Aggregate parameter being ignored when using purge on nxos_user

[jdetwiler16]

SUMMARY

When attempting to perform non-standard user cleanup activity using the purge: true setting on the nxos_user module, it ignores the user list defined under aggregate and removes all usernames except for admin, which also ends up removing SNMP users as well. This seems to be specific to the 9.3.0 release. If I revert to 9.2.1, it works as expected. I see in the release notes for 9.3.0 that a bug fix for "nxos_user purge deleting non-local users,ensuring only local users are removed" was added, which may be contributing to this

ISSUE TYPE

• Bug Report

COMPONENT NAME

cisco.nxos.nxos_user

ANSIBLE VERSION

ansible==9.12.0
ansible-core==2.16.13
pip==24.3.1
python version = 3.9.18 (main, May 16 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)

COLLECTION VERSION

cisco.nxos                               9.3.0

CONFIGURATION

CONFIG_FILE() = /etc/ansible/ansible.cfg

OS / ENVIRONMENT

NXOS: version 9.3(13)
NXOS: version 10.2(5) [Maintenance Release]

STEPS TO REPRODUCE

Use the nxos_user module with the purge and aggregate parameters

    - name: Remove non-standard usernames on non-datacenter NX-OS devices
      cisco.nxos.nxos_user:
        aggregate:
          - name: testadmin
        purge: true
      when: "dc1" not in inventory_hostname

EXPECTED RESULTS

Remove all non-admin users, except testadmin

Switch(config)# sh run | in username
username admin password 5 XXXX role network-admin
username testadmin password 5 XXXX role network-admin
username testadmin passphrase lifetime 99999 warntime 14 gracetime 3
Switch(config)#

ACTUAL RESULTS

All users, including those specified in aggregate, were removed. This operates normally in the ios_user module and in nxos_user module version 9.2.1

Switch# sh run | in username
username admin password 5 XXXXXX role network-admin
Switch#

TASK [Remove non-standard usernames on non-datacenter NX-OS devices] ***********
task path: /home/service/_work/9/s/ansible/import_tasks/set_local_usernames-task.yml:116
changed: [Switch] => changed=true 
  commands:
  - no username testadmin
  invocation:
    module_args:
      aggregate:
      - configured_password: null
        hashed_password: null
        name: testadmin
        roles: null
        sshkey: null
        state: present
        update_password: null
      configured_password: null
      hashed_password: null
      name: null
      purge: true
      roles: null
      sshkey: null
      state: present
      update_password: always
Loading collection ansible.netcommon from /home/service/.ansible/collections/ansible_collections/ansible/netcommon
Loading collection ansible.utils from /home/service/.ansible/collections/ansible_collections/ansible/utils
<10..x.x.x> Using network group action cisco.nxos.nxos for cisco.nxos.nxos_config
<10.x.x.x> attempting to start connection
<10.x.x.x> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /home/service/_work/9/s/ansible/1739300529/bin/ansible-connection
<10.x.x.x> found existing local domain socket, using it!
<10.x.x.x> updating play_context for connection
<10.x.x.x> Loading collection ansible.builtin from 
<10.x.x.x> local domain socket path is /home/service/.ansible/pc/5d98285880
<10.x.x.x> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<10.x.x.x> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.nxos.nxos_config  at /home/service/.ansible/collections/ansible_collections/cisco/nxos/plugins/modules/nxos_config.py
<10.x.x.x> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.nxos.nxos_config
<10.x.x.x> ANSIBLE_NETWORK_IMPORT_MODULES: complete