Groups does not compare category/scope correctly

[jiuka]

SUMMARY

Setting the categoryor scope of a group leads to an change as the enum for GroupCategory or GroupScope is not resolved from the integer value back to the name. Therefor the group is never ok but always changed.

TASK [Group Bug test] ************************************************************************************************************************************************************************************
--- before
+++ after
@@ -1,7 +1,7 @@
 {
     "attributes": {},
-    "category": 1,
+    "category": "security",
     "name": "ansible.test.group",
     "path": "OU=XXX",
-    "scope": 2
+    "scope": "universal"
 }

ISSUE TYPE

• Bug Report

COMPONENT NAME

group

ANSIBLE VERSION

ansible [core 2.14.5]
  config file = /home/user/ansible/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/ansible_7.5.0/lib/python3.10/site-packages/ansible
  ansible collection location = /home/user/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] (/opt/ansible_7.5.0/bin/python)
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION

# /home/user/ansible/collections/ansible_collections
Collection   Version
------------ -------
microsoft.ad 1.1.0  

# /opt/ansible_7.5.0/lib/python3.10/site-packages/ansible_collections
Collection   Version
------------ -------
microsoft.ad 1.0.0  

CONFIGURATION

ANSIBLE_PIPELINING(/home/user/ansible/ansible.cfg) = True
CACHE_PLUGIN(env: ANSIBLE_CACHE_PLUGIN) = redis
CACHE_PLUGIN_CONNECTION(/home/user/ansible/ansible.cfg) = 127.0.0.1:6379:0
CACHE_PLUGIN_TIMEOUT(/home/user/ansible/ansible.cfg) = 3600
COLLECTIONS_PATHS(/home/user/ansible/ansible.cfg) = ['/home/user/ansible/collections']
CONFIG_FILE() = /home/user/ansible/ansible.cfg
DEFAULT_BECOME(/home/user/ansible/ansible.cfg) = True
DEFAULT_BECOME_ASK_PASS(/home/user/ansible/ansible.cfg) = False
DEFAULT_BECOME_METHOD(/home/user/ansible/ansible.cfg) = sudo
DEFAULT_BECOME_USER(/home/user/ansible/ansible.cfg) = root
DEFAULT_GATHERING(/home/user/ansible/ansible.cfg) = smart
DEFAULT_HOST_LIST(/home/user/ansible/ansible.cfg) = ['/home/mrieder/ansible/inventories/scs_linux/hosts']
DEFAULT_LOG_PATH(env: ANSIBLE_LOG_PATH) = /var/log/ansible/ansible.log
DEFAULT_MANAGED_STR(/home/user/ansible/ansible.cfg) = Ansible managed by SCS IT
DEFAULT_REMOTE_USER(/home/user/ansible/ansible.cfg) = scsitansible
DEFAULT_ROLES_PATH(/home/user/ansible/ansible.cfg) = ['/home/user/ansible/galaxy', '/home/user/ansible/roles']
DEPRECATION_WARNINGS(/home/user/ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/home/user/ansible/ansible.cfg) = False

OS / ENVIRONMENT

Ansible on Ubuntu 22 LTS
Windows on 2019 Server

STEPS TO REPRODUCE

---
- name: Test
  hosts: vm-arizona
  tasks:
    - name: 'Group Bug test'
      microsoft.ad.group:
        name: 'ansible.test.group'
        scope: universal
        category: security
        path: 'OU=XXX'

EXPECTED RESULTS

The task always return changed when scope and category is set. Even when set to the same value as they are in ad.

ACTUAL RESULTS

The task should return ok when scope and category is set to the same value as they are in ad.

TASK [Group Bug test] ************************************************************************************************************************************************************************************
task path: /home/user/ansible/windows-test.yml:5
Using module file /home/user/ansible/collections/ansible_collections/microsoft/ad/plugins/modules/group.ps1
Pipelining is enabled.
<win2019-server> ESTABLISH WINRM CONNECTION FOR USER: user@DOMAIN on PORT 5985 TO win2019-server
EXEC (via pipeline wrapper)
--- before
+++ after
@@ -1,7 +1,7 @@
 {
     "attributes": {},
-    "category": 1,
+    "category": "security",
     "name": "ansbile.test.group",
     "path": "OU=XXX",
-    "scope": 2
+    "scope": "universal"
 }

changed: [vm-arizona] => {
    "changed": true,
    "diff": {
        "after": {
            "attributes": {},
            "category": "security",
            "name": "ansbile.test.group",
            "path": "OU=XXX",
            "scope": "universal"
        },
        "before": {
            "attributes": {},
            "category": 1,
            "name": "ansbile.test.group",
            "path": "OU=XXX",
            "scope": 2
        }
    },
    "distinguished_name": "CN=ansbile.test.group,OU=XXX",
    "invocation": {
        "module_args": {
            "attributes": {
                "add": {},
                "remove": {},
                "set": {}
            },
            "category": "security",
            "description": null,
            "display_name": null,
            "domain_password": null,
            "domain_server": null,
            "domain_username": null,
            "homepage": null,
            "identity": null,
            "managed_by": null,
            "members": null,
            "name": "ansbile.test.group",
            "path": "OU=XXX",
            "protect_from_deletion": null,
            "sam_account_name": null,
            "scope": "universal",
            "state": "present"
        }
    },
    "object_guid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "sid": "S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx-xxxx"
}

[jborean93]

The problem here is that the category and scope options were being checked with a case sensitive comparer. If you did scope: Universal or category: Security then a change wouldn't have occurred.

Unfortunately the diff output is another unrelated problem due to how the values are serialized. Unfortunately that's not an easy fix but as the diff is a best effort attempt it's not worth the extra complexity required to try and match it up with the type of the input value so for now that will stay the same. At least with the fix in #33, it will no longer report a change the the diff output won't be shown.

[jiuka]

The scope domainlocal does still trigger a change even if there should be none.