-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch username/password during playbook execution #1386
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1386 +/- ##
==========================================
+ Coverage 76.29% 78.07% +1.77%
==========================================
Files 45 45
Lines 5619 5641 +22
Branches 1423 1427 +4
==========================================
+ Hits 4287 4404 +117
+ Misses 836 769 -67
+ Partials 496 468 -28 ☔ View full report in Codecov by Sentry. |
@BGmot Unfortunately, it seems to fail for my use-case. In my zabbix provisioning setup I have a set of tasks like the following: - name: Determine if admin password already set
block:
# Make a request to test if new creds in place
- name: A request with our desired admin creds
vars: &zabbix_api_args
ansible_user: "{{ zabbix_admin_user }}"
ansible_httpapi_pass: "{{ zabbix_admin_pass }}"
community.zabbix.zabbix_user_info:
username: "{{ zabbix_admin_user }}"
register: new_creds_req
failed_when: false
- name: set is_admin_pass_set
set_fact:
is_admin_pass_set: "{{ new_creds_req.exception is not defined }}"
# This shows that I'm passing in the default admin password as I expect
- debug:
msg: "{{ zabbix_admin_pass if is_admin_pass_set else zabbix_default_admin_pass }}"
- name: Configure E-mail
vars: *zabbix_api_args
block:
# This task still uses the updated password even when I expect it to use the default admin pass
- name: "Create an email mediatype with SMTP authentication"
vars:
ansible_httpapi_pass: "{{ zabbix_admin_pass if is_admin_pass_set else zabbix_default_admin_pass }}"
The e-mail template task fails with: ...
"msg": "connection error occurred: REST API returned {'code': -32500, 'message': 'Application error.',
'data': 'Incorrect user name or password or account is temporarily blocked.'}
when sending {\"jsonrpc\": \"2.0\", \"method\": \"user.login\",
\"id\": \"2d14071e-16f0-4587-a976-d9974645f65b\",
\"params\": {\"username\": \"Admin\", \"password\": \"TheNewPassword\"}}"
} It seems its still using the cached new password from the login check Looking deeper into this. Maybe instead of caching the password yourself in the httpapi, you could always get the latest versions from the connection objects options: self.login(self.connection.get_option('remote_user'), self.connection.get_option('password')) Making the above change to your code seems to make it work for my use-case |
plugins/httpapi/zabbix.py
Outdated
# Provide "fake" auth so netcommon.connection does not replace our headers | ||
self.connection._auth = {'auth': 'fake'} | ||
# Need to login with new username/password | ||
self.login(self.username, self.password) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe instead of caching the password yourself in the httpapi, you could always get the latest versions from the connection objects options:
self.login(self.connection.get_option('remote_user'), self.connection.get_option('password'))
Making the above change to your code seems to make it work for my use-case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't mind. Let me test and make the change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pushed the change, please test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested, this works for my use-case!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for testing, merging.
SUMMARY
Fixes #1209
ISSUE TYPE
COMPONENT NAME
httpapi connection plugin
ADDITIONAL INFORMATION
Here is how you can disable default Admin account and add new admin user