unable to change admin user password with cp_gaia_user module #64
Description
It's not possible to change admin user password with cp_gaia_user module, it works for other users
The playbook fails with the error:
"msg": "Checkpoint device returned error 400 with message {'code': 'err_validation_failed', 'errors': 'Cannot change this attribute of user admin', 'msg': 'Validation Error'}"
The playbook:
- name: gaia_test
hosts: cmgtl
gather_facts: false
connection: httpapi
tasks:
- name: set test user password
check_point.gaia.cp_gaia_user:
name: test
password: Test123456
- name: set admin password
check_point.gaia.cp_gaia_user:
name: admin
password: Test123456
Logs for test user from /var/log/gaia_api_server.log:
13/10/25 16:45:35: MainThread: server_util.udsListener: INFO: remote_addr IP = 1 72.29.8.37
13/10/25 16:45:35: MainThread: infra.urlGeneratorIS: INFO: Handle request: <clas s 'requests.users.ShowUser_V18'>
13/10/25 16:45:35: MainThread: infra.urlGeneratorIS: INFO: Execute validators
13/10/25 16:45:35: MainThread: infra.urlGeneratorIS: INFO: Verify permissions
13/10/25 16:45:35: MainThread: infra.pipeline: INFO: Handling output
13/10/25 16:45:36: MainThread: objects.users: INFO: Collecting users data from t he system
13/10/25 16:45:36: MainThread: objects.users: INFO: Processing users data from t he system
13/10/25 16:45:36: MainThread: objects.users: INFO: Information collected and pr ocessed successfully
13/10/25 16:45:37: MainThread: objects.users: INFO: Collecting users data from t he system
13/10/25 16:45:37: MainThread: objects.users: INFO: Processing users data from t he system
13/10/25 16:45:37: MainThread: objects.users: INFO: Information collected and pr ocessed successfully
13/10/25 16:45:37: MainThread: server_util.udsListener: INFO: Request for endpoi nt /show-user [method: POST], for source 172.29.8.37, SUCCEEDED [duration 1760ms ]
Logs for admin user:
13/10/25 16:45:37: MainThread: server_util.udsListener: INFO: remote_addr IP = 1 72.29.8.37
13/10/25 16:45:37: MainThread: infra.urlGeneratorIS: INFO: Handle request: <clas s 'requests.users.SetUserV18'>
13/10/25 16:45:37: MainThread: infra.urlGeneratorIS: INFO: Execute validators
13/10/25 16:45:37: MainThread: infra.urlGeneratorIS: INFO: Verify permissions
13/10/25 16:45:37: MainThread: infra.pipeline: INFO: Execute commit function for class <class 'requests.users.SetUserV18'>
13/10/25 16:45:37: MainThread: requests.users: ERROR: Cannot change this attribu te of user admin
13/10/25 16:45:37: MainThread: infra.pipeline: ERROR: Failed to handle request, reason: 'Cannot change this attribute of user admin'
13/10/25 16:45:37: MainThread: infra.pipeline: ERROR: Cannot change this attribu te of user admin
Traceback (most recent call last):
File "/rest_api/ckp/infra/urlGeneratorIS.py", line 67, in actor
res = execute(inst, requestData)
File "/rest_api/ckp/infra/pipeline.py", line 214, in execute
res = doCommit(inst, inst.CommitHandler, requestData)
File "/rest_api/ckp/infra/pipeline.py", line 175, in doCommit
res, buf = method(requestData)
File "/rest_api/ckp/requests/users.py", line 829, in commit
SetUser.commit(self, data)
File "/rest_api/ckp/requests/users.py", line 672, in commit
raise ValidationException("Cannot change this attribute of user admin")
genericException.ValidationException: Cannot change this attribute of user admin
It's possible to change the password with api request:
PS C:\Program Files (x86)\CheckPoint\SmartConsole\R81.20\PROGRAM> .\mgmt_cli.exe -m 172.27.129.198 set user name 'admin' password 'Test123456' --context gaia_api
Username: admin
Password:
PS C:\Program Files (x86)\CheckPoint\SmartConsole\R81.20\PROGRAM>