You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When setting a domain_password secret in the Windows 10 credential store, the task always reports as changed. Looking through the source code it appears to be due to the module failing to read the current value of the secret from the credential store. As a result, it falls back to always setting the secret due to the current value being unknown and, therefore, impossible to compare against.
I'd expect this module to be able to read the stored secrets so the module is idempotent when used.
If it really isn't possible to read the stored secrets, I think it should at least log a warning message to notify users. The current implementation makes it impossible to know whether the stored credential was different or if it failed to read it.
ACTUAL RESULTS
The module always overwrites the secret due to $existing_credential.Secret.Length -eq 0(L683) always resolving to true.
SUMMARY
When setting a
domain_password
secret in the Windows 10 credential store, the task always reports as changed. Looking through the source code it appears to be due to the module failing to read the current value of the secret from the credential store. As a result, it falls back to always setting the secret due to the current value being unknown and, therefore, impossible to compare against.ISSUE TYPE
COMPONENT NAME
win_credential
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Targeting Windows 10
STEPS TO REPRODUCE
Run the following multiple times and it always reports as changed.
EXPECTED RESULTS
I'd expect this module to be able to read the stored secrets so the module is idempotent when used.
If it really isn't possible to read the stored secrets, I think it should at least log a warning message to notify users. The current implementation makes it impossible to know whether the stored credential was different or if it failed to read it.
ACTUAL RESULTS
The module always overwrites the secret due to
$existing_credential.Secret.Length -eq 0
(L683) always resolving to true.The text was updated successfully, but these errors were encountered: