Fix nxos_user roles bug (#65962)

5 years ago · c2fed8603c
parent 52f3ce8a80
commit c2fed8603c
3 changed files with 25 additions and 13 deletions
--- a/lib/ansible/modules/network/nxos/nxos_user.py
+++ b/lib/ansible/modules/network/nxos/nxos_user.py
@ -174,11 +174,29 @@ def map_obj_to_commands(updates, module):
        def remove(x):
            return commands.append('no username %s %s' % (want['name'], x))

+        def configure_roles():
+            if want['roles']:
+                if have:
+                    for item in set(have['roles']).difference(want['roles']):
+                        remove('role %s' % item)
+
+                    for item in set(want['roles']).difference(have['roles']):
+                        add('role %s' % item)
+                else:
+                    for item in want['roles']:
+                        add('role %s' % item)
+
+                return True
+            return False
+
        if want['state'] == 'absent':
            commands.append('no username %s' % want['name'])
            continue

+        roles_configured = False
        if want['state'] == 'present' and not have:
+            roles_configured = configure_roles()
+            if not roles_configured:
                commands.append('username %s' % want['name'])

        if needs_update('configured_password'):
@ -188,16 +206,8 @@ def map_obj_to_commands(updates, module):
        if needs_update('sshkey'):
            add('sshkey %s' % want['sshkey'])

-        if want['roles']:
-            if have:
-                for item in set(have['roles']).difference(want['roles']):
-                    remove('role %s' % item)
-
-                for item in set(want['roles']).difference(have['roles']):
-                    add('role %s' % item)
-            else:
-                for item in want['roles']:
-                    add('role %s' % item)
+        if not roles_configured:
+            configure_roles()

    return commands

--- a/test/integration/targets/nxos_user/tests/common/basic.yaml
+++ b/test/integration/targets/nxos_user/tests/common/basic.yaml
@ -21,11 +21,13 @@
    state: present
  register: result

+- debug: msg="{{result}}"
+
 - assert:
    that:
      - 'result.changed == true'
      - '"username" in result.commands[0]'
-      - '"role network-operator" in result.commands[1]'
+      - '"role network-operator" in result.commands[0]'

 - name: Collection of users
  nxos_user:
--- a/test/integration/targets/nxos_user/tests/common/net_user.yaml
+++ b/test/integration/targets/nxos_user/tests/common/net_user.yaml
@ -25,7 +25,7 @@
    that:
      - 'result.changed == true'
      - '"username" in result.commands[0]'
-      - '"role network-operator" in result.commands[1]'
+      - '"role network-operator" in result.commands[0]'

 - name: teardown
  net_user: