cp_mgmt_administrator: expiration_date not updating

Question

cp_mgmt_administrator: expiration_date not updating

alex-barth opened this issue 4 years ago · comments

When expiration_date is the only changed value, ansible returns with "ok".
It should detect the change, replace the value and report "changed".

chkp-orso · Answer 1 · Tue May 12 2020 15:13:42 GMT+0800 (China Standard Time)

Hi @alex-barth

Can you please send the playbook, and the output of running this playbook
Also which version of the collection do you have?

Thanks, Or

Alex Barth · Answer 2 · Tue May 12 2020 22:16:42 GMT+0800 (China Standard Time)

Hi @chkp-orso
I am using ansible 2.9.7 with python 3.7.5. I used the collection included with that ansible release.
I also downloaded the version 1.0.5 just now and got the same result.
my test_admin.yml:

---
- name: "Administrator {{ checkpoint_administrator_name }} present"
  hosts: cp_mgt
  connection: httpapi
  collections:
   - check_point.mgmt
  vars:
    checkpoint_administrator_name: test_admin

  tasks:
    - name: "Add administrator {{ checkpoint_administrator_name }} to {{ inventory_hostname }}"
      cp_mgmt_administrator:
        name: "{{ checkpoint_administrator_name }}"
        color: blue
        authentication_method: os password
        # expiration date is not working as intended, wont update if its the only value that changed
        expiration_date: "2300-12-31"
        password: secret
        multi_domain_profile: Multi-Domain Super User
        state: present
        auto_publish_session: true

and the ouput from ansible-playbook test_admin.yml -vvv:

ansible-playbook 2.9.7
  config file = /root/ansible_tests/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.7/dist-packages/ansible-2.9.7-py3.7.egg/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.7.5 (default, Oct 27 2019, 15:43:29) [GCC 9.2.1 20191022]
Using /root/ansible_tests/ansible.cfg as config file
host_list declined parsing /root/ansible_tests/inv.yml as it did not pass its verify_file() method
script declined parsing /root/ansible_tests/inv.yml as it did not pass its verify_file() method
Parsed /root/ansible_tests/inv.yml inventory source with yaml plugin

PLAYBOOK: test_admin.yml ******************************************************************************************
1 plays in test_admin.yml

PLAY [Administrator test_admin present] ***************************************************************************
META: ran handlers

TASK [Add administrator test_admin to cp_mgt] *********************************************************************
task path: /root/ansible_tests/test_admin.yml:11
<10.88.255.20> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.88.255.20> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-379455wsv5k07g `"&& mkdir /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978 && echo ansible-tmp-1589292271.03841-379473-200539730347978="` echo /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978 `" ) && sleep 0'
<cp_mgt> Attempting python interpreter discovery
<10.88.255.20> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<10.88.255.20> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
<cp_mgt> Python interpreter discovery fallback (unsupported Linux distribution: debian)
Using module file /root/.ansible/collections/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py
<10.88.255.20> PUT /root/.ansible/tmp/ansible-local-379455wsv5k07g/tmplpvcu6vh TO /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/AnsiballZ_cp_mgmt_administrator.py
<10.88.255.20> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/ /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/AnsiballZ_cp_mgmt_administrator.py && sleep 0'
<10.88.255.20> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/AnsiballZ_cp_mgmt_administrator.py && sleep 0'
<10.88.255.20> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/ > /dev/null 2>&1 && sleep 0'
[WARNING]: Module did not set no_log for password_hash
[WARNING]: Module did not set no_log for password
[WARNING]: Module did not set no_log for must_change_password
ok: [cp_mgt] => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "checkpoint_session_uid": "d896ee91-85bb-46c6-b7ff-a6eaee9cd5b8",
    "invocation": {
        "module_args": {
            "authentication_method": "os password",
            "auto_publish_session": true,
            "color": "blue",
            "comments": null,
            "details_level": null,
            "email": null,
            "expiration_date": "2300-12-31",
            "ignore_errors": null,
            "ignore_warnings": null,
            "multi_domain_profile": "Multi-Domain Super User",
            "must_change_password": null,
            "name": "test_admin",
            "password": "secret",
            "password_hash": null,
            "permissions_profile": null,
            "phone_number": null,
            "radius_server": null,
            "state": "present",
            "tacacs_server": null,
            "tags": null,
            "version": null,
            "wait_for_task": true
        }
    }
}
META: ran handlers
META: ran handlers

PLAY RECAP ********************************************************************************************************
cp_mgt                     : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

which returns ok=1, but the user still has the expiration date 2222-12-31 instead of 2300-12-31.
This is also seen in SmartConsole and the ouput from running cp_mgmt_administrator_facts afterwards:

{
                    "authentication-method": "os password",
                    "color": "blue",
                    "comments": "",
                    "domain": {
                        "domain-type": "mds",
                        "name": "System Data",
                        "uid": "a0eebc99-afed-4ef8-bb6d-fedfedfedfed"
                    },
                    "email": "test@test.com",
                    "expiration-date": {
                        "iso-8601": "2222-12-31T00:00+0100",
                        "posix": 7983788400000
                    },

Tell me if you need more information.
Thanks, Alex

chkp-orso · Answer 3 · Mon May 18 2020 00:44:07 GMT+0800 (China Standard Time)

@alex-barth Thanks!
I've found the bug, it will be fixed in the next version