search

ansible-collections / cisco.ios

Ansible Network Collection for Cisco IOS
GNU General Public License v3.0
261 stars 162 forks source link

ios_user setting type 8 secret stopped working #1018

Closed eleksis closed 3 months ago

eleksis commented 3 months ago
SUMMARY

Setting user with type 8 hashed secret is not working anymore (In version 6.1.0), worked in 4.6.1

ISSUE TYPE
COMPONENT NAME

ios_user.py

ANSIBLE VERSION
2.15.8
COLLECTION VERSION
6.1.0
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE

Update existing user's secret: {name: "user", privilege: 15, sshkey: , hashed_password: {value: , type: 8}}

fatal: [switch]: FAILED! => changed=false 
  invocation:
    module_args:
      aggregate:
      - configured_password: null
        hashed_password:
          type: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
          value: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
        name: user
        nopassword: null
        password_type: null
        privilege: 15
        sshkey:
        - ssh-rsa 9********B********5********D user
        state: present
        update_password: null
        view: null
      configured_password: null
      hashed_password: null
      name: null
      nopassword: null
      password_type: secret
      privilege: null
      purge: true
      sshkey: null
      state: present
      update_password: on_create
      view: null
  msg: |-
    username user password ******** $********$3e46c920422e********4$RHTEN0CP4e0UUlt/ij3XFzidfNprda********ly.HXPCdzXfY
    ERROR: Can not have both a user password and a user secret.
    Please choose one or the other.
    switch(config)#

On device user is already configured with type8 hashed secret. Module tries to configure it as password.

You made some changes in the last PR for this module (https://github.com/ansible-collections/cisco.ios/pull/970/files#diff-f691c744908ac8f55f153b2cdb1da1d5a862a5fefe199a6efc9460a1df7ca786R382). But don't understand why checking only for type 9? You obviously did not check syntax for other hash algorithms..

switch(config)#username test privilege 15 secret  ?
  0      Specifies an UNENCRYPTED secret will follow
  5      Specifies a MD5 HASHED secret will follow
  8      Specifies a PBKDF2 HASHED secret will follow
  9      Specifies a SCRYPT HASHED secret will follow
  <0-9>  Encryption types not explicitly specified
  LINE   The UNENCRYPTED (cleartext) user secret
  LINE   The UNENCRYPTED (cleartext) user secret

switch(config)#username test privilege 15 password ?
  0     Specifies an UNENCRYPTED password will follow
  6     Specifies an ENCRYPTED password will follow
  7     Specifies a HIDDEN password will follow
  LINE  The UNENCRYPTED (cleartext) user password
roverflow commented 3 months ago

@eleksis can you share the playbook that you used

eleksis commented 3 months ago 
- hosts: l2_switch:&ios
  tasks:
    - name: Set account
      ios_user:
        state: present
        purge: yes
        update_password: on_create
        aggregate:
          - name: user
            privilege: 15
            hashed_password:
              value: ***
              type: 8
            sshkey: ***