ansible-collections/ansible.windows

Using check_mode on ansible.windows.win_group_membership module does not return accurate result values.

nagten opened this issue · 0 comments

nagten commented
SUMMARY

Using check_mode on ansible.windows.win_group_membership module does not return accurate result values.

The win_group_membership module has 4 return values, but the added/removed and members value do not represent accurate results when using pure mode.

I already created a pull request with a fix, we needed an overview of all accounts that would be added and removed when running win_group_membership code with pure status in checl_mode before we actually ran the code.

For example using following code via Ansible Automation Platform run in check_mode:

  • name: Adding identities to the local administrator group
    ansible.windows.win_group_membership:
    name: Administrators
    members: "{{ localadminidentitylist }}"
    state: pure
    register: varlocalmembership

  • name: Overview of Identities local administrator group
    debug:
    var: varlocalmembership

Gives following results (it only shows current members without accounting for added or removed members):

ok: [testserver.fabrikam.com] => {
"varlocalmembership": {
"added": [],
"changed": true,
"failed": false,
"members": [
"TESTSERVER\\Administrator",
"FABRIKAM\\Domain Admins",
"TESTSERVER\\LocalAccount",
"FABRIKAM\\G-WSOSADMIN",
"FABRIKAM\\G-TESTSERVER-ADMIN",
"FABRIKAM\\G-SQLDB-A"
],
"name": "Administrators",
"removed": []
}
}

But it should show which members are added or removed and display correct members results:

ok: [testserver.fabrikam.com] => {
"varlocalmembership": {
"added": [
"FABRIKAM\\G-SQLDB-P"
],
"changed": true,
"failed": false,
"members": [
"TESTSERVER\\Administrator",
"FABRIKAM\\Domain Admins",
"TESTSERVER\\LocalAccount",
"FABRIKAM\\G-WSOSADMIN",
"FABRIKAM\\G-TESTSERVER-ADMIN"
],
"name": "Administrators",
"removed": [
"FABRIKAM\\G-SQLDB-A"
]
}
}

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ansible.windows.win_group_membership

ANSIBLE VERSION

"ansible [core 2.13.3]"

COLLECTION VERSION

"# /usr/share/ansible/collections/ansible_collections
Collection Version

ansible.windows 1.9.0"

CONFIGURATION
OS / ENVIRONMENT

Target OS: Windows Server 2022

Code executed via Ansible Automation Platform Controller 4.3.8

STEPS TO REPRODUCE

Run below playbook in check_mode

"- name: Adding identities to the local administrator group
ansible.windows.win_group_membership:
name: Administrators
members: "{{ localadminidentitylist }}"
state: pure
register: varlocalmembership

  • name: Overview of Identities local administrator group
    debug:
    var: varlocalmembership"
EXPECTED RESULTS

"It should show which members are added or removed and display correct members results:

ok: [testserver.fabrikam.com] => {
"varlocalmembership": {
"added": [
"FABRIKAM\\G-SQLDB-P"
],
"changed": true,
"failed": false,
"members": [
"TESTSERVER\\Administrator",
"FABRIKAM\\Domain Admins",
"TESTSERVER\\LocalAccount",
"FABRIKAM\\G-WSOSADMIN",
"FABRIKAM\\G-TESTSERVER-ADMIN"
],
"name": "Administrators",
"removed": [
"FABRIKAM\\G-SQLDB-A"
]
}
}"

ACTUAL RESULTS

it only shows current members without accounting for added or removed members

"ok: [testserver.fabrikam.com] => {
"varlocalmembership": {
"added": [],
"changed": true,
"failed": false,
"members": [
"TESTSERVER\\Administrator",
"FABRIKAM\\Domain Admins",
"TESTSERVER\\LocalAccount",
"FABRIKAM\\G-WSOSADMIN",
"FABRIKAM\\G-TESTSERVER-ADMIN",
"FABRIKAM\\G-SQLDB-A"
],
"name": "Administrators",
"removed": []
}
}"