Skip to content

state=absent should succeed even if a required related resource is not found #16167

New issue
New issue
Closed
Closed
state=absent should succeed even if a required related resource is not found#16167
Labels
communityneeds_triagetype:bug
@cdenney-silex

Description

@cdenney-silex
cdenney-silex
opened on Nov 7, 2025

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that AWX is open source software provided for free and that I might not receive a timely response.
  • I am NOT reporting a (potential) security vulnerability. (These should be emailed to [email protected] instead.)

Bug Summary

When using state=absent, modules should succeed even if a required resource was not found.

Examples include:
credentials with missing credential_type
credential_input_sources with missing target_credentials

If a resource dependency is missing for a target resource and state=present, then the modules should fail since the dependencies must be created first. However, if those dependencies are missing and the state=absent, then the modules should succeed since the target resource should not exist without its dependencies.

AWX version

AAP 2.6

Select the relevant components

  • UI
  • UI (tech preview)
  • API
  • Docs
  • Collection
  • CLI
  • Other

Installation method

openshift

Modifications

no

Ansible version

2.16

Operating system

RHEL 9

Web browser

No response

Steps to reproduce

---
    - ansible.controller.credential:
        name: foo
        credential_type: bar
        state: absent
      ignore_errors: true
     
    - ansible.controller.credential_input_source:
        target_credential: foo
        input_field_name: bar
        state: absent
      ignore_errors: true

Expected results

Module should pass.

Actual results

TASK [ansible.controller.credential] *************************************************************************************************************************************************
fatal: [localhost]: FAILED! => 
    changed: false
    msg: Request to /api/controller/v2/credential_types/?name=bar returned 0 items, expected
      1
    query:
      name: bar
    response:
      json:
        count: 0
        next: null
        previous: null
        results: []
      status_code: 200
    total_results: 0
...ignoring

TASK [ansible.controller.credential_input_source] ************************************************************************************************************************************
fatal: [localhost]: FAILED! => 
    changed: false
    msg: Request to /api/controller/v2/credentials/?name=foo returned 0 items, expected
      1
    query:
      name: foo
    response:
      json:
        count: 0
        next: null
        previous: null
        results: []
      status_code: 200
    total_results: 0
...ignoring

Additional information

This stems from the use of resolve_name_to_id() and its use of get_exactly_one(), which doesn't allow none. A proposal for resolution is to add allow_none=false as a default parameter to resolve_name_to_id() then pass it to get_one() instead of get_exactly_one(). Then add logic to the modules that need it to override allow_none=true and exit the module successfully when none.

Metadata

Metadata

Assignees

No one assigned

    Labels

    communityneeds_triagetype:bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions