search

fortinet-ansible-dev / ansible-galaxy-fortiswitch-collection

GNU General Public License v3.0
2 stars 0 forks source link

Setting ssh keys for admin user. #7

Closed TafkaMax closed 7 months ago

TafkaMax commented 8 months ago

I am having an issue where I can't add ssh-keys to user via fortiswitch_system_admin

 FAILED! => {"changed": false, "meta": {"build": 453, "cmdb-checksum": "5045064375657548524", "cmdb-index": "750", "error_reason": "Invalid SSH public key.\n", "http_method": "POST", "http_status": 400, "name": "admin", "path": "system", "serial": "REDACTED", "status": "error", "timestamp": "2023-12-22T14:09:57Z", "vdom": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "version": "v7.2.5"}, "msg": "Error in repo"}

The code is the following:

- name: Register 'read-only-admin' user if not present in vdom 'root'.
  fortinet.fortiswitch.fortiswitch_system_admin:
    state: present
    system_admin:
      name: 'read-only-admin'
      accprofile: 'read-only-profile'
      comments: "Read Only privileged admin user to save backup configuration."
      password: '{{ switch_ro_password }}'
      ssh_public_key1: "{{ lookup('file', '{{ playbook_dir }}/files/ssh_pubkeys/oxidized_id_rsa.pub' ) }}"
      vdom: 'root'
      force_password_change: disable

The output of the lookup is OK aswell. "ssh-rsa AA....== comment"

TafkaMax commented 8 months ago

I think I might be having the same issue as this.

https://github.com/ansible/ansible/issues/68497

TafkaMax commented 8 months ago

I did the same debug options as specified before and got this:


0: config system admin
0: edit "read-only-admin"
0: unset ssh-public-key1
-651: set ssh-public-key1 "redacted@example.com"

So it removed the key-type and it also removed the key, which left it with the good old comment in the end.

TafkaMax commented 8 months ago

IMHO just allow the module to paste whatever the input the user wants and please do not try to split it in any way.

Doing it via CLI manually worked.

Trying to split the user input is not a good idea, if that is being done here.

set ssh-public-key1 "ssh-rsa BLAAH redacted@example.com"
TafkaMax commented 8 months ago

Even when splitting up the SSH-key string on the whitespaces I am not able to get it working, please fix this functionality.

MaxxLiu22 commented 8 months ago

Hi @TafkaMax ,

Thank you for raising this issue, and sorry for the inconvenience, I can reproduce this problem, I have reported it to the development team for fixing, Thank you for your debug info that is helpful!

Thanks, Maxx

TafkaMax commented 7 months ago

"Fix" mentioned in: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/288