search

puzzle / puzzle.opnsense

An Ansible Collection to configure an opnsense Firewall
https://puzzle.github.io/puzzle.opnsense/collections/puzzle/opnsense/index.html
GNU General Public License v3.0
24 stars 12 forks source link

Issues with system_access_users module #159

Open GBBx opened 2 weeks ago

GBBx commented 2 weeks ago

Describe the bug

  1. Inconsistent behaviour when creating a user. I try to create a user using the system_access_users module in a role. Task in the role: 
    - name: "create/remove test user"
puzzle.opnsense.system_access_users:
username: "joe"
password: "password"
state: "present"
authorizedkeys: "......."

When I run the playbook with this role I get:

FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 107, in <module>\n  File \"<stdin>\", line 99, in _ansiballz_main\n  File \"<stdin>\", line 47, in invoke_module\n  File \"<frozen runpy>\", line 226, in run_module\n  File \"<frozen runpy>\", line 98, in _run_module_code\n  File \"<frozen runpy>\", line 88, in _run_code\n  File \"/tmp/ansible_puzzle.opnsense.system_access_users_payload_zrt8cd4y/ansible_puzzle.opnsense.system_access_users_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/system_access_users.py\", line 261, in <module>\n  File \"/tmp/ansible_puzzle.opnsense.system_access_users_payload_zrt8cd4y/ansible_puzzle.opnsense.system_access_users_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/system_access_users.py\", line 227, in main\n  File \"/tmp/ansible_puzzle.opnsense.system_access_users_payload_zrt8cd4y/ansible_puzzle.opnsense.system_access_users_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/config_utils.py\", line 167, in __exit__\nRuntimeError: Config has changed. Cannot exit without saving.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Interestingly, the user is there in the UI. If I delete the user and run the playbook again, there is no issue:

TASK [opnsense_user : create/remove test user] *****************************************************************************************************************************************************************************
--- before
+++ after
@@ -2,6 +2,6 @@
     "system": "\n    ",
     "system/maximumtableentries": "",
     "system/nextgid": "2000",
-    "system/nextuid": "2007",
+    "system/nextuid": "2008",
     "system/user": "\n      "
 }
  1. the user cannot be removed by Ansible. task in the role: 
    - name: "remove test user"
puzzle.opnsense.system_access_users:
username: "joe"
state: absent

error:

FAILED! => {"changed": false, "msg": "missing required arguments: password"}

Expected behavior I should be able to create or delete a user without having to run the playbook twice.

Desktop (please complete the following information):

Additional context Target: OPNsense 24.7.6

KiLLuuuhh commented 1 week ago

Hello @GBBx, Thank you for submitting this bug and thereby contributing to the project. We will review it and get back to you as soon as possible.