Skip to content

azure_rm_adgroup Present members is not idempotent and does not follow ansible best practices #1519

New issue
New issue
Closed
Closed
azure_rm_adgroup Present members is not idempotent and does not follow ansible best practices#1519
Labels
medium_priorityMedium priorityquestionFurther information is requestedwork inIn trying to solve, or in working with contributors
@hematic

Description

@hematic
hematic
opened on Mar 28, 2024
SUMMARY

azure_rm_adgroup allows you to add a list of members, potentially hundreds at a time by object id. However if any one of those hundreds of members is already present on the group the entire task fails and doesnt add the other users. This is not following the idempotent strategy that ansible playbooks normally follow.

This forces you to instead create a complex looping/failing/rescue structure to eliminate out any users that already exist on the group. This increases the actual run time of this process by hundreds of times potentially and makes the task mostly useless.

In its current state its better to use native PowerShell than this module.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

azure_rm_adgroup

ANSIBLE VERSION
Not relevant to this issue
COLLECTION VERSION
ansible-galaxy collection list azure.azcollection
CONFIGURATION
This is not relevant to this issue.
OS / ENVIRONMENT

Using collection version 2.2.0 (latest)

STEPS TO REPRODUCE
- name: Create EntraAD Group
  hosts: localhost
  connection: local
  gather_facts: false

  vars: # We redeclare the variables here for simpler reference later in the code.
    user_object_ids: "{{ survey_user_object_ids.split(',') }}"
    owner_object_ids: "{{ survey_owner_object_ids.split(',') }}"
    group_display_name: "{{ survey_group_display_name }}"
    group_mail_nickname: "{{ survey_group_mail_nickname }}"

  tasks:

    - name: Create EntraID Group
      azure.azcollection.azure_rm_adgroup:
        tenant: "{{ azure_tenant_id }}"
        display_name: "{{ group_display_name }}"
        mail_nickname: "{{ group_mail_nickname }}"
        state: 'present'

    - name: Add members to EntraID Group
      azure.azcollection.azure_rm_adgroup:
        tenant: "{{ azure_tenant_id }}"
        display_name: "{{ group_display_name }}"
        mail_nickname: "{{ group_mail_nickname }}"
        state: 'present'
        present_members: "{{ user_object_ids }}"
      when: user_object_ids is defined and user_object_ids | length > 0

    - name: Add owners to EntraID Group
      azure.azcollection.azure_rm_adgroup:
        tenant: "{{ azure_tenant_id }}"
        display_name: "{{ group_display_name }}"
        mail_nickname: "{{ group_mail_nickname }}"
        state: 'present'
        present_owners: "{{ owner_object_ids }}"
      when: owner_object_ids is defined and owner_object_ids | length > 0
EXPECTED RESULTS

It is expected that if you pass a userlist of users that SHOULD be present on a group, if one of those is ALREADY present, this should not fail the task.

ACTUAL RESULTS

"One or more added object references already exist for the following modified properties: 'members'

{
  "module_stdout": "",
  "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 302, in exec_module\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 324, in update_members\n  File \"/usr/lib64/python3.9/asyncio/base_events.py\", line 647, in run_until_complete\n    return future.result()\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 472, in add_group_member\n  File \"/usr/local/lib/python3.9/site-packages/msgraph/generated/groups/item/members/ref/ref_request_builder.py\", line 73, in post\n    return await self.request_adapter.send_no_response_content_async(request_info, error_mapping)\n  File \"/usr/local/lib/python3.9/site-packages/kiota_http/httpx_request_adapter.py\", line 377, in send_no_response_content_async\n    await self.throw_failed_responses(response, error_map, parent_span, parent_span)\n  File \"/usr/local/lib/python3.9/site-packages/kiota_http/httpx_request_adapter.py\", line 503, in throw_failed_responses\n    raise exc\nmsgraph.generated.models.o_data_errors.o_data_error.ODataError: \n        APIError\n        Code: 400\n        message: None\n        error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={'date': DateTime(2024, 3, 28, 13, 23, 43, tzinfo=Timezone('UTC'))}, client_request_id='236e30f3-3c69-4fc4-b945-d81bc0d20320', date=None, odata_type=None, request_id='99194263-b32e-489b-8a05-49ea3cba1d71'), message=\"One or more added object references already exist for the following modified properties: 'members'.\", target=None)\n        \n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"<stdin>\", line 107, in <module>\n  File \"<stdin>\", line 99, in _ansiballz_main\n  File \"<stdin>\", line 47, in invoke_module\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 501, in <module>\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 497, in main\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 249, in __init__\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py\", line 469, in __init__\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 307, in exec_module\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py\", line 502, in fail\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py\", line 1553, in fail_json\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py\", line 1522, in _return_formatted\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py\", line 927, in remove_values\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py\", line 470, in _remove_values_conditions\nTypeError: Value of unknown type: <class 'msgraph.generated.models.o_data_errors.o_data_error.ODataError'>, \n        APIError\n        Code: 400\n        message: None\n        error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={'date': DateTime(2024, 3, 28, 13, 23, 43, tzinfo=Timezone('UTC'))}, client_request_id='236e30f3-3c69-4fc4-b945-d81bc0d20320', date=None, odata_type=None, request_id='99194263-b32e-489b-8a05-49ea3cba1d71'), message=\"One or more added object references already exist for the following modified properties: 'members'.\", target=None)\n        \n",
  "exception": "Traceback (most recent call last):\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 302, in exec_module\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 324, in update_members\n  File \"/usr/lib64/python3.9/asyncio/base_events.py\", line 647, in run_until_complete\n    return future.result()\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 472, in add_group_member\n  File \"/usr/local/lib/python3.9/site-packages/msgraph/generated/groups/item/members/ref/ref_request_builder.py\", line 73, in post\n    return await self.request_adapter.send_no_response_content_async(request_info, error_mapping)\n  File \"/usr/local/lib/python3.9/site-packages/kiota_http/httpx_request_adapter.py\", line 377, in send_no_response_content_async\n    await self.throw_failed_responses(response, error_map, parent_span, parent_span)\n  File \"/usr/local/lib/python3.9/site-packages/kiota_http/httpx_request_adapter.py\", line 503, in throw_failed_responses\n    raise exc\nmsgraph.generated.models.o_data_errors.o_data_error.ODataError: \n        APIError\n        Code: 400\n        message: None\n        error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={'date': DateTime(2024, 3, 28, 13, 23, 43, tzinfo=Timezone('UTC'))}, client_request_id='236e30f3-3c69-4fc4-b945-d81bc0d20320', date=None, odata_type=None, request_id='99194263-b32e-489b-8a05-49ea3cba1d71'), message=\"One or more added object references already exist for the following modified properties: 'members'.\", target=None)\n        \n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"<stdin>\", line 107, in <module>\n  File \"<stdin>\", line 99, in _ansiballz_main\n  File \"<stdin>\", line 47, in invoke_module\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 501, in <module>\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 497, in main\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 249, in __init__\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py\", line 469, in __init__\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 307, in exec_module\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py\", line 502, in fail\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py\", line 1553, in fail_json\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py\", line 1522, in _return_formatted\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py\", line 927, in remove_values\n  File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_kw500gh4/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py\", line 470, in _remove_values_conditions\nTypeError: Value of unknown type: <class 'msgraph.generated.models.o_data_errors.o_data_error.ODataError'>, \n        APIError\n        Code: 400\n        message: None\n        error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={'date': DateTime(2024, 3, 28, 13, 23, 43, tzinfo=Timezone('UTC'))}, client_request_id='236e30f3-3c69-4fc4-b945-d81bc0d20320', date=None, odata_type=None, request_id='99194263-b32e-489b-8a05-49ea3cba1d71'), message=\"One or more added object references already exist for the following modified properties: 'members'.\", target=None)\n        \n",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
  "rc": 1,
  "_ansible_no_log": false,
  "changed": false
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    medium_priorityMedium priorityquestionFurther information is requestedwork inIn trying to solve, or in working with contributors

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions