[BUG] rule idempotency check does not work for special_agents:vsphere rules

[bhuddah]

Describe the bug Rules added to special_agents:vsphere are not recognized again, so it is impossible to delete rules and rules are added everytime the play is run.

Component Name

Component Name: modules.rules

Ansible Version

ansible [core 2.17.0]
[...]
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] 
  jinja version = 3.1.4
  libyaml = True

Checkmk Version and Edition

2.3.0p5

Collection Version

$ ansible-galaxy collection list
# /home/user/git/infinity-deployment/ansible/collections/ansible_collections
Collection                               Version
---------------------------------------- -------
ansible.posix                            1.5.4
ansible.utils                            4.1.0
checkmk.general                          4.4.1
cloud.common                             3.0.0
community.crypto                         2.20.0
community.docker                         3.10.3
community.general                        9.0.1
community.library_inventory_filtering_v1 1.0.1
community.vmware                         4.4.0
recordsansible.ara                       0.1.0
vmware.vmware_rest                       3.0.1

To Reproduce Steps to reproduce the behavior:

1. Add Task to add rule
2. Run Play
3. Run Play again
4. See error

Expected behavior Rule is added once and recognized on second run.

Actual behavior Rule is added once more with each subsequent run.

Minimum reproduction example

    - name: "Create a rule for vcsa in special_agents:vsphere"
      checkmk.general.rule:
        server_url: "{{ vm_install_check_mk_server_protocol }}://{{ vm_install_check_mk_server }}:{{ vm_install_check_mk_server_port }}/"
        site: "{{ vm_install_check_mk_site }}"
        automation_user: "{{ vm_install_check_mk_user }}"
        automation_secret: "{{ vm_install_check_mk_auth }}"
        ruleset: "special_agents:vsphere"
        rule:
          conditions: {
            "host_name": {
              "match_on": [
                "vcsa"
              ],
              "operator": "one_of"
            },
            "host_tags": [],
            "host_labels": [],
            "service_labels": []
          }
          properties:
            comment: vSphere Credentials
            description: vSphere
            disabled: false
          value_raw: >- 
            {'direct': True,
            'infos': ['hostsystem', 'virtualmachine', 'datastore', 'counters', 'licenses'],
            'secret': '{{ vcenter_password }}',
            'skip_placeholder_vms': True,
            'snapshots_on_host': False,
            'spaces': 'underscore',
            'ssl': False,
            'user': '{{ vcenter_username }}'}
          location:
            folder: "/vmware"
            # position: "top"
        state: present
      notify: activate changes
      register: response

Additional context

[Max-checkmk]

Hi bhuddah,

thanks for reporting this issue. First, i have to mention that the current collection release is not fully ready for Checkmk 2.3.0. We plan to release version 5.0.0 of the collection with 2.3.0 support soon.

Besides that, at the current state we can't fully assure that the rule module always works idempotent. Root cause is how rules get created inside Checkmk and shown afterwards with the API.

But for your rule, please test this again, after the 5.0.0 is out.

KR, Max

[bhuddah]

I have tested this first with checkmk 2.2.0p22 before trying with the most recent version so i can confirm that it currently not works in 2.2.0 either. thanks for the feedback

[robin-checkmk]

There is some further reading here:

• https://github.com/Checkmk/ansible-collection-checkmk.general/issues/186
• https://github.com/Checkmk/ansible-collection-checkmk.general/discussions/279

TL;DR: Idempotency is not perfect, but pretty good overall. Sometimes it needs a little testing how to best structure the data, so you might want to browse our tests/integration/ directory for some ideas.