#Ansible module na_ontap_user_role

Hi,

I am currently changing our existing playbooks from ZAPI to Rest.

I need to create a role using the Ansible module na_ontap_user_role.
With Zapi the module has worked without any problems so far.
With the change to Rest there is a strange behavior.

Whenever I run the playbook, the permissions of the group change.

Normally the group should have the following permissions:

DEFAULT none
volume snapshot create all
volume snapshot delete all
volume snapshot modify all
volume snapshot show all

If I run the playbook several times in a row, the permissions keep changing between:

DEFAULT none
volume snapshot show all

and:

DEFAULT none
volume snapshot create all
volume snapshot delete all
volume snapshot modify all
volume snapshot show all

With the ZAPI call the group was created correctly and I was able to run the playbook multiple times.
When I call the playbook with a rest call, the rights keep changing as described above.

Can anyone help me?

@hushed jetty we've an open bug for na_ontap_user_role module for not being idempotent in some cases; will update once it is closed.

In the mean time, could you try using below dict and see if the idempotency is maintained?

privileges:
  - {access: "none", path: "DEFAULT"}
  - {access: "all", path: "volume snapshot"}
  - {access: "all", path: "volume snapshot delete"}

@midnight orbit many thanks. With this dict it works as expected

privileges: - {access: "none", path: "DEFAULT"} - {access: "all", path: "volume snapshot create"} - {access: "all", path: "volume snapshot modify"} - {access: "all", path: "volume snapshot show"} - {access: "all", path: "volume snapshot delete"}

It looks like the 23.0.0 version still has the bug.
The result is not idempotence if you run the playbook multiple times.

@hushed jetty could you share the privileges for which idempotency is not seen?