You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please make it so that when I use the module idrac_user with the option user_password it behaves the same as the ansible.builtin.user module with the options password and update_password.
I've been hitting issue idrac_user not idempotent #321
After reading it was closed with instructions not to use 'user_password' if you want an idempotent playbook.
But there is no way to check if the passwords of a particular user needs to be set if it is not the right one.
This makes it rather hard to write an idempotent script which sets passwords for users.
With the ansible.builtin.user module you manage the password setting behavior with the update_password option.
setting always will only set the password if it differs
setting on_create will only set the password
Describe alternatives you've considered
Using the new idrac_user_info module allows the listing all users and could be used to create a workaround to get the same result as the on_create.
I have not yet found a workaround to get the same results as the always option (only update if it differs)
Rob
The text was updated successfully, but these errors were encountered:
@RobVerduijn Thanks for Feature, iDRAC user GET API is not returning the password field as part of the reposnse and hence we cannot check if the input password is same or not.
if we add update_password with options always and on_create i don't think it will help in the modify case.
Open for discussion and checking internally what can be done
@sachin-apa Couldn't you just check by simply trying to login with the user's credentials at the API? Afaik this is how other modules like mysql_user do it these days.
I guess there might be a limitation if the user is not allowed to login to idrac but to use other protocols. But at least it could be a start.
@RobVerduijn Thanks for Feature, iDRAC user GET API is not returning the password field as part of the reposnse and hence we cannot check if the input password is same or not. if we add update_password with options always and on_create i don't think it will help in the modify case.
Open for discussion and checking internally what can be done
Maybe make always do what it says...always (ie intentionally not be idempotent) and make on_create the default option.
Or make it do what @Armadill0 suggest, make the module try to use the credentials by login in.
This wil however seriously impact performance of the module...idrac's are not know for their speedy logins
Describe the solution you'd like
Please make it so that when I use the module idrac_user with the option user_password it behaves the same as the ansible.builtin.user module with the options password and update_password.
I've been hitting issue idrac_user not idempotent #321
After reading it was closed with instructions not to use 'user_password' if you want an idempotent playbook.
But there is no way to check if the passwords of a particular user needs to be set if it is not the right one.
This makes it rather hard to write an idempotent script which sets passwords for users.
I think idrac_user module should behave as the ansible.builtin.user module
With the ansible.builtin.user module you manage the password setting behavior with the update_password option.
always
will only set the password if it differson_create
will only set the passwordDescribe alternatives you've considered
Using the new idrac_user_info module allows the listing all users and could be used to create a workaround to get the same result as the
on_create
.I have not yet found a workaround to get the same results as the
always
option (only update if it differs)Rob
The text was updated successfully, but these errors were encountered: