Hello,
I have been dabbling with Ansible ACI modules lately, but i have a doubt on how they are supposed to be used and I hope somebody with more experience could give me some pointers.
Basically my doubt is:
I have noticed that in many cases ACI tasks will return successful if the object they are defining is created in the ACI, whether or not it has been created in an usable state.
Example:
- name: Bind contract subject to filters
aci_contract_subject_to_filter:
host: "{{apic_host}}"
username: "{{apic_user}}"
password: "{{apic_password}}"
tenant: EVERG
filter: common
contract: FANCYAPP:POSTFIX_FANCYAPP:POSTFIX
subject: "SUBJ_FANCYAPP:POSTFIX_FANCYAPP:POSTFIX"
state: present
use_ssl: "{{ssl_enabled}}"
validate_certs: "{{certs_validation_enabled}}"
The above will succeed whether filters FILTER1 and FILTER2 actually exists in the ACI.
If then you go inspect the newly create Contract Subject in the ACI gui you will see an error similar to the below (common is the name of the filter as declared in Ansible) :
I am not really sure if I am missing something, or if the idea is that I query and validate every single object in the ACI before using it?
It seems to not really fit in with Ansible declarative paradigm
Thank you in advance for any reply