zabbix_user_directory can't disable SAML option

[david-moreau]

Hi,
Thank you for your great job, I found a strange comportement in the component : zabbix_user_directory when I want to disable a SAML option like sign_assertions.

SUMMARY

ISSUE TYPE

• Bug Report

COMPONENT NAME

zabbix_user_directory

ANSIBLE VERSION

ansible [core 2.15.3]
  config file = ansible.cfg
  configured module search path = ['/home/dmoreau/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /home/dmoreau/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/dmoreau/.local/bin/ansible
  python version = 3.11.5 (main, Aug 28 2023, 20:02:58) [GCC 13.2.1 20230801] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

STEPS TO REPRODUCE

community.zabbix 2.1.0
zabbix 6.4.6

step1:

- name: "Update SAML setting"
  become: false
  community.zabbix.zabbix_user_directory:
    name: ""
    idp_type: "saml"
    sso_url: "{{ saml_sso_url }}"
    username_attribute: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
    idp_entityid: "xxxx"
    sp_entityid: "xxxx"
    sign_assertions: True
    sign_authn_requests: True
    sign_logout_requests: True
    sign_logout_responses: True
    sign_messages: True
  tags:
    - authentication

step2: disable sign_logout_requests for example

- name: "Update SAML setting"
  become: false
  community.zabbix.zabbix_user_directory:
    name: ""
    idp_type: "saml"
    sso_url: "{{ saml_sso_url }}"
    username_attribute: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
    idp_entityid: "xxxx"
    sp_entityid: "xxxx"
    sign_assertions: True
    sign_authn_requests: True
    **sign_logout_requests: False**
    sign_logout_responses: True
    sign_messages: True
  tags:
    - authentication

EXPECTED RESULTS

Step1:

...
            "sign_assertions": true,
            "sign_authn_requests": true,
            "sign_logout_requests": true,
            "sign_logout_responses": true,
            "sign_messages": true,
....

Step2:

...
            "sign_assertions": true,
            "sign_authn_requests": true,
            "sign_logout_requests": false,
            "sign_logout_responses": true,
            "sign_messages": true,
...
    "result": "User directory  is up-to date"

ACTUAL RESULTS

Disabling an option for SAML configuration doesn't work, in the result we see the change, but ansible seems to consider that no modification needs to be applied.
I tested it with a call api and didn't notice any problems.

{
    "jsonrpc": "2.0",
    "method": "userdirectory.update",
    "params": {
        "userdirectoryid": "1",
        "idp_type": "2",
        "sso_url": "xxxx",
        "username_attribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
        "idp_entityid": "xxxx",
        "sp_entityid": "xxxx",
        "sign_messages": 0,
        "sign_logout_requests": 0,
        "sign_logout_responses": 0,
        "sign_assertions": 1,
        "sign_authn_requests": 1
        },
    "auth": "{{auth}}",
    "id": 2
}