community.zabbix icon indicating copy to clipboard operation
community.zabbix copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

zabbix_user fails with 'Incorrect value for field "passwd": cannot be empty.'

Open ironbishop opened this issue 1 year ago • 0 comments

SUMMARY

In zabbix_user when you use the builtin group "No access to the frontend", together with a group with "system default" authentication, password is not passed to API for user creation. But password is required when "system default" is "internal", so user creation fails. The current code assumes "system default" is "internal", but checks for it only if "No access to the frontend" ("3") is not in use.

https://github.com/ansible-collections/community.zabbix/blob/f299dc715f073cc4983fd0b9ef0a78875ea950fb/plugins/modules/zabbix_user.py#L334

In this scenario "No access to the frontend" is used to stop the users from logging in. The second group is used to allow read access to a host group, in order receive notifications. Only the "LDAP" group has an authentication different from "internal". These users are not in the LDAP group.

The local test was on Zabbix 5.0.

WORKAROUND

Set "internal" as the authentication for the second user group, instead of "default" (even if default is already internal).

ISSUE TYPE
  • Bug Report
COMPONENT NAME

module: zabbix_user

ANSIBLE VERSION
ansible [core 2.14.1]
  config file = /omissis/ansible/ansible.cfg
  configured module search path = ['/omissis/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /omissis/ansible/venv/lib/python3.11/site-packages/ansible
  ansible collection location = /omissis/.ansible/collections:/usr/share/ansible/collections
  executable location = /omissis/ansible/venv/bin/ansible
  python version = 3.11.1 (main, Dec 22 2022, 17:34:03) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] (/omissis/ansible/venv/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
STEPS TO REPRODUCE
    - name: Create a new zabbix user
      community.zabbix.zabbix_user:
        name: "{{ item.name }}"
        surname: "{{ item.surname }}"
        usrgrps:
          - No access to the frontend
          - Group with default auth, which is internal
        passwd: "{{ item.p }}"
        user_medias:
          - mediatype: Email
            sendto: "{{ item.address }}"
            period: 1-7,00:00-24:00
            severity:
              not_classified: no
              information: yes
              warning: yes
              average: yes
              high: yes
              disaster: yes
        type: Zabbix user
        state: present
      loop: "{{ formatted_contacts }}"
EXPECTED RESULTS

User should be created.

ACTUAL RESULTS

User creation fails.

Failed to create user omissis: ('Error -32602: Invalid params., Incorrect value for field "passwd": cannot be empty. while sending {"jsonrpc": "2.0", "method": "user.create", "params": {"alias": "omissis", "name": "omissis", "surname": "omissis", "usrgrps": [{"usrgrpid": "12"}, {"usrgrpid": "154"}], "user_medias": [{"sendto": ["omissis"], "period": "1-7,00:00-24:00", "severity": "62", "active": "0", "mediatypeid": "1"}], "type": "1"}, "auth": "omissis", "id": 5}', -32602)

ironbishop avatar May 29 '23 15:05 ironbishop