Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
After configuring bgp_password via aci_l3out_bgp_peer the bgp password is properly pushed to the APIC, but in subsequent runs of the same playbook, with the same string as the BGP password, the playbook reports a change
I dont see any value on the APIC managed object to read the bgp password (as this is a "secret") so im guessing is normal that ansible cannot read this value and compare with the invocation. But how are these cases usually handled? Is it the expected behaviour to always report a change?
Based on this lines on the script, seems like this is expected:
# Only add bgp_password if it is set to handle changed status properly because password is not part of existing config
if bgp_password:
class_config["password"] = bgp_password
If thats the case, i think this should be mentioned on the documentation.
Correct the password is not returned during the query of existing so when password is provided this always causes a change. I will make a note of this to the documentation.
Community Note
Description
After configuring bgp_password via
aci_l3out_bgp_peer
the bgp password is properly pushed to the APIC, but in subsequent runs of the same playbook, with the same string as the BGP password, the playbook reports a changeI dont see any value on the APIC managed object to read the bgp password (as this is a "secret") so im guessing is normal that ansible cannot read this value and compare with the invocation. But how are these cases usually handled? Is it the expected behaviour to always report a change?
Based on this lines on the script, seems like this is expected:
If thats the case, i think this should be mentioned on the documentation.
Affected Module Name(s):
APIC version and APIC Platform
Collection versions
Output/ Error message
*
Expected Behavior
The aci_l3out_bgp_peer task should not report a change if the bgp password is already configured
Actual Behavior
aci_l3out_bgp_peer always reporting a change when bgp_password variable is set
*
Playbook tasks to Reproduce
Configure a bgp_password variable on the playbook (have tried both a simple string, and also reading from vault, the same behaviour
*
Important Factoids
References
0000