community.zabbix
community.zabbix copied to clipboard
zabbix_user fails with 'Incorrect value for field "passwd": cannot be empty.'
SUMMARY
In zabbix_user
when you use the builtin group "No access to the frontend", together with a group with "system default" authentication, password is not passed to API for user creation. But password is required when "system default" is "internal", so user creation fails. The current code assumes "system default" is "internal", but checks for it only if "No access to the frontend" ("3") is not in use.
https://github.com/ansible-collections/community.zabbix/blob/f299dc715f073cc4983fd0b9ef0a78875ea950fb/plugins/modules/zabbix_user.py#L334
In this scenario "No access to the frontend" is used to stop the users from logging in. The second group is used to allow read access to a host group, in order receive notifications. Only the "LDAP" group has an authentication different from "internal". These users are not in the LDAP group.
The local test was on Zabbix 5.0.
WORKAROUND
Set "internal" as the authentication for the second user group, instead of "default" (even if default is already internal).
ISSUE TYPE
- Bug Report
COMPONENT NAME
module: zabbix_user
ANSIBLE VERSION
ansible [core 2.14.1]
config file = /omissis/ansible/ansible.cfg
configured module search path = ['/omissis/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /omissis/ansible/venv/lib/python3.11/site-packages/ansible
ansible collection location = /omissis/.ansible/collections:/usr/share/ansible/collections
executable location = /omissis/ansible/venv/bin/ansible
python version = 3.11.1 (main, Dec 22 2022, 17:34:03) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] (/omissis/ansible/venv/bin/python3.11)
jinja version = 3.1.2
libyaml = True
STEPS TO REPRODUCE
- name: Create a new zabbix user
community.zabbix.zabbix_user:
name: "{{ item.name }}"
surname: "{{ item.surname }}"
usrgrps:
- No access to the frontend
- Group with default auth, which is internal
passwd: "{{ item.p }}"
user_medias:
- mediatype: Email
sendto: "{{ item.address }}"
period: 1-7,00:00-24:00
severity:
not_classified: no
information: yes
warning: yes
average: yes
high: yes
disaster: yes
type: Zabbix user
state: present
loop: "{{ formatted_contacts }}"
EXPECTED RESULTS
User should be created.
ACTUAL RESULTS
User creation fails.
Failed to create user omissis: ('Error -32602: Invalid params., Incorrect value for field "passwd": cannot be empty. while sending {"jsonrpc": "2.0", "method": "user.create", "params": {"alias": "omissis", "name": "omissis", "surname": "omissis", "usrgrps": [{"usrgrpid": "12"}, {"usrgrpid": "154"}], "user_medias": [{"sendto": ["omissis"], "period": "1-7,00:00-24:00", "severity": "62", "active": "0", "mediatypeid": "1"}], "type": "1"}, "auth": "omissis", "id": 5}', -32602)