Fix nxos_user roles bug (#65962)

(cherry picked from commit c2fed8603c) Add changelog for nxos_user roles fix
5 years ago · 247c73432e
parent 4f3dd5a043
commit 247c73432e
4 changed files with 28 additions and 13 deletions
--- a/changelogs/fragments/65962_nxos_user_roles_fix.yaml
+++ b/changelogs/fragments/65962_nxos_user_roles_fix.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Fix issue where nxos_user unintentionally creates user with two different roles (https://github.com/ansible/ansible/pull/65962)
--- a/lib/ansible/modules/network/nxos/nxos_user.py
+++ b/lib/ansible/modules/network/nxos/nxos_user.py
@ -177,12 +177,30 @@ def map_obj_to_commands(updates, module):
        def remove(x):
            return commands.append('no username %s %s' % (want['name'], x))

+        def configure_roles():
+            if want['roles']:
+                if have:
+                    for item in set(have['roles']).difference(want['roles']):
+                        remove('role %s' % item)
+
+                    for item in set(want['roles']).difference(have['roles']):
+                        add('role %s' % item)
+                else:
+                    for item in want['roles']:
+                        add('role %s' % item)
+
+                return True
+            return False
+
        if want['state'] == 'absent':
            commands.append('no username %s' % want['name'])
            continue

+        roles_configured = False
        if want['state'] == 'present' and not have:
-            commands.append('username %s' % want['name'])
+            roles_configured = configure_roles()
+            if not roles_configured:
+                commands.append('username %s' % want['name'])

        if needs_update('configured_password'):
            if update_password == 'always' or not have:
@ -191,16 +209,8 @@ def map_obj_to_commands(updates, module):
        if needs_update('sshkey'):
            add('sshkey %s' % want['sshkey'])

-        if want['roles']:
-            if have:
-                for item in set(have['roles']).difference(want['roles']):
-                    remove('role %s' % item)
-
-                for item in set(want['roles']).difference(have['roles']):
-                    add('role %s' % item)
-            else:
-                for item in want['roles']:
-                    add('role %s' % item)
+        if not roles_configured:
+            configure_roles()

    return commands

--- a/test/integration/targets/nxos_user/tests/common/basic.yaml
+++ b/test/integration/targets/nxos_user/tests/common/basic.yaml
@ -21,11 +21,13 @@
    state: present
  register: result

+- debug: msg="{{result}}"
+
 - assert:
    that:
      - 'result.changed == true'
      - '"username" in result.commands[0]'
-      - '"role network-operator" in result.commands[1]'
+      - '"role network-operator" in result.commands[0]'

 - name: Collection of users
  nxos_user:
--- a/test/integration/targets/nxos_user/tests/common/net_user.yaml
+++ b/test/integration/targets/nxos_user/tests/common/net_user.yaml
@ -25,7 +25,7 @@
    that:
      - 'result.changed == true'
      - '"username" in result.commands[0]'
-      - '"role network-operator" in result.commands[1]'
+      - '"role network-operator" in result.commands[0]'

 - name: teardown
  net_user: