mc icon indicating copy to clipboard operation
mc copied to clipboard

Published 20 hours ago verified publisher icon minio

`mc admin policy attach` should be idempotent

Open binaryfire opened this issue 11 months ago • 3 comments

Currently, running mc admin policy attach fails with exit code 1 if the user already the policy attached:

Command: mc admin policy attach myminio readwrite --user someuser

Error:

mc: <ERROR> Unable to make user/group policy association. The specified policy change is already in effect. (Specified policy update has no net effect).

This is problematic when using automation tools like Ansible that rely on idempotency. Is there are a reason why a "no update required" response is being treated like an error? Most cli tools return an exit code of 0 when no changes are required to the current state. I think that would be a better choice for this case too:

mc: The specified policy change is already in effect. (Specified policy update has no net effect).

binaryfire avatar Feb 28 '24 08:02 binaryfire

We need to discuss this internally.

bh4t avatar Mar 08 '24 17:03 bh4t

I also would be glad to to have idempotent behavior available. It doesnt have to be the default behavior if that's problematic for compatibility reasons or the like, it could be a switch like in mc mb --ignore-existing

keppla avatar Mar 11 '24 20:03 keppla

Are there any updates on this point? I would also need the option or fix for mc admin policy attach.

sworrs avatar Aug 08 '24 15:08 sworrs