bigip_snmp_community does not allow v3 usernames that begin with a number

[bbusner]

COMPONENT NAME

bigip_snmp_community

Environment

ANSIBLE VERSION

ansible [core 2.14.9]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/xxxxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/xxxxx/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.18 (main, Jan  4 2024, 00:00:00) [GCC 11.4.1 20230605 (Red Hat 11.4.1-2)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

BIGIP VERSION

Sys::Version
Main Package
  Product     BIG-IP
  Version     17.1.0.1
  Build       0.0.4
  Edition     Point Release 1
  Date        Fri Apr  7 07:24:51 PDT 2023

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

bigip_snmp_community does not work with usernames that begin with a number.

STEPS TO REPRODUCE

- name: Set SNMPv3 Settings
  bigip_snmp_community:
    provider: "{{ provider }}"
    name: zabbix
    version: v3
    snmp_username: 123456
    snmp_auth_protocol: sha
    snmp_auth_password: authpa$$                     
    snmp_privacy_protocol: aes
    snmp_privacy_password: privpa$$
    oid: .1

EXPECTED RESULTS

I expected that the module would decouple the object name from the snmpv3 username allowing me to enter a valid object name (beginning with a letter). This module sets the object name to the username you define, so this becomes invalid when your username begins with a number.

When creating a v3 user via TMSH, you explicitly define the object name separately from the username, ex:

modify /sys snmp users add { zabbix { auth-protocol sha auth-password authpa$$ privacy-protocol aes privacy-password privpa$$ security-level auth-privacy username 123456 oid-subset .1 } }.

When creating a v3 user via ConfigUtil, the object name created is based on the username but it is prefixed with an 'i' and appended with a '_1', so the tmsh output looks like this:

    users {
        i123456_1 {
            auth-password $M$7hzoavbeLDN4drSXVGHTEA==
            auth-password-encrypted "DQ1T284Q=BmKFj2P=4Q1\?@_]Op[Exl9nr`;PQYIHCaZ`Q0"
            auth-protocol sha
            oid-subset 0.1
            privacy-password $M$MXBM1H3rjS23I8232Ox3GQ2w==
            privacy-password-encrypted `9JRDDIse#l2357mcLKi3@398007H`P:]R@4P`Ugd8\?V>
            privacy-protocol aes
            username 123456

The same challenge would normally exist for the bigip_snmp_trap module since SNMP trap servers are IP addresses, but that module allows you to define a name parameter separately from the destination parameter.

ACTUAL RESULTS

FAILED! => {"changed": false, "msg": "01070088:3: The requested object name (/Common/123456) is invalid."}

[pgouband]

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1648.