Undefined variables in filetree_create role

[DevOpsJeremy]

Summary

When running the infra.controller_configuration.filetree_create role, it fails due to a variable being undefined as well as an attribute on a looping variable being missing/undefined.

Issue Type

• Bug Report

Ansible, Collection, Controller details

ansible --version

ansible [core 2.12.10]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = /runner/requirements_collections:/home/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.13 (default, Jun 14 2022, 17:49:07) [GCC 8.5.0 20210514 (Red Hat 8.5.0-13)]
  jinja version = 2.11.3
  libyaml = True

ansible-galaxy collection list

# /runner/requirements_collections/ansible_collections
Collection                     Version
------------------------------ -------
infra.controller_configuration 2.10.3 

# /usr/share/ansible/collections/ansible_collections
Collection        Version
----------------- -------
amazon.aws        7.0.0  
ansible.posix     1.5.4  
ansible.utils     2.11.0 
ansible.windows   2.1.0  
awx.awx           23.4.0 
community.general 8.0.2  
community.windows 2.0.0  

Controller version: 4.3.0

• ansible installation method: pip

OS / ENVIRONMENT

> cat /etc/redhat-release
Red Hat Enterprise Linux release 8.10 (Ootpa)

> uname -m
x86_64

Desired Behavior

When required variables are provided:

• output_path
• controller_username
• controller_password
• controller_hostname

The role should capture the controller's AWX configuration and output a filetree of the relevant variable files.

Actual Behavior

The role fails at the following tasks:

infra.controller_configuration.filetree_create : Add current inventory source to the inventory sources flat file

Error:

TASK [infra.controller_configuration.filetree_create : Add current inventory source to the inventory sources flat file] ***
task path: /runner/requirements_collections/ansible_collections/infra/controller_configuration/roles/filetree_create/tasks/inventory_sources.yml:21
[WARNING]: You are using the awx version of this collection but connecting to
Red Hat Ansible Automation Platform
fatal: [localhost]: FAILED! => {
    "msg": "The task includes an option with an undefined variable. The error was: {{ current_inventory_for_sources_index == ((inventory_lookvar | length) - 1) }}: 'current_inventory_for_sources_index' is undefined\\n\\nThe error appears to be in '/runner/requirements_collections/ansible_collections/infra/controller_configuration/roles/filetree_create/tasks/inventory_sources.yml': line 21, column 7, but may\\nbe elsewhere in the file depending on the exact syntax problem.\\n\\nThe offending line appears to be:\\n\\n\\n    - name: \\"Add current inventory source to the inventory sources flat file\\"\\n      ^ here\\n"
}

Searching through the repository, the only place that variable is found is the referenced task. It isn't defined or registered anywhere else.

Passing in that variable as an extra var with an arbitrary value allows the role to continue past the task, but of course this isn't the intended behavior.

infra.controller_configuration.filetree_create : Add current team roles to the team roles flat file

Error:

TASK [infra.controller_configuration.filetree_create : Add current team roles to the team roles flat file] ***
task path: /runner/requirements_collections/ansible_collections/infra/controller_configuration/roles/filetree_create/tasks/team_roles.yml:48
fatal: [localhost]: FAILED! => {
    "msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'team_name'\\n\\nThe error appears to be in '/runner/requirements_collections/ansible_collections/infra/controller_configuration/roles/filetree_create/tasks/team_roles.yml': line 48, column 7, but may\\nbe elsewhere in the file depending on the exact syntax problem.\\n\\nThe offending line appears to be:\\n\\n\\n    - name: \\"Add current team roles to the team roles flat file\\"\\n      ^ here\\n"
}

This attribute is found in the current_team_roles.j2 template.

I suspect the issue be because the resource_names and resource_type attributes (which are referenced in the template) are defined on the object_roles object, but the name attribute is never defined.

Due to this being an attribute called dynamically, it's not possible to simply pass in an extra var to bypass this task. The workaround I found was to copy the entirety of the the filetree_create and meta_dependency_check roles locally so that I can modify this line in the template to add a default value:

- team: "{{ (role|dict2items)[0].value.team_name | default('') }}"

After defining the default value for team_name, the team roles were all created with no name values:

controller_roles:
  - team: ""
    workflows:
      - "workflow 123"
    role: "approval"
  - team: ""
    organizations:
      - "Default"
    role: "approval"
  - team: ""
    workflows:
      - "workflow 123"
    role: "read"

My configuration

Playbook:

---
- name: Create AAP filetree
  hosts: localhost
  vars:
    flatten_output: true
    output_path: /tmp/filetree_output
    filetree_create_output_dir: "{{ output_path }}"
    current_inventory_for_sources_index: 1
  pre_tasks:
    - name: "Setup authentication (block)"
      block:
        - name: "Get the Authentication Token for the future requests"
          ansible.builtin.uri:
            url: "https://{{ controller_hostname }}/api/v2/tokens/"
            user: "{{ controller_username }}"
            password: "{{ controller_password }}"
            method: POST
            force_basic_auth: true
            validate_certs: "{{ controller_validate_certs }}"
            status_code: 201
          register: authtoken_res

        - name: "Set the oauth token to be used since now"
          ansible.builtin.set_fact:
            controller_oauthtoken: "{{ authtoken_res.json.token }}"
            controller_oauthtoken_url: "{{ authtoken_res.json.url }}"
      when: controller_oauthtoken is not defined
      tags:
        - always

  tasks:
    - include_role:
        name: infra.controller_configuration.filetree_create

  post_tasks:
    - name: "Delete the Authentication Token used"
      ansible.builtin.uri:
        url: "https://{{ controller_hostname }}{{ controller_oauthtoken_url }}"
        user: "{{ controller_username }}"
        password: "{{ controller_password }}"
        method: DELETE
        force_basic_auth: true
        validate_certs: "{{ controller_validate_certs }}"
        status_code: 204
      when: controller_oauthtoken_url is defined

Vars file:

controller_hostname: <my AAP controller>
controller_password: "{{ pass }}"
controller_username: "{{ user }}"
controller_validate_certs: no

STEPS TO REPRODUCE

• Create a team with no roles attached.
• Run the infra.controller_configuration.filetree_create role using the above playbook/vars files.