Let me further clarify what I'm looking to do and show where I'm at. We
have some bash scripts that check our IPA server user's and determines
their password age. Any user who has not changed their password in 180
days gets automatically disabled. So that expiration date will be in
past. In bash we found an "abs" function to make a negative date
calculation a positive value. For example, if a person's account has been
expired since May 19, 2021, that is 182 days ago and should be expired.
I'm trying to do something similar with Ansible. But I'm working on the
date calculations now before expanding.
So I'm able to get the user's password expiration date using the IPA APIs,
and can set the fact for it as assisted above in this thread. I can also
get today's date using the Ansible facts. What I am having an issue with
now is trying to use the facts previously calculated to determine the age,
and its not working:
- name: Set facts
set_fact:
utc: '{{ lookup(''pipe'',
''date -u --date="'' +
(user_show.json.result.result.krbpasswordexpiration[0][''__datetime__'']|
regex_replace(''^(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z'',''\1-\2-\3
\4:\5:\6 UTC'')) + ''" "+%Y-%m-%d"'') }}'
today: "{{ (ansible_date_time.date | to_datetime('%Y-%m-%d')).date()
}}"
age: "{{ ((utc) - (today)).days }}"
FAILED! => {"msg": "Unexpected templating type error occurred on ({{ ((utc)
- (today)).days }}): unsupported operand type(s) for -: 'AnsibleUnsafeText'
and 'AnsibleUnsafeText'"}
Any ideas on how to reference the "utc" and "today" facts in the "age" fact?
Thanks,
Harry
On Wednesday, November 17, 2021 at 12:10:18 PM UTC-5 uto...@gmail.com wrote:
> You don't need a datetime object. You just need to know if the string you
> have sorts before or after this string:
> '{{ lookup(''pipe'', ''date -u --date="now - 180 days" +%Y%m%d000000Z'')
> }}'
> I would argue "now - 180 days" is going to be a lot easier to understand
> next year than whatever "pure Ansible" contortions you come up with to do
> the same thing.
>
> On Wednesday, November 17, 2021 at 8:11:28 AM UTC-5 lift...@gmail.com
> wrote:
>
>> Thanks for that! I can now reference the __datetime__ member, but now
>> I'm trying to convert that to a datetime object in the format of YYmmdd,
>> but I get an error. Here's how I'm setting the fact now:
>>
>> - name: Set facts
>> set_fact:
>> user_expires: "{{
>> user_show.json.result.result.krbpasswordexpiration[0]['__datetime__'] |
>> to_datetime('%Y%m%d') }}"
>>
>> - name: print results
>> debug:
>> msg: "{{ user_expires }} / {{ ansible_date_time.year }}{{
>> ansible_date_time.month }}{{ ansible_date_time.day }}"
>>
>> When I run the playbook, it gives me the following error in the set_fact
>> play:
>>
>> FAILED! => {"msg": "the field 'args' has an invalid value
>> ({u'user_expires': u\"{{
>> user_show.json.result.result.krbpasswordexpiration[0]['__datetime__'] |
>> to_datetime('%Y%m%d') }}\"}), and could not be converted to an dict.The
>> error was: unconverted data remains: 191401Z\n\n
>>
>> Any ideas?
>>
>> Thanks,
>> Harry
>>
>> On Tuesday, November 16, 2021 at 11:15:15 PM UTC-5 uto...@gmail.com
>> wrote:
>>
>>> - name: KrbPasswordExpiration date/time demo
>>> hosts: localhost
>>> vars:
>>> user_show:
>>> json:
>>> result:
>>> result:
>>> krbpasswordexpiration: [
>>> {
>>> "__datetime__": "20220207191401Z"
>>> }
>>> ]
>>> tasks:
>>> - name: Read and manipulate the krb password expiration date/time.
>>> set_fact:
>>> utc: '{{ lookup(''pipe'',
>>> ''date -u --date="'' +
>>>
>>> (user_show.json.result.result.krbpasswordexpiration[0][''__datetime__'']|
>>>
>>> regex_replace(''^(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z'',''\1-\2-\3
>>> \4:\5:\6 UTC'')) +
>>> ''" "+%Y-%m-%d %H:%M:%S %z"'') }}'
>>>
>>> - name: Do you have the time?
>>> debug:
>>> msg:
>>> - "Before: {{
>>> user_show.json.result.result.krbpasswordexpiration[0]['__datetime__'] }}"
>>> - "After: {{ utc }}"
>>>
>>> # > What I'm ultimately trying to do is grab a user's expiration
>>> date, and compare it to
>>> # > the current date. If the date is greater than or equal to 180,
>>> I need to disable the
>>> # > account.
>>> # That's a different problem. Behold:
>>>
>>> - name: Save "now - 180 days" in krbpasswordexpiration format
>>> set_fact:
>>> krbpassworddeadline: '{{ lookup(''pipe'',
>>> ''date -u --date="now - 180
>>> days" +%Y%m%d000000Z'') }}'
>>> - name: Show the deadline
>>> debug:
>>> msg: "krbpassworddeadline: {{ krbpassworddeadline }}"
>>>
>>> - name: Expire user
>>> debug:
>>> msg:
>>> - "This is where you'd expire the user IFF the following were
>>> True:"
>>> - "when: krbpassworddeadline >
>>> user_show.json.result.result.krbpasswordexpiration[0]['__datetime__']"
>>> - "i.e. when: {{ krbpassworddeadline }} > {{
>>> user_show.json.result.result.krbpasswordexpiration[0]['__datetime__'] }}"
>>>
>>> This produces the following output:
>>>
>>> TASK [Ansible setup date-time in UTC]
>>> ********************************************************************
>>> task path: /home/utoddl/ansible/date-utc2.yml:29
>>> ok: [localhost] => changed=false
>>> ansible_facts:
>>> utc: 2022-02-07 19:14:01 +0000
>>>
>>> TASK [Do you have the time?]
>>> *****************************************************************************
>>> task path: /home/utoddl/ansible/date-utc2.yml:40
>>> ok: [localhost] =>
>>> msg:
>>> - 'Before: 20220207191401Z'
>>> - 'After: 2022-02-07 19:14:01 +0000'
>>>
>>> TASK [Save "now - 180 days" in krbpasswordexpiration format]
>>> *********************************************
>>> task path: /home/utoddl/ansible/date-utc2.yml:51
>>> ok: [localhost] => changed=false
>>> ansible_facts:
>>> krbpassworddeadline: 20210521000000Z
>>>
>>> TASK [Show the deadline]
>>> *********************************************************************************
>>> task path: /home/utoddl/ansible/date-utc2.yml:55
>>> ok: [localhost] =>
>>> msg: 'krbpassworddeadline: 20210521000000Z'
>>>
>>> TASK [Expire user]
>>> ***************************************************************************************
>>> task path: /home/utoddl/ansible/date-utc2.yml:59
>>> ok: [localhost] =>
>>> msg:
>>> - 'This is where you''d expire the user IFF the following were True:'
>>> - 'when: krbpassworddeadline >
>>> user_show.json.result.result.krbpasswordexpiration[0][''__datetime__'']'
>>> - 'i.e. when: 20210521000000Z > 20220207191401Z'
>>> META: ran handlers
>>> META: ran handlers
>>>
>>> PLAY RECAP
>>> ***********************************************************************************************
>>> localhost : ok=6 changed=0 unreachable=0
>>> failed=0 skipped=0 rescued=0 ignored=0
>>>
>>> On Tuesday, November 16, 2021 at 12:16:46 PM UTC-5 lift...@gmail.com
>>> wrote:
>>>
>>>> I'm using the freeipa APIs in a playbook to get a user's LDAP
>>>> information. I can get the krbpasswordexpiration fine:
>>>>
>>>> "krbpasswordexpiration": [
>>>> {
>>>> "__datetime__": "20220207191401Z"
>>>> }
>>>>
>>>> But I can't figure out how to access the date string to convert it to a
>>>> date object. I need it in the form of YYMMDD. If I try to set a fact as
>>>> follows:
>>>>
>>>> user_show.json.result.result.krbpasswordexpiration
>>>>
>>>> I get an error about the fact being a list and not a string. How do I
>>>> pull out the date string so I can turn it into a date?
>>>>
>>>> What I'm ultimately trying to do is grab a user's expiration date, and
>>>> compare it to the current date. If the date is greater than or equal to
>>>> 180, I need to disable the account.
>>>>
>>>> Thanks!
>>>> Harry
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/49f04b92-43bf-40e4-964b-18782a9bf376n%40googlegroups.com.
