Error when create users with an external list

[Neddy]

I'm using Ansible 2.3.0 and writing a playbook that creates MySQL users based on a list of user.

My playbook tree:

|--inventories
|  |--staging
|  |  |--hosts
|--roles
|  |--create_mysql_users
|  |  |--tasks
|  |  |  |--main.yml
|  |  |--vars
|  |  |  |--mysql_users.yml
|--site.yml

site.yml 

- hosts: mysql

  remote_user: centos

  become: yes

  become_method: sudo

  roles:

  - create_mysql_users

roles/create_mysql_users/tasks/main.yml 

---

- include_vars: 

    file="mysql_users.yml" 

    name="mysql_users"

- name: Create MySQL account

  mysql_user:

    name: "{{ item.username }}"

    password: "{{ item.password }}"

    host_all: "{{ item.host_all }}"

    priv: "{{ item.priv }}"

  with_items: "{{ mysql_users }}"

roles/create_mysql_users/vars/mysql_users.yml

---

user1: { username: user1, password: secret, host: "%", priv: "*.*:ALL,GRANT", state: present }

When executing playbook I got error:

# ansible-playbook site.yml -i inventories/stg/hosts -l mysql -C -vv

<snip>

TASK [mysql_create_users : include_vars] *******************************************************************************

task path: /root/ansible-playbook/roles/create_mysql_users/tasks/main.yml:2

ok: [IP_ADDR] => {"ansible_facts": {"mysql_users": {"user1": {"host": "%", "password": "secret", "priv": "*.*:ALL,GRANT", "state": "present", "username": "user1"}}}, "changed": false}

TASK [mysql_create_users : debug] **************************************************************************************

task path: /root/ansible-playbook/roles/create_mysql_users/tasks/main.yml:5

ok: [IP_ADDR] => {

    "changed": false,

    "mysql_users": {

        "user1": {

            "host": "%",

            "password": "secret",

            "priv": "*.*:ALL,GRANT",

            "state": "present",

            "username": "user1"

        }

    }

}

TASK [mysql_create_users : Create or Remove MySQL account] *************************************************************

task path: /root/ansible-playbook/roles/create_mysql_users/tasks/main.yml:7

fatal: [IP_ADDR]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'ansible.vars.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'password'\n\nThe error appears to have been in '/root/ansible-playbook/roles/create_mysql_users/tasks/main.yml': line 7, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Create or Remove MySQL account\n  ^ here\n"}

I don't understand the error message, can anybody help me figure out what's wrong in my playbook please? 

Appreciate

[Brian Coca]

When you are using include-vars to import into the mysql-users
variable, you are creating an 'unsafe object' that Ansible uses
internally to track 'data from modules' and avoid templating them as
they can lead to security issues.

if you create a vars file with:
mysql_user:
- name: user1
...

and use vars_files, it should work normally.

I'm going to check with the rest of the team to see if this is a
behaviour we want for include vars (it is not a 'normal module'). For
now you can use the workaround above.

----------
Brian Coca

[Brian Coca]

I just noticed, mysql_users is NOT a list, its a dictionary:

user1: { username: user1, password: secret, host: "%", priv:
"*.*:ALL,GRANT", state: present }

would require:
name: "{{ mysql_users[item]['username'] }}"

to use as you expect you would have to define as:
- { username: user1, password: secret, host: "%", priv:

"*.*:ALL,GRANT", state: present }

or
- username: user1
password: secret
....

----------
Brian Coca