mc admin policy attach should be idempotent

[binaryfire]

Currently, running mc admin policy attach fails with exit code 1 if the user already the policy attached:

Command: mc admin policy attach myminio readwrite --user someuser

Error:

mc: <ERROR> Unable to make user/group policy association. The specified policy change is already in effect. (Specified policy update has no net effect).

This is problematic when using automation tools like Ansible that rely on idempotency. Is there are a reason why a "no update required" response is being treated like an error? Most cli tools return an exit code of 0 when no changes are required to the current state. I think that would be a better choice for this case too:

mc: The specified policy change is already in effect. (Specified policy update has no net effect).

[bh4t]

We need to discuss this internally.

[keppla]

I also would be glad to to have idempotent behavior available. It doesnt have to be the default behavior if that's problematic for compatibility reasons or the like, it could be a switch like in mc mb --ignore-existing

[sworrs]

Are there any updates on this point? I would also need the option or fix for mc admin policy attach.

[silverwind]

I currently work around this by ignoring all errors on the policy attach command, but I would prefer to be able to ignore this "already in effect" error as others might be actual errors that should not be ignored.

mc admin policy create local "$USER" "$USER".policy.json
mc admin policy attach local "$USER" --user "$USER" || true