azure.azcollection.azure_rm_adgroup fails for existing group members who are Managed Identities #1931
Description
SUMMARY
Using azure.azcollection.azure_rm_adgroup to ensure group membership results in an error if a listed object_id is
already a member:
One or more added object references already exist for the following modified properties: 'members'.
There is an existing, but closed as fixed/not-an-issue Issue in #1519
ISSUE TYPE
- Bug Report
COMPONENT NAME
azure_rm_adgroup
ANSIBLE VERSION
bash-5.1$ ansible --version
ansible [core 2.18.5]
config file = None
configured module search path = ['/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
ansible collection location = /runner/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.11.11 (main, Feb 10 2025, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-5)] (/usr/bin/python3.11)
jinja version = 3.1.6
libyaml = True
COLLECTION VERSION
bash-5.1$ ansible-galaxy collection list azure.azcollection
# /usr/share/ansible/collections/ansible_collections
Collection Version
------------------ -------
azure.azcollection 3.3.1
CONFIGURATION
OS / ENVIRONMENT
Azure public cloud. Running playbooks inside a recently-built AWX EE using ansible-runner. Python 3.11 in the EE.
STEPS TO REPRODUCE
application_managed_identity_object_id is the principalId of a Managed Identity created with:
az identity create -g {{ resource_group }} -n {{ application_name }}-mi -o json
- name: Ensure Users are Members of a Group using object_id
azure.azcollection.azure_rm_adgroup:
raw_membership: true
object_id: "{{ directory_readers_object_id}}"
state: 'present'
present_members:
- "{{ application_managed_identity_object_id }}"
EXPECTED RESULTS
1st time - add managed identity to the AD group (correct)
2nd time - do nothing (instead it fails)
ACTUAL RESULTS
error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={}, client_request_id='d5faa2ef-7449-4886-a7ad-f77f4369ca56', date=datetime.datetime(2025, 5, 15, 12, 41, 4), odata_type=None, request_id='3d0ee01d-23b2-4c44-9154-7e3bf46291b0'), message="One or more added object references already exist for the following modified properties: 'members'.", target=None)
The complete trace is:
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py", line 356, in exec_module
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py", line 378, in update_members
File "/usr/lib64/python3.11/asyncio/base_events.py", line 654, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py", line 550, in add_group_member
File "/usr/local/lib/python3.11/site-packages/msgraph/generated/groups/item/members/ref/ref_request_builder.py", line 93, in post
return await self.request_adapter.send_no_response_content_async(request_info, error_mapping)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/kiota_http/httpx_request_adapter.py", line 389, in send_no_response_content_async
await self.throw_failed_responses(response, error_map, parent_span, parent_span)
File "/usr/local/lib/python3.11/site-packages/kiota_http/httpx_request_adapter.py", line 575, in throw_failed_responses
raise exc
msgraph.generated.models.o_data_errors.o_data_error.ODataError:
APIError
Code: 400
message: None
error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={}, client_request_id='d5faa2ef-7449-4886-a7ad-f77f4369ca56', date=datetime.datetime(2025, 5, 15, 12, 41, 4), odata_type=None, request_id='3d0ee01d-23b2-4c44-9154-7e3bf46291b0'), message="One or more added object references already exist for the following modified properties: 'members'.", target=None)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/tmp/.ansible-/tmp/ansible-tmp-1747312860.9912302-878-45544755762225/AnsiballZ_azure_rm_adgroup.py", line 107, in <module>
_ansiballz_main()
File "/tmp/.ansible-/tmp/ansible-tmp-1747312860.9912302-878-45544755762225/AnsiballZ_azure_rm_adgroup.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/tmp/.ansible-/tmp/ansible-tmp-1747312860.9912302-878-45544755762225/AnsiballZ_azure_rm_adgroup.py", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.azure.azcollection.plugins.modules.azure_rm_adgroup', init_globals=dict(_module_fqn='ansible_collections.azure.azcollection.plugins.modules.azure_rm_adgroup', _modlib_path=modlib_path),
File "<frozen runpy>", line 226, in run_module
File "<frozen runpy>", line 98, in _run_module_code
File "<frozen runpy>", line 88, in _run_code
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py", line 578, in <module>
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py", line 574, in main
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py", line 279, in __init__
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 484, in __init__
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py", line 361, in exec_module
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py", line 517, in fail
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py", line 1468, in fail_json
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py", line 1442, in _return_formatted
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py", line 927, in remove_values
File "/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py", line 470, in _remove_values_conditions
TypeError: Value of unknown type: <class 'msgraph.generated.models.o_data_errors.o_data_error.ODataError'>,
APIError
Code: 400
message: None
error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={}, client_request_id='d5faa2ef-7449-4886-a7ad-f77f4369ca56', date=datetime.datetime(2025, 5, 15, 12, 41, 4), odata_type=None, request_id='3d0ee01d-23b2-4c44-9154-7e3bf46291b0'), message="One or more added object references already exist for the following modified properties: 'members'.", target=None)
fatal: [localhost]: FAILED! => {
"changed": false,
"module_stderr": "Traceback (most recent call last):\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 356, in exec_module\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 378, in update_members\n File \"/usr/lib64/python3.11/asyncio/base_events.py\", line 654, in run_until_complete\n return future.result()\n ^^^^^^^^^^^^^^^\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 550, in add_group_member\n File \"/usr/local/lib/python3.11/site-packages/msgraph/generated/groups/item/members/ref/ref_request_builder.py\", line 93, in post\n return await self.request_adapter.send_no_response_content_async(request_info, error_mapping)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/kiota_http/httpx_request_adapter.py\", line 389, in send_no_response_content_async\n await self.throw_failed_responses(response, error_map, parent_span, parent_span)\n File \"/usr/local/lib/python3.11/site-packages/kiota_http/httpx_request_adapter.py\", line 575, in throw_failed_responses\n raise exc\nmsgraph.generated.models.o_data_errors.o_data_error.ODataError: \n APIError\n Code: 400\n message: None\n error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={}, client_request_id='d5faa2ef-7449-4886-a7ad-f77f4369ca56', date=datetime.datetime(2025, 5, 15, 12, 41, 4), odata_type=None, request_id='3d0ee01d-23b2-4c44-9154-7e3bf46291b0'), message=\"One or more added object references already exist for the following modified properties: 'members'.\", target=None)\n \n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/tmp/.ansible-/tmp/ansible-tmp-1747312860.9912302-878-45544755762225/AnsiballZ_azure_rm_adgroup.py\", line 107, in <module>\n _ansiballz_main()\n File \"/tmp/.ansible-/tmp/ansible-tmp-1747312860.9912302-878-45544755762225/AnsiballZ_azure_rm_adgroup.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/tmp/.ansible-/tmp/ansible-tmp-1747312860.9912302-878-45544755762225/AnsiballZ_azure_rm_adgroup.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible_collections.azure.azcollection.plugins.modules.azure_rm_adgroup', init_globals=dict(_module_fqn='ansible_collections.azure.azcollection.plugins.modules.azure_rm_adgroup', _modlib_path=modlib_path),\n File \"<frozen runpy>\", line 226, in run_module\n File \"<frozen runpy>\", line 98, in _run_module_code\n File \"<frozen runpy>\", line 88, in _run_code\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 578, in <module>\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 574, in main\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 279, in __init__\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py\", line 484, in __init__\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py\", line 361, in exec_module\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible_collections/azure/azcollection/plugins/module_utils/azure_rm_common.py\", line 517, in fail\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py\", line 1468, in fail_json\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/basic.py\", line 1442, in _return_formatted\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py\", line 927, in remove_values\n File \"/tmp/ansible_azure.azcollection.azure_rm_adgroup_payload_6p9t_yzf/ansible_azure.azcollection.azure_rm_adgroup_payload.zip/ansible/module_utils/common/parameters.py\", line 470, in _remove_values_conditions\nTypeError: Value of unknown type: <class 'msgraph.generated.models.o_data_errors.o_data_error.ODataError'>, \n APIError\n Code: 400\n message: None\n error: MainError(additional_data={}, code='Request_BadRequest', details=None, inner_error=InnerError(additional_data={}, client_request_id='d5faa2ef-7449-4886-a7ad-f77f4369ca56', date=datetime.datetime(2025, 5, 15, 12, 41, 4), odata_type=None, request_id='3d0ee01d-23b2-4c44-9154-7e3bf46291b0'), message=\"One or more added object references already exist for the following modified properties: 'members'.\", target=None)\n \n",
"module_stdout": "",
"msg": "MODULE FAILURE: No start of json char found\nSee stdout/stderr for the exact error",
"rc": 1
}