search

menandmice / ansible_micetro

Other
2 stars 11 forks source link

Setting roles in the user module toggles membership #4

Open hb9hnt opened 1 year ago

hb9hnt commented 1 year ago

Hey all

When you try to set roles of a user using the Ansible module, the roles are toggled because the roles that are returned from the api have a lower case role value in the objType parameter but the Ansible module generates them with an upper case value for the field:

# That's what wanted_roles looks like
[{'ref': 'roles/10', 'objType': 'Roles', 'name': 'Requesters (built-in)'}, {'ref': 'roles/12', 'objType': 'Roles', 'name': 'DNS Viewers (built-in)'}, {'ref': 'roles/13', 'objType': 'Roles', 'name': 'IPAM Viewers (built-in)'}]

# And this is the role list from a user
[{'ref': 'roles/10', 'objType': 'roles', 'name': 'Requesters (built-in)'}, {'ref': 'roles/12', 'objType': 'roles', 'name': 'DNS Viewers (built-in)'}, {'ref': 'roles/13', 'objType': 'roles', 'name': 'IPAM Viewers (built-in)'}])

This then breaks the following member test: https://github.com/menandmice/ansible_micetro/blob/main/plugins/modules/user.py#L336

This can be fixed quick and dirty by changing the objectType to lowercase in the user.py

--- user.py.orig        2023-07-04 14:34:37.804860629 +0200
+++ user.py     2023-07-10 16:16:15.902121012 +0200
@@ -287,7 +287,7 @@
                     wanted_roles.append(
                         {
                             "ref": role["ref"],
-                            "objType": "Roles",
+                            "objType": "roles",
                             "name": role["name"],
                         }
                     )

IMHO it would be the better approach to only compare role names since this is the primary key and the module only compares roles at this point anyway.

Most likely the same problem exists for groups, which I didn't explicitly test, though.

tonk commented 2 months ago

Sorry to have kept you for so long, but I currently don't have a valid Micetro license, so I cannot test things.

Please let me know if I should apply this and maybe to the groups part as well. If so I will add it to the repo and generate a new collection.

hb9hnt commented 2 months ago

Hey @tonk - we're not using Ansible anymore to configure the users as we migrated the central to Windows and SSO. So I can't verify whether this is still correct.