From 67736d796a218f30de6bddfe8f8f36a944db82be Mon Sep 17 00:00:00 2001
From: Florian Apolloner <florian@apolloner.eu>
Date: Thu, 14 Mar 2024 23:14:37 +0100
Subject: [PATCH] Fix consul_token usage without accessor_id. (#8091)

* Fix consul_token usage without accessor_id.

* Update changelogs/fragments/8091-consul-token-fixes.yaml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/consul_token.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
---
 changelogs/fragments/8091-consul-token-fixes.yaml     |  2 ++
 plugins/module_utils/consul.py                        |  2 +-
 plugins/modules/consul_token.py                       |  6 ++++++
 .../integration/targets/consul/tasks/consul_token.yml | 11 +++++++++++
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/8091-consul-token-fixes.yaml

diff --git a/changelogs/fragments/8091-consul-token-fixes.yaml b/changelogs/fragments/8091-consul-token-fixes.yaml
new file mode 100644
index 0000000000..c734623588
--- /dev/null
+++ b/changelogs/fragments/8091-consul-token-fixes.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "consul_token - fix token creation without ``accessor_id`` (https://github.com/ansible-collections/community.general/pull/8091)."
\ No newline at end of file
diff --git a/plugins/module_utils/consul.py b/plugins/module_utils/consul.py
index c20d29b7ee..68c1a130b4 100644
--- a/plugins/module_utils/consul.py
+++ b/plugins/module_utils/consul.py
@@ -277,7 +277,7 @@ class _ConsulModule:
             headers["X-Consul-Token"] = token
 
         try:
-            if data:
+            if data is not None:
                 data = json.dumps(data)
                 headers["Content-Type"] = "application/json"
             if params:
diff --git a/plugins/modules/consul_token.py b/plugins/modules/consul_token.py
index 24b5567dca..eee419863f 100644
--- a/plugins/modules/consul_token.py
+++ b/plugins/modules/consul_token.py
@@ -237,6 +237,12 @@ class ConsulTokenModule(_ConsulModule):
 
     create_only_fields = {"expiration_ttl"}
 
+    def read_object(self):
+        # if `accessor_id` is not supplied we can only create objects and are not idempotent
+        if not self.params.get(self.unique_identifier):
+            return None
+        return super(ConsulTokenModule, self).read_object()
+
     def needs_update(self, api_obj, module_obj):
         # SecretID is usually not supplied
         if "SecretID" not in module_obj and "SecretID" in api_obj:
diff --git a/tests/integration/targets/consul/tasks/consul_token.yml b/tests/integration/targets/consul/tasks/consul_token.yml
index 4e4c90af9b..9b3679ef1b 100644
--- a/tests/integration/targets/consul/tasks/consul_token.yml
+++ b/tests/integration/targets/consul/tasks/consul_token.yml
@@ -14,6 +14,17 @@
     - foo-access
     - foo-access2
 
+- name: Create token without accessor
+  community.general.consul_token:
+    state: present
+  register: simple_create_result
+
+- assert:
+    that:
+      - simple_create_result is changed
+      - simple_create_result.token.AccessorID
+      - simple_create_result.operation == 'create'
+
 - name: Create token
   community.general.consul_token:
     state: present