Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

password_expire parameter not supported for mysql_user module #680

Open
maqsoodasad opened this issue Sep 11, 2024 · 4 comments
Open

password_expire parameter not supported for mysql_user module #680

maqsoodasad opened this issue Sep 11, 2024 · 4 comments

Comments

@maqsoodasad
Copy link

SUMMARY

Hi,

I am getting "Unsupported parameters for (mysql_user) module: password_expire" when using password_expire parameter in mysql_user module. The module works fine if password_expire or password_expire_interval are not used.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

Module = mysql_user

Parameter = password_expire and password_expire_interval

ANSIBLE VERSION

ansible [core 2.15.11]

  config file = None

  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible

  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections

  executable location = /usr/local/bin/ansible

  python version = 3.9.19 (main, Aug 29 2024, 03:13:50) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22.0.1)] (/usr/bin/python3)

  jinja version = 3.1.4

  libyaml = True



COLLECTION VERSION
# /usr/share/ansible/collections/ansible_collections

Collection      Version

--------------- -------

community.mysql 3.10.0 

CONFIGURATION
CONFIG_FILE() = None

OS / ENVIRONMENT

Database where the users are being created
MySQL server = 8.0.32
Azure MySQL Flexible service

Target OS 

NAME="Oracle Linux Server"

VERSION="8.10"

ID="ol"

ID_LIKE="fedora"

VARIANT="Server"

VARIANT_ID="server"

VERSION_ID="8.10"

PLATFORM_ID="platform:el8"

PRETTY_NAME="Oracle Linux Server 8.10"

ANSI_COLOR="0;31"

CPE_NAME="cpe:/o:oracle:linux:8:10:server"

HOME_URL="https://linux.oracle.com/"

BUG_REPORT_URL="https://github.com/oracle/oracle-linux"



ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"

ORACLE_BUGZILLA_PRODUCT_VERSION=8.10

ORACLE_SUPPORT_PRODUCT="Oracle Linux"

ORACLE_SUPPORT_PRODUCT_VERSION=8.10
STEPS TO REPRODUCE
  1. Use mysql_user module with the "password_expire" parameter. Set the parameter value to "interval"

- name: DB user task
  mysql_user:
    login_host: "{{ host.master }}"
    login_user: "{{ mysql_root_user }}"
    login_password: "{{ mysql_root_pw }}"
    plugin: mysql_native_password
    name: "{{ item.name }}"
    host: "{{ item.host }}"
    password: "{{ db_user_pw }}"
    priv: "*.*:SESSION_VARIABLES_ADMIN,SELECT,INSERT,UPDATE,RELOAD,PROCESS,REFERENCES,INDEX,SHOW DATABASES,CREATE TEMPORARY TABLES,LOCK TABLES,EXECUTE,REPLICATION SLAVE,REPLICATION CLIENT,CREATE VIEW,SHOW VIEW,CREATE ROUTINE,ALTER ROUTINE,CREATE USER,EVENT,TRIGGER,GRANT"
    update_password: on_create
    password_expire: interval
    password_expire_interval: 1
  loop: "{{ plat_db_users }}"
  tags:
    - db_client
    - db_user

EXPECTED RESULTS

The task with mysql_user module should have executed successfully with the password_expire and password_expire_interval parameter.

ACTUAL RESULTS

{
  "msg": "Unsupported parameters for (mysql_user) module: password_expire, password_expire_interval. Supported parameters include: append_privs, ca_cert, check_hostname, check_implicit_admin, client_cert, client_key, config_file, connect_timeout, encrypted, force_context, host, host_all, login_host, login_password, login_port, login_unix_socket, login_user, password, plugin, plugin_auth_string, plugin_hash_string, priv, resource_limits, session_vars, sql_log_bin, state, subtract_privs, tls_requires, update_password, user (name, ssl_ca, ssl_cert, ssl_key).",
  "invocation": {
    "module_args": {
      "login_host": "database.xyz.com",
      "login_user": "root_user",
      "login_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
      "plugin": "mysql_native_password",
      "name": "db_user_1",
      "host": "%",
      "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
      "priv": "*.*:SESSION_VARIABLES_ADMIN,SELECT,INSERT,UPDATE,RELOAD,PROCESS,REFERENCES,INDEX,SHOW DATABASES,CREATE TEMPORARY TABLES,LOCK TABLES,EXECUTE,REPLICATION SLAVE,REPLICATION CLIENT,CREATE VIEW,SHOW VIEW,CREATE ROUTINE,ALTER ROUTINE,CREATE USER,EVENT,TRIGGER,GRANT",
      "update_password": "on_create",
      "password_expire": "interval",
      "password_expire_interval": 1,
      "user": "db_user_1",
      "login_port": 3306,
      "config_file": "/root/.my.cnf",
      "connect_timeout": 30,
      "encrypted": false,
      "host_all": false,
      "state": "present",
      "append_privs": false,
      "subtract_privs": false,
      "check_implicit_admin": false,
      "sql_log_bin": true,
      "force_context": false,
      "login_unix_socket": null,
      "client_cert": null,
      "client_key": null,
      "ca_cert": null,
      "check_hostname": null,
      "tls_requires": null,
      "plugin_hash_string": null,
      "plugin_auth_string": null,
      "resource_limits": null,
      "session_vars": null
    }
  },
  "_ansible_no_log": false,
  "changed": false,
  "item": {
    "name": "db_user_1",
    "host": "%"
  },
  "ansible_loop_var": "item",
  "_ansible_item_label": {
    "name": "db_user_1",
    "host": "%"
  }
}

@Andersson007
Copy link
Collaborator

@maqsoodasad hello, thanks for opening the issue
the options are present in 3.10. I think there are some collection path conflicts so that ansible picks up a version earlier than 3.10.
Could you try to update:

  • first the ansible package itself using pip or whatever you used to install it
  • then, if it doesn't help, the collection using ansible-galaxy collection install community.mysql --upgrade

then please tell us the result

@maqsoodasad
Copy link
Author

@Andersson007 - Thanks for your response. I tried the suggested recommendations but it still complained about the missing parameters.

Updated ansible from 2.15.11 to 2.16.11

ansible --version

ansible [core 2.16.11]

  config file = None

  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible

  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections

  executable location = /usr/local/bin/ansible

  python version = 3.11.9 (main, Jul  2 2024, 17:31:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22.0.1)] (/usr/bin/python3)

  jinja version = 3.1.4

  libyaml = True


Updated collection

ansible-galaxy collection list community.mysql



# /usr/share/ansible/collections/ansible_collections

Collection      Version

--------------- -------

community.mysql 3.10.3

The mysql_user.py module does have the options

  password_expire:

    description:

      - C(never) - I(password) will never expire.

      - C(default) - I(password) is defined using global system variable I(default_password_lifetime) setting.

      - C(interval) - I(password) will expire in days which is defined in I(password_expire_interval).

      - C(now) - I(password) will expire immediately.

    type: str

    choices: [ now, never, default, interval ]

    version_added: '3.9.0'

  password_expire_interval:

    description:

      - Number of days I(password) will expire. Requires I(password_expire=interval).

    type: int

    version_added: '3.9.0'

I am not sure if its related to the mysql version.

https://galaxy.ansible.com/ui/repo/published/community/mysql/docs/?version=3.10.3

mysql 8.0.31 (collection version < 3.10.0)

@Andersson007
Copy link
Collaborator

@maqsoodasad thanks for checking and the feedback. The error message indicates that the arguments are not present in the module: there's a special data structure which serves as an interface between ansible-core (where the inner work happens like checking the arguments a user passes, etc.) and the core throws this message if the passed arguments and expected arguments registered by a module don't match. So it doesn't relate to a used server version.
Maybe it's something the controller distro specific.. strange

@Andersson007
Copy link
Collaborator

Andersson007 commented Sep 13, 2024

@maqsoodasad

  • Do you maybe use ansible-navigator? it uses an execution environment by default which is a container with its own ansible installed
  • I would check the paths that shown in your ansible --version output:
  configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections

Look for the mysql_user.py file. If it takes the older module version, try to adjust the paths somehow so that it looks at the relevant location. Maybe it takes the older one that is in /runner/.ansible/collections and ignores one in /usr/share/ansible/collections

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants