Description
Summary
When a secret has a description already set and I do not pass in a description to community.aws.secretsmanager_secret (assume everything else is the same), it sees the secrets as not matching, attempts to update the secret (without setting the the description since it is falsy), and then reports the secret as updated even though nothing changed. It would be ideal if the module skip checking if descriptions match if the description option is not set so it would not incorrectly report as updated.
My suggestion is to change the default value of description to be None which would mean "ignore the description". In SecretsManagerInterface.secrets_match() adding desired_secret.description is not None and to the beginning of the if statement. I believe this would achieve my goal and not result in a breaking change.
Not directly required for my use case but the same change would likely also apply to kms_key_id.
Issue Type
Feature Idea
Component Name
secretsmanager_secret
Additional Information
We have a use case where we are creating secrets via CloudFormation and we are only using Ansible to update the value of secrets. When a secret has a description already set and I do not pass in a description to secretsmanager_secret, it correctly does not remove the description but it does report the secret as updated even though it hasn't.
Code of Conduct
- I agree to follow the Ansible Code of Conduct