controller_configuration icon indicating copy to clipboard operation
controller_configuration copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

Object diff for roles fails on approval role

Open mariannedejong opened this issue 1 year ago • 2 comments

Summary

This is a copy of a previous issue, https://github.com/redhat-cop/controller_configuration/issues/656, which was closed but not solved yet.

I want to assign the approval role for an organization to teams using controller_configuration.roles. If a team does not have the approval role yet, the object diff and roles role are working fine. However, if a team has the approval role, the object diff fails, probabaly because of a discepancy in naming ( the module accepts only approval, -> the role is named approve on the controller, see output below)

Issue Type

  • Bug Report

Ansible, Collection, Controller details

ansible.controller version 4.4.0 ansible-core~=2.13.7

Desired Behavior

The object diff should not fail when the approval role is assigned to a team.

Actual Behavior

Task used:

  - name: include the diff roles
     ansible.builtin.include_role:
       name: infra.controller_configuration.object_diff
     vars:
       controller_configuration_object_diff_tasks:
         - {name: roles, var: controller_roles, tags: roles
    
   - name: include the configuration roles
     ansible.builtin.include_role:
       name: infra.controller_configuration.dispatch
     vars:
       controller_configuration_dispatcher_roles:
         - {role: roles, var: controller_roles, tags: roles}

Variables:

controller_roles:
  - team: dummy-operator
    organizations: 
       - "Dummy"
    role: approval
  • error

Error when the object diff is running and the approval role is present for the dummy-operator team:

{
  "started": 1,
  "finished": 1,
  "stdout": "",
  "stderr": "",
  "stdout_lines": [],
  "stderr_lines": [],
  "ansible_job_id": "j11866624418.232",
  "results_file": "/tmp/.ansible_async/j11866624418.232",
  "msg": "value of role must be one of: admin, read, member, execute, adhoc, update, use, approval, auditor, project_admin, inventory_admin, credential_admin, workflow_admin, notification_admin, job_template_admin, execution_environment_admin, got: approve",
  "invocation": {
    "module_args": {
      "team": "dummy-operator",
      "role": "approve",
      "organization": "Dummy",
      "state": "present",
      "controller_username": "admin",
      "controller_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
      "controller_oauthtoken": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
      "controller_host": "<controller_host>",
      "validate_certs": false,
      "controller_config_file": null,
      "user": null,
      "target_team": null,
      "target_teams": null,
      "inventory": null,
      "inventories": null,
      "job_template": null,
      "job_templates": null,
      "workflow": null,
      "workflows": null,
      "credential": null,
      "credentials": null,
      "organizations": null,
      "lookup_organization": null,
      "project": null,
      "projects": null,
      "instance_groups": null
    }
  },
  "_ansible_no_log": false,
  "attempts": 1,
  "changed": false,
  "__controller_role_job_async_results_item": {
    "failed": 0,
    "started": 1,
    "finished": 0,
    "ansible_job_id": "j11866624418.232",
    "results_file": "/tmp/.ansible_async/j11866624418.232",
    "changed": false,
    "__controller_role_item": {
      "team": "dummy-operator",
      "organization": "Dummy",
      "role": "approve",
      "state": "present"
    },
    "ansible_loop_var": "__controller_role_item"
  },
  "ansible_loop_var": "__controller_role_job_async_results_item",
  "_ansible_item_label": {
    "failed": 0,
    "started": 1,
    "finished": 0,
    "ansible_job_id": "j11866624418.232",
    "results_file": "/tmp/.ansible_async/j11866624418.232",
    "changed": false,
    "__controller_role_item": {
      "team": "dummy-operator",
      "organization": "Dummy",
      "role": "approve",
      "state": "present"
    },
    "ansible_loop_var": "__controller_role_item"
  }
}

mariannedejong avatar Feb 09 '24 10:02 mariannedejong

Adding my comment from the previous issue also.

I have a reproducer tested with versions: Packages ansible-core 2.14.2 automation-controller 4.5.0

Collections infra.controller_configuration 2.6.0 automation.controller 4.5.1

The problem clearly is that ansible.controller only accepts "role: approval", but the diff_object returned from infra.controller_configuration.object_diff has "role: approve", which it gets from the Controller API.

It's hard to know where to blame here. Is ansible.controller the culprit for only accepting "approval" or should infra.controller_configuration.object_diff perform a translation from approve -> approval to make it work?

jbjornel avatar Feb 09 '24 11:02 jbjornel

As I don't have a full understand of the implications, I don't want to create a PR, but adding something like this near the end of the run-function in controller_object_diff.py seems to address the issue.

    # Translate role "approve" to "approval"
    for item in difference:
        if item["role"] == "approve":
            item.update({"role": "approval"})

jbjornel avatar Feb 13 '24 09:02 jbjornel