community.network icon indicating copy to clipboard operation
community.network copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

icx_user - update_password flag not honoured?

Open sjwk opened this issue 1 year ago • 1 comments

SUMMARY

According to the documentation, icx_user has a field update_password which is either 'always' or 'on_create'. If set to on_create it should only set the password on creation of the user, but it appears to reset it every time the play is run, generating a new hash and logging that a change has occurred. From a quick search of the repo, it doesn't look as though there's actually any code that looks at that value, unless it's somewhere outside of the repo itself.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

icx_user

ANSIBLE VERSION
ansible [core 2.13.3]
  config file = /usr/local/foo/ansible/ansible.cfg
  configured module search path = ['/home/foo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/foo/ansible/lib/python3.8/site-packages/ansible
  ansible collection location = /usr/local/foo/ansible/collections
  executable location = /usr/local/foo/ansible/bin/ansible
  python version = 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /usr/local/foo/ansible/lib/python3.8/site-packages/ansible_collections
Collection        Version
----------------- -------
community.network 4.0.1

# /usr/local/foo/ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.network 5.0.0
CONFIGURATION
ANSIBLE_NOCOWS(/usr/local/foo/ansible/ansible.cfg) = True
COLLECTIONS_PATHS(/usr/local/foo/ansible/ansible.cfg) = ['/usr/local/foo/ansible/collections']
DEFAULT_DEBUG(env: ANSIBLE_DEBUG) = False
DEFAULT_HOST_LIST(/usr/local/foo/ansible/ansible.cfg) = ['/usr/local/foo/ansible/hosts']
DEFAULT_KEEP_REMOTE_FILES(env: ANSIBLE_KEEP_REMOTE_FILES) = False
DEFAULT_LOG_PATH(env: ANSIBLE_LOG_PATH) = /home/foo/ansible.log
DEFAULT_REMOTE_USER(/usr/local/foo/ansible/ansible.cfg) = ansdeploy
DEFAULT_ROLES_PATH(/usr/local/foo/ansible/ansible.cfg) = ['/usr/local/foo/ansible/roles']
HOST_KEY_CHECKING(/usr/local/foo/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/usr/local/foo/ansible/ansible.cfg) = auto
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS

The password not to be reset every time the play is run

ACTUAL RESULTS

Every time the play is run with no changes to the play or variables, it shows a change was made and on checking on the switch, the encoded password has been modified.

SSH@test#sh users
Username                                        Password                           Encrypt   Priv Status   Expire Time
======================================================================================================================
foo                                             $1$aopQ......... enabled   0    enabled  Never

# Run the play again

SSH@test#sh users
Username                                        Password                           Encrypt   Priv Status   Expire Time
======================================================================================================================
foo                                             $1$tYRP........ enabled   0    enabled  Never

sjwk avatar Jan 28 '23 13:01 sjwk

@sjwk hello, thanks for reporting the issue!

@Commscope @sushma-alethea as you mentioned as its maintainers, would you like to take a look?

If anyone else wants to fix it, here's the Quick-start dev guide that can help. Stuff in this collection needs more maintainers, so if you're interested, feel free to pick things up! We'd be happy to assist along the way.

Andersson007 avatar Jan 31 '23 11:01 Andersson007