#iscsi security not applying

I have a task to configure the "default" iscsi initiator with CHAP user and password. the tasks runs fine but doesnt actually apply any changes to ONTAP.
ONTAP 9.10
Ansible 22.3

tasks:
- name: configure iSCSI security
na_ontap_iscsi_security:
use_rest: never
state: present
vserver: "{{ item.vserver }}"
initiator: "default"
inbound_username: "{{ item.inbound_username }}"
inbound_password: "{{ item.inbound_password }}"
auth_type: "chap"
<<: *login
with_items: "{{ vmware_svm_config }}"

Probably not related but I'm curious; why use "use_rest: never"?
Seems like bad practise in general.

i normally have use_rest: always in all my tasks but was just trying without REST to see if anything was different. also i have found a considerable amount of differences between REST and ZAPI, some functionality is still only available in ZAPI.

looks like you must specify the "outbound_username" and "outbound_password" when using CHAP. File "/tmp/ansible_na_ontap_iscsi_security_payload_ohow0x3e/ansible_na_ontap_iscsi_security_payload.zip/ansible_collections/netapp/ontap/plugins/modules/na_ontap_iscsi_security.py", line 280, in modify_initiator\nKeyError: 'outbound_username'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

on the CLI you can use the following and it will not enable outbound CHAP and use only inbound (one way CHAP).

cluster0300::> iscsi security default -vserver siedxxnvp0320 -auth-type CHAP -user-name chapuser

Password:

have just verified this can be done using REST API and it can. curl -X PATCH "https://192.168.73.220/api/protocols/san/iscsi/credentials/21c7f079-bc55-11ed-9336-000c29957a37/default?add_initiator_addresses=false" -H "accept: application/json" -H "authorization: Basic YWRtaW46TmV0YXBwMSE=" -H "Content-Type: application/json" -d "{ "authentication_type": "chap", "chap": { "inbound": { "password": "chappassword", "user": "chapapi" }}}"

guess ill use the netapp.ontap.na_ontap_restit module to do straight API