Add new option update_secrets to allow lazy or strict updating

2026-03-17 08:57:33 -02:30 · 2020-09-04 11:48:56 -04:00
parent 8e97214309
commit 362d6a3204
7 changed files with 56 additions and 19 deletions
--- a/awx_collection/plugins/modules/tower_credential.py
+++ b/awx_collection/plugins/modules/tower_credential.py
@@ -52,6 +52,12 @@ options:
          Refer to the Ansible Tower documentation for example syntax.
        - Any fields in this dict will take prescedence over any fields mentioned below (i.e. host, username, etc)
      type: dict
+    update_secrets:
+      description:
+        - C(true) will always update encrypted values.
+        - C(false) will only updated encrypted values if a change is absolutely known to be needed.
+      type: bool
+      default: true
    user:
      description:
        - User that should own this credential.
@@ -308,6 +314,7 @@ def main():
        organization=dict(),
        credential_type=dict(),
        inputs=dict(type='dict', no_log=True),
+        update_secrets=dict(type='bool', default=True, no_log=False),
        user=dict(),
        team=dict(),
        # These are for backwards compatability
--- a/awx_collection/plugins/modules/tower_user.py
+++ b/awx_collection/plugins/modules/tower_user.py
@@ -55,13 +55,12 @@ options:
      description:
        - Write-only field used to change the password.
      type: str
-    update_password:
+    update_secrets:
      description:
-        - C(always) will update passwords if they differ.
-        - C(on_create) will only set the password for newly created users.
-      type: str
-      choices: [ always, on_create ]
-      default: always
+        - C(true) will always password if user specifies password and API gives $encrypted$ for password.
+        - C(false) will only set the password if other values change too.
+      type: bool
+      default: true
    state:
      description:
        - Desired state of the resource.
@@ -122,7 +121,7 @@ def main():
        is_superuser=dict(type='bool', default=False, aliases=['superuser']),
        is_system_auditor=dict(type='bool', default=False, aliases=['auditor']),
        password=dict(no_log=True),
-        update_password=dict(choices=['always', 'on_create'], default='always', no_log=False),
+        update_secrets=dict(type='bool', default=True, no_log=False),
        state=dict(choices=['present', 'absent'], default='present'),
    )

@@ -137,7 +136,6 @@ def main():
    is_superuser = module.params.get('is_superuser')
    is_system_auditor = module.params.get('is_system_auditor')
    password = module.params.get('password')
-    update_password = module.params.get('update_password')
    state = module.params.get('state')

    # Attempt to look up the related items the user specified (these will fail the module if not found)
@@ -163,7 +161,7 @@ def main():
        new_fields['is_superuser'] = is_superuser
    if is_system_auditor:
        new_fields['is_system_auditor'] = is_system_auditor
-    if password and (not existing_item or update_password == 'always'):
+    if password:
        new_fields['password'] = password

    # If the state was present and we can let the module build or update the existing item, this will return on its own