ansible-modules-hashivault icon indicating copy to clipboard operation
ansible-modules-hashivault copied to clipboard
verified publisher icon TerryHowe

Overwriting an OIDC Role does not work

Open MaWiPPI opened this issue 5 years ago • 2 comments

Steps to reproduce:

  1. Enable OIDC as an Auth-Method
  2. Use "hashivault_oidc_auth_role" to set a config, for instance "allowed_redirect_uris"
  3. Try to change this value to a different value

Expected behavior: Vault now has the new Value in Store Actual behavior: Vault still uses the old configuration

This also results in multiple runs of the module always saying "changed=true".

I reproduced this on an Ubuntu 20.04 within WSL2, with a local Vault version 1.5.5 running Dev-Mode.

Workaround: Changing the state to "absent" and then to "present" fixes the problem

MaWiPPI avatar Nov 30 '20 17:11 MaWiPPI

So if changed is true, it must either hit: https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/ansible/modules/hashivault/hashivault_oidc_auth_role.py#L194 or https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/ansible/modules/hashivault/hashivault_oidc_auth_role.py#L198

and it should really be a matter of does this also do an update https://github.com/TerryHowe/ansible-modules-hashivault/blob/master/ansible/modules/hashivault/hashivault_oidc_auth_role.py#L203

TerryHowe avatar Dec 01 '20 15:12 TerryHowe

Encountering the same issue here. The workaround works though.

vraimonds avatar Feb 22 '22 07:02 vraimonds

Reopen if this is still an issue

TerryHowe avatar Mar 11 '23 13:03 TerryHowe