From 7f0f540ca303209f359a1f1ed7aeba9c69b1c15e Mon Sep 17 00:00:00 2001
From: Max Mehl <mail@mehl.mx>
Date: Mon, 24 Jul 2023 11:29:23 +0200
Subject: [PATCH] fix bug with password_value fact not unsetting for multiple
 runs

---
 tasks/main.yml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index f0b18de..2a33e84 100755
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,6 +3,11 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ---
+- name: Unset password_value fact
+  set_fact:
+    password_value: ""
+    special_pass: false
+
 # Handle cases in which password variable is undefined or empty
 - name: Disable password login for user unless empty password allowed for user {{ username }}
   when:
@@ -11,6 +16,14 @@
     - not allow_no_password
   ansible.builtin.set_fact:
     password_value: "*"
+    special_pass: true
+
+- name: Disable password login because given password was * for user {{ username }}
+  when:
+    - password == "*"
+  ansible.builtin.set_fact:
+    password_value: "*"
+    special_pass: true
 
 - name: Allow login without password as it is explicitely allowed for user {{ username }}
   when:
@@ -19,13 +32,14 @@
     - allow_no_password
   ansible.builtin.set_fact:
     password_value: ""
+    special_pass: true
 
 - name: Hash provided password for user {{ username }}
   when:
     # Non-empty password has been provided
     - password is defined
     # None of the special cases has been handled before
-    - password_value is not defined
+    - not special_pass
   block:
     - name: Create idempotent salt for password of {{ username }}
       set_fact: