From 380104b1080599543abef6cc422455718d443c18 Mon Sep 17 00:00:00 2001
From: "Studer, Matthias (ID)" <matthias.studer@unibe.ch>
Date: Fri, 21 Jun 2024 10:55:39 +0200
Subject: [PATCH] implemented check mode

---
 CONTRIBUTING.md         |  9 +++++++--
 README.md               |  2 +-
 library/secretserver.py | 16 ++++++----------
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 92b91f9..eacd042 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -17,5 +17,10 @@ That means:
 ## HOW DO I DEBUG DURING THE DEV PROCESS?
 
 Ansible makes it _really_ hard to get good insight into a module.
-The most reliable way is to log to stdout and make your function not return anything.
-At this point, Ansible will throw an error and dump the module's stdout.
\ No newline at end of file
+I suggest setting the debug environment variable
+````bash
+export ANSIBLE_DEBUG=True
+````
+This will then print all kind of debug info to your screen.
+In this mode, you can simply use `print` within your python code to have it show up during the run.
+I heavily encourage turning debug mode back off in production, because passwords will be printed to your screen, even if they are specified as no-log.
\ No newline at end of file
diff --git a/README.md b/README.md
index 6d4c48e..a6afe57 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ If anyone wants to initialize a collection of our own, i'm ready for the PR.
   - **Type**: `str`
 
 - `action`:
-  - **Description**: The Action you want to take on the Secret Server. Must be one of "search", "get", "upsert", "update". "search" performs a text search over all the secret names your user has access to. "get" looks up a single secret by its ID. "upsert" will look for the secret_name and folder_id you specify. If no secret exists that matches those two criteria, a new secret will be created. If a secret already exists that matches both criteria, the secret will be updated with the values you provided. If more than one secret matches both criteria, no secret will be changed. You cannot change the secret type or its name with this method. Any other fields you set will be overwritten with that value. If you do not specify a field that was previously set, it will not be overwritten. If you want to explicitly clear a field of any values, specify it to `set_to_none`. "update" updates the password of an existing secret."get" and "search" will run in check mode, "upsert" and "update" will return after doing the input validation 
+  - **Description**: The Action you want to take on the Secret Server. Must be one of "search", "get", "upsert", "update". "search" performs a text search over all the secret names your user has access to. "get" looks up a single secret by its ID. "upsert" will look for the secret_name and folder_id you specify. If no secret exists that matches those two criteria, a new secret will be created. If a secret already exists that matches both criteria, the secret will be updated with the values you provided. If more than one secret matches both criteria, no secret will be changed. You cannot change the secret type or its name with this method. Any other fields you set will be overwritten with that value. If you do not specify a field that was previously set, it will not be overwritten. If you want to explicitly clear a field of any values, specify it to `set_to_none`. "update" updates the password of an existing secret. "get" and "search" will run in check mode, "upsert" and "update" will skip after doing the input validation (ergo the module will still fail in check mode if the input you have given is nonsense or incomplete)
   - **Required**: `true`
   - **Type**: `str`
 
diff --git a/library/secretserver.py b/library/secretserver.py
index 2f62f46..02caa8e 100644
--- a/library/secretserver.py
+++ b/library/secretserver.py
@@ -1149,6 +1149,10 @@ def update_secret(secret_name: str,
         return {"success": False, "reason": "Could not lookup if secret exists", "search_result": search_result}
 
 
+def debug(var):
+    print(var)
+
+
 def main():
     # define available arguments/parameters a user can pass to the module
     module_args = dict(
@@ -1193,12 +1197,6 @@ def main():
         supports_check_mode=True
     )
 
-    # if the user is working with this module in only check mode we do not
-    # want to make any changes to the environment, just return the current
-    # state with no modifications
-    if module.check_mode:
-        module.exit_json(**result)
-
     # input validation
     permitted_actions = ["search", "get", "upsert", "update"]
     if module.params.get("action") not in permitted_actions:
@@ -1292,8 +1290,7 @@ def main():
 
     elif action == "upsert":
         if module.check_mode:
-            result["comment"] = "Upsert will do nothing in check mode"
-            module.exit_json(**result)
+            module.exit_json(skipped=True, msg="Upsert will do nothing in check mode")
         else:
             res = update_secret(secret_name=module.params.get("secret_name"),
                                 user_name=module.params.get("user_name"),
@@ -1321,8 +1318,7 @@ def main():
 
     elif action == "update":
         if module.check_mode:
-            result["comment"] = "Upsert will do nothing in check mode"
-            module.exit_json(**result)
+            module.exit_json(skipped=True, msg="Update will do nothing in check mode")
         else:
             res = update_secret_by_id(
                 secret_id=int(module.params.get("secret_id")),