diff --git a/changelogs/fragments/65962_nxos_user_roles_fix.yaml b/changelogs/fragments/65962_nxos_user_roles_fix.yaml new file mode 100644 index 00000000000..144c6364e6f --- /dev/null +++ b/changelogs/fragments/65962_nxos_user_roles_fix.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fix issue where nxos_user unintentionally creates user with two different roles (https://github.com/ansible/ansible/pull/65962) diff --git a/lib/ansible/modules/network/nxos/nxos_user.py b/lib/ansible/modules/network/nxos/nxos_user.py index 8f7aa28830b..afbad2e3469 100644 --- a/lib/ansible/modules/network/nxos/nxos_user.py +++ b/lib/ansible/modules/network/nxos/nxos_user.py @@ -177,12 +177,30 @@ def map_obj_to_commands(updates, module): def remove(x): return commands.append('no username %s %s' % (want['name'], x)) + def configure_roles(): + if want['roles']: + if have: + for item in set(have['roles']).difference(want['roles']): + remove('role %s' % item) + + for item in set(want['roles']).difference(have['roles']): + add('role %s' % item) + else: + for item in want['roles']: + add('role %s' % item) + + return True + return False + if want['state'] == 'absent': commands.append('no username %s' % want['name']) continue + roles_configured = False if want['state'] == 'present' and not have: - commands.append('username %s' % want['name']) + roles_configured = configure_roles() + if not roles_configured: + commands.append('username %s' % want['name']) if needs_update('configured_password'): if update_password == 'always' or not have: @@ -191,16 +209,8 @@ def map_obj_to_commands(updates, module): if needs_update('sshkey'): add('sshkey %s' % want['sshkey']) - if want['roles']: - if have: - for item in set(have['roles']).difference(want['roles']): - remove('role %s' % item) - - for item in set(want['roles']).difference(have['roles']): - add('role %s' % item) - else: - for item in want['roles']: - add('role %s' % item) + if not roles_configured: + configure_roles() return commands diff --git a/test/integration/targets/nxos_user/tests/common/basic.yaml b/test/integration/targets/nxos_user/tests/common/basic.yaml index cde25f8bf04..50d1d2986bb 100644 --- a/test/integration/targets/nxos_user/tests/common/basic.yaml +++ b/test/integration/targets/nxos_user/tests/common/basic.yaml @@ -21,11 +21,13 @@ state: present register: result +- debug: msg="{{result}}" + - assert: that: - 'result.changed == true' - '"username" in result.commands[0]' - - '"role network-operator" in result.commands[1]' + - '"role network-operator" in result.commands[0]' - name: Collection of users nxos_user: diff --git a/test/integration/targets/nxos_user/tests/common/net_user.yaml b/test/integration/targets/nxos_user/tests/common/net_user.yaml index c9151beffb1..8c8a82c1d4d 100644 --- a/test/integration/targets/nxos_user/tests/common/net_user.yaml +++ b/test/integration/targets/nxos_user/tests/common/net_user.yaml @@ -25,7 +25,7 @@ that: - 'result.changed == true' - '"username" in result.commands[0]' - - '"role network-operator" in result.commands[1]' + - '"role network-operator" in result.commands[0]' - name: teardown net_user: