Cannot add new entry to this path: user group

[radokristof]

I cannot add user groups with the 'user group' API path:

FAILED! => {"changed": false, "msg": "Cannot add new entry name=\"admin\" to this path"}

Corresponding task:

- name: Configure User groups
  community.routeros.api_modify:
    path: user group
    handle_absent_entries: ignore
    handle_entries_content: remove_as_much_as_possible
    data:
      - name: admin 
        policy: local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api
      - name: operator
        policy: local,ssh,ftp,reboot,read,write,test,winbox,web,sniff,romon,!telnet,!policy,!password,!sensitive,!api,!rest-api

[radokristof]

Also comment is not accepted here

[derdeagle]

Confirmed on my end, I don't know why though. I have no related message on the device nor when passing -vvv to the ansible-playbook command. Not giving up though.

[derdeagle]

Ok, it is because of fixed_entries=True,. I cannot tell what the purpose of this parameter is and if it needs to stay there. I removed it for testing and couldn't tell any problem. @felixfontein Could you please bring some light into this?

[felixfontein]

fixed_entries=True means that you cannot add, remove, or reorder entries in that path. You can only change (non-primary) values for existing entries.

[derdeagle]

Ok so we should be fine removing it. I see nothing wrong in adding new groups via API and if a group should not be deleted RouterOS should prevent it. Yet I don't know if I miss something. Would it be ok to just remove fixed_entries for the user group path?

[felixfontein]

I think it should be OK!

[radokristof]

Great, thank you for both of you!

[derdeagle]

@radokristof The changes are now merged (but not yet released) so that user groups can be managed via this collection.

[radokristof]

@derdeagle Thank you!