community.network
community.network copied to clipboard
icx_user - update_password flag not honoured?
SUMMARY
According to the documentation, icx_user has a field update_password which is either 'always' or 'on_create'. If set to on_create it should only set the password on creation of the user, but it appears to reset it every time the play is run, generating a new hash and logging that a change has occurred. From a quick search of the repo, it doesn't look as though there's actually any code that looks at that value, unless it's somewhere outside of the repo itself.
ISSUE TYPE
- Bug Report
COMPONENT NAME
icx_user
ANSIBLE VERSION
ansible [core 2.13.3]
config file = /usr/local/foo/ansible/ansible.cfg
configured module search path = ['/home/foo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/foo/ansible/lib/python3.8/site-packages/ansible
ansible collection location = /usr/local/foo/ansible/collections
executable location = /usr/local/foo/ansible/bin/ansible
python version = 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0]
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /usr/local/foo/ansible/lib/python3.8/site-packages/ansible_collections
Collection Version
----------------- -------
community.network 4.0.1
# /usr/local/foo/ansible/collections/ansible_collections
Collection Version
----------------- -------
community.network 5.0.0
CONFIGURATION
ANSIBLE_NOCOWS(/usr/local/foo/ansible/ansible.cfg) = True
COLLECTIONS_PATHS(/usr/local/foo/ansible/ansible.cfg) = ['/usr/local/foo/ansible/collections']
DEFAULT_DEBUG(env: ANSIBLE_DEBUG) = False
DEFAULT_HOST_LIST(/usr/local/foo/ansible/ansible.cfg) = ['/usr/local/foo/ansible/hosts']
DEFAULT_KEEP_REMOTE_FILES(env: ANSIBLE_KEEP_REMOTE_FILES) = False
DEFAULT_LOG_PATH(env: ANSIBLE_LOG_PATH) = /home/foo/ansible.log
DEFAULT_REMOTE_USER(/usr/local/foo/ansible/ansible.cfg) = ansdeploy
DEFAULT_ROLES_PATH(/usr/local/foo/ansible/ansible.cfg) = ['/usr/local/foo/ansible/roles']
HOST_KEY_CHECKING(/usr/local/foo/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/usr/local/foo/ansible/ansible.cfg) = auto
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
The password not to be reset every time the play is run
ACTUAL RESULTS
Every time the play is run with no changes to the play or variables, it shows a change was made and on checking on the switch, the encoded password has been modified.
SSH@test#sh users
Username Password Encrypt Priv Status Expire Time
======================================================================================================================
foo $1$aopQ......... enabled 0 enabled Never
# Run the play again
SSH@test#sh users
Username Password Encrypt Priv Status Expire Time
======================================================================================================================
foo $1$tYRP........ enabled 0 enabled Never
@sjwk hello, thanks for reporting the issue!
@Commscope @sushma-alethea as you mentioned as its maintainers, would you like to take a look?
If anyone else wants to fix it, here's the Quick-start dev guide that can help. Stuff in this collection needs more maintainers, so if you're interested, feel free to pick things up! We'd be happy to assist along the way.