Unexpected reported change for credential module in combination with GUI

[juliaschindler]

Please confirm the following

• I agree to follow this project's code of conduct.
• I have checked the current issues for duplicates.
• I understand that AWX is open source software provided for free and that I might not receive a timely response.
• I am NOT reporting a (potential) security vulnerability. (These should be emailed to [email protected] instead.)

Bug Summary

Setting up a credential in the AAP GUI and then running a playbook using the credential module with the same parameters describing the credential and using "update_secrets: false" reports back "changed" on the first run, "ok" on rerun.

AWX version

awx.awx collection version 24.6.1; AAP controller v4.5

Select the relevant components

• UI
• UI (tech preview)
• API
• Docs
• Collection
• CLI
• Other

Installation method

N/A

Modifications

no

Ansible version

ansible [core 2.16.12]

Operating system

No response

Web browser

Firefox, Chrome

Steps to reproduce

1. Create a Machine credential with name, organization, username and password set in the AAP GUI.
2. Run a playbook using the credential module that sets up the same credential and have "update_secrets: false" set.
3. See that a changed task is reported, even though nothing of the credential configuration has changed.
4. Rerun the playbook, see that no change is reported.

Expected results

Setting up a credential in the GUI and then running a playbook using the credential module with the same parameters describing the credential and using "update_secrets: false" reports back "ok" on any run.

Actual results

Setting up a credential in the GUI and then running a playbook using the credential module with the same parameters describing the credential and using "update_secrets: false" reports back "changed" on the first run, "ok" on rerun.

Additional information

I originally created an issue to the infra.aap_configuration.credentials role and was pointed here. I have verified that the change is reported first time using the awx.awx.credential and the ansible.controller.credential module directly using below test playbook (I tested the initial setup of the credential via GUI with Firefox and Chrome). I only had an AAP available for testing.

Test playbook:

---
- name: Test credential creation
  hosts: localhost
  connection: local
  gather_facts: false
  vars_files:
    - ./aaps_secrets.yml

  tasks:
    - name: Manage credentials
      awx.awx.credential:
        name: Test credential
        state: present
        credential_type: Machine
        organization: myorg
        inputs:
          username: myuser
          password: test1234
        update_secrets: false
        controller_username: "{{ controller_username | default(omit, true) }}"
        controller_password: "{{ controller_password | default(omit, true) }}"
        controller_host: "{{ controller_hostname | default(omit, true) }}"
        validate_certs: "{{ controller_validate_certs | default(omit) }}"
...