected], source its openrc file
          and execute 'system host-list' command.
    PASS: Repeat the last two tests without the variables
          'sudo_permission' and 'sys_protected' and check that
          the new user is only part of groups [users].
    PASS: Run "manage_local_ldap_account" without a value in
          'mode', and verify if the default value 'create' is
          applied.

    Closes-Bug: 2024259

    Change-Id: I4039af86c9a6920818c1c26538eae6967b05ed9e
    Signed-off-by: Karla Felix <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Low
tags: added: stx.9.0 stx.config stx.security
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.