fix bug with password_value fact not unsetting for multiple runs

avoid creating /home/root
2023-07-24 11:29:23 +02:00 · 2023-07-18 20:05:34 +02:00
1 changed files with 16 additions and 1 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,6 +3,11 @@
 # SPDX-License-Identifier: Apache-2.0

 ---
+- name: Unset password_value fact
+  set_fact:
+    password_value: ""
+    special_pass: false
+
 # Handle cases in which password variable is undefined or empty
 - name: Disable password login for user unless empty password allowed for user {{ username }}
  when:
@@ -11,6 +16,14 @@
    - not allow_no_password
  ansible.builtin.set_fact:
    password_value: "*"
+    special_pass: true
+
+- name: Disable password login because given password was * for user {{ username }}
+  when:
+    - password == "*"
+  ansible.builtin.set_fact:
+    password_value: "*"
+    special_pass: true

 - name: Allow login without password as it is explicitely allowed for user {{ username }}
  when:
@@ -19,13 +32,14 @@
    - allow_no_password
  ansible.builtin.set_fact:
    password_value: ""
+    special_pass: true

 - name: Hash provided password for user {{ username }}
  when:
    # Non-empty password has been provided
    - password is defined
    # None of the special cases has been handled before
-    - password_value is not defined
+    - not special_pass
  block:
    - name: Create idempotent salt for password of {{ username }}
      set_fact:
@@ -57,3 +71,4 @@
    path: "/home/{{ username }}"
    state: directory
    mode: "{{ homedir_permissions }}"
+  when: username != "root"
Author	SHA1	Message	Date
Max Mehl	7f0f540ca3	fix bug with password_value fact not unsetting for multiple runs	2023-07-24 11:29:23 +02:00
Max Mehl	808bb1db4c	avoid creating /home/root	2023-07-18 20:05:34 +02:00