I’m trying to use the ansible-freeipa user module to disable a list of users (https://github.com/freeipa/ansible-freeipa/blob/master/README-user.md). The module accepts a list for its users parameter. I can get the list as a fact, but I can’t seem to get it formatted properly for the module.
I wrote a test playbook with a static variable that worked as follows:
vars:
idmfqdn: ipaserver.example.com
binduser: ‘admin’
bindpasswd: ‘{{ secure_ipa_pass }}’
disabled_uids:
- name: test1
- name: test2
tasks:
- name: Disable flagged accounts
freeipa.ansible_freeipa.ipauser:
ipaadmin_password: “{{ secure_ipa_pass }}”
users: “{{ disabled_uids }}”
state: disabled
However, in my real playbook, when i get the list of users to disable, it is in the following format:
TASK [Disable flagged accounts] ***********************************************************************************
ok: [auth1.secure-ose.faa.gov] => {
“msg”: “[test1]\n”
}
I get this as follows:
-
name: Set Disabled Users fact
set_fact:
disabled_users: “{{ user_show.results | json_query(‘[*].json.result.result.{uid: uid[0], mail: mail[0], nsaccountlock: nsaccountlock, pwdexp: krbpasswordexpiration[0].datetime}’) | selectattr(‘pwdexp’,‘<’,cutoff_date) | selectattr(‘nsaccountlock’, ‘equalto’, False) | list }}” -
name: Get list of UIDs to disable
set_fact:
disabled_uids: “{{ disabled_users | map(attribute=‘uid’) | list | to_yaml }}”
So how can I create the list that conforms to the static example that the module is expecting?
Thanks,
Harry