Attaching Changed User Policies to a User Fails

[desebjohnston]

Thank you for this ansible role! I've very much been enjoying working with it.

The ansible role attaching policy fails when I change the rules of a user policy and re-apply. The user policy was changed successfully but applying the policy to the user results in a failed task. The task should probably check if the applied policy is already attached as a gate or the failed_when value should change.

TASK [ricsanfre.minio : Apply user policy] *****************************************************************************************************************************************************************

fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["mc", "admin", "policy", "attach", "myminio", "test", "-u", "test"], "delta": "0:00:00.147802", "end": "2024-05-17 09:25:59.068474", "msg": "non-zero return code", "rc": 1, "start": "2024-05-17 09:25:58.920672", "stderr": "mc: <ERROR> Unable to make user/group policy association. The specified policy change is already in effect. (Specified policy update has no net effect).", "stderr_lines": ["mc: <ERROR> Unable to make user/group policy association. The specified policy change is already in effect. (Specified policy update has no net effect)."], "stdout": "", "stdout_lines": []}

Another proposal I have, which I could make a PR for if it's worthwhile since it'd be a major change, is it may be useful to separate the user creation from policy creation in the vars configuration, and map the policy names to the users when that's the explicit intention. I'll have non-user "users" that I've created and will probably use for token access in other automated workflows, but I think there's a use case for having these objects separate in cases where user access is provided by an OpenID service where the policies are inherited.

Thanks again!