containers.podman.podman_secret fails if identical secret was create in playbook before

[IBims1NicerTobi]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

containers.podman.podman_secret fails if called twice with the same arguments

Steps to reproduce the issue:

1. Create a secret with containers.podman.podman_secret

2. Run the playbook again

Describe the results you received: The playbook fails with fatal: [fishtank]: FAILED! => {"changed": false, "msg": "Unable to create secret: Error: test: secret name in use\n"}

Describe the results you expected: The playbook does nothing

Additional information you deem important (e.g. issue happens only occasionally):

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

1.11.0

Output of ansible --version:

ansible [core 2.16.1]
  config file = /home/tobias/.config/ansible/ansible.cfg
  configured module search path = ['/home/tobias/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /home/tobias/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.6 (main, Nov 14 2023, 09:36:21) [GCC 13.2.1 20230801] (/usr/bin/python)
  jinja version = 3.1.2
  libyaml = True

Output of podman version:

podman version 4.8.2

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.33.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon is owned by conmon 1:2.1.9-2
    path: /usr/bin/conmon
    version: 'conmon version 2.1.9, commit: 3a9715d28cb4cf0e671dfbc4211d4458534db189-dirty'
  cpuUtilization:
    idlePercent: 99.29
    systemPercent: 0.52
    userPercent: 0.2
  cpus: 12
  databaseBackend: boltdb
  distribution:
    distribution: arch
    version: unknown
  eventLogger: journald
  freeLocks: 2002
  hostname: fishtank
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.1.68-1-lts
  linkmode: dynamic
  logDriver: journald
  memFree: 23743643648
  memTotal: 29313130496
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: /usr/lib/podman/aardvark-dns is owned by aardvark-dns 1.9.0-1
      path: /usr/lib/podman/aardvark-dns
      version: aardvark-dns 1.9.0
    package: /usr/lib/podman/netavark is owned by netavark 1.9.0-1
    path: /usr/lib/podman/netavark
    version: netavark 1.9.0
  ociRuntime:
    name: crun
    package: /usr/bin/crun is owned by crun 1.12-1
    path: /usr/bin/crun
    version: |-
      crun version 1.12
      commit: ce429cb2e277d001c2179df1ac66a470f00802ae
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: false
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns is owned by slirp4netns 1.2.2-1
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.4
  swapFree: 0
  swapTotal: 0
  uptime: 78h 46m 46.00s (Approximately 3.25 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 13
    paused: 0
    running: 12
    stopped: 1
  graphDriverName: zfs
  graphOptions:
    zfs.fsname: DATA/PODMAN
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 3630217560064
  graphRootUsed: 149293367296
  graphStatus:
    Compression: zstd
    Parent Dataset: DATA/PODMAN
    Parent Quota: "no"
    Space Available: "3480924213248"
    Space Used By Parent: "151553351680"
    Zpool: DATA
    Zpool Health: ONLINE
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 49
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.8.2
  Built: 1702505246
  BuiltTime: Wed Dec 13 23:07:26 2023
  GitCommit: aa546902fa1a927b3d770528565627d1395b19f3-dirty
  GoVersion: go1.21.5
  Os: linux
  OsArch: linux/amd64
  Version: 4.8.2

Package info (e.g. output of rpm -q podman or apt list podman):

yay -Qi podman
Name            : podman
Version         : 4.8.2-1
Description     : Tool and library for running OCI-based containers in pods
Architecture    : x86_64
URL             : https://github.com/containers/podman
Licenses        : Apache-2.0
Groups          : None
Provides        : None
Depends On      : catatonit  conmon  containers-common  crun  gcc-libs  glibc  iptables  device-mapper  libdevmapper.so=1.02-64  gpgme  libgpgme.so=11-64  libseccomp  libseccomp.so=2-64
                  slirp4netns
Optional Deps   : apparmor: for AppArmor support
                  btrfs-progs: support btrfs backend devices
                  cni-plugins: for an alternative container-network-stack implementation
                  fuse-overlayfs: for storage driver in rootless environment [installed]
                  passt: for alternative rootless network support
                  podman-compose: for docker-compose compatibility
                  podman-docker: for Docker-compatible CLI
Required By     : None
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 81.66 MiB
Packager        : Morten Linderud <foxboron@archlinux.org>
Build Date      : Wed 13 Dec 2023 11:07:26 PM CET
Install Date    : Fri 15 Dec 2023 05:26:49 PM CET
Install Reason  : Explicitly installed
Install Script  : No
Validated By    : Signature

Playbok you run with ansible (e.g. content of playbook.yaml):

---
- name: Create a podman secret
  hosts: fishtank
  remote_user: tobias
  become: true

  tasks:
    - name: Create a dummy secret
      containers.podman.podman_secret:
        name: test
        data: "123"

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml

ansible-playbook -vv -K test.yaml
ansible-playbook [core 2.16.1]
  config file = /home/tobias/.config/ansible/ansible.cfg
  configured module search path = ['/home/tobias/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /home/tobias/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.11.6 (main, Nov 14 2023, 09:36:21) [GCC 13.2.1 20230801] (/usr/bin/python)
  jinja version = 3.1.2
  libyaml = True
Using /home/tobias/.config/ansible/ansible.cfg as config file
BECOME password:
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test.yaml ****************************************************************************************************************************************************************************
1 plays in test.yaml

PLAY [Create a podman secret] ******************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************
task path: /home/tobias/Programming/ansible/fishtank/certbot/test.yaml:2
[WARNING]: Platform linux on host fishtank is using the discovered Python interpreter at /usr/bin/python3.11, but future installation of another Python interpreter could change the meaning of
that path. See https://docs.ansible.com/ansible-core/2.16/reference_appendices/interpreter_discovery.html for more information.
ok: [fishtank]

TASK [Create a dummy secret] *******************************************************************************************************************************************************************
task path: /home/tobias/Programming/ansible/fishtank/certbot/test.yaml:8
fatal: [fishtank]: FAILED! => {"changed": false, "msg": "Unable to create secret: Error: test: secret name in use\n"}

NO MORE HOSTS LEFT *****************************************************************************************************************************************************************************

PLAY RECAP *************************************************************************************************************************************************************************************
fishtank                   : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Additional environment details (AWS, VirtualBox, physical, etc.):

[sshnaidm]

As I see from version 4.7.0 we can show the secret, so actually we can do the idempotency here. Before that it was too complex to see the secret. So from 4.7.0 it's doable. For older version we have skip and force option and I'd leave it as is. I'll look into it.