Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

na_sg_org_user_s3_key creates key for token user not that of unique_user_name #27

Open
fostermi opened this issue Aug 23, 2024 · 0 comments
Open

na_sg_org_user_s3_key creates key for token user not that of unique_user_name #27

fostermi opened this issue Aug 23, 2024 · 0 comments

Comments

@fostermi
Copy link

Thanks for this module! It's extremely helpful.

SUMMARY

When trying to create an API key for a specific user, as indicated by the unique_user_name parameter, the key is successfully created, but the key belongs to the user account that obtained the token in a previous step.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

na_sg_org_user_s3_key

ANSIBLE VERSION
ansible [core 2.15.12]
  config file = /Users/mifo4973/git/lasp/wi/ansible/ansible.cfg
  configured module search path = ['/Users/mifo4973/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/mifo4973/venvs/ansible-nios/lib/python3.9/site-packages/ansible
  ansible collection location = /Users/mifo4973/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/mifo4973/venvs/ansible-nios/bin/ansible
  python version = 3.9.6 (default, Feb  3 2024, 15:58:27) [Clang 15.0.0 (clang-1500.3.9.4)] (/Users/mifo4973/venvs/ansible-nios/bin/python3)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
Collection         Version
------------------ -------
netapp.storagegrid 21.11.1
CONFIGURATION
CONFIG_FILE() = /Users/m/git/ansible/ansible.cfg
HOST_KEY_CHECKING(/Users/m/git/ansible/ansible.cfg) = False
RETRY_FILES_ENABLED(/Users/git/ansible/ansible.cfg) = False
OS / ENVIRONMENT

MacOS Sonoma 14.6.1 (23G93)

STEPS TO REPRODUCE
- name: Get Grid Authorization token
  uri:
    url: "{{ SG_URL}}/api/v3/authorize"
    method: POST
    body: {
      "accountId": "{{ SG_ACCOUNT_ID }}",
      "username": "{{ SG_ACCOUNT_USERNAME }}",
      "password": "{{ SG_ACCOUNT_PASSWORD }}",
      "cookie": false,
      "csrfToken": false
    }
    body_format: json
    validate_certs: false
  register: auth

- debug: var=auth

- name: Create access keys for a user
  netapp.storagegrid.na_sg_org_user_s3_key:
    api_url: "{{ SG_URL }}"
    auth_token: "{{ auth.json.data }}"
    validate_certs: false
    state: present
    unique_user_name: "{{ sg_user }}"
  register: results

- debug: var=results
EXPECTED RESULTS

Given a username of ansible100 with id ee8e595c-6632-4411-9035-06de5f63c1c0 for example, I expect the s3 key to be created for the unique_user_name account id:

changed: [localhost] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "access_key": null,
            "api_url": "https://sg.example.com",
            "auth_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "expires": null,
            "state": "present",
            "unique_user_name": "user/ansible100",
            "validate_certs": false
        }
    },
    "msg": "",
    "resp": {
        "accessKey": "<snip>",
        "accountId": "********************",
        "displayName": "****************C9QP",
        "expires": null,
        "id": "SGKHtjiwMvYmV6UyuJU4ZFEV715hz_zlhnN6jBpA6Q==",
        "secretAccessKey": "<snip>",
        "userURN": "urn:sgws:identity::06000000000000000:user/ansbileuser100",
        "userUUID": "ee8e595c-6632-4411-9035-06de5f63c1c0"
    }
}
ACTUAL RESULTS

The access key is created under the account that obtained the token in the first task. Note the difference in the output of the UUID and userURN in the actual results.

I can independently confirm using the REST API and the UI that the access keys are created for the user obtaining the token, not the unique-user_name we are trying to create the access keys for.

changed: [localhost] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "access_key": null,
            "api_url": "https://sg.example.com",
            "auth_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "expires": null,
            "state": "present",
            "unique_user_name": "user/ansible100",
            "validate_certs": false
        }
    },
    "msg": "",
    "resp": {
        "accessKey": "<snip>",
        "accountId": "*****************",
        "displayName": "****************C9QP",
        "expires": null,
        "id": "SGKHtjiwMvYmV6UyuJU4ZFEV715hz_zlhnN6jBpA6Q==",
        "secretAccessKey": "<snip>",
        "userURN": "urn:sgws:identity::060000000000000000:user/webansible",
        "userUUID": "ff786de4-b7a3-4f81-af92-b63a7d295b29"
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fostermi