cp_mgmt_administrator: expiration_date not updating
alex-barth opened this issue · comments
When expiration_date is the only changed value, ansible returns with "ok".
It should detect the change, replace the value and report "changed".
Hi @alex-barth
Can you please send the playbook, and the output of running this playbook
Also which version of the collection do you have?
Thanks, Or
Hi @chkp-orso
I am using ansible 2.9.7 with python 3.7.5. I used the collection included with that ansible release.
I also downloaded the version 1.0.5 just now and got the same result.
my test_admin.yml
:
---
- name: "Administrator {{ checkpoint_administrator_name }} present"
hosts: cp_mgt
connection: httpapi
collections:
- check_point.mgmt
vars:
checkpoint_administrator_name: test_admin
tasks:
- name: "Add administrator {{ checkpoint_administrator_name }} to {{ inventory_hostname }}"
cp_mgmt_administrator:
name: "{{ checkpoint_administrator_name }}"
color: blue
authentication_method: os password
# expiration date is not working as intended, wont update if its the only value that changed
expiration_date: "2300-12-31"
password: secret
multi_domain_profile: Multi-Domain Super User
state: present
auto_publish_session: true
and the ouput from ansible-playbook test_admin.yml -vvv
:
ansible-playbook 2.9.7
config file = /root/ansible_tests/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.7/dist-packages/ansible-2.9.7-py3.7.egg/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.7.5 (default, Oct 27 2019, 15:43:29) [GCC 9.2.1 20191022]
Using /root/ansible_tests/ansible.cfg as config file
host_list declined parsing /root/ansible_tests/inv.yml as it did not pass its verify_file() method
script declined parsing /root/ansible_tests/inv.yml as it did not pass its verify_file() method
Parsed /root/ansible_tests/inv.yml inventory source with yaml plugin
PLAYBOOK: test_admin.yml ******************************************************************************************
1 plays in test_admin.yml
PLAY [Administrator test_admin present] ***************************************************************************
META: ran handlers
TASK [Add administrator test_admin to cp_mgt] *********************************************************************
task path: /root/ansible_tests/test_admin.yml:11
<10.88.255.20> ESTABLISH LOCAL CONNECTION FOR USER: root
<10.88.255.20> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-379455wsv5k07g `"&& mkdir /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978 && echo ansible-tmp-1589292271.03841-379473-200539730347978="` echo /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978 `" ) && sleep 0'
<cp_mgt> Attempting python interpreter discovery
<10.88.255.20> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<10.88.255.20> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
<cp_mgt> Python interpreter discovery fallback (unsupported Linux distribution: debian)
Using module file /root/.ansible/collections/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py
<10.88.255.20> PUT /root/.ansible/tmp/ansible-local-379455wsv5k07g/tmplpvcu6vh TO /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/AnsiballZ_cp_mgmt_administrator.py
<10.88.255.20> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/ /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/AnsiballZ_cp_mgmt_administrator.py && sleep 0'
<10.88.255.20> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/AnsiballZ_cp_mgmt_administrator.py && sleep 0'
<10.88.255.20> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-379455wsv5k07g/ansible-tmp-1589292271.03841-379473-200539730347978/ > /dev/null 2>&1 && sleep 0'
[WARNING]: Module did not set no_log for password_hash
[WARNING]: Module did not set no_log for password
[WARNING]: Module did not set no_log for must_change_password
ok: [cp_mgt] => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"checkpoint_session_uid": "d896ee91-85bb-46c6-b7ff-a6eaee9cd5b8",
"invocation": {
"module_args": {
"authentication_method": "os password",
"auto_publish_session": true,
"color": "blue",
"comments": null,
"details_level": null,
"email": null,
"expiration_date": "2300-12-31",
"ignore_errors": null,
"ignore_warnings": null,
"multi_domain_profile": "Multi-Domain Super User",
"must_change_password": null,
"name": "test_admin",
"password": "secret",
"password_hash": null,
"permissions_profile": null,
"phone_number": null,
"radius_server": null,
"state": "present",
"tacacs_server": null,
"tags": null,
"version": null,
"wait_for_task": true
}
}
}
META: ran handlers
META: ran handlers
PLAY RECAP ********************************************************************************************************
cp_mgt : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
which returns ok=1
, but the user still has the expiration date 2222-12-31 instead of 2300-12-31.
This is also seen in SmartConsole and the ouput from running cp_mgmt_administrator_facts afterwards:
{
"authentication-method": "os password",
"color": "blue",
"comments": "",
"domain": {
"domain-type": "mds",
"name": "System Data",
"uid": "a0eebc99-afed-4ef8-bb6d-fedfedfedfed"
},
"email": "test@test.com",
"expiration-date": {
"iso-8601": "2222-12-31T00:00+0100",
"posix": 7983788400000
},
Tell me if you need more information.
Thanks, Alex
@alex-barth Thanks!
I've found the bug, it will be fixed in the next version