No idempotency when using GroupName property with cyberark.pas.cyberark_account

Summary

When creating accounts with a "GroupName" property using the cyberark.pas.cyberark_account module, any subsequent task run on this account is systematically marked as "changed", despite the provided values being the same.

This does not happen with accounts that are not part of a group (no "GroupName" property given).

Steps to Reproduce

Using the cyberark.pas.cyberark_account module, create an account with a "GroupName" property under "platform_account_properties".

Then, run the task again without changing any values.

Expected Results

I expect the task to return as "ok" when no value has actually changed (idempotency).

Actual Results

The task returns as "changed".

In the log of the task below, you can see a GroupName is passed in the module_args, but does not show in the result section, which may be linked to the issue.

changed: [host.domain.tld] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "address": "host.domain.tld",
            "api_base_url": "********/PasswordVault/api/",
            "cyberark_session": {
                "api_base_url": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "validate_certs": true
            },
            "identified_by": "username,address,platform_id",
            "logging_file": "/tmp/cyberark_role_20210621_1041",
            "logging_level": "INFO",
            "name": "MY_ACCOUNT_NAME",
            "new_secret": null,
            "platform_account_properties": {
                "CustomDescription": "foo",
                "CustomIP": "1.2.3.4",
                "ExtraPass3Folder": "RECONCILE_FOLDER",
                "ExtraPass3Name": "RECONCILE_NAME",
                "ExtraPass3Safe": "RECONCILE_SAFE",
                "GroupName": "MY_GROUP",
                "IP": "1.2.3.4",
                "Location": "foo"
            },
            "platform_id": "MY_PLATFORM",
            "remote_machines_access": null,
            "safe": "MY_SAFE",
            "secret": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "secret_management": {
                "automatic_management_enabled": true,
                "management_action": "change",
                "manual_management_reason": null,
                "new_secret": null,
                "perform_management_action": "on_create"
            },
            "secret_type": "password",
            "state": "present",
            "username": "my_account",
            "validate_certs": true
        }
    },
    "result": {
        "result": {
            "address": "host.domain.tld",
            "categoryModificationTime": 1624029563,
            "createdTime": 1623171048,
            "id": "161_2626",
            "name": "MY_ACCOUNT_NAME",
            "platformAccountProperties": {
                "CustomDescription": "foo",
                "CustomIP": "1.2.3.4",
                "ExtraPass3Folder": "RECONCILE_FOLDER",
                "ExtraPass3Name": "RECONCILE_NAME",
                "ExtraPass3Safe": "RECONCILE_SAFE",
                "Hostname": "HOST",
                "IP": "1.2.3.4",
                "Location": "foo"
            },
            "platformId": "MY_PLATFORM",
            "safeName": "MY_SAFE",
            "secretManagement": {
                "automaticManagementEnabled": true,
                "lastModifiedTime": 1623946613,
                "lastReconciledTime": 1623946649,
                "status": "success"
            },
            "secretType": "password",
            "userName": "my_account"
        }
    },
    "status_code": 200
}

Reproducible

[x] Always
[ ] Sometimes
[ ] Non-Reproducible

Version/Tag number

Collection cyberark.pas v1.0.7.

Environment setup

Running in a venv, with ansible v2.9.12 and python v3.6.8.

Additional Information

Add any other context about the problem here.

cyberark / ansible-security-automation-collection