Ansible uri module doesn't necessarily urlencode variables

For the longest time I have been using this bit of (kinda incorrect) Ansible code to log into IdM:

- name: Logging in to IPA and store session cookie                            
  uri:                                                                        
    url: "{{ ipa_url }}/session/login_password"                           
    method: POST                                                              
    force_basic_auth: yes                                                     
    headers:                                                                  
       Content-Type: "application/x-www-form-urlencoded"                      
    body: 'user={{ username }}&password={{ password }}'    
    status_code: 200                                                          
    validate_certs: false                                                     
  register: login  

It turns out, if the password contains a percent character % (such as blah%blah), uri will fail to authenticate.

You either need to:

- name: Logging in to IPA and store session cookie                            
  uri:                                                                        
    url: "{{ ipa_url }}/session/login_password"                           
    method: POST                                                              
    body_format: form-urlencoded                                              
    force_basic_auth: yes                                                     
    body:                                                                     
      user: "{{ username }}"                                            
      password: "{{ password }}"                                              
    status_code: 200                                                          
    validate_certs: false                                                     
  register: login

This would urlencode the body.

I have been using API calls rather than Ansible freeipa modules, because they were not maintained and contained bugs.

There is also the Freeipa collection for Ansible but the collection contains pretty much the same bugs that affect me particularly.

Plain API calls just work.

I should find time to contribute and help fixing some of those bugs…




Thanks for reading this post!


If you found an issue in this article, you can create an issue on Github.

If you have a comment or question, please drop me a line below!