Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE]: ensure idrac_user user_password behaves the same as the ansible.builtin.user module #469

Open
RobVerduijn opened this issue Jan 30, 2023 · 3 comments
Labels
area/idrac idrac modules/roles type/feature-request New feature or request

Comments

@RobVerduijn
Copy link

RobVerduijn commented Jan 30, 2023

Describe the solution you'd like

Please make it so that when I use the module idrac_user with the option user_password it behaves the same as the ansible.builtin.user module with the options password and update_password.

I've been hitting issue idrac_user not idempotent #321
After reading it was closed with instructions not to use 'user_password' if you want an idempotent playbook.

But there is no way to check if the passwords of a particular user needs to be set if it is not the right one.
This makes it rather hard to write an idempotent script which sets passwords for users.

I think idrac_user module should behave as the ansible.builtin.user module

With the ansible.builtin.user module you manage the password setting behavior with the update_password option.

  • setting always will only set the password if it differs
  • setting on_create will only set the password

Describe alternatives you've considered
Using the new idrac_user_info module allows the listing all users and could be used to create a workaround to get the same result as the on_create.

I have not yet found a workaround to get the same results as the always option (only update if it differs)

Rob

@RobVerduijn RobVerduijn added needs-triage Issue requires triage. type/feature-request New feature or request labels Jan 30, 2023
@anupamaloke anupamaloke added the area/idrac idrac modules/roles label Jan 31, 2023
@anupamaloke anupamaloke removed the needs-triage Issue requires triage. label May 12, 2023
@sachin-apa
Copy link
Collaborator

@RobVerduijn Thanks for Feature, iDRAC user GET API is not returning the password field as part of the reposnse and hence we cannot check if the input password is same or not.
if we add update_password with options always and on_create i don't think it will help in the modify case.

Open for discussion and checking internally what can be done

@anupamaloke

@Armadill0
Copy link

Armadill0 commented Aug 29, 2024

@sachin-apa Couldn't you just check by simply trying to login with the user's credentials at the API? Afaik this is how other modules like mysql_user do it these days.
I guess there might be a limitation if the user is not allowed to login to idrac but to use other protocols. But at least it could be a start.

@RobVerduijn
Copy link
Author

@RobVerduijn Thanks for Feature, iDRAC user GET API is not returning the password field as part of the reposnse and hence we cannot check if the input password is same or not. if we add update_password with options always and on_create i don't think it will help in the modify case.

Open for discussion and checking internally what can be done

@anupamaloke

Maybe make always do what it says...always (ie intentionally not be idempotent) and make on_create the default option.
Or make it do what @Armadill0 suggest, make the module try to use the credentials by login in.
This wil however seriously impact performance of the module...idrac's are not know for their speedy logins

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/idrac idrac modules/roles type/feature-request New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants