Object diff for roles fails on approval role

[mariannedejong]

Summary

I want to assign the approval role for an organization to teams using controller_configuration.roles. If a team does not have the approval role yet, the object diff and roles role are working fine. However, if a team has the approval role, the object diff fails, probabaly because of a discepancy in naming ( the module accepts only approval, -> the role is named approve on the controller, see output below)

Issue Type

• Bug Report

Ansible, Collection, Controller details

ansible.controller version 4.4.0
ansible-core~=2.13.7

Desired Behavior

The object diff should not fail when the approval role is assigned to a team.

Actual Behavior

Task used:

  - name: include the diff roles
     ansible.builtin.include_role:
       name: infra.controller_configuration.object_diff
     vars:
       controller_configuration_object_diff_tasks:
         - {name: roles, var: controller_roles, tags: roles
    
   - name: include the configuration roles
     ansible.builtin.include_role:
       name: infra.controller_configuration.dispatch
     vars:
       controller_configuration_dispatcher_roles:
         - {role: roles, var: controller_roles, tags: roles}

Variables:

controller_roles:
  - team: dummy-operator
    organizations: 
       - "Dummy"
    role: approval

• error

Error when the object diff is running and the approval role is present for the dummy-operator team:

{
  "started": 1,
  "finished": 1,
  "stdout": "",
  "stderr": "",
  "stdout_lines": [],
  "stderr_lines": [],
  "ansible_job_id": "j11866624418.232",
  "results_file": "/tmp/.ansible_async/j11866624418.232",
  "msg": "value of role must be one of: admin, read, member, execute, adhoc, update, use, approval, auditor, project_admin, inventory_admin, credential_admin, workflow_admin, notification_admin, job_template_admin, execution_environment_admin, got: approve",
  "invocation": {
    "module_args": {
      "team": "dummy-operator",
      "role": "approve",
      "organization": "Dummy",
      "state": "present",
      "controller_username": "admin",
      "controller_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
      "controller_oauthtoken": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
      "controller_host": "<controller_host>",
      "validate_certs": false,
      "controller_config_file": null,
      "user": null,
      "target_team": null,
      "target_teams": null,
      "inventory": null,
      "inventories": null,
      "job_template": null,
      "job_templates": null,
      "workflow": null,
      "workflows": null,
      "credential": null,
      "credentials": null,
      "organizations": null,
      "lookup_organization": null,
      "project": null,
      "projects": null,
      "instance_groups": null
    }
  },
  "_ansible_no_log": false,
  "attempts": 1,
  "changed": false,
  "__controller_role_job_async_results_item": {
    "failed": 0,
    "started": 1,
    "finished": 0,
    "ansible_job_id": "j11866624418.232",
    "results_file": "/tmp/.ansible_async/j11866624418.232",
    "changed": false,
    "__controller_role_item": {
      "team": "dummy-operator",
      "organization": "Dummy",
      "role": "approve",
      "state": "present"
    },
    "ansible_loop_var": "__controller_role_item"
  },
  "ansible_loop_var": "__controller_role_job_async_results_item",
  "_ansible_item_label": {
    "failed": 0,
    "started": 1,
    "finished": 0,
    "ansible_job_id": "j11866624418.232",
    "results_file": "/tmp/.ansible_async/j11866624418.232",
    "changed": false,
    "__controller_role_item": {
      "team": "dummy-operator",
      "organization": "Dummy",
      "role": "approve",
      "state": "present"
    },
    "ansible_loop_var": "__controller_role_item"
  }
}

[ivarmu]

It's working fine for me using the latest versions for awx.awx and infra.controller_configuration collections.

@mariannedejong could you give it a try?

[sean-m-sullivan]

Closing this as our tests have shown it now works. If you find this to be incorrect, Please reopen this issue

[jbjornel]

This issue seems to persist. I have a reproducer tested with versions:
Packages
ansible-core 2.14.2
automation-controller 4.5.0

Collections
infra.controller_configuration 2.6.0
automation.controller 4.5.1

The problem clearly is that ansible.controller only accepts "role: approval", but the diff_object returned from infra.controller_configuration.object_diff has "role: approve", which it gets from the Controller API.

It's hard to know where to blame here. Is ansible.controller the culprit for only accepting "approval" or should infra.controller_configuration.object_diff perform a translation from approve -> approval to make it work?