Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aci_aaa_user: Setting user password is not idempotent #35544

Closed
dagwieers opened this issue Jan 31, 2018 · 7 comments
Closed

aci_aaa_user: Setting user password is not idempotent #35544

dagwieers opened this issue Jan 31, 2018 · 7 comments
Labels
aci Cisco ACI community affects_2.5 This issue/PR affects Ansible v2.5 bug This issue/PR relates to a bug. cisco Cisco technologies module This issue/PR relates to a module. networking Network category support:certified This issue/PR relates to certified code. waiting_on_vendor This issue requires actions by the vendor. Please inquire the vendor's help for any progress.

Comments

@dagwieers
Copy link
Contributor

dagwieers commented Jan 31, 2018
edited
Loading

ISSUE TYPE
  • Bug Report
COMPONENT NAME

aci_aaa_user

ANSIBLE VERSION

v2.5

SUMMARY

Due to an inconsistency in the APIC REST API, a task that sets the password of a locally-authenticated user is not idempotent. The APIC will complain with message Password history check: user dag should not use previous 5 passwords.

  aaaUser:
    attributes:
      name: dag
      pwd: S0me!Pwd
{
    "aaaUser": {
        "attributes": {
            "name": "dag",
            "pwd": "S0me!Pwd"
        }
    }
}

This seems to be a bug in the APIC as according to APIC REST API documentation:

Standard REST methods are supported on the API, which includes POST, GET, and DELETE operations through HTTP. The POST and DELETE methods are idempotent, meaning that there is no additional effect if they are called more than once with the same input parameters. The GET method is nullipotent, meaning that it can be called zero or more times without making any changes (or that it is a read-only operation).

The APIC in this case should really be testing whether the provided password is identical to the existing password, before testing it against the password history.

The vendor is notified of this inconsistency.
@dagwieers dagwieers added the aci Cisco ACI community label Jan 31, 2018
@dagwieers dagwieers added this to the 2.5.0 milestone Jan 31, 2018
@ansibot
Copy link
Contributor

ansibot commented Jan 31, 2018

cc @brunocalogero @jmcgill298 @schunduri
click here for bot help

@ansibot ansibot added affects_2.5 This issue/PR affects Ansible v2.5 bug_report module This issue/PR relates to a module. networking Network category support:community This issue/PR relates to code supported by the Ansible community. labels Jan 31, 2018
@dagwieers dagwieers changed the title aci_aaa_user: Setting password is not idempotent aci_aaa_user: Setting user password is not idempotent Jan 31, 2018
@dagwieers dagwieers added the waiting_on_vendor This issue requires actions by the vendor. Please inquire the vendor's help for any progress. label Jan 31, 2018
@ansibot
Copy link
Contributor

ansibot commented Feb 8, 2018

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@dagwieers dagwieers modified the milestones: 2.5.0, 2.6.0 Feb 21, 2018
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 1, 2018
@ansible ansible deleted a comment from ansibot Mar 23, 2018
@ansibot ansibot added support:core This issue/PR relates to code supported by the Ansible Engineering Team. and removed support:community This issue/PR relates to code supported by the Ansible community. labels Sep 15, 2018
@ansibot ansibot added support:community This issue/PR relates to code supported by the Ansible community. support:certified This issue/PR relates to certified code. and removed support:core This issue/PR relates to code supported by the Ansible Engineering Team. support:community This issue/PR relates to code supported by the Ansible community. labels Oct 9, 2018
@dagwieers dagwieers added the cisco Cisco technologies label Feb 22, 2019
@ansibot
Copy link
Contributor

ansibot commented Mar 2, 2019

cc @mtorelli @rsmeyers @smnmtzgr
click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Mar 10, 2019

cc @koladiya
click here for bot help

@ansibot
Copy link
Contributor

ansibot commented May 29, 2019

cc @devarshishah3 @fadallar
click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Feb 16, 2020

cc @aciguru
click here for bot help

@aciguru
Copy link
Contributor

aciguru commented Apr 14, 2020

Issue moved to

CiscoDevNet/ansible-aci#26

@aciguru aciguru mentioned this issue Apr 14, 2020
Closed
@ansible ansible locked and limited conversation to collaborators May 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
aci Cisco ACI community affects_2.5 This issue/PR affects Ansible v2.5 bug This issue/PR relates to a bug. cisco Cisco technologies module This issue/PR relates to a module. networking Network category support:certified This issue/PR relates to certified code. waiting_on_vendor This issue requires actions by the vendor. Please inquire the vendor's help for any progress.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dagwieers @ansibot @aciguru