Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cisco.nxos.nxos_user - Purge deletes users which does not exist, breaks idempotency #871

Open
jorgenspange opened this issue Jun 20, 2024 · 3 comments · May be fixed by #903
Open

cisco.nxos.nxos_user - Purge deletes users which does not exist, breaks idempotency #871

jorgenspange opened this issue Jun 20, 2024 · 3 comments · May be fixed by #903
Assignees
Labels
has_pr This issue has an associated PR.

Comments

@jorgenspange
Copy link

For fetching existing users the module runs "show user-account", this command displays users which does not exist, only have been logged in through SSH:

user:sshuser
        roles:network-admin vdc-admin
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user account
Local login not possible

This makes the module try to delete these which are breaking idempotency as they are not present anywhere in the configuration.

The module also deletes users which is defined for snmp, which is more understandable, but still unfortunate.

@AAYUSH2091
Copy link
Contributor

Hi @jorgenspange ,

After going through your issue, I see you mentioned that logged-in users are being deleted. If these users are local, shouldn't they have an entry in the local user database, meaning the purge function is working as expected? Could you please explain what behavior you expect from the purge process?

and also can you share the playbook as well that you were using.

@NilashishC NilashishC added the needs_info This issue requires further information. Please answer any outstanding questions. label Oct 9, 2024
@jorgenspange
Copy link
Author

Hi @AAYUSH2091,

Sorry for the misunderstanding, the logged in users i mention is tacacs-users and not locally created ones.
This happens because "show user-account" also displays ssh connected accounts which is authenticated with tacacs.

this is my play:

- name: remove all users except admin
  cisco.nxos.nxos_user:
    purge: true

Ideally this would delete all locally configured users which are not admin.
What it does is that it tries to delete:
locally configured users
users that are logged in and not defined locally
users which are defined for other purposes for instance snmp

@NilashishC NilashishC added has_pr This issue has an associated PR. and removed needs_info This issue requires further information. Please answer any outstanding questions. labels Oct 16, 2024
@NilashishC
Copy link
Collaborator

NilashishC commented Oct 16, 2024

@jorgenspange Hi! Would it be possible to give @AAYUSH2091's PR #903 a try? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
has_pr This issue has an associated PR.
Projects
None yet
4 participants