New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

core-module 'user' with option 'expires' - cannot "unexpire" accounts with "-1" #20096

Closed
ronator opened this Issue Jan 10, 2017 · 5 comments

Comments

Projects
None yet
5 participants
@ronator
Copy link

ronator commented Jan 10, 2017

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

ansible-modules-core/system/user.py

ANSIBLE VERSION
ansible 2.1.1.0
CONFIGURATION
OS / ENVIRONMENT

Ubuntu 16.04

SUMMARY

The module user is supposed to be based on system commands "useradd, userdel and usermod". It has no account locking function because people discussed that an expire date option would be better. So to disable a bunch of users I can use 'expires' with time in epoch format, but ...

.. the problem is, that you cannot reset the expire date (disable expiry) as you could with the system commands. Usually, you can use the expiredate option of e.g. adduser and set it to "-1" or nothing (emtpy string):

The man pages for adduser/useradd say: "By default, the password expiry value set to -1 means never expire." Furthermore, adduser allows to set an empty string: "If not specified, useradd will use the default expiry date specified by the EXPIRE variable in /etc/default/useradd, or an empty string (no expiry) by default."

Since this module uses system commands, I would expect it to offer similiar functionality but it does not:

  • if you set expires=-1 it does not change anything at all, account stays expired. YOu can't use an empty string either: -> "msg": "argument expires is of type <type 'str'> and we were unable to convert to float"

In terms of shell you can easily unset expire date with: usermod USER -e -1

I would suggest that it should be able to use the module "user" as you would use adduser/moduser option --expiredate. Until now, you would have to use the command/shell/raw module. It would make sense to me to enable this for the user module.

STEPS TO REPRODUCE

First, expire a user:

---
- name: test expire
  hosts: all
  become: yes
  vars_files:
    - /etc/ansible/secrets.yml
  tasks:
    - name: Disable user accounts with expires
      user: name={{ item.name }} expires=1

      with_items:
        - { name: 'USER' }

Now, "unexpire" the user with expires=-1 or expires="" or even expires=

---
- name: test expire
  hosts: all
  become: yes
  vars_files:
    - /etc/ansible/secrets.yml
  tasks:
    - name: Disable user accounts with expires
      user: name={{ item.name }} expires=-1

      with_items:
        - { name: 'USER' }
EXPECTED RESULTS

It should re-enable the user account, unsetting any expire date as it would with usermod/moduser

ACTUAL RESULTS

With "-1" ansible tells you "changed: [HOST] => (item={u'name': u'USER'} but it has changed nothing:
Your account has expired; please contact your system administrator

If you use an empty string for expire, it fails:
failed: [HOST] (item={u'name': u'USER'}) => {"failed": true, "item": {"name": "USER"}, "msg": "argument expires is of type <type 'str'> and we were unable to convert to float"

@abadger abadger removed the needs_triage label Jan 11, 2017

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Jun 1, 2017

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Jun 1, 2017

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Jun 2, 2017

@ronator

This comment has been minimized.

Copy link

ronator commented Jun 2, 2017

👍

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Jun 11, 2017

@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Jul 19, 2017

@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Sep 10, 2017

@ashadmins

This comment has been minimized.

Copy link

ashadmins commented Dec 6, 2017

Is it possible to take over the fix from @StefanKaerst?

@ntavares

This comment has been minimized.

Copy link

ntavares commented Feb 8, 2018

+1

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Feb 10, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Feb 10, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Feb 10, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Feb 10, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 2, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 2, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 2, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 2, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 2, 2018

@ansibot ansibot added feature and removed feature_idea labels Mar 2, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

StefanKaerst added a commit to StefanKaerst/ansible that referenced this issue Mar 6, 2018

@bcoca bcoca referenced this issue May 11, 2018

Merged

User unexpire #39758

bcoca added a commit to bcoca/ansible that referenced this issue May 15, 2018

Allow negative values to expires to unexpire a user
Fixes ansible#20096

(cherry picked from commit 34f8080)
(cherry picked from commit 54619f7)
(cherry picked from commit 8c2fae2)
(cherry picked from commit db1a32f)

@bcoca bcoca closed this in #39758 May 17, 2018

bcoca added a commit that referenced this issue May 17, 2018

User unexpire (#39758)
* Allow negative values to expires to unexpire a user

Fixes #20096

(cherry picked from commit 34f8080)
(cherry picked from commit 54619f7)
(cherry picked from commit 8c2fae2)
(cherry picked from commit db1a32f)

* tweaked and normalized

 - also added tests, made checking resilient

achinthagunasekara added a commit to achinthagunasekara/ansible that referenced this issue May 23, 2018

User unexpire (ansible#39758)
* Allow negative values to expires to unexpire a user

Fixes ansible#20096

(cherry picked from commit 34f8080)
(cherry picked from commit 54619f7)
(cherry picked from commit 8c2fae2)
(cherry picked from commit db1a32f)

* tweaked and normalized

 - also added tests, made checking resilient

jacum pushed a commit to jacum/ansible that referenced this issue Jun 26, 2018

User unexpire (ansible#39758)
* Allow negative values to expires to unexpire a user

Fixes ansible#20096

(cherry picked from commit 34f8080)
(cherry picked from commit 54619f7)
(cherry picked from commit 8c2fae2)
(cherry picked from commit db1a32f)

* tweaked and normalized

 - also added tests, made checking resilient

ilicmilan added a commit to ilicmilan/ansible that referenced this issue Nov 7, 2018

User unexpire (ansible#39758)
* Allow negative values to expires to unexpire a user

Fixes ansible#20096

(cherry picked from commit 34f8080)
(cherry picked from commit 54619f7)
(cherry picked from commit 8c2fae2)
(cherry picked from commit db1a32f)

* tweaked and normalized

 - also added tests, made checking resilient
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment