freeipa.ansible_freeipa module fails linter, passed arguments

[mohamedhabas11]

Summary

linter interprets freeipa.ansible_freeipa.userauthtype as string if it is defined as variable.
freeipa.ansible_freeipa.ipauser module.

Issue Type

• Bug Report

OS / ENVIRONMENT

ansible-lint --version
ansible-lint 24.9.0 using ansible-core:2.17.4 ansible-compat:24.9.0 ruamel-yaml:0.18.6 ruamel-yaml-clib:0.2.8

ansible-galaxy collection list freeipa.ansible_freeipa

# /Users/MohammedH/.ansible/collections/ansible_collections
Collection              Version
----------------------- -------
freeipa.ansible_freeipa 1.12.1 

ansible --version
ansible [core 2.17.4]
  config file = /Users/MohammedH/.ansible.cfg
  configured module search path = ['/Users/MohammedH/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/MohammedH/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.12.4 (main, Jun  6 2024, 18:26:44) [Clang 15.0.0 (clang-1500.3.9.4)] (/usr/local/opt/python@3.12/bin/python3.12)
  jinja version = 3.1.4
  libyaml = True

macOS: Sonoma 14.5

• ansible installation method: one of source, pip, OS package
  Brew Cellar
• ansible-lint installation method: one of source, pip, OS package
  pip

STEPS TO REPRODUCE

ansible-galaxy collection install freeipa.ansible_freeipa

Desired Behavior

passing the linter
Possible security bugs should be reported via email to security@ansible.com

Actual Behavior

Please give some details of what is happening. Include a minimum complete
verifiable example with:

• minimized playbook to reproduce the error
• the output of running ansible-lint including the command line used
• if you're getting a stack trace, also the output of
  ansible-playbook --syntax-check playbook

Reproduce

Lint OK

cat > freeipa_lintok.yml << EOF
---
- hosts: "localhost"
  gather_facts: false
 
  tasks:
    - name: "Ensure IPA users are present"
      freeipa.ansible_freeipa.ipauser:
        ipaadmin_password: "secret_freeipa_server_admin_password"
        name: "{{ item.key }}"
        userauthtype:
          - "password"
        state: "present"
      loop: "{{ freeipa_users | dict2items }}"
      vars:
        freeipa_users:
          user1:
            present: yes
            realname: "User One"
            groups:
              - users
              - admins
EOF
ansible-lint freeipa_lintok.yml

Lint fail

cat > freeipa_lintfail.yml << EOF
---
- hosts: "localhost"
  gather_facts: false
 
  tasks:
    - name: "Ensure IPA users are present"
      freeipa.ansible_freeipa.ipauser:
        ipaadmin_password: "secret_freeipa_server_admin_password"
        name: "{{ item.key }}"
        userauthtype: "{{ item.value.authtype | d(['password']) }}"
        state: "present"
      loop: "{{ freeipa_users | dict2items }}"
      vars:
        freeipa_users:
          user1:
            present: yes
            realname: "User One"
            groups:
              - users
              - admins
EOF
ansible-lint freeipa_lintfail.yml

args[module]: value of userauthtype must be one or more of: password, radius, otp, pkinit, hardened, idp, . Got no match for: {{ item.value.authtype | d(['password']) }}
freeipa_lintfail.yml:6 Task/Handler: Ensure IPA users are present

Read documentation for instructions on how to ignore specific rule violations.

             Rule Violation Summary              
 count tag          profile rule associated tags 
     1 args[module]         syntax, experimental 

Failed: 1 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'production'. Rating: 5/5 star