[FEATURE]: ensure idrac_user user_password behaves the same as the ansible.builtin.user module

[RobVerduijn]

Describe the solution you'd like

Please make it so that when I use the module idrac_user with the option user_password it behaves the same as the ansible.builtin.user module with the options password and update_password.

I've been hitting issue idrac_user not idempotent #321 After reading it was closed with instructions not to use 'user_password' if you want an idempotent playbook.

But there is no way to check if the passwords of a particular user needs to be set if it is not the right one. This makes it rather hard to write an idempotent script which sets passwords for users.

I think idrac_user module should behave as the ansible.builtin.user module

With the ansible.builtin.user module you manage the password setting behavior with the update_password option.

• setting always will only set the password if it differs
• setting on_create will only set the password

Describe alternatives you've considered Using the new idrac_user_info module allows the listing all users and could be used to create a workaround to get the same result as the on_create.

I have not yet found a workaround to get the same results as the always option (only update if it differs)

Rob

[sachin-apa]

@RobVerduijn Thanks for Feature, iDRAC user GET API is not returning the password field as part of the reposnse and hence we cannot check if the input password is same or not. if we add update_password with options always and on_create i don't think it will help in the modify case.

Open for discussion and checking internally what can be done

@anupamaloke

[Armadill0]

@sachin-apa Couldn't you just check by simply trying to login with the user's credentials at the API? Afaik this is how other modules like mysql_user do it these days. I guess there might be a limitation if the user is not allowed to login to idrac but to use other protocols. But at least it could be a start.

[RobVerduijn]

@RobVerduijn Thanks for Feature, iDRAC user GET API is not returning the password field as part of the reposnse and hence we cannot check if the input password is same or not. if we add update_password with options always and on_create i don't think it will help in the modify case.

Open for discussion and checking internally what can be done

@anupamaloke

Maybe make always do what it says...always (ie intentionally not be idempotent) and make on_create the default option. Or make it do what @Armadill0 suggest, make the module try to use the credentials by login in. This wil however seriously impact performance of the module...idrac's are not know for their speedy logins