Add existing local User to existing User Group

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Add existing local User to existing User Group

L0 Member

Hi all - I've been stuck trying to figure out a way to fix an issue I'm having while running this task in Ansible:

- name: Add existing local User to existing User Group
  paloaltonetworks.panos.panos_type_cmd:
    provider: "{{ provider }}"
    cmd: set
    xpath: |
      /config/devices/entry[@name='localhost.localdomain']
      /vsys/entry[@name='vsys2']/local-user-database
      /user-group/entry[@name='TestGroup']/user
    element: "<user>test_user</user>"

I'm trying to add an existing user to an existing group locally in the firewall and I keep getting this error:

 

"msg": "set failed, may need to override template object first"

 

It's weird because there aren't templates interfering with this configuration item.


And, to make it weirder, I can do it through the cli running: set vsys vsys4 local-user-database user-group TestGroup user test_user


Any clues or ideas? TIA

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @estebanad, I think you need <member> in your element, not <user>

element: "<member>test_user</member>"

In my non-VSYS test PA-Series (so hence a slightly different xpath), this worked:

    - name: Add existing Local User to existing User Group
      paloaltonetworks.panos.panos_type_cmd:
        provider: "{{ device }}"
        cmd: set
        xpath: "/config/shared/local-user-database/user-group/entry[@name='TestGroup']/user"
        element: "<member>test_user</member>"

 

Hope that helps

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

View solution in original post

2 REPLIES 2

L5 Sessionator

Hi @estebanad, I think you need <member> in your element, not <user>

element: "<member>test_user</member>"

In my non-VSYS test PA-Series (so hence a slightly different xpath), this worked:

    - name: Add existing Local User to existing User Group
      paloaltonetworks.panos.panos_type_cmd:
        provider: "{{ device }}"
        cmd: set
        xpath: "/config/shared/local-user-database/user-group/entry[@name='TestGroup']/user"
        element: "<member>test_user</member>"

 

Hope that helps

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

Hi @JimmyHolland , Yes!!! You are correct. I just tried `member` and it worked. I tried so many things, I'm not sure how I missed this one. Thanks a lot!

  • 1 accepted solution
  • 1791 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!