nxos_user: Do not fail when a custom role is used (#71054)

(https://github.com/ansible-collections/cisco.nxos/pull/130)

Reviewed-by: https://github.com/apps/ansible-zuul
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>

changelogs/fragments/fix_nxos_user_role.yaml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - nxos_user - do not fail when a custom role is used (https://github.com/ansible-collections/cisco.nxos/pull/130)

lib/ansible/modules/network/nxos/nxos_user.py

@@ -142,22 +142,49 @@ import re
 from copy import deepcopy
 from functools import partial
 
-from ansible.module_utils.network.nxos.nxos import run_commands, load_config
+from ansible.module_utils.network.nxos.nxos import run_commands, load_config, get_config
 from ansible.module_utils.network.nxos.nxos import nxos_argument_spec
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.six import string_types, iteritems
 from ansible.module_utils.network.common.utils import remove_default_spec, to_list
 
-VALID_ROLES = ['network-admin', 'network-operator', 'vdc-admin', 'vdc-operator',
-               'priv-15', 'priv-14', 'priv-13', 'priv-12', 'priv-11', 'priv-10',
-               'priv-9', 'priv-8', 'priv-7', 'priv-6', 'priv-5', 'priv-4',
-               'priv-3', 'priv-2', 'priv-1', 'priv-0']
+BUILTIN_ROLES = [
+    "network-admin",
+    "network-operator",
+    "vdc-admin",
+    "vdc-operator",
+    "priv-15",
+    "priv-14",
+    "priv-13",
+    "priv-12",
+    "priv-11",
+    "priv-10",
+    "priv-9",
+    "priv-8",
+    "priv-7",
+    "priv-6",
+    "priv-5",
+    "priv-4",
+    "priv-3",
+    "priv-2",
+    "priv-1",
+    "priv-0",
+]
+
+
+def get_custom_roles(module):
+    return re.findall(
+        r"^role name (\S+)",
+        get_config(module, flags=["| include '^role name'"]),
+        re.M,
+    )
 
 
 def validate_roles(value, module):
+    valid_roles = BUILTIN_ROLES + get_custom_roles(module)
     for item in value:
-        if item not in VALID_ROLES:
-            module.fail_json(msg='invalid role specified')
+        if item not in valid_roles:
+            module.fail_json(msg="invalid role specified")
 
 
 def map_obj_to_commands(updates, module):

test/integration/targets/nxos_user/tests/common/basic.yaml

@@ -4,11 +4,12 @@
   when: ansible_connection == "local"
 
 - name: Remove old entries of user
-  nxos_user:
+  nxos_user: &cleanup
     aggregate:
       - { name: ansibletest1 }
       - { name: ansibletest2 }
       - { name: ansibletest3 }
+      - { name: ansibletest_role }
     provider: "{{ connection }}"
     state: absent
 
@@ -43,14 +44,39 @@
     that:
       - 'result.changed == true'
 
-- name: tearDown
+- name: Create a custom role
+  nxos_config:
+    lines:
+      - role name customrole
+
+- name: Attempt to create a user with a valid custom role
   nxos_user:
-    aggregate:
-      - { name: ansibletest1 }
-      - { name: ansibletest2 }
-      - { name: ansibletest3 }
-    provider: "{{ connection }}"
-    state: absent
+    name: ansibletest_role
+    role: customrole
+    state: present
+  register: result
+
+- assert:
+    that:
+      - result.changed == True
+      - result.failed == False
+      - '"username ansibletest_role role customrole" in result.commands'
+
+- name: Attempt to create user with invalid role (should fail)
+  nxos_user:
+    name: ansibletest_role
+    role: invalid_role
+    state: present
+  register: result
+  ignore_errors: True
+
+- assert:
+    that:
+      - result.failed == True
+      - '"invalid role specified" in result.msg'
+
+- name: tearDown
+  nxos_user: *cleanup
   register: result
 
 - assert:
@@ -58,4 +84,9 @@
       - 'result.changed == true'
       - '"no username" in result.commands[0]'
 
+- name: Delete custom role
+  nxos_config:
+    lines:
+      - no role name customrole
+
 - debug: msg="END connection={{ ansible_connection }} nxos_user basic test"