diff --git a/lib/ansible/modules/network/nxos/nxos_user.py b/lib/ansible/modules/network/nxos/nxos_user.py index 3fc4118d27..0ac4ddb3e6 100644 --- a/lib/ansible/modules/network/nxos/nxos_user.py +++ b/lib/ansible/modules/network/nxos/nxos_user.py @@ -174,12 +174,30 @@ def map_obj_to_commands(updates, module): def remove(x): return commands.append('no username %s %s' % (want['name'], x)) + def configure_roles(): + if want['roles']: + if have: + for item in set(have['roles']).difference(want['roles']): + remove('role %s' % item) + + for item in set(want['roles']).difference(have['roles']): + add('role %s' % item) + else: + for item in want['roles']: + add('role %s' % item) + + return True + return False + if want['state'] == 'absent': commands.append('no username %s' % want['name']) continue + roles_configured = False if want['state'] == 'present' and not have: - commands.append('username %s' % want['name']) + roles_configured = configure_roles() + if not roles_configured: + commands.append('username %s' % want['name']) if needs_update('configured_password'): if update_password == 'always' or not have: @@ -188,16 +206,8 @@ def map_obj_to_commands(updates, module): if needs_update('sshkey'): add('sshkey %s' % want['sshkey']) - if want['roles']: - if have: - for item in set(have['roles']).difference(want['roles']): - remove('role %s' % item) - - for item in set(want['roles']).difference(have['roles']): - add('role %s' % item) - else: - for item in want['roles']: - add('role %s' % item) + if not roles_configured: + configure_roles() return commands diff --git a/test/integration/targets/nxos_user/tests/common/basic.yaml b/test/integration/targets/nxos_user/tests/common/basic.yaml index cde25f8bf0..50d1d2986b 100644 --- a/test/integration/targets/nxos_user/tests/common/basic.yaml +++ b/test/integration/targets/nxos_user/tests/common/basic.yaml @@ -21,11 +21,13 @@ state: present register: result +- debug: msg="{{result}}" + - assert: that: - 'result.changed == true' - '"username" in result.commands[0]' - - '"role network-operator" in result.commands[1]' + - '"role network-operator" in result.commands[0]' - name: Collection of users nxos_user: diff --git a/test/integration/targets/nxos_user/tests/common/net_user.yaml b/test/integration/targets/nxos_user/tests/common/net_user.yaml index c9151beffb..8c8a82c1d4 100644 --- a/test/integration/targets/nxos_user/tests/common/net_user.yaml +++ b/test/integration/targets/nxos_user/tests/common/net_user.yaml @@ -25,7 +25,7 @@ that: - 'result.changed == true' - '"username" in result.commands[0]' - - '"role network-operator" in result.commands[1]' + - '"role network-operator" in result.commands[0]' - name: teardown net_user: