search

nautobot / nautobot-ansible

Ansible Collection for managing Nautobot Data
https://nautobot-ansible.readthedocs.io/en/latest/
GNU General Public License v3.0
44 stars 31 forks source link

admin_permission doesn't allow to set multiple groups #421

Closed pugnacity closed 19 hours ago

pugnacity commented 5 days ago
ISSUE TYPE
pynautobot

2.2.1

Ansible:

2.17.1

Nautobot:

2.3.1

Collection:

5.3.0

SUMMARY

its not possible to assign a permission set to more when one group

STEPS TO REPRODUCE

create permissons list

permissons:
  - name: ipam.ipaddresstointerface
    actions:
      - view
      - add
      - change
      - delete
    object_types:
      - ipam.ipaddresstointerface
    groups:
      - editor_compute
      - editor_network
      - editor_seccert
      - editor_storage

loop against this 

    - name: Init| permissions
      networktocode.nautobot.admin_permission:
        url: "{{ nautobot_url }}"
        token: "{{ nautobot_token }}"
        name: "{{ permission['name'] }}"
        description: "{{ permission['description'] | default(omit) }}"
        enabled: "{{ permission['enabled'] | default(true) }}"
        object_types: "{{ permission['object_types'] }}"
        actions: "{{ permission['actions'] }}"
        users: "{{ permission['users'] | default(omit) }}"
        groups: "{{ permission['groups'] | default(omit) }}"
        state: present
        validate_certs: "{{ documentation_nautobot['validate_certs'] }}"
      delegate_to: localhost
      register: response
      until: response is succeeded
      retries: "{{ nautobot['retries'] }}"
      delay: "{{ nautobot['delay'] }}"
      loop: "{{ infradb_permissons }}"
      loop_control:
        loop_var: permission
        label: "{{ permission['name'] }}"
      tags: permissionsi
EXPECTED RESULTS

assign/update permissons

ACTUAL RESULTS
permissions (4 retries left).Result was: {
    "attempts": 2,
    "changed": false,
    "invocation": {
        "module_args": {
            "actions": [
                "view",
                "add",
                "change",
                "delete"
            ],
            "api_version": null,
            "constraints": null,
            "description": null,
            "enabled": true,
            "groups": [
                "editor_compute",
                "editor_network",
                "editor_seccert",
                "editor_storage",
                "reader"
            ],
            "name": "token",
            "object_types": [
                "users.token"
            ],
            "query_params": null,
            "state": "present",
            "token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "url": "https://nautobot.domain.tld",
            "users": null,
            "validate_certs": false
        }
    },
    "msg": "More than one result returned for groups",
    "retries": 6
}
joewesch commented 5 days ago

Hello @pugnacity, thanks for the report. Usually the error "More than one result returned for" means the name returned multiple objects. Let me see if I can replicate the error, but can you tell me if you maybe have multiple groups with the same name(s)?

pugnacity commented 5 days ago

every group exists one time

    - name: Print debug message
      ansible.builtin.debug:
        msg: "{{ lookup('networktocode.nautobot.lookup', 'admin-groups', validate_certs=documentation_nautobot.validate_certs, num_retries=3, api_endpoint=nautobot_url, token=nautobot_token) }}"

reports


{
    "msg": [
        {
            "key": 2,
            "value": {
                "display": "editor_compute",
                "id": 2,
                "name": "editor_compute",
                "natural_slug": "editor-compute_2",
                "object_type": "auth.group",
                "url": "https://nautobot.domain.tld/api/users/groups/2/",
                "user_count": 5
            }
        },
        {
            "key": 3,
            "value": {
                "display": "editor_network",
                "id": 3,
                "name": "editor_network",
                "natural_slug": "editor-network_3",
                "object_type": "auth.group",
                "url": "https://nautobot.domain.tld/api/users/groups/3/",
                "user_count": 5
            }
        },
        {
            "key": 5,
            "value": {
                "display": "editor_seccert",
                "id": 5,
                "name": "editor_seccert",
                "natural_slug": "editor-seccert_5",
                "object_type": "auth.group",
                "url": "https://nautobot.domain.tld/api/users/groups/5/",
                "user_count": 9
            }
        },
        {
            "key": 4,
            "value": {
                "display": "editor_storage",
                "id": 4,
                "name": "editor_storage",
                "natural_slug": "editor-storage_4",
                "object_type": "auth.group",
                "url": "https://nautobot.domain.tld/api/users/groups/4/",
                "user_count": 9
            }
        },
        {
            "key": 6,
            "value": {
                "display": "reader",
                "id": 6,
                "name": "reader",
                "natural_slug": "reader_6",
                "object_type": "auth.group",
                "url": "https://nautobot.domain.tld/api/users/groups/6/",
                "user_count": 32
            }
        }
    ]
}